On 20/11/19 13:24, Liran Alon wrote:
> Since commit 1313cc2bd8f6 ("kvm: mmu: Add guest_mode to kvm_mmu_page_role"),
> guest_mode was added to mmu-role and therefore if L0 use EPT, it will
> always run L1 and L2 with different EPTP. i.e. EPTP01!=EPTP02.
>
> Because TLB entries are tagged with EP4TA, KVM can assume
> TLB entries populated while running L2 are tagged differently
> than TLB entries populated while running L1.
>
> Therefore, update nested_has_guest_tlb_tag() to consider if
> L0 use EPT instead of if L1 use EPT.
>
> Reviewed-by: Joao Martins <joao.m.martins@xxxxxxxxxx>
> Reviewed-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
> Signed-off-by: Liran Alon <liran.alon@xxxxxxxxxx>
> ---
> arch/x86/kvm/vmx/nested.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 229ca7164318..fdcead2d4dd6 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -1024,7 +1024,9 @@ static int nested_vmx_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3, bool ne
> * populated by L2 differently than TLB entries populated
> * by L1.
> *
> - * If L1 uses EPT, then TLB entries are tagged with different EPTP.
> + * If L0 uses EPT, L1 and L2 run with different EPTP because
> + * guest_mode is part of kvm_mmu_page_role. Thus, TLB entries
> + * are tagged with different EPTP.
> *
> * If L1 uses VPID and we allocated a vpid02, TLB entries are tagged
> * with different VPID (L1 entries are tagged with vmx->vpid
> @@ -1034,7 +1036,7 @@ static bool nested_has_guest_tlb_tag(struct kvm_vcpu *vcpu)
> {
> struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
>
> - return nested_cpu_has_ept(vmcs12) ||
> + return enable_ept ||
> (nested_cpu_has_vpid(vmcs12) && to_vmx(vcpu)->nested.vpid02);
> }
>
>
Queued, thanks.
Paolo
