From patchwork Tue Aug  1 21:00:39 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Matlack <dmatlack@google.com>
X-Patchwork-Id: 9875557
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	AF5AD60390 for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  1 Aug 2017 21:00:51 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A2EAF2873D
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  1 Aug 2017 21:00:51 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9729A2874B; Tue,  1 Aug 2017 21:00:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0A8AD2873D
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  1 Aug 2017 21:00:50 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752108AbdHAVAs (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Tue, 1 Aug 2017 17:00:48 -0400
Received: from mail-pg0-f49.google.com ([74.125.83.49]:38086 "EHLO
	mail-pg0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751938AbdHAVAq (ORCPT <rfc822; kvm@vger.kernel.org>);
	Tue, 1 Aug 2017 17:00:46 -0400
Received: by mail-pg0-f49.google.com with SMTP id l64so12486047pge.5
	for <kvm@vger.kernel.org>; Tue, 01 Aug 2017 14:00:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=KPFCvgLvEKDpTW++2KSARFUdKOqkYo0ItIg8Xrks8uw=;
	b=UTrK4nLysJ/xsVNQzzXEf6phZ+sdux2oyde1XzCQflkrNLLCLtlEBn20VOYaip6cYu
	55NofWP7CR91qMOp6EPjQcppyOv3rR2KiPVNiqMv2UYqIEwz3psOtv3fyIQAsYlLWiHp
	LStj+z3IjBIlh/x0p3HpwamvnWtQr80OmDjXzoUBEeZ0dh1snObWA7yljgjmhM6qmoRX
	L7syaHVOCvcDF7/V1Kvk+ewzatuA2oPjxNTM6LSxMxD2nTY6aRGN+8BquxR6+Qzfaoag
	t98SWr9T8N6tzlD0Qp2BbyImk0oN4U7/hfMz2lKUxEjIkdhL2R3SuZ08nhHTJUqtEgt8
	Bg6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=KPFCvgLvEKDpTW++2KSARFUdKOqkYo0ItIg8Xrks8uw=;
	b=LQP/oVXiGlIrSjWpxI/7Xree4ndGhblLS+HOJ5LHji54sKMm4aR8tMcUJUsPQIIlXa
	nD1vVPFT6nL+hPmNJl2xOBp226HLSqhxM/UKS4TJC0ZS0U5QIuPwhXeR1ly5rrUKJyxL
	npLKlot5j3bBkwHn9ylL86HyARJTFw6xIVG6SDlCSE/iaW2HrAz1BV5yNEsZM0Nw3aXP
	ATBc5DibCkD4MsmYW/VU6etGEFzR1C7WlZIx2ADL5PlOlVKb6ssXao5nLdSjFmQrmDgk
	E6ZxP+fWPlkr5Xf7TWmGRFYx/I9CZd+hdmjuGUHl4yDSBvOSaqmbtANOQ+zACrOHS8mi
	2e/Q==
X-Gm-Message-State: AIVw112dCiW2hoSQ0t15g+d1uD74OEppDE/KjTM97+guejD8blPVNEc8
	4NcqSF7u/foun8k6cvuhew==
X-Received: by 10.99.141.200 with SMTP id
	z191mr19889262pgd.419.1501621245755;
	Tue, 01 Aug 2017 14:00:45 -0700 (PDT)
Received: from dmatlack.sea.corp.google.com ([100.100.206.118])
	by smtp.gmail.com with ESMTPSA id
	p126sm50008691pfp.28.2017.08.01.14.00.44
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 01 Aug 2017 14:00:45 -0700 (PDT)
From: David Matlack <dmatlack@google.com>
To: kvm@vger.kernel.org
Cc: pbonzini@redhat.com, David Matlack <dmatlack@google.com>
Subject: [PATCH 1/2] kvm: nVMX: don't flush VMCS12 during VMXOFF or VCPU
	teardown
Date: Tue,  1 Aug 2017 14:00:39 -0700
Message-Id: <20170801210040.10295-1-dmatlack@google.com>
X-Mailer: git-send-email 2.14.0.rc1.383.gd1ce394fe2-goog
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

According to the Intel SDM, software cannot rely on the current VMCS to be
coherent after a VMXOFF or shutdown. So this is a valid way to handle VMCS12
flushes.

24.11.1 Software Use of Virtual-Machine Control Structures
...
  If a logical processor leaves VMX operation, any VMCSs active on
  that logical processor may be corrupted (see below). To prevent
  such corruption of a VMCS that may be used either after a return
  to VMX operation or on another logical processor, software should
  execute VMCLEAR for that VMCS before executing the VMXOFF instruction
  or removing power from the processor (e.g., as part of a transition
  to the S3 and S4 power states).
...

This fixes a "suspicious rcu_dereference_check() usage!" warning during
kvm_vm_release() because nested_release_vmcs12() calls
kvm_vcpu_write_guest_page() without holding kvm->srcu.

Signed-off-by: David Matlack <dmatlack@google.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
---
This patch applies on top of Paolo's "[PATCH] KVM: nVMX: do not pin the VMCS12".
(http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1455166.html)

 arch/x86/kvm/vmx.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 5c03340f7827..07d2198db225 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -419,7 +419,7 @@ struct nested_vmx {
 	/*
 	 * Cache of the guest's VMCS, existing outside of guest memory.
 	 * Loaded from guest memory during VMPTRLD. Flushed to guest
-	 * memory during VMXOFF, VMCLEAR, VMPTRLD.
+	 * memory during VMCLEAR and VMPTRLD.
 	 */
 	struct vmcs12 *cached_vmcs12;
 	/*
@@ -7131,6 +7131,12 @@ static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
 	return 1;
 }
 
+static void vmx_disable_shadow_vmcs(struct vcpu_vmx *vmx)
+{
+	vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, SECONDARY_EXEC_SHADOW_VMCS);
+	vmcs_write64(VMCS_LINK_POINTER, -1ull);
+}
+
 static inline void nested_release_vmcs12(struct vcpu_vmx *vmx)
 {
 	if (vmx->nested.current_vmptr == -1ull)
@@ -7141,9 +7147,7 @@ static inline void nested_release_vmcs12(struct vcpu_vmx *vmx)
 		   they were modified */
 		copy_shadow_to_vmcs12(vmx);
 		vmx->nested.sync_shadow_vmcs = false;
-		vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL,
-				SECONDARY_EXEC_SHADOW_VMCS);
-		vmcs_write64(VMCS_LINK_POINTER, -1ull);
+		vmx_disable_shadow_vmcs(vmx);
 	}
 	vmx->nested.posted_intr_nv = -1;
 
@@ -7166,12 +7170,14 @@ static void free_nested(struct vcpu_vmx *vmx)
 
 	vmx->nested.vmxon = false;
 	free_vpid(vmx->nested.vpid02);
-	nested_release_vmcs12(vmx);
+	vmx->nested.posted_intr_nv = -1;
+	vmx->nested.current_vmptr = -1ull;
 	if (vmx->nested.msr_bitmap) {
 		free_page((unsigned long)vmx->nested.msr_bitmap);
 		vmx->nested.msr_bitmap = NULL;
 	}
 	if (enable_shadow_vmcs) {
+		vmx_disable_shadow_vmcs(vmx);
 		vmcs_clear(vmx->vmcs01.shadow_vmcs);
 		free_vmcs(vmx->vmcs01.shadow_vmcs);
 		vmx->vmcs01.shadow_vmcs = NULL;