From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>, kvm@vger.kernel.org
Subject: Re: [PATCH 2/2] Revert "KVM: nVMX: always use early vmcs check when EPT is disabled"
Date: Thu, 6 Jun 2019 10:08:37 -0700 [thread overview]
Message-ID: <20190606170837.GC23169@linux.intel.com> (raw)
In-Reply-To: <40c7c3ee-9c49-1df6-c80b-1bc7811ccf69@redhat.com>
On Thu, Jun 06, 2019 at 02:22:56PM +0200, Paolo Bonzini wrote:
> On 20/05/19 22:10, Sean Christopherson wrote:
> > @@ -3777,18 +3777,8 @@ static void nested_vmx_restore_host_state(struct kvm_vcpu *vcpu)
> > vmx_set_cr4(vcpu, vmcs_readl(CR4_READ_SHADOW));
> >
> > nested_ept_uninit_mmu_context(vcpu);
> > -
> > - /*
> > - * This is only valid if EPT is in use, otherwise the vmcs01 GUEST_CR3
> > - * points to shadow pages! Fortunately we only get here after a WARN_ON
> > - * if EPT is disabled, so a VMabort is perfectly fine.
> > - */
> > - if (enable_ept) {
> > - vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
> > - __set_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail);
> > - } else {
> > - nested_vmx_abort(vcpu, VMX_ABORT_VMCS_CORRUPTED);
> > - }
> > + vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
> > + __set_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail);
> >
> > /*
> > * Use ept_save_pdptrs(vcpu) to load the MMU's cached PDPTRs
>
> This hunk needs to be moved to patch 1, which then becomes much easier
> to understand...
I kept the revert in a separate patch so that the bug fix could be
easily backported to stable branches (commit 2b27924bb1d4 ("KVM: nVMX:
always use early vmcs check when EPT is disabled" wasn't tagged for
stable).
> I'm still missing however the place where kvm_mmu_new_cr3 is called
> in the nested_vmx_restore_host_state path.
vcpu->arch.root_mmu.root_hpa is set to INVALID_PAGE via:
nested_vmx_restore_host_state() ->
kvm_mmu_reset_context() ->
kvm_mmu_unload() ->
kvm_mmu_free_roots()
kvm_mmu_unload() has WARN_ON(root_hpa != INVALID_PAGE), i.e. we can bank
on 'root_hpa == INVALID_PAGE' unless the implementation of
kvm_mmu_reset_context() is changed.
On the way into L1, VMCS.GUEST_CR3 is guaranteed to be written (on a
successful entry) via:
vcpu_enter_guest() ->
kvm_mmu_reload() ->
kvm_mmu_load() ->
kvm_mmu_load_cr3() ->
vmx_set_cr3()
The optimization in kvm_mmu_reload() will fail because kvm_mmu_unload()
set vcpu->arch.root_mmu.root_hpa=INVALID_PAGE, and vcpu->arch.mmu is
guaranteed to point at root_mmu (via nested_ept_uninit_mmu_context()).
next prev parent reply other threads:[~2019-06-06 17:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-20 20:10 [PATCH 0/2] KVM: nVMX: Alternative no-EPT GUEST_CR3 fix Sean Christopherson
2019-05-20 20:10 ` [PATCH 1/2] KVM: nVMX: Stash L1's CR3 in vmcs01.GUEST_CR3 on nested entry w/o EPT Sean Christopherson
2019-06-06 12:24 ` Paolo Bonzini
2019-05-20 20:10 ` [PATCH 2/2] Revert "KVM: nVMX: always use early vmcs check when EPT is disabled" Sean Christopherson
2019-06-06 12:22 ` Paolo Bonzini
2019-06-06 17:08 ` Sean Christopherson [this message]
2019-06-06 17:31 ` Paolo Bonzini
2019-06-06 17:49 ` Sean Christopherson
2019-06-07 13:26 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190606170837.GC23169@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.