From patchwork Tue Mar 21 04:18:54 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Wanpeng Li <kernellwp@gmail.com>
X-Patchwork-Id: 9635985
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	448FB6020B for <patchwork-kvm@patchwork.kernel.org>;
	Tue, 21 Mar 2017 04:21:35 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 36867271CB
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue, 21 Mar 2017 04:21:35 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2B1442793B; Tue, 21 Mar 2017 04:21:35 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CA801271CB
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue, 21 Mar 2017 04:21:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751792AbdCUEVb (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Tue, 21 Mar 2017 00:21:31 -0400
Received: from mail-pf0-f194.google.com ([209.85.192.194]:35951 "EHLO
	mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751433AbdCUEVa (ORCPT <rfc822; kvm@vger.kernel.org>);
	Tue, 21 Mar 2017 00:21:30 -0400
Received: by mail-pf0-f194.google.com with SMTP id r137so16370850pfr.3;
	Mon, 20 Mar 2017 21:19:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=yw1NeYA+FWEZYGZT8SUV2r1b4+NANiruc7TA9RAptf0=;
	b=rFw1cbTvlST8xSBK1eLBPpK3V6CigAfDW9fhIgHNMPHVzt3jklOFxwLpq2h8TWeyU7
	ErusL9cFZBr3QwAk61iGvwJJRWkYns4Z2rHd+xuwfCg4YSEQszHUKKUTPLbhzA2wMhhG
	SGYfLogs0NodrzL1XnDMsGo2O1mCtOtaPL74/YigGb5Xj1sWxVhr+rkBM3d8z0+Jmq1t
	9/AfkIaM8A5eGhVfo5S46V0/2jBc1txMOmdm0OwwTZA2CkGAprTAjX1Y7Okjt+0i1amW
	TsW1+XmR+DJUK2ix43pruMu5fDR+kKNzpk91gwKdGVNufGUEKDciYWmc5pask0MDBh8T
	TR1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=yw1NeYA+FWEZYGZT8SUV2r1b4+NANiruc7TA9RAptf0=;
	b=fsd4EPfOnyqsLiE/WUlarDB/R/DVpaMfzTC8FBVCN9hBB+0BoVIbkTcz2krgfBKteJ
	taSOM4i1+hfU0Zw4Sez1LrVY1Xuw79h6hmCGjJNhHwEx8lc4zxoX07gCY/nrsnWbhBFw
	2zLqFOyTMRfqkRN2QHdxpRJPUFddgCqvlAZk7e2EkPYVcfl9T5uhkayowHR8V1w8o0EJ
	D1imc8rKrnPvs44vkJWLXLhsMB7GhAitsUuRaZuYrm6A4bn8iQN+TA/uncgcBieg6XVM
	LvaHQUE6wObJqJU2CCfw6VL41jnytpsTO5Pw8dELa8CsScFSv21r07dI6p53Hdyk4JS1
	dbFQ==
X-Gm-Message-State: 
 AFeK/H0+o52NmNQeXMcuywe0dE6uIzbC9rsGBXZ8PKsT7YKCg6rWtmPBq9bSzmBkBafcZg==
X-Received: by 10.98.16.137 with SMTP id 9mr37194968pfq.104.1490069948955;
	Mon, 20 Mar 2017 21:19:08 -0700 (PDT)
Received: from localhost ([203.205.141.123])
	by smtp.gmail.com with ESMTPSA id
	o17sm35960059pfa.98.2017.03.20.21.19.07
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 20 Mar 2017 21:19:07 -0700 (PDT)
From: Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpeng.li@hotmail.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Wanpeng Li <wanpeng.li@hotmail.com>
Subject: [PATCH v2 2/3] KVM: VMX: Fix enable VPID even if INVVPID is not
	exposed in vmx capability
Date: Mon, 20 Mar 2017 21:18:54 -0700
Message-Id: <1490069935-6232-2-git-send-email-wanpeng.li@hotmail.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1490069935-6232-1-git-send-email-wanpeng.li@hotmail.com>
References: <1490069935-6232-1-git-send-email-wanpeng.li@hotmail.com>
MIME-Version: 1.0
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Wanpeng Li <wanpeng.li@hotmail.com>

This can be reproduced by running L2 on L1, and disable VPID on L0 if w/o 
commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 crash as below:

KVM: entry failed, hardware error 0x7
EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000

Reference SDM 30.3 INVVPID:
 
Protected Mode Exceptions
#UD 
  - If not in VMX operation.
  - If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0).
  - If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does 
    not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0).

So we should check both VPID enable bit in vmx exec control and INVVPID support bit 
in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable VPID
if INVVPID is not exposed in vmx capability MSRs.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
---
 arch/x86/kvm/vmx.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 06d8080..b310214 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void)
 	return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT;
 }
 
+static inline bool cpu_has_vmx_invvpid(void)
+{
+	return vmx_capability.vpid & VMX_VPID_INVVPID_BIT;
+}
+
 static inline bool cpu_has_vmx_ept(void)
 {
 	return vmcs_config.cpu_based_2nd_exec_ctrl &
@@ -6519,8 +6524,10 @@ static __init int hardware_setup(void)
 	if (boot_cpu_has(X86_FEATURE_NX))
 		kvm_enable_efer_bits(EFER_NX);
 
-	if (!cpu_has_vmx_vpid())
+	if (!cpu_has_vmx_vpid() ||
+		!(cpu_has_vmx_invvpid()))
 		enable_vpid = 0;
+
 	if (!cpu_has_vmx_shadow_vmcs())
 		enable_shadow_vmcs = 0;
 	if (enable_shadow_vmcs)