[RFC][PATCH] Add support for the GUEST_SMBASE VMCS field for Intel VT-x.

[RFC][PATCH] Add support for the GUEST_SMBASE VMCS field for Intel VT-x.

[Matthias Lange]

[-- Attachment #1: Type: text/plain, Size: 878 bytes --]

Hi,

I was playing around with kvm's nested virtualization feature on Intel
VT-x. When trying to access the GUEST_SMBASE (offset 0x4828)field of the
VMCS I got a "VMREAD/VMWRITE from/to unsupported VMCS component" error.
According to the Intel manual this field is not optional. The error
results from the "vmcs_field_to_offset" function in vmx.c because the
offset of GUEST_SMBASE is not defined.

The following patch adds support for the GUEST_SMBASE field. This allows
hypervisors running inside kvm read/write access to this field. I have
tested this to work on a Core i5 machine.

Best,
Matthias.


-- 
Dipl.-Inf. Matthias Lange <mlange@sec.t-labs.tu-berlin.de>
Security in Telecommunications
TU Berlin / Telekom Innovation Laboratories
Ernst-Reuter-Platz 7, 10587 Berlin
Phone: +49 - 30 - 8353 58 553
Mobile: +49 - 160 - 587 28 07
Web: http://www.t-labs.tu-berlin.de/sect

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Add-support-for-the-GUEST_SMBASE-VMCS-field-for-Inte.patch --]
[-- Type: text/x-patch; name="0001-Add-support-for-the-GUEST_SMBASE-VMCS-field-for-Inte.patch", Size: 1731 bytes --]

From 266eaaea392db8ed9b94223785454124a2bd765e Mon Sep 17 00:00:00 2001
From: Matthias Lange <mlange@sec.t-labs.tu-berlin.de>
Date: Fri, 18 May 2012 10:58:00 +0200
Subject: [PATCH] Add support for the GUEST_SMBASE VMCS field for Intel VT-x.
 According to the Intel manual this field is not optional.

---
 arch/x86/include/asm/vmx.h |    1 +
 arch/x86/kvm/vmx.c         |    2 ++
 2 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 31f180c..6a14720 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -194,6 +194,7 @@ enum vmcs_field {
 	GUEST_TR_AR_BYTES               = 0x00004822,
 	GUEST_INTERRUPTIBILITY_INFO     = 0x00004824,
 	GUEST_ACTIVITY_STATE            = 0X00004826,
+	GUEST_SMBASE			= 0x00004828,
 	GUEST_SYSENTER_CS               = 0x0000482A,
 	HOST_IA32_SYSENTER_CS           = 0x00004c00,
 	CR0_GUEST_HOST_MASK             = 0x00006000,
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 4ff0ab9..0063743 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -285,6 +285,7 @@ struct __packed vmcs12 {
 	u32 guest_tr_ar_bytes;
 	u32 guest_interruptibility_info;
 	u32 guest_activity_state;
+	u32 guest_smbase;
 	u32 guest_sysenter_cs;
 	u32 host_ia32_sysenter_cs;
 	u32 padding32[8]; /* room for future expansion */
@@ -546,6 +547,7 @@ static unsigned short vmcs_field_to_offset_table[] = {
 	FIELD(GUEST_TR_BASE, guest_tr_base),
 	FIELD(GUEST_GDTR_BASE, guest_gdtr_base),
 	FIELD(GUEST_IDTR_BASE, guest_idtr_base),
+	FIELD(GUEST_SMBASE, guest_smbase),
 	FIELD(GUEST_DR7, guest_dr7),
 	FIELD(GUEST_RSP, guest_rsp),
 	FIELD(GUEST_RIP, guest_rip),
-- 
1.7.1

Re: [RFC][PATCH] Add support for the GUEST_SMBASE VMCS field for Intel VT-x.

[Avi Kivity]

On 05/18/2012 12:34 PM, Matthias Lange wrote:
> Hi,
>
> I was playing around with kvm's nested virtualization feature on Intel
> VT-x. When trying to access the GUEST_SMBASE (offset 0x4828)field of the
> VMCS I got a "VMREAD/VMWRITE from/to unsupported VMCS component" error.
> According to the Intel manual this field is not optional. The error
> results from the "vmcs_field_to_offset" function in vmx.c because the
> offset of GUEST_SMBASE is not defined.
>
> The following patch adds support for the GUEST_SMBASE field. This allows
> hypervisors running inside kvm read/write access to this field. I have
> tested this to work on a Core i5 machine.
>
> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> index 31f180c..6a14720 100644
> --- a/arch/x86/include/asm/vmx.h
> +++ b/arch/x86/include/asm/vmx.h
> @@ -194,6 +194,7 @@ enum vmcs_field {
>  	GUEST_TR_AR_BYTES               = 0x00004822,
>  	GUEST_INTERRUPTIBILITY_INFO     = 0x00004824,
>  	GUEST_ACTIVITY_STATE            = 0X00004826,
> +	GUEST_SMBASE			= 0x00004828,
>  	GUEST_SYSENTER_CS               = 0x0000482A,
>  	HOST_IA32_SYSENTER_CS           = 0x00004c00,
>  	CR0_GUEST_HOST_MASK             = 0x00006000,
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 4ff0ab9..0063743 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -285,6 +285,7 @@ struct __packed vmcs12 {
>  	u32 guest_tr_ar_bytes;
>  	u32 guest_interruptibility_info;
>  	u32 guest_activity_state;
> +	u32 guest_smbase;
>  	u32 guest_sysenter_cs;
>  	u32 host_ia32_sysenter_cs;
>  	u32 padding32[8]; /* room for future expansion */
> @@ -546,6 +547,7 @@ static unsigned short vmcs_field_to_offset_table[] = {
>

vmcs12 is an ABI, so you can't insert fields at random.  Grab one from
padding32.

-- 
error compiling committee.c: too many arguments to function

Re: [RFC][PATCH] Add support for the GUEST_SMBASE VMCS field for Intel VT-x.

[Matthias Lange]

On Sun, May 20, 2012 at 03:39:30PM +0300, Avi Kivity wrote:
> On 05/18/2012 12:34 PM, Matthias Lange wrote:
> > The following patch adds support for the GUEST_SMBASE field. This allows
> > hypervisors running inside kvm read/write access to this field. I have
> > tested this to work on a Core i5 machine.
> >
> > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> > index 31f180c..6a14720 100644
> > --- a/arch/x86/include/asm/vmx.h
> > +++ b/arch/x86/include/asm/vmx.h
> > @@ -194,6 +194,7 @@ enum vmcs_field {
> >  	GUEST_TR_AR_BYTES               = 0x00004822,
> >  	GUEST_INTERRUPTIBILITY_INFO     = 0x00004824,
> >  	GUEST_ACTIVITY_STATE            = 0X00004826,
> > +	GUEST_SMBASE			= 0x00004828,
> >  	GUEST_SYSENTER_CS               = 0x0000482A,
> >  	HOST_IA32_SYSENTER_CS           = 0x00004c00,
> >  	CR0_GUEST_HOST_MASK             = 0x00006000,
> > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> > index 4ff0ab9..0063743 100644
> > --- a/arch/x86/kvm/vmx.c
> > +++ b/arch/x86/kvm/vmx.c
> > @@ -285,6 +285,7 @@ struct __packed vmcs12 {
> >  	u32 guest_tr_ar_bytes;
> >  	u32 guest_interruptibility_info;
> >  	u32 guest_activity_state;
> > +	u32 guest_smbase;
> >  	u32 guest_sysenter_cs;
> >  	u32 host_ia32_sysenter_cs;
> >  	u32 padding32[8]; /* room for future expansion */
> > @@ -546,6 +547,7 @@ static unsigned short vmcs_field_to_offset_table[] = {
> >
> 
> vmcs12 is an ABI, so you can't insert fields at random.  Grab one from
> padding32.

Do you mean the ABI defined in the Intel Software Developer's manual 3B? Or is
vmcs12 only an ABI internal to the kvm module?

I understand that my patch is wrong because I need to decrease the size of
padding32. I tested the patch by running Ubuntu 12.04 as the L1 guest and
Tinycore Linux as the L2 guest.

Let me know what you think.

Matthias.


-- 
Dipl.-Inf. Matthias Lange <mlange@sec.t-labs.tu-berlin.de>
Security in Telecommunications
TU Berlin / Telekom Innovation Laboratories
Ernst-Reuter-Platz 7, 10587 Berlin
Phone: +49 - 30 - 8353 58 553
Mobile: +49 - 160 - 587 28 07
Web: http://www.t-labs.tu-berlin.de/sect

Re: [RFC][PATCH] Add support for the GUEST_SMBASE VMCS field for Intel VT-x.

[Avi Kivity]

On 06/05/2012 02:59 PM, Matthias Lange wrote:
> On Sun, May 20, 2012 at 03:39:30PM +0300, Avi Kivity wrote:
>> On 05/18/2012 12:34 PM, Matthias Lange wrote:
>> > The following patch adds support for the GUEST_SMBASE field. This allows
>> > hypervisors running inside kvm read/write access to this field. I have
>> > tested this to work on a Core i5 machine.
>> >
>> > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
>> > index 31f180c..6a14720 100644
>> > --- a/arch/x86/include/asm/vmx.h
>> > +++ b/arch/x86/include/asm/vmx.h
>> > @@ -194,6 +194,7 @@ enum vmcs_field {
>> >  	GUEST_TR_AR_BYTES               = 0x00004822,
>> >  	GUEST_INTERRUPTIBILITY_INFO     = 0x00004824,
>> >  	GUEST_ACTIVITY_STATE            = 0X00004826,
>> > +	GUEST_SMBASE			= 0x00004828,
>> >  	GUEST_SYSENTER_CS               = 0x0000482A,
>> >  	HOST_IA32_SYSENTER_CS           = 0x00004c00,
>> >  	CR0_GUEST_HOST_MASK             = 0x00006000,
>> > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> > index 4ff0ab9..0063743 100644
>> > --- a/arch/x86/kvm/vmx.c
>> > +++ b/arch/x86/kvm/vmx.c
>> > @@ -285,6 +285,7 @@ struct __packed vmcs12 {
>> >  	u32 guest_tr_ar_bytes;
>> >  	u32 guest_interruptibility_info;
>> >  	u32 guest_activity_state;
>> > +	u32 guest_smbase;
>> >  	u32 guest_sysenter_cs;
>> >  	u32 host_ia32_sysenter_cs;
>> >  	u32 padding32[8]; /* room for future expansion */
>> > @@ -546,6 +547,7 @@ static unsigned short vmcs_field_to_offset_table[] = {
>> >
>> 
>> vmcs12 is an ABI, so you can't insert fields at random.  Grab one from
>> padding32.
> 
> Do you mean the ABI defined in the Intel Software Developer's manual 3B? Or is
> vmcs12 only an ABI internal to the kvm module?

The latter.  We want to be able to live migrate a guest with nested
guests, and if the format of vmcs12 changes, the migration will break.

> 
> I understand that my patch is wrong because I need to decrease the size of
> padding32. I tested the patch by running Ubuntu 12.04 as the L1 guest and
> Tinycore Linux as the L2 guest.
> 
> Let me know what you think.
> 



-- 
error compiling committee.c: too many arguments to function

Re: [RFC][PATCH] Add support for the GUEST_SMBASE VMCS field for Intel VT-x.

[Matthias Lange]

On Tue, Jun 05, 2012 at 04:09:30PM +0300, Avi Kivity wrote:
> On 06/05/2012 02:59 PM, Matthias Lange wrote:
> > Do you mean the ABI defined in the Intel Software Developer's manual 3B? Or is
> > vmcs12 only an ABI internal to the kvm module?
> 
> The latter.  We want to be able to live migrate a guest with nested
> guests, and if the format of vmcs12 changes, the migration will break.

I'm trying to understand how the migration is implemented in kvm. Can you
point me to some sort of documentation or pieces of code where I can start
digging through the mechanism?

Thanks,
Matthias.


-- 
Dipl.-Inf. Matthias Lange <mlange@sec.t-labs.tu-berlin.de>
Security in Telecommunications
TU Berlin / Telekom Innovation Laboratories
Ernst-Reuter-Platz 7, 10587 Berlin
Phone: +49 - 30 - 8353 58 553
Mobile: +49 - 160 - 587 28 07
Web: http://www.t-labs.tu-berlin.de/sect

Re: [RFC][PATCH] Add support for the GUEST_SMBASE VMCS field for Intel VT-x.

[Avi Kivity]

On 06/05/2012 09:27 PM, Matthias Lange wrote:
> On Tue, Jun 05, 2012 at 04:09:30PM +0300, Avi Kivity wrote:
>> On 06/05/2012 02:59 PM, Matthias Lange wrote:
>> > Do you mean the ABI defined in the Intel Software Developer's manual 3B? Or is
>> > vmcs12 only an ABI internal to the kvm module?
>> 
>> The latter.  We want to be able to live migrate a guest with nested
>> guests, and if the format of vmcs12 changes, the migration will break.
> 
> I'm trying to understand how the migration is implemented in kvm. Can you
> point me to some sort of documentation or pieces of code where I can start
> digging through the mechanism?

>From kvm's point of view, it's just KVM_GET_REGS (and KVM_GET_SREGS,
etc.) from the source, followed by KVM_SET_REGS (etc.) on the target.
KVM_GET_DIRTY_LOG makes the migration live.


-- 
error compiling committee.c: too many arguments to function