When nested NPT is enabled and KVM_SET_NESTED_STATE is used to restore an old checkpoint (without a valid gPAT), the current IA32_PAT value must be used as L2's gPAT.
Unfortunately, checkpoint restore is non-atomic, and the order in which state components are restored is not specified. Hence, the current IA32_PAT value may be restored by KVM_SET_MSRS after KVM_SET_NESTED_STATE. To further complicate matters, there may be a KVM_GET_NESTED_STATE before the next KVM_RUN. Introduce a new boolean, svm->nested.legacy_gpat_semantics. When set, hPAT updates are also applied to gPAT, preserving the old behavior (i.e. L2 shares L1's PAT). Set this boolean when restoring legacy state (i.e. nested NPT is enabled, but no GPAT is provided) in KVM_SET_NESTED_STATE. Clear this boolean in svm_vcpu_pre_run(), to ensure that hPAT and gPAT are decoupled before the vCPU resumes execution. Signed-off-by: Jim Mattson <[email protected]> --- arch/x86/kvm/svm/nested.c | 11 ++++++++--- arch/x86/kvm/svm/svm.c | 2 ++ arch/x86/kvm/svm/svm.h | 11 +++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index f73f3e586012..d854d29b0bd8 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -2073,9 +2073,14 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu, if (ret) goto out_free; - if (nested_npt_enabled(svm) && - (kvm_state->hdr.svm.flags & KVM_STATE_SVM_VALID_GPAT)) - svm_set_gpat(svm, kvm_state->hdr.svm.gpat); + if (nested_npt_enabled(svm)) { + if (kvm_state->hdr.svm.flags & KVM_STATE_SVM_VALID_GPAT) { + svm_set_gpat(svm, kvm_state->hdr.svm.gpat); + } else { + svm_set_gpat(svm, vcpu->arch.pat); + svm->nested.legacy_gpat_semantics = true; + } + } svm_switch_vmcb(svm, &svm->nested.vmcb02); nested_vmcb02_prepare_control(svm, svm->vmcb->save.rip, svm->vmcb->save.cs.base); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 205bf07896ad..d951d25f1f91 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4245,6 +4245,8 @@ static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu) if (to_kvm_sev_info(vcpu->kvm)->need_init) return -EINVAL; + to_svm(vcpu)->nested.legacy_gpat_semantics = false; + return 1; } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 88549705133f..0bb9fdcb489d 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -238,6 +238,15 @@ struct svm_nested_state { * on its side. */ bool force_msr_bitmap_recalc; + + /* + * Indicates that a legacy nested state (without a valid gPAT) was + * recently restored. Until the next KVM_RUN, updates to hPAT are + * also applied to gPAT, preserving legacy behavior (i.e. L2 shares + * L1's PAT). Because checkpoint restore is non-atomic, this + * complication is necessary for backward compatibility. + */ + bool legacy_gpat_semantics; }; struct vcpu_sev_es_state { @@ -621,6 +630,8 @@ static inline void svm_set_hpat(struct vcpu_svm *svm, u64 data) if (is_guest_mode(&svm->vcpu) && !nested_npt_enabled(svm)) vmcb_set_gpat(svm->nested.vmcb02.ptr, data); } + if (svm->nested.legacy_gpat_semantics) + svm_set_gpat(svm, data); } static inline bool nested_vnmi_enabled(struct vcpu_svm *svm) -- 2.53.0.239.g8d8fc8a987-goog
