From: Paolo Bonzini <pbonzini@redhat.com>
To: Bandan Das <bsd@redhat.com>, kvm@vger.kernel.org
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
Gleb Natapov <gleb@kernel.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] KVM: x86: Check for host supported fields in shadow vmcs
Date: Mon, 28 Apr 2014 11:14:01 +0200 [thread overview]
Message-ID: <535E1BD9.8000800@redhat.com> (raw)
In-Reply-To: <jpgk3aiv6a9.fsf@nelium.bos.redhat.com>
Il 21/04/2014 21:20, Bandan Das ha scritto:
>
> We track shadow vmcs fields through two static lists,
> one for read only and another for r/w fields. However, with
> addition of new vmcs fields, not all fields may be supported on
> all hosts. If so, copy_vmcs12_to_shadow() trying to vmwrite on
> unsupported hosts will result in a vmwrite error. For example, commit
> 36be0b9deb23161 introduced GUEST_BNDCFGS, which is not supported
> by all processors. Filter out host unsupported fields before
> letting guests use shadow vmcs
>
> Signed-off-by: Bandan Das <bsd@redhat.com>
> ---
> v2:
> - Just compress the original lists instead of creating new ones
> - Change commit message slightly to reflect this change
>
> arch/x86/kvm/vmx.c | 54 ++++++++++++++++++++++++++++++++++++++++++------------
> 1 file changed, 42 insertions(+), 12 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 7bed3e3..26a632f 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -503,7 +503,7 @@ static inline struct vcpu_vmx *to_vmx(struct kvm_vcpu *vcpu)
> [number##_HIGH] = VMCS12_OFFSET(name)+4
>
>
> -static const unsigned long shadow_read_only_fields[] = {
> +static unsigned long shadow_read_only_fields[] = {
> /*
> * We do NOT shadow fields that are modified when L0
> * traps and emulates any vmx instruction (e.g. VMPTRLD,
> @@ -526,10 +526,10 @@ static const unsigned long shadow_read_only_fields[] = {
> GUEST_LINEAR_ADDRESS,
> GUEST_PHYSICAL_ADDRESS
> };
> -static const int max_shadow_read_only_fields =
> +static int max_shadow_read_only_fields =
> ARRAY_SIZE(shadow_read_only_fields);
>
> -static const unsigned long shadow_read_write_fields[] = {
> +static unsigned long shadow_read_write_fields[] = {
> GUEST_RIP,
> GUEST_RSP,
> GUEST_CR0,
> @@ -558,7 +558,7 @@ static const unsigned long shadow_read_write_fields[] = {
> HOST_FS_SELECTOR,
> HOST_GS_SELECTOR
> };
> -static const int max_shadow_read_write_fields =
> +static int max_shadow_read_write_fields =
> ARRAY_SIZE(shadow_read_write_fields);
>
> static const unsigned short vmcs_field_to_offset_table[] = {
> @@ -3009,6 +3009,42 @@ static void free_kvm_area(void)
> }
> }
>
> +static void init_vmcs_shadow_fields(void)
> +{
> + int i, j;
> +
> + /* No checks for read only fields yet */
> +
> + for (i = j = 0; i < max_shadow_read_write_fields; i++) {
> +
> + switch (shadow_read_write_fields[i]) {
> + case GUEST_BNDCFGS:
> + if (!vmx_mpx_supported())
> + continue;
> + break;
> + default:
> + break;
> + }
> +
> + if (j < i)
> + shadow_read_write_fields[j] =
> + shadow_read_write_fields[i];
> + j++;
> + }
> + max_shadow_read_write_fields = j;
> +
> + /* shadowed fields guest access without vmexit */
> + for (i = 0; i < max_shadow_read_write_fields; i++) {
> + clear_bit(shadow_read_write_fields[i],
> + vmx_vmwrite_bitmap);
> + clear_bit(shadow_read_write_fields[i],
> + vmx_vmread_bitmap);
> + }
> + for (i = 0; i < max_shadow_read_only_fields; i++)
> + clear_bit(shadow_read_only_fields[i],
> + vmx_vmread_bitmap);
> +}
> +
> static __init int alloc_kvm_area(void)
> {
> int cpu;
> @@ -3039,6 +3075,8 @@ static __init int hardware_setup(void)
> enable_vpid = 0;
> if (!cpu_has_vmx_shadow_vmcs())
> enable_shadow_vmcs = 0;
> + if (enable_shadow_vmcs)
> + init_vmcs_shadow_fields();
>
> if (!cpu_has_vmx_ept() ||
> !cpu_has_vmx_ept_4levels()) {
> @@ -8817,14 +8855,6 @@ static int __init vmx_init(void)
>
> memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
> memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
> - /* shadowed read/write fields */
> - for (i = 0; i < max_shadow_read_write_fields; i++) {
> - clear_bit(shadow_read_write_fields[i], vmx_vmwrite_bitmap);
> - clear_bit(shadow_read_write_fields[i], vmx_vmread_bitmap);
> - }
> - /* shadowed read only fields */
> - for (i = 0; i < max_shadow_read_only_fields; i++)
> - clear_bit(shadow_read_only_fields[i], vmx_vmread_bitmap);
>
> /*
> * Allow direct access to the PC debug port (it is often used for I/O
>
Applying this to kvm/master, thanks.
Paolo
prev parent reply other threads:[~2014-04-28 9:14 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-21 19:20 [PATCH v2] KVM: x86: Check for host supported fields in shadow vmcs Bandan Das
2014-04-22 3:29 ` Paolo Bonzini
2014-04-22 16:25 ` Bandan Das
2014-04-22 19:13 ` Paolo Bonzini
2014-04-22 19:31 ` Bandan Das
2014-04-26 9:42 ` Paolo Bonzini
2014-04-28 9:14 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=535E1BD9.8000800@redhat.com \
--to=pbonzini@redhat.com \
--cc=bsd@redhat.com \
--cc=gleb@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox