From: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
To: Jun Nakajima <jun.nakajima@intel.com>
Cc: kvm@vger.kernel.org, Gleb Natapov <gleb@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v3 13/13] nEPT: Inject EPT violation/misconfigration
Date: Tue, 21 May 2013 18:56:09 +0800 [thread overview]
Message-ID: <519B52C9.8060804@linux.vnet.ibm.com> (raw)
In-Reply-To: <1368939152-11406-13-git-send-email-jun.nakajima@intel.com>
On 05/19/2013 12:52 PM, Jun Nakajima wrote:
> Add code to detect EPT misconfiguration and inject it to L1 VMM. Also,
> it injects more correct exit qualification upon EPT violation to L1
> VMM. Now L1 can correctly go to ept_misconfig handler (instead of
> wrongly going to fast_page_fault), it will try to handle mmio page
> fault, if failed, it is a real EPT misconfiguration.
>
> Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>
> Signed-off-by: Xinhao Xu <xinhao.xu@intel.com>
> ---
> arch/x86/include/asm/kvm_host.h | 4 +++
> arch/x86/kvm/mmu.c | 5 ---
> arch/x86/kvm/mmu.h | 5 +++
> arch/x86/kvm/paging_tmpl.h | 26 ++++++++++++++
> arch/x86/kvm/vmx.c | 79 +++++++++++++++++++++++++++++++++++++++--
> 5 files changed, 111 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> index 3741c65..1d03202 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -262,6 +262,8 @@ struct kvm_mmu {
> void (*invlpg)(struct kvm_vcpu *vcpu, gva_t gva);
> void (*update_pte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
> u64 *spte, const void *pte);
> + bool (*check_tdp_pte)(u64 pte, int level);
> +
> hpa_t root_hpa;
> int root_level;
> int shadow_root_level;
> @@ -503,6 +505,8 @@ struct kvm_vcpu_arch {
> * instruction.
> */
> bool write_fault_to_shadow_pgtable;
> +
> + unsigned long exit_qualification; /* set at EPT violation at this point */
> };
>
> struct kvm_lpage_info {
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index 93d6abf..3a3b11f 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -233,11 +233,6 @@ static bool set_mmio_spte(u64 *sptep, gfn_t gfn, pfn_t pfn, unsigned access)
> return false;
> }
>
> -static inline u64 rsvd_bits(int s, int e)
> -{
> - return ((1ULL << (e - s + 1)) - 1) << s;
> -}
> -
> void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask,
> u64 dirty_mask, u64 nx_mask, u64 x_mask)
> {
> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
> index 8fc94dd..559e2e0 100644
> --- a/arch/x86/kvm/mmu.h
> +++ b/arch/x86/kvm/mmu.h
> @@ -88,6 +88,11 @@ static inline bool is_write_protection(struct kvm_vcpu *vcpu)
> return kvm_read_cr0_bits(vcpu, X86_CR0_WP);
> }
>
> +static inline u64 rsvd_bits(int s, int e)
> +{
> + return ((1ULL << (e - s + 1)) - 1) << s;
> +}
> +
> /*
> * Will a fault with a given page-fault error code (pfec) cause a permission
> * fault with the given access (in ACC_* format)?
> diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
> index 2432d49..067b1f8 100644
> --- a/arch/x86/kvm/paging_tmpl.h
> +++ b/arch/x86/kvm/paging_tmpl.h
> @@ -126,10 +126,14 @@ static int FNAME(cmpxchg_gpte)(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
>
> static bool FNAME(is_rsvd_bits_set)(struct kvm_mmu *mmu, u64 gpte, int level)
> {
> +#if PTTYPE == PTTYPE_EPT
> + return (mmu->check_tdp_pte(gpte, level));
> +#else
> int bit7;
>
> bit7 = (gpte >> 7) & 1;
> return (gpte & mmu->rsvd_bits_mask[bit7][level-1]) != 0;
> +#endif
> }
It is better that set mmu->check_tdp_pte = is_rsvd_bits_set for the
current modes, then this part can be moved to mmu.c
>
> static bool FNAME(prefetch_invalid_gpte)(struct kvm_vcpu *vcpu,
> @@ -352,6 +356,28 @@ error:
> walker->fault.vector = PF_VECTOR;
> walker->fault.error_code_valid = true;
> walker->fault.error_code = errcode;
> +
> +#if PTTYPE == PTTYPE_EPT
> + /*
> + * Use PFERR_RSVD_MASK in erorr_code to to tell if EPT
> + * misconfiguration requires to be injected. The detection is
> + * done by is_rsvd_bits_set() above.
> + *
> + * We set up the value of exit_qualification to inject:
> + * [2:0] -- Derive from [2:0] of real exit_qualification at EPT violation
> + * [5:3] -- Calculated by the page walk of the guest EPT page tables
> + * [7:8] -- Clear to 0.
> + *
> + * The other bits are set to 0.
> + */
> + if (!(errcode & PFERR_RSVD_MASK)) {
> + unsigned long exit_qualification = vcpu->arch.exit_qualification;
> +
> + pte_access = pt_access & pte;
> + vcpu->arch.exit_qualification = ((pte_access & 0x7) << 3) |
> + (exit_qualification & 0x7);
> + }
> +#endif
This specified operations can be move to nested_ept_inject_page_fault()?
next prev parent reply other threads:[~2013-05-21 10:56 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-19 4:52 [PATCH v3 01/13] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 02/13] nEPT: Move gpte_access() and prefetch_invalid_gpte() to paging_tmpl.h Jun Nakajima
2013-05-20 12:34 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 03/13] nEPT: Add EPT tables support " Jun Nakajima
2013-05-21 7:52 ` Xiao Guangrong
2013-05-21 8:30 ` Xiao Guangrong
2013-05-21 9:01 ` Gleb Natapov
2013-05-21 11:05 ` Xiao Guangrong
2013-05-21 22:26 ` Nakajima, Jun
2013-05-22 1:10 ` Xiao Guangrong
2013-05-22 6:16 ` Gleb Natapov
2013-06-11 11:32 ` Gleb Natapov
2013-06-17 12:11 ` Xiao Guangrong
2013-06-18 10:57 ` Gleb Natapov
2013-06-18 12:51 ` Xiao Guangrong
2013-06-18 13:01 ` Gleb Natapov
2013-05-19 4:52 ` [PATCH v3 04/13] nEPT: Define EPT-specific link_shadow_page() Jun Nakajima
2013-05-20 12:43 ` Paolo Bonzini
2013-05-21 8:15 ` Xiao Guangrong
2013-05-21 21:44 ` Nakajima, Jun
2013-05-19 4:52 ` [PATCH v3 05/13] nEPT: MMU context for nested EPT Jun Nakajima
2013-05-21 8:50 ` Xiao Guangrong
2013-05-21 22:30 ` Nakajima, Jun
2013-05-19 4:52 ` [PATCH v3 06/13] nEPT: Fix cr3 handling in nested exit and entry Jun Nakajima
2013-05-20 13:19 ` Paolo Bonzini
2013-06-12 12:42 ` Gleb Natapov
2013-05-19 4:52 ` [PATCH v3 07/13] nEPT: Fix wrong test in kvm_set_cr3 Jun Nakajima
2013-05-20 13:17 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 08/13] nEPT: Some additional comments Jun Nakajima
2013-05-20 13:21 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 09/13] nEPT: Advertise EPT to L1 Jun Nakajima
2013-05-20 13:05 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 10/13] nEPT: Nested INVEPT Jun Nakajima
2013-05-20 12:46 ` Paolo Bonzini
2013-05-21 9:16 ` Xiao Guangrong
2013-05-19 4:52 ` [PATCH v3 11/13] nEPT: Miscelleneous cleanups Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 12/13] nEPT: Move is_rsvd_bits_set() to paging_tmpl.h Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 13/13] nEPT: Inject EPT violation/misconfigration Jun Nakajima
2013-05-20 13:09 ` Paolo Bonzini
2013-05-21 10:56 ` Xiao Guangrong [this message]
2013-05-20 12:33 ` [PATCH v3 01/13] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Paolo Bonzini
2013-07-02 3:01 ` Zhang, Yang Z
2013-07-02 13:59 ` Gleb Natapov
2013-07-02 14:28 ` Jan Kiszka
2013-07-02 15:15 ` Gleb Natapov
2013-07-02 15:34 ` Jan Kiszka
2013-07-02 15:43 ` Gleb Natapov
2013-07-04 8:42 ` Zhang, Yang Z
2013-07-08 12:37 ` Gleb Natapov
2013-07-08 14:28 ` Zhang, Yang Z
2013-07-08 16:08 ` Gleb Natapov
-- strict thread matches above, loose matches on Subject: below --
2013-05-09 0:53 Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 02/13] nEPT: Move gpte_access() and prefetch_invalid_gpte() to paging_tmpl.h Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 03/13] nEPT: Add EPT tables support " Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 04/13] nEPT: Define EPT-specific link_shadow_page() Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 05/13] nEPT: MMU context for nested EPT Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 06/13] nEPT: Fix cr3 handling in nested exit and entry Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 07/13] nEPT: Fix wrong test in kvm_set_cr3 Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 08/13] nEPT: Some additional comments Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 09/13] nEPT: Advertise EPT to L1 Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 10/13] nEPT: Nested INVEPT Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 11/13] nEPT: Miscelleneous cleanups Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 12/13] nEPT: Move is_rsvd_bits_set() to paging_tmpl.h Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 13/13] nEPT: Inject EPT violation/misconfigration Jun Nakajima
2013-05-14 12:41 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=519B52C9.8060804@linux.vnet.ibm.com \
--to=xiaoguangrong@linux.vnet.ibm.com \
--cc=gleb@redhat.com \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.