lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANRm+CzPUnrqM4iQNrov1TW5+3WCH+P4ReigHaJcAd3Dxs5tgA@mail.gmail.com>
Date:   Thu, 17 Aug 2017 14:05:56 +0800
From:   Wanpeng Li <kernellwp@...il.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     Lan Tianyu <tianyu.lan@...el.com>,
        Radim Krcmar <rkrcmar@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        "the arch/x86 maintainers" <x86@...nel.org>,
        kvm <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Nadav Amit <nadav.amit@...il.com>
Subject: Re: [PATCH] KVM/VMX: Avoid CR3 VMEXIT during guest real mode when
 "unrestricted guest" is supported.

Cc Nadav,
2017-08-17 13:58 GMT+08:00 Wanpeng Li <kernellwp@...il.com>:
> 2017-08-16 17:25 GMT+08:00 Paolo Bonzini <pbonzini@...hat.com>:
>> On 16/08/2017 03:58, Lan Tianyu wrote:
>>> These CR3 VMEXITs was introduced for platform without "unrestricted guest"
>>> support. This is to set ept identity table to guest CR3 in guest real
>>> mode because these platforms don't support ept real mode(CR0.PE and CR0.PG
>>> must be set to 1). But these VMEXITs is redundant for platforms with
>>> "unrestricted guest" support.
>>
>> This is true, but I'm not sure it's a good idea to make things more
>> complex...  It is working code and is not a bottleneck anywhere.
>
> Sorry, I have another question. There is no A20 emulation in kvm
> currently, then whether or not the vm8086 which is emulated by kvm can
> guarantee real mode guest which access occurs at 1 MByte will incur
> address-wraparound?
>
> Regards,
> Wanpeng Li
>
>>
>> Paolo
>>
>>> Signed-off-by: Lan Tianyu <tianyu.lan@...el.com>
>>> ---
>>>  arch/x86/kvm/vmx.c | 22 +++++++++++++---------
>>>  1 file changed, 13 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> index 9b21b12..46dcf50 100644
>>> --- a/arch/x86/kvm/vmx.c
>>> +++ b/arch/x86/kvm/vmx.c
>>> @@ -4221,18 +4221,20 @@ static void ept_update_paging_mode_cr0(unsigned long *hw_cr0,
>>>               vmx_decache_cr3(vcpu);
>>>       if (!(cr0 & X86_CR0_PG)) {
>>>               /* From paging/starting to nonpaging */
>>> -             vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
>>> -                          vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) |
>>> -                          (CPU_BASED_CR3_LOAD_EXITING |
>>> -                           CPU_BASED_CR3_STORE_EXITING));
>>> +             if (!enable_unrestricted_guest)
>>> +                     vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
>>> +                                  vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) |
>>> +                                  (CPU_BASED_CR3_LOAD_EXITING |
>>> +                                   CPU_BASED_CR3_STORE_EXITING));
>>>               vcpu->arch.cr0 = cr0;
>>>               vmx_set_cr4(vcpu, kvm_read_cr4(vcpu));
>>>       } else if (!is_paging(vcpu)) {
>>>               /* From nonpaging to paging */
>>> -             vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
>>> -                          vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) &
>>> -                          ~(CPU_BASED_CR3_LOAD_EXITING |
>>> -                            CPU_BASED_CR3_STORE_EXITING));
>>> +             if (!enable_unrestricted_guest)
>>> +                     vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
>>> +                                  vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) &
>>> +                                  ~(CPU_BASED_CR3_LOAD_EXITING |
>>> +                                    CPU_BASED_CR3_STORE_EXITING));
>>>               vcpu->arch.cr0 = cr0;
>>>               vmx_set_cr4(vcpu, kvm_read_cr4(vcpu));
>>>       }
>>> @@ -4311,7 +4313,9 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
>>>       }
>>>
>>>       vmx_flush_tlb(vcpu);
>>> -     vmcs_writel(GUEST_CR3, guest_cr3);
>>> +
>>> +     if (!enable_unrestricted_guest || !enable_ept)
>>> +             vmcs_writel(GUEST_CR3, guest_cr3);
>>>  }
>>>
>>>  static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
>>>
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ