On Mon, Apr 26, 2021, Krish Sadhukhan wrote:
>
> On 4/23/21 1:31 PM, Paolo Bonzini wrote:
> > On 23/04/21 17:56, Sean Christopherson wrote:
> > > On Thu, Apr 22, 2021, Krish Sadhukhan wrote:
> > > > On 4/22/21 11:01 AM, Sean Christopherson wrote:
> > > > > offset = svm->nested.ctl.msrpm_base_pa + (p * 4);
> > > > >
> > > > > if (kvm_vcpu_read_guest(&svm->vcpu, offset, &value,
> > > > > 4)) <- This reads vmcb12
> > > > > return false;
> > > > >
> > > > > svm->nested.msrpm[p] = svm->msrpm[p] | value; <-
> > > > > Merge vmcb12's bitmap to KVM's bitmap for L2
> > >
> > > ...
> > > > Getting back to your concern that this patch breaks
> > > > nested_svm_vmrun_msrpm(). If L1 passes a valid address in which
> > > > some bits
> > > > in 11:0 are set, the hardware is anyway going to ignore those bits,
> > > > irrespective of whether we clear them (before my patch) or pass
> > > > them as is
> > > > (my patch) and therefore what L1 thinks as a valid address will
> > > > effectively
> > > > be an invalid address to the hardware. The only difference my
> > > > patch makes is
> > > > it enables tests to verify hardware behavior. Am missing something ?
> > >
> > > See the above snippet where KVM reads the effectively vmcb12->msrpm
> > > to merge L1's
> > > desires with KVM's desires. By removing the code that ensures
> > > svm->nested.ctl.msrpm_base_pa is page aligned, the above offset
> > > calculation will
> > > be wrong.
> >
> > In fact the kvm-unit-test you sent was also wrong for this same reason
> > when it was testing addresses near the end of the physical address
> > space.
> >
> > Paolo
> >
> It seems to me that we should clear bits 11:0 in nested_svm_vmrun_msrpm()
> where we are forming msrpm_base_pa address for vmcb02.
> nested_svm_check_bitmap_pa() aligns the address passed to it, before
> checking it.
>
> Should I send a patch for this ?
I don't see any reason to leave the bits set in svm->nested.ctl.msrpm_base_pa
any longer than they absolutely need to be set, i.e.
nested_load_control_from_vmcb12() feels like the best place to clear the offset.
If we really want to change something, we could WARN in the consistency check on
an unaligned address, e.g.
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 540d43ba2cf4..56e109d2ea7f 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -220,7 +220,7 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
*/
static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size)
{
- u64 addr = PAGE_ALIGN(pa);
+ WARN_ON_ONCE(!PAGE_ALIGNED(pa));
return kvm_vcpu_is_legal_gpa(vcpu, addr) &&
kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1);
