Message ID | 1490272208-10123-1-git-send-email-wanpeng.li@hotmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
> - if (!cpu_has_vmx_vpid()) > + if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() || > + !(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global())) I still don't like this way of indentation, but looks like I am the only one complaining :) So I think this patch is just fine now. > enable_vpid = 0; > + > if (!cpu_has_vmx_shadow_vmcs()) > enable_shadow_vmcs = 0; > if (enable_shadow_vmcs) >
On Thu, Mar 23, 2017 at 5:30 AM, Wanpeng Li <kernellwp@gmail.com> wrote: > From: Wanpeng Li <wanpeng.li@hotmail.com> > > This can be reproduced by running L2 on L1, and disable VPID on L0 > if w/o commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 > crash as below: > > KVM: entry failed, hardware error 0x7 > EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3 > ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 > EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 > ES =0000 00000000 0000ffff 00009300 > CS =f000 ffff0000 0000ffff 00009b00 > SS =0000 00000000 0000ffff 00009300 > DS =0000 00000000 0000ffff 00009300 > FS =0000 00000000 0000ffff 00009300 > GS =0000 00000000 0000ffff 00009300 > LDT=0000 00000000 0000ffff 00008200 > TR =0000 00000000 0000ffff 00008b00 > GDT= 00000000 0000ffff > IDT= 00000000 0000ffff > CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000 > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 > DR6=00000000ffff0ff0 DR7=0000000000000400 > EFER=0000000000000000 > > Reference SDM 30.3 INVVPID: > > Protected Mode Exceptions > #UD > - If not in VMX operation. > - If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0). > - If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does > not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0). > > So we should check both VPID enable bit in vmx exec control and INVVPID support bit > in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable > VPID if either INVVPID or single-context/all-context invalidation is not exposed in > vmx capability MSRs. > > Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Jim Mattson <jmattson@google.com> > Cc: David Hildenbrand <david@redhat.com> > Cc: Jim Mattson <jmattson@google.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Radim Krčmář <rkrcmar@redhat.com> > Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com> > --- > arch/x86/kvm/vmx.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 8795a70..8925c76 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void) > return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT; > } > > +static inline bool cpu_has_vmx_invvpid(void) > +{ > + return vmx_capability.vpid & VMX_VPID_INVVPID_BIT; > +} > + > static inline bool cpu_has_vmx_ept(void) > { > return vmcs_config.cpu_based_2nd_exec_ctrl & > @@ -6518,8 +6523,10 @@ static __init int hardware_setup(void) > if (boot_cpu_has(X86_FEATURE_NX)) > kvm_enable_efer_bits(EFER_NX); > > - if (!cpu_has_vmx_vpid()) > + if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() || > + !(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global())) > enable_vpid = 0; > + > if (!cpu_has_vmx_shadow_vmcs()) > enable_shadow_vmcs = 0; > if (enable_shadow_vmcs) > -- > 2.7.4 >
On 23/03/2017 13:30, Wanpeng Li wrote: > From: Wanpeng Li <wanpeng.li@hotmail.com> > > This can be reproduced by running L2 on L1, and disable VPID on L0 > if w/o commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 > crash as below: > > KVM: entry failed, hardware error 0x7 > EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3 > ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 > EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 > ES =0000 00000000 0000ffff 00009300 > CS =f000 ffff0000 0000ffff 00009b00 > SS =0000 00000000 0000ffff 00009300 > DS =0000 00000000 0000ffff 00009300 > FS =0000 00000000 0000ffff 00009300 > GS =0000 00000000 0000ffff 00009300 > LDT=0000 00000000 0000ffff 00008200 > TR =0000 00000000 0000ffff 00008b00 > GDT= 00000000 0000ffff > IDT= 00000000 0000ffff > CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000 > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 > DR6=00000000ffff0ff0 DR7=0000000000000400 > EFER=0000000000000000 > > Reference SDM 30.3 INVVPID: > > Protected Mode Exceptions > #UD > - If not in VMX operation. > - If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0). > - If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does > not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0). > > So we should check both VPID enable bit in vmx exec control and INVVPID support bit > in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable > VPID if either INVVPID or single-context/all-context invalidation is not exposed in > vmx capability MSRs. > > Reviewed-by: David Hildenbrand <david@redhat.com> > Cc: David Hildenbrand <david@redhat.com> > Cc: Jim Mattson <jmattson@google.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Radim Krčmář <rkrcmar@redhat.com> > Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com> > --- > arch/x86/kvm/vmx.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 8795a70..8925c76 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void) > return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT; > } > > +static inline bool cpu_has_vmx_invvpid(void) > +{ > + return vmx_capability.vpid & VMX_VPID_INVVPID_BIT; > +} > + > static inline bool cpu_has_vmx_ept(void) > { > return vmcs_config.cpu_based_2nd_exec_ctrl & > @@ -6518,8 +6523,10 @@ static __init int hardware_setup(void) > if (boot_cpu_has(X86_FEATURE_NX)) > kvm_enable_efer_bits(EFER_NX); > > - if (!cpu_has_vmx_vpid()) > + if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() || > + !(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global())) > enable_vpid = 0; > + > if (!cpu_has_vmx_shadow_vmcs()) > enable_shadow_vmcs = 0; > if (enable_shadow_vmcs) > Queued, thanks. Paolo
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 8795a70..8925c76 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void) return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT; } +static inline bool cpu_has_vmx_invvpid(void) +{ + return vmx_capability.vpid & VMX_VPID_INVVPID_BIT; +} + static inline bool cpu_has_vmx_ept(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & @@ -6518,8 +6523,10 @@ static __init int hardware_setup(void) if (boot_cpu_has(X86_FEATURE_NX)) kvm_enable_efer_bits(EFER_NX); - if (!cpu_has_vmx_vpid()) + if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() || + !(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global())) enable_vpid = 0; + if (!cpu_has_vmx_shadow_vmcs()) enable_shadow_vmcs = 0; if (enable_shadow_vmcs)