From: Sean Christopherson <seanjc@google.com>
To: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: x86/mmu: Calculate and check "full" mmu_role for nested MMU
Date: Fri, 11 Jun 2021 19:51:06 +0000 [thread overview]
Message-ID: <YMO+qj36W2isnlxC@google.com> (raw)
In-Reply-To: <YMNxkRq5IIv+RWLN@google.com>
On Fri, Jun 11, 2021, Sean Christopherson wrote:
> On Fri, Jun 11, 2021, Vitaly Kuznetsov wrote:
> > What I don't quite like (besides the fact that this 'nested_mmu' exists
> > but I don't see an elegant way to get rid of it) is the fact that we now
> > have the same logic to compute 'level' both in
> > kvm_calc_nested_mmu_role() and init_kvm_nested_mmu(). We could've
> > avoided that by re-aranging code in init_kvm_nested_mmu() I
> > guess. Something like (untested):
>
> Yep, cleaning all that up is on my todo list, but there are some hurdles to
> clear first.
>
> My thought is to either (a) initialize the context from the role, or (b) drop the
> duplicate context information altogether. For (a), the NX bit is calculated
> incorrectly in the role stuff, e.g. if paging is disabled then NX is effectively 0,
> and I need that fix for the vCPU RESET/INIT series. It's benign for the role,
> but not for the context. And (b) will require auditing for all flavors of MMUs;
> I wouldn't be the least bit surprised to discover there's a corner case (or just
> a regular case) that I'm overlooking.
Ugh, nested NPT is completely fubar. Except for the "core" mode, all of the role
and context calculations are done using L2 state instead of L1 host state. The
APM explicitly states that CR0.WP is ignored, and SMEP/SMAP are implicitly ignored
by virtue of the NPT walks always being tagged "user", but KVM botches the NX
behavior and would mess up LA57 if it were supported.
I sort out the mess, though I'm not sure how it will interact with the reset series...
next prev parent reply other threads:[~2021-06-11 19:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-10 22:00 [PATCH] KVM: x86/mmu: Calculate and check "full" mmu_role for nested MMU Sean Christopherson
2021-06-11 8:57 ` Vitaly Kuznetsov
2021-06-11 14:22 ` Sean Christopherson
2021-06-11 19:51 ` Sean Christopherson [this message]
2021-06-11 16:02 ` Paolo Bonzini
2021-06-11 16:19 ` Paolo Bonzini
2021-06-11 16:45 ` Sean Christopherson
2021-06-11 16:49 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YMO+qj36W2isnlxC@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox