From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sean Christopherson <sean.j.christopherson@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [PATCH 4.14 62/78] KVM: nVMX: Plumb L2 GPA through to PML emulation
Date: Mon, 29 Jun 2020 11:37:50 -0400 [thread overview]
Message-ID: <20200629153806.2494953-63-sashal@kernel.org> (raw)
In-Reply-To: <20200629153806.2494953-1-sashal@kernel.org>
From: Sean Christopherson <sean.j.christopherson@intel.com>
commit 2dbebf7ae1ed9a420d954305e2c9d5ed39ec57c3 upstream.
Explicitly pass the L2 GPA to kvm_arch_write_log_dirty(), which for all
intents and purposes is vmx_write_pml_buffer(), instead of having the
latter pull the GPA from vmcs.GUEST_PHYSICAL_ADDRESS. If the dirty bit
update is the result of KVM emulation (rare for L2), then the GPA in the
VMCS may be stale and/or hold a completely unrelated GPA.
Fixes: c5f983f6e8455 ("nVMX: Implement emulated Page Modification Logging")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200622215832.22090-2-sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/mmu.c | 4 ++--
arch/x86/kvm/mmu.h | 2 +-
arch/x86/kvm/paging_tmpl.h | 7 ++++---
arch/x86/kvm/vmx.c | 5 ++---
5 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 9529fe69e1d92..ecb6009a2c8a2 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1060,7 +1060,7 @@ struct kvm_x86_ops {
void (*enable_log_dirty_pt_masked)(struct kvm *kvm,
struct kvm_memory_slot *slot,
gfn_t offset, unsigned long mask);
- int (*write_log_dirty)(struct kvm_vcpu *vcpu);
+ int (*write_log_dirty)(struct kvm_vcpu *vcpu, gpa_t l2_gpa);
/* pmu operations of sub-arch */
const struct kvm_pmu_ops *pmu_ops;
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 082d0cea72f46..9df3d5d7214a6 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -1713,10 +1713,10 @@ void kvm_arch_mmu_enable_log_dirty_pt_masked(struct kvm *kvm,
* Emulate arch specific page modification logging for the
* nested hypervisor
*/
-int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu)
+int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu, gpa_t l2_gpa)
{
if (kvm_x86_ops->write_log_dirty)
- return kvm_x86_ops->write_log_dirty(vcpu);
+ return kvm_x86_ops->write_log_dirty(vcpu, l2_gpa);
return 0;
}
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index 068feab64acf1..816a626b62508 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -194,7 +194,7 @@ void kvm_mmu_gfn_disallow_lpage(struct kvm_memory_slot *slot, gfn_t gfn);
void kvm_mmu_gfn_allow_lpage(struct kvm_memory_slot *slot, gfn_t gfn);
bool kvm_mmu_slot_gfn_write_protect(struct kvm *kvm,
struct kvm_memory_slot *slot, u64 gfn);
-int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu);
+int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu, gpa_t l2_gpa);
int kvm_mmu_post_init_vm(struct kvm *kvm);
void kvm_mmu_pre_destroy_vm(struct kvm *kvm);
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 8cf7a09bdd736..7260a165488d2 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -202,7 +202,7 @@ static inline unsigned FNAME(gpte_access)(struct kvm_vcpu *vcpu, u64 gpte)
static int FNAME(update_accessed_dirty_bits)(struct kvm_vcpu *vcpu,
struct kvm_mmu *mmu,
struct guest_walker *walker,
- int write_fault)
+ gpa_t addr, int write_fault)
{
unsigned level, index;
pt_element_t pte, orig_pte;
@@ -227,7 +227,7 @@ static int FNAME(update_accessed_dirty_bits)(struct kvm_vcpu *vcpu,
!(pte & PT_GUEST_DIRTY_MASK)) {
trace_kvm_mmu_set_dirty_bit(table_gfn, index, sizeof(pte));
#if PTTYPE == PTTYPE_EPT
- if (kvm_arch_write_log_dirty(vcpu))
+ if (kvm_arch_write_log_dirty(vcpu, addr))
return -EINVAL;
#endif
pte |= PT_GUEST_DIRTY_MASK;
@@ -424,7 +424,8 @@ static int FNAME(walk_addr_generic)(struct guest_walker *walker,
(PT_GUEST_DIRTY_SHIFT - PT_GUEST_ACCESSED_SHIFT);
if (unlikely(!accessed_dirty)) {
- ret = FNAME(update_accessed_dirty_bits)(vcpu, mmu, walker, write_fault);
+ ret = FNAME(update_accessed_dirty_bits)(vcpu, mmu, walker,
+ addr, write_fault);
if (unlikely(ret < 0))
goto error;
else if (ret)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 42c6ca05a613e..11e683ec6c853 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -12462,11 +12462,10 @@ static void vmx_flush_log_dirty(struct kvm *kvm)
kvm_flush_pml_buffers(kvm);
}
-static int vmx_write_pml_buffer(struct kvm_vcpu *vcpu)
+static int vmx_write_pml_buffer(struct kvm_vcpu *vcpu, gpa_t gpa)
{
struct vmcs12 *vmcs12;
struct vcpu_vmx *vmx = to_vmx(vcpu);
- gpa_t gpa;
struct page *page = NULL;
u64 *pml_address;
@@ -12487,7 +12486,7 @@ static int vmx_write_pml_buffer(struct kvm_vcpu *vcpu)
return 1;
}
- gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS) & ~0xFFFull;
+ gpa &= ~0xFFFull;
page = kvm_vcpu_gpa_to_page(vcpu, vmcs12->pml_address);
if (is_error_page(page))
--
2.25.1
next prev parent reply other threads:[~2020-06-29 20:22 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-29 15:36 [PATCH 4.14 00/78] 4.14.186-rc1 review Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 01/78] scsi: scsi_devinfo: handle non-terminated strings Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 02/78] net: be more gentle about silly gso requests coming from user Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 03/78] block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 04/78] net: sched: export __netdev_watchdog_up() Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 05/78] fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()" Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 06/78] apparmor: don't try to replace stale label in ptraceme check Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 07/78] ibmveth: Fix max MTU limit Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 08/78] mld: fix memory leak in ipv6_mc_destroy_dev() Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 09/78] net: bridge: enfore alignment for ethernet address Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 10/78] net: fix memleak in register_netdevice() Sasha Levin
2020-06-29 15:36 ` [PATCH 4.14 11/78] net: usb: ax88179_178a: fix packet alignment padding Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 12/78] rocker: fix incorrect error handling in dma_rings_init Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 13/78] rxrpc: Fix notification call on completion of discarded calls Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 14/78] sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 15/78] tcp: grow window for OOO packets only for SACK flows Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 16/78] tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 17/78] ip_tunnel: fix use-after-free in ip_tunnel_lookup() Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 18/78] tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 19/78] ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 20/78] net: Fix the arp error in some cases Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 21/78] net: Do not clear the sock TX queue in sk_set_socket() Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 22/78] net: core: reduce recursion limit value Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 23/78] USB: ohci-sm501: Add missed iounmap() in remove Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 24/78] usb: dwc2: Postponed gadget registration to the udc class driver Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 25/78] usb: add USB_QUIRK_DELAY_INIT for Logitech C922 Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 26/78] USB: ehci: reopen solution for Synopsys HC bug Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 27/78] usb: host: xhci-mtk: avoid runtime suspend when removing hcd Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 28/78] usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 29/78] ALSA: usb-audio: add quirk for Denon DCD-1500RE Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 30/78] xhci: Fix incorrect EP_STATE_MASK Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 31/78] xhci: Fix enumeration issue when setting max packet size for FS devices Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 32/78] cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 33/78] loop: replace kill_bdev with invalidate_bdev Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 34/78] ALSA: usb-audio: uac1: Invalidate ctl on interrupt Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 35/78] ALSA: usb-audio: Clean up mixer element list traverse Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 36/78] ALSA: usb-audio: Fix OOB access of mixer element list Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 37/78] xhci: Poll for U0 after disabling USB2 LPM Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 38/78] cifs/smb3: Fix data inconsistent when punch hole Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 39/78] cifs/smb3: Fix data inconsistent when zero file range Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 40/78] efi/esrt: Fix reference count leak in esre_create_sysfs_entry Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 41/78] ARM: dts: NSP: Correct FA2 mailbox node Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 42/78] rxrpc: Fix handling of rwind from an ACK packet Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 43/78] RDMA/cma: Protect bind_list and listen_list while finding matching cm id Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 44/78] ASoC: rockchip: Fix a reference count leak Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 45/78] RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 46/78] net: qed: fix left elements count calculation Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 47/78] net: qed: fix NVMe login fails over VFs Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 48/78] net: qed: fix excessive QM ILT lines consumption Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 49/78] ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 50/78] usb: gadget: udc: Potential Oops in error handling code Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 51/78] netfilter: ipset: fix unaligned atomic access Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 52/78] net: bcmgenet: use hardware padding of runt frames Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 53/78] sched/core: Fix PI boosting between RT and DEADLINE tasks Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 54/78] ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 55/78] net: alx: fix race condition in alx_remove Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 56/78] s390/ptrace: fix setting syscall number Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 57/78] kbuild: improve cc-option to clean up all temporary files Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 58/78] blktrace: break out of blktrace setup on concurrent calls Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 59/78] ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 60/78] ACPI: sysfs: Fix pm_profile_attr type Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 61/78] KVM: X86: Fix MSR range of APIC registers in X2APIC mode Sasha Levin
2020-06-29 15:37 ` Sasha Levin [this message]
2020-06-29 15:37 ` [PATCH 4.14 63/78] btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 64/78] mm/slab: use memzero_explicit() in kzfree() Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 65/78] ocfs2: load global_inode_alloc Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 66/78] ocfs2: fix value of OCFS2_INVALID_SLOT Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 67/78] ocfs2: fix panic on nfs server over ocfs2 Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 68/78] arm64: perf: Report the PC value in REGS_ABI_32 mode Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 69/78] tracing: Fix event trigger to accept redundant spaces Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 70/78] drm/radeon: fix fb_div check in ni_init_smc_spll_table() Sasha Levin
2020-06-29 15:37 ` [PATCH 4.14 71/78] Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() Sasha Levin
2020-06-29 15:38 ` [PATCH 4.14 72/78] sunrpc: fixed rollback in rpc_gssd_dummy_populate() Sasha Levin
2020-06-29 15:38 ` [PATCH 4.14 73/78] SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() Sasha Levin
2020-06-29 15:38 ` [PATCH 4.14 74/78] pNFS/flexfiles: Fix list corruption if the mirror count changes Sasha Levin
2020-06-29 15:38 ` [PATCH 4.14 75/78] NFSv4 fix CLOSE not waiting for direct IO compeletion Sasha Levin
2020-06-29 15:38 ` [PATCH 4.14 76/78] ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() Sasha Levin
2020-06-29 15:38 ` [PATCH 4.14 77/78] xfs: add agf freeblocks verify in xfs_agf_verify Sasha Levin
2020-06-29 15:38 ` [PATCH 4.14 78/78] Linux 4.14.186-rc1 Sasha Levin
2020-06-30 7:19 ` [PATCH 4.14 00/78] 4.14.186-rc1 review Naresh Kamboju
2020-06-30 9:20 ` Jon Hunter
2020-06-30 13:08 ` Sebastian Gottschall
2020-06-30 17:21 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200629153806.2494953-63-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=sean.j.christopherson@intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).