* [PATCH] KVM: X86: Raise #GP when clearing CR0_PG in 64 bit mode @ 2021-12-07 9:52 Lai Jiangshan 2021-12-09 17:55 ` Paolo Bonzini 0 siblings, 1 reply; 6+ messages in thread From: Lai Jiangshan @ 2021-12-07 9:52 UTC (permalink / raw) To: linux-kernel, kvm, Paolo Bonzini Cc: Lai Jiangshan, Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson, Joerg Roedel, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, H. Peter Anvin From: Lai Jiangshan <laijs@linux.alibaba.com> In the SDM: If the logical processor is in 64-bit mode or if CR4.PCIDE = 1, an attempt to clear CR0.PG causes a general-protection exception (#GP). Software should transition to compatibility mode and clear CR4.PCIDE before attempting to disable paging. Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com> --- arch/x86/kvm/x86.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 00f5b2b82909..78c40ac3b197 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -906,7 +906,8 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) !load_pdptrs(vcpu, kvm_read_cr3(vcpu))) return 1; - if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE)) + if (!(cr0 & X86_CR0_PG) && + (is_64_bit_mode(vcpu) || kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE))) return 1; static_call(kvm_x86_set_cr0)(vcpu, cr0); -- 2.19.1.6.gb485710b ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: X86: Raise #GP when clearing CR0_PG in 64 bit mode 2021-12-07 9:52 [PATCH] KVM: X86: Raise #GP when clearing CR0_PG in 64 bit mode Lai Jiangshan @ 2021-12-09 17:55 ` Paolo Bonzini 2025-06-07 0:58 ` H. Peter Anvin 0 siblings, 1 reply; 6+ messages in thread From: Paolo Bonzini @ 2021-12-09 17:55 UTC (permalink / raw) To: Lai Jiangshan, linux-kernel, kvm Cc: Lai Jiangshan, Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson, Joerg Roedel, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86, H. Peter Anvin On 12/7/21 10:52, Lai Jiangshan wrote: > From: Lai Jiangshan <laijs@linux.alibaba.com> > > In the SDM: > If the logical processor is in 64-bit mode or if CR4.PCIDE = 1, an > attempt to clear CR0.PG causes a general-protection exception (#GP). > Software should transition to compatibility mode and clear CR4.PCIDE > before attempting to disable paging. > > Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com> > --- > arch/x86/kvm/x86.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 00f5b2b82909..78c40ac3b197 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -906,7 +906,8 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) > !load_pdptrs(vcpu, kvm_read_cr3(vcpu))) > return 1; > > - if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE)) > + if (!(cr0 & X86_CR0_PG) && > + (is_64_bit_mode(vcpu) || kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE))) > return 1; > > static_call(kvm_x86_set_cr0)(vcpu, cr0); > Queued, thanks. Paolo ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: X86: Raise #GP when clearing CR0_PG in 64 bit mode 2021-12-09 17:55 ` Paolo Bonzini @ 2025-06-07 0:58 ` H. Peter Anvin 2025-06-09 14:23 ` Sean Christopherson 0 siblings, 1 reply; 6+ messages in thread From: H. Peter Anvin @ 2025-06-07 0:58 UTC (permalink / raw) To: Paolo Bonzini, Lai Jiangshan, linux-kernel, kvm Cc: Lai Jiangshan, Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson, Joerg Roedel, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86 On 2021-12-09 09:55, Paolo Bonzini wrote: > On 12/7/21 10:52, Lai Jiangshan wrote: >> From: Lai Jiangshan <laijs@linux.alibaba.com> >> >> In the SDM: >> If the logical processor is in 64-bit mode or if CR4.PCIDE = 1, an >> attempt to clear CR0.PG causes a general-protection exception (#GP). >> Software should transition to compatibility mode and clear CR4.PCIDE >> before attempting to disable paging. >> >> Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com> >> --- >> arch/x86/kvm/x86.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index 00f5b2b82909..78c40ac3b197 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -906,7 +906,8 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned >> long cr0) >> !load_pdptrs(vcpu, kvm_read_cr3(vcpu))) >> return 1; >> - if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE)) >> + if (!(cr0 & X86_CR0_PG) && >> + (is_64_bit_mode(vcpu) || kvm_read_cr4_bits(vcpu, >> X86_CR4_PCIDE))) >> return 1; >> static_call(kvm_x86_set_cr0)(vcpu, cr0); >> > > Queued, thanks. > Have you actually checked to see what real CPUs do in this case? -hpa ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: X86: Raise #GP when clearing CR0_PG in 64 bit mode 2025-06-07 0:58 ` H. Peter Anvin @ 2025-06-09 14:23 ` Sean Christopherson 2025-06-09 18:16 ` Jim Mattson 0 siblings, 1 reply; 6+ messages in thread From: Sean Christopherson @ 2025-06-09 14:23 UTC (permalink / raw) To: H. Peter Anvin Cc: Paolo Bonzini, Lai Jiangshan, linux-kernel, kvm, Lai Jiangshan, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson, Joerg Roedel, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86 On Fri, Jun 06, 2025, H. Peter Anvin wrote: > On 2021-12-09 09:55, Paolo Bonzini wrote: > > On 12/7/21 10:52, Lai Jiangshan wrote: > > > From: Lai Jiangshan <laijs@linux.alibaba.com> > > > > > > In the SDM: > > > If the logical processor is in 64-bit mode or if CR4.PCIDE = 1, an > > > attempt to clear CR0.PG causes a general-protection exception (#GP). > > > Software should transition to compatibility mode and clear CR4.PCIDE > > > before attempting to disable paging. > > > > > > Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com> > > > --- > > > arch/x86/kvm/x86.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > > index 00f5b2b82909..78c40ac3b197 100644 > > > --- a/arch/x86/kvm/x86.c > > > +++ b/arch/x86/kvm/x86.c > > > @@ -906,7 +906,8 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned > > > long cr0) > > > !load_pdptrs(vcpu, kvm_read_cr3(vcpu))) > > > return 1; > > > - if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE)) > > > + if (!(cr0 & X86_CR0_PG) && > > > + (is_64_bit_mode(vcpu) || kvm_read_cr4_bits(vcpu, > > > X86_CR4_PCIDE))) > > > return 1; > > > static_call(kvm_x86_set_cr0)(vcpu, cr0); > > > > > > > Queued, thanks. > > > > Have you actually checked to see what real CPUs do in this case? I have now, and EMR at least behaves as the SDM describes. Why do you ask? kvm_intel: Clearing CR0.PG faulted (vector = 13) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f79604bc0127..f90ad464ab7e 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8637,6 +8637,23 @@ void vmx_exit(void) kvm_x86_vendor_exit(); } +static noinline void vmx_disable_paging(void) +{ + unsigned long cr0 = native_read_cr0(); + long vector = -1; + + asm volatile("1: mov %1, %%cr0\n\t" + " mov %2, %%cr0\n\t" + "2:" + _ASM_EXTABLE_FAULT(1b, 2b) + : "+a" (vector) + : "r" (cr0 & ~X86_CR0_PG), "r" (cr0) + : "cc", "memory" ); + + pr_warn("Clearing CR0.PG %s (vector = %ld)\n", + vector < 0 ? "succeeded" : "faulted", vector); +} + int __init vmx_init(void) { int r, cpu; @@ -8644,6 +8661,8 @@ int __init vmx_init(void) if (!kvm_is_vmx_supported()) return -EOPNOTSUPP; + vmx_disable_paging(); + /* * Note, hv_init_evmcs() touches only VMX knobs, i.e. there's nothing * to unwind if a later step fails. ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: X86: Raise #GP when clearing CR0_PG in 64 bit mode 2025-06-09 14:23 ` Sean Christopherson @ 2025-06-09 18:16 ` Jim Mattson 2025-06-09 18:20 ` Jim Mattson 0 siblings, 1 reply; 6+ messages in thread From: Jim Mattson @ 2025-06-09 18:16 UTC (permalink / raw) To: Sean Christopherson Cc: H. Peter Anvin, Paolo Bonzini, Lai Jiangshan, linux-kernel, kvm, Lai Jiangshan, Vitaly Kuznetsov, Wanpeng Li, Joerg Roedel, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86 On Mon, Jun 9, 2025 at 7:23 AM Sean Christopherson <seanjc@google.com> wrote: > > On Fri, Jun 06, 2025, H. Peter Anvin wrote: > > On 2021-12-09 09:55, Paolo Bonzini wrote: > > > On 12/7/21 10:52, Lai Jiangshan wrote: > > > > From: Lai Jiangshan <laijs@linux.alibaba.com> > > > > > > > > In the SDM: > > > > If the logical processor is in 64-bit mode or if CR4.PCIDE = 1, an > > > > attempt to clear CR0.PG causes a general-protection exception (#GP). > > > > Software should transition to compatibility mode and clear CR4.PCIDE > > > > before attempting to disable paging. > > > > > > > > Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com> > > > > --- > > > > arch/x86/kvm/x86.c | 3 ++- > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > > > index 00f5b2b82909..78c40ac3b197 100644 > > > > --- a/arch/x86/kvm/x86.c > > > > +++ b/arch/x86/kvm/x86.c > > > > @@ -906,7 +906,8 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned > > > > long cr0) > > > > !load_pdptrs(vcpu, kvm_read_cr3(vcpu))) > > > > return 1; > > > > - if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE)) > > > > + if (!(cr0 & X86_CR0_PG) && > > > > + (is_64_bit_mode(vcpu) || kvm_read_cr4_bits(vcpu, > > > > X86_CR4_PCIDE))) > > > > return 1; > > > > static_call(kvm_x86_set_cr0)(vcpu, cr0); > > > > Isn't this redundant with the "if (cs_l)" check above? > > > Queued, thanks. > > > > > > > Have you actually checked to see what real CPUs do in this case? > > I have now, and EMR at least behaves as the SDM describes. Why do you ask? > > > kvm_intel: Clearing CR0.PG faulted (vector = 13) > > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index f79604bc0127..f90ad464ab7e 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -8637,6 +8637,23 @@ void vmx_exit(void) > kvm_x86_vendor_exit(); > } > > +static noinline void vmx_disable_paging(void) > +{ > + unsigned long cr0 = native_read_cr0(); > + long vector = -1; > + > + asm volatile("1: mov %1, %%cr0\n\t" > + " mov %2, %%cr0\n\t" > + "2:" > + _ASM_EXTABLE_FAULT(1b, 2b) > + : "+a" (vector) > + : "r" (cr0 & ~X86_CR0_PG), "r" (cr0) > + : "cc", "memory" ); > + > + pr_warn("Clearing CR0.PG %s (vector = %ld)\n", > + vector < 0 ? "succeeded" : "faulted", vector); > +} > + > int __init vmx_init(void) > { > int r, cpu; > @@ -8644,6 +8661,8 @@ int __init vmx_init(void) > if (!kvm_is_vmx_supported()) > return -EOPNOTSUPP; > > + vmx_disable_paging(); > + > /* > * Note, hv_init_evmcs() touches only VMX knobs, i.e. there's nothing > * to unwind if a later step fails. > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] KVM: X86: Raise #GP when clearing CR0_PG in 64 bit mode 2025-06-09 18:16 ` Jim Mattson @ 2025-06-09 18:20 ` Jim Mattson 0 siblings, 0 replies; 6+ messages in thread From: Jim Mattson @ 2025-06-09 18:20 UTC (permalink / raw) To: Sean Christopherson Cc: H. Peter Anvin, Paolo Bonzini, Lai Jiangshan, linux-kernel, kvm, Lai Jiangshan, Vitaly Kuznetsov, Wanpeng Li, Joerg Roedel, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86 On Mon, Jun 9, 2025 at 11:16 AM Jim Mattson <jmattson@google.com> wrote: > > On Mon, Jun 9, 2025 at 7:23 AM Sean Christopherson <seanjc@google.com> wrote: > > > > On Fri, Jun 06, 2025, H. Peter Anvin wrote: > > > On 2021-12-09 09:55, Paolo Bonzini wrote: > > > > On 12/7/21 10:52, Lai Jiangshan wrote: > > > > > From: Lai Jiangshan <laijs@linux.alibaba.com> > > > > > > > > > > In the SDM: > > > > > If the logical processor is in 64-bit mode or if CR4.PCIDE = 1, an > > > > > attempt to clear CR0.PG causes a general-protection exception (#GP). > > > > > Software should transition to compatibility mode and clear CR4.PCIDE > > > > > before attempting to disable paging. > > > > > > > > > > Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com> > > > > > --- > > > > > arch/x86/kvm/x86.c | 3 ++- > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > > > > index 00f5b2b82909..78c40ac3b197 100644 > > > > > --- a/arch/x86/kvm/x86.c > > > > > +++ b/arch/x86/kvm/x86.c > > > > > @@ -906,7 +906,8 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned > > > > > long cr0) > > > > > !load_pdptrs(vcpu, kvm_read_cr3(vcpu))) > > > > > return 1; > > > > > - if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE)) > > > > > + if (!(cr0 & X86_CR0_PG) && > > > > > + (is_64_bit_mode(vcpu) || kvm_read_cr4_bits(vcpu, > > > > > X86_CR4_PCIDE))) > > > > > return 1; > > > > > static_call(kvm_x86_set_cr0)(vcpu, cr0); > > > > > > > Isn't this redundant with the "if (cs_l)" check above? Never mind. That's an attempt to set CR0.PG, not to clear it. > > > > Queued, thanks. > > > > > > > > > > Have you actually checked to see what real CPUs do in this case? > > > > I have now, and EMR at least behaves as the SDM describes. Why do you ask? > > > > > > kvm_intel: Clearing CR0.PG faulted (vector = 13) > > > > > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > > index f79604bc0127..f90ad464ab7e 100644 > > --- a/arch/x86/kvm/vmx/vmx.c > > +++ b/arch/x86/kvm/vmx/vmx.c > > @@ -8637,6 +8637,23 @@ void vmx_exit(void) > > kvm_x86_vendor_exit(); > > } > > > > +static noinline void vmx_disable_paging(void) > > +{ > > + unsigned long cr0 = native_read_cr0(); > > + long vector = -1; > > + > > + asm volatile("1: mov %1, %%cr0\n\t" > > + " mov %2, %%cr0\n\t" > > + "2:" > > + _ASM_EXTABLE_FAULT(1b, 2b) > > + : "+a" (vector) > > + : "r" (cr0 & ~X86_CR0_PG), "r" (cr0) > > + : "cc", "memory" ); > > + > > + pr_warn("Clearing CR0.PG %s (vector = %ld)\n", > > + vector < 0 ? "succeeded" : "faulted", vector); > > +} > > + > > int __init vmx_init(void) > > { > > int r, cpu; > > @@ -8644,6 +8661,8 @@ int __init vmx_init(void) > > if (!kvm_is_vmx_supported()) > > return -EOPNOTSUPP; > > > > + vmx_disable_paging(); > > + > > /* > > * Note, hv_init_evmcs() touches only VMX knobs, i.e. there's nothing > > * to unwind if a later step fails. > > ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-06-09 18:20 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-12-07 9:52 [PATCH] KVM: X86: Raise #GP when clearing CR0_PG in 64 bit mode Lai Jiangshan 2021-12-09 17:55 ` Paolo Bonzini 2025-06-07 0:58 ` H. Peter Anvin 2025-06-09 14:23 ` Sean Christopherson 2025-06-09 18:16 ` Jim Mattson 2025-06-09 18:20 ` Jim Mattson
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).