Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp1795389pxy; Fri, 23 Apr 2021 17:54:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz3Oi2z338EDWQtSw2sqvTN5d1NAAWpxlZ5/KqFbwGUAcQpBB3d1hcwP6SAMfXp1hrJkej1 X-Received: by 2002:a17:906:37da:: with SMTP id o26mr7148460ejc.413.1619225699185; Fri, 23 Apr 2021 17:54:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619225699; cv=none; d=google.com; s=arc-20160816; b=DIFqHop10WnLC7zu5koitm0iybgu1P5m3WPYU9eKeOP3goni/ySCe3KbbvWVvijlob fW70QFAtooAY7D1ZyBmjWSTYMDk9qe/UiD5TThKlT2UTS72/CAqBGDMEq7NXn+0Il5YM uIQAAZB1sSzEGoyer9jAZts3Br2ZQgXh/V9B4mnQGqehdXVFrFLhru4vza3OyCRW5BMQ FftoKZVcu35I1lrUVthWpqOXtj2U5C4vmEIodV6mLJ7U+fRvrDC9ZCuNIwZnj6yWi8MV gKf1X7PIk4r65JBzh7nGzFALfZIaF8/5ZdNafcDhG/A38KjDghLdPB+Yv0OYL2StyU5+ fM/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:reply-to:dkim-signature; bh=b+GdRfiaLMn2dSo2d+DAg1VA45RjBqE++zgwaZZFJKg=; b=qqEhpZTHUM6G0pxINdRzbghD637Lan5Nu1FKUj1EHZKmNFuxsIrmZ7He7jOCAZ2KMk 0YHzEOatJcxMQkJ7DFlk8y6YSqaRiP4WkJ7GB7q8d6ymVmOoOvv6rG8Cb3Ciuw/Tivfx vqJJH88qcx2QapWlQYJ6jtz/+buVUZWm8ufiXd8wJMqrnSFgsyN3kp64sEMwjdz1Y4K0 3FLwf7cKBOdctgx7Nuze9LfRPOjaOizkEj+wZX6rKUXJ+BvKrQz4b6oLUls8CzKkkoUR 0RWPMjaWjEnq0t2Ktbg+3mitrA+npcbdkWHT2tpGnTYKQHVosJA76OsRKXMQEyK10NvD sCTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kTvoVs7E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ci1si6494072ejb.623.2021.04.23.17.54.36; Fri, 23 Apr 2021 17:54:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kTvoVs7E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244628AbhDXAvx (ORCPT + 99 others); Fri, 23 Apr 2021 20:51:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36826 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243236AbhDXAt4 (ORCPT ); Fri, 23 Apr 2021 20:49:56 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED597C061369 for ; Fri, 23 Apr 2021 17:47:46 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id z8-20020a2566480000b02904e0f6f67f42so26642187ybm.15 for ; Fri, 23 Apr 2021 17:47:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=b+GdRfiaLMn2dSo2d+DAg1VA45RjBqE++zgwaZZFJKg=; b=kTvoVs7Enelp9QXEVJWtZafvgD2YeKehMVsyr6tIo3simXB0zM5yuctnGDDo9YQ9Ci CwJuqP+my7DjJq6fAwO5SS5gak2wfGNs7C0gl66d4LZUNMQZNpbDS1suAZi1zcIamMxF ghDWeNFjWTahtqq15Sl4yS6rrEWNkYwHVV63Pa6VLIA3s0n8XKAK48Zv1+LCf6K/CjRq 4erH9Yk2Qupy+4rp86jy7YzXlLujdqJJl60D2itG79sMWU9WnX7V8d7n1Te39q+hx2bP mJ0zTiTV6wwsgDTzLzkrkqMQe8gxJqrFU/Dhj5seNPTA1iqIkAbhhX6sSWPtZsDHXyeo 2OJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=b+GdRfiaLMn2dSo2d+DAg1VA45RjBqE++zgwaZZFJKg=; b=bvNttmZMZnah7blIu+VBXVBqm7mOKy9HHZEJMzWF4IaX0EVnxwRKEEE4Qk0YvSg3hU XYkEYkfFp5fFuOiAvQcn+E9jiBVbJuwfVopYXuwQCVhaYC7dNUkBAHhp6eG1bvA+ueBK W/Y5GOkzVT/ugXuQD6e3UHhOkwGcQMOGREYGvYE5ibIGPEbGnjGHGnrZR5GDNcSBZ4gG 50R+ur5u3U0kAFBa3HGTIkM51ccSmrgVJodCMfXDiPl3PhFcYeq4oPcT98NrVsBMUSQc tbD4EvmrfWWF1w2cRmazR5S9rcaY1Mbl9G89yC12Y50oeV5j9lpMN3oGiQFGBclpbzdM 471Q== X-Gm-Message-State: AOAM531JZLCNg3YN52iu1ufB6FuJ+IXSsXGAPkmYAoSqk9WztNZ9RNPV KK+/zFyg982T16w4gJBoNt4mGmB4b2k= X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:f:10:ad52:3246:e190:f070]) (user=seanjc job=sendgmr) by 2002:a25:504b:: with SMTP id e72mr6967336ybb.152.1619225266221; Fri, 23 Apr 2021 17:47:46 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 23 Apr 2021 17:46:23 -0700 In-Reply-To: <20210424004645.3950558-1-seanjc@google.com> Message-Id: <20210424004645.3950558-22-seanjc@google.com> Mime-Version: 1.0 References: <20210424004645.3950558-1-seanjc@google.com> X-Mailer: git-send-email 2.31.1.498.g6c1eba8ee3d-goog Subject: [PATCH 21/43] KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Opt-in to forcing CR0.WP=1 for shadow paging, and stop lying about WP being "always on" for unrestricted guest. In addition to making KVM a wee bit more honest, this paves the way for additional cleanup. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 805888541142..d0050c140b4d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -135,8 +135,7 @@ module_param(allow_smaller_maxphyaddr, bool, S_IRUGO); #define KVM_VM_CR0_ALWAYS_OFF (X86_CR0_NW | X86_CR0_CD) #define KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR0_NE #define KVM_VM_CR0_ALWAYS_ON \ - (KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST | \ - X86_CR0_WP | X86_CR0_PG | X86_CR0_PE) + (KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST | X86_CR0_PG | X86_CR0_PE) #define KVM_VM_CR4_ALWAYS_ON_UNRESTRICTED_GUEST X86_CR4_VMXE #define KVM_PMODE_VM_CR4_ALWAYS_ON (X86_CR4_PAE | X86_CR4_VMXE) @@ -3103,9 +3102,7 @@ void ept_save_pdptrs(struct kvm_vcpu *vcpu) kvm_register_mark_dirty(vcpu, VCPU_EXREG_PDPTR); } -static void ept_update_paging_mode_cr0(unsigned long *hw_cr0, - unsigned long cr0, - struct kvm_vcpu *vcpu) +static void ept_update_paging_mode_cr0(unsigned long cr0, struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -3124,9 +3121,6 @@ static void ept_update_paging_mode_cr0(unsigned long *hw_cr0, vcpu->arch.cr0 = cr0; vmx_set_cr4(vcpu, kvm_read_cr4(vcpu)); } - - if (!(cr0 & X86_CR0_WP)) - *hw_cr0 &= ~X86_CR0_WP; } void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) @@ -3139,6 +3133,8 @@ void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) hw_cr0 |= KVM_VM_CR0_ALWAYS_ON_UNRESTRICTED_GUEST; else { hw_cr0 |= KVM_VM_CR0_ALWAYS_ON; + if (!enable_ept) + hw_cr0 |= X86_CR0_WP; if (vmx->rmode.vm86_active && (cr0 & X86_CR0_PE)) enter_pmode(vcpu); @@ -3157,7 +3153,7 @@ void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) #endif if (enable_ept && !is_unrestricted_guest(vcpu)) - ept_update_paging_mode_cr0(&hw_cr0, cr0, vcpu); + ept_update_paging_mode_cr0(cr0, vcpu); vmcs_writel(CR0_READ_SHADOW, cr0); vmcs_writel(GUEST_CR0, hw_cr0); -- 2.31.1.498.g6c1eba8ee3d-goog