From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751872AbdHGTLq (ORCPT ); Mon, 7 Aug 2017 15:11:46 -0400 Received: from mail-bl2nam02on0044.outbound.protection.outlook.com ([104.47.38.44]:60112 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751426AbdHGTLo (ORCPT ); Mon, 7 Aug 2017 15:11:44 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Thomas Lendacky Subject: [PATCH] KVM: SVM: Limit PFERR_NESTED_GUEST_PAGE error_code check to L1 guest Date: Mon, 7 Aug 2017 14:11:30 -0500 Message-Id: <20170807191130.33299-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR1001CA0030.namprd10.prod.outlook.com (2603:10b6:405:28::43) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b3db1abd-8a2d-4d13-9680-08d4ddc822e3 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;3:f93kCu1pShwautFCMR8UJS96pxdYtWIrS+au0dQ+M6P+rn6kKmBZs17/b8fQCCFcH5SDlLahNMvaEP7G/wTcuveRBrJaxIxUywA9Py4ODzuYmz9fW9bive4+4pPpW01Ng+zyevTFWeGrK2rP82xzgXx943ucGJ8B5zg+UPrMIQ8Qz4jW7fPfqT/DCHzGqJDXDbwg3Rw6pXDvv+aTMSkIA284jmx437Y1Ocy6qF3KeXXs8VHx0+4N48Paw5lWz5sg;25:gtnYsCmCodhLTQTugFo1WAUgdrZhcQ/zRUyLI/H7WUh7v+l0CFHCuYytcSlMh5maYrTJIpA4y+/PjA6sPTA2b82n4N8/Adh1xnMtf//soXwJ6qiO6ufX2BKSleDm+wGsPta5ePxZpIDjwmhgvvaxERMhUq8lGtyjmH094xIa3c50vVYO8ucYxqVZJ01g5NCa4C3WqH+fmEz5aHmOR1/EWmZIFEGwzHNBf86EkTIixgz7OMKSdgt/tPeEqFV/ND6xLNOCCQgGg/TB42ohPyaTFy7ZhWSjBIGISFbNORV8q3x9mT162UAcmMh8HmQE0kHAh6TBwd/TZ+jIvk9p8NAU7Q==;31:5n3U9M2BhI5/cNnG8Tcl45dV8nYtiT9e6Qh4fG9YbaUPYTsQ6uHUNAkPF9n8jBp/k23gmzP5oL1BrIhddNP0S6vPNezgTRFRZdZt9hU/dC4nFxcLiIHFO8E9d62vzVVKTS04rz6cTYmBprRQ0VOscX7RRRuRIjqctfvnXW/5R/ptpiJcj56AeDG3ZIijN9smTtQ5g9AMRv1rtr+AUgsqYM26hgqzUsYJvelTQi6yxmg= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:9cJNB703hMCGK7gAajjcHtmRlccXrHTqQBdA+wQmMGdlNhvdoKsI85uBR1UOTg/YQr/zzPjoUB5MQ2kKBZW0UuSOECPTEcUSA6vFEOY1VcG+O5zt05BXdFniWxTbJSDXD85JKdjqz0B0DmutAwxkk/O3bmylwWkGWyBu5Sllx5WruJudhW2SH8M1jj0p1PvKMSt/fJlX+HnLXmKqePiExpPSpOtnajpFFGZnLlUWmWGkDyCZy8R9ghFkkhU7igxTUVJwmC3PrVWGrCmBmNCydAXiWxmxItmThG7KuuWVAmWsu90IrPya2kG0ZtB3J4uFdrWv2BkHHBuUOTr1NNZ6gcxp5EbvhGjvm3Tc/tmDkVGuYw+qbo3etXjemrp7yuzHj9EHnl7vpKbGP5SmiREj21WBuuAOF/Wbia7/KLN/RhqoB/zc9L7GQDFYVIsuM+0WI9VCC+0S04ZspK0tUyT6oi7AyzXUOeoZoYaCa4GlatT77sQ+p/L9nLB9CIpr5bYt;4:G5t4dRPBuLbO9CxFbJ9/Q3zGxP+fCX5QI9PrWHd0nK0XNmqcmbGQCso6S7FoG9dcsWAGYu6gNXgZg+iNmJgb9JDaWmloSmUJcoIjFK8mJ+XJW6WW4hzdumKoUY1BdFP4mNB+Sy+/Doj0KwrilhRi8zwMYxpozLJaEI5/3I9Nm0Jb1uRVOmACGWz2TqWpe8je3yX2porgqFjOH49v/j20dFcTos0HF5bfwpV6EevbGrQe4Ue0/7wzKkD2R3cCHGxBmLd3kF4/Y46iEhu0PtN4IX2bsOzBf5vUXhZ1xen0jL4= X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123555025)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM2PR12MB0155;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0392679D18 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(7370300001)(6009001)(39840400002)(39400400002)(39850400002)(39410400002)(39860400002)(39450400003)(209900001)(189002)(199003)(36756003)(53376002)(38730400002)(23676002)(2906002)(68736007)(189998001)(110136004)(53416004)(5660300001)(66066001)(106356001)(105586002)(6486002)(97736004)(101416001)(7736002)(47776003)(4326008)(86362001)(6116002)(50986999)(33646002)(2870700001)(8676002)(305945005)(50226002)(3846002)(966005)(6666003)(478600001)(81156014)(81166006)(7350300001)(25786009)(6306002)(54906002)(53936002)(42186005)(50466002)(1076002)(6606295002);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR12MB0155;H:ubuntu-010236106000.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOkdnRS96cnJiaHI2TU5BOWVndTMwSWFKOWcz?= =?utf-8?B?b2xEa1RGditsOTc0Y2dMZDBxTVZqVFJXaWx6M3lpNmdKMDhka2ZJc3JSTmhZ?= =?utf-8?B?ZXlNTVVWK1Jib2M1ZFp5OHdjakhxTThTS3luaFNmMk4yQklteFZOcHQ0dXJB?= =?utf-8?B?bnRRcEI0anJFUU85SHlZUmpIaU8zdG1NSGx3aXZ6SFdMbkZVWkxKYU5UK0NB?= =?utf-8?B?WnpDMSt6UnZWVk40dklHUmhvM2ppQ2VDczU1VmxlSEZ5amgxdmFWSlhFM3hE?= =?utf-8?B?Umd3K2xLSUsrZ0VDNUFLUTd6WVh2QTBqd20zSkxNK3hEdnpud3VrSUluQXhS?= =?utf-8?B?aU9PaXBnN2xLMEUvZlhiOWc0OVc2eVlTOCtYQ2xnZXFmR2p2ZGxvcUdXMWZN?= =?utf-8?B?VXYyV3hUNUl5QlNqMTNvcTlJUTQxdFdET3lNWTNpTzNwZW1qWmJWaXBtWE9K?= =?utf-8?B?M2h0TnNjTTB2OGRtZmVKdG5yd2NqR0JFYzJoMXl0VlVYWmo4a2VwaWhuSU5h?= =?utf-8?B?Qm4wTjQzcTZSaWp4ZmVUVmpSMDNMcXYxYnk3Nm1FVWJEQVE4M0EwdUpmUFVF?= =?utf-8?B?bXoraDR1YU42SHNrUng3QTB3YXpUbVNJYmJuRDAwaWJsRUd5dzNLa0szMDRj?= =?utf-8?B?NTArbWFQZU9xM1NpSnhrOUxOUlNjdzFURHA4YmI3aUhXcUM2VkMybENmUDBz?= =?utf-8?B?a0kvd2lLRnRiMG5mL3dkOXdUQVJGM2dwVzk0bW1RNkZtdE11eEFsV0FPTjZI?= =?utf-8?B?cVdlOHpzOTluWlVVOEtKdEJtVVhQVG8rNlkvRGRwNlNFaGpCbjB2eTR4MXBy?= =?utf-8?B?VVJKWjVxcVNJamI0SlBISFVGTTloNnkrdkV1K3pZeWNYQUlIMG5oQktiZFEr?= =?utf-8?B?K2F6NWtuT2d4SjBzOVMvZTF5OWxmZDNzSVV6Zmx0MkhSTWxmeTJmSmN5ZGNT?= =?utf-8?B?NGFLaWdUY3E1SHROSFJyMlpQVjF1Zzh3MTE3NHI0YkhZVGJrei9xVytlZzdj?= =?utf-8?B?bFUvVjBHdDZ5VzcxUzVtUVRuakJ4cVFsb1NwM0wvUGRpdDZVSkU5c1VZcVdJ?= =?utf-8?B?V2tobTYrcHYwVVRtVUVZVHo0bjBaMDVBQ2EyV2hPZVNMbTU3WWZmOXFHclR4?= =?utf-8?B?M3BRNWdnNWNRT0lXTitOV2dMYlpIRnZtUU5LTmliR3FsYjVvbWgrOFJUb0Qw?= =?utf-8?B?UnFnTkJGOWdQdGdUK2M2bVJEY2ZJOWIrRUJsZnlmVWk1VXFJRll6K21pNFlr?= =?utf-8?B?SExJSi9GbnBlTXJtdGV1Q3JFdUQ1Y3lwSE12Qkhlcm1VVkNaOFd4dnRDYnov?= =?utf-8?B?N3gvd0szZ0FQM3FWT2UrYjJ4cmVjQ3IwTnR4MUdob1pJMXVKdFY5QXF0Mjk3?= =?utf-8?B?UnJMTExSKy9CdGo4RmxSazA4VkMvckd0TUtuVzNXT3lINCt6L1NYYzFncHhz?= =?utf-8?B?UVpCRUl5VExuNTIwaytLRzhndHBQZElVOXdubVI4OCtRY3VsVEdCRWN2dUdS?= =?utf-8?B?VXFmdmxCSEUwaE83QnZpTUFOU0dqMEh3QzN2MDBzZzFBakdjeE01UmNtZFhD?= =?utf-8?B?V1RmdHR3K2dPcWVOeXk2Yzg4aFpwc29BT2dFUElEek11VUNROG9aNVhNaVRE?= =?utf-8?B?dnRLS3k3TDNvWHBQSXNMV3RJZTFFTmoxWitEYVZVUVlOMjFETWhjZzk4ODVw?= =?utf-8?B?VXRuY2xHYUZtV1NDcjdJeUFOSjZzay9hckhuc3ZPSWFtQnVxeVh5SFRWODIz?= =?utf-8?B?eElOc2xWN1pPN3FHQjhPVXRxT3B6NEY0M3F4bnRKZGFlUjhxSWpORXJjMGxJ?= =?utf-8?Q?Rz8fvRf6SsseD?= X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;6:U2IBi0OqgrJTGWVStLLzexZ/GekqTXBLgXlnii3iogJLNFggxrPNAWVPrUi0csg0tcBbPAL9Pe2wfGYcVhyfICSgymFqsmXnP1bV7L05dDLRrsr9EtFavM8IcAjMcfiip2Iiwrgg3Y+iiVomIevhM3jYGf0XKQpOCFzdh0ni61bSj4c/Vuag8QrsSaAyQtotlJGAm6kj8pbFfj3qMfjtqXPBhPCVaId0+Miv4D605TgXk1BpJB6lv6ujVoVMDaK+4pRmdjrIIixC5jyrUipG5b0uLd2Xv/gM9TZi1+0ufFH6Dcnh2g2fmtByQLKNMu8YB63oQOxGSTyFKQfiYH6IEw==;5:Z792uvFWgjlMA6G6yfxom8m1uSrSH1qXmgpp9lPMOic7P44OLonPem9WGHGlVMiqCX9PqcYVqOt79HJ75ABTsIDK9OUFNC2HO8eNJqWRuJ2uDaQXcFzrn43ZuODyjS6iVVWvnkpeuIzhTzBCv8Lgog==;24:gpJda9mkKpsQ/m5c8H3Vy+fd6dWVZ4a7f+jHKdFf33KEFI7EmQf33hpKrR6e+qu4oM0eqWkF19Bmm/4K7qX8nlJ9PccFoCtO6Rmeal9/E7o=;7:THEkAsgdK8s2MX28raqkEO8s8D8Q/LvmH5/VyMy9N7iO09EtPG+d5e3dx+a7XbpO83Aw616X0TcIDERPuJCoB0QbDMSfTFzzWiFxQ2/DYlE9E/BhBChhErcTaAQPWG57HS+aIjD7aHl6EBHAyWhmC1yRIiDFfl3kQW8iqQdMv4wyNhoxRRbt6gHKcv5JoN4FnSrkXo2EVEJUYMttnImjcYPlrqH6udLSl8BtUNNvwps= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:KGAf8Asf0FQQfnBf5pILChKWn6pHLsxQB7lsNoIWa9J3RxiTjVgPJf1CkvZSXrAr/zgXMnGIBVn5Ebznp9ClbLm8F151MYR2c0lNY0XAU/g0tHswsQZzKjMH7sYeBFN/ghqOWWSQAPgO2qhwtO3vXYGf3sab2zfFzphVl8iQXqz8hjXYq16IQBHvP8tc5+dwwU8Z6v8VU+a02gemiCnUEbvOdJRNtgRbne7FMHrHS9+wEYwDyvU23Vxt5UgNMQck X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Aug 2017 19:11:40.8214 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit: 1472775 (kvm: svm: Add support for additional SVM NPF error codes) added new error code to aid nested page fault handling. The commit unprotect (kvm_mmu_unprotect_page) the page when we get a NFP due to guest page table walk where the page was marked RO. Paolo highlighted a use case, where an L0->L2 shadow nested page table is marked read-only, in particular when a page is read only in L1's nested page table. If such a page is accessed by L2 while walking page tables it can cause a nested page fault (page table walks are write accessed). However, after kvm_mmu_unprotect_page we may get another page fault, and again in an endless stream. To cover this use case, we qualify the new error_code check with vcpu->arch.mmu_direct_map so that the error_code check would run on L1 guest, and not the L2 guest. This would restrict it avoid hitting the above use case. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Thomas Lendacky Signed-off-by: Brijesh Singh --- See http://marc.info/?l=kvm&m=150153155519373&w=2 for detail discussion on the use case and code flow. arch/x86/kvm/mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 9b1dd11..4aaa4aa 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -4839,7 +4839,8 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code, * Note: AMD only (since it supports the PFERR_GUEST_PAGE_MASK used * in PFERR_NEXT_GUEST_PAGE) */ - if (error_code == PFERR_NESTED_GUEST_PAGE) { + if (vcpu->arch.mmu.direct_map && + (error_code == PFERR_NESTED_GUEST_PAGE)) { kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(cr2)); return 1; } -- 2.9.4