From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Kiszka Subject: Re: [PATCH] KVM: nVMX: Replace kvm_set_cr0 with vmx_set_cr0 in load_vmcs12_host_state Date: Sun, 24 Feb 2013 20:15:56 +0100 Message-ID: <512A66EC.60202@web.de> References: <5129361A.7090608@web.de> <20130223214503.GA13800@fermat.math.technion.ac.il> <51293B48.6070108@web.de> <5129D6CE.5030807@web.de> <5129E01C.8020203@web.de> <5129F023.6060203@web.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2UVHSCXUSHUQBESXGMUWO" Cc: Nadav Har'El , Marcelo Tosatti , Gleb Natapov , kvm , "Nakajima, Jun" To: Avi Kivity Return-path: Received: from mout.web.de ([212.227.15.3]:63819 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753599Ab3BXTQD (ORCPT ); Sun, 24 Feb 2013 14:16:03 -0500 In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2UVHSCXUSHUQBESXGMUWO Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2013-02-24 19:56, Avi Kivity wrote: > On Sun, Feb 24, 2013 at 12:49 PM, Jan Kiszka wrote:= >> On 2013-02-24 11:11, Avi Kivity wrote: >>> On Sun, Feb 24, 2013 at 11:40 AM, Jan Kiszka wrot= e: >>>>>>> We have the same problem in KVM_SET_SREGS. >>>>>> >>>>>> I don't see the problem. kvm_arch_vcpu_ioctl_set_sregs open-codes = the >>>>>> state update, not applying any transition checks. >>>>> >>>>> That's the problem. We have this open coding in three different >>>>> places (KVM_SET_SREGS, nvmx, nsvm). >>>>> >>>>> It's not as if vmx_set_cr0() is defined as "kvm_set_cr0() without t= he >>>>> transition checks". >>>> >>>> ...and without mmu updates. The latter is done via or after the clos= ing >>>> cr3 update. Interestingly, nsvm does not perform kvm_set_cr3 on vmex= it >>>> when in npt mode. Seems things aren't that regular. >>> >>> We do want the mmu updates. Of course they can't be attached to >>> kvm_set_cr0_without_the_checks() since there is cross-register >>> dependencies. >>> >>> Option 1 is kvm_set_multiple_cr(). This does the checks and updates,= >>> but only after all registers are updated. >>> Option 2 is kvm_begin_cr_transaction()/kvm_commit_cr_transaction(). >>> Prettier and more flexible, but a more complicated to implement. >>> >> >> The only thing that these three use case truly have in common is the >> closing kvm_mmu_reset_context. Maybe nvmx and nsvm can share a bit mor= e. >> But let's get nVMX right first, then think about sharing. >=20 > They all need consistency checks, otherwise userspace or the guest and > inject inconsistent values and perhaps exploit the host. To my understanding, the hardware does this for us: If we try to enter the guest (L1, L2) with invalid CRx bits set or cleared, we get an error, at least on Intel. But I bet AMD does so as well - and, if not, it would make this test specific again. Jan ------enig2UVHSCXUSHUQBESXGMUWO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEqZuwACgkQitSsb3rl5xRyhgCfY6CWjUCRlKX4bfWkSdQ1vudK J2kAn02OGBEwS/gEgq/Lpn7Bcsm36o7Z =g6Tq -----END PGP SIGNATURE----- ------enig2UVHSCXUSHUQBESXGMUWO--