On 10/07/20 17:48, Mohammed Gamal wrote: > When EPT is enabled, KVM does not really look at guest physical > address size. Address bits above maximum physical memory size are reserved. > Because KVM does not look at these guest physical addresses, it currently > effectively supports guest physical address sizes equal to the host. > > This can be problem when having a mixed setup of machines with 5-level page > tables and machines with 4-level page tables, as live migration can change > MAXPHYADDR while the guest runs, which can theoretically introduce bugs. > > In this patch series we add checks on guest physical addresses in EPT > violation/misconfig and NPF vmexits and if needed inject the proper > page faults in the guest. > > A more subtle issue is when the host MAXPHYADDR is larger than that of the > guest. Page faults caused by reserved bits on the guest won't cause an EPT > violation/NPF and hence we also check guest MAXPHYADDR and add PFERR_RSVD_MASK > error code to the page fault if needed. > > ---- > > Changes from v2: > - Drop support for this feature on AMD processors after discussion with AMD > > > Mohammed Gamal (5): > KVM: x86: Add helper functions for illegal GPA checking and page fault > injection > KVM: x86: mmu: Move translate_gpa() to mmu.c > KVM: x86: mmu: Add guest physical address check in translate_gpa() > KVM: VMX: Add guest physical address check in EPT violation and > misconfig > KVM: x86: SVM: VMX: Make GUEST_MAXPHYADDR < HOST_MAXPHYADDR support > configurable > > Paolo Bonzini (4): > KVM: x86: rename update_bp_intercept to update_exception_bitmap > KVM: x86: update exception bitmap on CPUID changes > KVM: VMX: introduce vmx_need_pf_intercept > KVM: VMX: optimize #PF injection when MAXPHYADDR does not match > > arch/x86/include/asm/kvm_host.h | 10 ++------ > arch/x86/kvm/cpuid.c | 2 ++ > arch/x86/kvm/mmu.h | 6 +++++ > arch/x86/kvm/mmu/mmu.c | 12 +++++++++ > arch/x86/kvm/svm/svm.c | 22 +++++++++++++--- > arch/x86/kvm/vmx/nested.c | 28 ++++++++++++-------- > arch/x86/kvm/vmx/vmx.c | 45 +++++++++++++++++++++++++++++---- > arch/x86/kvm/vmx/vmx.h | 6 +++++ > arch/x86/kvm/x86.c | 29 ++++++++++++++++++++- > arch/x86/kvm/x86.h | 1 + > include/uapi/linux/kvm.h | 1 + > 11 files changed, 133 insertions(+), 29 deletions(-) > Queued, thanks (I'll look at it more closely when I'm back, but at least people can play with it). Paolo
