From patchwork Wed Jun 28 09:35:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sergey Dyasli X-Patchwork-Id: 9813829 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D15BF60383 for ; Wed, 28 Jun 2017 09:39:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C5370237A5 for ; Wed, 28 Jun 2017 09:39:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B998828323; Wed, 28 Jun 2017 09:39:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1BD202843C for ; Wed, 28 Jun 2017 09:38:59 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQ9OZ-0008LR-J2; Wed, 28 Jun 2017 09:36:23 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQ9OX-0008LL-LV for xen-devel@lists.xen.org; Wed, 28 Jun 2017 09:36:21 +0000 Received: from [193.109.254.147] by server-8.bemta-6.messagelabs.com id 97/F4-03704-49873595; Wed, 28 Jun 2017 09:36:20 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBLMWRWlGSWpSXmKPExsXitHRDpO6UiuB Ig4Wn5S2WfFzM4sDocXT3b6YAxijWzLyk/IoE1owP95awFJzlr+ieEdHAuIyni5GTQ0LAX2L2 q9/sIDabgJ7ExtmvmEBsEQFZidVdc4DiXBzMAj1MEj2b9zJ2MXJwCAuYS6xfLwdSwyKgKrH93 C02EJtXwFpi3tOlrBAz5SV2tV0Es4WAal6/2MUCUSMocXLmEzCbWUBC4uCLF8wTGLlnIUnNQp JawMi0ilGjOLWoLLVI19BQL6koMz2jJDcxM0fX0MBMLze1uDgxPTUnMalYLzk/dxMjMBQYgGA H46dlAYcYJTmYlER5934JihTiS8pPqcxILM6ILyrNSS0+xKjBwSFw5dzc6UxSLHn5ealKErzt 5cGRQoJFqempFWmZOcBghSmV4OBREuH9XAKU5i0uSMwtzkyHSJ1iVJQS5z0P0icAksgozYNrg 0XIJUZZKWFeRqCjhHgKUotyM0tQ5V8xinMwKgnzzikDmsKTmVcCN/0V0GImoMUs8wJAFpckIq SkGhjnbul8e+SKY7zOzI1uQUW59x1j/68JmiJVNWUrq3KTyHvT+TmXHT/+rkzOrjrx5meA+4M 3yiL1S762hKYrzbpa8SXkybRfKxdwdP2fuuegFQP75Ru39jMzNEfZr7q5PEGtcfb8aUqyB3Yw 3+aI2n3zJEuLaKDdvK373MyOv2HPLmVR/Xi5sOekEktxRqKhFnNRcSIART/RhosCAAA= X-Env-Sender: prvs=345c995e0=sergey.dyasli@citrix.com X-Msg-Ref: server-16.tower-27.messagelabs.com!1498642578!104219934!1 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.19; banners=-,-,- X-VirusChecked: Checked Received: (qmail 23681 invoked from network); 28 Jun 2017 09:36:20 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-16.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 28 Jun 2017 09:36:20 -0000 X-IronPort-AV: E=Sophos;i="5.40,274,1496102400"; d="scan'208";a="429628949" From: Sergey Dyasli To: Date: Wed, 28 Jun 2017 10:35:45 +0100 Message-ID: <20170628093545.944-1-sergey.dyasli@citrix.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Cc: Sergey Dyasli , Kevin Tian , Jun Nakajima , George Dunlap , Andrew Cooper , Tim Deegan , Jan Beulich Subject: [Xen-devel] [PATCH v1] vvmx: fix ept_sync() for nested p2m X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP If ept_sync_domain() is called for np2m, the following happens: 1. *np2m*::ept_data::invalidate cpumask is updated 2. IPIs are sent for CPUs in domain_dirty_cpumask forcing vmexits 3. vmx_vmenter_helper() checks *hostp2m*::ept_data::invalidate and does nothing Which is clearly a bug. Make ept_sync_domain() to update hostp2m's invalidate mask in nested p2m case and make vmx_vmenter_helper() to invalidate EPT translations for all EPTPs if nested virt is enabled. Signed-off-by: Sergey Dyasli Reviewed-by: Andrew Cooper Acked-by: Kevin Tian --- xen/arch/x86/hvm/vmx/vmx.c | 5 ++++- xen/arch/x86/mm/p2m-ept.c | 9 +++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c53b24955a..a8bb550720 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -4278,7 +4278,10 @@ void vmx_vmenter_helper(const struct cpu_user_regs *regs) if ( cpumask_test_cpu(cpu, ept->invalidate) ) { cpumask_clear_cpu(cpu, ept->invalidate); - __invept(INVEPT_SINGLE_CONTEXT, ept->eptp, 0); + if ( nestedhvm_enabled(curr->domain) ) + __invept(INVEPT_ALL_CONTEXT, 0, 0); + else + __invept(INVEPT_SINGLE_CONTEXT, ept->eptp, 0); } } diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c index ecab56fbec..8d9da9203c 100644 --- a/xen/arch/x86/mm/p2m-ept.c +++ b/xen/arch/x86/mm/p2m-ept.c @@ -1153,8 +1153,13 @@ static void ept_sync_domain_prepare(struct p2m_domain *p2m) struct domain *d = p2m->domain; struct ept_data *ept = &p2m->ept; - if ( nestedhvm_enabled(d) && !p2m_is_nestedp2m(p2m) ) - p2m_flush_nestedp2m(d); + if ( nestedhvm_enabled(d) ) + { + if ( p2m_is_nestedp2m(p2m) ) + ept = &p2m_get_hostp2m(d)->ept; + else + p2m_flush_nestedp2m(d); + } /* * Need to invalidate on all PCPUs because either: