Received: by 2002:a05:6358:111d:b0:dc:6189:e246 with SMTP id f29csp2185639rwi; Thu, 3 Nov 2022 13:48:54 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6pIca2emrUpEKeZqtq42Bh7x4d246prTn5aU50S6wLCBY0PvCUj0v1dBxZxQDHTBSKbnuY X-Received: by 2002:a05:6402:5107:b0:462:3014:3d73 with SMTP id m7-20020a056402510700b0046230143d73mr32299749edd.177.1667508534490; Thu, 03 Nov 2022 13:48:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667508534; cv=none; d=google.com; s=arc-20160816; b=tNupL5voeMXV+Hw+UF/6C0jxeo25qdpFOFkF+qHlH6B1xMje9z0AJzxnvRTOZAsfTM HZmfLBd0FQuDI2G3uAoXlWC73epvebs/mKWxWd7/FH58KYkkjmW+DIoI99IFinfueK1G 8A8Cqh9+qeuGThI7kCRRzYhhGWrZ41Xbdgh0/BtCbe4rrar1bLK7rumW9LqZrtLaGYaI t+5NPDGhLmjs4C/VSGA41X1EG0tfem9T+X7uWp/UF005od1LZ1Fmwr1g3cN+Nl2TocKE 14sccNG4axX0bEJtpvLriGIztowkPjG7vu5e3YDlZfU0LoTcHnMWnRZBZyPfIaqqRBO2 BomA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=813fo5BLHWZtv9JdsQwB2RiM02PAw+XVWtcoqdw1Uzg=; b=tjhoPYskYwHVzN9VjJeugp2ePYQwh+UhlQ5Sol7bBGF10y4TjIqpORhBQg7pLyJM83 JgJ845cVqfg0NgG9kXEkVbSwEXL9mSi22MSD6YtvJ/hgW/FjsCslDQA6T7Cj5loIu0YI FyH9Qo0rqVpxLjKnAZITN01rfciM3wzsZqeDjYsF0yvXskPcEBN5kkRg8Q2hkbIZ68Tk Uf4iKQ1+uHVCjwRWaOI3msENeykTMC718W9rUiktpg8ooTh5VuCAk4BVf1MS471KYp3X 06aJKJSfx/o7yMV8rbFYo6KvYd1sKKbCcF7Y+NEQUmTpVjBiF4+VKcmwPyN/Rk6+UdYe wIPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=AWuCQtjh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f1-20020a056402004100b00461a7bb34c2si2112181edu.473.2022.11.03.13.48.31; Thu, 03 Nov 2022 13:48:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=AWuCQtjh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231316AbiKCUNT (ORCPT + 98 others); Thu, 3 Nov 2022 16:13:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229579AbiKCUNR (ORCPT ); Thu, 3 Nov 2022 16:13:17 -0400 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D85913F5C; Thu, 3 Nov 2022 13:13:17 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id g62so2643138pfb.10; Thu, 03 Nov 2022 13:13:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=813fo5BLHWZtv9JdsQwB2RiM02PAw+XVWtcoqdw1Uzg=; b=AWuCQtjhZHzbUd/NUMk0RWvmY+AgUJFAoJSaZBRIseOWyRpGiKhor0KwYv16u6trNc x3nLYulT0AznQYFghwkD8g5bdHJEQkBARTLewwZNMNKWC6SSsgmhHLEBNRHIyma/szQ2 1hzGsHpSXP1QUZM+PANJ26jNId6gRRSf5I3iymS28jrxBbP+9sDTebU2qWsF2kKWZarH ow6AkTRAq7agLRLh7skjSDTiFubMTCzk+1sMGGDywRwxCqW3lAQJrGK1yUkpE5qeirkr +JVWR5NcMLXNMJI447VmnznOykfjEtSrog4Zhzd57qDlh9Ec+OhvuBs9af9XArASc3Ov HFZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=813fo5BLHWZtv9JdsQwB2RiM02PAw+XVWtcoqdw1Uzg=; b=Dj7wE64O/kQbiOCcxAG21ADYHZKdBU+kgtvgDCz4a6bstdjdjQVgED5h0Q6sGXgvEO YzPz4mkVM1qVfa6d0rHFNfaZLqvsOF8rB7wNROC54ZGKgsMjoEbpwHrCP+w4e4W/1i6o hgNmsPio2l2LK8nA8qIgiC/hKlBgiVFuTPapOWQY3JWLxvXPHTgjSRTjvhA+HY3ZxNpx MmwSk8DNGDs39rpi8BjfXM/msd5EWVFCyrUUs5KuFyzdvrCGnnSzt3ggJVCU1YTLlU4s 1EfO2jSoT3qaObsHHOGhEEQk5Kwbf61Kclxtz1wtDk2mP5kHAiuPNy3lypncmjf1CGU8 X41Q== X-Gm-Message-State: ACrzQf1a4NUsl/oX4ggHe9VmlkeoTDYYsB/j0FmKpgRXAujEqf4dfVtb fBfomHuBxpCQy1H1y6Yvst8= X-Received: by 2002:a05:6a00:1884:b0:56c:636a:d554 with SMTP id x4-20020a056a00188400b0056c636ad554mr32008521pfh.18.1667506396469; Thu, 03 Nov 2022 13:13:16 -0700 (PDT) Received: from localhost ([192.55.54.55]) by smtp.gmail.com with ESMTPSA id s13-20020a170902ea0d00b00186f3c69ebesm1049813plg.186.2022.11.03.13.13.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Nov 2022 13:13:15 -0700 (PDT) Date: Thu, 3 Nov 2022 13:13:14 -0700 From: Isaku Yamahata To: Binbin Wu Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , David Matlack Subject: Re: [PATCH v10 039/108] KVM: VMX: Introduce test mode related to EPT violation VE Message-ID: <20221103201314.GA1063309@ls.amr.corp.intel.com> References: <8b3101711c5291246653efb50cc2975863d3a8ab.1667110240.git.isaku.yamahata@intel.com> <89ee8b63-bdce-0779-3c05-1a0516076156@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <89ee8b63-bdce-0779-3c05-1a0516076156@linux.intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 03, 2022 at 09:41:44PM +0800, Binbin Wu wrote: > > On 2022/10/30 14:22, isaku.yamahata@intel.com wrote: > > From: Isaku Yamahata > > > > To support TDX, KVM is enhanced to operate with #VE. For TDX, KVM programs > > to inject #VE conditionally and set #VE suppress bit in EPT entry. For VMX > > case, #VE isn't used. If #VE happens for VMX, it's a bug. To be > > defensive (test that VMX case isn't broken), introduce option > > ept_violation_ve_test and when it's set, set error. > > > > Suggested-by: Paolo Bonzini > > Signed-off-by: Isaku Yamahata > > --- > > arch/x86/include/asm/vmx.h | 12 +++++++ > > arch/x86/kvm/vmx/vmcs.h | 5 +++ > > arch/x86/kvm/vmx/vmx.c | 69 +++++++++++++++++++++++++++++++++++++- > > arch/x86/kvm/vmx/vmx.h | 6 +++- > > 4 files changed, 90 insertions(+), 2 deletions(-) > > > > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h > > index cdbf12c1a83c..752d53652007 100644 > > --- a/arch/x86/include/asm/vmx.h > > +++ b/arch/x86/include/asm/vmx.h > > @@ -68,6 +68,7 @@ > > #define SECONDARY_EXEC_ENCLS_EXITING VMCS_CONTROL_BIT(ENCLS_EXITING) > > #define SECONDARY_EXEC_RDSEED_EXITING VMCS_CONTROL_BIT(RDSEED_EXITING) > > #define SECONDARY_EXEC_ENABLE_PML VMCS_CONTROL_BIT(PAGE_MOD_LOGGING) > > +#define SECONDARY_EXEC_EPT_VIOLATION_VE VMCS_CONTROL_BIT(EPT_VIOLATION_VE) > > #define SECONDARY_EXEC_PT_CONCEAL_VMX VMCS_CONTROL_BIT(PT_CONCEAL_VMX) > > #define SECONDARY_EXEC_XSAVES VMCS_CONTROL_BIT(XSAVES) > > #define SECONDARY_EXEC_MODE_BASED_EPT_EXEC VMCS_CONTROL_BIT(MODE_BASED_EPT_EXEC) > > @@ -223,6 +224,8 @@ enum vmcs_field { > > VMREAD_BITMAP_HIGH = 0x00002027, > > VMWRITE_BITMAP = 0x00002028, > > VMWRITE_BITMAP_HIGH = 0x00002029, > > + VE_INFORMATION_ADDRESS = 0x0000202A, > > + VE_INFORMATION_ADDRESS_HIGH = 0x0000202B, > > XSS_EXIT_BITMAP = 0x0000202C, > > XSS_EXIT_BITMAP_HIGH = 0x0000202D, > > ENCLS_EXITING_BITMAP = 0x0000202E, > > @@ -628,4 +631,13 @@ enum vmx_l1d_flush_state { > > extern enum vmx_l1d_flush_state l1tf_vmx_mitigation; > > +struct vmx_ve_information { > > + u32 exit_reason; > > + u32 delivery; > > + u64 exit_qualification; > > + u64 guest_linear_address; > > + u64 guest_physical_address; > > + u16 eptp_index; > > +}; > > + > > #endif > > diff --git a/arch/x86/kvm/vmx/vmcs.h b/arch/x86/kvm/vmx/vmcs.h > > index ac290a44a693..9277676057a7 100644 > > --- a/arch/x86/kvm/vmx/vmcs.h > > +++ b/arch/x86/kvm/vmx/vmcs.h > > @@ -140,6 +140,11 @@ static inline bool is_nm_fault(u32 intr_info) > > return is_exception_n(intr_info, NM_VECTOR); > > } > > +static inline bool is_ve_fault(u32 intr_info) > > +{ > > + return is_exception_n(intr_info, VE_VECTOR); > > +} > > + > > /* Undocumented: icebp/int1 */ > > static inline bool is_icebp(u32 intr_info) > > { > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > > index f890191e8580..dd3fde9d3c32 100644 > > --- a/arch/x86/kvm/vmx/vmx.c > > +++ b/arch/x86/kvm/vmx/vmx.c > > @@ -126,6 +126,9 @@ module_param(error_on_inconsistent_vmcs_config, bool, 0444); > > static bool __read_mostly dump_invalid_vmcs = 0; > > module_param(dump_invalid_vmcs, bool, 0644); > > +static bool __read_mostly ept_violation_ve_test; > > +module_param(ept_violation_ve_test, bool, 0444); > > + > > #define MSR_BITMAP_MODE_X2APIC 1 > > #define MSR_BITMAP_MODE_X2APIC_APICV 2 > > @@ -783,6 +786,13 @@ void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu) > > eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) | > > (1u << DB_VECTOR) | (1u << AC_VECTOR); > > + /* > > + * #VE isn't used for VMX, but for TDX. To test against unexpected > > + * change related to #VE for VMX, intercept unexpected #VE and warn on > > + * it. > > + */ > > + if (ept_violation_ve_test) > > + eb |= 1u << VE_VECTOR; > > /* > > * Guest access to VMware backdoor ports could legitimately > > * trigger #GP because of TSS I/O permission bitmap. > > @@ -2644,6 +2654,9 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, > > &_cpu_based_2nd_exec_control)) > > return -EIO; > > } > > + if (!ept_violation_ve_test) > > + _cpu_based_exec_control &= ~SECONDARY_EXEC_EPT_VIOLATION_VE; > > should be _cpu_based_2nd_exec_control Oops, thanks. -- Isaku Yamahata