[PATCH] allow enabling/disabling NPT by reloading only the architecture module

[PATCH] allow enabling/disabling NPT by reloading only the architecture module

[Joerg Roedel]

If NPT is enabled after loading both KVM modules on AMD and it should be
disabled, both KVM modules must be reloaded. If only the architecture module is
reloaded the behavior is undefined. With this patch it is possible to disable
NPT only by reloading the kvm_amd module.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
 arch/x86/kvm/mmu.c         |    6 ++++++
 arch/x86/kvm/svm.c         |    3 ++-
 include/asm-x86/kvm_host.h |    1 +
 3 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index bcd0adb..6376e50 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -1874,6 +1874,12 @@ void kvm_enable_tdp(void)
 }
 EXPORT_SYMBOL_GPL(kvm_enable_tdp);
 
+void kvm_disable_tdp(void)
+{
+	tdp_enabled = false;
+}
+EXPORT_SYMBOL_GPL(kvm_disable_tdp);
+
 static void free_mmu_pages(struct kvm_vcpu *vcpu)
 {
 	struct kvm_mmu_page *sp;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 0c3320e..09e753f 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -452,7 +452,8 @@ static __init int svm_hardware_setup(void)
 	if (npt_enabled) {
 		printk(KERN_INFO "kvm: Nested Paging enabled\n");
 		kvm_enable_tdp();
-	}
+	} else
+		kvm_disable_tdp();
 
 	return 0;
 
diff --git a/include/asm-x86/kvm_host.h b/include/asm-x86/kvm_host.h
index b893a85..f760749 100644
--- a/include/asm-x86/kvm_host.h
+++ b/include/asm-x86/kvm_host.h
@@ -567,6 +567,7 @@ int kvm_fix_hypercall(struct kvm_vcpu *vcpu);
 int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t gva, u32 error_code);
 
 void kvm_enable_tdp(void);
+void kvm_disable_tdp(void);
 
 int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3);
 int complete_pio(struct kvm_vcpu *vcpu);
-- 
1.5.3.7

Re: [PATCH] allow enabling/disabling NPT by reloading only the architecture module

[Yang, Sheng]

[-- Attachment #1: Type: text/plain, Size: 1829 bytes --]

On Tuesday 15 July 2008 02:36:36 Joerg Roedel wrote:
> If NPT is enabled after loading both KVM modules on AMD and it
> should be disabled, both KVM modules must be reloaded. If only the
> architecture module is reloaded the behavior is undefined. With
> this patch it is possible to disable NPT only by reloading the
> kvm_amd module.
>
> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
> ---


From 3dd7fa4abb1cfc702b3fbd7038d585b541f981a4 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@intel.com>
Date: Tue, 15 Jul 2008 14:18:29 +0800
Subject: [PATCH] KVM: VMX: Fix undefined beaviour of EPT after reload 
kvm-intel.ko

Based on Joerg Roedel's fix for NPT.

Thanks Joerg!

Signed-off-by: Sheng Yang <sheng.yang@intel.com>
---
 arch/x86/kvm/vmx.c |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 5f807e3..374e1ca 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3108,14 +3108,17 @@ static struct kvm_vcpu *vmx_create_vcpu(struct 
kvm *kvm, unsigned int id)
 		return ERR_PTR(-ENOMEM);

 	allocate_vpid(vmx);
-	if (id == 0 && vm_need_ept()) {
-		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
-			VMX_EPT_WRITABLE_MASK |
-			VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
-		kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
+	if (id == 0) {
+		if (vm_need_ept()) {
+			kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
+				VMX_EPT_WRITABLE_MASK |
+				VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
+			kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
 				VMX_EPT_FAKE_DIRTY_MASK, 0ull,
 				VMX_EPT_EXECUTABLE_MASK);
-		kvm_enable_tdp();
+			kvm_enable_tdp();
+		} else
+			kvm_disable_tdp();
 	}

 	err = kvm_vcpu_init(&vmx->vcpu, kvm, id);
--
1.5.4.5


[-- Attachment #2: 0001-KVM-VMX-Fix-undefined-beaviour-of-EPT-after-reload.patch --]
[-- Type: text/x-diff, Size: 1418 bytes --]

From 3dd7fa4abb1cfc702b3fbd7038d585b541f981a4 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@intel.com>
Date: Tue, 15 Jul 2008 14:18:29 +0800
Subject: [PATCH] KVM: VMX: Fix undefined beaviour of EPT after reload kvm-intel.ko

Based on Joerg Roedel's fix for NPT.

Thanks Joerg!

Signed-off-by: Sheng Yang <sheng.yang@intel.com>
---
 arch/x86/kvm/vmx.c |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 5f807e3..374e1ca 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -3108,14 +3108,17 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
 		return ERR_PTR(-ENOMEM);
 
 	allocate_vpid(vmx);
-	if (id == 0 && vm_need_ept()) {
-		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
-			VMX_EPT_WRITABLE_MASK |
-			VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
-		kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
+	if (id == 0) {
+		if (vm_need_ept()) {
+			kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
+				VMX_EPT_WRITABLE_MASK |
+				VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
+			kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
 				VMX_EPT_FAKE_DIRTY_MASK, 0ull,
 				VMX_EPT_EXECUTABLE_MASK);
-		kvm_enable_tdp();
+			kvm_enable_tdp();
+		} else
+			kvm_disable_tdp();
 	}
 
 	err = kvm_vcpu_init(&vmx->vcpu, kvm, id);
-- 
1.5.4.5

Re: [PATCH] allow enabling/disabling NPT by reloading only the architecture module

[Avi Kivity]

Joerg Roedel wrote:
> If NPT is enabled after loading both KVM modules on AMD and it should be
> disabled, both KVM modules must be reloaded. If only the architecture module is
> reloaded the behavior is undefined. With this patch it is possible to disable
> NPT only by reloading the kvm_amd module.
>
>   

Applied, thanks.

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [PATCH] allow enabling/disabling NPT by reloading only the architecture module

[Avi Kivity]

Yang, Sheng wrote:
> On Tuesday 15 July 2008 02:36:36 Joerg Roedel wrote:
>   
>> If NPT is enabled after loading both KVM modules on AMD and it
>> should be disabled, both KVM modules must be reloaded. If only the
>> architecture module is reloaded the behavior is undefined. With
>> this patch it is possible to disable NPT only by reloading the
>> kvm_amd module.
>>
>> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
>> ---
>>     
>
>
> From 3dd7fa4abb1cfc702b3fbd7038d585b541f981a4 Mon Sep 17 00:00:00 2001
> From: Sheng Yang <sheng.yang@intel.com>
> Date: Tue, 15 Jul 2008 14:18:29 +0800
> Subject: [PATCH] KVM: VMX: Fix undefined beaviour of EPT after reload 
> kvm-intel.ko
>
> Based on Joerg Roedel's fix for NPT.
>
> Thanks Joerg!
>
> Signed-off-by: Sheng Yang <sheng.yang@intel.com>
> ---
>  arch/x86/kvm/vmx.c |   15 +++++++++------
>  1 files changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 5f807e3..374e1ca 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3108,14 +3108,17 @@ static struct kvm_vcpu *vmx_create_vcpu(struct 
> kvm *kvm, unsigned int id)
>  		return ERR_PTR(-ENOMEM);
>
>  	allocate_vpid(vmx);
> -	if (id == 0 && vm_need_ept()) {
> -		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
> -			VMX_EPT_WRITABLE_MASK |
> -			VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
> -		kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
> +	if (id == 0) {
> +		if (vm_need_ept()) {
> +			kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
> +				VMX_EPT_WRITABLE_MASK |
> +				VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
> +			kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
>  				VMX_EPT_FAKE_DIRTY_MASK, 0ull,
>  				VMX_EPT_EXECUTABLE_MASK);
> -		kvm_enable_tdp();
> +			kvm_enable_tdp();
> +		} else
> +			kvm_disable_tdp();
>  	}
>
>
>   

hmm, what is this code doing in vmx_create_vcpu()?  surely vmx_init() is 
a better place?


-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [PATCH] allow enabling/disabling NPT by reloading only the architecture module

[Yang, Sheng]

On Tuesday 15 July 2008 18:55:37 Avi Kivity wrote:
> Yang, Sheng wrote:
> > On Tuesday 15 July 2008 02:36:36 Joerg Roedel wrote:
> >> If NPT is enabled after loading both KVM modules on AMD and it
> >> should be disabled, both KVM modules must be reloaded. If only
> >> the architecture module is reloaded the behavior is undefined.
> >> With this patch it is possible to disable NPT only by reloading
> >> the kvm_amd module.
> >>
> >> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
> >> ---
> >
> > From 3dd7fa4abb1cfc702b3fbd7038d585b541f981a4 Mon Sep 17 00:00:00
> > 2001 From: Sheng Yang <sheng.yang@intel.com>
> > Date: Tue, 15 Jul 2008 14:18:29 +0800
> > Subject: [PATCH] KVM: VMX: Fix undefined beaviour of EPT after
> > reload kvm-intel.ko
> >
> > Based on Joerg Roedel's fix for NPT.
> >
> > Thanks Joerg!
> >
> > Signed-off-by: Sheng Yang <sheng.yang@intel.com>
> > ---
> >  arch/x86/kvm/vmx.c |   15 +++++++++------
> >  1 files changed, 9 insertions(+), 6 deletions(-)
> >
> > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> > index 5f807e3..374e1ca 100644
> > --- a/arch/x86/kvm/vmx.c
> > +++ b/arch/x86/kvm/vmx.c
> > @@ -3108,14 +3108,17 @@ static struct kvm_vcpu
> > *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
> >  		return ERR_PTR(-ENOMEM);
> >
> >  	allocate_vpid(vmx);
> > -	if (id == 0 && vm_need_ept()) {
> > -		kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
> > -			VMX_EPT_WRITABLE_MASK |
> > -			VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
> > -		kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
> > +	if (id == 0) {
> > +		if (vm_need_ept()) {
> > +			kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
> > +				VMX_EPT_WRITABLE_MASK |
> > +				VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
> > +			kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
> >  				VMX_EPT_FAKE_DIRTY_MASK, 0ull,
> >  				VMX_EPT_EXECUTABLE_MASK);
> > -		kvm_enable_tdp();
> > +			kvm_enable_tdp();
> > +		} else
> > +			kvm_disable_tdp();
> >  	}
>
> hmm, what is this code doing in vmx_create_vcpu()?  surely
> vmx_init() is a better place?

Oh, may be a historic reason :)

Move it to vmx_init() now.

-- 
regards
Yang, Sheng