Skip to content

Commit 8ca44e8

Browse files
dmatlackrkrcmar
dmatlack
authored and
rkrcmar
committed
kvm: nVMX: don't flush VMCS12 during VMXOFF or VCPU teardown
According to the Intel SDM, software cannot rely on the current VMCS to be coherent after a VMXOFF or shutdown. So this is a valid way to handle VMCS12 flushes. 24.11.1 Software Use of Virtual-Machine Control Structures ... If a logical processor leaves VMX operation, any VMCSs active on that logical processor may be corrupted (see below). To prevent such corruption of a VMCS that may be used either after a return to VMX operation or on another logical processor, software should execute VMCLEAR for that VMCS before executing the VMXOFF instruction or removing power from the processor (e.g., as part of a transition to the S3 and S4 power states). ... This fixes a "suspicious rcu_dereference_check() usage!" warning during kvm_vm_release() because nested_release_vmcs12() calls kvm_vcpu_write_guest_page() without holding kvm->srcu. Signed-off-by: David Matlack <[email protected]> Reviewed-by: Paolo Bonzini <[email protected]> Signed-off-by: Radim Krčmář <[email protected]>
1 parent 9f744c5 commit 8ca44e8

File tree

1 file changed

+11
-5
lines changed

1 file changed

+11
-5
lines changed

arch/x86/kvm/vmx.c

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -419,7 +419,7 @@ struct nested_vmx {
419419
/*
420420
* Cache of the guest's VMCS, existing outside of guest memory.
421421
* Loaded from guest memory during VMPTRLD. Flushed to guest
422-
* memory during VMXOFF, VMCLEAR, VMPTRLD.
422+
* memory during VMCLEAR and VMPTRLD.
423423
*/
424424
struct vmcs12 *cached_vmcs12;
425425
/*
@@ -7174,6 +7174,12 @@ static int nested_vmx_check_permission(struct kvm_vcpu *vcpu)
71747174
return 1;
71757175
}
71767176

7177+
static void vmx_disable_shadow_vmcs(struct vcpu_vmx *vmx)
7178+
{
7179+
vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, SECONDARY_EXEC_SHADOW_VMCS);
7180+
vmcs_write64(VMCS_LINK_POINTER, -1ull);
7181+
}
7182+
71777183
static inline void nested_release_vmcs12(struct vcpu_vmx *vmx)
71787184
{
71797185
if (vmx->nested.current_vmptr == -1ull)
@@ -7184,9 +7190,7 @@ static inline void nested_release_vmcs12(struct vcpu_vmx *vmx)
71847190
they were modified */
71857191
copy_shadow_to_vmcs12(vmx);
71867192
vmx->nested.sync_shadow_vmcs = false;
7187-
vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL,
7188-
SECONDARY_EXEC_SHADOW_VMCS);
7189-
vmcs_write64(VMCS_LINK_POINTER, -1ull);
7193+
vmx_disable_shadow_vmcs(vmx);
71907194
}
71917195
vmx->nested.posted_intr_nv = -1;
71927196

@@ -7209,12 +7213,14 @@ static void free_nested(struct vcpu_vmx *vmx)
72097213

72107214
vmx->nested.vmxon = false;
72117215
free_vpid(vmx->nested.vpid02);
7212-
nested_release_vmcs12(vmx);
7216+
vmx->nested.posted_intr_nv = -1;
7217+
vmx->nested.current_vmptr = -1ull;
72137218
if (vmx->nested.msr_bitmap) {
72147219
free_page((unsigned long)vmx->nested.msr_bitmap);
72157220
vmx->nested.msr_bitmap = NULL;
72167221
}
72177222
if (enable_shadow_vmcs) {
7223+
vmx_disable_shadow_vmcs(vmx);
72187224
vmcs_clear(vmx->vmcs01.shadow_vmcs);
72197225
free_vmcs(vmx->vmcs01.shadow_vmcs);
72207226
vmx->vmcs01.shadow_vmcs = NULL;

0 commit comments

Comments
 (0)