From: Jun Nakajima <jun.nakajima@intel.com>
To: kvm@vger.kernel.org
Subject: [PATCH v2 07/13] nEPT: Fix wrong test in kvm_set_cr3
Date: Mon, 6 May 2013 00:04:26 -0700 [thread overview]
Message-ID: <1367823872-25895-7-git-send-email-jun.nakajima@intel.com> (raw)
In-Reply-To: <1367823872-25895-6-git-send-email-jun.nakajima@intel.com>
kvm_set_cr3() attempts to check if the new cr3 is a valid guest physical
address. The problem is that with nested EPT, cr3 is an *L2* physical
address, not an L1 physical address as this test expects.
As the comment above this test explains, it isn't necessary, and doesn't
correspond to anything a real processor would do. So this patch removes it.
Note that this wrong test could have also theoretically caused problems
in nested NPT, not just in nested EPT. However, in practice, the problem
was avoided: nested_svm_vmexit()/vmrun() do not call kvm_set_cr3 in the
nested NPT case, and instead set the vmcb (and arch.cr3) directly, thus
circumventing the problem. Additional potential calls to the buggy function
are avoided in that we don't trap cr3 modifications when nested NPT is
enabled. However, because in nested VMX we did want to use kvm_set_cr3()
(as requested in Avi Kivity's review of the original nested VMX patches),
we can't avoid this problem and need to fix it.
Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>
Signed-off-by: Xinhao Xu <xinhao.xu@intel.com>
---
arch/x86/kvm/x86.c | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index e172132..c34590d 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -659,17 +659,6 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
*/
}
- /*
- * Does the new cr3 value map to physical memory? (Note, we
- * catch an invalid cr3 even in real-mode, because it would
- * cause trouble later on when we turn on paging anyway.)
- *
- * A real CPU would silently accept an invalid cr3 and would
- * attempt to use it - with largely undefined (and often hard
- * to debug) behavior on the guest side.
- */
- if (unlikely(!gfn_to_memslot(vcpu->kvm, cr3 >> PAGE_SHIFT)))
- return 1;
vcpu->arch.cr3 = cr3;
__set_bit(VCPU_EXREG_CR3, (ulong *)&vcpu->arch.regs_avail);
vcpu->arch.mmu.new_cr3(vcpu);
--
1.8.1.2
next prev parent reply other threads:[~2013-05-06 7:04 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-06 7:04 [PATCH v2 01/13] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 02/13] nEPT: Move gpte_access() and prefetch_invalid_gpte() to paging_tmpl.h Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 03/13] nEPT: Add EPT tables support " Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 04/13] nEPT: Define EPT-specific link_shadow_page() Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 05/13] nEPT: MMU context for nested EPT Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 06/13] nEPT: Fix cr3 handling in nested exit and entry Jun Nakajima
2013-05-06 7:04 ` Jun Nakajima [this message]
2013-05-06 7:04 ` [PATCH v2 08/13] nEPT: Some additional comments Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 09/13] nEPT: Advertise EPT to L1 Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 10/13] nEPT: Nested INVEPT Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 11/13] nEPT: Miscelleneous cleanups Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 12/13] nEPT: Move is_rsvd_bits_set() to paging_tmpl.h Jun Nakajima
2013-05-06 7:04 ` [PATCH v2 13/13] nEPT: Inject EPT violation/misconfigration Jun Nakajima
2013-05-06 7:13 ` [PATCH v2 01/13] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1367823872-25895-7-git-send-email-jun.nakajima@intel.com \
--to=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.