* [PATCH v3] KVM: VMX: Fix enable VPID even if INVVPID is not exposed in vmx capability
@ 2017-03-22 1:19 Wanpeng Li
2017-03-22 8:50 ` David Hildenbrand
0 siblings, 1 reply; 4+ messages in thread
From: Wanpeng Li @ 2017-03-22 1:19 UTC (permalink / raw)
To: linux-kernel, kvm; +Cc: Paolo Bonzini, Radim Krčmář, Wanpeng Li
From: Wanpeng Li <wanpeng.li@hotmail.com>
This can be reproduced by running L2 on L1, and disable VPID on L0 if w/o
commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 crash as below:
KVM: entry failed, hardware error 0x7
EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT= 00000000 0000ffff
IDT= 00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
Reference SDM 30.3 INVVPID:
Protected Mode Exceptions
#UD
- If not in VMX operation.
- If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0).
- If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does
not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0).
So we should check both VPID enable bit in vmx exec control and INVVPID support bit
in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable VPID
if INVVPID is not exposed in vmx capability MSRs.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
---
arch/x86/kvm/vmx.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 8795a70..f2b912e 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void)
return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT;
}
+static inline bool cpu_has_vmx_invvpid(void)
+{
+ return vmx_capability.vpid & VMX_VPID_INVVPID_BIT;
+}
+
static inline bool cpu_has_vmx_ept(void)
{
return vmcs_config.cpu_based_2nd_exec_ctrl &
@@ -6518,8 +6523,9 @@ static __init int hardware_setup(void)
if (boot_cpu_has(X86_FEATURE_NX))
kvm_enable_efer_bits(EFER_NX);
- if (!cpu_has_vmx_vpid())
+ if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid())
enable_vpid = 0;
+
if (!cpu_has_vmx_shadow_vmcs())
enable_shadow_vmcs = 0;
if (enable_shadow_vmcs)
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v3] KVM: VMX: Fix enable VPID even if INVVPID is not exposed in vmx capability
2017-03-22 1:19 [PATCH v3] KVM: VMX: Fix enable VPID even if INVVPID is not exposed in vmx capability Wanpeng Li
@ 2017-03-22 8:50 ` David Hildenbrand
2017-03-22 18:20 ` Jim Mattson
0 siblings, 1 reply; 4+ messages in thread
From: David Hildenbrand @ 2017-03-22 8:50 UTC (permalink / raw)
To: Wanpeng Li, linux-kernel, kvm
Cc: Paolo Bonzini, Radim Krčmář, Wanpeng Li
On 22.03.2017 02:19, Wanpeng Li wrote:
> From: Wanpeng Li <wanpeng.li@hotmail.com>
>
> This can be reproduced by running L2 on L1, and disable VPID on L0 if w/o
> commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 crash as below:
>
> KVM: entry failed, hardware error 0x7
> EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3
> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
> EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 00000000 0000ffff 00009300
> CS =f000 ffff0000 0000ffff 00009b00
> SS =0000 00000000 0000ffff 00009300
> DS =0000 00000000 0000ffff 00009300
> FS =0000 00000000 0000ffff 00009300
> GS =0000 00000000 0000ffff 00009300
> LDT=0000 00000000 0000ffff 00008200
> TR =0000 00000000 0000ffff 00008b00
> GDT= 00000000 0000ffff
> IDT= 00000000 0000ffff
> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
> DR6=00000000ffff0ff0 DR7=0000000000000400
> EFER=0000000000000000
>
> Reference SDM 30.3 INVVPID:
>
> Protected Mode Exceptions
> #UD
> - If not in VMX operation.
> - If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0).
> - If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does
> not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0).
>
> So we should check both VPID enable bit in vmx exec control and INVVPID support bit
> in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable VPID
> if INVVPID is not exposed in vmx capability MSRs.
>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Radim Krčmář <rkrcmar@redhat.com>
> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
> ---
> arch/x86/kvm/vmx.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 8795a70..f2b912e 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void)
> return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT;
> }
>
> +static inline bool cpu_has_vmx_invvpid(void)
> +{
> + return vmx_capability.vpid & VMX_VPID_INVVPID_BIT;
> +}
> +
> static inline bool cpu_has_vmx_ept(void)
> {
> return vmcs_config.cpu_based_2nd_exec_ctrl &
> @@ -6518,8 +6523,9 @@ static __init int hardware_setup(void)
> if (boot_cpu_has(X86_FEATURE_NX))
> kvm_enable_efer_bits(EFER_NX);
>
> - if (!cpu_has_vmx_vpid())
> + if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid())
> enable_vpid = 0;
> +
> if (!cpu_has_vmx_shadow_vmcs())
> enable_shadow_vmcs = 0;
> if (enable_shadow_vmcs)
>
Reviewed-by: David Hildenbrand <david@redhat.com>
--
Thanks,
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v3] KVM: VMX: Fix enable VPID even if INVVPID is not exposed in vmx capability
2017-03-22 8:50 ` David Hildenbrand
@ 2017-03-22 18:20 ` Jim Mattson
2017-03-23 2:41 ` Wanpeng Li
0 siblings, 1 reply; 4+ messages in thread
From: Jim Mattson @ 2017-03-22 18:20 UTC (permalink / raw)
To: David Hildenbrand
Cc: Wanpeng Li, LKML, kvm list, Paolo Bonzini,
Radim Krčmář,
Wanpeng Li
Is cpu_has_vmx_invvpid() sufficient? This indicates support for the
INVVPID instruction, but not necessarily any of the desired INVVPID
types. KVM's vpid_sync_context() assumes that at least one of
{VMX_VPID_EXTENT_SINGLE_CONTEXT, VMX_VPID_EXTENT_ALL_CONTEXT} is
supported.
On Wed, Mar 22, 2017 at 1:50 AM, David Hildenbrand <david@redhat.com> wrote:
> On 22.03.2017 02:19, Wanpeng Li wrote:
>> From: Wanpeng Li <wanpeng.li@hotmail.com>
>>
>> This can be reproduced by running L2 on L1, and disable VPID on L0 if w/o
>> commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 crash as below:
>>
>> KVM: entry failed, hardware error 0x7
>> EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3
>> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
>> EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
>> ES =0000 00000000 0000ffff 00009300
>> CS =f000 ffff0000 0000ffff 00009b00
>> SS =0000 00000000 0000ffff 00009300
>> DS =0000 00000000 0000ffff 00009300
>> FS =0000 00000000 0000ffff 00009300
>> GS =0000 00000000 0000ffff 00009300
>> LDT=0000 00000000 0000ffff 00008200
>> TR =0000 00000000 0000ffff 00008b00
>> GDT= 00000000 0000ffff
>> IDT= 00000000 0000ffff
>> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
>> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
>> DR6=00000000ffff0ff0 DR7=0000000000000400
>> EFER=0000000000000000
>>
>> Reference SDM 30.3 INVVPID:
>>
>> Protected Mode Exceptions
>> #UD
>> - If not in VMX operation.
>> - If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0).
>> - If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does
>> not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0).
>>
>> So we should check both VPID enable bit in vmx exec control and INVVPID support bit
>> in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable VPID
>> if INVVPID is not exposed in vmx capability MSRs.
>>
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Radim Krčmář <rkrcmar@redhat.com>
>> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
>> ---
>> arch/x86/kvm/vmx.c | 8 +++++++-
>> 1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 8795a70..f2b912e 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void)
>> return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT;
>> }
>>
>> +static inline bool cpu_has_vmx_invvpid(void)
>> +{
>> + return vmx_capability.vpid & VMX_VPID_INVVPID_BIT;
>> +}
>> +
>> static inline bool cpu_has_vmx_ept(void)
>> {
>> return vmcs_config.cpu_based_2nd_exec_ctrl &
>> @@ -6518,8 +6523,9 @@ static __init int hardware_setup(void)
>> if (boot_cpu_has(X86_FEATURE_NX))
>> kvm_enable_efer_bits(EFER_NX);
>>
>> - if (!cpu_has_vmx_vpid())
>> + if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid())
>> enable_vpid = 0;
>> +
>> if (!cpu_has_vmx_shadow_vmcs())
>> enable_shadow_vmcs = 0;
>> if (enable_shadow_vmcs)
>>
>
> Reviewed-by: David Hildenbrand <david@redhat.com>
>
> --
>
> Thanks,
>
> David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v3] KVM: VMX: Fix enable VPID even if INVVPID is not exposed in vmx capability
2017-03-22 18:20 ` Jim Mattson
@ 2017-03-23 2:41 ` Wanpeng Li
0 siblings, 0 replies; 4+ messages in thread
From: Wanpeng Li @ 2017-03-23 2:41 UTC (permalink / raw)
To: Jim Mattson
Cc: David Hildenbrand, LKML, kvm list, Paolo Bonzini,
Radim Krčmář,
Wanpeng Li
2017-03-23 2:20 GMT+08:00 Jim Mattson <jmattson@google.com>:
> Is cpu_has_vmx_invvpid() sufficient? This indicates support for the
> INVVPID instruction, but not necessarily any of the desired INVVPID
> types. KVM's vpid_sync_context() assumes that at least one of
> {VMX_VPID_EXTENT_SINGLE_CONTEXT, VMX_VPID_EXTENT_ALL_CONTEXT} is
> supported.
Good point, fix it in v4.
Regards,
Wanpeng Li
>
> On Wed, Mar 22, 2017 at 1:50 AM, David Hildenbrand <david@redhat.com> wrote:
>> On 22.03.2017 02:19, Wanpeng Li wrote:
>>> From: Wanpeng Li <wanpeng.li@hotmail.com>
>>>
>>> This can be reproduced by running L2 on L1, and disable VPID on L0 if w/o
>>> commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 crash as below:
>>>
>>> KVM: entry failed, hardware error 0x7
>>> EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3
>>> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
>>> EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
>>> ES =0000 00000000 0000ffff 00009300
>>> CS =f000 ffff0000 0000ffff 00009b00
>>> SS =0000 00000000 0000ffff 00009300
>>> DS =0000 00000000 0000ffff 00009300
>>> FS =0000 00000000 0000ffff 00009300
>>> GS =0000 00000000 0000ffff 00009300
>>> LDT=0000 00000000 0000ffff 00008200
>>> TR =0000 00000000 0000ffff 00008b00
>>> GDT= 00000000 0000ffff
>>> IDT= 00000000 0000ffff
>>> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
>>> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
>>> DR6=00000000ffff0ff0 DR7=0000000000000400
>>> EFER=0000000000000000
>>>
>>> Reference SDM 30.3 INVVPID:
>>>
>>> Protected Mode Exceptions
>>> #UD
>>> - If not in VMX operation.
>>> - If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0).
>>> - If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does
>>> not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0).
>>>
>>> So we should check both VPID enable bit in vmx exec control and INVVPID support bit
>>> in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable VPID
>>> if INVVPID is not exposed in vmx capability MSRs.
>>>
>>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>>> Cc: Radim Krčmář <rkrcmar@redhat.com>
>>> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
>>> ---
>>> arch/x86/kvm/vmx.c | 8 +++++++-
>>> 1 file changed, 7 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> index 8795a70..f2b912e 100644
>>> --- a/arch/x86/kvm/vmx.c
>>> +++ b/arch/x86/kvm/vmx.c
>>> @@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void)
>>> return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT;
>>> }
>>>
>>> +static inline bool cpu_has_vmx_invvpid(void)
>>> +{
>>> + return vmx_capability.vpid & VMX_VPID_INVVPID_BIT;
>>> +}
>>> +
>>> static inline bool cpu_has_vmx_ept(void)
>>> {
>>> return vmcs_config.cpu_based_2nd_exec_ctrl &
>>> @@ -6518,8 +6523,9 @@ static __init int hardware_setup(void)
>>> if (boot_cpu_has(X86_FEATURE_NX))
>>> kvm_enable_efer_bits(EFER_NX);
>>>
>>> - if (!cpu_has_vmx_vpid())
>>> + if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid())
>>> enable_vpid = 0;
>>> +
>>> if (!cpu_has_vmx_shadow_vmcs())
>>> enable_shadow_vmcs = 0;
>>> if (enable_shadow_vmcs)
>>>
>>
>> Reviewed-by: David Hildenbrand <david@redhat.com>
>>
>> --
>>
>> Thanks,
>>
>> David
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-03-23 2:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-22 1:19 [PATCH v3] KVM: VMX: Fix enable VPID even if INVVPID is not exposed in vmx capability Wanpeng Li
2017-03-22 8:50 ` David Hildenbrand
2017-03-22 18:20 ` Jim Mattson
2017-03-23 2:41 ` Wanpeng Li
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).