From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gleb Natapov Subject: Re: KVM: VMX: disable SMEP feature when guest is in non-paging mode Date: Sun, 3 Feb 2013 15:56:43 +0200 Message-ID: <20130203135643.GG23213@redhat.com> References: <1359707407-12981-1-git-send-email-dongxiao.xu@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org To: Dongxiao Return-path: Received: from mx1.redhat.com ([209.132.183.28]:40469 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752857Ab3BCN4p (ORCPT ); Sun, 3 Feb 2013 08:56:45 -0500 Content-Disposition: inline In-Reply-To: <1359707407-12981-1-git-send-email-dongxiao.xu@intel.com> Sender: kvm-owner@vger.kernel.org List-ID: On Fri, Feb 01, 2013 at 08:30:07AM -0000, Xu wrote: > SMEP is disabled if CPU is in non-paging mode in hardware. > However KVM always uses paging mode to emulate guest non-paging > mode with HAP. Not always, only if unrestricted mode is disabled, since vm86 mode, that is used otherwise, requires paging. > To emulate this behavior, SMEP needs to be manually > disabled when guest switches to non-paging mode. > > We met an issue that, SMP Linux guest with recent kernel (enable > SMEP support, for example, 3.5.3) would crash with triple fault if > setting unrestricted_guest=0. This is because KVM uses an identity > mapping page table to emulate the non-paging mode, where the page > table is set with USER flag. If SMEP is still enabled in this case, > guest will meet unhandlable page fault and then crash. > > Signed-off-by: Dongxiao Xu > Signed-off-by: Xiantao Zhang Reviewed-by: Gleb Natapov But HAP is XEN terminology AFAIK. KVM speak is tdp (two dimensional paging). If would be nice to change it in the commit message and the comment before committing. > > --- > arch/x86/kvm/vmx.c | 8 ++++++++ > 1 files changed, 8 insertions(+), 0 deletions(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 9120ae1..e82f20d 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -3155,6 +3155,14 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) > if (!is_paging(vcpu)) { > hw_cr4 &= ~X86_CR4_PAE; > hw_cr4 |= X86_CR4_PSE; > + /* > + * SMEP is disabled if CPU is in non-paging mode in > + * hardware. However KVM always uses paging mode to > + * emulate guest non-paging mode with HAP. > + * To emulate this behavior, SMEP needs to be manually > + * disabled when guest switches to non-paging mode. > + */ > + hw_cr4 &= ~X86_CR4_SMEP; > } else if (!(cr4 & X86_CR4_PAE)) { > hw_cr4 &= ~X86_CR4_PAE; > } -- Gleb.