Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp723662pxv; Thu, 24 Jun 2021 19:06:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwA5xhKitIRTiHoJef8VaDOqNRk+xA5zX5DaFh57cb0QmXGRQ6gCc14lKcFRYqS/HDMdhlW X-Received: by 2002:a17:906:31cb:: with SMTP id f11mr8201863ejf.379.1624586796460; Thu, 24 Jun 2021 19:06:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624586796; cv=none; d=google.com; s=arc-20160816; b=KR1WQxu5aBkPn2PMVQOeWLm6GwsdIjUGTF978gQZmwJpr/Pi8Gq5Pag+Uvq0NM64da nsoL9ETCKRdmjIyHOGzycUrD3vOibOb2A89k2o316Bi5NlGVqjEOYvaJPEM73ye3T8Dx vL3HSR/9SkHNnAtOvIiPSKe1fSdjkqdSYKS5JJX1Vw7a7bhydaVJhmr5ML0fenDP7hZF rEbpm9jJwd3wUm7M67fPaBZodwQrFoFk+z1iMoc/gjVOv+ZL7Azf5I1m6eXIOjjq2+U9 lmXy6YqzGz2F8uIBwroduJAWY+e07QmerpFPuMJ8E7jt7HbElXef9xECygynHgjT2rDQ +sAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:reply-to:dkim-signature; bh=t8s+pvbQrz2/tW+ZtZ3QelMWNeVBiBz16haIl2b1ZgQ=; b=HOC6/VP+mCdGED89GNw8kxFtoTim853P5n8oYNfovxMx9wyMcN5W/0b4+NhgwsHDU+ Xja3Sp7pgstbDQTjU9+L/ETVUvwNW7UED/TJHa6DWzicbn7+YhGYLqF4dTGrk1xqcW66 cgHgViSTBr0UX0VK5+seiEp4ZTLF88kt4dTrwBFd0saJatE5unBJNlbLRQ15+48CZkhK DyQE8xGoY3FsY7rm8S3KiifUNMhonPf8T8TTFgveQ0eTNJe2qhTmouzArbNFP2EO3gDP XtJ5cE6vQ0pc5moy5OErladHlLrS5IfFBAtTt2Q1o83z++DhFFR5kq7VcIe29Tjk9xvO Qb4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XNmWmkIw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 8si4326502ejl.292.2021.06.24.19.06.12; Thu, 24 Jun 2021 19:06:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XNmWmkIw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233045AbhFYCG1 (ORCPT + 99 others); Thu, 24 Jun 2021 22:06:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233054AbhFYCGY (ORCPT ); Thu, 24 Jun 2021 22:06:24 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55265C061574 for ; Thu, 24 Jun 2021 19:04:03 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id q20-20020a0cf5d40000b029027498137223so8730542qvm.15 for ; Thu, 24 Jun 2021 19:04:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=t8s+pvbQrz2/tW+ZtZ3QelMWNeVBiBz16haIl2b1ZgQ=; b=XNmWmkIwJcknizUuHkmw1N7P5TY3heXjyvMuLh8IlO58WeWbDr1u8xezH8S6bwsMwt OzN5dIDEiLml4byCrkkHhtwC1c3bVYevVxALruzXL6faQa9m1JKEzM0U13d1AWOAyoba s5wLOkhBXqUGWB4o+4JbnqdePfU6GLaioszQ3l/gGFlE6Ga4s3l9nBoY0kpTFQP3xEL/ XZaxSmTYBmD2+n+UELtZT6MIBEPMZoWNxYFpXZAO7cf6cyBiSPrbRDXRBccJV/wQV7bW Jz5U1/nVHpbCjEB8Ld/VBN4SdnToAQVlhWR93gtOBNMTXY0kGUDzRr9aZlWqNb4HVWvd VK6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=t8s+pvbQrz2/tW+ZtZ3QelMWNeVBiBz16haIl2b1ZgQ=; b=unwPKP1UkKdVeJL2Ej+JjVIcrUlFzzS7RSkbEkw2vz7e70GmI6zb+QmMsgqv/xvc3M /l+m5xLyI/EL0msfdPf+3l++xsDIntWnMmRFRtuaNap/3W85wqohRUCCzJH/BYaJOAd4 KfOokOsLFH525tUVgx+iw5pvHHhkt7qksL4yXjg1zZuxVkS/I0H4szRKDuDM8pf/8NEe M5ORPoygDagt6qnlDOVxnz04a67luChwiNSA6ivZDe+L+q32Jpuc8uwnGuJPMi4jTMZE C1viQ36mmWN4XdI69BBDibeBeQN2QhoBsta8gEYHiTtivyUEc6p0VRMGhIDWJAua3APf DgpQ== X-Gm-Message-State: AOAM532iZtngj3H3YWEmuVa56of4VRYWzmpi1YKH+32nJOaRzc0XuZJ+ lU8NZPfZ/EMMVcEyNHo+nOFDAJP41tc= X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:f:10:7c83:7704:b3b6:754c]) (user=seanjc job=sendgmr) by 2002:a05:6214:966:: with SMTP id do6mr8576844qvb.57.1624586642404; Thu, 24 Jun 2021 19:04:02 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 24 Jun 2021 19:03:54 -0700 In-Reply-To: <20210625020354.431829-1-seanjc@google.com> Message-Id: <20210625020354.431829-3-seanjc@google.com> Mime-Version: 1.0 References: <20210625020354.431829-1-seanjc@google.com> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog Subject: [PATCH 2/2] KVM: SVM: Revert clearing of C-bit on GPA in #NPF handler From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Peter Gonda , Brijesh Singh , Tom Lendacky Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Don't clear the C-bit in the #NPF handler, as it is a legal GPA bit for non-SEV guests, and for SEV guests the C-bit is dropped before the GPA hits the NPT in hardware. Clearing the bit for non-SEV guests causes KVM to mishandle #NPFs with that collide with the host's C-bit. Although the APM doesn't explicitly state that the C-bit is not reserved for non-SEV, Tom Lendacky confirmed that the following snippet about the effective reduction due to the C-bit does indeed apply only to SEV guests. Note that because guest physical addresses are always translated through the nested page tables, the size of the guest physical address space is not impacted by any physical address space reduction indicated in CPUID 8000_001F[EBX]. If the C-bit is a physical address bit however, the guest physical address space is effectively reduced by 1 bit. And for SEV guests, the APM clearly states that the bit is dropped before walking the nested page tables. If the C-bit is an address bit, this bit is masked from the guest physical address when it is translated through the nested page tables. Consequently, the hypervisor does not need to be aware of which pages the guest has chosen to mark private. Note, the bogus C-bit clearing was removed from legacy #PF handler in commit 6d1b867d0456 ("KVM: SVM: Don't strip the C-bit from CR2 on #PF interception"). Fixes: 0ede79e13224 ("KVM: SVM: Clear C-bit from the page fault address") Cc: Peter Gonda Cc: Brijesh Singh Cc: Tom Lendacky Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8834822c00cd..ca5614a48b21 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1923,7 +1923,7 @@ static int npf_interception(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); - u64 fault_address = __sme_clr(svm->vmcb->control.exit_info_2); + u64 fault_address = svm->vmcb->control.exit_info_2; u64 error_code = svm->vmcb->control.exit_info_1; trace_kvm_page_fault(fault_address, error_code); -- 2.32.0.93.g670b81a890-goog