[PATCH v2] kvm: nVMX: check vmcs12 for valid activity state

[PATCH v2] kvm: nVMX: check vmcs12 for valid activity state

[Paolo Bonzini]

KVM does not use the activity state VMCS field, and does not support
it in nested VMX either (the corresponding bits in the misc VMX feature
MSR are zero).  Fail entry if the activity state is set to anything but
"active".

Since the value will always be the same for L1 and L2, we do not need
to read and write the corresponding VMCS field on L1/L2 transitions,
either.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
	v1->v2: remove read/write of vmcs12->guest_activity_state,
	use GUEST_ACTIVITY_ACTIVE.

 arch/x86/kvm/vmx.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index c75c25d..c252adf 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -7004,7 +7004,6 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
 		vmcs12->vm_entry_instruction_len);
 	vmcs_write32(GUEST_INTERRUPTIBILITY_INFO,
 		vmcs12->guest_interruptibility_info);
-	vmcs_write32(GUEST_ACTIVITY_STATE, vmcs12->guest_activity_state);
 	vmcs_write32(GUEST_SYSENTER_CS, vmcs12->guest_sysenter_cs);
 	kvm_set_dr(vcpu, 7, vmcs12->guest_dr7);
 	vmcs_writel(GUEST_RFLAGS, vmcs12->guest_rflags);
@@ -7223,6 +7222,11 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
 		return 1;
 	}
 
+	if (vmcs12->guest_activity_state != GUEST_ACTIVITY_ACTIVE) {
+		nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
+		return 1;
+	}
+
 	if ((vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_MSR_BITMAPS) &&
 			!IS_ALIGNED(vmcs12->msr_bitmap, PAGE_SIZE)) {
 		/*TODO: Also verify bits beyond physical address width are 0*/
@@ -7411,7 +7415,6 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
 	vmcs12->guest_gdtr_base = vmcs_readl(GUEST_GDTR_BASE);
 	vmcs12->guest_idtr_base = vmcs_readl(GUEST_IDTR_BASE);
 
-	vmcs12->guest_activity_state = vmcs_read32(GUEST_ACTIVITY_STATE);
 	vmcs12->guest_interruptibility_info =
 		vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
 	vmcs12->guest_pending_dbg_exceptions =
-- 
1.8.1.4

Re: [PATCH v2] kvm: nVMX: check vmcs12 for valid activity state

[Jan Kiszka]

On 2013-04-15 15:00, Paolo Bonzini wrote:
> KVM does not use the activity state VMCS field, and does not support
> it in nested VMX either (the corresponding bits in the misc VMX feature
> MSR are zero).  Fail entry if the activity state is set to anything but
> "active".
> 
> Since the value will always be the same for L1 and L2, we do not need
> to read and write the corresponding VMCS field on L1/L2 transitions,
> either.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> 	v1->v2: remove read/write of vmcs12->guest_activity_state,
> 	use GUEST_ACTIVITY_ACTIVE.
> 
>  arch/x86/kvm/vmx.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index c75c25d..c252adf 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -7004,7 +7004,6 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
>  		vmcs12->vm_entry_instruction_len);
>  	vmcs_write32(GUEST_INTERRUPTIBILITY_INFO,
>  		vmcs12->guest_interruptibility_info);
> -	vmcs_write32(GUEST_ACTIVITY_STATE, vmcs12->guest_activity_state);
>  	vmcs_write32(GUEST_SYSENTER_CS, vmcs12->guest_sysenter_cs);
>  	kvm_set_dr(vcpu, 7, vmcs12->guest_dr7);
>  	vmcs_writel(GUEST_RFLAGS, vmcs12->guest_rflags);
> @@ -7223,6 +7222,11 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
>  		return 1;
>  	}
>  
> +	if (vmcs12->guest_activity_state != GUEST_ACTIVITY_ACTIVE) {
> +		nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
> +		return 1;
> +	}
> +
>  	if ((vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_MSR_BITMAPS) &&
>  			!IS_ALIGNED(vmcs12->msr_bitmap, PAGE_SIZE)) {
>  		/*TODO: Also verify bits beyond physical address width are 0*/
> @@ -7411,7 +7415,6 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
>  	vmcs12->guest_gdtr_base = vmcs_readl(GUEST_GDTR_BASE);
>  	vmcs12->guest_idtr_base = vmcs_readl(GUEST_IDTR_BASE);
>  
> -	vmcs12->guest_activity_state = vmcs_read32(GUEST_ACTIVITY_STATE);
>  	vmcs12->guest_interruptibility_info =
>  		vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
>  	vmcs12->guest_pending_dbg_exceptions =
> 

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>

-- 
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux

Re: [PATCH v2] kvm: nVMX: check vmcs12 for valid activity state

[Gleb Natapov]

On Mon, Apr 15, 2013 at 03:00:27PM +0200, Paolo Bonzini wrote:
> KVM does not use the activity state VMCS field, and does not support
> it in nested VMX either (the corresponding bits in the misc VMX feature
> MSR are zero).  Fail entry if the activity state is set to anything but
> "active".
> 
> Since the value will always be the same for L1 and L2, we do not need
> to read and write the corresponding VMCS field on L1/L2 transitions,
> either.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Perfect, thanks!

Reviewed-by: Gleb Natapov <gleb@redhat.com>

> ---
> 	v1->v2: remove read/write of vmcs12->guest_activity_state,
> 	use GUEST_ACTIVITY_ACTIVE.
> 
>  arch/x86/kvm/vmx.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index c75c25d..c252adf 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -7004,7 +7004,6 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
>  		vmcs12->vm_entry_instruction_len);
>  	vmcs_write32(GUEST_INTERRUPTIBILITY_INFO,
>  		vmcs12->guest_interruptibility_info);
> -	vmcs_write32(GUEST_ACTIVITY_STATE, vmcs12->guest_activity_state);
>  	vmcs_write32(GUEST_SYSENTER_CS, vmcs12->guest_sysenter_cs);
>  	kvm_set_dr(vcpu, 7, vmcs12->guest_dr7);
>  	vmcs_writel(GUEST_RFLAGS, vmcs12->guest_rflags);
> @@ -7223,6 +7222,11 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
>  		return 1;
>  	}
>  
> +	if (vmcs12->guest_activity_state != GUEST_ACTIVITY_ACTIVE) {
> +		nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
> +		return 1;
> +	}
> +
>  	if ((vmcs12->cpu_based_vm_exec_control & CPU_BASED_USE_MSR_BITMAPS) &&
>  			!IS_ALIGNED(vmcs12->msr_bitmap, PAGE_SIZE)) {
>  		/*TODO: Also verify bits beyond physical address width are 0*/
> @@ -7411,7 +7415,6 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
>  	vmcs12->guest_gdtr_base = vmcs_readl(GUEST_GDTR_BASE);
>  	vmcs12->guest_idtr_base = vmcs_readl(GUEST_IDTR_BASE);
>  
> -	vmcs12->guest_activity_state = vmcs_read32(GUEST_ACTIVITY_STATE);
>  	vmcs12->guest_interruptibility_info =
>  		vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
>  	vmcs12->guest_pending_dbg_exceptions =
> -- 
> 1.8.1.4

--
			Gleb.

Re: [PATCH v2] kvm: nVMX: check vmcs12 for valid activity state

[Marcelo Tosatti]

On Mon, Apr 15, 2013 at 03:00:27PM +0200, Paolo Bonzini wrote:
> KVM does not use the activity state VMCS field, and does not support
> it in nested VMX either (the corresponding bits in the misc VMX feature
> MSR are zero).  Fail entry if the activity state is set to anything but
> "active".
> 
> Since the value will always be the same for L1 and L2, we do not need
> to read and write the corresponding VMCS field on L1/L2 transitions,
> either.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Applied, thanks.