Re: [PATCH] KVM: x86: fix bogus warning about reserved bits

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: Borislav Petkov <bp@alien8.de>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [PATCH] KVM: x86: fix bogus warning about reserved bits
Date: Tue, 22 Sep 2015 23:04:38 +0200	[thread overview]
Message-ID: <5601C266.4060601@redhat.com> (raw)
In-Reply-To: <20150922175647.GC3568@pd.tnic>



On 22/09/2015 19:56, Borislav Petkov wrote:
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index 69088a1ba509..3ce2b74c75dc 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -3322,7 +3322,7 @@ walk_shadow_page_get_mmio_spte(struct kvm_vcpu *vcpu, u64 addr, u64 *sptep)
>  			break;
>  
>  		reserved |= is_shadow_zero_bits_set(&vcpu->arch.mmu, spte,
> -						    leaf);
> +						    iterator.level);
>  	}
>  
>  	walk_shadow_page_lockless_end(vcpu);
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index c0b9ff3e1aec..a44f8fed9be1 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -7063,13 +7063,16 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,
>  						unsigned int id)
>  {
>  	struct kvm_vcpu *vcpu;
> +	int idx;
>  
>  	if (check_tsc_unstable() && atomic_read(&kvm->online_vcpus) != 0)
>  		printk_once(KERN_WARNING
>  		"kvm: SMP vm created on host with unstable TSC; "
>  		"guest TSC will not be reliable\n");
>  
> +	idx = srcu_read_lock(&kvm->srcu);
>  	vcpu = kvm_x86_ops->vcpu_create(kvm, id);
> +	srcu_read_unlock(&kvm->srcu, idx);
>  
>  	return vcpu;
>  }

Yup, looks good.

Let's add more debugging output:

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 3ce2b74c75dc..bf1122e9c7bf 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -3268,23 +3268,28 @@ static gpa_t nonpaging_gva_to_gpa_nested(struct kvm_vcpu *vcpu, gva_t vaddr,
 	return vcpu->arch.nested_mmu.translate_gpa(vcpu, vaddr, access, exception);
 }
 
-static bool
-__is_rsvd_bits_set(struct rsvd_bits_validate *rsvd_check, u64 pte, int level)
+static u64
+rsvd_bits_set(struct rsvd_bits_validate *rsvd_check, u64 pte, int level)
 {
 	int bit7 = (pte >> 7) & 1, low6 = pte & 0x3f;
+	u64 mask = rsvd_check->rsvd_bits_mask[bit7][level-1];
+
+	if (unlikely(pte & mask))
+		return mask;
+	if (unlikely(rsvd_check->bad_mt_xwr & (1ull << low6)))
+		return rsvd_check->bad_mt_xwr;
 
-	return (pte & rsvd_check->rsvd_bits_mask[bit7][level-1]) |
-		((rsvd_check->bad_mt_xwr & (1ull << low6)) != 0);
+	return 0;
 }
 
 static bool is_rsvd_bits_set(struct kvm_mmu *mmu, u64 gpte, int level)
 {
-	return __is_rsvd_bits_set(&mmu->guest_rsvd_check, gpte, level);
+	return rsvd_bits_set(&mmu->guest_rsvd_check, gpte, level) != 0;
 }
 
-static bool is_shadow_zero_bits_set(struct kvm_mmu *mmu, u64 spte, int level)
+static u64 shadow_rsvd_bits_set(struct kvm_mmu *mmu, u64 spte, int level)
 {
-	return __is_rsvd_bits_set(&mmu->shadow_zero_check, spte, level);
+	return rsvd_bits_set(&mmu->shadow_zero_check, spte, level);
 }
 
 static bool quickly_check_mmio_pf(struct kvm_vcpu *vcpu, u64 addr, bool direct)
@@ -3302,6 +3307,7 @@ walk_shadow_page_get_mmio_spte(struct kvm_vcpu *vcpu, u64 addr, u64 *sptep)
 	struct kvm_shadow_walk_iterator iterator;
 	u64 sptes[PT64_ROOT_LEVEL], spte = 0ull;
 	int root, leaf;
+	u64 result;
 	bool reserved = false;
 
 	if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
@@ -3321,15 +3327,20 @@ walk_shadow_page_get_mmio_spte(struct kvm_vcpu *vcpu, u64 addr, u64 *sptep)
 		if (!is_shadow_present_pte(spte))
 			break;
 
-		reserved |= is_shadow_zero_bits_set(&vcpu->arch.mmu, spte,
-						    iterator.level);
+		result = shadow_rsvd_bits_set(&vcpu->arch.mmu, spte,
+					      iterator.level);
+		if (unlikely(result)) {
+			pr_err("%s: detect reserved bits on spte, addr 0x%llx "
+			       "(level %d, 0x%llx)\n",
+			       __func__, addr, iterator.level, result);
+			reserved = true;
+		}
 	}
 
 	walk_shadow_page_lockless_end(vcpu);
 
 	if (reserved) {
-		pr_err("%s: detect reserved bits on spte, addr 0x%llx, dump hierarchy:\n",
-		       __func__, addr);
+		pr_err("dump hierarchy:\n");
 		while (root > leaf) {
 			pr_err("------ spte 0x%llx level %d.\n",
 			       sptes[root - 1], root);

> [   49.456533] walk_shadow_page_get_mmio_spte: detect reserved bits on spte, addr 0xb8000, dump hierarchy:
> [   49.465945] ------ spte 0x416ed9027 level 4.
> [   49.470221] ------ spte 0x416888027 level 3.
> [   49.474494] ------ spte 0x41694f027 level 2.
> [   49.474495] ------ spte 0xffff0000000b8f67 level 1.

Thus same as before.

Just to be safe, can you try using "-cpu host" on the QEMU command
line and see if it changes anything?  This would catch things such
as an Intel CPUID on an AMD host.

Paolo

> [   49.474496] ------------[ cut here ]------------
> [   49.474515] WARNING: CPU: 4 PID: 3540 at arch/x86/kvm/mmu.c:3385 handle_mmio_page_fault.part.57+0x1a/0x20 [kvm]()
> [   49.474555] Modules linked in: tun sha256_ssse3 sha256_generic drbg binfmt_misc ipv6 vfat fat fuse dm_crypt dm_mod kvm_amd kvm crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd amd64_edac_mod fam15h_power k10temp edac_core amdkfd amd_iommu_v2 radeon acpi_cpufreq
> [   49.474560] CPU: 4 PID: 3540 Comm: qemu-system-x86 Not tainted 4.3.0-rc2+ #2
> [   49.474562] Hardware name: To be filled by O.E.M. To be filled by O.E.M./M5A97 EVO R2.0, BIOS 1503 01/16/2013
> [   49.474569]  ffffffffa032f8b2 ffff880416a73b78 ffffffff812c758a 0000000000000000
> [   49.474574]  ffff880416a73bb0 ffffffff810534c1 ffff8804171b0000 000000000000000f
> [   49.474578]  00000000000b8000 0000000000000000 00000000ffffffff ffff880416a73bc0
> [   49.474579] Call Trace:
> [   49.474586]  [<ffffffff812c758a>] dump_stack+0x4e/0x84
> [   49.474589]  [<ffffffff810534c1>] warn_slowpath_common+0x91/0xd0
> [   49.474592]  [<ffffffff810535ba>] warn_slowpath_null+0x1a/0x20
> [   49.474603]  [<ffffffffa0301a5a>] handle_mmio_page_fault.part.57+0x1a/0x20 [kvm]
> [   49.474615]  [<ffffffffa0309350>] tdp_page_fault+0x2a0/0x2b0 [kvm]
> [   49.474620]  [<ffffffff810a282d>] ? __lock_acquire+0x57d/0x17a0
> [   49.474633]  [<ffffffffa03035a5>] kvm_mmu_page_fault+0x35/0x240 [kvm]
> [   49.474637]  [<ffffffffa03886b8>] pf_interception+0x108/0x1d0 [kvm_amd]
> [   49.474642]  [<ffffffffa038ad10>] handle_exit+0x150/0xa40 [kvm_amd]
> [   49.474662]  [<ffffffffa02fa398>] ? kvm_arch_vcpu_ioctl_run+0x4c8/0x16f0 [kvm]
> [   49.474674]  [<ffffffffa02fa403>] kvm_arch_vcpu_ioctl_run+0x533/0x16f0 [kvm]
> [   49.474686]  [<ffffffffa02fa398>] ? kvm_arch_vcpu_ioctl_run+0x4c8/0x16f0 [kvm]
> [   49.474690]  [<ffffffff816bd852>] ? mutex_lock_killable_nested+0x312/0x480
> [   49.474700]  [<ffffffffa02e1979>] ? kvm_vcpu_ioctl+0x79/0x6f0 [kvm]
> [   49.474705]  [<ffffffff8107e133>] ? preempt_count_sub+0xb3/0x110
> [   49.474715]  [<ffffffffa02e1c3f>] kvm_vcpu_ioctl+0x33f/0x6f0 [kvm]
> [   49.474719]  [<ffffffff811939d7>] do_vfs_ioctl+0x2d7/0x530
> [   49.474722]  [<ffffffff8119f889>] ? __fget_light+0x29/0x90
> [   49.474724]  [<ffffffff81193c7c>] SyS_ioctl+0x4c/0x90
> [   49.474729]  [<ffffffff816c1a9b>] entry_SYSCALL_64_fastpath+0x16/0x73
> [   49.474732] ---[ end trace 0e0be3552b84977c ]---
> 
> 
> Thanks.
>

next prev parent reply	other threads:[~2015-09-22 21:04 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-22  8:25 [PATCH] KVM: x86: fix bogus warning about reserved bits Paolo Bonzini
2015-09-22 17:56 ` Borislav Petkov
2015-09-22 21:04   ` Paolo Bonzini [this message]
2015-09-23  7:56     ` Borislav Petkov
2015-09-23  8:34       ` Paolo Bonzini
2015-09-23  9:36       ` Paolo Bonzini
2015-09-23 11:07         ` Borislav Petkov
2015-09-23 12:50           ` Paolo Bonzini
2015-09-24  3:23         ` Xiao Guangrong
2015-09-24 10:12           ` Borislav Petkov
2015-09-25  7:49             ` Paolo Bonzini
2015-09-28  3:16               ` Xiao Guangrong

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3ce2b74c75d dfblob:bf1122e9c7b )
 OR (
bs:"Re: [PATCH] KVM: x86: fix bogus warning about reserved bits" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5601C266.4060601@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=bp@alien8.de \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.