From: "Huang, Kai" <kai.huang@intel.com>
To: "Christopherson,, Sean" <seanjc@google.com>,
"Gao, Chao" <chao.gao@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"robert.hu@linux.intel.com" <robert.hu@linux.intel.com>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>
Subject: Re: [PATCH v6 2/7] KVM: VMX: Use is_64_bit_mode() to check 64-bit mode
Date: Tue, 28 Mar 2023 23:33:46 +0000 [thread overview]
Message-ID: <12c4f1d3c99253f364f3945a998fdccb0ddf300f.camel@intel.com> (raw)
In-Reply-To: <ZBojJgTG/SNFS+3H@google.com>
On Tue, 2023-03-21 at 14:35 -0700, Sean Christopherson wrote:
> On Mon, Mar 20, 2023, Chao Gao wrote:
> > On Sun, Mar 19, 2023 at 04:49:22PM +0800, Binbin Wu wrote:
> > > get_vmx_mem_address() and sgx_get_encls_gva() use is_long_mode()
> > > to check 64-bit mode. Should use is_64_bit_mode() instead.
> > >
> > > Fixes: f9eb4af67c9d ("KVM: nVMX: VMX instructions: add checks for #GP/#SS exceptions")
> > > Fixes: 70210c044b4e ("KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions")
> >
> > It is better to split this patch into two: one for nested and one for
> > SGX.
> >
> > It is possible that there is a kernel release which has just one of
> > above two flawed commits, then this fix patch cannot be applied cleanly
> > to the release.
>
> The nVMX code isn't buggy, VMX instructions #UD in compatibility mode, and except
> for VMCALL, that #UD has higher priority than VM-Exit interception. So I'd say
> just drop the nVMX side of things.
But it looks the old code doesn't unconditionally inject #UD when in
compatibility mode?
/* Checks for #GP/#SS exceptions. */
exn = false;
if (is_long_mode(vcpu)) {
/*
* The virtual/linear address is never truncated in 64-bit
* mode, e.g. a 32-bit address size can yield a 64-bit virtual
* address when using FS/GS with a non-zero base.
*/
if (seg_reg == VCPU_SREG_FS || seg_reg == VCPU_SREG_GS)
*ret = s.base + off;
else
*ret = off;
/* Long mode: #GP(0)/#SS(0) if the memory address is in a
* non-canonical form. This is the only check on the memory
* destination for long mode!
*/
exn = is_noncanonical_address(*ret, vcpu);
}
...
The logic of only adding seg.base for FS/GS to linear address (and ignoring
seg.base for all other segs) only applies to 64 bit mode, but the code only
checks _long_ mode.
Am I missing something?
>
> I could have sworn ENCLS had the same behavior, but the SDM disagrees. Though why
> on earth ENCLS is allowed in compatibility mode is beyond me. ENCLU I can kinda
> sorta understand, but ENCLS?!?!!
I can reach out to Intel guys to (try to) find the answer if you want me to? :)
next prev parent reply other threads:[~2023-03-28 23:34 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-19 8:49 [PATCH v6 0/7] Linear Address Masking (LAM) KVM Enabling Binbin Wu
2023-03-19 8:49 ` [PATCH v6 1/7] KVM: x86: Explicitly cast ulong to bool in kvm_set_cr3() Binbin Wu
2023-03-20 1:30 ` Binbin Wu
2023-03-19 8:49 ` [PATCH v6 2/7] KVM: VMX: Use is_64_bit_mode() to check 64-bit mode Binbin Wu
2023-03-20 12:36 ` Chao Gao
2023-03-20 12:51 ` Binbin Wu
2023-03-21 21:35 ` Sean Christopherson
2023-03-22 1:09 ` Binbin Wu
2023-03-28 23:33 ` Huang, Kai [this message]
2023-03-29 1:27 ` Binbin Wu
2023-03-29 2:04 ` Huang, Kai
2023-03-29 2:08 ` Binbin Wu
2023-03-29 17:34 ` Sean Christopherson
2023-03-29 22:46 ` Huang, Kai
2023-04-03 3:37 ` Binbin Wu
2023-04-03 11:24 ` Huang, Kai
2023-04-03 15:02 ` Sean Christopherson
2023-04-03 23:13 ` Huang, Kai
2023-04-04 1:21 ` Binbin Wu
2023-04-04 1:53 ` Huang, Kai
2023-04-04 2:45 ` Binbin Wu
2023-04-04 3:09 ` Huang, Kai
2023-04-04 3:15 ` Binbin Wu
2023-04-04 3:27 ` Binbin Wu
2023-04-04 1:31 ` Binbin Wu
2023-04-04 6:14 ` Binbin Wu
2023-03-20 22:36 ` Huang, Kai
2023-03-19 8:49 ` [PATCH v6 3/7] KVM: x86: Virtualize CR4.LAM_SUP Binbin Wu
2023-03-19 8:49 ` [PATCH v6 4/7] KVM: x86: Virtualize CR3.LAM_{U48,U57} Binbin Wu
2023-03-30 8:33 ` Yang, Weijiang
2023-03-30 8:40 ` Binbin Wu
2023-03-19 8:49 ` [PATCH v6 5/7] KVM: x86: Introduce untag_addr() in kvm_x86_ops Binbin Wu
2023-03-20 12:07 ` Chao Gao
2023-03-20 12:23 ` Binbin Wu
2023-03-29 1:54 ` Binbin Wu
2023-03-19 8:49 ` [PATCH v6 6/7] KVM: x86: Untag address when LAM applicable Binbin Wu
2023-03-20 11:51 ` Chao Gao
2023-03-20 11:56 ` Binbin Wu
2023-03-20 12:04 ` Binbin Wu
2023-03-29 5:02 ` Binbin Wu
2023-03-19 8:49 ` [PATCH v6 7/7] KVM: x86: Expose LAM feature to userspace VMM Binbin Wu
2023-03-20 8:57 ` Chao Gao
2023-03-20 12:00 ` Binbin Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=12c4f1d3c99253f364f3945a998fdccb0ddf300f.camel@intel.com \
--to=kai.huang@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=chao.gao@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=robert.hu@linux.intel.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).