Re: [Xen-devel] [PATCH] x86/svm: Fix a livelock when trying to run shadowed unpaged guests

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 29/09/17 19:32, Boris Ostrovsky wrote:
> On 09/29/2017 01:53 PM, Andrew Cooper wrote:
>> On AMD processors which support SMEP (Some Fam16h processors) and SMAP (Zen,
>> Fam17h), a guest which is running with shadow paging and clears CR0.PG while
>> keeping CR4.{SMEP,SMAP} set will livelock, as hardware raises #PF which the
>> shadow pagetable concludes shouldn't happen.
>>
>> This occurs because hardware is running with host paging settings, which
>> causes the guests choice of SMEP/SMAP to actually take effect, even though
>> they shouldn't from the guests point of view.
> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
>
> although the commit message makes it sound as if this problem is
> specific to AMD. This is not an issue on Intel because VMX already has
> such code, no?

"Its Complicated" (he says, having spent far too long pouring over each
set of manuals).

The SMEP/SMAP behaviour with paging enabled while the guest is in
unpaged mode are architectural and the same on Intel and AMD processors.

As for control register settings, AMD and Intel behave differently. 
Intel has separate host and guest control register fields in the VMCS,
while AMD only has guest control register fields in the VMCB and they
behave differently depending on whether NPT is enabled or not (at which
point, some settings are inherited from the host state on VMRUN).

There have been a very large number of patches to fix this on Intel,
which as of c/s 224acdd0 appears to function correctly in all
combinations.  I am clearly the first person to try and excise this
corner case in anger on AMD hardware.

This brings the AMD code in line Intel, other than the
unrestricted_guest corner case, which is specific to Intel.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel