| Message ID | 20211103140527.752797-4-eesposit@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: nSVM: avoid TOC/TOU race when checking vmcb12 | expand |
On Wed, 2021-11-03 at 10:05 -0400, Emanuele Giuseppe Esposito wrote: > Following the same naming convention of the previous patch, > rename nested_load_control_from_vmcb12. > In addition, inline copy_vmcb_control_area as it is only called > by this function. > > _nested_copy_vmcb_control_to_cache() works with vmcb_control_area > parameters and it will be useful in next patches, when we use > local variables instead of svm cached state. Tiny nitpick: usually when we have a patch which intends to just move/rename things around, and should generate exact same machine code other that some inlining/optimizations/etc, we usually mark this with 'No functional change intended', so that it is easier to spot a mistake which only slighlty changes something. The patch itself looks good. Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> > > Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> > --- > arch/x86/kvm/svm/nested.c | 80 +++++++++++++++++++-------------------- > arch/x86/kvm/svm/svm.c | 2 +- > arch/x86/kvm/svm/svm.h | 4 +- > 3 files changed, 43 insertions(+), 43 deletions(-) > > diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c > index ea64fea371c8..162b338a6c74 100644 > --- a/arch/x86/kvm/svm/nested.c > +++ b/arch/x86/kvm/svm/nested.c > @@ -163,37 +163,6 @@ void recalc_intercepts(struct vcpu_svm *svm) > vmcb_set_intercept(c, INTERCEPT_VMSAVE); > } > > -static void copy_vmcb_control_area(struct vmcb_control_area *dst, > - struct vmcb_control_area *from) > -{ > - unsigned int i; > - > - for (i = 0; i < MAX_INTERCEPT; i++) > - dst->intercepts[i] = from->intercepts[i]; > - > - dst->iopm_base_pa = from->iopm_base_pa; > - dst->msrpm_base_pa = from->msrpm_base_pa; > - dst->tsc_offset = from->tsc_offset; > - /* asid not copied, it is handled manually for svm->vmcb. */ > - dst->tlb_ctl = from->tlb_ctl; > - dst->int_ctl = from->int_ctl; > - dst->int_vector = from->int_vector; > - dst->int_state = from->int_state; > - dst->exit_code = from->exit_code; > - dst->exit_code_hi = from->exit_code_hi; > - dst->exit_info_1 = from->exit_info_1; > - dst->exit_info_2 = from->exit_info_2; > - dst->exit_int_info = from->exit_int_info; > - dst->exit_int_info_err = from->exit_int_info_err; > - dst->nested_ctl = from->nested_ctl; > - dst->event_inj = from->event_inj; > - dst->event_inj_err = from->event_inj_err; > - dst->nested_cr3 = from->nested_cr3; > - dst->virt_ext = from->virt_ext; > - dst->pause_filter_count = from->pause_filter_count; > - dst->pause_filter_thresh = from->pause_filter_thresh; > -} > - > static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm) > { > /* > @@ -317,15 +286,46 @@ static bool nested_vmcb_valid_sregs(struct kvm_vcpu *vcpu, > return true; > } > > -void nested_load_control_from_vmcb12(struct vcpu_svm *svm, > - struct vmcb_control_area *control) > +static > +void _nested_copy_vmcb_control_to_cache(struct vmcb_control_area *to, > + struct vmcb_control_area *from) > { > - copy_vmcb_control_area(&svm->nested.ctl, control); > + unsigned int i; > + > + for (i = 0; i < MAX_INTERCEPT; i++) > + to->intercepts[i] = from->intercepts[i]; > + > + to->iopm_base_pa = from->iopm_base_pa; > + to->msrpm_base_pa = from->msrpm_base_pa; > + to->tsc_offset = from->tsc_offset; > + to->tlb_ctl = from->tlb_ctl; > + to->int_ctl = from->int_ctl; > + to->int_vector = from->int_vector; > + to->int_state = from->int_state; > + to->exit_code = from->exit_code; > + to->exit_code_hi = from->exit_code_hi; > + to->exit_info_1 = from->exit_info_1; > + to->exit_info_2 = from->exit_info_2; > + to->exit_int_info = from->exit_int_info; > + to->exit_int_info_err = from->exit_int_info_err; > + to->nested_ctl = from->nested_ctl; > + to->event_inj = from->event_inj; > + to->event_inj_err = from->event_inj_err; > + to->nested_cr3 = from->nested_cr3; > + to->virt_ext = from->virt_ext; > + to->pause_filter_count = from->pause_filter_count; > + to->pause_filter_thresh = from->pause_filter_thresh; > + > + /* Copy asid here because nested_vmcb_check_controls will check it. */ > + to->asid = from->asid; > + to->msrpm_base_pa &= ~0x0fffULL; > + to->iopm_base_pa &= ~0x0fffULL; > +} > > - /* Copy it here because nested_svm_check_controls will check it. */ > - svm->nested.ctl.asid = control->asid; > - svm->nested.ctl.msrpm_base_pa &= ~0x0fffULL; > - svm->nested.ctl.iopm_base_pa &= ~0x0fffULL; > +void nested_copy_vmcb_control_to_cache(struct vcpu_svm *svm, > + struct vmcb_control_area *control) > +{ > + _nested_copy_vmcb_control_to_cache(&svm->nested.ctl, control); > } > > static void _nested_copy_vmcb_save_to_cache(struct vmcb_save_area_cached *to, > @@ -691,7 +691,7 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu) > if (WARN_ON_ONCE(!svm->nested.initialized)) > return -EINVAL; > > - nested_load_control_from_vmcb12(svm, &vmcb12->control); > + nested_copy_vmcb_control_to_cache(svm, &vmcb12->control); > nested_copy_vmcb_save_to_cache(svm, &vmcb12->save); > > if (!nested_vmcb_valid_sregs(vcpu, &vmcb12->save) || > @@ -1438,7 +1438,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu, > svm->nested.vmcb12_gpa = kvm_state->hdr.svm.vmcb_pa; > > svm_copy_vmrun_state(&svm->vmcb01.ptr->save, save); > - nested_load_control_from_vmcb12(svm, ctl); > + nested_copy_vmcb_control_to_cache(svm, ctl); > > svm_switch_vmcb(svm, &svm->nested.vmcb02); > nested_vmcb02_prepare_control(svm); > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index 6e5c2671e823..74d6db9017ea 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -4437,7 +4437,7 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate) > */ > > vmcb12 = map.hva; > - nested_load_control_from_vmcb12(svm, &vmcb12->control); > + nested_copy_vmcb_control_to_cache(svm, &vmcb12->control); > nested_copy_vmcb_save_to_cache(svm, &vmcb12->save); > ret = enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, false); > > diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h > index 0897551d8868..a0609fe2e68c 100644 > --- a/arch/x86/kvm/svm/svm.h > +++ b/arch/x86/kvm/svm/svm.h > @@ -502,8 +502,8 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, > int nested_svm_exit_special(struct vcpu_svm *svm); > void nested_svm_update_tsc_ratio_msr(struct kvm_vcpu *vcpu); > void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier); > -void nested_load_control_from_vmcb12(struct vcpu_svm *svm, > - struct vmcb_control_area *control); > +void nested_copy_vmcb_control_to_cache(struct vcpu_svm *svm, > + struct vmcb_control_area *control); > void nested_copy_vmcb_save_to_cache(struct vcpu_svm *svm, > struct vmcb_save_area *save); > void nested_sync_control_from_vmcb02(struct vcpu_svm *svm);
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index ea64fea371c8..162b338a6c74 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -163,37 +163,6 @@ void recalc_intercepts(struct vcpu_svm *svm) vmcb_set_intercept(c, INTERCEPT_VMSAVE); } -static void copy_vmcb_control_area(struct vmcb_control_area *dst, - struct vmcb_control_area *from) -{ - unsigned int i; - - for (i = 0; i < MAX_INTERCEPT; i++) - dst->intercepts[i] = from->intercepts[i]; - - dst->iopm_base_pa = from->iopm_base_pa; - dst->msrpm_base_pa = from->msrpm_base_pa; - dst->tsc_offset = from->tsc_offset; - /* asid not copied, it is handled manually for svm->vmcb. */ - dst->tlb_ctl = from->tlb_ctl; - dst->int_ctl = from->int_ctl; - dst->int_vector = from->int_vector; - dst->int_state = from->int_state; - dst->exit_code = from->exit_code; - dst->exit_code_hi = from->exit_code_hi; - dst->exit_info_1 = from->exit_info_1; - dst->exit_info_2 = from->exit_info_2; - dst->exit_int_info = from->exit_int_info; - dst->exit_int_info_err = from->exit_int_info_err; - dst->nested_ctl = from->nested_ctl; - dst->event_inj = from->event_inj; - dst->event_inj_err = from->event_inj_err; - dst->nested_cr3 = from->nested_cr3; - dst->virt_ext = from->virt_ext; - dst->pause_filter_count = from->pause_filter_count; - dst->pause_filter_thresh = from->pause_filter_thresh; -} - static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm) { /* @@ -317,15 +286,46 @@ static bool nested_vmcb_valid_sregs(struct kvm_vcpu *vcpu, return true; } -void nested_load_control_from_vmcb12(struct vcpu_svm *svm, - struct vmcb_control_area *control) +static +void _nested_copy_vmcb_control_to_cache(struct vmcb_control_area *to, + struct vmcb_control_area *from) { - copy_vmcb_control_area(&svm->nested.ctl, control); + unsigned int i; + + for (i = 0; i < MAX_INTERCEPT; i++) + to->intercepts[i] = from->intercepts[i]; + + to->iopm_base_pa = from->iopm_base_pa; + to->msrpm_base_pa = from->msrpm_base_pa; + to->tsc_offset = from->tsc_offset; + to->tlb_ctl = from->tlb_ctl; + to->int_ctl = from->int_ctl; + to->int_vector = from->int_vector; + to->int_state = from->int_state; + to->exit_code = from->exit_code; + to->exit_code_hi = from->exit_code_hi; + to->exit_info_1 = from->exit_info_1; + to->exit_info_2 = from->exit_info_2; + to->exit_int_info = from->exit_int_info; + to->exit_int_info_err = from->exit_int_info_err; + to->nested_ctl = from->nested_ctl; + to->event_inj = from->event_inj; + to->event_inj_err = from->event_inj_err; + to->nested_cr3 = from->nested_cr3; + to->virt_ext = from->virt_ext; + to->pause_filter_count = from->pause_filter_count; + to->pause_filter_thresh = from->pause_filter_thresh; + + /* Copy asid here because nested_vmcb_check_controls will check it. */ + to->asid = from->asid; + to->msrpm_base_pa &= ~0x0fffULL; + to->iopm_base_pa &= ~0x0fffULL; +} - /* Copy it here because nested_svm_check_controls will check it. */ - svm->nested.ctl.asid = control->asid; - svm->nested.ctl.msrpm_base_pa &= ~0x0fffULL; - svm->nested.ctl.iopm_base_pa &= ~0x0fffULL; +void nested_copy_vmcb_control_to_cache(struct vcpu_svm *svm, + struct vmcb_control_area *control) +{ + _nested_copy_vmcb_control_to_cache(&svm->nested.ctl, control); } static void _nested_copy_vmcb_save_to_cache(struct vmcb_save_area_cached *to, @@ -691,7 +691,7 @@ int nested_svm_vmrun(struct kvm_vcpu *vcpu) if (WARN_ON_ONCE(!svm->nested.initialized)) return -EINVAL; - nested_load_control_from_vmcb12(svm, &vmcb12->control); + nested_copy_vmcb_control_to_cache(svm, &vmcb12->control); nested_copy_vmcb_save_to_cache(svm, &vmcb12->save); if (!nested_vmcb_valid_sregs(vcpu, &vmcb12->save) || @@ -1438,7 +1438,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu, svm->nested.vmcb12_gpa = kvm_state->hdr.svm.vmcb_pa; svm_copy_vmrun_state(&svm->vmcb01.ptr->save, save); - nested_load_control_from_vmcb12(svm, ctl); + nested_copy_vmcb_control_to_cache(svm, ctl); svm_switch_vmcb(svm, &svm->nested.vmcb02); nested_vmcb02_prepare_control(svm); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6e5c2671e823..74d6db9017ea 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4437,7 +4437,7 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, const char *smstate) */ vmcb12 = map.hva; - nested_load_control_from_vmcb12(svm, &vmcb12->control); + nested_copy_vmcb_control_to_cache(svm, &vmcb12->control); nested_copy_vmcb_save_to_cache(svm, &vmcb12->save); ret = enter_svm_guest_mode(vcpu, vmcb12_gpa, vmcb12, false); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0897551d8868..a0609fe2e68c 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -502,8 +502,8 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, int nested_svm_exit_special(struct vcpu_svm *svm); void nested_svm_update_tsc_ratio_msr(struct kvm_vcpu *vcpu); void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier); -void nested_load_control_from_vmcb12(struct vcpu_svm *svm, - struct vmcb_control_area *control); +void nested_copy_vmcb_control_to_cache(struct vcpu_svm *svm, + struct vmcb_control_area *control); void nested_copy_vmcb_save_to_cache(struct vcpu_svm *svm, struct vmcb_save_area *save); void nested_sync_control_from_vmcb02(struct vcpu_svm *svm);
Following the same naming convention of the previous patch, rename nested_load_control_from_vmcb12. In addition, inline copy_vmcb_control_area as it is only called by this function. _nested_copy_vmcb_control_to_cache() works with vmcb_control_area parameters and it will be useful in next patches, when we use local variables instead of svm cached state. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> --- arch/x86/kvm/svm/nested.c | 80 +++++++++++++++++++-------------------- arch/x86/kvm/svm/svm.c | 2 +- arch/x86/kvm/svm/svm.h | 4 +- 3 files changed, 43 insertions(+), 43 deletions(-)