From nobody Wed Nov 27 00:33:03 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1701815387; cv=pass; d=zohomail.com; s=zohoarc; b=XNQaddLIzkBKiFgFDBMM/WKr9mYDkWSgvJPhj5kg8NuuNC2txHC4Sq72f/bkoBB/HJTFVP9aDgTbzLrxSq4CRK59It4lMv060B5qoM58aEwxKAVAqODeM6G3DRNN3MKf/XaHxHLOoIC5477XJZeTrvE9vAyvzcqEeLcURO69S+Q= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1701815387; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=T/Pj+kgHtUV4ZrZ3URY/U4pJ9dgcilvNFGA0IShckSI=; b=NYaZtNPPVwXcu1tw4FBoaJ6ZDHFBrdf24PI5YKxfSB1t5GQpdx1yBTHPsNXMRP+i/xQzvUh2Ikv29JAi6LgSd2DsTHrifQtQXvYpsat5snoiDtZHRE5cxvyXmwlcm6T35rA8pW3JLIKrbD/hWdPtMuQ5/dmXtqgGRtWt97mZO0g= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1701815387761702.135689799281; Tue, 5 Dec 2023 14:29:47 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rAduW-0003yM-D1; Tue, 05 Dec 2023 17:29:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rAduS-0003wD-Q8 for qemu-devel@nongnu.org; Tue, 05 Dec 2023 17:28:56 -0500 Received: from mail-bn8nam04on2062b.outbound.protection.outlook.com ([2a01:111:f400:7e8d::62b] helo=NAM04-BN8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rAduQ-0005KP-Hx for qemu-devel@nongnu.org; Tue, 05 Dec 2023 17:28:56 -0500 Received: from DM6PR12CA0024.namprd12.prod.outlook.com (2603:10b6:5:1c0::37) by IA1PR12MB6483.namprd12.prod.outlook.com (2603:10b6:208:3a8::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7046.34; Tue, 5 Dec 2023 22:28:50 +0000 Received: from CY4PEPF0000FCC3.namprd03.prod.outlook.com (2603:10b6:5:1c0:cafe::a0) by DM6PR12CA0024.outlook.office365.com (2603:10b6:5:1c0::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7046.34 via Frontend Transport; Tue, 5 Dec 2023 22:28:49 +0000 Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000FCC3.mail.protection.outlook.com (10.167.242.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7068.20 via Frontend Transport; Tue, 5 Dec 2023 22:28:49 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Tue, 5 Dec 2023 16:28:48 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SPXjF7IQ5n2YZ5Bs/CFyK2d8TpoNr9JvvFnEqeggj6xWWKoEYybzL/EL+Uh5282SGW/3BhcCV0Qbih3Bap2L3cc6/Hy/t/MXrRIN8SaGsrI3uKM4dIRiWa5bDQnTKjzKYQuOBIofVHjM89hdF9zN+smG4GfBH6a4fUR1ldzM80Ye7Z5gMG9dRO+qlEiwMt8mP31JS8cJiBh4mYnsvDWfgi8gB3gMUdU0un7+Cea/xJHiM6dM8CziFOaVWCEBo9dTT8C3OvfT3hMY4ZV7spniqcUweogaX+uU5DJBvJbmqoNnBaSZzNwbtZ59bxH1mO8L7L6ZFQ9IekDBunsCPwEKOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T/Pj+kgHtUV4ZrZ3URY/U4pJ9dgcilvNFGA0IShckSI=; b=CVGPJZWQgL+niK5L5gcAbIWDal+0jsAf4DY2k2/2XBg4mWL6yMXU6CeRrr32SwjvCSiib+CP0qqTMzWBX5/NLHJB13K1eM3sByiqfjg02/cd/24RpEUh+MKniGd/bDh02cgipe8HJdCLXkDbPvYy/WZpEu96dLYQu5oSK2nnRydB1uK7/wEgx9E7UMxXu52IPl5u3vIe3kvwGQDxz6VM3xZyPLr9bFAOhkgNrLzpB9dwMI0322QgBIt/QQkeOFS/KtSRuNY9P8j/FPlOpYzB6opTPmysqhzq+N4tADgH8Krb1xyYsJjCk7R7SYL48uFpydSp+Y+riR7bYfJsAhS4aQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T/Pj+kgHtUV4ZrZ3URY/U4pJ9dgcilvNFGA0IShckSI=; b=mxi/hiPvP29prAQFPESdTKrbl1FmC3ImU3VULAFbK2NLFM8A1haBPigoRaLRuG9fOgAfFJzNtglDiKAHicv7HxTR3QSjWVfhQZE9uQ9/hOJ2A4KhZc3bplb3J4ldtR0Y0RrMqekXmlngU5ITm28bi8mMijieH7MzswgTnAZHt+Y= X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Michael Roth To: CC: Paolo Bonzini , Marcelo Tosatti , Tom Lendacky , Akihiko Odaki , Subject: [PATCH v2 for-8.2?] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit Date: Tue, 5 Dec 2023 16:28:16 -0600 Message-ID: <20231205222816.1152720-1-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000FCC3:EE_|IA1PR12MB6483:EE_ X-MS-Office365-Filtering-Correlation-Id: e39938e1-3f89-4fe3-73a6-08dbf5e18da4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MfqHVaOcO2GRjk1MzzjmR/xSycNBSy/AxPBXKcdZ/aqk3wTeB215hadanjNV1kPXN3aP8+Xo+XmFn0e1iErYxGfCiwIQYQiSh18oYBMDknuCzQTCozbnAnQQ8YldSbPWqgmiHWZcKsdu2Vz3DpgCLBahhvB7qCflpXI6kdMR3+45D4f7SoTKXsfYbeRaM+hLtQjGJF/dj9LQ7PTnFHu/oBKNzYYRlgvRV3xOKlACycrvR4RxVMB4YF8XpnJ66Oo7270vqXzeryks8GbkoOEa1R78Mcl6V6hJHUPYpwDgBkDWC7LthAjN5MV4ZgHVsz7uJ8y8jf0fZQhXndeNSqQmPvr8NBW3we4MFK/SR8Xq7JAq0vp+r30UTMVW4aATTO89xHVwZW88N8D3tQtqdfZNDoaH2SpS5zFqrZ1xm+0PXzrKZFGWJe+ZkcKE6alL0MtDrjA8+b3HbRJhL/i4txOP9I/MWYxU6Tkn+TkZoY6qFU7Q+DnAbfr5RBnUKdq9AQgQRMbQrZsD9bSLligBKweTiZ+oPcFNRrufykczAjrbo/+aft8OnhXeCXivcESBR9+AqXj53Zq4guylFVaTIMfkM4s5OCSOk1IlfjcYBz+0jqyS4mM6KmonYg0sRgZAgMXxE18w2/klSJMxvVOqawYIzPFChJA03qUC8BCmcIVFLl2rTFpFo20U/mJ9rEhQmddHT50bGQpOorWXRM/Fe6Xh52foTL0cYWvSAK4X7fQaj5m6M1iqIrEM1kRF1hnRXI4Dzj/xPPQl3nuqwoEC5/eWPA== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(376002)(346002)(136003)(39860400002)(230922051799003)(451199024)(1800799012)(186009)(82310400011)(64100799003)(46966006)(36840700001)(40470700004)(40460700003)(426003)(83380400001)(478600001)(2616005)(26005)(16526019)(336012)(6666004)(1076003)(316002)(54906003)(6916009)(86362001)(8676002)(4326008)(8936002)(41300700001)(70206006)(70586007)(36756003)(36860700001)(40480700001)(2906002)(44832011)(5660300002)(82740400003)(81166007)(356005)(47076005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2023 22:28:49.4150 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e39938e1-3f89-4fe3-73a6-08dbf5e18da4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000FCC3.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6483 Received-SPF: softfail client-ip=2a01:111:f400:7e8d::62b; envelope-from=Michael.Roth@amd.com; helo=NAM04-BN8-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1701815390006100003 Content-Type: text/plain; charset="utf-8" Commit 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") added error checking for KVM_SET_SREGS/KVM_SET_SREGS2. In doing so, it exposed a long-running bug in current KVM support for SEV-ES where the kernel assumes that MSR_EFER_LMA will be set explicitly by the guest kernel, in which case EFER write traps would result in KVM eventually seeing MSR_EFER_LMA get set and recording it in such a way that it would be subsequently visible when accessing it via KVM_GET_SREGS/etc. However, guests kernels currently rely on MSR_EFER_LMA getting set automatically when MSR_EFER_LME is set and paging is enabled via CR0_PG_MASK. As a result, the EFER write traps don't actually expose the MSR_EFER_LMA even though it is set internally, and when QEMU subsequently tries to pass this EFER value back to KVM via KVM_SET_SREGS* it will fail various sanity checks and return -EINVAL, which is now considered fatal due to the aforementioned QEMU commit. This can be addressed by inferring the MSR_EFER_LMA bit being set when paging is enabled and MSR_EFER_LME is set, and synthesizing it to ensure the expected bits are all present in subsequent handling on the host side. Ultimately, this handling will be implemented in the host kernel, but to avoid breaking QEMU's SEV-ES support when using older host kernels, the same handling can be done in QEMU just after fetching the register values via KVM_GET_SREGS*. Implement that here. Cc: Paolo Bonzini Cc: Marcelo Tosatti Cc: Tom Lendacky Cc: Akihiko Odaki Cc: kvm@vger.kernel.org Fixes: 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") Signed-off-by: Michael Roth --- v2: - Add handling for KVM_GET_SREGS, not just KVM_GET_SREGS2 target/i386/kvm/kvm.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 11b8177eff..8721c1bf8f 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -3610,6 +3610,7 @@ static int kvm_get_sregs(X86CPU *cpu) { CPUX86State *env =3D &cpu->env; struct kvm_sregs sregs; + target_ulong cr0_old; int ret; =20 ret =3D kvm_vcpu_ioctl(CPU(cpu), KVM_GET_SREGS, &sregs); @@ -3637,12 +3638,18 @@ static int kvm_get_sregs(X86CPU *cpu) env->gdt.limit =3D sregs.gdt.limit; env->gdt.base =3D sregs.gdt.base; =20 + cr0_old =3D env->cr[0]; env->cr[0] =3D sregs.cr0; env->cr[2] =3D sregs.cr2; env->cr[3] =3D sregs.cr3; env->cr[4] =3D sregs.cr4; =20 env->efer =3D sregs.efer; + if (sev_es_enabled() && env->efer & MSR_EFER_LME) { + if (!(cr0_old & CR0_PG_MASK) && env->cr[0] & CR0_PG_MASK) { + env->efer |=3D MSR_EFER_LMA; + } + } =20 /* changes to apic base and cr8/tpr are read back via kvm_arch_post_ru= n */ x86_update_hflags(env); @@ -3654,6 +3661,7 @@ static int kvm_get_sregs2(X86CPU *cpu) { CPUX86State *env =3D &cpu->env; struct kvm_sregs2 sregs; + target_ulong cr0_old; int i, ret; =20 ret =3D kvm_vcpu_ioctl(CPU(cpu), KVM_GET_SREGS2, &sregs); @@ -3676,12 +3684,18 @@ static int kvm_get_sregs2(X86CPU *cpu) env->gdt.limit =3D sregs.gdt.limit; env->gdt.base =3D sregs.gdt.base; =20 + cr0_old =3D env->cr[0]; env->cr[0] =3D sregs.cr0; env->cr[2] =3D sregs.cr2; env->cr[3] =3D sregs.cr3; env->cr[4] =3D sregs.cr4; =20 env->efer =3D sregs.efer; + if (sev_es_enabled() && env->efer & MSR_EFER_LME) { + if (!(cr0_old & CR0_PG_MASK) && env->cr[0] & CR0_PG_MASK) { + env->efer |=3D MSR_EFER_LMA; + } + } =20 env->pdptrs_valid =3D sregs.flags & KVM_SREGS2_FLAGS_PDPTRS_VALID; =20 --=20 2.25.1