Re: [PATCH v2 2/2] KVM: SVM: Use a separate vmcb for the nested L2 guest

From: Sean Christopherson
Date: Mon Oct 12 2020 - 22:42:05 EST

Next message: Dmitry Safonov: "[PATCH 3/6] mremap: Don't allow MREMAP_DONTUNMAP on special_mappings and aio"
Previous message: Lu Baolu: "Re: [PATCH next] iommu: intel: make DMAR_TABLE select IOMMU_API"
In reply to: Cathy Avery: "[PATCH v2 2/2] KVM: SVM: Use a separate vmcb for the nested L2 guest"
Next in thread: Cathy Avery: "[PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Oct 11, 2020 at 02:48:18PM -0400, Cathy Avery wrote:
> @@ -628,8 +620,10 @@ int nested_svm_vmexit(struct vcpu_svm *svm)
> nested_vmcb->control.pause_filter_thresh =
> svm->vmcb->control.pause_filter_thresh;
>
> - /* Restore the original control entries */
> - copy_vmcb_control_area(&vmcb->control, &hsave->control);
> + nested_svm_vmloadsave(svm->nested.vmcb02, svm->vmcb01);
> +
> + svm->vmcb = svm->vmcb01;
> + svm->vmcb_pa = svm->vmcb01_pa;

I very highly recommend adding a helper to switch VMCB. Odds are very good
there will be more than just these two lines of boilerplate code for changing
the active VMCB.

>
> /* On vmexit the GIF is set to false */
> svm_set_gif(svm, false);

...

> @@ -1121,16 +1102,24 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
> if (!(save.cr0 & X86_CR0_PG))
> return -EINVAL;
>
> + svm->nested.vmcb02->control = svm->vmcb01->control;
> + svm->nested.vmcb02->save = svm->vmcb01->save;
> + svm->vmcb01->save = save;
> +
> + WARN_ON(svm->vmcb == svm->nested.vmcb02);

I'm pretty sure this is user triggerable. AFAIK, nothing prevents calling
svm_set_nested_state() while L2 is active, e.g. VMX explicitly (and forcefully)
kicks the vCPU out of L2 in vmx_set_nested_state().

> +
> + svm->nested.vmcb = kvm_state->hdr.svm.vmcb_pa;
> +
> + svm->vmcb = svm->nested.vmcb02;
> + svm->vmcb_pa = svm->nested.vmcb02_pa;
> +
> /*
> - * All checks done, we can enter guest mode. L1 control fields
> - * come from the nested save state. Guest state is already
> - * in the registers, the save area of the nested state instead
> - * contains saved L1 state.
> + * All checks done, we can enter guest mode. L2 control fields will
> + * be the result of a combination of L1 and userspace indicated
> + * L12.control. The save area of L1 vmcb now contains the userspace
> + * indicated L1.save.
> */
> - copy_vmcb_control_area(&hsave->control, &svm->vmcb->control);
> - hsave->save = save;
>
> - svm->nested.vmcb = kvm_state->hdr.svm.vmcb_pa;
> load_nested_vmcb_control(svm, &ctl);
> nested_prepare_vmcb_control(svm);
>

Next message: Dmitry Safonov: "[PATCH 3/6] mremap: Don't allow MREMAP_DONTUNMAP on special_mappings and aio"
Previous message: Lu Baolu: "Re: [PATCH next] iommu: intel: make DMAR_TABLE select IOMMU_API"
In reply to: Cathy Avery: "[PATCH v2 2/2] KVM: SVM: Use a separate vmcb for the nested L2 guest"
Next in thread: Cathy Avery: "[PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]