From nobody Sat Apr 11 21:02:49 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C9D7AC25B07
	for <linux-kernel@archiver.kernel.org>; Fri,  5 Aug 2022 17:30:00 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241181AbiHER37 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 5 Aug 2022 13:29:59 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44226 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240758AbiHER3w (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Aug 2022 13:29:52 -0400
Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com
 [IPv6:2607:f8b0:4864:20::649])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 655F11D32B
        for <linux-kernel@vger.kernel.org>;
 Fri,  5 Aug 2022 10:29:51 -0700 (PDT)
Received: by mail-pl1-x649.google.com with SMTP id
 k13-20020a170902c40d00b0016f90eba744so1393393plk.22
        for <linux-kernel@vger.kernel.org>;
 Fri, 05 Aug 2022 10:29:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:references:mime-version:message-id:in-reply-to
         :date:reply-to:from:to:cc;
        bh=5SQiUIrWt63c1yz0h4edznhSSgW9XtnGLriTtZ5Csqo=;
        b=n32VlX2tmwaL/M2M1vAwIeDcHUhkTAE9fpPjlCC2hL61Cds4Is/0wC6zPMSmtu8gcu
         q6pQuhh+uAGmG59R6+bHEGMzEYYmvuCgKI7bQ2+2TL72PGLLpMPr4a/7XVCfY52IQx/q
         SjfYFN5op45rkIz55GCdVNOQ/f5Dzej7x/IcxveEhA8ms/6BaB13+OMv7Lb2HGhHkwP4
         OxV+kEQuln6z3/hLSs+w2fRPxK01Xtk1u7PNKo4sHpt0z2XXas/iASCb57lhuJ1Cj3ey
         0/MSMToZua2Kn5D2Lw/Ok5TNumtMU8h+GEfLbveC/nSM5qloOL1khuSCFC7hkUxrxd/N
         c6Wg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:references:mime-version:message-id:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc;
        bh=5SQiUIrWt63c1yz0h4edznhSSgW9XtnGLriTtZ5Csqo=;
        b=YgqxsDvHXNQJ43PUI7/ckgDhXAKIYFJi35nVoYlZq8X4CHu14KJVLstvCPKdOYSP7w
         aIHHoI8dKlKYfszaV1Q6fSoidGLkOYIHmBYJGF8MwIrQD1IB2r0LgMvx5brfkO1GHLuN
         Ll6hVHZeXPXDKMwLaIdrcg6Pq7pZ+AVLq2HILv45dDSXWVyR+Iy0uTRwSPnIATX5goZY
         vinKR+rc+SuXrJOvGg0zAOjRFhRRJ8eQl7SAAh+6xUxL+nOMyR2Vcx2pJsA22EjuJG8K
         yTOki2VRE4IRRvYSfOurc+XgdtcD1swhgGmwR73MvDZ+ADV9cmq/H3mVfxnHk43PqrmK
         tZ2g==
X-Gm-Message-State: ACgBeo3UDhbrwRjNMzwh2wG9RThovOsChYBKkeGk2Ftrx9Kx0EuOynXJ
        LBl99i+04R25Sc+B+D+RQ6KBAGRarow=
X-Google-Smtp-Source: 
 AA6agR4gh1rKeuU4lPLj/Zw073/tYxXNOnQqj7U7/YCyzslYDJTzrrsxk8GO0jaJzSWY1qRGqXTgEqJYbw8=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90a:249:b0:1e0:a8a3:3c6c with SMTP id
 t9-20020a17090a024900b001e0a8a33c6cmr1035409pje.0.1659720590319; Fri, 05 Aug
 2022 10:29:50 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  5 Aug 2022 17:29:43 +0000
In-Reply-To: <20220805172945.35412-1-seanjc@google.com>
Message-Id: <20220805172945.35412-2-seanjc@google.com>
Mime-Version: 1.0
References: <20220805172945.35412-1-seanjc@google.com>
X-Mailer: git-send-email 2.37.1.559.g78731f0fdb-goog
Subject: [RFC PATCH 1/3] KVM: x86: Add macros to track first...last VMX
 feature MSRs
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Like Xu <like.xu.linux@gmail.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Add macros to track the range of VMX feature MSRs that are emulated by
KVM to reduce the maintenance cost of extending the set of emulated MSRs.

Note, KVM doesn't necessarily emulate all known/consumed VMX MSRs, e.g.
PROCBASED_CTLS3 is consumed by KVM to enable IPI virtualization, but is
not emulated as KVM doesn't emulate/virtualize IPI virtualization for
nested guests.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/svm.c | 2 +-
 arch/x86/kvm/vmx/vmx.c | 8 ++++----
 arch/x86/kvm/x86.h     | 8 ++++++++
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 38f873cb6f2c..0d7ad9a55a33 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4147,7 +4147,7 @@ static bool svm_has_emulated_msr(struct kvm *kvm, u32=
 index)
 {
 	switch (index) {
 	case MSR_IA32_MCG_EXT_CTL:
-	case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
+	case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
 		return false;
 	case MSR_IA32_SMBASE:
 		/* SEV-ES guests do not support SMM, so report false */
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index d7f8331d6f7e..36732339c5f7 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1830,7 +1830,7 @@ static inline bool vmx_feature_control_msr_valid(stru=
ct kvm_vcpu *vcpu,
 static int vmx_get_msr_feature(struct kvm_msr_entry *msr)
 {
 	switch (msr->index) {
-	case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
+	case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
 		if (!nested)
 			return 1;
 		return vmx_get_vmx_msr(&vmcs_config.nested, msr->index, &msr->data);
@@ -1918,7 +1918,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct =
msr_data *msr_info)
 		msr_info->data =3D to_vmx(vcpu)->msr_ia32_sgxlepubkeyhash
 			[msr_info->index - MSR_IA32_SGXLEPUBKEYHASH0];
 		break;
-	case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
+	case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
 		if (!nested_vmx_allowed(vcpu))
 			return 1;
 		if (vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index,
@@ -2254,7 +2254,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct =
msr_data *msr_info)
 		vmx->msr_ia32_sgxlepubkeyhash
 			[msr_index - MSR_IA32_SGXLEPUBKEYHASH0] =3D data;
 		break;
-	case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
+	case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
 		if (!msr_info->host_initiated)
 			return 1; /* they are read-only */
 		if (!nested_vmx_allowed(vcpu))
@@ -6854,7 +6854,7 @@ static bool vmx_has_emulated_msr(struct kvm *kvm, u32=
 index)
 		 * real mode.
 		 */
 		return enable_unrestricted_guest || emulate_invalid_guest_state;
-	case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
+	case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR:
 		return nested;
 	case MSR_AMD64_VIRT_SPEC_CTRL:
 	case MSR_AMD64_TSC_RATIO:
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 1926d2cb8e79..ae151aea17c5 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -39,6 +39,14 @@ void kvm_spurious_fault(void);
 	failed;								\
 })
=20
+/*
+ * The first...last VMX feature MSRs that are emulated by KVM.  This may o=
r may
+ * not cover all known VMX MSRs, as KVM doesn't emulate an MSR until there=
's an
+ * associated feature that KVM supports for nested virtualization.
+ */
+#define KVM_FIRST_EMULATED_VMX_MSR	MSR_IA32_VMX_BASIC
+#define KVM_LAST_EMULATED_VMX_MSR	MSR_IA32_VMX_VMFUNC
+
 #define KVM_DEFAULT_PLE_GAP		128
 #define KVM_VMX_DEFAULT_PLE_WINDOW	4096
 #define KVM_DEFAULT_PLE_WINDOW_GROW	2
--=20
2.37.1.559.g78731f0fdb-goog
From nobody Sat Apr 11 21:02:49 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 46181C00140
	for <linux-kernel@archiver.kernel.org>; Fri,  5 Aug 2022 17:30:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240883AbiHERaB (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 5 Aug 2022 13:30:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44296 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241038AbiHER3y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Aug 2022 13:29:54 -0400
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0847C18E23
        for <linux-kernel@vger.kernel.org>;
 Fri,  5 Aug 2022 10:29:53 -0700 (PDT)
Received: by mail-yb1-xb4a.google.com with SMTP id
 m5-20020a2598c5000000b0066faab590c5so2534423ybo.7
        for <linux-kernel@vger.kernel.org>;
 Fri, 05 Aug 2022 10:29:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:references:mime-version:message-id:in-reply-to
         :date:reply-to:from:to:cc;
        bh=5nd+QHkezC7wDBMujecCebsDnqxzcfp3VqzkbDB+1ZY=;
        b=DnOb8bwV0reEzqOE8dLWn32Z17o+ZPD0gWkotVkH8nAS6CICHPt1fGcC2ElNxJdPQK
         wnb7dFEtlt1+0LPYQ3A367GH31qiMZA9pd2frkidQmgLtLCYGSShnhiPkjUMrEoKcp1Y
         JCHhRtoHKzO/W6iEa2RJBeP8cNZ0UN1oxhKSl8Fc3XvoXbg3zXigmcFeSjpptBgKyZPN
         Rm7xXwAYACIxIFybgTQ8usbzS+7Za0xZDy1f8ivYjwnIq0NVtY9x9VVnb/h9V3CDDSji
         cK8eMa+GIi7M4aZbZ59iQt+YVT6HZjUAsGQuZ4qMpX4BtZ/n/DqTAvSbUVYJUPwXmuht
         5K6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:references:mime-version:message-id:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc;
        bh=5nd+QHkezC7wDBMujecCebsDnqxzcfp3VqzkbDB+1ZY=;
        b=bCzqAyi/LIhtvkR5+6U26nX5Gt2EHqtPrtcQeHD/Hi/SCgeb+SdU/cyA73a5d19oZi
         8Xbpf507lO6Z0ryGdXEHUYZttsvQBQJKcDDHvas7au28RYgEBhnshIHx81YJ60s4dKDy
         sJKXqb9T65mPESbnfk2ItV0UTsjQmwdBQSo78gpu7kBej4IkmjQ3T0pITqseBBtY66ee
         jj4/I1GEe17ZTqIvKLYEtEc1UTLymXOW5SMkM9gjkFoajeUjHknQTqonNZFm2NcD5wiN
         k044XxupHEJgLYToEQIZ8IiutWJOmqrDHGOQm5ZouUqZjtiK9y8NxBIVOZTpSi3a4zUR
         kwLQ==
X-Gm-Message-State: ACgBeo0cHNKquAtk27PCk6/8Fa25JMT6yRcQAavIdiU9YNhhxz+L3om7
        Vmg8VQ012krEZqPGXIL2MDcv4AzrP3Q=
X-Google-Smtp-Source: 
 AA6agR6FXspFxnD/imEsB3LwRU4R1AlGUQznLhWzTAZ2mHOmrtn7vyMPakxXn/YCpqQ0NP4u6NlmA2MURVc=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a81:2f13:0:b0:329:5766:5bb7 with SMTP id
 v19-20020a812f13000000b0032957665bb7mr1974435ywv.391.1659720592290; Fri, 05
 Aug 2022 10:29:52 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  5 Aug 2022 17:29:44 +0000
In-Reply-To: <20220805172945.35412-1-seanjc@google.com>
Message-Id: <20220805172945.35412-3-seanjc@google.com>
Mime-Version: 1.0
References: <20220805172945.35412-1-seanjc@google.com>
X-Mailer: git-send-email 2.37.1.559.g78731f0fdb-goog
Subject: [RFC PATCH 2/3] KVM: x86: Generate set of VMX feature MSRs using
 first/last definitions
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Like Xu <like.xu.linux@gmail.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Add VMX MSRs to the runtime list of feature MSRs by iterating over the
range of emulated MSRs instead of manually defining each MSR in the "all"
list.  Using the range definition reduces the cost of emulating a new VMX
MSR, e.g. prevents forgetting to add an MSR to the list.

Extracting the VMX MSRs from the "all" list, which is a compile-time
constant, also shrinks the list to the point where the compiler can
heavily optimize code that iterates over the list.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 53 +++++++++++++++++++---------------------------
 1 file changed, 22 insertions(+), 31 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 33560bfa0cac..a1c65b77fb16 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1526,36 +1526,19 @@ static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_a=
ll)];
 static unsigned num_emulated_msrs;
=20
 /*
- * List of msr numbers which are used to expose MSR-based features that
- * can be used by a hypervisor to validate requested CPU features.
+ * List of MSRs that control the existence of MSR-based features, i.e. MSRs
+ * that are effectively CPUID leafs.  VMX MSRs are also included in the se=
t of
+ * feature MSRs, but are handled separately to allow expedited lookups.
  */
-static const u32 msr_based_features_all[] =3D {
-	MSR_IA32_VMX_BASIC,
-	MSR_IA32_VMX_TRUE_PINBASED_CTLS,
-	MSR_IA32_VMX_PINBASED_CTLS,
-	MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
-	MSR_IA32_VMX_PROCBASED_CTLS,
-	MSR_IA32_VMX_TRUE_EXIT_CTLS,
-	MSR_IA32_VMX_EXIT_CTLS,
-	MSR_IA32_VMX_TRUE_ENTRY_CTLS,
-	MSR_IA32_VMX_ENTRY_CTLS,
-	MSR_IA32_VMX_MISC,
-	MSR_IA32_VMX_CR0_FIXED0,
-	MSR_IA32_VMX_CR0_FIXED1,
-	MSR_IA32_VMX_CR4_FIXED0,
-	MSR_IA32_VMX_CR4_FIXED1,
-	MSR_IA32_VMX_VMCS_ENUM,
-	MSR_IA32_VMX_PROCBASED_CTLS2,
-	MSR_IA32_VMX_EPT_VPID_CAP,
-	MSR_IA32_VMX_VMFUNC,
-
+static const u32 msr_based_features_all_except_vmx[] =3D {
 	MSR_F10H_DECFG,
 	MSR_IA32_UCODE_REV,
 	MSR_IA32_ARCH_CAPABILITIES,
 	MSR_IA32_PERF_CAPABILITIES,
 };
=20
-static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all)];
+static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all_except_vmx=
) +
+			      (KVM_LAST_EMULATED_VMX_MSR - KVM_FIRST_EMULATED_VMX_MSR + 1)];
 static unsigned int num_msr_based_features;
=20
 static u64 kvm_get_arch_capabilities(void)
@@ -6868,6 +6851,18 @@ long kvm_arch_vm_ioctl(struct file *filp,
 	return r;
 }
=20
+static void kvm_proble_feature_msr(u32 msr_index)
+{
+	struct kvm_msr_entry msr =3D {
+		.index =3D msr_index,
+	};
+
+	if (kvm_get_msr_feature(&msr))
+		return;
+
+	msr_based_features[num_msr_based_features++] =3D msr_index;
+}
+
 static void kvm_init_msr_list(void)
 {
 	u32 dummy[2];
@@ -6954,15 +6949,11 @@ static void kvm_init_msr_list(void)
 		emulated_msrs[num_emulated_msrs++] =3D emulated_msrs_all[i];
 	}
=20
-	for (i =3D 0; i < ARRAY_SIZE(msr_based_features_all); i++) {
-		struct kvm_msr_entry msr;
+	for (i =3D KVM_FIRST_EMULATED_VMX_MSR; i <=3D KVM_LAST_EMULATED_VMX_MSR; =
i++)
+		kvm_proble_feature_msr(i);
=20
-		msr.index =3D msr_based_features_all[i];
-		if (kvm_get_msr_feature(&msr))
-			continue;
-
-		msr_based_features[num_msr_based_features++] =3D msr_based_features_all[=
i];
-	}
+	for (i =3D 0; i < ARRAY_SIZE(msr_based_features_all_except_vmx); i++)
+		kvm_proble_feature_msr(msr_based_features_all_except_vmx[i]);
 }
=20
 static int vcpu_mmio_write(struct kvm_vcpu *vcpu, gpa_t addr, int len,
--=20
2.37.1.559.g78731f0fdb-goog
From nobody Sat Apr 11 21:02:49 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BE0F9C00140
	for <linux-kernel@archiver.kernel.org>; Fri,  5 Aug 2022 17:30:08 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241218AbiHERaG (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 5 Aug 2022 13:30:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44308 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241105AbiHER3z (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Aug 2022 13:29:55 -0400
Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com
 [IPv6:2607:f8b0:4864:20::64a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED2A03CBFE
        for <linux-kernel@vger.kernel.org>;
 Fri,  5 Aug 2022 10:29:53 -0700 (PDT)
Received: by mail-pl1-x64a.google.com with SMTP id
 a15-20020a170902eccf00b0016f92ee2d54so1330414plh.15
        for <linux-kernel@vger.kernel.org>;
 Fri, 05 Aug 2022 10:29:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:references:mime-version:message-id:in-reply-to
         :date:reply-to:from:to:cc;
        bh=e3KAREkpALrV805apy/PR/815kpRUNyRkecRR9ka60I=;
        b=s7N8DoTy9J5L3pDUtmYf7WwNsc0rFgtyd//8fTsC4PsYsqL01l+itwXylbdINPpF42
         zPqY+T5YPKXBC3/JvrM3fdfnqfj/eeTcdNWnvE2iwA5uirekuCrZ+3S9oVF/pisilJ8V
         LJnz35HXY/vNeAkyWc9LeE7xQN7v1LIDjP0xhck2iHjbmhSHWtJDWRMYTkGiEu18k8tW
         2j0XG9x6d3IpbZgWahqwD8bBO6zToasLMve6pEoNb59EoXystkjZTr6HZAMiG4EppzGa
         0GOmS6f0zKmKP584mT1zChMCT4aA8jfOhHAOmOSPahOmuEAYMiDzD5/RGMCPQFcKLllQ
         aq3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:references:mime-version:message-id:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc;
        bh=e3KAREkpALrV805apy/PR/815kpRUNyRkecRR9ka60I=;
        b=douC2pAmGcOrycTBgskLMfwV6z9bm4IERX9whhadQvYO31tGMxut6zoP0AqCzur7W8
         LJnEybTQZkb0m7o3nWkGm3z11WiYP1gsRNsl2aGZDrb2SN+ljdkAkP16ZnDcbl1/Wa4G
         AH/jSiqZOp6yB5zVMkx0RfkI2kJFYNrKar/q889KDiB/CLc3oGtfSLMChaQMngAZZ8UQ
         b5lgRmTYUeDfHhHeUSpoqcONfV/uK1udDHP9XAfB/edIcDbnwd7yrSNlbENF96g325Ia
         BLU9toTcZdiwVlnycd7O6Fg2Ll+SHtqtOk7kwtpNNMEga/5i5s1fClPivm8tAyOGqMpr
         7Hdw==
X-Gm-Message-State: ACgBeo0j3el8yNVxUzbAT8tIcDzPkVQFvSFzYRgDDsCo5GUHMgsdKO2V
        Catb24rQ1IBpVWDnP1RvMvFdtUhsPF0=
X-Google-Smtp-Source: 
 AA6agR7cDzyiCPI5AYha+X3FMq8JCwRkuQH5rIHqmN9FcS0gSD5AMv3QZdmmLboxNF++r74yljs+DnBr5gk=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90b:4a8f:b0:1f5:ee3:a6a1 with SMTP id
 lp15-20020a17090b4a8f00b001f50ee3a6a1mr17251912pjb.149.1659720593556; Fri, 05
 Aug 2022 10:29:53 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  5 Aug 2022 17:29:45 +0000
In-Reply-To: <20220805172945.35412-1-seanjc@google.com>
Message-Id: <20220805172945.35412-4-seanjc@google.com>
Mime-Version: 1.0
References: <20220805172945.35412-1-seanjc@google.com>
X-Mailer: git-send-email 2.37.1.559.g78731f0fdb-goog
Subject: [RFC PATCH 3/3] KVM: x86: Disallow writes to immutable feature MSRs
 after KVM_RUN
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Like Xu <like.xu.linux@gmail.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Disallow writes to feature MSRs after KVM_RUN to prevent userspace from
changing the vCPU model after running the vCPU.  Similar to guest CPUID,
KVM uses feature MSRs to configure intercepts, determine what operations
are/aren't allowed, etc.  Changing the capabilities while the vCPU is
active will at best yield unpredictable guest behavior, and at worst
could be dangerous to KVM.

Allow writing the current value, e.g. so that userspace can blindly set
all MSRs when emulating RESET, and unconditionally allow writes to
MSR_IA32_UCODE_REV so that userspace can emulate patch loads.

Special case the VMX MSRs to keep the generic list small, i.e. so that
KVM can do a linear walk of the generic list without incurring meaningful
overhead.

Cc: Like Xu <like.xu.linux@gmail.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a1c65b77fb16..4da26a1f14c1 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1541,6 +1541,26 @@ static u32 msr_based_features[ARRAY_SIZE(msr_based_f=
eatures_all_except_vmx) +
 			      (KVM_LAST_EMULATED_VMX_MSR - KVM_FIRST_EMULATED_VMX_MSR + 1)];
 static unsigned int num_msr_based_features;
=20
+/*
+ * All feature MSRs except uCode revID, which tracks the currently loaded =
uCode
+ * patch, are immutable once the vCPU model is defined.
+ */
+static bool kvm_is_immutable_feature_msr(u32 msr)
+{
+	int i;
+
+	if (msr >=3D KVM_FIRST_EMULATED_VMX_MSR && msr <=3D KVM_LAST_EMULATED_VMX=
_MSR)
+		return true;
+
+	for (i =3D 0; i < ARRAY_SIZE(msr_based_features_all_except_vmx); i++) {
+		if (msr =3D=3D msr_based_features_all_except_vmx[i])
+			return msr !=3D MSR_IA32_UCODE_REV;
+	}
+
+	return false;
+}
+
+
 static u64 kvm_get_arch_capabilities(void)
 {
 	u64 data =3D 0;
@@ -2136,6 +2156,23 @@ static int do_get_msr(struct kvm_vcpu *vcpu, unsigne=
d index, u64 *data)
=20
 static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
 {
+	u64 val;
+
+	/*
+	 * Disallow writes to immutable feature MSRs after KVM_RUN.  KVM does
+	 * not support modifying the guest vCPU model on the fly, e.g. changing
+	 * the nVMX capabilities while L2 is running is nonsensical.  Ignore
+	 * writes of the same value, e.g. to allow userspace to blindly stuff
+	 * all MSRs when emulating RESET.
+	 */
+	if (vcpu->arch.last_vmentry_cpu !=3D -1 &&
+	    kvm_is_immutable_feature_msr(index)) {
+		if (do_get_msr(vcpu, index, &val) || *data !=3D val)
+			return -EINVAL;
+
+		return 0;
+	}
+
 	return kvm_set_msr_ignored_check(vcpu, index, *data, true);
 }
=20
--=20
2.37.1.559.g78731f0fdb-goog