From: Paolo Bonzini <pbonzini@redhat.com>
To: Jun Nakajima <jun.nakajima@intel.com>
Cc: kvm@vger.kernel.org, Gleb Natapov <gleb@redhat.com>
Subject: Re: [PATCH v3 07/13] nEPT: Fix wrong test in kvm_set_cr3
Date: Mon, 20 May 2013 15:17:58 +0200 [thread overview]
Message-ID: <519A2286.4000003@redhat.com> (raw)
In-Reply-To: <1368939152-11406-7-git-send-email-jun.nakajima@intel.com>
Il 19/05/2013 06:52, Jun Nakajima ha scritto:
> From: Nadav Har'El <nyh@il.ibm.com>
>
> kvm_set_cr3() attempts to check if the new cr3 is a valid guest physical
> address. The problem is that with nested EPT, cr3 is an *L2* physical
> address, not an L1 physical address as this test expects.
>
> As the comment above this test explains, it isn't necessary, and doesn't
> correspond to anything a real processor would do. So this patch removes it.
>
> Note that this wrong test could have also theoretically caused problems
> in nested NPT, not just in nested EPT. However, in practice, the problem
> was avoided: nested_svm_vmexit()/vmrun() do not call kvm_set_cr3 in the
> nested NPT case, and instead set the vmcb (and arch.cr3) directly, thus
> circumventing the problem. Additional potential calls to the buggy function
> are avoided in that we don't trap cr3 modifications when nested NPT is
> enabled. However, because in nested VMX we did want to use kvm_set_cr3()
> (as requested in Avi Kivity's review of the original nested VMX patches),
> we can't avoid this problem and need to fix it
Makes sense, but did you test what happens (without nesting, and both
with/without EPT) if L1 points CR3 at an invalid physical address? Does
a basic level of sanity remain?
Paolo
next prev parent reply other threads:[~2013-05-20 13:18 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-19 4:52 [PATCH v3 01/13] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 02/13] nEPT: Move gpte_access() and prefetch_invalid_gpte() to paging_tmpl.h Jun Nakajima
2013-05-20 12:34 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 03/13] nEPT: Add EPT tables support " Jun Nakajima
2013-05-21 7:52 ` Xiao Guangrong
2013-05-21 8:30 ` Xiao Guangrong
2013-05-21 9:01 ` Gleb Natapov
2013-05-21 11:05 ` Xiao Guangrong
2013-05-21 22:26 ` Nakajima, Jun
2013-05-22 1:10 ` Xiao Guangrong
2013-05-22 6:16 ` Gleb Natapov
2013-06-11 11:32 ` Gleb Natapov
2013-06-17 12:11 ` Xiao Guangrong
2013-06-18 10:57 ` Gleb Natapov
2013-06-18 12:51 ` Xiao Guangrong
2013-06-18 13:01 ` Gleb Natapov
2013-05-19 4:52 ` [PATCH v3 04/13] nEPT: Define EPT-specific link_shadow_page() Jun Nakajima
2013-05-20 12:43 ` Paolo Bonzini
2013-05-21 8:15 ` Xiao Guangrong
2013-05-21 21:44 ` Nakajima, Jun
2013-05-19 4:52 ` [PATCH v3 05/13] nEPT: MMU context for nested EPT Jun Nakajima
2013-05-21 8:50 ` Xiao Guangrong
2013-05-21 22:30 ` Nakajima, Jun
2013-05-19 4:52 ` [PATCH v3 06/13] nEPT: Fix cr3 handling in nested exit and entry Jun Nakajima
2013-05-20 13:19 ` Paolo Bonzini
2013-06-12 12:42 ` Gleb Natapov
2013-05-19 4:52 ` [PATCH v3 07/13] nEPT: Fix wrong test in kvm_set_cr3 Jun Nakajima
2013-05-20 13:17 ` Paolo Bonzini [this message]
2013-05-19 4:52 ` [PATCH v3 08/13] nEPT: Some additional comments Jun Nakajima
2013-05-20 13:21 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 09/13] nEPT: Advertise EPT to L1 Jun Nakajima
2013-05-20 13:05 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 10/13] nEPT: Nested INVEPT Jun Nakajima
2013-05-20 12:46 ` Paolo Bonzini
2013-05-21 9:16 ` Xiao Guangrong
2013-05-19 4:52 ` [PATCH v3 11/13] nEPT: Miscelleneous cleanups Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 12/13] nEPT: Move is_rsvd_bits_set() to paging_tmpl.h Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 13/13] nEPT: Inject EPT violation/misconfigration Jun Nakajima
2013-05-20 13:09 ` Paolo Bonzini
2013-05-21 10:56 ` Xiao Guangrong
2013-05-20 12:33 ` [PATCH v3 01/13] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Paolo Bonzini
2013-07-02 3:01 ` Zhang, Yang Z
2013-07-02 13:59 ` Gleb Natapov
2013-07-02 14:28 ` Jan Kiszka
2013-07-02 15:15 ` Gleb Natapov
2013-07-02 15:34 ` Jan Kiszka
2013-07-02 15:43 ` Gleb Natapov
2013-07-04 8:42 ` Zhang, Yang Z
2013-07-08 12:37 ` Gleb Natapov
2013-07-08 14:28 ` Zhang, Yang Z
2013-07-08 16:08 ` Gleb Natapov
-- strict thread matches above, loose matches on Subject: below --
2013-05-09 0:53 Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 02/13] nEPT: Move gpte_access() and prefetch_invalid_gpte() to paging_tmpl.h Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 03/13] nEPT: Add EPT tables support " Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 04/13] nEPT: Define EPT-specific link_shadow_page() Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 05/13] nEPT: MMU context for nested EPT Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 06/13] nEPT: Fix cr3 handling in nested exit and entry Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 07/13] nEPT: Fix wrong test in kvm_set_cr3 Jun Nakajima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=519A2286.4000003@redhat.com \
--to=pbonzini@redhat.com \
--cc=gleb@redhat.com \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.