From patchwork Wed Feb  5 12:30:32 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vitaly Kuznetsov <vkuznets@redhat.com>
X-Patchwork-Id: 11366229
Return-Path: <SRS0=nIH0=3Z=vger.kernel.org=kvm-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6CDAA921
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed,  5 Feb 2020 12:30:43 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 4BD95217BA
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed,  5 Feb 2020 12:30:43 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="UhMSQxZB"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727109AbgBEMam (ORCPT
        <rfc822;patchwork-kvm@patchwork.kernel.org>);
        Wed, 5 Feb 2020 07:30:42 -0500
Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:48960 "EHLO
        us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1727104AbgBEMam (ORCPT <rfc822;kvm@vger.kernel.org>);
        Wed, 5 Feb 2020 07:30:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1580905841;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=FHRLTiRDFk91fNbjqjjK4sS7PVxxMVDiLVR/Xqc6yrU=;
        b=UhMSQxZBTr4ZDU1KXea5GiQYdiZTJ5e236pRR6HEuH04ydIouBi5HFyoZrga6IJHecYk0U
        NgZEWaDUBldwiDLnS/5qxhKuI3Y7SfF5c1MDx4NtQQ+p92Eygn+dUQ6UuEXW9LohjHwqek
        WhruqKDJnSoNjMStdpJuVTRxzU9jat8=
Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com
 [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-292-7t-6ssc6M8qd8GTTwJr-qQ-1; Wed, 05 Feb 2020 07:30:39 -0500
X-MC-Unique: 7t-6ssc6M8qd8GTTwJr-qQ-1
Received: by mail-wr1-f72.google.com with SMTP id 50so1126652wrc.2
        for <kvm@vger.kernel.org>; Wed, 05 Feb 2020 04:30:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=FHRLTiRDFk91fNbjqjjK4sS7PVxxMVDiLVR/Xqc6yrU=;
        b=KULmGoz3EaBGS3UXLnLiLESgXQ1q9t9toty8rd3Juwmi1qEkOrdZE1wIecITBx5/dB
         8f2//v3SedvrUSfxXrln+bKdQKLcoQydu8VcqOdlrXSDlqtTAVeNUM+Tn8+haXg0RaC9
         jeaNbV+uGOYIAbBoxRgEP6FlD3f2WmHxo9m7gRO5pca44vs79PMWoS7C1dKsmoakwVG7
         +ofRnT8jZMsD1wamurIYNfGf3aEXxmCGlP58BuB/dRvyicX6kHoMWaw0o4SdiV0nCwr7
         rTS1Z63ZD+zFUanuC4ZXi7Mdn4YlWnZWCtSoY6K1yHUiF2Cx/jL/4J3/zCMWV7zKtevf
         Fb/Q==
X-Gm-Message-State: APjAAAVXZdfNxDahierXiwSuXTGCl7molhbcLG+R2DVN0GzgMOF5aXH7
        2jvAjXDyp2zVuO9XIne+BevKoZKkoIYtPgZzCaLnHfWlPDPO/Yw7B088WdW5FV3tRiUc8R8vAJI
        KdiIgTf9cKL2F
X-Received: by 2002:a5d:5263:: with SMTP id l3mr27754227wrc.405.1580905838387;
        Wed, 05 Feb 2020 04:30:38 -0800 (PST)
X-Google-Smtp-Source: 
 APXvYqwxd5Bz9WYMUVNFZyA/vAWEUrG6f9LLsByb0bUcfyGjRUNIQyI+6xv9t7EQ2SbgTUNWO2yOMw==
X-Received: by 2002:a5d:5263:: with SMTP id l3mr27754211wrc.405.1580905838179;
        Wed, 05 Feb 2020 04:30:38 -0800 (PST)
Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com.
 [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id
 g7sm34227251wrq.21.2020.02.05.04.30.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 05 Feb 2020 04:30:37 -0800 (PST)
From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Jim Mattson <jmattson@google.com>,
        linux-kernel@vger.kernel.org, Liran Alon <liran.alon@oracle.com>,
        Roman Kagan <rkagan@virtuozzo.com>
Subject: [PATCH 1/3] x86/kvm/hyper-v: remove stale evmcs_already_enabled check
 from nested_enable_evmcs()
Date: Wed,  5 Feb 2020 13:30:32 +0100
Message-Id: <20200205123034.630229-2-vkuznets@redhat.com>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200205123034.630229-1-vkuznets@redhat.com>
References: <20200205123034.630229-1-vkuznets@redhat.com>
MIME-Version: 1.0
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

In nested_enable_evmcs() evmcs_already_enabled check doesn't really do
anything: controls are already sanitized and we return '0' regardless.
Just drop the check.

Reviewed-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/kvm/vmx/evmcs.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
index 72359709cdc1..89c3e0caf39f 100644
--- a/arch/x86/kvm/vmx/evmcs.c
+++ b/arch/x86/kvm/vmx/evmcs.c
@@ -350,17 +350,12 @@ int nested_enable_evmcs(struct kvm_vcpu *vcpu,
 			uint16_t *vmcs_version)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
-	bool evmcs_already_enabled = vmx->nested.enlightened_vmcs_enabled;
 
 	vmx->nested.enlightened_vmcs_enabled = true;
 
 	if (vmcs_version)
 		*vmcs_version = nested_get_evmcs_version(vcpu);
 
-	/* We don't support disabling the feature for simplicity. */
-	if (evmcs_already_enabled)
-		return 0;
-
 	vmx->nested.msrs.pinbased_ctls_high &= ~EVMCS1_UNSUPPORTED_PINCTRL;
 	vmx->nested.msrs.entry_ctls_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
 	vmx->nested.msrs.exit_ctls_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL;

From patchwork Wed Feb  5 12:30:33 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vitaly Kuznetsov <vkuznets@redhat.com>
X-Patchwork-Id: 11366231
Return-Path: <SRS0=nIH0=3Z=vger.kernel.org=kvm-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B7A0A138D
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed,  5 Feb 2020 12:30:43 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 96EF2218AC
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed,  5 Feb 2020 12:30:43 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="W8VcjH12"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727991AbgBEMan (ORCPT
        <rfc822;patchwork-kvm@patchwork.kernel.org>);
        Wed, 5 Feb 2020 07:30:43 -0500
Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:43873 "EHLO
        us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1727104AbgBEMam (ORCPT <rfc822;kvm@vger.kernel.org>);
        Wed, 5 Feb 2020 07:30:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1580905842;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=V4rO/yoB3tUWP9A0Ut5u9Rz301Z7Edprg1oEfc2ROnk=;
        b=W8VcjH12xW2bxqiNLh9M9uJB+IsZlnGTaY4JEhLT+Ad2itoS5CbHLCQ2MCgo8/FvS+k/SF
        iUnuUFvTbmVPjcNHc1clZRFVd0Es42OrnwC8kjRf3XEwvln7Wih0xZhlq8MT0Odkzv3QRY
        U6IzMxQsImWPUSQm70pAYvzmLyWbdYg=
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
 [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-293-dtUUwUwZPhuJ2Tv_ka-7mQ-1; Wed, 05 Feb 2020 07:30:41 -0500
X-MC-Unique: dtUUwUwZPhuJ2Tv_ka-7mQ-1
Received: by mail-wr1-f71.google.com with SMTP id w6so1103700wrm.16
        for <kvm@vger.kernel.org>; Wed, 05 Feb 2020 04:30:40 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=V4rO/yoB3tUWP9A0Ut5u9Rz301Z7Edprg1oEfc2ROnk=;
        b=jN5LQ2uWGNPmSbj1q7a4Lgpp2WuajjTUc1Q1zNHhHCzoehHCP8nEXzY6dti57osCMD
         9k2p8Shh9pB1GLM+Vbn4GVn+hYPUVLxfZf6P5o9z7ejI8DWN2l4doajrLM9D1ave/BzJ
         jYdK4mv8v+EJHl+D92m9xhUNlH4U/ox4nsjBk09tnqLn5sNPoNw0F4d9kHR5GdkA6M9x
         WCR+dN+FYfRwPzv+mYe/xLiWJAUKrNCFYoM8Zs4a/1eZ3vr9QzMk4Iayex5oPs8m1Xgj
         4J7OJziI6mDtsrxHaiHkjZes6ccpPBNJawTP6tnA0LpxNjG7zEzKU4H2czlp138XRu4L
         lqBw==
X-Gm-Message-State: APjAAAVTAt2CHa92eAhHfU0HUCqJM3Gd03myAYSD38IjcnlgmOJNcOph
        AkP99rBK4df1o7EiqWlNYQkb/mgJjeJoR5UZqWBvkYCLdgI5ROo7fprwqJxU/0dz06A2s8My3fV
        +BbHXgCr0REJU
X-Received: by 2002:a5d:56ca:: with SMTP id
 m10mr29730382wrw.313.1580905839737;
        Wed, 05 Feb 2020 04:30:39 -0800 (PST)
X-Google-Smtp-Source: 
 APXvYqwoZ811CuIhzZ2Yjt9DCyKIdSs8VFWHUqrGe60Zg+dvF2g2RxTSF7EBPUQXMQlKKeA9TPT+tw==
X-Received: by 2002:a5d:56ca:: with SMTP id
 m10mr29730358wrw.313.1580905839472;
        Wed, 05 Feb 2020 04:30:39 -0800 (PST)
Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com.
 [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id
 g7sm34227251wrq.21.2020.02.05.04.30.38
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 05 Feb 2020 04:30:38 -0800 (PST)
From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Jim Mattson <jmattson@google.com>,
        linux-kernel@vger.kernel.org, Liran Alon <liran.alon@oracle.com>,
        Roman Kagan <rkagan@virtuozzo.com>
Subject: [PATCH 2/3] x86/kvm/hyper-v: move VMX controls sanitization out of
 nested_enable_evmcs()
Date: Wed,  5 Feb 2020 13:30:33 +0100
Message-Id: <20200205123034.630229-3-vkuznets@redhat.com>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200205123034.630229-1-vkuznets@redhat.com>
References: <20200205123034.630229-1-vkuznets@redhat.com>
MIME-Version: 1.0
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

With fine grained VMX feature enablement QEMU>=4.2 tries to do KVM_SET_MSRS
with default (matching CPU model) values and in case eVMCS is also enabled,
fails.

It would be possible to drop VMX feature filtering completely and make
this a guest's responsibility: if it decides to use eVMCS it should know
which fields are available and which are not. Hyper-V mostly complies to
this, however, there are some problematic controls:
SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES
VM_{ENTRY,EXIT}_LOAD_IA32_PERF_GLOBAL_CTR

which Hyper-V enables. As there are no corresponding fields in eVMCS, we
can't handle this properly in KVM. This is a Hyper-V issue.

Move VMX controls sanitization from nested_enable_evmcs() to vmx_get_msr(),
and do the bare minimum (controls, which are known to cause issues). This
allows userspace to keep setting controls it wants and at the same
time hides them from the guest.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/kvm/vmx/evmcs.c | 32 ++++++++++++++++++++++++++------
 arch/x86/kvm/vmx/evmcs.h |  1 +
 arch/x86/kvm/vmx/vmx.c   | 16 ++++++++++++++--
 3 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
index 89c3e0caf39f..ba886fb7bc39 100644
--- a/arch/x86/kvm/vmx/evmcs.c
+++ b/arch/x86/kvm/vmx/evmcs.c
@@ -346,6 +346,32 @@ uint16_t nested_get_evmcs_version(struct kvm_vcpu *vcpu)
        return 0;
 }
 
+void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata)
+{
+	u32 ctl_low = (u32)*pdata;
+	u32 ctl_high = (u32)(*pdata >> 32);
+
+	/*
+	 * Hyper-V 2016 and 2019 try using these features even when eVMCS
+	 * is enabled but there are no corresponding fields.
+	 */
+	switch (msr_index) {
+	case MSR_IA32_VMX_EXIT_CTLS:
+	case MSR_IA32_VMX_TRUE_EXIT_CTLS:
+		ctl_high &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL;
+		break;
+	case MSR_IA32_VMX_ENTRY_CTLS:
+	case MSR_IA32_VMX_TRUE_ENTRY_CTLS:
+		ctl_high &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL;
+		break;
+	case MSR_IA32_VMX_PROCBASED_CTLS2:
+		ctl_high &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
+		break;
+	}
+
+	*pdata = ctl_low | ((u64)ctl_high << 32);
+}
+
 int nested_enable_evmcs(struct kvm_vcpu *vcpu,
 			uint16_t *vmcs_version)
 {
@@ -356,11 +382,5 @@ int nested_enable_evmcs(struct kvm_vcpu *vcpu,
 	if (vmcs_version)
 		*vmcs_version = nested_get_evmcs_version(vcpu);
 
-	vmx->nested.msrs.pinbased_ctls_high &= ~EVMCS1_UNSUPPORTED_PINCTRL;
-	vmx->nested.msrs.entry_ctls_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
-	vmx->nested.msrs.exit_ctls_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
-	vmx->nested.msrs.secondary_ctls_high &= ~EVMCS1_UNSUPPORTED_2NDEXEC;
-	vmx->nested.msrs.vmfunc_controls &= ~EVMCS1_UNSUPPORTED_VMFUNC;
-
 	return 0;
 }
diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h
index 07ebf6882a45..b88d9807a796 100644
--- a/arch/x86/kvm/vmx/evmcs.h
+++ b/arch/x86/kvm/vmx/evmcs.h
@@ -201,5 +201,6 @@ bool nested_enlightened_vmentry(struct kvm_vcpu *vcpu, u64 *evmcs_gpa);
 uint16_t nested_get_evmcs_version(struct kvm_vcpu *vcpu);
 int nested_enable_evmcs(struct kvm_vcpu *vcpu,
 			uint16_t *vmcs_version);
+void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata);
 
 #endif /* __KVM_X86_VMX_EVMCS_H */
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index cdb4bf50ee14..e3adf230ca8e 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1849,8 +1849,20 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
 		if (!nested_vmx_allowed(vcpu))
 			return 1;
-		return vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index,
-				       &msr_info->data);
+		if (vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index,
+				    &msr_info->data))
+			return 1;
+		/*
+		 * Enlightened VMCS v1 doesn't have certain fields, but buggy
+		 * Hyper-V versions are still trying to use corresponding
+		 * features when they are exposed. Filter out the essential
+		 * minimum.
+		 */
+		if (!msr_info->host_initiated &&
+		    vmx->nested.enlightened_vmcs_enabled)
+			nested_evmcs_filter_control_msr(msr_info->index,
+							&msr_info->data);
+		break;
 	case MSR_IA32_RTIT_CTL:
 		if (pt_mode != PT_MODE_HOST_GUEST)
 			return 1;

From patchwork Wed Feb  5 12:30:34 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vitaly Kuznetsov <vkuznets@redhat.com>
X-Patchwork-Id: 11366233
Return-Path: <SRS0=nIH0=3Z=vger.kernel.org=kvm-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 042AE138D
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed,  5 Feb 2020 12:30:48 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id CE33E21741
	for <patchwork-kvm@patchwork.kernel.org>;
 Wed,  5 Feb 2020 12:30:47 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="Y+gAnnSv"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728144AbgBEMaq (ORCPT
        <rfc822;patchwork-kvm@patchwork.kernel.org>);
        Wed, 5 Feb 2020 07:30:46 -0500
Received: from us-smtp-1.mimecast.com ([207.211.31.81]:49365 "EHLO
        us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1728102AbgBEMaq (ORCPT
        <rfc822;kvm@vger.kernel.org>); Wed, 5 Feb 2020 07:30:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1580905845;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=kH9R5qygaELgrXQXaWn/tfFU/2DvggTDzmG5IhlZM0c=;
        b=Y+gAnnSvbjXvQgfmo62iFahMHa9iU6va0dXlOkDCqTG55qtd36Nqa/73y0k9xIeVnPpPxE
        6R2/eDdOSXWKAn7yYdJ2vhyOjqI7VkxhF9GYDmqyiWcJ7Mt/syh5Buz9bHXaj07PxQcU1c
        WwDTxon3zE76wuShCQmtkmHvIi3xvhg=
Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com
 [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-371-jKqfTACBOB-bEP1vPTSZ5w-1; Wed, 05 Feb 2020 07:30:42 -0500
X-MC-Unique: jKqfTACBOB-bEP1vPTSZ5w-1
Received: by mail-wr1-f70.google.com with SMTP id s13so1099388wrb.21
        for <kvm@vger.kernel.org>; Wed, 05 Feb 2020 04:30:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=kH9R5qygaELgrXQXaWn/tfFU/2DvggTDzmG5IhlZM0c=;
        b=hpxRdyz8Nm2EBhPzYbElVQTEtjNCABBV+IwDoHJqCjzLDDXVoQTHAhOvXLRKR81HSp
         JZ3WrigsSokhrxy3aO0ESGfFamFwfaE+LOKiiAM0rP8CgeYoIcUBKuW0xdQBJ6UL1U7c
         F22+2Q9KUBqEi+4cDlh4K7i6qIQeRVVMp67y0nESw499p+aCV1lw0ONqUhxmxmVhb2dI
         CrAZ8Ih3hXVJB05cpC4bsBwXZq0GaVxNKTWK0U6OyDeiLfc2O72KslAr6w4kqa3Gf8X3
         B8LRMeN/S3WV1UM6/Rf7Ncu5WXd9W299uSTG8zHgFdATuzp0LaLVdAGUIZu672eD4oDB
         iu+Q==
X-Gm-Message-State: APjAAAVdEUVLbTK0W7StsMEL2gAH3MbnH+5p+e6OJgw7J02HylHCwsJ3
        YgX8U3fekcPQEywhNbuQyLfE+rOOVwsOqPe7FVZ8IFVuGm2MiyX2hyJ09fImr+2l899kzgnt5GP
        D/ZJpy7gX5kdY
X-Received: by 2002:adf:ea4d:: with SMTP id
 j13mr23997735wrn.292.1580905841363;
        Wed, 05 Feb 2020 04:30:41 -0800 (PST)
X-Google-Smtp-Source: 
 APXvYqy6a7nZphH4CpZdYImL27XES4Yf2yGaYtSWHx6fRouFNr/X6nSst7FOsMjeu0DoqFuZVNRk3A==
X-Received: by 2002:adf:ea4d:: with SMTP id
 j13mr23997707wrn.292.1580905841119;
        Wed, 05 Feb 2020 04:30:41 -0800 (PST)
Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com.
 [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id
 g7sm34227251wrq.21.2020.02.05.04.30.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 05 Feb 2020 04:30:39 -0800 (PST)
From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Jim Mattson <jmattson@google.com>,
        linux-kernel@vger.kernel.org, Liran Alon <liran.alon@oracle.com>,
        Roman Kagan <rkagan@virtuozzo.com>
Subject: [PATCH 3/3] x86/kvm/hyper-v: don't allow to turn on unsupported VMX
 controls for nested guests
Date: Wed,  5 Feb 2020 13:30:34 +0100
Message-Id: <20200205123034.630229-4-vkuznets@redhat.com>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200205123034.630229-1-vkuznets@redhat.com>
References: <20200205123034.630229-1-vkuznets@redhat.com>
MIME-Version: 1.0
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

Sane L1 hypervisors are not supposed to turn any of the unsupported VMX
controls on for its guests and nested_vmx_check_controls() checks for
that. This is, however, not the case for the controls which are supported
on the host but are missing in enlightened VMCS and when eVMCS is in use.

It would certainly be possible to add these missing checks to
nested_check_vm_execution_controls()/_vm_exit_controls()/.. but it seems
preferable to keep eVMCS-specific stuff in eVMCS and reduce the impact on
non-eVMCS guests by doing less unrelated checks. Create a separate
nested_evmcs_check_controls() for this purpose.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/kvm/vmx/evmcs.c  | 53 +++++++++++++++++++++++++++++++++++++++
 arch/x86/kvm/vmx/evmcs.h  |  2 ++
 arch/x86/kvm/vmx/nested.c |  3 +++
 3 files changed, 58 insertions(+)

diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
index ba886fb7bc39..303813423c3e 100644
--- a/arch/x86/kvm/vmx/evmcs.c
+++ b/arch/x86/kvm/vmx/evmcs.c
@@ -7,6 +7,7 @@
 #include "evmcs.h"
 #include "vmcs.h"
 #include "vmx.h"
+#include "trace.h"
 
 DEFINE_STATIC_KEY_FALSE(enable_evmcs);
 
@@ -372,6 +373,58 @@ void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata)
 	*pdata = ctl_low | ((u64)ctl_high << 32);
 }
 
+int nested_evmcs_check_controls(struct vmcs12 *vmcs12)
+{
+	int ret = 0;
+	u32 unsupp_ctl;
+
+	unsupp_ctl = vmcs12->pin_based_vm_exec_control &
+		EVMCS1_UNSUPPORTED_PINCTRL;
+	if (unsupp_ctl) {
+		trace_kvm_nested_vmenter_failed(
+			"eVMCS: unsupported pin-based VM-execution controls",
+			unsupp_ctl);
+		ret = -EINVAL;
+	}
+
+	unsupp_ctl = vmcs12->secondary_vm_exec_control &
+		EVMCS1_UNSUPPORTED_2NDEXEC;
+	if (unsupp_ctl) {
+		trace_kvm_nested_vmenter_failed(
+			"eVMCS: unsupported secondary VM-execution controls",
+			unsupp_ctl);
+		ret = -EINVAL;
+	}
+
+	unsupp_ctl = vmcs12->vm_exit_controls &
+		EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
+	if (unsupp_ctl) {
+		trace_kvm_nested_vmenter_failed(
+			"eVMCS: unsupported VM-exit controls",
+			unsupp_ctl);
+		ret = -EINVAL;
+	}
+
+	unsupp_ctl = vmcs12->vm_entry_controls &
+		EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
+	if (unsupp_ctl) {
+		trace_kvm_nested_vmenter_failed(
+			"eVMCS: unsupported VM-entry controls",
+			unsupp_ctl);
+		ret = -EINVAL;
+	}
+
+	unsupp_ctl = vmcs12->vm_function_control & EVMCS1_UNSUPPORTED_VMFUNC;
+	if (unsupp_ctl) {
+		trace_kvm_nested_vmenter_failed(
+			"eVMCS: unsupported VM-function controls",
+			unsupp_ctl);
+		ret = -EINVAL;
+	}
+
+	return ret;
+}
+
 int nested_enable_evmcs(struct kvm_vcpu *vcpu,
 			uint16_t *vmcs_version)
 {
diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h
index b88d9807a796..6de47f2569c9 100644
--- a/arch/x86/kvm/vmx/evmcs.h
+++ b/arch/x86/kvm/vmx/evmcs.h
@@ -10,6 +10,7 @@
 
 #include "capabilities.h"
 #include "vmcs.h"
+#include "vmcs12.h"
 
 struct vmcs_config;
 
@@ -202,5 +203,6 @@ uint16_t nested_get_evmcs_version(struct kvm_vcpu *vcpu);
 int nested_enable_evmcs(struct kvm_vcpu *vcpu,
 			uint16_t *vmcs_version);
 void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata);
+int nested_evmcs_check_controls(struct vmcs12 *vmcs12);
 
 #endif /* __KVM_X86_VMX_EVMCS_H */
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 6879966b7648..b9fd508f40c5 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2767,6 +2767,9 @@ static int nested_vmx_check_controls(struct kvm_vcpu *vcpu,
 	    nested_check_vm_entry_controls(vcpu, vmcs12))
 		return -EINVAL;
 
+	if (to_vmx(vcpu)->nested.enlightened_vmcs_enabled)
+		return nested_evmcs_check_controls(vmcs12);
+
 	return 0;
 }