From patchwork Thu Mar 23 12:30:08 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Wanpeng Li <kernellwp@gmail.com>
X-Patchwork-Id: 9640957
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D866F602D6 for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 23 Mar 2017 12:30:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CC484284D5
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 23 Mar 2017 12:30:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C07EC284DD; Thu, 23 Mar 2017 12:30:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 77F1B284D5
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 23 Mar 2017 12:30:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755081AbdCWMaV (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Thu, 23 Mar 2017 08:30:21 -0400
Received: from mail-pg0-f68.google.com ([74.125.83.68]:34344 "EHLO
	mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751511AbdCWMaU (ORCPT <rfc822; kvm@vger.kernel.org>);
	Thu, 23 Mar 2017 08:30:20 -0400
Received: by mail-pg0-f68.google.com with SMTP id w20so11066256pgc.1;
	Thu, 23 Mar 2017 05:30:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=21txaZgvn8qo/ehYWENVF1/HeKQW3zIt3TUrdn/V5QQ=;
	b=R39QGbKj5+Of5sFU1OVhSdGFK/y5V2aZHamSWfy2CJ8XJ2j5Iz47Bg2DC34ArycESq
	1CObN/YUi5T0faTUf12QxfcWcPVRtFuxt5KpWnwB08hzcg+5UiaSWZeK5yz7MkwffWIM
	Wo6BBikHGy3eU6XvpXq9ZH1htwBa/Nd8T91ZI4NbgBbHTqpYUOrtyzrhXA5cQLElPnuq
	M47UO9aWdMmgpRUIrKzQIURx10U0OYv6DrppWzWYhfY+yEoBYOwuk07zrq26naY7gmpB
	y6C9t1pAb42bIHXF2AE7FDSG+jnbWaW/La5UsyiaQNQoI483dlW6VjuO0ma+brkCRWtn
	+ObA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=21txaZgvn8qo/ehYWENVF1/HeKQW3zIt3TUrdn/V5QQ=;
	b=iHS15iXAqObtQrEQ81KVL3PoUAchnTYQv4ty2/fXMTvwxO2LEnvTMDlPkbeXIiLQKI
	q7f3enBS0xvrJfFB59Jqe2cQ5nE3bGessT56pK7oPkDtMMSo35dbvtl9tcNhNlzpk/0y
	WNskvSgssJUYEHGzjq+kgB/VlimTUM0NKeuSi4nsW+5bKu45mnuk0j5gT/1p5bl+8G+k
	Jax1JOLk5aiDcmXsA0rbIx0ZOfLmTL1GGtfLQrGeIS6iLd5SUK1c27kjFMqacKRIjnnP
	TYlVDUOriZN/4vhs5HtS7kxlamMA+KoOPK1iAr8Ji7ZVXLSIsSDlepZQSaK/prZDEv16
	6qbw==
X-Gm-Message-State: 
 AFeK/H3Ser20HMASlRd62OSnodXrxWKDvZQE1FqytC2AenTX0yuwvShKT0qWcAWDEgg6ZQ==
X-Received: by 10.84.231.201 with SMTP id g9mr3212128pln.91.1490272219185;
	Thu, 23 Mar 2017 05:30:19 -0700 (PDT)
Received: from localhost ([203.205.141.123])
	by smtp.gmail.com with ESMTPSA id
	l29sm10134792pfb.118.2017.03.23.05.30.17
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 23 Mar 2017 05:30:18 -0700 (PDT)
From: Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpeng.li@hotmail.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Wanpeng Li <wanpeng.li@hotmail.com>,
	David Hildenbrand <david@redhat.com>, Jim Mattson <jmattson@google.com>
Subject: [PATCH v5] KVM: VMX: Fix enable VPID conditions
Date: Thu, 23 Mar 2017 05:30:08 -0700
Message-Id: <1490272208-10123-1-git-send-email-wanpeng.li@hotmail.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Wanpeng Li <wanpeng.li@hotmail.com>

This can be reproduced by running L2 on L1, and disable VPID on L0 
if w/o commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 
crash as below:

KVM: entry failed, hardware error 0x7
EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000

Reference SDM 30.3 INVVPID:
 
Protected Mode Exceptions
#UD 
  - If not in VMX operation.
  - If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0).
  - If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does 
    not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0).

So we should check both VPID enable bit in vmx exec control and INVVPID support bit 
in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable 
VPID if either INVVPID or single-context/all-context invalidation is not exposed in 
vmx capability MSRs.

Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Jim Mattson <jmattson@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/kvm/vmx.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 8795a70..8925c76 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1239,6 +1239,11 @@ static inline bool cpu_has_vmx_invvpid_global(void)
 	return vmx_capability.vpid & VMX_VPID_EXTENT_GLOBAL_CONTEXT_BIT;
 }
 
+static inline bool cpu_has_vmx_invvpid(void)
+{
+	return vmx_capability.vpid & VMX_VPID_INVVPID_BIT;
+}
+
 static inline bool cpu_has_vmx_ept(void)
 {
 	return vmcs_config.cpu_based_2nd_exec_ctrl &
@@ -6518,8 +6523,10 @@ static __init int hardware_setup(void)
 	if (boot_cpu_has(X86_FEATURE_NX))
 		kvm_enable_efer_bits(EFER_NX);
 
-	if (!cpu_has_vmx_vpid())
+	if (!cpu_has_vmx_vpid() || !cpu_has_vmx_invvpid() ||
+		!(cpu_has_vmx_invvpid_single() || cpu_has_vmx_invvpid_global()))
 		enable_vpid = 0;
+
 	if (!cpu_has_vmx_shadow_vmcs())
 		enable_shadow_vmcs = 0;
 	if (enable_shadow_vmcs)