[v12,17/77] KVM: x86: add kvm_x86_ops.fault_gla()

Message ID	20211006173113.26445-18-alazar@bitdefender.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> From: =?utf-8?q?Adalbert_Laz=C4=83r?= <alazar@bitdefender.com> To: kvm@vger.kernel.org Cc: virtualization@lists.linux-foundation.org, Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>, Vitaly Kuznetsov <vkuznets@redhat.com>, Wanpeng Li <wanpengli@tencent.com>, Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>, Mathieu Tarral <mathieu.tarral@protonmail.com>, Tamas K Lengyel <tamas@tklengyel.com>, =?utf-8?q?Mihai_Don=C8=9Bu?= <mdontu@bitdefender.com>, =?utf-8?b?TmljdciZ?= =?utf-8?b?b3IgQ8OuyJt1?= <nicu.citu@icloud.com>, =?utf-8?q?Adalbert_Laz?= =?utf-8?q?=C4=83r?= <alazar@bitdefender.com> Subject: [PATCH v12 17/77] KVM: x86: add kvm_x86_ops.fault_gla() Date: Wed, 6 Oct 2021 20:30:13 +0300 Message-Id: <20211006173113.26445-18-alazar@bitdefender.com> In-Reply-To: <20211006173113.26445-1-alazar@bitdefender.com> References: <20211006173113.26445-1-alazar@bitdefender.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	VM introspection \| expand [v12,00/77] VM introspection [v12,01/77] KVM: UAPI: add error codes used by the VM introspection code [v12,02/77] KVM: add kvm_vcpu_kick_and_wait() [v12,03/77] KVM: x86: add kvm_arch_vcpu_get_regs() and kvm_arch_vcpu_get_sregs() [v12,04/77] KVM: x86: add kvm_arch_vcpu_set_regs() [v12,05/77] KVM: x86: avoid injecting #PF when emulate the VMCALL instruction [v12,06/77] KVM: x86: add kvm_x86_ops.bp_intercepted() [v12,07/77] KVM: x86: add kvm_x86_ops.control_cr3_intercept() [v12,08/77] KVM: x86: add kvm_x86_ops.cr3_write_intercepted() [v12,09/77] KVM: x86: add kvm_x86_ops.desc_ctrl_supported() [v12,10/77] KVM: svm: add support for descriptor-table VM-exits [v12,11/77] KVM: x86: add kvm_x86_ops.control_desc_intercept() [v12,12/77] KVM: x86: add kvm_x86_ops.desc_intercepted() [v12,13/77] KVM: x86: add kvm_x86_ops.msr_write_intercepted() [v12,14/77] KVM: x86: svm: use the vmx convention to control the MSR interception [v12,15/77] KVM: x86: add kvm_x86_ops.control_msr_intercept() [v12,16/77] KVM: x86: save the error code during EPT/NPF exits handling [v12,17/77] KVM: x86: add kvm_x86_ops.fault_gla() [v12,18/77] KVM: x86: add kvm_x86_ops.control_singlestep() [v12,19/77] KVM: x86: export kvm_arch_vcpu_set_guest_debug() [v12,20/77] KVM: x86: extend kvm_mmu_gva_to_gpa_system() with the 'access' parameter [v12,21/77] KVM: x86: export kvm_inject_pending_exception() [v12,22/77] KVM: x86: export kvm_vcpu_ioctl_x86_get_xsave() [v12,23/77] KVM: x86: export kvm_vcpu_ioctl_x86_set_xsave() [v12,24/77] KVM: x86: page track: provide all callbacks with the guest virtual address [v12,25/77] KVM: x86: page track: add track_create_slot() callback [v12,26/77] KVM: x86: page_track: add support for preread, prewrite and preexec [v12,27/77] KVM: x86: wire in the preread/prewrite/preexec page trackers [v12,28/77] KVM: x86: disable gpa_available optimization for fetch and page-walk SPT violations [v12,29/77] KVM: introduce VM introspection [v12,30/77] KVM: introspection: add hook/unhook ioctls [v12,31/77] KVM: introspection: add permission access ioctls [v12,32/77] KVM: introspection: add the read/dispatch message function [v12,33/77] KVM: introspection: add KVMI_GET_VERSION [v12,34/77] KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT [v12,35/77] KVM: introspection: add KVMI_VM_GET_INFO [v12,36/77] KVM: introspection: add KVM_INTROSPECTION_PREUNHOOK [v12,37/77] KVM: introspection: add KVMI_VM_EVENT_UNHOOK [v12,38/77] KVM: introspection: add KVMI_VM_CONTROL_EVENTS [v12,39/77] KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL [v12,40/77] KVM: introspection: add vCPU related data [v12,41/77] KVM: introspection: add a jobs list to every introspected vCPU [v12,42/77] KVM: introspection: handle vCPU introspection requests [v12,43/77] KVM: introspection: handle vCPU commands [v12,44/77] KVM: introspection: add KVMI_VCPU_GET_INFO [v12,45/77] KVM: introspection: add KVMI_VM_PAUSE_VCPU [v12,46/77] KVM: introspection: add support for vCPU events [v12,47/77] KVM: introspection: add KVMI_VCPU_EVENT_PAUSE [v12,48/77] KVM: introspection: add the crash action handling on the event reply [v12,49/77] KVM: introspection: add KVMI_VCPU_CONTROL_EVENTS [v12,50/77] KVM: introspection: add KVMI_VCPU_GET_REGISTERS [v12,51/77] KVM: introspection: add KVMI_VCPU_SET_REGISTERS [v12,52/77] KVM: introspection: add KVMI_VCPU_GET_CPUID [v12,53/77] KVM: introspection: add KVMI_VCPU_EVENT_HYPERCALL [v12,54/77] KVM: introspection: add KVMI_VCPU_EVENT_BREAKPOINT [v12,55/77] KVM: introspection: add cleanup support for vCPUs [v12,56/77] KVM: introspection: restore the state of #BP interception on unhook [v12,57/77] KVM: introspection: add KVMI_VM_CONTROL_CLEANUP [v12,58/77] KVM: introspection: add KVMI_VCPU_CONTROL_CR and KVMI_VCPU_EVENT_CR [v12,59/77] KVM: introspection: restore the state of CR3 interception on unhook [v12,60/77] KVM: introspection: add KVMI_VCPU_INJECT_EXCEPTION + KVMI_VCPU_EVENT_TRAP [v12,61/77] KVM: introspection: add KVMI_VCPU_EVENT_XSETBV [v12,62/77] KVM: introspection: add KVMI_VCPU_GET_XCR [v12,63/77] KVM: introspection: add KVMI_VCPU_GET_XSAVE [v12,64/77] KVM: introspection: add KVMI_VCPU_SET_XSAVE [v12,65/77] KVM: introspection: add KVMI_VCPU_GET_MTRR_TYPE [v12,66/77] KVM: introspection: add KVMI_VCPU_EVENT_DESCRIPTOR [v12,67/77] KVM: introspection: restore the state of descriptor-table register interception on unho… [v12,68/77] KVM: introspection: add KVMI_VCPU_CONTROL_MSR and KVMI_VCPU_EVENT_MSR [v12,69/77] KVM: introspection: restore the state of MSR interception on unhook [v12,70/77] KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS [v12,71/77] KVM: introspection: add KVMI_VCPU_EVENT_PF [v12,72/77] KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features [v12,73/77] KVM: introspection: add KVMI_VCPU_CONTROL_SINGLESTEP [v12,74/77] KVM: introspection: add KVMI_VCPU_EVENT_SINGLESTEP [v12,75/77] KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA [v12,76/77] KVM: introspection: emulate a guest page table walk on SPT violations due to A/D bit up… [v12,77/77] KVM: x86: call the page tracking code on emulation failure

Message ID

20211006173113.26445-18-alazar@bitdefender.com (mailing list archive)

State

New, archived

Headers

From: =?utf-8?q?Adalbert_Laz=C4=83r?= <alazar@bitdefender.com>
To: kvm@vger.kernel.org
Cc: virtualization@lists.linux-foundation.org,
 Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>,
 Vitaly Kuznetsov <vkuznets@redhat.com>, Wanpeng Li <wanpengli@tencent.com>,
 Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
 Mathieu Tarral <mathieu.tarral@protonmail.com>,
 Tamas K Lengyel <tamas@tklengyel.com>,
 =?utf-8?q?Mihai_Don=C8=9Bu?= <mdontu@bitdefender.com>, =?utf-8?b?TmljdciZ?=
	=?utf-8?b?b3IgQ8OuyJt1?= <nicu.citu@icloud.com>, =?utf-8?q?Adalbert_Laz?=
	=?utf-8?q?=C4=83r?= <alazar@bitdefender.com>
Subject: [PATCH v12 17/77] KVM: x86: add kvm_x86_ops.fault_gla()
Date: Wed,  6 Oct 2021 20:30:13 +0300
Message-Id: <20211006173113.26445-18-alazar@bitdefender.com>
In-Reply-To: <20211006173113.26445-1-alazar@bitdefender.com>
References: <20211006173113.26445-1-alazar@bitdefender.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

VM introspection | expand

Commit Message

Adalbert Lazăr Oct. 6, 2021, 5:30 p.m. UTC

From: Mihai Donțu <mdontu@bitdefender.com>

This function is needed for kvmi_update_ad_flags()
and kvm_page_track_emulation_failure().

kvmi_update_ad_flags() uses the existing guest page table walk code to
update the A/D bits and return to guest (when the introspection tool
write-protects the guest page tables).

kvm_page_track_emulation_failure() calls the page tracking code, that
can trigger an event for the introspection tool (which might need the
GVA in addition to the GPA).

Signed-off-by: Mihai Donțu <mdontu@bitdefender.com>
Co-developed-by: Nicușor Cîțu <nicu.citu@icloud.com>
Signed-off-by: Nicușor Cîțu <nicu.citu@icloud.com>
Signed-off-by: Adalbert Lazăr <alazar@bitdefender.com>
---
 arch/x86/include/asm/kvm-x86-ops.h | 1 +
 arch/x86/include/asm/kvm_host.h    | 2 ++
 arch/x86/include/asm/vmx.h         | 2 ++
 arch/x86/kvm/svm/svm.c             | 9 +++++++++
 arch/x86/kvm/vmx/vmx.c             | 9 +++++++++
 5 files changed, 23 insertions(+)

diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h
index 4228b775a48e..ad6c19d9bef5 100644
--- a/arch/x86/include/asm/kvm-x86-ops.h
+++ b/arch/x86/include/asm/kvm-x86-ops.h
@@ -129,6 +129,7 @@  KVM_X86_OP(control_desc_intercept)
 KVM_X86_OP(desc_intercepted)
 KVM_X86_OP(msr_write_intercepted)
 KVM_X86_OP(control_msr_intercept)
+KVM_X86_OP(fault_gla)
 
 #undef KVM_X86_OP
 #undef KVM_X86_OP_NULL
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index db88d38e485d..96058a8a1e5e 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1509,6 +1509,8 @@  struct kvm_x86_ops {
 	int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err);
 
 	void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector);
+
+	u64 (*fault_gla)(struct kvm_vcpu *vcpu);
 };
 
 struct kvm_x86_nested_ops {
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 0ffaa3156a4e..5cef3b96e29a 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -546,6 +546,7 @@  enum vm_entry_failure_code {
 #define EPT_VIOLATION_READABLE_BIT	3
 #define EPT_VIOLATION_WRITABLE_BIT	4
 #define EPT_VIOLATION_EXECUTABLE_BIT	5
+#define EPT_VIOLATION_GLA_VALID_BIT	7
 #define EPT_VIOLATION_GVA_TRANSLATED_BIT 8
 #define EPT_VIOLATION_ACC_READ		(1 << EPT_VIOLATION_ACC_READ_BIT)
 #define EPT_VIOLATION_ACC_WRITE		(1 << EPT_VIOLATION_ACC_WRITE_BIT)
@@ -553,6 +554,7 @@  enum vm_entry_failure_code {
 #define EPT_VIOLATION_READABLE		(1 << EPT_VIOLATION_READABLE_BIT)
 #define EPT_VIOLATION_WRITABLE		(1 << EPT_VIOLATION_WRITABLE_BIT)
 #define EPT_VIOLATION_EXECUTABLE	(1 << EPT_VIOLATION_EXECUTABLE_BIT)
+#define EPT_VIOLATION_GLA_VALID		(1 << EPT_VIOLATION_GLA_VALID_BIT)
 #define EPT_VIOLATION_GVA_TRANSLATED	(1 << EPT_VIOLATION_GVA_TRANSLATED_BIT)
 
 /*
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index de6cb59a332d..5409438766ee 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4704,6 +4704,13 @@  static int svm_vm_init(struct kvm *kvm)
 	return 0;
 }
 
+static u64 svm_fault_gla(struct kvm_vcpu *vcpu)
+{
+	const struct vcpu_svm *svm = to_svm(vcpu);
+
+	return svm->vcpu.arch.cr2 ? svm->vcpu.arch.cr2 : ~0ull;
+}
+
 static struct kvm_x86_ops svm_x86_ops __initdata = {
 	.hardware_unsetup = svm_hardware_teardown,
 	.hardware_enable = svm_hardware_enable,
@@ -4839,6 +4846,8 @@  static struct kvm_x86_ops svm_x86_ops __initdata = {
 	.complete_emulated_msr = svm_complete_emulated_msr,
 
 	.vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector,
+
+	.fault_gla = svm_fault_gla,
 };
 
 static struct kvm_x86_init_ops svm_init_ops __initdata = {
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index ceba2e112e26..f3e880ef22c8 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7620,6 +7620,13 @@  static bool vmx_check_apicv_inhibit_reasons(ulong bit)
 	return supported & BIT(bit);
 }
 
+static u64 vmx_fault_gla(struct kvm_vcpu *vcpu)
+{
+	if (vcpu->arch.exit_qualification & EPT_VIOLATION_GLA_VALID)
+		return vmcs_readl(GUEST_LINEAR_ADDRESS);
+	return ~0ull;
+}
+
 static struct kvm_x86_ops vmx_x86_ops __initdata = {
 	.hardware_unsetup = hardware_unsetup,
 
@@ -7762,6 +7769,8 @@  static struct kvm_x86_ops vmx_x86_ops __initdata = {
 	.complete_emulated_msr = kvm_complete_insn_gp,
 
 	.vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector,
+
+	.fault_gla = vmx_fault_gla,
 };
 
 static __init void vmx_setup_user_return_msrs(void)

[v12,17/77] KVM: x86: add kvm_x86_ops.fault_gla()

Commit Message

Patch