From: Jim Mattson <jmattson@google.com>
To: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: "kvm list" <kvm@vger.kernel.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Roman Kagan" <rkagan@virtuozzo.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
"Haiyang Zhang" <haiyangz@microsoft.com>,
"Stephen Hemminger" <sthemmin@microsoft.com>,
"Michael Kelley (EOSG)" <Michael.H.Kelley@microsoft.com>,
LKML <linux-kernel@vger.kernel.org>,
"Liran Alon" <liran.alon@oracle.com>
Subject: Re: [PATCH v6 05/13] KVM: nVMX: implement enlightened VMPTRLD and VMCLEAR
Date: Wed, 12 Dec 2018 15:19:53 -0800 [thread overview]
Message-ID: <CALMp9eTqBJsZ0L36CGeRy20BVTryJgQtmqAUs0Lg_+NJnbyxzw@mail.gmail.com> (raw)
In-Reply-To: <20181016165011.6607-6-vkuznets@redhat.com>
On Tue, Oct 16, 2018 at 9:50 AM Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
>
> Per Hyper-V TLFS 5.0b:
>
> "The L1 hypervisor may choose to use enlightened VMCSs by writing 1 to
> the corresponding field in the VP assist page (see section 7.8.7).
> Another field in the VP assist page controls the currently active
> enlightened VMCS. Each enlightened VMCS is exactly one page (4 KB) in
> size and must be initially zeroed. No VMPTRLD instruction must be
> executed to make an enlightened VMCS active or current.
>
> After the L1 hypervisor performs a VM entry with an enlightened VMCS,
> the VMCS is considered active on the processor. An enlightened VMCS
> can only be active on a single processor at the same time. The L1
> hypervisor can execute a VMCLEAR instruction to transition an
> enlightened VMCS from the active to the non-active state. Any VMREAD
> or VMWRITE instructions while an enlightened VMCS is active is
> unsupported and can result in unexpected behavior."
>
> Keep Enlightened VMCS structure for the current L2 guest permanently mapped
> from struct nested_vmx instead of mapping it every time.
>
> Suggested-by: Ladi Prosek <lprosek@redhat.com>
> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> ---
> arch/x86/kvm/vmx.c | 115 ++++++++++++++++++++++++++++++++++++++++++---
> 1 file changed, 108 insertions(+), 7 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index aebd008ccccb..cfb44acd4291 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -20,6 +20,7 @@
> #include "mmu.h"
> #include "cpuid.h"
> #include "lapic.h"
> +#include "hyperv.h"
>
> #include <linux/kvm_host.h>
> #include <linux/module.h>
> @@ -889,6 +890,8 @@ struct nested_vmx {
> bool guest_mode;
> } smm;
>
> + gpa_t hv_evmcs_vmptr;
> + struct page *hv_evmcs_page;
> struct hv_enlightened_vmcs *hv_evmcs;
> };
>
> @@ -8111,11 +8114,13 @@ static int nested_vmx_failInvalid(struct kvm_vcpu *vcpu)
> static int nested_vmx_failValid(struct kvm_vcpu *vcpu,
> u32 vm_instruction_error)
> {
> + struct vcpu_vmx *vmx = to_vmx(vcpu);
> +
> /*
> * failValid writes the error number to the current VMCS, which
> * can't be done if there isn't a current VMCS.
> */
> - if (to_vmx(vcpu)->nested.current_vmptr == -1ull)
> + if (vmx->nested.current_vmptr == -1ull && !vmx->nested.hv_evmcs)
> return nested_vmx_failInvalid(vcpu);
>
> vmx_set_rflags(vcpu, (vmx_get_rflags(vcpu)
> @@ -8441,6 +8446,20 @@ static void vmx_disable_shadow_vmcs(struct vcpu_vmx *vmx)
> vmcs_write64(VMCS_LINK_POINTER, -1ull);
> }
>
> +static inline void nested_release_evmcs(struct kvm_vcpu *vcpu)
> +{
> + struct vcpu_vmx *vmx = to_vmx(vcpu);
> +
> + if (!vmx->nested.hv_evmcs)
> + return;
> +
> + kunmap(vmx->nested.hv_evmcs_page);
> + kvm_release_page_dirty(vmx->nested.hv_evmcs_page);
> + vmx->nested.hv_evmcs_vmptr = -1ull;
> + vmx->nested.hv_evmcs_page = NULL;
> + vmx->nested.hv_evmcs = NULL;
> +}
> +
> static inline void nested_release_vmcs12(struct kvm_vcpu *vcpu)
> {
> struct vcpu_vmx *vmx = to_vmx(vcpu);
> @@ -8509,6 +8528,8 @@ static void free_nested(struct kvm_vcpu *vcpu)
>
> kvm_mmu_free_roots(vcpu, &vcpu->arch.guest_mmu, KVM_MMU_ROOTS_ALL);
>
> + nested_release_evmcs(vcpu);
> +
> free_loaded_vmcs(&vmx->nested.vmcs02);
> }
>
> @@ -8542,12 +8563,18 @@ static int handle_vmclear(struct kvm_vcpu *vcpu)
> return nested_vmx_failValid(vcpu,
> VMXERR_VMCLEAR_VMXON_POINTER);
>
> - if (vmptr == vmx->nested.current_vmptr)
> - nested_release_vmcs12(vcpu);
> + if (vmx->nested.hv_evmcs_page) {
> + if (vmptr == vmx->nested.hv_evmcs_vmptr)
> + nested_release_evmcs(vcpu);
> + } else {
> + if (vmptr == vmx->nested.current_vmptr)
> + nested_release_vmcs12(vcpu);
>
> - kvm_vcpu_write_guest(vcpu,
> - vmptr + offsetof(struct vmcs12, launch_state),
> - &zero, sizeof(zero));
> + kvm_vcpu_write_guest(vcpu,
> + vmptr + offsetof(struct vmcs12,
> + launch_state),
> + &zero, sizeof(zero));
> + }
>
> return nested_vmx_succeed(vcpu);
> }
> @@ -8637,6 +8664,8 @@ static int copy_enlightened_to_vmcs12(struct vcpu_vmx *vmx)
> struct vmcs12 *vmcs12 = vmx->nested.cached_vmcs12;
> struct hv_enlightened_vmcs *evmcs = vmx->nested.hv_evmcs;
>
> + vmcs12->hdr.revision_id = evmcs->revision_id;
> +
> /* HV_VMX_ENLIGHTENED_CLEAN_FIELD_NONE */
> vmcs12->tpr_threshold = evmcs->tpr_threshold;
> vmcs12->guest_rip = evmcs->guest_rip;
> @@ -9268,6 +9297,10 @@ static int handle_vmptrld(struct kvm_vcpu *vcpu)
> return nested_vmx_failValid(vcpu,
> VMXERR_VMPTRLD_VMXON_POINTER);
>
> + /* Forbid normal VMPTRLD if Enlightened version was used */
> + if (vmx->nested.hv_evmcs)
> + return 1;
> +
> if (vmx->nested.current_vmptr != vmptr) {
> struct vmcs12 *new_vmcs12;
> struct page *page;
> @@ -9301,6 +9334,68 @@ static int handle_vmptrld(struct kvm_vcpu *vcpu)
> return nested_vmx_succeed(vcpu);
> }
>
> +/*
> + * This is an equivalent of the nested hypervisor executing the vmptrld
> + * instruction.
> + */
> +static int nested_vmx_handle_enlightened_vmptrld(struct kvm_vcpu *vcpu)
> +{
> + struct vcpu_vmx *vmx = to_vmx(vcpu);
> + struct hv_vp_assist_page assist_page;
> +
> + if (likely(!vmx->nested.enlightened_vmcs_enabled))
> + return 1;
> +
> + if (unlikely(!kvm_hv_get_assist_page(vcpu, &assist_page)))
> + return 1;
> +
> + if (unlikely(!assist_page.enlighten_vmentry))
> + return 1;
> +
> + if (unlikely(assist_page.current_nested_vmcs !=
> + vmx->nested.hv_evmcs_vmptr)) {
> +
> + if (!vmx->nested.hv_evmcs)
> + vmx->nested.current_vmptr = -1ull;
> +
> + nested_release_evmcs(vcpu);
> +
> + vmx->nested.hv_evmcs_page = kvm_vcpu_gpa_to_page(
> + vcpu, assist_page.current_nested_vmcs);
> +
> + if (unlikely(is_error_page(vmx->nested.hv_evmcs_page)))
> + return 0;
> +
> + vmx->nested.hv_evmcs = kmap(vmx->nested.hv_evmcs_page);
Are you sure that directly mapping guest memory isn't going to lead to
time-of-check vs. time-of-use bugs? This is a very hard programming
model to get right.
next prev parent reply other threads:[~2018-12-12 23:20 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-16 16:49 [PATCH v6 00/13] KVM: nVMX: Enlightened VMCS for Hyper-V on KVM Vitaly Kuznetsov
2018-10-16 16:49 ` [PATCH v6 01/13] KVM: hyperv: define VP assist page helpers Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 02/13] KVM: VMX: refactor evmcs_sanitize_exec_ctrls() Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 03/13] KVM: nVMX: add KVM_CAP_HYPERV_ENLIGHTENED_VMCS capability Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 04/13] KVM: nVMX: add enlightened VMCS state Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 05/13] KVM: nVMX: implement enlightened VMPTRLD and VMCLEAR Vitaly Kuznetsov
2018-12-12 23:19 ` Jim Mattson [this message]
2018-12-13 10:26 ` Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 06/13] KVM: nVMX: optimize prepare_vmcs02{,_full} for Enlightened VMCS case Vitaly Kuznetsov
2018-10-16 21:55 ` Paolo Bonzini
2018-10-17 14:47 ` Vitaly Kuznetsov
2018-10-17 17:02 ` Paolo Bonzini
2018-10-17 17:08 ` Jim Mattson
2018-10-17 17:17 ` Paolo Bonzini
2018-10-18 11:14 ` Vitaly Kuznetsov
2018-10-18 12:42 ` Paolo Bonzini
2018-10-16 16:50 ` [PATCH v6 07/13] x86/kvm/hyperv: don't clear VP assist pages on init Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 08/13] x86/kvm/lapic: preserve gfn_to_hva_cache len on cache reinit Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 09/13] x86/kvm/nVMX: allow bare VMXON state migration Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 10/13] KVM: selftests: state_test: test bare VMXON migration Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 11/13] x86/kvm/nVMX: nested state migration for Enlightened VMCS Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 12/13] tools/headers: update kvm.h Vitaly Kuznetsov
2018-10-16 16:50 ` [PATCH v6 13/13] KVM: selftests: add Enlightened VMCS test Vitaly Kuznetsov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALMp9eTqBJsZ0L36CGeRy20BVTryJgQtmqAUs0Lg_+NJnbyxzw@mail.gmail.com \
--to=jmattson@google.com \
--cc=Michael.H.Kelley@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=liran.alon@oracle.com \
--cc=pbonzini@redhat.com \
--cc=rkagan@virtuozzo.com \
--cc=rkrcmar@redhat.com \
--cc=sthemmin@microsoft.com \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.