From patchwork Fri Mar 17 14:41:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Wanpeng Li X-Patchwork-Id: 9630859 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C930060132 for ; Fri, 17 Mar 2017 14:41:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6FEC28692 for ; Fri, 17 Mar 2017 14:41:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id ABC7928698; Fri, 17 Mar 2017 14:41:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 63D8A28692 for ; Fri, 17 Mar 2017 14:41:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751164AbdCQOln (ORCPT ); Fri, 17 Mar 2017 10:41:43 -0400 Received: from mail-pg0-f66.google.com ([74.125.83.66]:36774 "EHLO mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751082AbdCQOlm (ORCPT ); Fri, 17 Mar 2017 10:41:42 -0400 Received: by mail-pg0-f66.google.com with SMTP id 81so1993296pgh.3; Fri, 17 Mar 2017 07:41:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=oUJzqOT7Ml5kMx+2IWJM7rXKc/2etCPiuQRCgc5Aw30=; b=AicDqVeVrwpKkSx0tJ6zPyeAEZvQDQQg7nBmQW2tIStyakVuiangNnnPJlvKEwj1D6 pS0CEWz+8M9kkdMwmO6cOMdaciNKs9FIujW/LBltAS64jChWhIhpLVmyadBQpVm4y8jf q8+UTZQJG8TAp4CZMrFfpWBPX71UTq/Ms8b3c5zAf8YucuD0L5VEXNEuz9C9NYkr5CCz P0VGYJs++2pizS9vChOvE4vW5+/g8xQTpTKrz94PbpV5XXe6ZvcgoFZmvtWT9mzYGxYP 8qVCQN2DZ7KjAJSH2SdKjMzYaDmDGKGQd+0TLBMf6uVdxjjlY8I8tBJHIt2rjznCqpCl ukQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=oUJzqOT7Ml5kMx+2IWJM7rXKc/2etCPiuQRCgc5Aw30=; b=d+CmBLN9taCu8+bhabZq3hm/QZ/iToDD+xGyCeitFuuy+ZNlZBPRxzXNw9MuwRWYHz CeIxEI0fxMLnomAe+sP8t89OE0nB4Mz2BW57FIOkYQ6hCY0tbWK5xJg+F9l5H8mAmAc2 cfAOOQqpAuU7YX9UhdTlNrXwGDF1G1u0p7pS/WozhBytUnxrmPnt5aGLKwfSVjRpM44H aHN5yHsfs8RSU11AO3YPyrZW1OxP1RH3YDAy8sQpI9m88L3KSRUVkPml2ijKzkn5SS9a Tsx332zXICkOUqDFML/AA7fTqolw9XDN9CjUbNjg6xLBVads42UvBYJ/6Jn+DZcyYkFu otWQ== X-Gm-Message-State: AFeK/H3crCjwz+vrSJc8+cvWX1FswLyeoWNa6Q+4+aEhy0fCzQLyeY2u9CDsNmjSe9Cvjg== X-Received: by 10.99.109.14 with SMTP id i14mr16844420pgc.102.1489761695861; Fri, 17 Mar 2017 07:41:35 -0700 (PDT) Received: from localhost ([223.72.72.194]) by smtp.gmail.com with ESMTPSA id g22sm6187647pgn.11.2017.03.17.07.41.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Mar 2017 07:41:34 -0700 (PDT) From: Wanpeng Li X-Google-Original-From: Wanpeng Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Wanpeng Li , Ladi Prosek Subject: [PATCH] KVM: nVMX: Fix L2 guest hang if shadow page tables on EPT Date: Fri, 17 Mar 2017 07:41:31 -0700 Message-Id: <1489761691-11441-1-git-send-email-wanpeng.li@hotmail.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Wanpeng Li The L2 guest hang if shadow page tables on EPT, the trace on L1 shows that L2 kvm_exit reason EXCEPTION_NMI and page fault repeatedly: qemu-system-x86-2821 [003] d..2 45.848814: kvm_entry: vcpu 0 qemu-system-x86-2821 [003] ...1 45.848827: kvm_exit: reason EXCEPTION_NMI rip 0xe05b info fe05b 80000b0e qemu-system-x86-2821 [003] ...1 45.848827: kvm_page_fault: address fe05b error_code 14 Commit 7ca29de21362 (KVM: nVMX: fix CR3 load if L2 uses PAE paging and EPT) prevents to load L2's PDPTRs according to dereferencing L2's CR3 since it is uninitialized in real mode. Hyper-V L1 will emulate L2 real mode with PAE paging and EPT enabled. However, there is a progress to switch from Legacy mode's such-mode Protected mode to Long mode during system boot, the check in nested_vmx_load_cr3() will prevent to load PDPTRs if it is still in Protected mode w/ PAE paging and nested EPT/shadow page tables on EPT. Actually the original commit should just intended to prevent to dereference L2's CR3 if the L1 hypervisor emulates L2's real mode through vm8086. This patch fixes it by allowing load PDPTRs if PAE paing, EPT enabled and !vm86_active. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Ladi Prosek Signed-off-by: Wanpeng Li --- arch/x86/kvm/vmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index c664365..2b2a05f 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -9933,7 +9933,7 @@ static bool nested_cr3_valid(struct kvm_vcpu *vcpu, unsigned long val) static int nested_vmx_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3, bool nested_ept, u32 *entry_failure_code) { - if (cr3 != kvm_read_cr3(vcpu) || (!nested_ept && pdptrs_changed(vcpu))) { + if (cr3 != kvm_read_cr3(vcpu) || pdptrs_changed(vcpu)) { if (!nested_cr3_valid(vcpu, cr3)) { *entry_failure_code = ENTRY_FAIL_DEFAULT; return 1; @@ -9944,7 +9944,7 @@ static int nested_vmx_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3, bool ne * must not be dereferenced. */ if (!is_long_mode(vcpu) && is_pae(vcpu) && is_paging(vcpu) && - !nested_ept) { + !(nested_ept && to_vmx(vcpu)->rmode.vm86_active)) { if (!load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3)) { *entry_failure_code = ENTRY_FAIL_PDPTE; return 1;