Received: by 10.223.164.221 with SMTP id h29csp86201wrb; Fri, 3 Nov 2017 10:55:56 -0700 (PDT) X-Google-Smtp-Source: ABhQp+T+J5o0mFv0iF7hYU0NfwgzLhnKZTtlfmB+yX9NpW0cpZpnRPEvanGo208BE+n0jGo9etZj X-Received: by 10.101.65.69 with SMTP id x5mr7848531pgp.102.1509731756229; Fri, 03 Nov 2017 10:55:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509731756; cv=none; d=google.com; s=arc-20160816; b=uKy4nZwF1IQlA/M2pnnzvJwNpJTevvQHQo9qlGM02W34cQgV//SkZmY1x5OFRvOXkK QOyC1GBGmCJQ36AR3aDJkexN57OnV9pP8tCwGczX86Edp2uJy0mlLemngjSLqkbOFLb+ WVXXVop8Ey/G8v1weY/f0la6dYG0crGjpNxI7vubRHr1cmZxSVf/VtiO3thSaCU5sOWX 2WJ27sbf8kgM9szrG6edAy3/UEKWyHx16o5RZ2N45tI10nhboWSKJgDFUk8XdqcVtRxi epIPCCggzVqIRG51MiFRiKr7fF36aLM2HsVbFiJ92reAVg9LdR4RvvTEL/eDe57IlkWZ Vu/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=BMZL/yssNK3ciG3pzppzkDVUnj9iqRA1pjjW29EH4XU=; b=DfSDO9538cfqKcbivAfgKLbn7BtidaMuy5GH67shexnO6BV3kU6X0Vo4yav9tuPn9n +sFKxH9EcZxXVOnQHIarDAZTc+IBwkZKJEBWnwS9zA+oXjGNMABLVrvfC3c92LvVagRY doRFjN+nHY1CmN+XrvNB34yONFILw8kXaKaPmohLfG/Qf30dfweqdoePt4eSLZChcoYF ZN/Igxqpj9H9E9yLg22igSU4OA1IxSgZOJ9vynC/v9bepAeG1qAZoPq/4HyyUEO+lcRv E8tManlUyF2P/I/hIFkqng37UBXwex96MomOSpPHbvMm7RL8tiv9JTipA5m4PGO8sW0Q oyJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=HfnasAs7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b61si5319659plb.627.2017.11.03.10.55.44; Fri, 03 Nov 2017 10:55:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=HfnasAs7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933784AbdKCRyS (ORCPT + 92 others); Fri, 3 Nov 2017 13:54:18 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:47478 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933729AbdKCRyN (ORCPT ); Fri, 3 Nov 2017 13:54:13 -0400 Received: by mail-wr0-f194.google.com with SMTP id y39so3208846wrd.4 for ; Fri, 03 Nov 2017 10:54:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=BMZL/yssNK3ciG3pzppzkDVUnj9iqRA1pjjW29EH4XU=; b=HfnasAs7IWoGWchSP8/vYWzkxAWab4lPLiKeKo4sjcrb8cHcZfKII6JWb1G1MiML3S r6bDTaFOP2U2XUunkomybTbH8ZggDh4xhc1HdmsOB6lUfKNwwR5MowGZtYsbqTF/dNzB LPdY0VnCsbAZMEOSpY1skQqxv9UQHlszc0pDysMLg9LPuS9WB6YWAEkpxuYNPndfgbM2 IOTXQkrko2MWl1IpIAfpWPUFaFLcCaVaj2IPOqBbF08GsHaT2nf+GdPsqO2Jen7X0EnS UXJpNzxL524o2hQFk0MzK5csXpWWv+B0NKaBVKJEl+ut5uYh48cgq1ODpKEJD1nHe+Rx CQ/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=BMZL/yssNK3ciG3pzppzkDVUnj9iqRA1pjjW29EH4XU=; b=gG1w2c+8TgmDcBqJis7Jv4AnjsG5SApQGOB+5TAGz+6c2+G4pnMR35DHX+9iZ2zIxQ zRIbiMdIdjo+L1+nDcXcT17g/WfkUySmgsuf92Blz9+U/esLD+6b7b0vYrJNqGdkZldX G82IGdIW2nLBp/hjkpebC/lB0Evi4c6xvefJ+CrRtdpglcNaHgMJbGo5CcDGhkf8uPr3 kwyurT2fU10Dt4lex7UTgh3GhY95Kh4zLBwKyvD6j73+4IaHZI5lBBIVTsgMZGyoQq4U x9K1x6zXbC+6XiXaXFvldidCht1LgsFXFWEwCL9jH90y3CxIxSeFTxa0Fue7njrI8QNa RTqQ== X-Gm-Message-State: AMCzsaVDI2slqqHF67JqZcVKhVJLCANC7suXaRorzi/6MKkyAAWszEan Fj9r6V4fcmNjBWYZRasZCKMDCZ9KZhShLPEAjfTOag== X-Received: by 10.223.186.202 with SMTP id w10mr7109682wrg.132.1509731652249; Fri, 03 Nov 2017 10:54:12 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.155.157 with HTTP; Fri, 3 Nov 2017 10:54:11 -0700 (PDT) In-Reply-To: <7c2c39a3-8b24-e89a-1c67-385a5c6a2976@oracle.com> References: <1509670249-4907-1-git-send-email-wanpeng.li@hotmail.com> <1509670249-4907-2-git-send-email-wanpeng.li@hotmail.com> <0b1d82f7-2fc6-9fc0-15a4-3500413814bd@oracle.com> <7c2c39a3-8b24-e89a-1c67-385a5c6a2976@oracle.com> From: Jim Mattson Date: Fri, 3 Nov 2017 10:54:11 -0700 Message-ID: Subject: Re: [PATCH v5 2/3] KVM: nVMX: Validate the IA32_BNDCFGS on nested VM-entry To: Krish Sadhukhan Cc: Wanpeng Li , Paolo Bonzini , Radim Krcmar , kvm , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org KVM chooses not to support MPX in the guest unless both of these control bits are supported by the platform. On Fri, Nov 3, 2017 at 10:13 AM, Krish Sadhukhan wrote: > > > On 11/02/2017 11:40 PM, Wanpeng Li wrote: >> >> 2017-11-03 14:31 GMT+08:00 Krish Sadhukhan : >>> >>> >>> On 11/02/2017 05:50 PM, Wanpeng Li wrote: >>>> >>>> From: Wanpeng Li >>>> >>>> According to the SDM, if the "load IA32_BNDCFGS" VM-entry controls is = 1, >>>> the >>>> following checks are performed on the field for the IA32_BNDCFGS MSR: >>>> - Bits reserved in the IA32_BNDCFGS MSR must be 0. >>>> - The linear address in bits 63:12 must be canonical. >>>> >>>> Reviewed-by: Konrad Rzeszutek Wilk >>>> Cc: Paolo Bonzini >>>> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 >>>> Cc: Jim Mattson >>>> Signed-off-by: Wanpeng Li >>>> --- >>>> v3 -> v4: >>>> * simply condition >>>> * use && instead of nested "if"s >>>> >>>> arch/x86/kvm/vmx.c | 5 +++++ >>>> 1 file changed, 5 insertions(+) >>>> >>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >>>> index e6c8ffa..6cf3972 100644 >>>> --- a/arch/x86/kvm/vmx.c >>>> +++ b/arch/x86/kvm/vmx.c >>>> @@ -10805,6 +10805,11 @@ static int check_vmentry_postreqs(struct >>>> kvm_vcpu >>>> *vcpu, struct vmcs12 *vmcs12, >>>> return 1; >>>> } >>>> + if (kvm_mpx_supported() && >>>> + (is_noncanonical_address(vmcs12->guest_bndcfgs & >>>> PAGE_MASK, vcpu) || >>>> + (vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD))) >>>> + return 1; >>>> + >>>> return 0; >>>> } >>>> >>> Hi Wanpeng, >>> The SDM check is performed only when "load IA32_BNDCFGS" VM-entry >>> control >>> is 1. But vmx_mpx_supported() returns true when both "load IA32_BNDCFGS= " >>> and >>> "store IA32_BNDCFGS" VM-entry controls are 1. Therefore your check is >>> performed when both controls are 1. Did I miss something here ? >> >> https://lkml.org/lkml/2017/11/2/748 Paolo hopes the simplification. >> >> Regards, >> Wanpeng Li > > I got that simplification and your changes look good to me. > > > However, I am still curious know the reason why vmx_mpx_supported() retur= ns > true only when both controls are true whereas the SDM states the followin= g: > > "IA32_BNDCFGS (64 bits). This field is supported only on processors th= at > support either the 1-setting of the =E2=80=9Cload IA32_BNDCFGS=E2=80=9D = VM-entry control or > that of the =E2=80=9Cclear IA32_BNDCFGS=E2=80=9D VM-exit control." > > Thanks, > Krish From 1583068485976283945@xxx Fri Nov 03 17:55:56 +0000 2017 X-GM-THRID: 1583003090430485903 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread