[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH] VT-x: simplify/clarify vmx_load_pdptrs()


  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
  • Date: Fri, 19 Jun 2020 01:27:05 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tQkI0yamfSNutIMYlfjEegApKS7mS2dEbOKvygxGeok=; b=K6Rxo/h4uBquS2zf9gcEqrCaULzVb6wriviFEkuQ50+bWY31SVugGuolG9HECFtmi7yvctuG47MMA+GRpWvMTQV+hnrRof5+TRa1co5yMEtj0QelNdzsAeMOwhMiKdRAbQm4EYD6Wh/08E3U9NMXgyTbN5DBBWRhAzeJdPAwgkOWyYfCy7dqrVXatSrD+Uj/dcPkhogrkxOso4P9lpvUMfatQ3EauyyMzYotKe6JbMEMsmBwaB1T/zEM/OgZ+rYnIy+yPNZ8EdL4ynFuWet58CpMGrICtE2L3nkwhD6w432CsNG7DBWeqWDfoJM8rSqOECDQzmZxkY8rNWozcK+xSg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BQT9ML8TWEJxKs96urnUIkr/Vv1860WAhNOeAOmaY1lgCUANwWUvqeB/Dotw1R3IF7wLA5PECQ2KVDCLDF6XgpY5FTD6nHx0WGE/WwX/YWnmUlbMdbSpZqQyEsYehWjfTQR0UoozxWs0ZR8fqAADhHteNO0rjToXSkm7q3AwbM18Z9S6r8j4bk1N9BXAzFkYj41B61v36NxAgfNMujovrCkXKTHezO4ONAZQ3OY0p/5ueOTb9rADLAO3aoJj73t6IaPFPxlMGPwoYBhQI6sbC4g+x461mA/0RWxUPKmYHazMSmhipz9oz81sgt1XfYj6Ne4p22pFjKIqRSJQCwRO6Q==
  • Authentication-results: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=intel.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Fri, 19 Jun 2020 01:27:18 +0000
  • Dlp-product: dlpe-windows
  • Dlp-reaction: no-action
  • Dlp-version: 11.2.0.6
  • Ironport-sdr: OZ62ioNrKfck6emZnBlQf+qYdCiA933GPsgQjmN4Wk+XCZn0rUdcN4xuUZMb03IFuc3x/QuINr zWZbg6KGv8Ng==
  • Ironport-sdr: UxsThT7uRVvLTBfdffEPEWM16aZCaMp5VIYe5D0d0zW0t5t/lS5bn0dJYRPhYIue4uw6kQRc4T u7UyIfxsq3oQ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHWRTsZ99HPJcDaf0KsaKSIfuDNiajfJt7Q
  • Thread-topic: [PATCH] VT-x: simplify/clarify vmx_load_pdptrs()

> From: Jan Beulich <jbeulich@xxxxxxxx>
> Sent: Thursday, June 18, 2020 2:38 PM
> 
> * Guests outside of long mode can't have PCID enabled. Drop the
>   respective check to make more obvious that there's no security issue
>   (from potentially accessing past the mapped page's boundary).
> 
> * Only the low 32 bits of CR3 are relevant outside of long mode, even
>   if they remained unchanged after leaving that mode.
> 
> * Drop the unnecessary and badly typed local variable p.
> 
> * Don't open-code hvm_long_mode_active() (and extend this to the related
>   nested VT-x code).
> 
> * Constify guest_pdptes to clarify that we're only reading from the
>   page.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>

> ---
> This is intentionally not addressing any of the other shortcomings of
> the function, as was done by the previously posted
> https://lists.xenproject.org/archives/html/xen-devel/2018-
> 07/msg01790.html.
> This will need to be the subject of a further change.
> 
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -1312,17 +1312,16 @@ static void vmx_set_interrupt_shadow(str
> 
>  static void vmx_load_pdptrs(struct vcpu *v)
>  {
> -    unsigned long cr3 = v->arch.hvm.guest_cr[3];
> -    uint64_t *guest_pdptes;
> +    uint32_t cr3 = v->arch.hvm.guest_cr[3];
> +    const uint64_t *guest_pdptes;
>      struct page_info *page;
>      p2m_type_t p2mt;
> -    char *p;
> 
>      /* EPT needs to load PDPTRS into VMCS for PAE. */
> -    if ( !hvm_pae_enabled(v) || (v->arch.hvm.guest_efer & EFER_LMA) )
> +    if ( !hvm_pae_enabled(v) || hvm_long_mode_active(v) )
>          return;
> 
> -    if ( (cr3 & 0x1fUL) && !hvm_pcid_enabled(v) )
> +    if ( cr3 & 0x1f )
>          goto crash;
> 
>      page = get_page_from_gfn(v->domain, cr3 >> PAGE_SHIFT, &p2mt,
> P2M_UNSHARE);
> @@ -1332,14 +1331,12 @@ static void vmx_load_pdptrs(struct vcpu
>           * queue, but this is the wrong place. We're holding at least
>           * the paging lock */
>          gdprintk(XENLOG_ERR,
> -                 "Bad cr3 on load pdptrs gfn %lx type %d\n",
> +                 "Bad cr3 on load pdptrs gfn %"PRIx32" type %d\n",
>                   cr3 >> PAGE_SHIFT, (int) p2mt);
>          goto crash;
>      }
> 
> -    p = __map_domain_page(page);
> -
> -    guest_pdptes = (uint64_t *)(p + (cr3 & ~PAGE_MASK));
> +    guest_pdptes = __map_domain_page(page) + (cr3 & ~PAGE_MASK);
> 
>      /*
>       * We do not check the PDPTRs for validity. The CPU will do this during
> @@ -1356,7 +1353,7 @@ static void vmx_load_pdptrs(struct vcpu
> 
>      vmx_vmcs_exit(v);
> 
> -    unmap_domain_page(p);
> +    unmap_domain_page(guest_pdptes);
>      put_page(page);
>      return;
> 
> --- a/xen/arch/x86/hvm/vmx/vvmx.c
> +++ b/xen/arch/x86/hvm/vmx/vvmx.c
> @@ -1234,7 +1234,7 @@ static void virtual_vmentry(struct cpu_u
>          paging_update_paging_modes(v);
> 
>      if ( nvmx_ept_enabled(v) && hvm_pae_enabled(v) &&
> -         !(v->arch.hvm.guest_efer & EFER_LMA) )
> +         !hvm_long_mode_active(v) )
>          vvmcs_to_shadow_bulk(v, ARRAY_SIZE(gpdpte_fields), gpdpte_fields);
> 
>      regs->rip = get_vvmcs(v, GUEST_RIP);
> @@ -1437,7 +1437,7 @@ static void virtual_vmexit(struct cpu_us
>      sync_exception_state(v);
> 
>      if ( nvmx_ept_enabled(v) && hvm_pae_enabled(v) &&
> -         !(v->arch.hvm.guest_efer & EFER_LMA) )
> +         !hvm_long_mode_active(v) )
>          shadow_to_vvmcs_bulk(v, ARRAY_SIZE(gpdpte_fields), gpdpte_fields);
> 
>      /* This will clear current pCPU bit in p2m->dirty_cpumask */

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.