From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Jim Mattson <jmattson@google.com>
Cc: Mohammed Gamal <mgamal@redhat.com>,
kvm list <kvm@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Joerg Roedel <joro@8bytes.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 2/5] KVM: VMX: Add guest physical address check in EPT violation and misconfig
Date: Fri, 28 Feb 2020 14:36:22 -0800 [thread overview]
Message-ID: <20200228223622.GK2329@linux.intel.com> (raw)
In-Reply-To: <CALMp9eR7heTGQ6zwYrK5rJ-xs_wKqz49gfcNtaEC7S6J7n2aFQ@mail.gmail.com>
On Thu, Feb 27, 2020 at 09:55:32AM -0800, Jim Mattson wrote:
> On Thu, Feb 27, 2020 at 9:23 AM Mohammed Gamal <mgamal@redhat.com> wrote:
> >
> > Check guest physical address against it's maximum physical memory. If
> Nit: "its," without an apostrophe.
>
> > the guest's physical address exceeds the maximum (i.e. has reserved bits
> > set), inject a guest page fault with PFERR_RSVD_MASK.
Wish I had actually read this series when it first flew by, just spent
several hours debugging this exact thing when running the "access" test.
> > Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
> > ---
> > arch/x86/kvm/vmx/vmx.c | 13 +++++++++++++
> > 1 file changed, 13 insertions(+)
> >
> > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> > index 63aaf44edd1f..477d196aa235 100644
> > --- a/arch/x86/kvm/vmx/vmx.c
> > +++ b/arch/x86/kvm/vmx/vmx.c
> > @@ -5162,6 +5162,12 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu)
> > gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
> > trace_kvm_page_fault(gpa, exit_qualification);
> >
> > + /* Check if guest gpa doesn't exceed physical memory limits */
> > + if (gpa >= (1ull << cpuid_maxphyaddr(vcpu))) {
Add a helper for this, it's easier than copy-pasting the comment and code
everywhere. BIT_ULL() is also handy.
static inline bool kvm_mmu_is_illegal_gpa(gpa_t gpa)
{
return (gpa < BIT_ULL(cpuid_maxphyaddr(vcpu)));
}
> > + kvm_inject_rsvd_bits_pf(vcpu, gpa);
>
> Even if PFERR_RSVD_MASK is set in the page fault error code, shouldn't
> we set still conditionally set:
> PFERR_WRITE_MASK - for an attempted write
> PFERR_USER_MASK - for a usermode access
> PFERR_FETCH_MASK - for an instruction fetch
Yep. Move this down below where error_code is calculated. Then the code
should be something like this. Not fun to handle this with EPT :-(
Note, VMCS.GUEST_LINEAR_ADDRESS isn't guaranteed to be accurate, e.g. if
the guest is putting bad gpas into Intel PT, but I don't think we have any
choice but to blindly cram it in and hope for the best.
if (unlikely(kvm_mmu_is_illegal_gpa(vcpu, gpa))) {
/* Morph the EPT error code into a #PF error code. */
error_code &= ~(PFERR_USER_MASK | PFERR_GUEST_FINAL_MASK |
PFERR_GUEST_PAGE_MASK);
if (vmx_get_cpl(vcpu) == 3)
error_code |= PFERR_USER_MASK;
error_code |= PFERR_PRESENT_MASK;
kvm_inject_rsvd_bits_pf(vcpu, vmcs_readl(GUEST_LINEAR_ADDRESS),
error_code);
return 1;
}
> > + return 1;
> > + }
> > +
> > /* Is it a read fault? */
> > error_code = (exit_qualification & EPT_VIOLATION_ACC_READ)
> > ? PFERR_USER_MASK : 0;
> > @@ -5193,6 +5199,13 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
> > * nGPA here instead of the required GPA.
> > */
> > gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
> > +
> > + /* Check if guest gpa doesn't exceed physical memory limits */
> > + if (gpa >= (1ull << cpuid_maxphyaddr(vcpu))) {
> > + kvm_inject_rsvd_bits_pf(vcpu, gpa);
>
> And here as well?
This shouldn't happen. If KVM creates a bad EPTE for an illegal GPA, we
done goofed up. I.e.
if (WARN_ON_ONCE(kvm_mmu_is_illegal_gpa(vcpu, gpa))) {
vcpu->run->blah = blah;
return 0;
}
>
> > + return 1;
> > + }
> > +
> > if (!is_guest_mode(vcpu) &&
> > !kvm_io_bus_write(vcpu, KVM_FAST_MMIO_BUS, gpa, 0, NULL)) {
> > trace_kvm_fast_mmio(gpa);
> > --
> > 2.21.1
> >
next prev parent reply other threads:[~2020-02-28 22:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-27 17:23 [PATCH 0/5] KVM: Support guest MAXPHYADDR < host MAXPHYADDR Mohammed Gamal
2020-02-27 17:23 ` [PATCH 1/5] KVM: x86: Add function to inject guest page fault with reserved bits set Mohammed Gamal
2020-02-27 19:30 ` Ben Gardon
2020-02-28 22:29 ` Sean Christopherson
2020-02-27 17:23 ` [PATCH 2/5] KVM: VMX: Add guest physical address check in EPT violation and misconfig Mohammed Gamal
2020-02-27 17:55 ` Jim Mattson
2020-02-28 22:36 ` Sean Christopherson [this message]
2020-02-27 17:23 ` [PATCH 3/5] KVM: SVM: Add guest physical address check in NPF interception Mohammed Gamal
2020-02-27 17:23 ` [PATCH 4/5] KVM: x86: mmu: Move translate_gpa() to mmu.c Mohammed Gamal
2020-02-27 17:23 ` [PATCH 5/5] KVM: x86: mmu: Add guest physical address check in translate_gpa() Mohammed Gamal
2020-02-27 18:00 ` Paolo Bonzini
2020-02-28 22:26 ` Sean Christopherson
2020-02-27 17:58 ` [PATCH 0/5] KVM: Support guest MAXPHYADDR < host MAXPHYADDR Jim Mattson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200228223622.GK2329@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mgamal@redhat.com \
--cc=pbonzini@redhat.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).