| Message ID | 1490069935-6232-1-git-send-email-wanpeng.li@hotmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 21/03/2017 05:18, Wanpeng Li wrote: > From: Wanpeng Li <wanpeng.li@hotmail.com> > > This can be reproduced by running kvm-unit-tests/vmx.flat on L0 w/ vpid disabled. > > Test suite: VPID > Unhandled exception 6 #UD at ip 00000000004051a6 > error_code=0000 rflags=00010047 cs=00000008 > rax=0000000000000000 rcx=0000000000000001 rdx=0000000000000047 rbx=0000000000402f79 > rbp=0000000000456240 rsi=0000000000000001 rdi=0000000000000000 > r8=000000000000000a r9=00000000000003f8 r10=0000000080010011 r11=0000000000000000 > r12=0000000000000003 r13=0000000000000708 r14=0000000000000000 r15=0000000000000000 > cr0=0000000080010031 cr2=0000000000000000 cr3=0000000007fff000 cr4=0000000000002020 > cr8=0000000000000000 > STACK: @4051a6 40523e 400f7f 402059 40028f > > We should hide and forbid VPID in L1 if it is disabled on L0. However, nested VPID > enable bit is set unconditionally during setup nested vmx exec controls though VPID > is not exposed through nested VMX capablity. This patch fixes it by don't set nested > VPID enable bit if it is disabled on L0. > > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Radim Krčmář <rkrcmar@redhat.com> > Fixes: 5c614b3583e (KVM: nVMX: nested VPID emulation) > Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com> > --- > arch/x86/kvm/vmx.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 98e82ee..8795a70 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -2753,7 +2753,6 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) > SECONDARY_EXEC_RDTSCP | > SECONDARY_EXEC_DESC | > SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | > - SECONDARY_EXEC_ENABLE_VPID | > SECONDARY_EXEC_APIC_REGISTER_VIRT | > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | > SECONDARY_EXEC_WBINVD_EXITING | > @@ -2781,10 +2780,12 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) > * though it is treated as global context. The alternative is > * not failing the single-context invvpid, and it is worse. > */ > - if (enable_vpid) > + if (enable_vpid) { > + vmx->nested.nested_vmx_secondary_ctls_high |= > + SECONDARY_EXEC_ENABLE_VPID; > vmx->nested.nested_vmx_vpid_caps = VMX_VPID_INVVPID_BIT | > VMX_VPID_EXTENT_SUPPORTED_MASK; > - else > + } else > vmx->nested.nested_vmx_vpid_caps = 0; > > if (enable_unrestricted_guest) > Applied patch 1 and 3 to kvm/master (well, locally for now). Paolo
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 98e82ee..8795a70 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -2753,7 +2753,6 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) SECONDARY_EXEC_RDTSCP | SECONDARY_EXEC_DESC | SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | - SECONDARY_EXEC_ENABLE_VPID | SECONDARY_EXEC_APIC_REGISTER_VIRT | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_WBINVD_EXITING | @@ -2781,10 +2780,12 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) * though it is treated as global context. The alternative is * not failing the single-context invvpid, and it is worse. */ - if (enable_vpid) + if (enable_vpid) { + vmx->nested.nested_vmx_secondary_ctls_high |= + SECONDARY_EXEC_ENABLE_VPID; vmx->nested.nested_vmx_vpid_caps = VMX_VPID_INVVPID_BIT | VMX_VPID_EXTENT_SUPPORTED_MASK; - else + } else vmx->nested.nested_vmx_vpid_caps = 0; if (enable_unrestricted_guest)