From: Jan Kiszka <jan.kiszka@siemens.com>
To: Gleb Natapov <gleb@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>, kvm <kvm@vger.kernel.org>,
"Nadav Har'El" <nyh@math.technion.ac.il>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
Avi Kivity <avi.kivity@gmail.com>
Subject: Re: [PATCH] KVM: nVMX: Replace kvm_set_cr0 with vmx_set_cr0 in load_vmcs12_host_state
Date: Tue, 30 Apr 2013 14:42:20 +0200 [thread overview]
Message-ID: <517FBC2C.6040607@siemens.com> (raw)
In-Reply-To: <20130430114604.GA22125@redhat.com>
On 2013-04-30 13:46, Gleb Natapov wrote:
> On Sun, Apr 28, 2013 at 12:20:38PM +0200, Jan Kiszka wrote:
>> On 2013-02-23 22:35, Jan Kiszka wrote:
>>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>>
>>> Likely a typo, but a fatal one as kvm_set_cr0 performs checks on the
>>> state transition that may prevent loading L1's cr0.
>>>
>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
>>> ---
>>> arch/x86/kvm/vmx.c | 2 +-
>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> index 26d47e9..94f3b66 100644
>>> --- a/arch/x86/kvm/vmx.c
>>> +++ b/arch/x86/kvm/vmx.c
>>> @@ -7429,7 +7429,7 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu,
>>> * fpu_active (which may have changed).
>>> * Note that vmx_set_cr0 refers to efer set above.
>>> */
>>> - kvm_set_cr0(vcpu, vmcs12->host_cr0);
>>> + vmx_set_cr0(vcpu, vmcs12->host_cr0);
>>> /*
>>> * If we did fpu_activate()/fpu_deactivate() during L2's run, we need
>>> * to apply the same changes to L1's vmcs. We just set cr0 correctly,
>>>
>>
>> This one still applies, is necessary for nested unrestricted guest mode,
>> and I'm still convinced it's an appropriate way to fix the bug. How to
>> proceed?
>>
> What check that is done by kvm_set_cr0() fails?
Would have to reproduce the bug to confirm, but from the top of my head
and from looking at the code again:
if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
if ((vcpu->arch.efer & EFER_LME)) {
int cs_db, cs_l;
if (!is_pae(vcpu))
return 1;
kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
if (cs_l)
return 1;
I think to remember this last check triggered. When we come from the
guest with paging off, we may run through this check an incorrectly bail
out here when the host state fulfills the conditions (PG, EFER_LME, and
L bit set).
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2013-04-30 12:42 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-23 21:35 [PATCH] KVM: nVMX: Replace kvm_set_cr0 with vmx_set_cr0 in load_vmcs12_host_state Jan Kiszka
2013-02-23 21:45 ` Nadav Har'El
2013-02-23 21:57 ` Jan Kiszka
2013-02-23 22:21 ` Jan Kiszka
2013-02-24 8:34 ` Jan Kiszka
2013-02-24 8:56 ` Avi Kivity
2013-02-24 9:01 ` Jan Kiszka
2013-02-24 9:21 ` Avi Kivity
2013-02-24 9:40 ` Jan Kiszka
2013-02-24 10:11 ` Avi Kivity
2013-02-24 10:49 ` Jan Kiszka
2013-02-24 18:56 ` Avi Kivity
2013-02-24 19:15 ` Jan Kiszka
2013-02-24 19:26 ` Avi Kivity
2013-04-28 10:20 ` Jan Kiszka
2013-04-30 11:46 ` Gleb Natapov
2013-04-30 12:42 ` Jan Kiszka [this message]
2013-05-05 9:02 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=517FBC2C.6040607@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=avi.kivity@gmail.com \
--cc=gleb@redhat.com \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=nyh@math.technion.ac.il \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox