diff mbox series

[v12,06/10] KVM: x86: Add userspace access interface for CET MSRs

Message ID 20200506082110.25441-7-weijiang.yang@intel.com (mailing list archive)
State New, archived
Headers show
Series Introduce support for guest CET feature | expand

Commit Message

Yang, Weijiang May 6, 2020, 8:21 a.m. UTC 
There're two different places storing Guest CET states, states managed
with XSAVES/XRSTORS, as restored/saved in previous patch, can be read/write
directly from/to the MSRs. For those stored in VMCS fields, they're access
via vmcs_read/vmcs_write.

To correctly read/write the CET MSRs, it's necessary to check whether the
kernel FPU context switch happened and reload guest FPU context if needed.

Suggested-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
 arch/x86/include/uapi/asm/kvm_para.h |   7 +-
 arch/x86/kvm/vmx/vmx.c               | 148 +++++++++++++++++++++++++++
 arch/x86/kvm/x86.c                   |   4 +
 3 files changed, 156 insertions(+), 3 deletions(-)

Comments

kernel test robot May 7, 2020, 5:09 a.m. UTC | #1 
Hi Yang,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on vhost/linux-next]
[also build test ERROR on tip/auto-latest linus/master v5.7-rc4 next-20200505]
[cannot apply to kvm/linux-next linux/master]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]

url:    https://github.com/0day-ci/linux/commits/Yang-Weijiang/Introduce-support-for-guest-CET-feature/20200507-021021
base:   https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git linux-next
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   arch/x86/kvm/x86.c: In function 'kvm_set_cr0':
   arch/x86/kvm/x86.c:808:53: error: 'X86_CR4_CET' undeclared (first use in this function); did you mean 'X86_CR0_ET'?
     if (!(cr0 & X86_CR0_WP) && kvm_read_cr4_bits(vcpu, X86_CR4_CET))
                                                        ^~~~~~~~~~~
                                                        X86_CR0_ET
   arch/x86/kvm/x86.c:808:53: note: each undeclared identifier is reported only once for each function it appears in
   arch/x86/kvm/x86.c: At top level:
   arch/x86/kvm/x86.c:1232:16: error: 'MSR_IA32_U_CET' undeclared here (not in a function); did you mean 'MSR_IA32_TSC'?
     MSR_IA32_XSS, MSR_IA32_U_CET, MSR_IA32_S_CET,
                   ^~~~~~~~~~~~~~
                   MSR_IA32_TSC
   arch/x86/kvm/x86.c:1232:32: error: 'MSR_IA32_S_CET' undeclared here (not in a function); did you mean 'MSR_IA32_U_CET'?
     MSR_IA32_XSS, MSR_IA32_U_CET, MSR_IA32_S_CET,
                                   ^~~~~~~~~~~~~~
                                   MSR_IA32_U_CET
   arch/x86/kvm/x86.c:1233:2: error: 'MSR_IA32_PL0_SSP' undeclared here (not in a function); did you mean 'MSR_IA32_MCG_ESP'?
     MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP,
     ^~~~~~~~~~~~~~~~
     MSR_IA32_MCG_ESP
   arch/x86/kvm/x86.c:1233:20: error: 'MSR_IA32_PL1_SSP' undeclared here (not in a function); did you mean 'MSR_IA32_PL0_SSP'?
     MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP,
                       ^~~~~~~~~~~~~~~~
                       MSR_IA32_PL0_SSP
   arch/x86/kvm/x86.c:1233:38: error: 'MSR_IA32_PL2_SSP' undeclared here (not in a function); did you mean 'MSR_IA32_PL1_SSP'?
     MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP,
                                         ^~~~~~~~~~~~~~~~
                                         MSR_IA32_PL1_SSP
   arch/x86/kvm/x86.c:1234:2: error: 'MSR_IA32_PL3_SSP' undeclared here (not in a function); did you mean 'MSR_IA32_PL2_SSP'?
     MSR_IA32_PL3_SSP, MSR_IA32_INT_SSP_TAB,
     ^~~~~~~~~~~~~~~~
     MSR_IA32_PL2_SSP
   arch/x86/kvm/x86.c:1234:20: error: 'MSR_IA32_INT_SSP_TAB' undeclared here (not in a function); did you mean 'MSR_IA32_PL3_SSP'?
     MSR_IA32_PL3_SSP, MSR_IA32_INT_SSP_TAB,
                       ^~~~~~~~~~~~~~~~~~~~
                       MSR_IA32_PL3_SSP
   arch/x86/kvm/x86.c: In function 'is_xsaves_msr':
   arch/x86/kvm/x86.c:3278:15: error: comparison between pointer and integer [-Werror]
     return index == MSR_IA32_U_CET ||
                  ^~
   arch/x86/kvm/x86.c:3279:16: error: comparison between pointer and integer [-Werror]
            (index >= MSR_IA32_PL0_SSP && index <= MSR_IA32_PL3_SSP);
                   ^~
   arch/x86/kvm/x86.c:3279:45: error: comparison between pointer and integer [-Werror]
            (index >= MSR_IA32_PL0_SSP && index <= MSR_IA32_PL3_SSP);
                                                ^~
   arch/x86/kvm/x86.c: In function 'kvm_arch_hardware_setup':
   arch/x86/kvm/x86.c:191:34: error: 'XFEATURE_MASK_CET_USER' undeclared (first use in this function); did you mean 'XFEATURE_MASK_BNDCSR'?
    #define KVM_SUPPORTED_XSS       (XFEATURE_MASK_CET_USER | \
                                     ^
   arch/x86/kvm/x86.c:9707:30: note: in expansion of macro 'KVM_SUPPORTED_XSS'
      supported_xss = host_xss & KVM_SUPPORTED_XSS;
                                 ^~~~~~~~~~~~~~~~~
   arch/x86/kvm/x86.c:192:6: error: 'XFEATURE_MASK_CET_KERNEL' undeclared (first use in this function); did you mean 'XFEATURE_MASK_CET_USER'?
         XFEATURE_MASK_CET_KERNEL)
         ^
   arch/x86/kvm/x86.c:9707:30: note: in expansion of macro 'KVM_SUPPORTED_XSS'
      supported_xss = host_xss & KVM_SUPPORTED_XSS;
                                 ^~~~~~~~~~~~~~~~~
   arch/x86/kvm/x86.c:191:57: error: invalid operands to binary | (have 'const u32 * {aka const unsigned int *}' and 'const u32 * {aka const unsigned int *}')
    #define KVM_SUPPORTED_XSS       (XFEATURE_MASK_CET_USER | \
                                     ~                      ^
   arch/x86/kvm/x86.c:9707:30: note: in expansion of macro 'KVM_SUPPORTED_XSS'
      supported_xss = host_xss & KVM_SUPPORTED_XSS;
                                 ^~~~~~~~~~~~~~~~~
   arch/x86/kvm/x86.c:9707:28: error: invalid operands to binary & (have 'u64 {aka long long unsigned int}' and 'const u32 * {aka const unsigned int *}')
      supported_xss = host_xss & KVM_SUPPORTED_XSS;
                               ^
>> arch/x86/kvm/x86.c:9707:17: error: assignment makes integer from pointer without a cast [-Werror=int-conversion]
      supported_xss = host_xss & KVM_SUPPORTED_XSS;
                    ^
   cc1: all warnings being treated as errors

vim +9707 arch/x86/kvm/x86.c

e9b11c17552afe drivers/kvm/x86.c  Zhang Xiantao       2007-11-14  9688  
b990408537388e arch/x86/kvm/x86.c Sean Christopherson 2020-03-21  9689  int kvm_arch_hardware_setup(void *opaque)
e9b11c17552afe drivers/kvm/x86.c  Zhang Xiantao       2007-11-14  9690  {
d008dfdb0e7012 arch/x86/kvm/x86.c Sean Christopherson 2020-03-21  9691  	struct kvm_x86_init_ops *ops = opaque;
9e9c3fe40bcd28 arch/x86/kvm/x86.c Nadav Amit          2015-04-12  9692  	int r;
9e9c3fe40bcd28 arch/x86/kvm/x86.c Nadav Amit          2015-04-12  9693  
91661989d17cce arch/x86/kvm/x86.c Sean Christopherson 2020-03-02  9694  	rdmsrl_safe(MSR_EFER, &host_efer);
91661989d17cce arch/x86/kvm/x86.c Sean Christopherson 2020-03-02  9695  
408e9a318f57ba arch/x86/kvm/x86.c Paolo Bonzini       2020-03-05  9696  	if (boot_cpu_has(X86_FEATURE_XSAVES))
408e9a318f57ba arch/x86/kvm/x86.c Paolo Bonzini       2020-03-05  9697  		rdmsrl(MSR_IA32_XSS, host_xss);
408e9a318f57ba arch/x86/kvm/x86.c Paolo Bonzini       2020-03-05  9698  
d008dfdb0e7012 arch/x86/kvm/x86.c Sean Christopherson 2020-03-21  9699  	r = ops->hardware_setup();
9e9c3fe40bcd28 arch/x86/kvm/x86.c Nadav Amit          2015-04-12  9700  	if (r != 0)
9e9c3fe40bcd28 arch/x86/kvm/x86.c Nadav Amit          2015-04-12  9701  		return r;
9e9c3fe40bcd28 arch/x86/kvm/x86.c Nadav Amit          2015-04-12  9702  
afaf0b2f9b801c arch/x86/kvm/x86.c Sean Christopherson 2020-03-21  9703  	memcpy(&kvm_x86_ops, ops->runtime_ops, sizeof(kvm_x86_ops));
69c6f69aa3064a arch/x86/kvm/x86.c Sean Christopherson 2020-03-21  9704  
408e9a318f57ba arch/x86/kvm/x86.c Paolo Bonzini       2020-03-05  9705  	supported_xss = 0;
c76aeac0801da1 arch/x86/kvm/x86.c Yang Weijiang       2020-05-06  9706  	if (kvm_cpu_cap_has(X86_FEATURE_XSAVES))
c76aeac0801da1 arch/x86/kvm/x86.c Yang Weijiang       2020-05-06 @9707  		supported_xss = host_xss & KVM_SUPPORTED_XSS;
408e9a318f57ba arch/x86/kvm/x86.c Paolo Bonzini       2020-03-05  9708  
b11306b53b2540 arch/x86/kvm/x86.c Sean Christopherson 2019-12-10  9709  	cr4_reserved_bits = kvm_host_cr4_reserved_bits(&boot_cpu_data);
b11306b53b2540 arch/x86/kvm/x86.c Sean Christopherson 2019-12-10  9710  
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9711  	if (kvm_has_tsc_control) {
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9712  		/*
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9713  		 * Make sure the user can only configure tsc_khz values that
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9714  		 * fit into a signed integer.
273ba45796c14b arch/x86/kvm/x86.c Marcelo Tosatti     2018-06-11  9715  		 * A min value is not calculated because it will always
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9716  		 * be 1 on all machines.
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9717  		 */
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9718  		u64 max = min(0x7fffffffULL,
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9719  			      __scale_tsc(kvm_max_tsc_scaling_ratio, tsc_khz));
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9720  		kvm_max_guest_tsc_khz = max;
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9721  
ad721883e9c5f4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9722  		kvm_default_tsc_scaling_ratio = 1ULL << kvm_tsc_scaling_ratio_frac_bits;
35181e86df97e4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9723  	}
ad721883e9c5f4 arch/x86/kvm/x86.c Haozhong Zhang      2015-10-20  9724  
9e9c3fe40bcd28 arch/x86/kvm/x86.c Nadav Amit          2015-04-12  9725  	kvm_init_msr_list();
9e9c3fe40bcd28 arch/x86/kvm/x86.c Nadav Amit          2015-04-12  9726  	return 0;
e9b11c17552afe drivers/kvm/x86.c  Zhang Xiantao       2007-11-14  9727  }
e9b11c17552afe drivers/kvm/x86.c  Zhang Xiantao       2007-11-14  9728  

:::::: The code at line 9707 was first introduced by commit
:::::: c76aeac0801da1991ca230714e41d1ce71555219 KVM: x86: Refresh CPUID once guest changes XSS bits

:::::: TO: Yang Weijiang <weijiang.yang@intel.com>
:::::: CC: 0day robot <lkp@intel.com>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
diff mbox series

Patch

diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h
index 2a8e0b6b9805..211bba6f7d8a 100644
--- a/arch/x86/include/uapi/asm/kvm_para.h
+++ b/arch/x86/include/uapi/asm/kvm_para.h
@@ -46,10 +46,11 @@ 
 /* Custom MSRs falls in the range 0x4b564d00-0x4b564dff */
 #define MSR_KVM_WALL_CLOCK_NEW  0x4b564d00
 #define MSR_KVM_SYSTEM_TIME_NEW 0x4b564d01
-#define MSR_KVM_ASYNC_PF_EN 0x4b564d02
-#define MSR_KVM_STEAL_TIME  0x4b564d03
-#define MSR_KVM_PV_EOI_EN      0x4b564d04
+#define MSR_KVM_ASYNC_PF_EN     0x4b564d02
+#define MSR_KVM_STEAL_TIME      0x4b564d03
+#define MSR_KVM_PV_EOI_EN       0x4b564d04
 #define MSR_KVM_POLL_CONTROL	0x4b564d05
+#define MSR_KVM_GUEST_SSP       0x4b564d06
 
 struct kvm_steal_time {
 	__u64 steal;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 7137e252ab38..7f3a65ee64c5 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1777,6 +1777,94 @@  static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
 	}
 }
 
+static void vmx_get_xsave_msr(struct msr_data *msr_info)
+{
+	local_irq_disable();
+	if (test_thread_flag(TIF_NEED_FPU_LOAD))
+		switch_fpu_return();
+	rdmsrl(msr_info->index, msr_info->data);
+	local_irq_enable();
+}
+
+static void vmx_set_xsave_msr(struct msr_data *msr_info)
+{
+	local_irq_disable();
+	if (test_thread_flag(TIF_NEED_FPU_LOAD))
+		switch_fpu_return();
+	wrmsrl(msr_info->index, msr_info->data);
+	local_irq_enable();
+}
+
+#define CET_MSR_RSVD_BITS_1  GENMASK(2, 0)
+#define CET_MSR_RSVD_BITS_2  GENMASK(9, 6)
+
+static bool cet_check_msr_valid(struct kvm_vcpu *vcpu,
+				struct msr_data *msr, u64 rsvd_bits)
+{
+	u64 data = msr->data;
+	u32 index = msr->index;
+
+	if ((index == MSR_IA32_PL0_SSP || index == MSR_IA32_PL1_SSP ||
+	    index == MSR_IA32_PL2_SSP || index == MSR_IA32_PL3_SSP ||
+	    index == MSR_IA32_INT_SSP_TAB || index == MSR_KVM_GUEST_SSP) &&
+	    is_noncanonical_address(data, vcpu))
+		return false;
+
+	if ((index  == MSR_IA32_S_CET || index == MSR_IA32_U_CET) &&
+	    data & MSR_IA32_CET_ENDBR_EN) {
+		u64 bitmap_base = data >> 12;
+
+		if (is_noncanonical_address(bitmap_base, vcpu))
+			return false;
+	}
+
+	return !(data & rsvd_bits);
+}
+
+static bool cet_check_ssp_msr_accessible(struct kvm_vcpu *vcpu,
+					 struct msr_data *msr)
+{
+	u32 index = msr->index;
+
+	if (!boot_cpu_has(X86_FEATURE_SHSTK))
+		return false;
+
+	if (!msr->host_initiated &&
+	    !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK))
+		return false;
+
+	if (index == MSR_KVM_GUEST_SSP)
+		return msr->host_initiated &&
+		       guest_cpuid_has(vcpu, X86_FEATURE_SHSTK);
+
+	if (index == MSR_IA32_INT_SSP_TAB)
+		return true;
+
+	if (index == MSR_IA32_PL3_SSP)
+		return supported_xss & XFEATURE_MASK_CET_USER;
+
+	return supported_xss & XFEATURE_MASK_CET_KERNEL;
+}
+
+static bool cet_check_ctl_msr_accessible(struct kvm_vcpu *vcpu,
+					 struct msr_data *msr)
+{
+	u32 index = msr->index;
+
+	if (!boot_cpu_has(X86_FEATURE_SHSTK) &&
+	    !boot_cpu_has(X86_FEATURE_IBT))
+		return false;
+
+	if (!msr->host_initiated &&
+	    !guest_cpuid_has(vcpu, X86_FEATURE_SHSTK) &&
+	    !guest_cpuid_has(vcpu, X86_FEATURE_IBT))
+		return false;
+
+	if (index == MSR_IA32_U_CET)
+		return supported_xss & XFEATURE_MASK_CET_USER;
+
+	return supported_xss & XFEATURE_MASK_CET_KERNEL;
+}
 /*
  * Reads an msr value (of 'msr_index') into 'pdata'.
  * Returns 0 on success, non-0 otherwise.
@@ -1909,6 +1997,31 @@  static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 		else
 			msr_info->data = vmx->pt_desc.guest.addr_a[index / 2];
 		break;
+	case MSR_KVM_GUEST_SSP:
+		if (!cet_check_ssp_msr_accessible(vcpu, msr_info))
+			return 1;
+		msr_info->data = vmcs_readl(GUEST_SSP);
+		break;
+	case MSR_IA32_S_CET:
+		if (!cet_check_ctl_msr_accessible(vcpu, msr_info))
+			return 1;
+		msr_info->data = vmcs_readl(GUEST_S_CET);
+		break;
+	case MSR_IA32_INT_SSP_TAB:
+		if (!cet_check_ssp_msr_accessible(vcpu, msr_info))
+			return 1;
+		msr_info->data = vmcs_readl(GUEST_INTR_SSP_TABLE);
+		break;
+	case MSR_IA32_U_CET:
+		if (!cet_check_ctl_msr_accessible(vcpu, msr_info))
+			return 1;
+		vmx_get_xsave_msr(msr_info);
+		break;
+	case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP:
+		if (!cet_check_ssp_msr_accessible(vcpu, msr_info))
+			return 1;
+		vmx_get_xsave_msr(msr_info);
+		break;
 	case MSR_TSC_AUX:
 		if (!msr_info->host_initiated &&
 		    !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
@@ -2165,6 +2278,41 @@  static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 		else
 			vmx->pt_desc.guest.addr_a[index / 2] = data;
 		break;
+	case MSR_KVM_GUEST_SSP:
+		if (!cet_check_ssp_msr_accessible(vcpu, msr_info))
+			return 1;
+		if (!cet_check_msr_valid(vcpu, msr_info, CET_MSR_RSVD_BITS_1))
+			return 1;
+		vmcs_writel(GUEST_SSP, data);
+		break;
+	case MSR_IA32_S_CET:
+		if (!cet_check_ctl_msr_accessible(vcpu, msr_info))
+			return 1;
+		if (!cet_check_msr_valid(vcpu, msr_info, CET_MSR_RSVD_BITS_2))
+			return 1;
+		vmcs_writel(GUEST_S_CET, data);
+		break;
+	case MSR_IA32_INT_SSP_TAB:
+		if (!cet_check_ctl_msr_accessible(vcpu, msr_info))
+			return 1;
+		if (!cet_check_msr_valid(vcpu, msr_info, 0))
+			return 1;
+		vmcs_writel(GUEST_INTR_SSP_TABLE, data);
+		break;
+	case MSR_IA32_U_CET:
+		if (!cet_check_ctl_msr_accessible(vcpu, msr_info))
+			return 1;
+		if (!cet_check_msr_valid(vcpu, msr_info, CET_MSR_RSVD_BITS_2))
+			return 1;
+		vmx_set_xsave_msr(msr_info);
+		break;
+	case MSR_IA32_PL0_SSP ... MSR_IA32_PL3_SSP:
+		if (!cet_check_ssp_msr_accessible(vcpu, msr_info))
+			return 1;
+		if (!cet_check_msr_valid(vcpu, msr_info, CET_MSR_RSVD_BITS_1))
+			return 1;
+		vmx_set_xsave_msr(msr_info);
+		break;
 	case MSR_TSC_AUX:
 		if (!msr_info->host_initiated &&
 		    !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 50f80dcab3a9..1ba91101e6e6 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1228,6 +1228,10 @@  static const u32 msrs_to_save_all[] = {
 	MSR_ARCH_PERFMON_EVENTSEL0 + 12, MSR_ARCH_PERFMON_EVENTSEL0 + 13,
 	MSR_ARCH_PERFMON_EVENTSEL0 + 14, MSR_ARCH_PERFMON_EVENTSEL0 + 15,
 	MSR_ARCH_PERFMON_EVENTSEL0 + 16, MSR_ARCH_PERFMON_EVENTSEL0 + 17,
+
+	MSR_IA32_XSS, MSR_IA32_U_CET, MSR_IA32_S_CET,
+	MSR_IA32_PL0_SSP, MSR_IA32_PL1_SSP, MSR_IA32_PL2_SSP,
+	MSR_IA32_PL3_SSP, MSR_IA32_INT_SSP_TAB,
 };
 
 static u32 msrs_to_save[ARRAY_SIZE(msrs_to_save_all)];