From patchwork Wed Aug 23 23:32:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jim Mattson X-Patchwork-Id: 9918639 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5052C60327 for ; Wed, 23 Aug 2017 23:33:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 433D41FF29 for ; Wed, 23 Aug 2017 23:33:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 37EF92846C; Wed, 23 Aug 2017 23:33:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E09121FF29 for ; Wed, 23 Aug 2017 23:33:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751317AbdHWXdB (ORCPT ); Wed, 23 Aug 2017 19:33:01 -0400 Received: from mail-pg0-f41.google.com ([74.125.83.41]:36427 "EHLO mail-pg0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751146AbdHWXdA (ORCPT ); Wed, 23 Aug 2017 19:33:00 -0400 Received: by mail-pg0-f41.google.com with SMTP id 83so7021656pgb.3 for ; Wed, 23 Aug 2017 16:33:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=acnfHTve5drI0hPRbBtTu8H+ilrqqU7tPbuOqA+xwbg=; b=igeBfy6+ZOag0wuQhRAI4koC09aAw/724iV5NtfQCq6Xj2LcA/49NQ+SCKPjiWsatD tmvTrUoKP2zL4arQIaXWOAm8vtfZOJV32T3nVY5VASpg8lKdbyL5DT80eizO8zw4Zezb QQQQ5pT5rGDbUkBEcHkwutuNW0vAJFK9VzBuuXDeKNIOs7CFfZlo8ByD51i13o8fx6jd sv57xTtNtcxWa6TdU6jE9Un7tc5Z95K3RAY5sZh7p+2ZK1CI4FFVUl1gA+FIx1m9oNt8 Gy5yN/d5rrgRDp8118DkhiAkBPJeRsclxPWaggwmwc9HpPzWEWyHiKbI/pLBRfDsLcYj bv7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=acnfHTve5drI0hPRbBtTu8H+ilrqqU7tPbuOqA+xwbg=; b=mliBDMtZxv7LgtaIluwhrzuyHLZxIoSsO4CbpdWu5EELnRX3WG1VCnMjsTXkwPCUaq eIOKoqymV1WqEBQCcR4o6hPpLurra26Yncazb9k8VP5hXxcIIcyQ8zFMgtrILY6S/oSE O3XyaqLvUukl7/XJ0QvUSsPhQqH0+YXb5m9xncIOI3uXqrPk/vZsQTXhA9THGVIZck95 yoCo+ItvrtoI7Uv6fR2HKAtMfu1AlZALbaBDblE6XJf41OdYqiZxhYUIOjjaGqC83npz pjWl+lt9t2Uz+XjSt6XwX8m3hK288QhgruOsLNGsD/eQJBQRPKVrDmCXu6PxSaWhHh8n yeOg== X-Gm-Message-State: AHYfb5jxtXzfK733WOFkkX+dJiAuqSxF+r3piYKbZNSJP8P/ezwyjWBJ VLcmIW7hUtpRAwn5 X-Google-Smtp-Source: ADKCNb7Su9eFyEufdWIYRASE8x6RRPV1PPDC93Cpp1ADEJldGNSTH1zraGjfUaB87tANjz899Vj+zg== X-Received: by 10.99.55.1 with SMTP id e1mr4413249pga.176.1503531179953; Wed, 23 Aug 2017 16:32:59 -0700 (PDT) Received: from turtle.sea.corp.google.com ([172.31.88.24]) by smtp.gmail.com with ESMTPSA id 77sm4927290pfz.47.2017.08.23.16.32.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 23 Aug 2017 16:32:59 -0700 (PDT) From: Jim Mattson To: Paolo Bonzini , David Hildenbrand , kvm list Cc: Jim Mattson Subject: [PATCH v6 2/2] kvm: vmx: Raise #UD on unsupported RDRAND Date: Wed, 23 Aug 2017 16:32:04 -0700 Message-Id: <20170823233204.101113-2-jmattson@google.com> X-Mailer: git-send-email 2.14.1.342.g6490525c54-goog In-Reply-To: <20170823233204.101113-1-jmattson@google.com> References: <20170823233204.101113-1-jmattson@google.com> Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A guest may not be configured to support RDRAND, even when the host does. If the guest does not support RDRAND, intercept the instruction and synthesize #UD. Also clear the "allowed-1" bit for RDRAND exiting in the IA32_VMX_PROCBASED_CTLS2 MSR. Signed-off-by: Jim Mattson --- arch/x86/kvm/vmx.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 9dd8637c3392..1d59806b315b 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3668,6 +3668,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) SECONDARY_EXEC_SHADOW_VMCS | SECONDARY_EXEC_XSAVES | SECONDARY_EXEC_RDSEED | + SECONDARY_EXEC_RDRAND | SECONDARY_EXEC_ENABLE_PML | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_VMFUNC; @@ -5304,6 +5305,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) exec_control &= ~SECONDARY_EXEC_RDSEED; + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDRAND)) + exec_control &= ~SECONDARY_EXEC_RDRAND; + return exec_control; } @@ -8058,6 +8062,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { [EXIT_REASON_INVEPT] = handle_invept, [EXIT_REASON_INVVPID] = handle_invvpid, [EXIT_REASON_RDSEED] = handle_invalid_op, + [EXIT_REASON_RDRAND] = handle_invalid_op, [EXIT_REASON_XSAVES] = handle_xsaves, [EXIT_REASON_XRSTORS] = handle_xrstors, [EXIT_REASON_PML_FULL] = handle_pml_full, @@ -8992,6 +8997,12 @@ static bool vmx_rdseed_supported(void) SECONDARY_EXEC_RDSEED; } +static bool vmx_rdrand_supported(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_RDRAND; +} + static bool vmx_xsaves_supported(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & @@ -9690,6 +9701,12 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; } + if (vmx_rdrand_supported() && + !guest_cpuid_has(vcpu, X86_FEATURE_RDRAND)) { + nested_vmx_secondary_ctrls_clear(vcpu, SECONDARY_EXEC_RDRAND); + secondary_exec_ctl |= SECONDARY_EXEC_RDRAND; + } + if (cpu_has_secondary_exec_ctrls()) vmcs_set_secondary_exec_control(secondary_exec_ctl);