From: Jun Nakajima <jun.nakajima@intel.com>
To: kvm@vger.kernel.org
Subject: [PATCH 04/11] nEPT: Fix cr3 handling in nested exit and entry
Date: Thu, 25 Apr 2013 23:43:24 -0700 [thread overview]
Message-ID: <1366958611-6935-4-git-send-email-jun.nakajima@intel.com> (raw)
In-Reply-To: <1366958611-6935-3-git-send-email-jun.nakajima@intel.com>
The existing code for handling cr3 and related VMCS fields during nested
exit and entry wasn't correct in all cases:
If L2 is allowed to control cr3 (and this is indeed the case in nested EPT),
during nested exit we must copy the modified cr3 from vmcs02 to vmcs12, and
we forgot to do so. This patch adds this copy.
If L0 isn't controlling cr3 when running L2 (i.e., L0 is using EPT), and
whoever does control cr3 (L1 or L2) is using PAE, the processor might have
saved PDPTEs and we should also save them in vmcs12 (and restore later).
Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>
Signed-off-by: Xinhao Xu <xinhao.xu@intel.com>
---
arch/x86/kvm/vmx.c | 37 ++++++++++++++++++++++++++++++++++++-
1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 6ab53ca..26a1b6f 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -7163,10 +7163,26 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
vmx_set_cr4(vcpu, vmcs12->guest_cr4);
vmcs_writel(CR4_READ_SHADOW, nested_read_cr4(vmcs12));
- /* shadow page tables on either EPT or shadow page tables */
+ /*
+ * Note that kvm_set_cr3() and kvm_mmu_reset_context() will do the
+ * right thing, and set GUEST_CR3 and/or EPT_POINTER in all supported
+ * settings: 1. shadow page tables on shadow page tables, 2. shadow
+ * page tables on EPT, 3. EPT on EPT.
+ */
kvm_set_cr3(vcpu, vmcs12->guest_cr3);
kvm_mmu_reset_context(vcpu);
+ /*
+ * Additionally, except when L0 is using shadow page tables, L1 or
+ * L2 control guest_cr3 for L2, so they may also have saved PDPTEs
+ */
+ if (enable_ept) {
+ vmcs_write64(GUEST_PDPTR0, vmcs12->guest_pdptr0);
+ vmcs_write64(GUEST_PDPTR1, vmcs12->guest_pdptr1);
+ vmcs_write64(GUEST_PDPTR2, vmcs12->guest_pdptr2);
+ vmcs_write64(GUEST_PDPTR3, vmcs12->guest_pdptr3);
+ }
+
kvm_register_write(vcpu, VCPU_REGS_RSP, vmcs12->guest_rsp);
kvm_register_write(vcpu, VCPU_REGS_RIP, vmcs12->guest_rip);
}
@@ -7398,6 +7414,25 @@ void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
vmcs12->guest_pending_dbg_exceptions =
vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
+ /*
+ * In some cases (usually, nested EPT), L2 is allowed to change its
+ * own CR3 without exiting. If it has changed it, we must keep it.
+ * Of course, if L0 is using shadow page tables, GUEST_CR3 was defined
+ * by L0, not L1 or L2, so we mustn't unconditionally copy it to vmcs12.
+ */
+ if (enable_ept)
+ vmcs12->guest_cr3 = vmcs_read64(GUEST_CR3);
+ /*
+ * Additionally, except when L0 is using shadow page tables, L1 or
+ * L2 control guest_cr3 for L2, so save their PDPTEs
+ */
+ if (enable_ept) {
+ vmcs12->guest_pdptr0 = vmcs_read64(GUEST_PDPTR0);
+ vmcs12->guest_pdptr1 = vmcs_read64(GUEST_PDPTR1);
+ vmcs12->guest_pdptr2 = vmcs_read64(GUEST_PDPTR2);
+ vmcs12->guest_pdptr3 = vmcs_read64(GUEST_PDPTR3);
+ }
+
/* TODO: These cannot have changed unless we have MSR bitmaps and
* the relevant bit asks not to trap the change */
vmcs12->guest_ia32_debugctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
--
1.8.2.1.610.g562af5b
next prev parent reply other threads:[~2013-04-26 6:43 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-26 6:43 [PATCH 01/11] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Jun Nakajima
2013-04-26 6:43 ` [PATCH 02/11] nEPT: Add EPT tables support to paging_tmpl.h Jun Nakajima
2013-04-26 6:43 ` [PATCH 03/11] nEPT: MMU context for nested EPT Jun Nakajima
2013-04-26 6:43 ` Jun Nakajima [this message]
2013-04-26 6:43 ` [PATCH 05/11] nEPT: Fix wrong test in kvm_set_cr3 Jun Nakajima
2013-04-26 6:43 ` [PATCH 06/11] nEPT: Some additional comments Jun Nakajima
2013-04-26 6:43 ` [PATCH 07/11] nEPT: Advertise EPT to L1 Jun Nakajima
2013-04-26 6:43 ` [PATCH 08/11] nEPT: Nested INVEPT Jun Nakajima
2013-04-26 6:43 ` [PATCH 09/11] nEPT: Documentation Jun Nakajima
2013-04-26 6:43 ` [PATCH 10/11] nEPT: Miscelleneous cleanups Jun Nakajima
2013-04-26 6:43 ` [PATCH 11/11] nEPT: Provide the correct exit qualification upon EPT Jun Nakajima
2013-04-27 6:42 ` Xu, Xinhao
2013-04-28 9:35 ` Jan Kiszka
2013-05-02 6:59 ` Xu, Xinhao
2013-05-02 8:50 ` Jan Kiszka
2013-04-29 15:37 ` Paolo Bonzini
2013-04-29 15:50 ` Nakajima, Jun
2013-04-29 15:12 ` [PATCH 10/11] nEPT: Miscelleneous cleanups Paolo Bonzini
2013-04-28 9:22 ` [PATCH 07/11] nEPT: Advertise EPT to L1 Jan Kiszka
2013-04-29 15:05 ` [PATCH 02/11] nEPT: Add EPT tables support to paging_tmpl.h Paolo Bonzini
2013-05-02 23:54 ` Marcelo Tosatti
2013-05-03 17:27 ` Nakajima, Jun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1366958611-6935-4-git-send-email-jun.nakajima@intel.com \
--to=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox