All of lore.kernel.org
 help / color / mirror / Atom feed
From: Wanpeng Li <kernellwp@gmail.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	kvm <kvm@vger.kernel.org>, Radim Krcmar <rkrcmar@redhat.com>
Subject: Re: [PATCH 5/5] KVM: vmx: add support for emulating UMIP
Date: Wed, 15 Nov 2017 08:42:48 +0800	[thread overview]
Message-ID: <CANRm+CyevMZV=ATJy0KeMBMMu3QuNRrKj7A2F2P_4u8prmOHRA@mail.gmail.com> (raw)
In-Reply-To: <1510584031-36240-6-git-send-email-pbonzini@redhat.com>

2017-11-13 22:40 GMT+08:00 Paolo Bonzini <pbonzini@redhat.com>:
> UMIP can be emulated almost perfectly on Intel processor by enabling
> descriptor-table exits.  SMSW does not cause a vmexit and hence it
> cannot be changed into a #GP fault, but all in all it's the most
> "innocuous" of the unprivileged instructions that UMIP blocks.
>
> In fact, Linux is _also_ emulating SMSW instructions on behalf of the
> program that executes them, because some 16-bit programs expect to use
> SMSW to detect vm86 mode, so this is an even smaller issue.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Reviewed-by: Wanpeng Li <wanpeng.li@hotmail.com>

> ---
>  arch/x86/kvm/vmx.c | 29 +++++++++++++++++++++++++++--
>  1 file changed, 27 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 6c474c94e154..a257ddc644d1 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3651,6 +3651,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
>                         SECONDARY_EXEC_ENABLE_EPT |
>                         SECONDARY_EXEC_UNRESTRICTED_GUEST |
>                         SECONDARY_EXEC_PAUSE_LOOP_EXITING |
> +                       SECONDARY_EXEC_DESC |
>                         SECONDARY_EXEC_RDTSCP |
>                         SECONDARY_EXEC_ENABLE_INVPCID |
>                         SECONDARY_EXEC_APIC_REGISTER_VIRT |
> @@ -4347,6 +4348,14 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
>                 (to_vmx(vcpu)->rmode.vm86_active ?
>                  KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON);
>
> +       if ((cr4 & X86_CR4_UMIP) && !boot_cpu_has(X86_FEATURE_UMIP)) {
> +               vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,
> +                             SECONDARY_EXEC_DESC);
> +               hw_cr4 &= ~X86_CR4_UMIP;
> +       } else
> +               vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL,
> +                               SECONDARY_EXEC_DESC);
> +
>         if (cr4 & X86_CR4_VMXE) {
>                 /*
>                  * To use VMXON (and later other VMX instructions), a guest
> @@ -5296,6 +5305,7 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx)
>         struct kvm_vcpu *vcpu = &vmx->vcpu;
>
>         u32 exec_control = vmcs_config.cpu_based_2nd_exec_ctrl;
> +
>         if (!cpu_need_virtualize_apic_accesses(vcpu))
>                 exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
>         if (vmx->vpid == 0)
> @@ -5314,6 +5324,11 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx)
>                 exec_control &= ~(SECONDARY_EXEC_APIC_REGISTER_VIRT |
>                                   SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
>         exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;
> +
> +       /* SECONDARY_EXEC_DESC is enabled/disabled on writes to CR4.UMIP,
> +        * in vmx_set_cr4.  */
> +       exec_control &= ~SECONDARY_EXEC_DESC;
> +
>         /* SECONDARY_EXEC_SHADOW_VMCS is enabled when L1 executes VMPTRLD
>            (handle_vmptrld).
>            We can NOT enable shadow_vmcs here because we don't have yet
> @@ -6064,6 +6079,12 @@ static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val)
>                 return kvm_set_cr4(vcpu, val);
>  }
>
> +static int handle_desc(struct kvm_vcpu *vcpu)
> +{
> +       WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP));
> +       return emulate_instruction(vcpu, 0) == EMULATE_DONE;
> +}
> +
>  static int handle_cr(struct kvm_vcpu *vcpu)
>  {
>         unsigned long exit_qualification, val;
> @@ -8152,6 +8173,8 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
>         [EXIT_REASON_XSETBV]                  = handle_xsetbv,
>         [EXIT_REASON_TASK_SWITCH]             = handle_task_switch,
>         [EXIT_REASON_MCE_DURING_VMENTRY]      = handle_machine_check,
> +       [EXIT_REASON_GDTR_IDTR]               = handle_desc,
> +       [EXIT_REASON_LDTR_TR]                 = handle_desc,
>         [EXIT_REASON_EPT_VIOLATION]           = handle_ept_violation,
>         [EXIT_REASON_EPT_MISCONFIG]           = handle_ept_misconfig,
>         [EXIT_REASON_PAUSE_INSTRUCTION]       = handle_pause,
> @@ -9097,7 +9120,8 @@ static bool vmx_xsaves_supported(void)
>
>  static bool vmx_umip_emulated(void)
>  {
> -       return false;
> +       return vmcs_config.cpu_based_2nd_exec_ctrl &
> +               SECONDARY_EXEC_DESC;
>  }
>
>  static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx)
> @@ -9691,7 +9715,8 @@ static void vmcs_set_secondary_exec_control(u32 new_ctl)
>         u32 mask =
>                 SECONDARY_EXEC_SHADOW_VMCS |
>                 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
> -               SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
> +               SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
> +               SECONDARY_EXEC_DESC;
>
>         u32 cur_ctl = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
>
> --
> 1.8.3.1
>

      reply	other threads:[~2017-11-15  0:43 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-13 14:40 [PATCH for-4.15 0/5] KVM: (almost) emulate UMIP on current processors Paolo Bonzini
2017-11-13 14:40 ` [PATCH 1/5] KVM: vmx: use X86_CR4_UMIP and X86_FEATURE_UMIP Paolo Bonzini
2017-11-14  9:30   ` Wanpeng Li
2017-11-13 14:40 ` [PATCH 2/5] KVM: x86: add support for UMIP Paolo Bonzini
2017-11-15  0:40   ` Wanpeng Li
2018-02-06  2:45   ` Wanpeng Li
2017-11-13 14:40 ` [PATCH 3/5] KVM: x86: emulate sldt and str Paolo Bonzini
2017-11-15  0:41   ` Wanpeng Li
2017-11-13 14:40 ` [PATCH 4/5] KVM: x86: add support for emulating UMIP Paolo Bonzini
2017-11-15  0:42   ` Wanpeng Li
2017-11-13 14:40 ` [PATCH 5/5] KVM: vmx: " Paolo Bonzini
2017-11-15  0:42   ` Wanpeng Li [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CANRm+CyevMZV=ATJy0KeMBMMu3QuNRrKj7A2F2P_4u8prmOHRA@mail.gmail.com' \
    --to=kernellwp@gmail.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.