Re: [PATCH v7 0/3] Expose VMFUNC to the nested hypervisor
From: David Hildenbrand
Date: Fri Aug 04 2017 - 11:01:17 EST
On 03.08.2017 21:54, Bandan Das wrote:
> v7:
> 3/3:
> Fix check for AD
> Use kvm_vcpu_read_guest_page()
>
> v6:
> https://lkml.org/lkml/2017/8/1/1015
> 3/3:
> Fix check for memory type in address
> Change check function name as requested in the review
> Move setting of mmu->ept_ad to after calling mmu_unload
> and also reset base_role.ad_disabled appropriately
> Replace IS_ALIGN with page_address_valid()
>
> v5:
> https://lkml.org/lkml/2017/7/28/621
> 1/3 and 2/3 are unchanged but some changes in 3/3. I left
> the mmu_load failure path untouched because I am not sure what's
> the right thing to do here.
> 3/3:
> Move the eptp switching logic to a different function
> Add check for EPTP_ADDRESS in check_vmentry_prereq
> Add check for validity of ept pointer
> Check if AD bit is set and set ept_ad
> Add TODO item about mmu_unload failure
>
> v4:
> https://lkml.org/lkml/2017/7/10/705
> 2/3: Use WARN_ONCE to avoid logging dos
>
> v3:
> https://lkml.org/lkml/2017/7/10/684
> 3/3: Add missing nested_release_page_clean() and check the
> eptp as mentioned in SDM 24.6.14
>
> v2:
> https://lkml.org/lkml/2017/7/6/813
> 1/3: Patch to enable vmfunc on the host but cause a #UD if
> L1 tries to use it directly. (new)
> 2/3: Expose vmfunc to the nested hypervisor, but no vm functions
> are exposed and L0 emulates a vmfunc vmexit to L1.
> 3/3: Force a vmfunc vmexit when L2 tries to use vmfunc and emulate
> eptp switching. Unconditionally expose EPTP switching to the
> L1 hypervisor since L0 fakes eptp switching via a mmu reload.
>
> These patches expose eptp switching/vmfunc to the nested hypervisor.
> vmfunc is enabled in the secondary controls for the host and is
> exposed to the nested hypervisor. However, if the nested hypervisor
> decides to use eptp switching, L0 emulates it.
>
> v1:
> https://lkml.org/lkml/2017/6/29/958
>
> Bandan Das (3):
> KVM: vmx: Enable VMFUNCs
> KVM: nVMX: Enable VMFUNC for the L1 hypervisor
> KVM: nVMX: Emulate EPTP switching for the L1 hypervisor
>
> arch/x86/include/asm/vmx.h | 9 +++
> arch/x86/kvm/vmx.c | 185 ++++++++++++++++++++++++++++++++++++++++++++-
> 2 files changed, 192 insertions(+), 2 deletions(-)
>
Acked-by: David Hildenbrand <david@xxxxxxxxxx>
(not 100% confident for a r-b, not because of your patches but because
of the involved complexity (flushes, MMU ...))
--
Thanks,
David