From: Yao Yuan <yaoyuan0329os@gmail.com>
To: Jim Mattson <jmattson@google.com>
Cc: Yuan Yao <yuan.yao@linux.intel.com>,
Yuan Yao <yuan.yao@intel.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Jon Cargille <jcargill@google.com>,
Peter Shier <pshier@google.com>, Oliver Upton <oupton@google.com>
Subject: Re: [PATCH 1/1] kvm: nVMX: Checks "VMCS shadowing" with VMCS link pointer for non-root mode VM{READ,WRITE}
Date: Sun, 14 Aug 2022 19:06:01 +0800 [thread overview]
Message-ID: <20220814110601.sionrszu2xh4t72u@sapienza> (raw)
In-Reply-To: <CALMp9eT6jSz02L89RBoKuiz3fAo-EqS-Q2B0qF3HrcE1SZ-izw@mail.gmail.com>
On Fri, Aug 12, 2022 at 05:30:53PM -0700, Jim Mattson wrote:
> On Fri, Aug 12, 2022 at 4:08 PM Yao Yuan <yaoyuan0329os@gmail.com> wrote:
> >
> > On Fri, Aug 12, 2022 at 12:33:05PM -0700, Jim Mattson wrote:
> > > On Thu, Aug 11, 2022 at 7:02 PM Yuan Yao <yuan.yao@linux.intel.com> wrote:
> > > >
> > > > On Fri, Aug 12, 2022 at 09:47:06AM +0800, Yuan Yao wrote:
> > > > > Add checking to VMCS12's "VMCS shadowing", make sure the checking of
> > > > > VMCS12's vmcs_link_pointer for non-root mode VM{READ,WRITE} happens
> > > > > only if VMCS12's "VMCS shadowing" is 1.
> > > > >
> > > > > SDM says that for non-root mode the VMCS's "VMCS shadowing" must be 1
> > > > > (and the corresponding bits in VMREAD/VMWRITE bitmap must be 0) when
> > > > > condition checking of [B] is reached(please refer [A]), which means
> > > > > checking to VMCS link pointer for non-root mode VM{READ,WRITE} should
> > > > > happen only when "VMCS shadowing" = 1.
> > > > >
> > > > > Description from SDM Vol3(April 2022) Chapter 30.3 VMREAD/VMWRITE:
> > > > >
> > > > > IF (not in VMX operation)
> > > > > or (CR0.PE = 0)
> > > > > or (RFLAGS.VM = 1)
> > > > > or (IA32_EFER.LMA = 1 and CS.L = 0)
> > > > > THEN #UD;
> > > > > ELSIF in VMX non-root operation
> > > > > AND (“VMCS shadowing” is 0 OR
> > > > > source operand sets bits in range 63:15 OR
> > > > > VMREAD bit corresponding to bits 14:0 of source
> > > > > operand is 1) <------[A]
> > > > > THEN VMexit;
> > > > > ELSIF CPL > 0
> > > > > THEN #GP(0);
> > > > > ELSIF (in VMX root operation AND current-VMCS pointer is not valid) OR
> > > > > (in VMX non-root operation AND VMCS link pointer is not valid)
> > > > > THEN VMfailInvalid; <------ [B]
> > > > > ...
> > > > >
> > > > > Fixes: dd2d6042b7f4 ("kvm: nVMX: VMWRITE checks VMCS-link pointer before VMCS field")
> > > > > Signed-off-by: Yuan Yao <yuan.yao@intel.com>
> > > > > ---
> > > > > arch/x86/kvm/vmx/nested.c | 2 ++
> > > > > 1 file changed, 2 insertions(+)
> > > > >
> > > > > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > > > > index ddd4367d4826..30685be54c5d 100644
> > > > > --- a/arch/x86/kvm/vmx/nested.c
> > > > > +++ b/arch/x86/kvm/vmx/nested.c
> > > > > @@ -5123,6 +5123,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
> > > > > */
> > > > > if (vmx->nested.current_vmptr == INVALID_GPA ||
> > > > > (is_guest_mode(vcpu) &&
> > > > > + nested_cpu_has_shadow_vmcs(vcpu) &&
> > > >
> > > > Oops, should be "nested_cpu_has_shadow_vmcs(get_vmcs12(vcpu))".
> > > >
> > > > > get_vmcs12(vcpu)->vmcs_link_pointer == INVALID_GPA))
> > > > > return nested_vmx_failInvalid(vcpu);
> > > > >
> > > > > @@ -5233,6 +5234,7 @@ static int handle_vmwrite(struct kvm_vcpu *vcpu)
> > > > > */
> > > > > if (vmx->nested.current_vmptr == INVALID_GPA ||
> > > > > (is_guest_mode(vcpu) &&
> > > > > + nested_cpu_has_shadow_vmcs(vcpu) &&
> > > >
> > > > Ditto.
> > > >
> > > > > get_vmcs12(vcpu)->vmcs_link_pointer == INVALID_GPA))
> > > > > return nested_vmx_failInvalid(vcpu);
> > > > >
> > > > > --
> > >
> > > These checks are redundant, aren't they?
> > >
> > > That is, nested_vmx_exit_handled_vmcs_access() has already checked
> > > nested_cpu_has_shadow_vmcs(vmcs12).
> >
> > Ah, you're right it does there.
> >
> > That means in L0 we handle this for vmcs12 which has shadow VMCS
> > setting and the corresponding bit in the bitmap is 0(so no vmexit to
> > L1 and the read/write should from/to vmcs12's shadow vmcs, we handle
> > this here to emulate this), so we don't need to check the shdaow VMCS
> > setting here again. Is this the right understanding ?
>
> That is correct.
I got it, Thanks a lot for your correction!
next prev parent reply other threads:[~2022-08-14 11:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-12 1:47 [PATCH 1/1] kvm: nVMX: Checks "VMCS shadowing" with VMCS link pointer for non-root mode VM{READ,WRITE} Yuan Yao
2022-08-12 2:02 ` Yuan Yao
2022-08-12 19:27 ` Jim Mattson
2022-08-12 19:33 ` Jim Mattson
2022-08-12 23:07 ` Yao Yuan
2022-08-13 0:30 ` Jim Mattson
2022-08-14 11:06 ` Yao Yuan [this message]
2022-08-12 14:54 ` kernel test robot
2022-08-12 15:35 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220814110601.sionrszu2xh4t72u@sapienza \
--to=yaoyuan0329os@gmail.com \
--cc=jcargill@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oupton@google.com \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=seanjc@google.com \
--cc=yuan.yao@intel.com \
--cc=yuan.yao@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.