From patchwork Wed Jan 15 17:10:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Kuznetsov X-Patchwork-Id: 11335443 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AFF1292A for ; Wed, 15 Jan 2020 17:10:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8E2D02465A for ; Wed, 15 Jan 2020 17:10:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Flr8Z9tE" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728792AbgAORKX (ORCPT ); Wed, 15 Jan 2020 12:10:23 -0500 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:21571 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728963AbgAORKW (ORCPT ); Wed, 15 Jan 2020 12:10:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579108220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lUo1D7ikLQfA8lYaKoHVJNnJCuON6B6xnJFrEX1/0vk=; b=Flr8Z9tErEIVno9bnIJ5AQL67Rd7nwXFmZcBtk6k22Snk4H7dz6X5IZG1zhpKzmgCi08Zg RZWTjXF06c3SV7g4bhQpNj53y7iJHOTqHNprIvsbgzu6yLa9RIDfQDByyhgy3rf38nWNLm 2NbmDIAd5U3s2SVK4que49hzJg1C7KQ= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-180-KnRBQDvgOJqE4uat1lnifQ-1; Wed, 15 Jan 2020 12:10:19 -0500 X-MC-Unique: KnRBQDvgOJqE4uat1lnifQ-1 Received: by mail-wr1-f70.google.com with SMTP id z10so8157831wrt.21 for ; Wed, 15 Jan 2020 09:10:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lUo1D7ikLQfA8lYaKoHVJNnJCuON6B6xnJFrEX1/0vk=; b=DOImFha2o5o7C2oZIzwTPcyhMADRxrYff8OGBcImLFv803Oy2x6LA5lcbvtPLgDWeC AitTos3uc73aAcAFZigXi6tkx3pA4WkRBBkF72/Pfgwh1ib6u+R9jRoJ9nkICFHf3YXv 0urSL7Anw6T3uBnA7DWgTbmDpCjYLFP+SxLFCAUH0ByENaLksEuwMv5rLOX6IoF6wmM3 MS1JO7H8so1RuJoh2ivQnp4RIoYggl8o0AVYWHM9+LhVrVcTA5oF7UIy/ARFEqBEdpLK 0A5JPXAc+UZVCy7GmkQ83iqg3+WocEUVerknKsuDqiheZ6smQeMNl9Da+ULQFnqYDTZf 3/xw== X-Gm-Message-State: APjAAAXMdhrNKwE5DkEbBGn4nEY1dTjte5aVzLEMsxvz78LdEL6HwzoZ /YbiL5nCgliCBPO2q5AYZNEpcpy1c6cf+gXdohnzgWPo5hnpigDrLS9PfIJ7XscnEE1hpiygXna RfIIljzj8hOXV X-Received: by 2002:a7b:cbc9:: with SMTP id n9mr887032wmi.89.1579108217927; Wed, 15 Jan 2020 09:10:17 -0800 (PST) X-Google-Smtp-Source: APXvYqx4B9x0NLSvFhdpR/GVGflvW4G/nSX8mzTF5mcgnPay7KLNFLabJe8vYU6dpBFPYErt1ooqnQ== X-Received: by 2002:a7b:cbc9:: with SMTP id n9mr887008wmi.89.1579108217757; Wed, 15 Jan 2020 09:10:17 -0800 (PST) Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id y20sm525071wmi.25.2020.01.15.09.10.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jan 2020 09:10:16 -0800 (PST) From: Vitaly Kuznetsov To: kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Jim Mattson , linux-kernel@vger.kernel.org, Liran Alon , Roman Kagan Subject: [PATCH RFC 1/3] x86/kvm/hyper-v: remove stale evmcs_already_enabled check from nested_enable_evmcs() Date: Wed, 15 Jan 2020 18:10:12 +0100 Message-Id: <20200115171014.56405-2-vkuznets@redhat.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115171014.56405-1-vkuznets@redhat.com> References: <20200115171014.56405-1-vkuznets@redhat.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org In nested_enable_evmcs() evmcs_already_enabled check doesn't really do anything: controls are already sanitized and we return '0' regardless. Just drop the check. Signed-off-by: Vitaly Kuznetsov Reviewed-by: Liran Alon --- arch/x86/kvm/vmx/evmcs.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c index 72359709cdc1..89c3e0caf39f 100644 --- a/arch/x86/kvm/vmx/evmcs.c +++ b/arch/x86/kvm/vmx/evmcs.c @@ -350,17 +350,12 @@ int nested_enable_evmcs(struct kvm_vcpu *vcpu, uint16_t *vmcs_version) { struct vcpu_vmx *vmx = to_vmx(vcpu); - bool evmcs_already_enabled = vmx->nested.enlightened_vmcs_enabled; vmx->nested.enlightened_vmcs_enabled = true; if (vmcs_version) *vmcs_version = nested_get_evmcs_version(vcpu); - /* We don't support disabling the feature for simplicity. */ - if (evmcs_already_enabled) - return 0; - vmx->nested.msrs.pinbased_ctls_high &= ~EVMCS1_UNSUPPORTED_PINCTRL; vmx->nested.msrs.entry_ctls_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL; vmx->nested.msrs.exit_ctls_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL; From patchwork Wed Jan 15 17:10:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Kuznetsov X-Patchwork-Id: 11335445 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E864492A for ; Wed, 15 Jan 2020 17:10:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BCE53214AF for ; Wed, 15 Jan 2020 17:10:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="DMUUJi9f" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729098AbgAORKY (ORCPT ); Wed, 15 Jan 2020 12:10:24 -0500 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:28871 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729025AbgAORKX (ORCPT ); Wed, 15 Jan 2020 12:10:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579108222; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gSI+9ZFmzhwau+7pGCHRYVf7K5e/ts+rnUbmZcA7/DU=; b=DMUUJi9fk2ezS7YsVWwbPck2r8aGf1qVlMBVCp1TTTuf20bn5BFQDGJe8t4oRB942a8cYt TMxUn5z4K+QagrjW9IpqkXu1em+SNPZxsxzRNC6Q7PzZrSR7Nu6JM6BHbnZ21YH6ZofaIK AMmprF+rVOS1mAWFVkIeAIr7CYDEkIQ= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-356-0ZORqEl7N_-rWhhQLpUAtQ-1; Wed, 15 Jan 2020 12:10:20 -0500 X-MC-Unique: 0ZORqEl7N_-rWhhQLpUAtQ-1 Received: by mail-wm1-f70.google.com with SMTP id 7so96018wmf.9 for ; Wed, 15 Jan 2020 09:10:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gSI+9ZFmzhwau+7pGCHRYVf7K5e/ts+rnUbmZcA7/DU=; b=I6Nyc6ztAJsluCng9CjOpGl1lAsYOX7jLvI8oQeDS8bQyOwAFuVfCBJaEEzUN3aa30 qcT+tcChTfP1BGJWqcgwKaOmpqAjTiT2VoFpm2Bnxm1Kdtw8oT6JVDaDjOso5kJy9OU2 pbIDHxBepa70ZnP60KvNnhpJ9rY+fShmyfKp1nQDA12RGfNyYPejvIiWXxQnUcgQlwwg OUxvYwUHpgCdAM3BZjJB4uNqmU/1uykFRkSqjucUmxyKEaCajYC+22UHR9drrEuxykQi mL7frqDkLJekMmuP8giT/531D6/ftZv1ezH35PJvGgn5PRxy2+QTyObpt3OHutVmZ6yU 5r2A== X-Gm-Message-State: APjAAAX60BVRmUdZKNgNdJJ5/dUXTV56W4ynsHyUteX03YY4cYNhJ7fJ kASLr+aqtHZ0fX4uv8p9fOofz/M3vweFEK7ezjuy3vp8dKmtywL5l3rPv8yPoIHpMWacLaWtvSq dvP5OrQoneefR X-Received: by 2002:a1c:e108:: with SMTP id y8mr852716wmg.147.1579108219183; Wed, 15 Jan 2020 09:10:19 -0800 (PST) X-Google-Smtp-Source: APXvYqwooCNRjva1ReNTUjIwvyiUsGeGB/7NwFSnSMiE2Ww25Pqyumx/tXtSDOemmBM4vZewR+hQwA== X-Received: by 2002:a1c:e108:: with SMTP id y8mr852697wmg.147.1579108218968; Wed, 15 Jan 2020 09:10:18 -0800 (PST) Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id y20sm525071wmi.25.2020.01.15.09.10.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jan 2020 09:10:18 -0800 (PST) From: Vitaly Kuznetsov To: kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Jim Mattson , linux-kernel@vger.kernel.org, Liran Alon , Roman Kagan Subject: [PATCH RFC 2/3] x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs() Date: Wed, 15 Jan 2020 18:10:13 +0100 Message-Id: <20200115171014.56405-3-vkuznets@redhat.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115171014.56405-1-vkuznets@redhat.com> References: <20200115171014.56405-1-vkuznets@redhat.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org With fine grained VMX feature enablement QEMU>=4.2 tries to do KVM_SET_MSRS with default (matching CPU model) values and in case eVMCS is also enabled, fails. It would be possible to drop VMX feature filtering completely and make this a guest's responsibility: if it decides to use eVMCS it should know which fields are available and which are not. Hyper-V mostly complies to this, however, there is at least one problematic control: SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES which Hyper-V enables. As there is no 'apic_addr_field' in eVMCS, we fail to handle this properly in KVM. It is unclear how this is supposed to work, genuine Hyper-V doesn't expose the control so it is possible that this is just a bug (in Hyper-V). Move VMX controls sanitization from nested_enable_evmcs() to vmx_get_msr(), this allows userspace to keep setting controls it wants and at the same time hides them from the guest. Signed-off-by: Vitaly Kuznetsov Reviewed-by: Liran Alon --- arch/x86/kvm/vmx/evmcs.c | 38 ++++++++++++++++++++++++++++++++------ arch/x86/kvm/vmx/evmcs.h | 1 + arch/x86/kvm/vmx/vmx.c | 10 ++++++++-- 3 files changed, 41 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c index 89c3e0caf39f..b5d6582ba589 100644 --- a/arch/x86/kvm/vmx/evmcs.c +++ b/arch/x86/kvm/vmx/evmcs.c @@ -346,6 +346,38 @@ uint16_t nested_get_evmcs_version(struct kvm_vcpu *vcpu) return 0; } +void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata) +{ + u32 ctl_low = (u32)*pdata, ctl_high = (u32)(*pdata >> 32); + /* + * Enlightened VMCS doesn't have certain fields, make sure we don't + * expose unsupported controls to L1. + */ + + switch (msr_index) { + case MSR_IA32_VMX_PINBASED_CTLS: + case MSR_IA32_VMX_TRUE_PINBASED_CTLS: + ctl_high &= ~EVMCS1_UNSUPPORTED_PINCTRL; + break; + case MSR_IA32_VMX_EXIT_CTLS: + case MSR_IA32_VMX_TRUE_EXIT_CTLS: + ctl_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL; + break; + case MSR_IA32_VMX_ENTRY_CTLS: + case MSR_IA32_VMX_TRUE_ENTRY_CTLS: + ctl_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL; + break; + case MSR_IA32_VMX_PROCBASED_CTLS2: + ctl_high &= ~EVMCS1_UNSUPPORTED_2NDEXEC; + break; + case MSR_IA32_VMX_VMFUNC: + ctl_low &= ~EVMCS1_UNSUPPORTED_VMFUNC; + break; + } + + *pdata = ctl_low | ((u64)ctl_high << 32); +} + int nested_enable_evmcs(struct kvm_vcpu *vcpu, uint16_t *vmcs_version) { @@ -356,11 +388,5 @@ int nested_enable_evmcs(struct kvm_vcpu *vcpu, if (vmcs_version) *vmcs_version = nested_get_evmcs_version(vcpu); - vmx->nested.msrs.pinbased_ctls_high &= ~EVMCS1_UNSUPPORTED_PINCTRL; - vmx->nested.msrs.entry_ctls_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL; - vmx->nested.msrs.exit_ctls_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL; - vmx->nested.msrs.secondary_ctls_high &= ~EVMCS1_UNSUPPORTED_2NDEXEC; - vmx->nested.msrs.vmfunc_controls &= ~EVMCS1_UNSUPPORTED_VMFUNC; - return 0; } diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h index 07ebf6882a45..b88d9807a796 100644 --- a/arch/x86/kvm/vmx/evmcs.h +++ b/arch/x86/kvm/vmx/evmcs.h @@ -201,5 +201,6 @@ bool nested_enlightened_vmentry(struct kvm_vcpu *vcpu, u64 *evmcs_gpa); uint16_t nested_get_evmcs_version(struct kvm_vcpu *vcpu); int nested_enable_evmcs(struct kvm_vcpu *vcpu, uint16_t *vmcs_version); +void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata); #endif /* __KVM_X86_VMX_EVMCS_H */ diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index e3394c839dea..8eb74618b8d8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1849,8 +1849,14 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: if (!nested_vmx_allowed(vcpu)) return 1; - return vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index, - &msr_info->data); + if (vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index, + &msr_info->data)) + return 1; + if (!msr_info->host_initiated && + vmx->nested.enlightened_vmcs_enabled) + nested_evmcs_filter_control_msr(msr_info->index, + &msr_info->data); + break; case MSR_IA32_RTIT_CTL: if (pt_mode != PT_MODE_HOST_GUEST) return 1; From patchwork Wed Jan 15 17:10:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Kuznetsov X-Patchwork-Id: 11335447 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A713513BD for ; Wed, 15 Jan 2020 17:10:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 858B724656 for ; Wed, 15 Jan 2020 17:10:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="isVshYr+" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728998AbgAORKb (ORCPT ); Wed, 15 Jan 2020 12:10:31 -0500 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:21103 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729045AbgAORKa (ORCPT ); Wed, 15 Jan 2020 12:10:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579108230; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mPgwZ2FjiJ6HjtpTVTA+tuZ9QlXeQvuG1PK2sLPEBfc=; b=isVshYr+eRHdm5+kpLhnByNyoGCAnTjqXm33mZS/Q0t4NGzvkwlsbYDwABjT5vmsbAKDrH Z/0kSJbbnUXjmgbceQfRlpOvdJPtMbICv7x/vd9dSz0KGUi5lAoMOLnnUWH4Qe4AXJA8xj A/CGZOYXIdO5h5EukwcJnkNQqzmdQLg= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-209-KOxKX6blMFKXZqE8YTEYgg-1; Wed, 15 Jan 2020 12:10:22 -0500 X-MC-Unique: KOxKX6blMFKXZqE8YTEYgg-1 Received: by mail-wm1-f69.google.com with SMTP id p5so99353wmc.4 for ; Wed, 15 Jan 2020 09:10:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mPgwZ2FjiJ6HjtpTVTA+tuZ9QlXeQvuG1PK2sLPEBfc=; b=sqlzHCZo5oRbqQRgJaWwTdfRjnTPH/BdDSQO/7CU8zg7aYmn2BKKDYOtOH20zvAPCm n39WdBgfWmjAAerlddyewIBJUPKyx8AgFGaUyOa2Iarw2RsfRCVtVJxtZyPk/yOU1Mzb GcYukTtd6dAuKGT8Zktgy3hYUpzF+1NgathB+nDRnOmd1IRLbJOqaNPyCxmOxCbeQyIb ryFYQtUrkbN7Dinaf3NzdGCbbpS8RZOEayJUDHJ7t1qASUiN6gSjgKCa24QqORFdyYQF UfUZt/5FDhYhbZvHoXfTC93dFBQOVJiTw1RDoFGB65oKpQ7ULQhJ8kyX4P+mI5TGh2uD nMCw== X-Gm-Message-State: APjAAAXVNWYiI1fSouEboaPqvZpxamwycvankvG8pr2X80bF6GCztXlN T2EQYXh0wrFRw+7jbGS9TSvP97ICjEb80iOkCBctl9jCYppeBpeGp33gGe0ZG+EjgGCocsCSSUO F4Xy8PHqaWzSa X-Received: by 2002:a5d:6089:: with SMTP id w9mr31924014wrt.228.1579108220799; Wed, 15 Jan 2020 09:10:20 -0800 (PST) X-Google-Smtp-Source: APXvYqzT7NE1CAajyd81QPxS6ycq9X5t7RxfdMr8x+Cmi4zgK1Ws1nujDxnaGNIEn84dq9nX1odeBw== X-Received: by 2002:a5d:6089:: with SMTP id w9mr31923992wrt.228.1579108220555; Wed, 15 Jan 2020 09:10:20 -0800 (PST) Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id y20sm525071wmi.25.2020.01.15.09.10.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jan 2020 09:10:19 -0800 (PST) From: Vitaly Kuznetsov To: kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Jim Mattson , linux-kernel@vger.kernel.org, Liran Alon , Roman Kagan Subject: [PATCH RFC 3/3] x86/kvm/hyper-v: don't allow to turn on unsupported VMX controls for nested guests Date: Wed, 15 Jan 2020 18:10:14 +0100 Message-Id: <20200115171014.56405-4-vkuznets@redhat.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115171014.56405-1-vkuznets@redhat.com> References: <20200115171014.56405-1-vkuznets@redhat.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Sane L1 hypervisors are not supposed to turn any of the unsupported VMX controls on for its guests and nested_vmx_check_controls() checks for that. This is, however, not the case for the controls which are supported on the host but are missing in enlightened VMCS and when eVMCS is in use. It would certainly be possible to add these missing checks to nested_check_vm_execution_controls()/_vm_exit_controls()/.. but it seems preferable to keep eVMCS-specific stuff in eVMCS and reduce the impact on non-eVMCS guests by doing less unrelated checks. Create a separate nested_evmcs_check_controls() for this purpose. Signed-off-by: Vitaly Kuznetsov --- arch/x86/kvm/vmx/evmcs.c | 56 ++++++++++++++++++++++++++++++++++++++- arch/x86/kvm/vmx/evmcs.h | 1 + arch/x86/kvm/vmx/nested.c | 3 +++ 3 files changed, 59 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c index b5d6582ba589..88f462866396 100644 --- a/arch/x86/kvm/vmx/evmcs.c +++ b/arch/x86/kvm/vmx/evmcs.c @@ -4,9 +4,11 @@ #include #include "../hyperv.h" -#include "evmcs.h" #include "vmcs.h" +#include "vmcs12.h" +#include "evmcs.h" #include "vmx.h" +#include "trace.h" DEFINE_STATIC_KEY_FALSE(enable_evmcs); @@ -378,6 +380,58 @@ void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata) *pdata = ctl_low | ((u64)ctl_high << 32); } +int nested_evmcs_check_controls(struct vmcs12 *vmcs12) +{ + int ret = 0; + u32 unsupp_ctl; + + unsupp_ctl = vmcs12->pin_based_vm_exec_control & + EVMCS1_UNSUPPORTED_PINCTRL; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported pin-based VM-execution controls", + unsupp_ctl); + ret = -EINVAL; + } + + unsupp_ctl = vmcs12->secondary_vm_exec_control & + EVMCS1_UNSUPPORTED_2NDEXEC; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported secondary VM-execution controls", + unsupp_ctl); + ret = -EINVAL; + } + + unsupp_ctl = vmcs12->vm_exit_controls & + EVMCS1_UNSUPPORTED_VMEXIT_CTRL; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported VM-exit controls", + unsupp_ctl); + ret = -EINVAL; + } + + unsupp_ctl = vmcs12->vm_entry_controls & + EVMCS1_UNSUPPORTED_VMENTRY_CTRL; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported VM-entry controls", + unsupp_ctl); + ret = -EINVAL; + } + + unsupp_ctl = vmcs12->vm_function_control & EVMCS1_UNSUPPORTED_VMFUNC; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported VM-function controls", + unsupp_ctl); + ret = -EINVAL; + } + + return ret; +} + int nested_enable_evmcs(struct kvm_vcpu *vcpu, uint16_t *vmcs_version) { diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h index b88d9807a796..cb7517a5a41c 100644 --- a/arch/x86/kvm/vmx/evmcs.h +++ b/arch/x86/kvm/vmx/evmcs.h @@ -202,5 +202,6 @@ uint16_t nested_get_evmcs_version(struct kvm_vcpu *vcpu); int nested_enable_evmcs(struct kvm_vcpu *vcpu, uint16_t *vmcs_version); void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata); +int nested_evmcs_check_controls(struct vmcs12 *vmcs12); #endif /* __KVM_X86_VMX_EVMCS_H */ diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 4aea7d304beb..7c720b095663 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2767,6 +2767,9 @@ static int nested_vmx_check_controls(struct kvm_vcpu *vcpu, nested_check_vm_entry_controls(vcpu, vmcs12)) return -EINVAL; + if (to_vmx(vcpu)->nested.enlightened_vmcs_enabled) + return nested_evmcs_check_controls(vmcs12); + return 0; }