From patchwork Fri Aug  4 14:42:02 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Hildenbrand <david@redhat.com>
X-Patchwork-Id: 9881409
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	5D99460375 for <patchwork-kvm@patchwork.kernel.org>;
	Fri,  4 Aug 2017 14:42:44 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4DED4289D6
	for <patchwork-kvm@patchwork.kernel.org>;
	Fri,  4 Aug 2017 14:42:44 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 42978289E3; Fri,  4 Aug 2017 14:42:44 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D01E9289EA
	for <patchwork-kvm@patchwork.kernel.org>;
	Fri,  4 Aug 2017 14:42:41 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752070AbdHDOmI (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Fri, 4 Aug 2017 10:42:08 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51282 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751384AbdHDOmG (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 4 Aug 2017 10:42:06 -0400
Received: from smtp.corp.redhat.com
	(int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 70A3CC058EAF;
	Fri,  4 Aug 2017 14:42:06 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 70A3CC058EAF
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
	dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
	spf=fail smtp.mailfrom=david@redhat.com
Received: from [10.36.116.105] (ovpn-116-105.ams2.redhat.com [10.36.116.105])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D817067CFD;
	Fri,  4 Aug 2017 14:42:02 +0000 (UTC)
Subject: Re: [PATCH v7 3/3] KVM: nVMX: Emulate EPTP switching for the L1
	hypervisor
To: Bandan Das <bsd@redhat.com>, kvm@vger.kernel.org
Cc: pbonzini@redhat.com, rkrcmar@redhat.com, jmattson@google.com,
	linux-kernel@vger.kernel.org
References: <20170803195443.24911-1-bsd@redhat.com>
	<20170803195443.24911-4-bsd@redhat.com>
From: David Hildenbrand <david@redhat.com>
Organization: Red Hat GmbH
Message-ID: <b612922d-c27d-a6f5-f2e5-fb935bd4c6fb@redhat.com>
Date: Fri, 4 Aug 2017 16:42:02 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <20170803195443.24911-4-bsd@redhat.com>
Content-Language: en-US
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.32]);
	Fri, 04 Aug 2017 14:42:06 +0000 (UTC)
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Looks very good to me now. :)

>  	/*
> @@ -7820,6 +7834,88 @@ static int handle_preemption_timer(struct kvm_vcpu *vcpu)
>  	return 1;
>  }
>  
> +static bool valid_ept_address(struct kvm_vcpu *vcpu, u64 address)
> +{
> +	struct vcpu_vmx *vmx = to_vmx(vcpu);
> +	u64 mask = address & 0x7;
> +	int maxphyaddr = cpuid_maxphyaddr(vcpu);
> +
> +	/* Check for memory type validity */
> +	switch (mask) {
> +	case 0:
> +		if (!(vmx->nested.nested_vmx_ept_caps & VMX_EPTP_UC_BIT))
> +			return false;
> +		break;
> +	case 6:
> +		if (!(vmx->nested.nested_vmx_ept_caps & VMX_EPTP_WB_BIT))
> +			return false;
> +		break;

KVM always sets 6 without checking. But there is also a TODO left in
construct_eptp(). But we could hit this case probably only in very
strange environments (e.g. revoking it for our L1, so it cannot use WB
memory for L2). So we should be safe by requiring WB for now.


From 0ac06e7242d25ba1b66e4e6e2b20dbfa21ba4308 Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david@redhat.com>
Date: Fri, 4 Aug 2017 16:40:32 +0200
Subject: [PATCH v1] KVM: VMX: require EPT WB (Write Back) memory type
support

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 arch/x86/kvm/vmx.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

 	if (enable_ept_ad_bits &&
@@ -6579,7 +6583,8 @@ static __init int hardware_setup(void)
 		init_vmcs_shadow_fields();

 	if (!cpu_has_vmx_ept() ||
-	    !cpu_has_vmx_ept_4levels()) {
+	    !cpu_has_vmx_ept_4levels() ||
+	    !cpu_has_vmx_ept_wb_bit()) {
 		enable_ept = 0;
 		enable_unrestricted_guest = 0;
 		enable_ept_ad_bits = 0;

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 78c66a7..a2f8475 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1192,6 +1192,11 @@ static inline bool cpu_has_vmx_ept_4levels(void)
 	return vmx_capability.ept & VMX_EPT_PAGE_WALK_4_BIT;
 }

+static inline bool cpu_has_vmx_ept_wb_bit(void)
+{
+	return vmx_capability.ept & VMX_EPTP_WB_BIT;
+}
+
 static inline bool cpu_has_vmx_ept_ad_bits(void)
 {
 	return vmx_capability.ept & VMX_EPT_AD_BIT;
@@ -4260,7 +4265,6 @@ static u64 construct_eptp(struct kvm_vcpu *vcpu,
unsigned long root_hpa)
 {
 	u64 eptp;

-	/* TODO write the value reading from MSR */
 	eptp = VMX_EPT_DEFAULT_MT |
 		VMX_EPT_DEFAULT_GAW << VMX_EPT_GAW_EPTP_SHIFT;