From nobody Wed Jun 24 09:55:37 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9455C433FE for ; Fri, 11 Mar 2022 07:03:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346981AbiCKHE1 (ORCPT ); Fri, 11 Mar 2022 02:04:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48904 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346944AbiCKHEU (ORCPT ); Fri, 11 Mar 2022 02:04:20 -0500 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75F6E517FC; Thu, 10 Mar 2022 23:03:16 -0800 (PST) Received: by mail-pj1-x102b.google.com with SMTP id b8so7390220pjb.4; Thu, 10 Mar 2022 23:03:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=a8Y+gYOUTBCqlCXiUbWQd9E+I7AV2/ErDR4a02EZ9x4=; b=RAUOujRxnp4fokHxf+kEn2j+qZzw85QN8mPsg3L+Ly/DLC1/lyuw3SywOeZPZMiSE6 L40EGLLQ7iBcGpGeu09DhnGo/NOuFkCM87FoolmeycUaZrsuXTOdx3G26cFwg/C4r5ZE wLjnQaFlQ/IjxXZoCerAYM/eLyXamJtqbtICE/tws5ui2Sw5oVKWlh/1G9RNg97PPlNz 6GsD/5cAFyeXfOtV9ByVmNM1HP3ZCsJLk4AqAEmboTkaJar3iqMxx0guMZH+35Yf7WKD OAZV3UH62L0JgZ32yjmJ8dMOvIcWDW6CIncTh+Obf7n1MDZQ6yhRBDSQ0v/4BxvcEgzp t6AQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=a8Y+gYOUTBCqlCXiUbWQd9E+I7AV2/ErDR4a02EZ9x4=; b=5k+cMEfX2PNr/w7lrq9+xfWp5e9NjLdbsma0m6Qj9wLcIiscEMNNBxgGtbOGFvqDVY 40m14O6QQW7qozNj+q6YBEzFzyv5B1wKz8Z0JyGI4ZjtZ5h27rVxYcHx1a/i1GOELPVJ bOCcye6eXgG3SPhS5s2S72upv4nci5J0zOdyw1UYm4jMNNUbo0QGcuhIriUoCJs4T9df e1pGwUTC9nwnnItOmyoxlawAzkLBri4RKiOLWyqePwPHnHgBtMJhqF0ApI6roWwsBKgb 5WQvC2B339Wk5kGJgZL/qJEt21dmTMwy1rhQ5cjP0V6Xvu8kZOIder2zdYxtlzZZug3V yrGg== X-Gm-Message-State: AOAM530Wc5sNWQBNg80EPEhVz1MMjpjfgW2EHK5htNEoZlrciwfDYK6h zdJwsjqJroXnm4HfkxMUiXSLZWuxAD0= X-Google-Smtp-Source: ABdhPJynhKchGr3xJTI7GLEQbJeSCXLh9mTAmQHoWDpRXOgvWG7Apg5ujNCF+mJu7XT8nIBNto5eYQ== X-Received: by 2002:a17:902:b906:b0:14f:76a0:ad48 with SMTP id bf6-20020a170902b90600b0014f76a0ad48mr8777198plb.79.1646982195678; Thu, 10 Mar 2022 23:03:15 -0800 (PST) Received: from localhost ([47.251.4.198]) by smtp.gmail.com with ESMTPSA id v24-20020a634818000000b0036407db4728sm7080186pga.26.2022.03.10.23.03.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Mar 2022 23:03:15 -0800 (PST) From: Lai Jiangshan To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson Cc: Lai Jiangshan , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Subject: [PATCH V2 1/5] KVM: X86: Change the type of access u32 to u64 Date: Fri, 11 Mar 2022 15:03:41 +0800 Message-Id: <20220311070346.45023-2-jiangshanlai@gmail.com> X-Mailer: git-send-email 2.19.1.6.gb485710b In-Reply-To: <20220311070346.45023-1-jiangshanlai@gmail.com> References: <20220311070346.45023-1-jiangshanlai@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lai Jiangshan Change the type of access u32 to u64 for FNAME(walk_addr) and ->gva_to_gpa(). The kinds of accesses are usually combinations of UWX, and VMX/SVM's nested paging adds a new factor of access: is it an access for a guest page table or for a final guest physical address. And SMAP relies a factor for supervisor access: explicit or implicit. So @access in FNAME(walk_addr) and ->gva_to_gpa() is better to include all these information to do the walk. Although @access(u32) has enough bits to encode all the kinds, this patch extends it to u64: o Extra bits will be in the higher 32 bits, so that we can easily obtain the traditional access mode (UWX) by converting it to u32. o Reuse the value for the access kind defined by SVM's nested paging (PFERR_GUEST_FINAL_MASK and PFERR_GUEST_PAGE_MASK) as @error_code in kvm_handle_page_fault(). Signed-off-by: Lai Jiangshan --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/mmu.h | 8 +++++--- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/mmu/paging_tmpl.h | 8 ++++---- arch/x86/kvm/x86.c | 24 ++++++++++++------------ 5 files changed, 23 insertions(+), 21 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index c45ab8b5c37f..edffcf7f9c2d 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -429,7 +429,7 @@ struct kvm_mmu { void (*inject_page_fault)(struct kvm_vcpu *vcpu, struct x86_exception *fault); gpa_t (*gva_to_gpa)(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, - gpa_t gva_or_gpa, u32 access, + gpa_t gva_or_gpa, u64 access, struct x86_exception *exception); int (*sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp); diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index bf8dbc4bb12a..74efeaefa8f8 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -214,8 +214,10 @@ static inline int kvm_mmu_do_page_fault(struct kvm_vcp= u *vcpu, gpa_t cr2_or_gpa, */ static inline u8 permission_fault(struct kvm_vcpu *vcpu, struct kvm_mmu *m= mu, unsigned pte_access, unsigned pte_pkey, - unsigned pfec) + u64 access) { + /* strip nested paging fault error codes */ + unsigned int pfec =3D access; int cpl =3D static_call(kvm_x86_get_cpl)(vcpu); unsigned long rflags =3D static_call(kvm_x86_get_rflags)(vcpu); =20 @@ -317,12 +319,12 @@ static inline void kvm_update_page_stats(struct kvm *= kvm, int level, int count) atomic64_add(count, &kvm->stat.pages[level - 1]); } =20 -gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access, +gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u64 access, struct x86_exception *exception); =20 static inline gpa_t kvm_translate_gpa(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, - gpa_t gpa, u32 access, + gpa_t gpa, u64 access, struct x86_exception *exception) { if (mmu !=3D &vcpu->arch.nested_mmu) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index bd3625a875ef..c12133c3cf00 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3703,7 +3703,7 @@ void kvm_mmu_sync_prev_roots(struct kvm_vcpu *vcpu) } =20 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, struct kvm_mmu *m= mu, - gpa_t vaddr, u32 access, + gpa_t vaddr, u64 access, struct x86_exception *exception) { if (exception) diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index 252c77805eb9..8621188b46df 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -339,7 +339,7 @@ static inline bool FNAME(is_last_gpte)(struct kvm_mmu *= mmu, */ static int FNAME(walk_addr_generic)(struct guest_walker *walker, struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, - gpa_t addr, u32 access) + gpa_t addr, u64 access) { int ret; pt_element_t pte; @@ -347,7 +347,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, gfn_t table_gfn; u64 pt_access, pte_access; unsigned index, accessed_dirty, pte_pkey; - unsigned nested_access; + u64 nested_access; gpa_t pte_gpa; bool have_ad; int offset; @@ -540,7 +540,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, } =20 static int FNAME(walk_addr)(struct guest_walker *walker, - struct kvm_vcpu *vcpu, gpa_t addr, u32 access) + struct kvm_vcpu *vcpu, gpa_t addr, u64 access) { return FNAME(walk_addr_generic)(walker, vcpu, vcpu->arch.mmu, addr, access); @@ -988,7 +988,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t = gva, hpa_t root_hpa) =20 /* Note, @addr is a GPA when gva_to_gpa() translates an L2 GPA to an L1 GP= A. */ static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, - gpa_t addr, u32 access, + gpa_t addr, u64 access, struct x86_exception *exception) { struct guest_walker walker; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index cf17af4d6904..c85e48dc8310 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6705,7 +6705,7 @@ void kvm_get_segment(struct kvm_vcpu *vcpu, static_call(kvm_x86_get_segment)(vcpu, var, seg); } =20 -gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access, +gpa_t translate_nested_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u64 access, struct x86_exception *exception) { struct kvm_mmu *mmu =3D vcpu->arch.mmu; @@ -6725,7 +6725,7 @@ gpa_t kvm_mmu_gva_to_gpa_read(struct kvm_vcpu *vcpu, = gva_t gva, { struct kvm_mmu *mmu =3D vcpu->arch.walk_mmu; =20 - u32 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; + u64 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; return mmu->gva_to_gpa(vcpu, mmu, gva, access, exception); } EXPORT_SYMBOL_GPL(kvm_mmu_gva_to_gpa_read); @@ -6735,7 +6735,7 @@ EXPORT_SYMBOL_GPL(kvm_mmu_gva_to_gpa_read); { struct kvm_mmu *mmu =3D vcpu->arch.walk_mmu; =20 - u32 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; + u64 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; access |=3D PFERR_FETCH_MASK; return mmu->gva_to_gpa(vcpu, mmu, gva, access, exception); } @@ -6745,7 +6745,7 @@ gpa_t kvm_mmu_gva_to_gpa_write(struct kvm_vcpu *vcpu,= gva_t gva, { struct kvm_mmu *mmu =3D vcpu->arch.walk_mmu; =20 - u32 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; + u64 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; access |=3D PFERR_WRITE_MASK; return mmu->gva_to_gpa(vcpu, mmu, gva, access, exception); } @@ -6761,7 +6761,7 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu= , gva_t gva, } =20 static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int = bytes, - struct kvm_vcpu *vcpu, u32 access, + struct kvm_vcpu *vcpu, u64 access, struct x86_exception *exception) { struct kvm_mmu *mmu =3D vcpu->arch.walk_mmu; @@ -6798,7 +6798,7 @@ static int kvm_fetch_guest_virt(struct x86_emulate_ct= xt *ctxt, { struct kvm_vcpu *vcpu =3D emul_to_vcpu(ctxt); struct kvm_mmu *mmu =3D vcpu->arch.walk_mmu; - u32 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; + u64 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; unsigned offset; int ret; =20 @@ -6823,7 +6823,7 @@ int kvm_read_guest_virt(struct kvm_vcpu *vcpu, gva_t addr, void *val, unsigned int bytes, struct x86_exception *exception) { - u32 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; + u64 access =3D (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USER= _MASK : 0; =20 /* * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED @@ -6842,7 +6842,7 @@ static int emulator_read_std(struct x86_emulate_ctxt = *ctxt, struct x86_exception *exception, bool system) { struct kvm_vcpu *vcpu =3D emul_to_vcpu(ctxt); - u32 access =3D 0; + u64 access =3D 0; =20 if (!system && static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) access |=3D PFERR_USER_MASK; @@ -6860,7 +6860,7 @@ static int kvm_read_guest_phys_system(struct x86_emul= ate_ctxt *ctxt, } =20 static int kvm_write_guest_virt_helper(gva_t addr, void *val, unsigned int= bytes, - struct kvm_vcpu *vcpu, u32 access, + struct kvm_vcpu *vcpu, u64 access, struct x86_exception *exception) { struct kvm_mmu *mmu =3D vcpu->arch.walk_mmu; @@ -6894,7 +6894,7 @@ static int emulator_write_std(struct x86_emulate_ctxt= *ctxt, gva_t addr, void *v bool system) { struct kvm_vcpu *vcpu =3D emul_to_vcpu(ctxt); - u32 access =3D PFERR_WRITE_MASK; + u64 access =3D PFERR_WRITE_MASK; =20 if (!system && static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) access |=3D PFERR_USER_MASK; @@ -6963,7 +6963,7 @@ static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu= , unsigned long gva, bool write) { struct kvm_mmu *mmu =3D vcpu->arch.walk_mmu; - u32 access =3D ((static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USE= R_MASK : 0) + u64 access =3D ((static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) ? PFERR_USE= R_MASK : 0) | (write ? PFERR_WRITE_MASK : 0); =20 /* @@ -12558,7 +12558,7 @@ void kvm_fixup_and_inject_pf_error(struct kvm_vcpu = *vcpu, gva_t gva, u16 error_c { struct kvm_mmu *mmu =3D vcpu->arch.walk_mmu; struct x86_exception fault; - u32 access =3D error_code & + u64 access =3D error_code & (PFERR_WRITE_MASK | PFERR_FETCH_MASK | PFERR_USER_MASK); =20 if (!(error_code & PFERR_PRESENT_MASK) || --=20 2.19.1.6.gb485710b From nobody Wed Jun 24 09:55:37 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 624A5C4332F for ; Fri, 11 Mar 2022 07:03:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347010AbiCKHEi (ORCPT ); Fri, 11 Mar 2022 02:04:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346944AbiCKHE2 (ORCPT ); Fri, 11 Mar 2022 02:04:28 -0500 Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 192A585950; Thu, 10 Mar 2022 23:03:22 -0800 (PST) Received: by mail-pl1-x632.google.com with SMTP id e2so6964240pls.10; Thu, 10 Mar 2022 23:03:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mGM0ZiK+NvSXxBCFgDxX2j+AvMkjH2c5Fn9qXNWdyQQ=; b=VWtLfvf4rRksbcko3VrPqjGmWuDEcSV9GLG22i4QcHrev7UoasurYNeOuSiXg/15bT QeSjJwAlZBKDERqolggzLGHuqQIoXXHCtu23yK0/odG1h748l1fFggkMil7m8J7v5iGS iuT0sOa0zJfiZlvjLPx72h0t7OkpJ3db2S4oRW4ZVcA5l1tcDqVBTtNDeb4FJtatvmvQ TBgIe8EXIXzwMklzuXSCkqfKtpyFDdbCUKqvq/a+qOT2IX84gqCEF7q4YdYpBoWM+4h1 jcwnanCER0IVU/AFL3kww+0eZUZFrwidC5SZojo9JkXlwHtMmxjJhaalCAAAkOOt0aez 3DYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mGM0ZiK+NvSXxBCFgDxX2j+AvMkjH2c5Fn9qXNWdyQQ=; b=gsB9n1xTeEaziHJye0EHjaj3eYfEhuh7uJK0g3LmkVI7gIGTQA3U6LO63J8gF2UXmn Y12vcxn7BHuwlIk02Nj6IdEl6ynOd6APPhZlpaLUr28vARjS5/dJi6NISod68UwHu5pg 0b9YecdN4M7uqHe7Ne2bthPstvkEXHZt8xW07Hr93iD382jnz4nKyFNwpXQLaNmZ+mrY sxUn8qziZkbjP7qK+lahHHo+SDFf1BlvZ6yfYc98pemM9lfKvnzjDQ574vZXIBDk/9LX itc+eI70Im3u4hFqllTJIIyPq7kzUm1bfKzYxjyCLlISQUp2XwYJV3ZuSDKHl7Wxlzx5 Y8PQ== X-Gm-Message-State: AOAM531qt652vrRGwjhiqP+GQuGdTIqDVouxAJ/Cy7woE3SyUBnpyVQ+ Oq87x76UswqZy5kXTnGAOEFbxwZwHEk= X-Google-Smtp-Source: ABdhPJxYto/Z+1zCP3rHxcbEpBGXmSMvdcMy46HTJNDxKQCbIYD9UZv9vx3N1O1zLyb63rGpINn+uw== X-Received: by 2002:a17:902:b406:b0:14f:bb35:95ab with SMTP id x6-20020a170902b40600b0014fbb3595abmr8869206plr.140.1646982201440; Thu, 10 Mar 2022 23:03:21 -0800 (PST) Received: from localhost ([47.251.4.198]) by smtp.gmail.com with ESMTPSA id c3-20020a056a00248300b004f6f729e485sm9707560pfv.127.2022.03.10.23.03.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Mar 2022 23:03:21 -0800 (PST) From: Lai Jiangshan To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson Cc: Lai Jiangshan , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Subject: [PATCH V2 2/5] KVM: X86: Fix comments in update_permission_bitmask Date: Fri, 11 Mar 2022 15:03:42 +0800 Message-Id: <20220311070346.45023-3-jiangshanlai@gmail.com> X-Mailer: git-send-email 2.19.1.6.gb485710b In-Reply-To: <20220311070346.45023-1-jiangshanlai@gmail.com> References: <20220311070346.45023-1-jiangshanlai@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lai Jiangshan The commit 09f037aa48f3 ("KVM: MMU: speedup update_permission_bitmask") refactored the code of update_permission_bitmask() and change the comments. It added a condition into a list to match the new code, so the number/order for conditions in the comments should be updated too. Signed-off-by: Lai Jiangshan --- arch/x86/kvm/mmu/mmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index c12133c3cf00..781f90480d00 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4583,8 +4583,8 @@ static void update_permission_bitmask(struct kvm_mmu = *mmu, bool ept) * - Page fault in kernel mode * - if CPL =3D 3 or X86_EFLAGS_AC is clear * - * Here, we cover the first three conditions. - * The fourth is computed dynamically in permission_fault(); + * Here, we cover the first four conditions. + * The fifth is computed dynamically in permission_fault(); * PFERR_RSVD_MASK bit will be set in PFEC if the access is * *not* subject to SMAP restrictions. */ --=20 2.19.1.6.gb485710b From nobody Wed Jun 24 09:55:37 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E580C433F5 for ; Fri, 11 Mar 2022 07:03:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347021AbiCKHEl (ORCPT ); Fri, 11 Mar 2022 02:04:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346985AbiCKHEe (ORCPT ); Fri, 11 Mar 2022 02:04:34 -0500 Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D91BD8BF52; Thu, 10 Mar 2022 23:03:28 -0800 (PST) Received: by mail-pl1-x62e.google.com with SMTP id n2so6990293plf.4; Thu, 10 Mar 2022 23:03:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5aBihaRQYwPecRxz8n1A5pbPTnQ+xsKLR/Mkgvq9vX8=; b=W1iJMAwdQaOrDdchIMgobBvD5ADT1Zg00vXo8Usi2e48m1vTtIjM7h2hvYFaz7BlfS /Z0bevouYl0xGIqXIBdppUhFTcb7QUHjZ4afKYMSPA19r1EdWUuTaZZEaQKJ3KK+gYGn wH/pHAxmpkLheMEqc8hiWvYpaaONs+bzxIFeTdgw52UXE+CszUsbTfKWh6JzugFAK8TY zUrDMocyc3HFUF/MvRf1u/TUIHnut0deqQUOpnalknjWnnpb314JEZWdK3aKkUQe+e2P IOXGZyx7yfEHaxidxXtHTED7xNUWf+HBUk0qNA5yOELHzGghyOsDBWoYvvZyDoOdRCER 1OMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5aBihaRQYwPecRxz8n1A5pbPTnQ+xsKLR/Mkgvq9vX8=; b=pnbw7yL+pNTc69ql9ZeaKlAwrCopfwsJrNVfJJHWnRXhtoGyS+izkAcX7BXnaPb1p+ vtGCMGTm3ADL2LSguZH7kCUORJviYELYdVUIVpSDFkBbTxWT0cOV/j5deSOk6fR3Tl79 eW29sRl/3091cb3KqXNA2ULaDYCJ/FOu2XKuhtv0mHxLu2JdBYN4YL2LIKhQ5eWvo8/Z RWRfEGyDq55E1TGektkY1/2dqGwJhM7jBpJwx9xGIfvNoGarD87YRXIS/XeIokH4W/J1 kYTQCG6q3JeyeWY0gEWFfIOsCtXr2lFXP3dcmQd5HEBXDgWb9TkyUK4yTbxMGxGbN/tO SFcQ== X-Gm-Message-State: AOAM531grd4vP6BppZQzu0tbxtJeCirVzVUwKdNsgehqG2gWkE7CJ/ak QOvfsuXpig7myV61V37Ifodm5Fe66rM= X-Google-Smtp-Source: ABdhPJzNDyNEZdgWFPxL0Be75suzoWNROVTW1tpMvu4CxVEBWGArVhzqoNO1TUGbbSe8+idNEzaZXA== X-Received: by 2002:a17:90a:bf16:b0:1bf:37e2:e71c with SMTP id c22-20020a17090abf1600b001bf37e2e71cmr20539384pjs.96.1646982208234; Thu, 10 Mar 2022 23:03:28 -0800 (PST) Received: from localhost ([47.251.4.198]) by smtp.gmail.com with ESMTPSA id hg1-20020a17090b300100b001bf70e72794sm11639121pjb.40.2022.03.10.23.03.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Mar 2022 23:03:27 -0800 (PST) From: Lai Jiangshan To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson Cc: Lai Jiangshan , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Subject: [PATCH V2 3/5] KVM: X86: Rename variable smap to not_smap in permission_fault() Date: Fri, 11 Mar 2022 15:03:43 +0800 Message-Id: <20220311070346.45023-4-jiangshanlai@gmail.com> X-Mailer: git-send-email 2.19.1.6.gb485710b In-Reply-To: <20220311070346.45023-1-jiangshanlai@gmail.com> References: <20220311070346.45023-1-jiangshanlai@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lai Jiangshan Comments above the variable says the bit is set when SMAP is overridden or the same meaning in update_permission_bitmask(): it is not subjected to SMAP restriction. Renaming it to reflect the negative implication and make the code better readability. Signed-off-by: Lai Jiangshan --- arch/x86/kvm/mmu.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 74efeaefa8f8..24d94f6d378d 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -234,9 +234,9 @@ static inline u8 permission_fault(struct kvm_vcpu *vcpu= , struct kvm_mmu *mmu, * but it will be one in index if SMAP checks are being overridden. * It is important to keep this branchless. */ - unsigned long smap =3D (cpl - 3) & (rflags & X86_EFLAGS_AC); + unsigned long not_smap =3D (cpl - 3) & (rflags & X86_EFLAGS_AC); int index =3D (pfec >> 1) + - (smap >> (X86_EFLAGS_AC_BIT - PFERR_RSVD_BIT + 1)); + (not_smap >> (X86_EFLAGS_AC_BIT - PFERR_RSVD_BIT + 1)); bool fault =3D (mmu->permissions[index] >> pte_access) & 1; u32 errcode =3D PFERR_PRESENT_MASK; =20 --=20 2.19.1.6.gb485710b From nobody Wed Jun 24 09:55:37 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 670A5C433EF for ; Fri, 11 Mar 2022 07:03:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229910AbiCKHEz (ORCPT ); Fri, 11 Mar 2022 02:04:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347017AbiCKHEk (ORCPT ); Fri, 11 Mar 2022 02:04:40 -0500 Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9AAD8CD99; Thu, 10 Mar 2022 23:03:35 -0800 (PST) Received: by mail-pj1-x102f.google.com with SMTP id b8so7390763pjb.4; Thu, 10 Mar 2022 23:03:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1SspowByuYtxnkXztepy/bbI50kGwBeecLIqB1iWiGQ=; b=WBQEJdUxZXhBNRNf9qSemWXKaqhsC2DiqY9cac7cZOvRGEaxLBD1taZBW6GfqMuu6q 00Ph991jsOaEma0cfegVYsLbaSPlXCvKz/qQ9CqJrm3Fmli0kY7DOQ1iro7/hINLGjI8 fsUZSEvgon70R9pMW+mnTJRjzQ/mdkrolSsU0mr3mvUQYxPXwuN7bWVLp4ltZiK8/XYY mciFN8wIVNAKZcMKOioSf7z33I5gAfUnudGnPNAj6Xm63C4wVb5n0bMDm3cB0Msf+k5u /xOHcCDxxQ1GNdZhj1HhWW1e5ihlhHbil4+URB4sNjajj6Wc4CtnwwKDwKBjk5zxOg/9 UERw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1SspowByuYtxnkXztepy/bbI50kGwBeecLIqB1iWiGQ=; b=6dSuzYSMXONXMpVynZwRpvzuH8Nd8zpw694f5TpVIUB6BQUaWJO9KNvhM52kMWyP3E gGDEDtZfqIrzuQCR9OzIOvKx25kUwN/Zgk8+Ztk/TQ1CtqRFIZfLlkfVazZJ7PBcS6UV x0tjhE85Fkuc1pHxh4UNCVX4yQw01i+/LcyEqaYzddJcMfaLyPLJ5nCSbjFEtjMLhqBz kgvPUpIE7tY/X3O9zUrZwEy5fTGnhldsuC4C5Ri6LtolC6AvIAeKS4xz1ZKEsY8UijKz GboewerTFvJjJSG477QXeDH6yQw5+n1eH20NkUfEFS3tZEd4f4LZdWB6/uNLxRK5e3kg WEbw== X-Gm-Message-State: AOAM532h/JD6G59BSGX4jjwPxaOsIkrO3QygS+QpmpRUVivRLY0fkpT+ jZ3VsGT+rJViObrMsTjIFnoqY5QaDhE= X-Google-Smtp-Source: ABdhPJyDQBwD2oHMqAG7OLbwJK3eatIkHjLg+PHJUgBni5RdQLHyiQQk9yuFSLOE4n4X6ABYXqpl4g== X-Received: by 2002:a17:902:eb84:b0:151:c730:c9a3 with SMTP id q4-20020a170902eb8400b00151c730c9a3mr9020651plg.144.1646982215222; Thu, 10 Mar 2022 23:03:35 -0800 (PST) Received: from localhost ([47.251.4.198]) by smtp.gmail.com with ESMTPSA id k21-20020a056a00169500b004f65bbfca3asm9515531pfc.57.2022.03.10.23.03.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Mar 2022 23:03:35 -0800 (PST) From: Lai Jiangshan To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson Cc: Lai Jiangshan , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Subject: [PATCH V2 4/5] KVM: X86: Handle implicit supervisor access with SMAP Date: Fri, 11 Mar 2022 15:03:44 +0800 Message-Id: <20220311070346.45023-5-jiangshanlai@gmail.com> X-Mailer: git-send-email 2.19.1.6.gb485710b In-Reply-To: <20220311070346.45023-1-jiangshanlai@gmail.com> References: <20220311070346.45023-1-jiangshanlai@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lai Jiangshan There are two kinds of implicit supervisor access implicit supervisor access when CPL =3D 3 implicit supervisor access when CPL < 3 Current permission_fault() handles only the first kind for SMAP. But if the access is implicit when SMAP is on, data may not be read nor write from any user-mode address regardless the current CPL. So the second kind should be also supported. The first kind can be detect via CPL and access mode: if it is supervisor access and CPL =3D 3, it must be implicit supervisor access. But it is not possible to detect the second kind without extra information, so this patch adds an artificial PFERR_EXPLICIT_ACCESS into @access. This extra information also works for the first kind, so the logic is changed to use this information for both cases. The value of PFERR_EXPLICIT_ACCESS is deliberately chosen to be bit 48 which is in the most significant 16 bits of u64 and less likely to be forced to change due to future hardware uses it. This patch removes the call to ->get_cpl() for access mode is determined by @access. Not only does it reduce a function call, but also remove confusions when the permission is checked for nested TDP. The nested TDP shouldn't have SMAP checking nor even the L2's CPL have any bearing on it. The original code works just because it is always user walk for NPT and SMAP fault is not set for EPT in update_permission_bitmask. Signed-off-by: Lai Jiangshan --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/mmu.h | 24 +++++++++++------------- arch/x86/kvm/mmu/mmu.c | 4 ++-- arch/x86/kvm/x86.c | 8 ++++++-- 4 files changed, 21 insertions(+), 17 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index edffcf7f9c2d..565d9eb42429 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -248,6 +248,7 @@ enum x86_intercept_stage; #define PFERR_SGX_BIT 15 #define PFERR_GUEST_FINAL_BIT 32 #define PFERR_GUEST_PAGE_BIT 33 +#define PFERR_IMPLICIT_ACCESS_BIT 48 =20 #define PFERR_PRESENT_MASK (1U << PFERR_PRESENT_BIT) #define PFERR_WRITE_MASK (1U << PFERR_WRITE_BIT) @@ -258,6 +259,7 @@ enum x86_intercept_stage; #define PFERR_SGX_MASK (1U << PFERR_SGX_BIT) #define PFERR_GUEST_FINAL_MASK (1ULL << PFERR_GUEST_FINAL_BIT) #define PFERR_GUEST_PAGE_MASK (1ULL << PFERR_GUEST_PAGE_BIT) +#define PFERR_IMPLICIT_ACCESS (1ULL << PFERR_IMPLICIT_ACCESS_BIT) =20 #define PFERR_NESTED_GUEST_PAGE (PFERR_GUEST_PAGE_MASK | \ PFERR_WRITE_MASK | \ diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 24d94f6d378d..4cb7a39ecd51 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -218,25 +218,23 @@ static inline u8 permission_fault(struct kvm_vcpu *vc= pu, struct kvm_mmu *mmu, { /* strip nested paging fault error codes */ unsigned int pfec =3D access; - int cpl =3D static_call(kvm_x86_get_cpl)(vcpu); unsigned long rflags =3D static_call(kvm_x86_get_rflags)(vcpu); =20 /* - * If CPL < 3, SMAP prevention are disabled if EFLAGS.AC =3D 1. + * For explicit supervisor accesses, SMAP is disabled if EFLAGS.AC =3D 1. + * For implicit supervisor accesses, SMAP cannot be overridden. * - * If CPL =3D 3, SMAP applies to all supervisor-mode data accesses - * (these are implicit supervisor accesses) regardless of the value - * of EFLAGS.AC. + * SMAP works on supervisor accesses only, and not_smap can + * be set or not set when user access with neither has any bearing + * on the result. * - * This computes (cpl < 3) && (rflags & X86_EFLAGS_AC), leaving - * the result in X86_EFLAGS_AC. We then insert it in place of - * the PFERR_RSVD_MASK bit; this bit will always be zero in pfec, - * but it will be one in index if SMAP checks are being overridden. - * It is important to keep this branchless. + * We put the SMAP checking bit in place of the PFERR_RSVD_MASK bit; + * this bit will always be zero in pfec, but it will be one in index + * if SMAP checks are being disabled. */ - unsigned long not_smap =3D (cpl - 3) & (rflags & X86_EFLAGS_AC); - int index =3D (pfec >> 1) + - (not_smap >> (X86_EFLAGS_AC_BIT - PFERR_RSVD_BIT + 1)); + bool explicit_access =3D !(access & PFERR_IMPLICIT_ACCESS); + bool not_smap =3D (rflags & X86_EFLAGS_AC) && explicit_access; + int index =3D (pfec + (!!not_smap << PFERR_RSVD_BIT)) >> 1; bool fault =3D (mmu->permissions[index] >> pte_access) & 1; u32 errcode =3D PFERR_PRESENT_MASK; =20 diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 781f90480d00..9b593e67717a 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4580,8 +4580,8 @@ static void update_permission_bitmask(struct kvm_mmu = *mmu, bool ept) * - X86_CR4_SMAP is set in CR4 * - A user page is accessed * - The access is not a fetch - * - Page fault in kernel mode - * - if CPL =3D 3 or X86_EFLAGS_AC is clear + * - The access is supervisor mode + * - If implicit supervisor access or X86_EFLAGS_AC is clear * * Here, we cover the first four conditions. * The fifth is computed dynamically in permission_fault(); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c85e48dc8310..df8b05740080 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6844,7 +6844,9 @@ static int emulator_read_std(struct x86_emulate_ctxt = *ctxt, struct kvm_vcpu *vcpu =3D emul_to_vcpu(ctxt); u64 access =3D 0; =20 - if (!system && static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) + if (system) + access |=3D PFERR_IMPLICIT_ACCESS; + else if (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) access |=3D PFERR_USER_MASK; =20 return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access, excepti= on); @@ -6896,7 +6898,9 @@ static int emulator_write_std(struct x86_emulate_ctxt= *ctxt, gva_t addr, void *v struct kvm_vcpu *vcpu =3D emul_to_vcpu(ctxt); u64 access =3D PFERR_WRITE_MASK; =20 - if (!system && static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) + if (system) + access |=3D PFERR_IMPLICIT_ACCESS; + else if (static_call(kvm_x86_get_cpl)(vcpu) =3D=3D 3) access |=3D PFERR_USER_MASK; =20 return kvm_write_guest_virt_helper(addr, val, bytes, vcpu, --=20 2.19.1.6.gb485710b From nobody Wed Jun 24 09:55:37 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43ACBC433EF for ; Fri, 11 Mar 2022 07:03:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239800AbiCKHE7 (ORCPT ); Fri, 11 Mar 2022 02:04:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347050AbiCKHEv (ORCPT ); Fri, 11 Mar 2022 02:04:51 -0500 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92EA2A9A76; Thu, 10 Mar 2022 23:03:42 -0800 (PST) Received: by mail-pl1-x62c.google.com with SMTP id p17so6969217plo.9; Thu, 10 Mar 2022 23:03:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Iy67NItp+GEC8UykPY0qxJon7huk/5WIMi5uX5I8nDo=; b=ZV415Q4ZLugJt8Rh2xnuSE2f5W9YfzjcqfA6GrNxgYDEUpUWH5wW83QKXhCrMuRZSe mRWqtAVJSi0VWPrbayJRpc9wdmUGM7fpsVOBOvGh7V/mSaqxXW6FMd4JHDph6FpttxsX T59H/2KCjTCPDREnagOXn25I04nOAioi3jdB4L654BW0+oJn4IF/ygtby5A/AWdp70YR Lcj3gL4EL/7duzq6N56Sm+HET0hN4rVynv/C0GrCdKe+DeMfoJ1qRzaedM7iDroidu1P IsTHaKudg5FheURQvTaP2bjJseREkikbr4dBW+wI6pKkIESFABpj07k9VgAOkkHpacZv oHuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Iy67NItp+GEC8UykPY0qxJon7huk/5WIMi5uX5I8nDo=; b=MJEhOsidRlbGNOgjODcrFPJONHQZN71SH2wNHuLb7a23u8KvhNKkZmS5+ksaXpEHHn xZab3KmZr/AqWN2cWWurW0ry5HPOQG/wTC3ZUYWXW4B7j8RtI2sCiOJM+htoh9ewKKT8 eY8KsSJWATA87W8kMTYtfM+GEG4wHwD9NcFrdHlewtqYPA9jENnwtbmSQrDRi+qQvm16 ioB3pLvkUhARIOwgMAAeHOc2BjgL7cV1+rr3YVN2vPUUsIKmkvWiIpiodrpN9dcKP/9R 8Mw/7cNu9gkhd009cj1FYdJKabHFrvnh8qK/sWGbp7vz0jJM8qAK+95DPPcK/9jhI/n/ BV9A== X-Gm-Message-State: AOAM531uJLklRrSIvHznoM9kFZrlcK/a0Mrh6bhCa0RprDOksyaDeAFD PQt0onaqaDs0T6tH+y2Wzmog2bWT944= X-Google-Smtp-Source: ABdhPJzV4EKUrFLGMRxwYzqpwYtgez54ARNd2Fmvdf8wIwxD5QmH3Jyc5W3AiFofwiN7hnc94ZPEXw== X-Received: by 2002:a17:90a:6c01:b0:1bf:1e67:b532 with SMTP id x1-20020a17090a6c0100b001bf1e67b532mr20339718pjj.138.1646982221886; Thu, 10 Mar 2022 23:03:41 -0800 (PST) Received: from localhost ([47.251.4.198]) by smtp.gmail.com with ESMTPSA id u10-20020a056a00124a00b004f783abfa0esm3147517pfi.28.2022.03.10.23.03.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Mar 2022 23:03:41 -0800 (PST) From: Lai Jiangshan To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson Cc: Lai Jiangshan , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Subject: [PATCH V2 5/5] KVM: X86: Only get rflags when needed in permission_fault() Date: Fri, 11 Mar 2022 15:03:45 +0800 Message-Id: <20220311070346.45023-6-jiangshanlai@gmail.com> X-Mailer: git-send-email 2.19.1.6.gb485710b In-Reply-To: <20220311070346.45023-1-jiangshanlai@gmail.com> References: <20220311070346.45023-1-jiangshanlai@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lai Jiangshan The SMAP checking and rflags are only needed in permission_fault() when it is supervisor access and SMAP is enabled. These information is already encoded in the combination of mmu->permissions[] and the index. So we can use the encoded information to see if we need the SMAP checking instead of getting the rflags unconditionally. Signed-off-by: Lai Jiangshan --- arch/x86/kvm/mmu.h | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 4cb7a39ecd51..ceac1e9e21e9 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -218,13 +218,12 @@ static inline u8 permission_fault(struct kvm_vcpu *vc= pu, struct kvm_mmu *mmu, { /* strip nested paging fault error codes */ unsigned int pfec =3D access; - unsigned long rflags =3D static_call(kvm_x86_get_rflags)(vcpu); =20 /* * For explicit supervisor accesses, SMAP is disabled if EFLAGS.AC =3D 1. * For implicit supervisor accesses, SMAP cannot be overridden. * - * SMAP works on supervisor accesses only, and not_smap can + * SMAP works on supervisor accesses only, and the SMAP checking bit can * be set or not set when user access with neither has any bearing * on the result. * @@ -233,11 +232,30 @@ static inline u8 permission_fault(struct kvm_vcpu *vc= pu, struct kvm_mmu *mmu, * if SMAP checks are being disabled. */ bool explicit_access =3D !(access & PFERR_IMPLICIT_ACCESS); - bool not_smap =3D (rflags & X86_EFLAGS_AC) && explicit_access; - int index =3D (pfec + (!!not_smap << PFERR_RSVD_BIT)) >> 1; - bool fault =3D (mmu->permissions[index] >> pte_access) & 1; + bool fault =3D (mmu->permissions[pfec >> 1] >> pte_access) & 1; + int index =3D (pfec + PFERR_RSVD_MASK) >> 1; + bool fault_not_smap =3D (mmu->permissions[index] >> pte_access) & 1; u32 errcode =3D PFERR_PRESENT_MASK; =20 + /* + * The value of fault has included SMAP checking if it is supervisor + * access and SMAP is enabled and encoded in mmu->permissions. + * + * fault fault_not_smap + * 0 0 not fault due to UWX nor SMAP + * 0 1 impossible combination + * 1 1 fault due to UWX + * 1 0 fault due to SMAP, need to check if + * SMAP is prevented + * + * SMAP is prevented only when X86_EFLAGS_AC is set on explicit + * supervisor access. + */ + if (unlikely(fault && !fault_not_smap && explicit_access)) { + unsigned long rflags =3D static_call(kvm_x86_get_rflags)(vcpu); + fault =3D !(rflags & X86_EFLAGS_AC); + } + WARN_ON(pfec & (PFERR_PK_MASK | PFERR_RSVD_MASK)); if (unlikely(mmu->pkru_mask)) { u32 pkru_bits, offset; --=20 2.19.1.6.gb485710b From nobody Wed Jun 24 09:55:37 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C12FAC433F5 for ; Fri, 11 Mar 2022 07:04:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347143AbiCKHFS (ORCPT ); Fri, 11 Mar 2022 02:05:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51070 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347082AbiCKHEx (ORCPT ); Fri, 11 Mar 2022 02:04:53 -0500 Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B824B9F6E7; Thu, 10 Mar 2022 23:03:49 -0800 (PST) Received: by mail-pj1-x102d.google.com with SMTP id cx5so7412812pjb.1; Thu, 10 Mar 2022 23:03:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PHRKmoOpdVOx/pR8qbguqjvyNTEJ3bXLgyEzmCfW7IA=; b=Pd3JO5VGOU2LL2nfJBODpe5Kb7ywmPlHuJyMwgjRY7zfioOnLHaaLCPYMAscrN721N 2YTNfENdSdRF4Bbeh9N8C4BkdLQWT41VZySTLF/8ZdJA3DpyxU2znAxioIkWwaqHocG7 SQQI1+R1KEOwY9O2DpOX7omMZ6jHaGdIdGM+bNEKrbfcRuankTzp9CAlsAaniznJaZ6P Wtpop2DMtSaRQ3xtaTmZvWrKQ2HQh6Da17nIOjG440XbOKyKf8eM9uQzfQYBv4s4wzgn QQ6WwESy9R4jO76fBQmFc/Y/UWNvQxekuja8WHT0qHWhYJ6Azw8m969xDe0v3wcIBpVd 78lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PHRKmoOpdVOx/pR8qbguqjvyNTEJ3bXLgyEzmCfW7IA=; b=hwt7EA7S23GGHaTgzpYLBpEG5EcUj1/9B2gm4WanCQbTfvKVvIIIxonbQlApUO6TAB L9ddruW6n2sujWnXXxNvfWwXJ1JW3aT1SH2kSfEvm9bNRosShIIdaX0EthkboZu2shzS Vg5TwYclvgud+EHU7p8x6IcaatJS74g9klBbJXlrDgzsDL39rzoDBD7ESFPpbYdn1hNH IV6U/YsYcwe8TGT852ufRG9L2oy3ljx9MFw4AFM4VPIAb4db3Rf0OcDDqyoAg1+DcoXH UeNvSsmjMtnpYkNNdbjwPDiB603v2HjK/Ln8BoJGG2s2KhK4GESDSfb92b2ikLdb+QtV 1sCg== X-Gm-Message-State: AOAM530Ls+t+FKdl+QAnyZUIhP2yUbXgCCbRbwy9shbSwtRjiamkfNGr yw0psSWRoQdVtij0fTUGxPANrFqtexY= X-Google-Smtp-Source: ABdhPJyu0YmUGsKJEy4FIXKekCurj/9SpISDUGXFi1BJpgO2rJUHXpvF77AnKkOEC1rhChsQZP7aeA== X-Received: by 2002:a17:902:e547:b0:151:c5d5:a2c4 with SMTP id n7-20020a170902e54700b00151c5d5a2c4mr8948614plf.78.1646982228999; Thu, 10 Mar 2022 23:03:48 -0800 (PST) Received: from localhost ([47.251.4.198]) by smtp.gmail.com with ESMTPSA id j13-20020a056a00130d00b004f1025a4361sm10019818pfu.202.2022.03.10.23.03.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Mar 2022 23:03:48 -0800 (PST) From: Lai Jiangshan To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson Cc: Lai Jiangshan , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Subject: [RFC PATCH V2 6/5] KVM: X86: Propagate the nested page fault info to the guest Date: Fri, 11 Mar 2022 15:03:46 +0800 Message-Id: <20220311070346.45023-7-jiangshanlai@gmail.com> X-Mailer: git-send-email 2.19.1.6.gb485710b In-Reply-To: <20220311070346.45023-1-jiangshanlai@gmail.com> References: <20220311070346.45023-1-jiangshanlai@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lai Jiangshan Feed the nested page fault info into ->gva_to_gpa() in walk_addr_generic(), so that the nested walk_addr_generic() can propagate the nested page fault info into x86_exception. Propagate the nested page fault info into EXIT_INFO_1 for SVM. Morph the nested page fault info and other page fault error code into EXIT_QUOLIFICATION for VMX. It is a patch that makes use of the patch1. It is untested, just served as a request for somebody to fix a known problem, and will not be included in next version of this patchset if the patchset needs to be updated. Signed-off-by: Lai Jiangshan --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/kvm_emulate.h | 3 ++- arch/x86/kvm/mmu/paging_tmpl.h | 8 ++++++-- arch/x86/kvm/svm/nested.c | 10 ++-------- arch/x86/kvm/vmx/nested.c | 11 +++++++++++ 5 files changed, 23 insertions(+), 11 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index 565d9eb42429..68efa9d1ef0e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -265,6 +265,8 @@ enum x86_intercept_stage; PFERR_WRITE_MASK | \ PFERR_PRESENT_MASK) =20 +#define PFERR_GUEST_MASK (PFERR_GUEST_FINAL_MASK | PFERR_GUEST_PAGE_MASK) + /* apic attention bits */ #define KVM_APIC_CHECK_VAPIC 0 /* diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 39eded2426ff..cdc2977ce086 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -24,8 +24,9 @@ struct x86_exception { bool error_code_valid; u16 error_code; bool nested_page_fault; - u64 address; /* cr2 or nested page fault gpa */ u8 async_page_fault; + u64 nested_pfec; /* nested page fault error code */ + u64 address; /* cr2 or nested page fault gpa */ }; =20 /* diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index 8621188b46df..95367f5ca998 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -383,7 +383,8 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, * by the MOV to CR instruction are treated as reads and do not cause the * processor to set the dirty flag in any EPT paging-structure entry. */ - nested_access =3D (have_ad ? PFERR_WRITE_MASK : 0) | PFERR_USER_MASK; + nested_access =3D (have_ad ? PFERR_WRITE_MASK : 0) | PFERR_USER_MASK | + PFERR_GUEST_PAGE_MASK; =20 pte_access =3D ~0; ++walker->level; @@ -466,7 +467,8 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, if (PTTYPE =3D=3D 32 && walker->level > PG_LEVEL_4K && is_cpuid_PSE36()) gfn +=3D pse36_gfn_delta(pte); =20 - real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(gfn), access, &walke= r->fault); + real_gpa =3D kvm_translate_gpa(vcpu, mmu, gfn_to_gpa(gfn), + access | PFERR_GUEST_FINAL_MASK, &walker->fault); if (real_gpa =3D=3D UNMAPPED_GVA) return 0; =20 @@ -534,6 +536,8 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, walker->fault.address =3D addr; walker->fault.nested_page_fault =3D mmu !=3D vcpu->arch.walk_mmu; walker->fault.async_page_fault =3D false; + if (walker->fault.nested_page_fault) + walker->fault.nested_pfec =3D errcode | (access & PFERR_GUEST_MASK); =20 trace_kvm_mmu_walker_error(walker->fault.error_code); return 0; diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 96bab464967f..0abcbd3de892 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -38,18 +38,12 @@ static void nested_svm_inject_npf_exit(struct kvm_vcpu = *vcpu, struct vcpu_svm *svm =3D to_svm(vcpu); =20 if (svm->vmcb->control.exit_code !=3D SVM_EXIT_NPF) { - /* - * TODO: track the cause of the nested page fault, and - * correctly fill in the high bits of exit_info_1. - */ svm->vmcb->control.exit_code =3D SVM_EXIT_NPF; svm->vmcb->control.exit_code_hi =3D 0; - svm->vmcb->control.exit_info_1 =3D (1ULL << 32); - svm->vmcb->control.exit_info_2 =3D fault->address; } =20 - svm->vmcb->control.exit_info_1 &=3D ~0xffffffffULL; - svm->vmcb->control.exit_info_1 |=3D fault->error_code; + svm->vmcb->control.exit_info_1 =3D fault->nested_pfec; + svm->vmcb->control.exit_info_2 =3D fault->address; =20 nested_svm_vmexit(svm); } diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 1dfe23963a9e..fd5dd5acf63b 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -372,6 +372,17 @@ static void nested_ept_inject_page_fault(struct kvm_vc= pu *vcpu, u32 vm_exit_reason; unsigned long exit_qualification =3D vcpu->arch.exit_qualification; =20 + exit_qualification &=3D ~(EPT_VIOLATION_ACC_READ | EPT_VIOLATION_ACC_WRIT= E | + EPT_VIOLATION_ACC_INSTR | EPT_VIOLATION_GVA_TRANSLATED); + exit_qualification |=3D fault->nested_pfec & PFERR_USER_MASK ? + EPT_VIOLATION_ACC_READ : 0; + exit_qualification |=3D fault->nested_pfec & PFERR_WRITE_MASK ? + EPT_VIOLATION_ACC_WRITE : 0; + exit_qualification |=3D fault->nested_pfec & PFERR_FETCH_MASK ? + EPT_VIOLATION_ACC_INSTR : 0; + exit_qualification |=3D fault->nested_pfec & PFERR_GUEST_FINAL_MASK ? + EPT_VIOLATION_GVA_TRANSLATED : 0; + if (vmx->nested.pml_full) { vm_exit_reason =3D EXIT_REASON_PML_FULL; vmx->nested.pml_full =3D false; --=20 2.19.1.6.gb485710b