From: Gleb Natapov <gleb@redhat.com>
To: Dongxiao <dongxiao.xu@intel.com>
Cc: kvm@vger.kernel.org
Subject: Re: KVM: VMX: disable SMEP feature when guest is in non-paging mode
Date: Sun, 3 Feb 2013 15:56:43 +0200 [thread overview]
Message-ID: <20130203135643.GG23213@redhat.com> (raw)
In-Reply-To: <1359707407-12981-1-git-send-email-dongxiao.xu@intel.com>
On Fri, Feb 01, 2013 at 08:30:07AM -0000, Xu wrote:
> SMEP is disabled if CPU is in non-paging mode in hardware.
> However KVM always uses paging mode to emulate guest non-paging
> mode with HAP.
Not always, only if unrestricted mode is disabled, since vm86 mode, that
is used otherwise, requires paging.
> To emulate this behavior, SMEP needs to be manually
> disabled when guest switches to non-paging mode.
>
> We met an issue that, SMP Linux guest with recent kernel (enable
> SMEP support, for example, 3.5.3) would crash with triple fault if
> setting unrestricted_guest=0. This is because KVM uses an identity
> mapping page table to emulate the non-paging mode, where the page
> table is set with USER flag. If SMEP is still enabled in this case,
> guest will meet unhandlable page fault and then crash.
>
> Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
> Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>
Reviewed-by: Gleb Natapov <gleb@redhat.com>
But HAP is XEN terminology AFAIK. KVM speak is tdp (two dimensional
paging). If would be nice to change it in the commit message and the
comment before committing.
>
> ---
> arch/x86/kvm/vmx.c | 8 ++++++++
> 1 files changed, 8 insertions(+), 0 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 9120ae1..e82f20d 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3155,6 +3155,14 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
> if (!is_paging(vcpu)) {
> hw_cr4 &= ~X86_CR4_PAE;
> hw_cr4 |= X86_CR4_PSE;
> + /*
> + * SMEP is disabled if CPU is in non-paging mode in
> + * hardware. However KVM always uses paging mode to
> + * emulate guest non-paging mode with HAP.
> + * To emulate this behavior, SMEP needs to be manually
> + * disabled when guest switches to non-paging mode.
> + */
> + hw_cr4 &= ~X86_CR4_SMEP;
> } else if (!(cr4 & X86_CR4_PAE)) {
> hw_cr4 &= ~X86_CR4_PAE;
> }
--
Gleb.
next prev parent reply other threads:[~2013-02-03 13:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-01 8:30 [PATCH] KVM: VMX: disable SMEP feature when guest is in non-paging mode Dongxiao Xu
2013-02-01 23:08 ` Paolo Bonzini
2013-02-03 13:56 ` Gleb Natapov [this message]
2013-02-04 4:02 ` Xu, Dongxiao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130203135643.GG23213@redhat.com \
--to=gleb@redhat.com \
--cc=dongxiao.xu@intel.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox