Skip to content

Commit b502e6e

Browse files
bonzinibonzini
committed
KVM: VMX: update PFEC_MASK/PFEC_MATCH together with PF intercept
The PFEC_MASK and PFEC_MATCH fields in the VMCS reverse the meaning of the #PF intercept bit in the exception bitmap when they do not match. This means that, if PFEC_MASK and/or PFEC_MATCH are set, the hypervisor can get a vmexit for #PF exceptions even when the corresponding bit is clear in the exception bitmap. This is unexpected and is promptly detected by a WARN_ON_ONCE. To fix it, reset PFEC_MASK and PFEC_MATCH when the #PF intercept is disabled (as is common with enable_ept && !allow_smaller_maxphyaddr). Reported-by: Qian Cai <cai@redhat.com>> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent 4bb05f3 commit b502e6e

File tree

1 file changed

+12
-10
lines changed

1 file changed

+12
-10
lines changed

arch/x86/kvm/vmx/vmx.c

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -794,6 +794,18 @@ void update_exception_bitmap(struct kvm_vcpu *vcpu)
794794
*/
795795
if (is_guest_mode(vcpu))
796796
eb |= get_vmcs12(vcpu)->exception_bitmap;
797+
else {
798+
/*
799+
* If EPT is enabled, #PF is only trapped if MAXPHYADDR is mismatched
800+
* between guest and host. In that case we only care about present
801+
* faults. For vmcs02, however, PFEC_MASK and PFEC_MATCH are set in
802+
* prepare_vmcs02_rare.
803+
*/
804+
bool selective_pf_trap = enable_ept && (eb & (1u << PF_VECTOR));
805+
int mask = selective_pf_trap ? PFERR_PRESENT_MASK : 0;
806+
vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, mask);
807+
vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, mask);
808+
}
797809

798810
vmcs_write32(EXCEPTION_BITMAP, eb);
799811
}
@@ -4355,16 +4367,6 @@ static void init_vmcs(struct vcpu_vmx *vmx)
43554367
vmx->pt_desc.guest.output_mask = 0x7F;
43564368
vmcs_write64(GUEST_IA32_RTIT_CTL, 0);
43574369
}
4358-
4359-
/*
4360-
* If EPT is enabled, #PF is only trapped if MAXPHYADDR is mismatched
4361-
* between guest and host. In that case we only care about present
4362-
* faults.
4363-
*/
4364-
if (enable_ept) {
4365-
vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, PFERR_PRESENT_MASK);
4366-
vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, PFERR_PRESENT_MASK);
4367-
}
43684370
}
43694371

43704372
static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)

0 commit comments

Comments
 (0)