From nobody Tue Apr 28 02:37:22 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 060DDCCA48F for ; Wed, 8 Jun 2022 02:03:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1441921AbiFHB66 (ORCPT ); Tue, 7 Jun 2022 21:58:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48694 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1835816AbiFGX5C (ORCPT ); Tue, 7 Jun 2022 19:57:02 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE6667E1FA for ; Tue, 7 Jun 2022 16:23:58 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id r10-20020a632b0a000000b003fcb4af0273so8811489pgr.1 for ; Tue, 07 Jun 2022 16:23:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=7BEMJCReDvWYRKLhlInIZ1OFpFjx1quNIbfK5hEhej4=; b=NkgordnQuuAVc31UeJpYQYToToDAsNS1qL4WUn+TkIFlIEfUpGIbU4rTmpOmS9Rkyn H5jZdL7P9KCG+61Cs3FRM1mEWhyKhkOl4hKqQqA29qa8+hs3jVTGALzrQ9QQyG68gjhA 5XesWEK1k1vi3J+iWPZxg0MeELXLa1RIFxMSuN0EIKPP/HSD1MPBVoaTwhMA6pKBeRGp pTz+Js9Q3laKX18zRENswO6LLmTOnQ5zETw82uIktLilDZ8f0IUqk4g2pFMJj+cG2a9o 04PIUH/iUhjVIiSCaL1lxwaLD4PWvykFJHrbLN3ZtTJAs4neY5ahOTpKYXsO0a+FaKzn AdHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=7BEMJCReDvWYRKLhlInIZ1OFpFjx1quNIbfK5hEhej4=; b=M9h6kyjeYvWMYVmPxIiX22KUqq/BfXQJt7wIrjYLK9XceBSuaCqlU5QoygEBAlSgnV dB9NIl+MBTxcr6AE3wt40288kCHCXervkeko/T+hI9X5TjSXhRD1zyb9p1mU5tEWqRHU VTckbhFkeU90LNC6r1Ihvb1bnkCh+ZUAB6VNLzbBrAGOUlbhrQ2coaAqfRIiBmIZ17uu Riodcz6aybYXJ1wEZkHpmzMzJJC/YacPPjWEoVzp2kr+NKMuv5WRFWYiTYOw9R1DtDEG Wfu9jPkiZ5uwHW4a6cRMDftbJMKCEdcVXz1SC8RBpybCkDNXCCOIuLCbC3WDpsKgsdw0 GFrg== X-Gm-Message-State: AOAM531FbPi4s/O2B4LfPfZvNpHyNWnrNDHjBF9St90IUjdMEewDbjXR aMaKFuQjikk2NPeMzI0V3lAzAcZIDJU= X-Google-Smtp-Source: ABdhPJwKUS2rXe4ZMRGjiGGfUOn8NT8M/vx1ChFdkFHaTIAOt6gmH867C8Af6ZFHbfa0UQNuE8DP+0nAHVo= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a17:903:234b:b0:166:4459:c43a with SMTP id c11-20020a170903234b00b001664459c43amr28857631plh.35.1654644238156; Tue, 07 Jun 2022 16:23:58 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 7 Jun 2022 23:23:51 +0000 In-Reply-To: <20220607232353.3375324-1-seanjc@google.com> Message-Id: <20220607232353.3375324-2-seanjc@google.com> Mime-Version: 1.0 References: <20220607232353.3375324-1-seanjc@google.com> X-Mailer: git-send-email 2.36.1.255.ge46751e96f-goog Subject: [PATCH 1/3] KVM: VMX: Allow userspace to set all supported FEATURE_CONTROL bits From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allow userspace to set all supported bits in MSR IA32_FEATURE_CONTROL irrespective of the guest CPUID model, e.g. via KVM_SET_MSRS. KVM's ABI is that userspace is allowed to set MSRs before CPUID, i.e. can set MSRs to values that would fault according to the guest CPUID model. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index fd2e707faf2b..8e83e12373c5 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1741,12 +1741,38 @@ bool nested_vmx_allowed(struct kvm_vcpu *vcpu) return nested && guest_cpuid_has(vcpu, X86_FEATURE_VMX); } =20 -static inline bool vmx_feature_control_msr_valid(struct kvm_vcpu *vcpu, - uint64_t val) +/* + * Userspace is allowed to set any supported IA32_FEATURE_CONTROL regardle= ss of + * guest CPUID. Note, KVM allows userspace to set "VMX in SMX" to maintain + * backwards compatibility even though KVM doesn't support emulating SMX. = And + * because userspace set "VMX in SMX", the guest must also be allowed to s= et it, + * e.g. if the MSR is left unlocked and the guest does a RMW operation. + */ +#define KVM_SUPPORTED_FEATURE_CONTROL (FEAT_CTL_LOCKED | \ + FEAT_CTL_VMX_ENABLED_INSIDE_SMX | \ + FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX | \ + FEAT_CTL_SGX_LC_ENABLED | \ + FEAT_CTL_SGX_ENABLED | \ + FEAT_CTL_LMCE_ENABLED) + +static inline bool vmx_feature_control_msr_valid(struct vcpu_vmx *vmx, + struct msr_data *msr) { - uint64_t valid_bits =3D to_vmx(vcpu)->msr_ia32_feature_control_valid_bits; + uint64_t valid_bits; =20 - return !(val & ~valid_bits); + /* + * Ensure KVM_SUPPORTED_FEATURE_CONTROL is updated when new bits are + * exposed to the guest. + */ + WARN_ON_ONCE(vmx->msr_ia32_feature_control_valid_bits & + ~KVM_SUPPORTED_FEATURE_CONTROL); + + if (msr->host_initiated) + valid_bits =3D KVM_SUPPORTED_FEATURE_CONTROL; + else + valid_bits =3D vmx->msr_ia32_feature_control_valid_bits; + + return !(msr->data & ~valid_bits); } =20 static int vmx_get_msr_feature(struct kvm_msr_entry *msr) @@ -2139,7 +2165,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) vcpu->arch.mcg_ext_ctl =3D data; break; case MSR_IA32_FEAT_CTL: - if (!vmx_feature_control_msr_valid(vcpu, data) || + if (!vmx_feature_control_msr_valid(vmx, msr_info) || (to_vmx(vcpu)->msr_ia32_feature_control & FEAT_CTL_LOCKED && !msr_info->host_initiated)) return 1; --=20 2.36.1.255.ge46751e96f-goog From nobody Tue Apr 28 02:37:22 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 887F8C43334 for ; Wed, 8 Jun 2022 02:03:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1442164AbiFHB7q (ORCPT ); Tue, 7 Jun 2022 21:59:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1835824AbiFGX5C (ORCPT ); Tue, 7 Jun 2022 19:57:02 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72A5C7E1F1 for ; Tue, 7 Jun 2022 16:24:00 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id p123-20020a625b81000000b0051c31cc75dfso2165192pfb.5 for ; Tue, 07 Jun 2022 16:24:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=HzWsVgdFm2oYqm1OPj6CBRtZTI++je2WpE9vsT9Q4dE=; b=qfNZPl0DGpAwisczdNca9pITU2U9zMEzWm3BrXjbGd897plb5bXbxmk9W2/2Rvcw5k yv28W4H+7VJu/PtlIgHIZsV47WgaPwW1qtt3M3gOa9pyxg8/sVDWna3mdIEK8WrIjPLf Utgnt+Iy2tBPuYKAJ4WriOfIiJ27Ra12p+CcwljmCA0RcV6d/3WcWADFnwy21L3IOS05 c+ZNT425BSZ5rPfQZK7AvtaHBI3KS4HB8ZUBIp4vzhG8UEN8qU6qbdxnhFsQRriUP2J4 XLftzFfLaunpJp5g4sP5m4m1Cl6SAnJ4MCUNAXqNfkYYuGFR23mIZh1g4c0RrCBW4Qjf LF5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=HzWsVgdFm2oYqm1OPj6CBRtZTI++je2WpE9vsT9Q4dE=; b=IKWMJ5TEr8EXUnnDwAaA275khOar9/LM8LvSMjN8K7+S8cZPD/8NsL4Wc9ceybXLdM OXW+xEbiCRIH19khrFmtRuvEkXCg/eU/9UMzjdqYNaDwro3pskRVcd/JEQd1tmuSsYNp 4oeJg2T8fgVJ+W6Zh06YcZM021vWJgFKxUlCLfXMt3jXPCvPYUh0tHMVZCwTk8w4zWcy I6S/kzDDucDy5/BBSiyIey8dQ77UF9d+KUo5lqRKYFMQqMbwdNQMPOVnBETTwbS0w6v7 gFUyIvOYNug9gDaKn3D+Ufg2xVFMCl/prv9EHqTGeZgjMxD++gvvVTLmh286r+bv+cE9 EtKA== X-Gm-Message-State: AOAM533RbdM5CiSrCkmjKKE/ekkC3NxikNYj4qmifi3EPEJiKBLwGsV+ vLy3vhKJQ+loqP0ddxpZ1kj/2CCdok4= X-Google-Smtp-Source: ABdhPJwW+RRDZoQq7Au7i9xNoeOWMcVvfwUqmH7KW55H9yWzXC5KnkE0nQyEfRlvmk0fFjuflWIQaM47J68= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a05:6a00:1688:b0:517:cf7b:9293 with SMTP id k8-20020a056a00168800b00517cf7b9293mr99735795pfc.7.1654644239818; Tue, 07 Jun 2022 16:23:59 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 7 Jun 2022 23:23:52 +0000 In-Reply-To: <20220607232353.3375324-1-seanjc@google.com> Message-Id: <20220607232353.3375324-3-seanjc@google.com> Mime-Version: 1.0 References: <20220607232353.3375324-1-seanjc@google.com> X-Mailer: git-send-email 2.36.1.255.ge46751e96f-goog Subject: [PATCH 2/3] KVM: VMX: Move MSR_IA32_FEAT_CTL.LOCKED check into "is valid" helper From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move the check on IA32_FEATURE_CONTROL being locked, i.e. read-only from the guest, into the helper to check the overall validity of the incoming value. Opportunistically rename the helper to make it clear that it returns a bool. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 8e83e12373c5..eb4cd66055f8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1755,8 +1755,8 @@ bool nested_vmx_allowed(struct kvm_vcpu *vcpu) FEAT_CTL_SGX_ENABLED | \ FEAT_CTL_LMCE_ENABLED) =20 -static inline bool vmx_feature_control_msr_valid(struct vcpu_vmx *vmx, - struct msr_data *msr) +static inline bool is_vmx_feature_control_msr_valid(struct vcpu_vmx *vmx, + struct msr_data *msr) { uint64_t valid_bits; =20 @@ -1767,6 +1767,10 @@ static inline bool vmx_feature_control_msr_valid(str= uct vcpu_vmx *vmx, WARN_ON_ONCE(vmx->msr_ia32_feature_control_valid_bits & ~KVM_SUPPORTED_FEATURE_CONTROL); =20 + if (!msr->host_initiated && + (vmx->msr_ia32_feature_control & FEAT_CTL_LOCKED)) + return false; + if (msr->host_initiated) valid_bits =3D KVM_SUPPORTED_FEATURE_CONTROL; else @@ -2165,10 +2169,9 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct= msr_data *msr_info) vcpu->arch.mcg_ext_ctl =3D data; break; case MSR_IA32_FEAT_CTL: - if (!vmx_feature_control_msr_valid(vmx, msr_info) || - (to_vmx(vcpu)->msr_ia32_feature_control & - FEAT_CTL_LOCKED && !msr_info->host_initiated)) + if (!is_vmx_feature_control_msr_valid(vmx, msr_info)) return 1; + vmx->msr_ia32_feature_control =3D data; if (msr_info->host_initiated && data =3D=3D 0) vmx_leave_nested(vcpu); --=20 2.36.1.255.ge46751e96f-goog From nobody Tue Apr 28 02:37:22 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1C97CCA490 for ; Wed, 8 Jun 2022 02:03:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1441915AbiFHB6z (ORCPT ); Tue, 7 Jun 2022 21:58:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1835826AbiFGX5D (ORCPT ); Tue, 7 Jun 2022 19:57:03 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E237A80200 for ; Tue, 7 Jun 2022 16:24:01 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id lk16-20020a17090b33d000b001e68a9ac3a1so10017351pjb.2 for ; Tue, 07 Jun 2022 16:24:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=SL65DdBq082IKvdmcNTmMQtCoV8atoipRLA1QMgRDIc=; b=Dj89HPCFl8s3IAThqpjWyxys+XUKp7TTdAWJsEz4I987pFdxNw5CFgbDeuD0i1FDaq xY4XEFNbOx4im9y1Dx7FsWJIQP7VreOF9N71bVt4JaT9b26DUmf6X68S3eMss4Rs0Hwd Ghs9IJkbkv1vcxUEoBUfTrJbLAZKZXsmGC8KHZgip9ImxxNHSc9NfY1V9Is6xjgMZAEk aOL3yAPdc1HOCbZ5qFuMVphSNqUln+9s3FNJliXgsgfxBWrokE1vNPA2B9NwEFhNx/yb H5rlqym9EmwowpfN/8Ov8F+tC3rL+Dk9BhwB6wqKQym4UUpfnNsq26Kr2wSQbVZkrZXA qH0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=SL65DdBq082IKvdmcNTmMQtCoV8atoipRLA1QMgRDIc=; b=5ekeA5kfwPN5NEQpM5jqFaMleFk6n2Kk75Jd6w9WRxBnKQCUdzP2UoovZriCyiWfL2 ulKuk2/F5eyiHX8RSiZfhjvXpTvoFoe4wuBUS4gcy0PjeZxzxhflV4ahauhCedY2y4IY UgGOjHbW6WkwMlIFS4bfrM4ANLAsCbbBuAzFjJPI/owJDd9+ZtfmZIX5aFOUnFNjZMyk 3JqW9+gaWYVuFcFZmbA+TbzGOuBjmbX+PU6B3Ffkiv4OhF6AjjDt/JO18MggCa5vv0m5 0bZhsMnu2mohQ3PnJUBy4zfMfNzp7r5L+dcgiS0jgxxElNLmMtdAV0jHZfQJEPZlIb9E YFcA== X-Gm-Message-State: AOAM532PQCkEtMBtUK1+dWmV0suRBRC8KhEwSZOL8bYyqo5VegGmD5zG t95+E2GpqV3LaPeVdHCwhquaRkJmmeg= X-Google-Smtp-Source: ABdhPJyJoSTHjbaAWG6DhtVEUtxc8q7IYnUfh/+5jT8gom9jK+kagnI+KY0TsYGbyyKE1RfOYwT2L/gpxBI= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a17:902:b193:b0:158:c040:5cf8 with SMTP id s19-20020a170902b19300b00158c0405cf8mr31421223plr.146.1654644241565; Tue, 07 Jun 2022 16:24:01 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 7 Jun 2022 23:23:53 +0000 In-Reply-To: <20220607232353.3375324-1-seanjc@google.com> Message-Id: <20220607232353.3375324-4-seanjc@google.com> Mime-Version: 1.0 References: <20220607232353.3375324-1-seanjc@google.com> X-Mailer: git-send-email 2.36.1.255.ge46751e96f-goog Subject: [PATCH 3/3] KVM: selftests: Verify userspace can stuff IA32_FEATURE_CONTROL at will From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Verify the KVM allows userspace to set all supported bits in the IA32_FEATURE_CONTROL MSR irrespective of the current guest CPUID, and that all unsupported bits are rejected. Throw the testcase into vmx_msrs_test even though it's not technically a VMX MSR; it's close enough, and the most frequently feature controlled by the MSR is VMX. Signed-off-by: Sean Christopherson --- .../selftests/kvm/include/x86_64/processor.h | 2 + .../selftests/kvm/x86_64/vmx_msrs_test.c | 47 +++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools= /testing/selftests/kvm/include/x86_64/processor.h index 716e72bc9163..dd6197c7eb1d 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -101,6 +101,7 @@ struct kvm_x86_cpu_feature { #define X86_FEATURE_XMM2 KVM_X86_CPU_FEATURE(0x1, 0, EDX, 26) #define X86_FEATURE_FSGSBASE KVM_X86_CPU_FEATURE(0x7, 0, EBX, 0) #define X86_FEATURE_TSC_ADJUST KVM_X86_CPU_FEATURE(0x7, 0, EBX, 1) +#define X86_FEATURE_SGX KVM_X86_CPU_FEATURE(0x7, 0, EBX, 2) #define X86_FEATURE_HLE KVM_X86_CPU_FEATURE(0x7, 0, EBX, 4) #define X86_FEATURE_SMEP KVM_X86_CPU_FEATURE(0x7, 0, EBX, 7) #define X86_FEATURE_INVPCID KVM_X86_CPU_FEATURE(0x7, 0, EBX, 10) @@ -114,6 +115,7 @@ struct kvm_x86_cpu_feature { #define X86_FEATURE_PKU KVM_X86_CPU_FEATURE(0x7, 0, ECX, 3) #define X86_FEATURE_LA57 KVM_X86_CPU_FEATURE(0x7, 0, ECX, 16) #define X86_FEATURE_RDPID KVM_X86_CPU_FEATURE(0x7, 0, ECX, 22) +#define X86_FEATURE_SGX_LC KVM_X86_CPU_FEATURE(0x7, 0, ECX, 30) #define X86_FEATURE_SHSTK KVM_X86_CPU_FEATURE(0x7, 0, ECX, 7) #define X86_FEATURE_IBT KVM_X86_CPU_FEATURE(0x7, 0, EDX, 20) #define X86_FEATURE_AMX_TILE KVM_X86_CPU_FEATURE(0x7, 0, EDX, 24) diff --git a/tools/testing/selftests/kvm/x86_64/vmx_msrs_test.c b/tools/tes= ting/selftests/kvm/x86_64/vmx_msrs_test.c index 99d9614999c9..4a3d5a39d990 100644 --- a/tools/testing/selftests/kvm/x86_64/vmx_msrs_test.c +++ b/tools/testing/selftests/kvm/x86_64/vmx_msrs_test.c @@ -267,6 +267,52 @@ static void vmx_save_restore_msrs_test(struct kvm_vcpu= *vcpu) vmx_fixed1_msr_test(vcpu, MSR_IA32_VMX_VMFUNC, -1ull); } =20 +static void __ia32_feature_control_msr_test(struct kvm_vcpu *vcpu, + uint64_t msr_bit, + struct kvm_x86_cpu_feature feature) +{ + uint64_t val; + + vcpu_clear_cpuid_feature(vcpu, feature); + + val =3D vcpu_get_msr(vcpu, MSR_IA32_FEAT_CTL); + vcpu_set_msr(vcpu, MSR_IA32_FEAT_CTL, val | msr_bit | FEAT_CTL_LOCKED); + vcpu_set_msr(vcpu, MSR_IA32_FEAT_CTL, (val & ~msr_bit) | FEAT_CTL_LOCKED); + vcpu_set_msr(vcpu, MSR_IA32_FEAT_CTL, val | msr_bit | FEAT_CTL_LOCKED); + vcpu_set_msr(vcpu, MSR_IA32_FEAT_CTL, (val & ~msr_bit) | FEAT_CTL_LOCKED); + vcpu_set_msr(vcpu, MSR_IA32_FEAT_CTL, val); + + if (!kvm_cpu_has(feature)) + return; + + vcpu_set_cpuid_feature(vcpu, feature); +} + +static void ia32_feature_control_msr_test(struct kvm_vcpu *vcpu) +{ + uint64_t supported_bits =3D FEAT_CTL_LOCKED | + FEAT_CTL_VMX_ENABLED_INSIDE_SMX | + FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX | + FEAT_CTL_SGX_LC_ENABLED | + FEAT_CTL_SGX_ENABLED | + FEAT_CTL_LMCE_ENABLED; + int bit, r; + + __ia32_feature_control_msr_test(vcpu, FEAT_CTL_VMX_ENABLED_INSIDE_SMX, X8= 6_FEATURE_SMX); + __ia32_feature_control_msr_test(vcpu, FEAT_CTL_VMX_ENABLED_INSIDE_SMX, X8= 6_FEATURE_VMX); + __ia32_feature_control_msr_test(vcpu, FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX, X= 86_FEATURE_VMX); + __ia32_feature_control_msr_test(vcpu, FEAT_CTL_SGX_LC_ENABLED, X86_FEATUR= E_SGX_LC); + __ia32_feature_control_msr_test(vcpu, FEAT_CTL_SGX_LC_ENABLED, X86_FEATUR= E_SGX); + __ia32_feature_control_msr_test(vcpu, FEAT_CTL_SGX_ENABLED, X86_FEATURE_S= GX); + __ia32_feature_control_msr_test(vcpu, FEAT_CTL_LMCE_ENABLED, X86_FEATURE_= MCE); + + for_each_clear_bit(bit, &supported_bits, 64) { + r =3D _vcpu_set_msr(vcpu, MSR_IA32_FEAT_CTL, BIT(bit)); + TEST_ASSERT(r =3D=3D 0, + "Setting reserved bit %d in IA32_FEATURE_CONTROL should fail", bit); + } +} + int main(void) { struct kvm_vcpu *vcpu; @@ -282,6 +328,7 @@ int main(void) load_and_clear_bndcfgs_test(vm, vcpu); cr4_reserved_bits_test(vm, vcpu); vmx_save_restore_msrs_test(vcpu); + ia32_feature_control_msr_test(vcpu); =20 kvm_vm_free(vm); } --=20 2.36.1.255.ge46751e96f-goog