| Message ID | 1519249297-73718-3-git-send-email-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Feb 21, 2018 at 1:41 PM, Paolo Bonzini <pbonzini@redhat.com> wrote: > We need to change the default all-1s bitmap if the MSRs are _not_ > intercepted. However, the code was disabling the intercept when it was > _enabled_ in the VMCS01. This is not causing bigger trouble, > because vmx_vcpu_run checks the VMCS02's MSR bitmap and would do the > right thing even if fed garbage... but it's obviously a bug and it can > cause extra MSR reads and writes when running nested guests. > > Fixes: d28b387fb74da95d69d2615732f50cceb38e9a4d > Fixes: 15d45071523d89b3fb7372e2135fbd72f6af9506 > Cc: x86@kernel.org > Cc: Radim Krčmář <rkrcmar@redhat.com> > Cc: KarimAllah Ahmed <karahmed@amazon.de> > Cc: David Woodhouse <dwmw@amazon.co.uk> > Cc: Jim Mattson <jmattson@google.com> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Ingo Molnar <mingo@kernel.org> > Cc: stable@vger.kernel.org > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Wasn't this already fixed by 206587a9fb76 ("X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs")?
On 22/02/2018 01:07, Jim Mattson wrote: > On Wed, Feb 21, 2018 at 1:41 PM, Paolo Bonzini <pbonzini@redhat.com> wrote: >> We need to change the default all-1s bitmap if the MSRs are _not_ >> intercepted. However, the code was disabling the intercept when it was >> _enabled_ in the VMCS01. This is not causing bigger trouble, >> because vmx_vcpu_run checks the VMCS02's MSR bitmap and would do the >> right thing even if fed garbage... but it's obviously a bug and it can >> cause extra MSR reads and writes when running nested guests. >> >> Fixes: d28b387fb74da95d69d2615732f50cceb38e9a4d >> Fixes: 15d45071523d89b3fb7372e2135fbd72f6af9506 >> Cc: x86@kernel.org >> Cc: Radim Krčmář <rkrcmar@redhat.com> >> Cc: KarimAllah Ahmed <karahmed@amazon.de> >> Cc: David Woodhouse <dwmw@amazon.co.uk> >> Cc: Jim Mattson <jmattson@google.com> >> Cc: Thomas Gleixner <tglx@linutronix.de> >> Cc: Ingo Molnar <mingo@kernel.org> >> Cc: stable@vger.kernel.org >> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > > Wasn't this already fixed by 206587a9fb76 ("X86/nVMX: Properly set > spec_ctrl and pred_cmd before merging MSRs")? Ouch, yes, and my patch would have no conflicts at all so it would reintroduce the bug! Will resend v2 without it. Paolo
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 5caeb8dc5bda..af89d377681d 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -10235,7 +10235,7 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, return false; if (!nested_cpu_has_virt_x2apic_mode(vmcs12) && - !pred_cmd && !spec_ctrl) + pred_cmd && spec_ctrl) return false; page = kvm_vcpu_gpa_to_page(vcpu, vmcs12->msr_bitmap); @@ -10278,13 +10278,13 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, MSR_TYPE_W); } - if (spec_ctrl) + if (!spec_ctrl) nested_vmx_disable_intercept_for_msr( msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_SPEC_CTRL, MSR_TYPE_R | MSR_TYPE_W); - if (pred_cmd) + if (!pred_cmd) nested_vmx_disable_intercept_for_msr( msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_PRED_CMD,
We need to change the default all-1s bitmap if the MSRs are _not_ intercepted. However, the code was disabling the intercept when it was _enabled_ in the VMCS01. This is not causing bigger trouble, because vmx_vcpu_run checks the VMCS02's MSR bitmap and would do the right thing even if fed garbage... but it's obviously a bug and it can cause extra MSR reads and writes when running nested guests. Fixes: d28b387fb74da95d69d2615732f50cceb38e9a4d Fixes: 15d45071523d89b3fb7372e2135fbd72f6af9506 Cc: x86@kernel.org Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: KarimAllah Ahmed <karahmed@amazon.de> Cc: David Woodhouse <dwmw@amazon.co.uk> Cc: Jim Mattson <jmattson@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- arch/x86/kvm/vmx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)