| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Aug 2017 14:05:56 +0800
From: Wanpeng Li <kernellwp@...il.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Lan Tianyu <tianyu.lan@...el.com>,
Radim Krcmar <rkrcmar@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
"the arch/x86 maintainers" <x86@...nel.org>,
kvm <kvm@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Nadav Amit <nadav.amit@...il.com>
Subject: Re: [PATCH] KVM/VMX: Avoid CR3 VMEXIT during guest real mode when
"unrestricted guest" is supported.
Cc Nadav,
2017-08-17 13:58 GMT+08:00 Wanpeng Li <kernellwp@...il.com>:
> 2017-08-16 17:25 GMT+08:00 Paolo Bonzini <pbonzini@...hat.com>:
>> On 16/08/2017 03:58, Lan Tianyu wrote:
>>> These CR3 VMEXITs was introduced for platform without "unrestricted guest"
>>> support. This is to set ept identity table to guest CR3 in guest real
>>> mode because these platforms don't support ept real mode(CR0.PE and CR0.PG
>>> must be set to 1). But these VMEXITs is redundant for platforms with
>>> "unrestricted guest" support.
>>
>> This is true, but I'm not sure it's a good idea to make things more
>> complex... It is working code and is not a bottleneck anywhere.
>
> Sorry, I have another question. There is no A20 emulation in kvm
> currently, then whether or not the vm8086 which is emulated by kvm can
> guarantee real mode guest which access occurs at 1 MByte will incur
> address-wraparound?
>
> Regards,
> Wanpeng Li
>
>>
>> Paolo
>>
>>> Signed-off-by: Lan Tianyu <tianyu.lan@...el.com>
>>> ---
>>> arch/x86/kvm/vmx.c | 22 +++++++++++++---------
>>> 1 file changed, 13 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> index 9b21b12..46dcf50 100644
>>> --- a/arch/x86/kvm/vmx.c
>>> +++ b/arch/x86/kvm/vmx.c
>>> @@ -4221,18 +4221,20 @@ static void ept_update_paging_mode_cr0(unsigned long *hw_cr0,
>>> vmx_decache_cr3(vcpu);
>>> if (!(cr0 & X86_CR0_PG)) {
>>> /* From paging/starting to nonpaging */
>>> - vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
>>> - vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) |
>>> - (CPU_BASED_CR3_LOAD_EXITING |
>>> - CPU_BASED_CR3_STORE_EXITING));
>>> + if (!enable_unrestricted_guest)
>>> + vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
>>> + vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) |
>>> + (CPU_BASED_CR3_LOAD_EXITING |
>>> + CPU_BASED_CR3_STORE_EXITING));
>>> vcpu->arch.cr0 = cr0;
>>> vmx_set_cr4(vcpu, kvm_read_cr4(vcpu));
>>> } else if (!is_paging(vcpu)) {
>>> /* From nonpaging to paging */
>>> - vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
>>> - vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) &
>>> - ~(CPU_BASED_CR3_LOAD_EXITING |
>>> - CPU_BASED_CR3_STORE_EXITING));
>>> + if (!enable_unrestricted_guest)
>>> + vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
>>> + vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) &
>>> + ~(CPU_BASED_CR3_LOAD_EXITING |
>>> + CPU_BASED_CR3_STORE_EXITING));
>>> vcpu->arch.cr0 = cr0;
>>> vmx_set_cr4(vcpu, kvm_read_cr4(vcpu));
>>> }
>>> @@ -4311,7 +4313,9 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
>>> }
>>>
>>> vmx_flush_tlb(vcpu);
>>> - vmcs_writel(GUEST_CR3, guest_cr3);
>>> +
>>> + if (!enable_unrestricted_guest || !enable_ept)
>>> + vmcs_writel(GUEST_CR3, guest_cr3);
>>> }
>>>
>>> static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
>>>
>>
Powered by blists - more mailing lists