From patchwork Wed Mar 22 17:09:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ladi Prosek X-Patchwork-Id: 9639575 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 40D20602CB for ; Wed, 22 Mar 2017 17:17:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3E03D26E81 for ; Wed, 22 Mar 2017 17:17:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 32A4327FA8; Wed, 22 Mar 2017 17:17:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CC46026E81 for ; Wed, 22 Mar 2017 17:17:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935301AbdCVRRV (ORCPT ); Wed, 22 Mar 2017 13:17:21 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50550 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934258AbdCVRRU (ORCPT ); Wed, 22 Mar 2017 13:17:20 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1E539C0467CB; Wed, 22 Mar 2017 17:10:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 1E539C0467CB Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lprosek@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 1E539C0467CB Received: from dhcp-1-107.brq.redhat.com (ovpn-204-47.brq.redhat.com [10.40.204.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id A123B18EE7; Wed, 22 Mar 2017 17:10:04 +0000 (UTC) From: Ladi Prosek To: kvm@vger.kernel.org Cc: pbonzini@redhat.com, rkrcmar@redhat.com, wanpeng.li@hotmail.com Subject: [PATCH] KVM: nVMX: fix nested EPT detection Date: Wed, 22 Mar 2017 18:09:57 +0100 Message-Id: <1490202597-5926-1-git-send-email-lprosek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 22 Mar 2017 17:10:06 +0000 (UTC) Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The nested_ept_enabled flag introduced in commit 7ca29de2136 was not computed correctly. We are interested only in L1's EPT state, not the the combined L0+L1 value. In particular, if L0 uses EPT but L1 does not, nested_ept_enabled must be false to make sure that PDPSTRs are loaded based on CR3 as usual, because the special case described in 26.3.2.4 Loading Page-Directory- Pointer-Table Entries does not apply. Reported-by: Wanpeng Li Signed-off-by: Ladi Prosek Reviewed-by: Radim Krčmář --- arch/x86/kvm/vmx.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 98e82ee..a525c72 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -10105,8 +10105,11 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_APIC_REGISTER_VIRT); if (nested_cpu_has(vmcs12, - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS)) + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS)) { exec_control |= vmcs12->secondary_vm_exec_control; + nested_ept_enabled = (vmcs12->secondary_vm_exec_control & + SECONDARY_EXEC_ENABLE_EPT) != 0; + } if (exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) { vmcs_write64(EOI_EXIT_BITMAP0, @@ -10121,8 +10124,6 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, vmcs12->guest_intr_status); } - nested_ept_enabled = (exec_control & SECONDARY_EXEC_ENABLE_EPT) != 0; - /* * Write an illegal value to APIC_ACCESS_ADDR. Later, * nested_get_vmcs12_pages will either fix it up or