From nobody Tue Sep 16 02:19:42 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE9E9C5479D for ; Sat, 7 Jan 2023 01:10:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236888AbjAGBKq (ORCPT ); Fri, 6 Jan 2023 20:10:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59494 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236389AbjAGBKf (ORCPT ); Fri, 6 Jan 2023 20:10:35 -0500 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE44D848D0 for ; Fri, 6 Jan 2023 17:10:30 -0800 (PST) Received: by mail-pj1-x104a.google.com with SMTP id h7-20020a17090a710700b00225b277a376so1325589pjk.0 for ; Fri, 06 Jan 2023 17:10:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=LV2RtCx7AgI4jwo15Fa/1V+X8I2HVQFzUwPIYOqkwuM=; b=RB0P+AiM7Ro6qxXSPF3+Sp9LanhO69duwhhSSgPfbLzQX1hAhPZ9YyOopGd1vMiuX6 67K3IfOePjx3hVXxgft+SzLK8wCmCzQTIhgeHB+BQVfqf94kiS+zvq2waY9ztBvTRV83 BiwVZQwxeLB0WKivldbm+ZhsPF/dqhdTxWuaPck9nML4vD5wsTqENEULq2yxCpoitrVh QkXEIWaquzKahVnoedYm/fQ6GJwAdSFD4CoNcX73oywhUb3z1ETpDva+ItRqAiMeqvqQ cgLx23h6rc6sssovy3wdMbZXXKIR6oj8rmNJkN0Q+mrnOtgILXUXZ2+V95MYcnaUYILB 34Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LV2RtCx7AgI4jwo15Fa/1V+X8I2HVQFzUwPIYOqkwuM=; b=gBxnn6zb4GzQFDJNQbY2KICcqw1eRLkoBpuLrHavo1b+flLF8D2rOIwk5LXJCgfUW1 21XSgGMTospK7bTG4lH5ugkAhN3ED4IKYivaZHJImsX0VHpLW9eFfEIClguB3mRquQog 7K4qb7Egcj/KLSLL4ke4BrfSo7bdagrOvcJHDyvRrx3e74cOipPpjBb0zhEhn2V1jMaI /oAeYn7/h/j1YVACzK7C43cXVtJS3f2soBtL62/g/+gO3oy9+fwh3Kr+1qcyO+SNrhG7 2Nrtv+1BqHYAHxfvfk7inq57eg1AA/+Y1jZnpLlnJ87LmE6raNP0uHfV/AK3QbKOBOdi lCPw== X-Gm-Message-State: AFqh2kqv3EYbZqlqBWwLgpTPpVyk9c+105nNT2UbfNh2A8LfLa5ZLr0E u3s65/xZzkbSlQbFO1pIbM2ixDMWnUo= X-Google-Smtp-Source: AMrXdXsyXZUOj1a/2/DniWCHXzsM4PEJ3Kwwp5WBDrvDVi3eDp1/faIIPIhPetyQes+WaMJb8b6ximeom1A= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:2487:b0:57a:a199:902f with SMTP id c7-20020a056a00248700b0057aa199902fmr4031049pfv.52.1673053830336; Fri, 06 Jan 2023 17:10:30 -0800 (PST) Reply-To: Sean Christopherson Date: Sat, 7 Jan 2023 01:10:20 +0000 In-Reply-To: <20230107011025.565472-1-seanjc@google.com> Mime-Version: 1.0 References: <20230107011025.565472-1-seanjc@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Message-ID: <20230107011025.565472-2-seanjc@google.com> Subject: [PATCH 1/6] KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Orr , Ben Gardon , Venkatesh Srinivas Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Inject a #GP if the guest attempts to set reserved bits in the x2APIC-only Self-IPI register. Bits 7:0 hold the vector, all other bits are reserved. Reported-by: Marc Orr Cc: Ben Gardon Cc: Venkatesh Srinivas Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Reviewed-by: Maxim Levitsky --- arch/x86/kvm/lapic.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 80f92cbc4029..f77da92c6ea6 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2315,10 +2315,14 @@ static int kvm_lapic_reg_write(struct kvm_lapic *ap= ic, u32 reg, u32 val) break; =20 case APIC_SELF_IPI: - if (apic_x2apic_mode(apic)) - kvm_apic_send_ipi(apic, APIC_DEST_SELF | (val & APIC_VECTOR_MASK), 0); - else + /* + * Self-IPI exists only when x2APIC is enabled. Bits 7:0 hold + * the vector, everything else is reserved. + */ + if (!apic_x2apic_mode(apic) || (val & ~APIC_VECTOR_MASK)) ret =3D 1; + else + kvm_apic_send_ipi(apic, APIC_DEST_SELF | val, 0); break; default: ret =3D 1; --=20 2.39.0.314.g84b9a713c41-goog From nobody Tue Sep 16 02:19:42 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A36E1C54EBE for ; Sat, 7 Jan 2023 01:10:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235610AbjAGBKv (ORCPT ); Fri, 6 Jan 2023 20:10:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236794AbjAGBKh (ORCPT ); Fri, 6 Jan 2023 20:10:37 -0500 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C76C848CA for ; Fri, 6 Jan 2023 17:10:32 -0800 (PST) Received: by mail-pl1-x649.google.com with SMTP id y8-20020a170902b48800b00192a600df83so2230215plr.15 for ; Fri, 06 Jan 2023 17:10:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=SUs8tClANttqi+Hnol8wJcTkjKVIAnbsM87bTemrCQY=; b=qWWqo91BVV3+ytqxD755nsAH10ni6r17FBuf3NIVJ2t+6M9OJ5GZ0EPcOGUpCSvhAz bR+QCshs/pBpsOE8ASAe4TOXSVX0DvK2Sh5JpxYGmZdBYsfk+UfsSmEqF8idhpiegdok SmYHW+Fx0sjU9GyW903xb6vpardDBVq8T1gXoO3O5/8ovMWLlExiF+m7rLHfmHEzzDPE cM8xFE+Rn4wMOsSAWW9vN4cm2aDnnUS8dcOJJGJuo7ZCW/kxbxvVaVa8HykjSkkw4YFn vy2UORCYy6kp1pZYyoXum0+320A12BaWQZlxT4Fei5X9uZiF8mSdexxhJX6oN57zdkou jHQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SUs8tClANttqi+Hnol8wJcTkjKVIAnbsM87bTemrCQY=; b=M/oPUCkNuMJjC+EV08ZnT7MAOcZFaAkrOd67FzS80zaugfVZhcGFTh5cL/RyLU4YZJ 41i6iCC/GS2zi5vL6YoQBKrwRwfqGBkWFwXFmyTHccPXUG4rV42RPKD439bcnKb+JQjW jpoF95cf0FB0v1vPYwRb3przCKgD8MLeVZRlqOEGbPos5dzfckbQVOsxvnmC89QbXWUP 6JdBFRbwqKFJv7WwYyxtperh8xNYUUoToCaZX+HmspidizdBpN6Vw6THQlpiZMdemgIJ JdGYSaTV/2IgUrwr3AFzAdiFcx4jane/3QYxRje0af+J2xZYx/1uI6OMxADnj8/Wk6jC Sp1w== X-Gm-Message-State: AFqh2kqi4jJIDiznkG+HPq03Zws0GrQpdzDD5Ln2a0FY/ukiBdJWtgoE uBUc16I5UW7w37LwwDoY/a9F2OY4pn8= X-Google-Smtp-Source: AMrXdXt3bMUn4GBz+6Q3Ao/qEuOA+If6p/VLctEyUd0CmvrocjSXdNvyLH1tnvT8nWhQYYf7l77/Vx7K63w= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:b611:b0:189:e687:b350 with SMTP id b17-20020a170902b61100b00189e687b350mr4637509pls.33.1673053832137; Fri, 06 Jan 2023 17:10:32 -0800 (PST) Reply-To: Sean Christopherson Date: Sat, 7 Jan 2023 01:10:21 +0000 In-Reply-To: <20230107011025.565472-1-seanjc@google.com> Mime-Version: 1.0 References: <20230107011025.565472-1-seanjc@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Message-ID: <20230107011025.565472-3-seanjc@google.com> Subject: [PATCH 2/6] KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32 From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Orr , Ben Gardon , Venkatesh Srinivas Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Reject attempts to set bits 63:32 for 32-bit x2APIC registers, i.e. all x2APIC registers except ICR. Per Intel's SDM: Non-zero writes (by WRMSR instruction) to reserved bits to these registers will raise a general protection fault exception Opportunistically fix a typo in a nearby comment. Reported-by: Marc Orr Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Reviewed-by: Maxim Levitsky --- arch/x86/kvm/lapic.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index f77da92c6ea6..bf53e4752f30 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -3108,13 +3108,17 @@ static int kvm_lapic_msr_read(struct kvm_lapic *api= c, u32 reg, u64 *data) static int kvm_lapic_msr_write(struct kvm_lapic *apic, u32 reg, u64 data) { /* - * ICR is a 64-bit register in x2APIC mode (and Hyper'v PV vAPIC) and + * ICR is a 64-bit register in x2APIC mode (and Hyper-V PV vAPIC) and * can be written as such, all other registers remain accessible only * through 32-bit reads/writes. */ if (reg =3D=3D APIC_ICR) return kvm_x2apic_icr_write(apic, data); =20 + /* Bits 63:32 are reserved in all other registers. */ + if (data >> 32) + return 1; + return kvm_lapic_reg_write(apic, reg, (u32)data); } =20 --=20 2.39.0.314.g84b9a713c41-goog From nobody Tue Sep 16 02:19:42 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0CB3C5479D for ; Sat, 7 Jan 2023 01:10:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236825AbjAGBKn (ORCPT ); Fri, 6 Jan 2023 20:10:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59520 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230201AbjAGBKh (ORCPT ); Fri, 6 Jan 2023 20:10:37 -0500 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 242FF84BFC for ; Fri, 6 Jan 2023 17:10:34 -0800 (PST) Received: by mail-pf1-x44a.google.com with SMTP id y19-20020a056a00191300b0058217bbc6ceso1588118pfi.4 for ; Fri, 06 Jan 2023 17:10:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=mibFabzzccOWFHvZzF9gZjAvnGdqXXCNlOd7ibqPXMo=; b=Ac3GJ2XIaMCOKz2fcIHHYQLW4or003PbEuf++u+IVgYr2HL+LiuZcIIM1SXtpitPrh /xQQvLFf/T6VMH7a+N7WDihvBlECtJGztYHKh0+bsf7ZWzhNBdBn2CWi8hf0lDSBa2T2 zlTWlUuhoIFGr+FQuypFSa50VeHC34+hU4r3D+g1nbraUxMx5A/eIrrs8KdjzDSHklXx 7Il1KDBtRt9fUCrLZ7D3XL5akPfN5IlAOgpkrfNSVbdEXeR35X7oPoetzr8d0TJrDQfx aqQ52f6PFyGbUYLMD7hKoDGVUpFt1y3gHe3Wp3IvDOLC8A2A1LKB0ihM/K2j4SYqkm4s +2dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mibFabzzccOWFHvZzF9gZjAvnGdqXXCNlOd7ibqPXMo=; b=Dr1AB0D2iERyANH9zRC+uuC9mcI6nPbruqdnLUBOry1bL+oRPk1alGL9+hHGHmivx4 npbkFesddR9iCos0wi4Espyd1vkn2I+fuaw4R1oElbQSBeGz4ugqLPpO8V7tRL5eVG8m Lyb1q0MadWVlpaPLNGwBqRBvVHr4p9wVGErIGXaQB0GCaY2LfGWjmkdyKghY1PW9kjr2 EZBydiGIbWDzo1x8A3jlTQG8/g5j1H6zx/4deVjpiaclUMHjthU28kQ6QxESNiIL4p10 VI48Lv0TMq13N4HMGRTE857bq4/FKutK0sheYYFIOIUiwyJSEWcCeu+cQamgxbfCSMgT zk2Q== X-Gm-Message-State: AFqh2krgk9gL/03Kf+WnZbmeVXYAEPkgp0A0g6LXBNbZYDv9IIFSts26 2/RFXtpvh8EFmMaKQM3TvYWsXnzLhWg= X-Google-Smtp-Source: AMrXdXtb521S+skxNdLCASba5/s6+7XUmXir8cXXJat7hoNvT81DlgQ+AnnER0uVGwjLdN/JINI3h82Kr/w= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:dacb:b0:192:e0b2:2358 with SMTP id q11-20020a170902dacb00b00192e0b22358mr1216401plx.164.1673053833715; Fri, 06 Jan 2023 17:10:33 -0800 (PST) Reply-To: Sean Christopherson Date: Sat, 7 Jan 2023 01:10:22 +0000 In-Reply-To: <20230107011025.565472-1-seanjc@google.com> Mime-Version: 1.0 References: <20230107011025.565472-1-seanjc@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Message-ID: <20230107011025.565472-4-seanjc@google.com> Subject: [PATCH 3/6] KVM: x86: Mark x2APIC DFR reg as non-existent for x2APIC From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Orr , Ben Gardon , Venkatesh Srinivas Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Mark APIC_DFR as being invalid/non-existent in x2APIC mode instead of handling it as a one-off check in kvm_x2apic_msr_read(). This will allow reusing "valid_reg_mask" to generate VMX's interception bitmaps for x2APIC. Handling DFR in the common read path may also fix the Hyper-V PV MSR interface, if that can coexist with x2APIC. Signed-off-by: Sean Christopherson Reviewed-by: Maxim Levitsky --- arch/x86/kvm/lapic.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index bf53e4752f30..c49b13418638 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -1541,7 +1541,6 @@ static int kvm_lapic_reg_read(struct kvm_lapic *apic,= u32 offset, int len, APIC_REG_MASK(APIC_TASKPRI) | APIC_REG_MASK(APIC_PROCPRI) | APIC_REG_MASK(APIC_LDR) | - APIC_REG_MASK(APIC_DFR) | APIC_REG_MASK(APIC_SPIV) | APIC_REGS_MASK(APIC_ISR, APIC_ISR_NR) | APIC_REGS_MASK(APIC_TMR, APIC_ISR_NR) | @@ -1562,12 +1561,13 @@ static int kvm_lapic_reg_read(struct kvm_lapic *api= c, u32 offset, int len, valid_reg_mask |=3D APIC_REG_MASK(APIC_LVTCMCI); =20 /* - * ARBPRI and ICR2 are not valid in x2APIC mode. WARN if KVM reads ICR - * in x2APIC mode as it's an 8-byte register in x2APIC and needs to be - * manually handled by the caller. + * ARBPRI, DFR, and ICR2 are not valid in x2APIC mode. WARN if KVM + * reads ICR in x2APIC mode as it's an 8-byte register in x2APIC and + * needs to be manually handled by the caller. */ if (!apic_x2apic_mode(apic)) valid_reg_mask |=3D APIC_REG_MASK(APIC_ARBPRI) | + APIC_REG_MASK(APIC_DFR) | APIC_REG_MASK(APIC_ICR2); else WARN_ON_ONCE(offset =3D=3D APIC_ICR); @@ -3141,9 +3141,6 @@ int kvm_x2apic_msr_read(struct kvm_vcpu *vcpu, u32 ms= r, u64 *data) if (!lapic_in_kernel(vcpu) || !apic_x2apic_mode(apic)) return 1; =20 - if (reg =3D=3D APIC_DFR) - return 1; - return kvm_lapic_msr_read(apic, reg, data); } =20 --=20 2.39.0.314.g84b9a713c41-goog From nobody Tue Sep 16 02:19:42 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 845CDC5479D for ; Sat, 7 Jan 2023 01:11:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235746AbjAGBK6 (ORCPT ); Fri, 6 Jan 2023 20:10:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236798AbjAGBKi (ORCPT ); Fri, 6 Jan 2023 20:10:38 -0500 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00542848D5 for ; Fri, 6 Jan 2023 17:10:35 -0800 (PST) Received: by mail-pj1-x1049.google.com with SMTP id z4-20020a17090ab10400b002195a146546so3826217pjq.9 for ; Fri, 06 Jan 2023 17:10:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ytl00DlerGscM1Z2s2nAhDtn5opR5GZn7robSFrZWZY=; b=MfxUKpWUJ1zSJQHSCeUHIcVc8OawjLuZjKMS1fzXz+zYl32lKol+qKMauguiR5vYqV cHCSulvbxQhF8LgBzOWfgUBdV4zhhP6CWfEUnCQrWOT5RdvEap0UkoClBPPocPiFBoUl L4F+KvkbcGk/adXM0WZTWqXuXJbGB90vh9gNpB9i3fVF5CwsgoFZQWg1jzTI1yVan/rj 8kNYdDdaiBTVKubzEv6eexqqceQRZHZy0Pfj7ibPF8TM8fZeesp4Bs2qtTycaPeG/bSZ hrLWtIOC1n4oZ2TIq0+19Fba5y+230omi0hagx+ythej4bk2tfzK7H5XpVUUXDe7zkUE r+5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ytl00DlerGscM1Z2s2nAhDtn5opR5GZn7robSFrZWZY=; b=Hbi6Ouqm3IbNeRcGhFKUDD0s3o55vrNdICgjprHxqQmqoUxsibCunrsKDJ76M664G2 ZWrbYihai0uLNuT9yIx2PWm/BGRL6DPAgTRsa+voC7eoZPN6AlN1s0uc4W652kZMSdw0 D/+8kCJEKM0V3+bsvfSIhsJ8QkwJfGAPvSMmkPIszU8J0Py5skI2EWCIAxNMOkZXwkFf bIqsxopMP+2n0HKO2xCa4cy+uVy4UUq96gxJjY32P6XnKiKRkiMuhbe8ETL8WAW0J9sz PNmJE5whAnrYqbIkZUQXPELRE/pzhIHoGRGJnsomK6a6WBhHtLBxN7T5ZggRbVOnOhz0 xMvQ== X-Gm-Message-State: AFqh2krdgbB/OHFXe2jxVfZ3By4xXEJET/diQ/96ER0nbKVeR/MoF/Dz NEnxu3aYLXPant+aUpa8Ap9hoZadUZU= X-Google-Smtp-Source: AMrXdXtQ4Ak35Lb34wlJ+kqfXpwqQmaTB1EiKJZqxY0/z0Y2spI3fFkKlj6H7g+5x+h8/JI+XU3gIl+YQd4= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:f985:b0:223:9019:6996 with SMTP id cq5-20020a17090af98500b0022390196996mr4325710pjb.204.1673053835513; Fri, 06 Jan 2023 17:10:35 -0800 (PST) Reply-To: Sean Christopherson Date: Sat, 7 Jan 2023 01:10:23 +0000 In-Reply-To: <20230107011025.565472-1-seanjc@google.com> Mime-Version: 1.0 References: <20230107011025.565472-1-seanjc@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Message-ID: <20230107011025.565472-5-seanjc@google.com> Subject: [PATCH 4/6] KVM: x86: Split out logic to generate "readable" APIC regs mask to helper From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Orr , Ben Gardon , Venkatesh Srinivas Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move the generation of the readable APIC regs bitmask to a standalone helper so that VMX can use the mask for its MSR interception bitmaps. No functional change intended. Signed-off-by: Sean Christopherson Reviewed-by: Maxim Levitsky --- arch/x86/kvm/lapic.c | 34 +++++++++++++++++++++------------- arch/x86/kvm/lapic.h | 2 ++ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index c49b13418638..19697fe9b2c7 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -1529,12 +1529,9 @@ static inline struct kvm_lapic *to_lapic(struct kvm_= io_device *dev) #define APIC_REGS_MASK(first, count) \ (APIC_REG_MASK(first) * ((1ull << (count)) - 1)) =20 -static int kvm_lapic_reg_read(struct kvm_lapic *apic, u32 offset, int len, - void *data) +u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *apic) { - unsigned char alignment =3D offset & 0xf; - u32 result; - /* this bitmask has a bit cleared for each reserved register */ + /* Leave bits '0' for reserved and write-only registers. */ u64 valid_reg_mask =3D APIC_REG_MASK(APIC_ID) | APIC_REG_MASK(APIC_LVR) | @@ -1560,22 +1557,33 @@ static int kvm_lapic_reg_read(struct kvm_lapic *api= c, u32 offset, int len, if (kvm_lapic_lvt_supported(apic, LVT_CMCI)) valid_reg_mask |=3D APIC_REG_MASK(APIC_LVTCMCI); =20 - /* - * ARBPRI, DFR, and ICR2 are not valid in x2APIC mode. WARN if KVM - * reads ICR in x2APIC mode as it's an 8-byte register in x2APIC and - * needs to be manually handled by the caller. - */ + /* ARBPRI, DFR, and ICR2 are not valid in x2APIC mode. */ if (!apic_x2apic_mode(apic)) valid_reg_mask |=3D APIC_REG_MASK(APIC_ARBPRI) | APIC_REG_MASK(APIC_DFR) | APIC_REG_MASK(APIC_ICR2); - else - WARN_ON_ONCE(offset =3D=3D APIC_ICR); + + return valid_reg_mask; +} +EXPORT_SYMBOL_GPL(kvm_lapic_readable_reg_mask); + +static int kvm_lapic_reg_read(struct kvm_lapic *apic, u32 offset, int len, + void *data) +{ + unsigned char alignment =3D offset & 0xf; + u32 result; + + /* + * WARN if KVM reads ICR in x2APIC mode, as it's an 8-byte register in + * x2APIC and needs to be manually handled by the caller. + */ + WARN_ON_ONCE(apic_x2apic_mode(apic) && offset =3D=3D APIC_ICR); =20 if (alignment + len > 4) return 1; =20 - if (offset > 0x3f0 || !(valid_reg_mask & APIC_REG_MASK(offset))) + if (offset > 0x3f0 || + !(kvm_lapic_readable_reg_mask(apic) & APIC_REG_MASK(offset))) return 1; =20 result =3D __apic_read(apic, offset & ~0xf); diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index df316ede7546..0a0ea4b5dd8c 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -146,6 +146,8 @@ int kvm_hv_vapic_msr_read(struct kvm_vcpu *vcpu, u32 ms= r, u64 *data); int kvm_lapic_set_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long le= n); void kvm_lapic_exit(void); =20 +u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *apic); + #define VEC_POS(v) ((v) & (32 - 1)) #define REG_POS(v) (((v) >> 5) << 4) =20 --=20 2.39.0.314.g84b9a713c41-goog From nobody Tue Sep 16 02:19:42 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39C97C54EBD for ; Sat, 7 Jan 2023 01:11:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234465AbjAGBLE (ORCPT ); Fri, 6 Jan 2023 20:11:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59520 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236799AbjAGBKi (ORCPT ); Fri, 6 Jan 2023 20:10:38 -0500 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE7818790C for ; Fri, 6 Jan 2023 17:10:37 -0800 (PST) Received: by mail-pl1-x64a.google.com with SMTP id w18-20020a170902e89200b00192e2fde1ceso2241466plg.20 for ; Fri, 06 Jan 2023 17:10:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=c0SSOcQu2zhzJ01e85sXxoYY5PANxVarOWlxFmDNqkI=; b=FOxWr0FdI7ce2VAR/21uWjYEfDuNof6aYDMhw9giM6kcXoN7ECDdJNwDoGu9ZtWPQC RDSorCGNi5eD82znXTMpxkx18rCdX6HsHKVSuiWSgfVqbYM8EJt11iXzi2mcuFbIjls4 TjdMiKyvkaso0o8lhY7BgBWfsvRoHaIbDS6vCQ54sHGB3rtX29EG/5f3jywA2EAW3MAi 5iaOCgvDf/fsqhre4iBphnDIDf09ifAzIFoxFjMLjydCo1JVnwEV0R/4WNPLFVNCKYPI Eb1rThvH5UNHO0rRTv1NlBaPdBBTSUej2nY+cYLJpt1o62ixzT9lW4Lx6Dk1bvooG74L QmJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=c0SSOcQu2zhzJ01e85sXxoYY5PANxVarOWlxFmDNqkI=; b=Nf+1111NVdJXwJ5s3m+RNC6r/b2617g1zw6NDsEhZMNahQzYgKpF1a4b+3/FUxY/qM 4Xbuzxe6ysMD7pOFxQiNf9tnCq5e88Gij8Nnl3SJ1NbPMSsDUg5mugMFzbxBf+Gpfw05 kVM31KTNYR+BBV4dBQiXtA7uQxbpRHoaG8pQe8lCH0PvXfavxsHeSmiCJ0Nelg9QvxTO KGGRVQDzh1rvMuD98wLAjP4E/CRGwUPSUtk6c4j5u1C1cAFHygQklJREV4puH54rFT5o BH/Es9gcP9NxcfKLXoHXpUTwuIKDnDdzKLrdarnjvcwhR3D9rXG6n16mnh+c8HQ7LOyQ JUJA== X-Gm-Message-State: AFqh2krLNdb4B/urJICCzlXerUxRrFWhYlTBwXBqMgzEmpqQyPtc21AQ XF+g7cfIB6cQvfz5B+e9Piho8ATq9zQ= X-Google-Smtp-Source: AMrXdXtyjoX+x/17LwxnbsB21BKNI8ZcvTiAQjsZyAbWV/HGLW+GV/lpWMKjZuFG9ghnQhnZWQmQHV/D6Cs= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:7889:b0:193:16d9:e4c6 with SMTP id q9-20020a170902788900b0019316d9e4c6mr142021pll.95.1673053837208; Fri, 06 Jan 2023 17:10:37 -0800 (PST) Reply-To: Sean Christopherson Date: Sat, 7 Jan 2023 01:10:24 +0000 In-Reply-To: <20230107011025.565472-1-seanjc@google.com> Mime-Version: 1.0 References: <20230107011025.565472-1-seanjc@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Message-ID: <20230107011025.565472-6-seanjc@google.com> Subject: [PATCH 5/6] KVM: VMX: Always intercept accesses to unsupported "extended" x2APIC regs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Orr , Ben Gardon , Venkatesh Srinivas Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Don't clear the "read" bits for x2APIC registers above SELF_IPI (APIC regs 0x400 - 0xff0, MSRs 0x840 - 0x8ff). KVM doesn't emulate registers in that space (there are a smattering of AMD-only extensions) and so should intercept reads in order to inject #GP. When APICv is fully enabled, Intel hardware doesn't validate the registers on RDMSR and instead blindly retrieves data from the vAPIC page, i.e. it's software's responsibility to intercept reads to non-existent MSRs. Fixes: 8d14695f9542 ("x86, apicv: add virtual x2apic support") Signed-off-by: Sean Christopherson Reviewed-by: Jim Mattson Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/vmx.c | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c788aa382611..82c61c16f8f5 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4018,26 +4018,17 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *= vcpu, u32 msr, int type) vmx_set_msr_bitmap_write(msr_bitmap, msr); } =20 -static void vmx_reset_x2apic_msrs(struct kvm_vcpu *vcpu, u8 mode) -{ - unsigned long *msr_bitmap =3D to_vmx(vcpu)->vmcs01.msr_bitmap; - unsigned long read_intercept; - int msr; - - read_intercept =3D (mode & MSR_BITMAP_MODE_X2APIC_APICV) ? 0 : ~0; - - for (msr =3D 0x800; msr <=3D 0x8ff; msr +=3D BITS_PER_LONG) { - unsigned int read_idx =3D msr / BITS_PER_LONG; - unsigned int write_idx =3D read_idx + (0x800 / sizeof(long)); - - msr_bitmap[read_idx] =3D read_intercept; - msr_bitmap[write_idx] =3D ~0ul; - } -} - static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu) { + /* + * x2APIC indices for 64-bit accesses into the RDMSR and WRMSR halves + * of the MSR bitmap. KVM emulates APIC registers up through 0x3f0, + * i.e. MSR 0x83f, and so only needs to dynamically manipulate 64 bits. + */ + const int read_idx =3D APIC_BASE_MSR / BITS_PER_LONG_LONG; + const int write_idx =3D read_idx + (0x800 / sizeof(u64)); struct vcpu_vmx *vmx =3D to_vmx(vcpu); + u64 *msr_bitmap =3D (u64 *)vmx->vmcs01.msr_bitmap; u8 mode; =20 if (!cpu_has_vmx_msr_bitmap()) @@ -4058,7 +4049,18 @@ static void vmx_update_msr_bitmap_x2apic(struct kvm_= vcpu *vcpu) =20 vmx->x2apic_msr_bitmap_mode =3D mode; =20 - vmx_reset_x2apic_msrs(vcpu, mode); + /* + * Reset the bitmap for MSRs 0x800 - 0x83f. Leave AMD's uber-extended + * registers (0x840 and above) intercepted, KVM doesn't support them. + * Intercept all writes by default and poke holes as needed. Pass + * through all reads by default in x2APIC+APICv mode, as all registers + * except the current timer count are passed through for read. + */ + if (mode & MSR_BITMAP_MODE_X2APIC_APICV) + msr_bitmap[read_idx] =3D 0; + else + msr_bitmap[read_idx] =3D ~0ull; + msr_bitmap[write_idx] =3D ~0ull; =20 /* * TPR reads and writes can be virtualized even if virtual interrupt --=20 2.39.0.314.g84b9a713c41-goog From nobody Tue Sep 16 02:19:42 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 041A9C54EBD for ; Sat, 7 Jan 2023 01:11:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236864AbjAGBLL (ORCPT ); Fri, 6 Jan 2023 20:11:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236811AbjAGBKk (ORCPT ); Fri, 6 Jan 2023 20:10:40 -0500 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FB9687910 for ; Fri, 6 Jan 2023 17:10:39 -0800 (PST) Received: by mail-pg1-x54a.google.com with SMTP id g18-20020a63f412000000b004aef17e314cso17385pgi.21 for ; Fri, 06 Jan 2023 17:10:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=+sdXtFu+Ne3/WqpqEnArTMb7tiJlTapUtXGWnwQLJeo=; b=Dao593ybK4BhM9ugXpstOjEs5v583sZb8+BgJepbDvrWqkRo6q7j78424EyvLNflPs GWtEtnNohaHHlF0ers8XK9vuzUbSnj15p03ppfuAa54LPyxEaT0o2ynjA0rY6YCPjIiE 8twEnekmaSgGs2lwuEnp18lnjFuVfF5VbuWhSgsZbtxUkzj+2LVZWaU1q9HhQZ9tOJhO 7Nd0/RU6TDOSpxzURBVNS//JdLu25fpTl4ixMNp+fdmoX+1U6fKXZvSILEon0uUj2jNv 3Pqtz4C6bPAOQIPvZRcWPXJVNzqEarxHYKg+QD+oBdjKm7/NZ+vHe6xa64dmWG+C9f43 xA0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+sdXtFu+Ne3/WqpqEnArTMb7tiJlTapUtXGWnwQLJeo=; b=4cT58U6+VC5uNTrSstqrlGhAZAgh4lLWSz2lj+tokAPPUbb7vYONrVJM8mac0YQtgb UAQBT5KdKPbZnKmmXcOebbZ5hUB8vnBul8otkjH+bbiAIrYufTkfH0/E+yFIh+H1oATb pyTuC7r4ZER39+ZxxV7UZsievvhYiqb3aeTw34bANdBjvCaEo8iJ1pB9eb8havO3Ydyf q5pE6YshenoWKxTMAYTduKMYaxmmkbQ93mc18Cz7WIO/f9c1786XjnDm3mqCqQTFHVKw G3KvViKfcS9NXc2k3KFtmPd6gBg+VKBproDGy43gqpE5qdslc8cckpNlLD8z/Iyhf9+t XEfA== X-Gm-Message-State: AFqh2kqL6Aoiz2+g/u5aAnNL0qaKmKDCnkBlwvs/0HT43NRIfPATVl47 RucCf59LFeVfpmKBbhfY+GaBXR30yzY= X-Google-Smtp-Source: AMrXdXtUuYt8ynJTKKgyA+8U/+E5ogfG+aPZAZ/zuiRddeXrDWmFg53mf+udNOHZqM/nEfIZKVRBivJhwlg= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:b381:b0:225:d307:95ce with SMTP id e1-20020a17090ab38100b00225d30795cemr3346327pjr.136.1673053838772; Fri, 06 Jan 2023 17:10:38 -0800 (PST) Reply-To: Sean Christopherson Date: Sat, 7 Jan 2023 01:10:25 +0000 In-Reply-To: <20230107011025.565472-1-seanjc@google.com> Mime-Version: 1.0 References: <20230107011025.565472-1-seanjc@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Message-ID: <20230107011025.565472-7-seanjc@google.com> Subject: [PATCH 6/6] KVM: VMX: Intercept reads to invalid and write-only x2APIC registers From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Orr , Ben Gardon , Venkatesh Srinivas Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Intercept reads to invalid (non-existent) and write-only x2APIC registers when configuring VMX's MSR bitmaps for x2APIC+APICv. When APICv is fully enabled, Intel hardware doesn't validate the registers on RDMSR and instead blindly retrieves data from the vAPIC page, i.e. it's software's responsibility to intercept reads to non-existent and write-only MSRs. Fixes: 8d14695f9542 ("x86, apicv: add virtual x2apic support") Signed-off-by: Sean Christopherson Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/vmx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 82c61c16f8f5..1be2bc7185be 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4031,7 +4031,7 @@ static void vmx_update_msr_bitmap_x2apic(struct kvm_v= cpu *vcpu) u64 *msr_bitmap =3D (u64 *)vmx->vmcs01.msr_bitmap; u8 mode; =20 - if (!cpu_has_vmx_msr_bitmap()) + if (!cpu_has_vmx_msr_bitmap() || WARN_ON_ONCE(!lapic_in_kernel(vcpu))) return; =20 if (cpu_has_secondary_exec_ctrls() && @@ -4053,11 +4053,11 @@ static void vmx_update_msr_bitmap_x2apic(struct kvm= _vcpu *vcpu) * Reset the bitmap for MSRs 0x800 - 0x83f. Leave AMD's uber-extended * registers (0x840 and above) intercepted, KVM doesn't support them. * Intercept all writes by default and poke holes as needed. Pass - * through all reads by default in x2APIC+APICv mode, as all registers - * except the current timer count are passed through for read. + * through reads for all valid registers by default in x2APIC+APICv + * mode, only the current timer count needs on-demand emulation by KVM. */ if (mode & MSR_BITMAP_MODE_X2APIC_APICV) - msr_bitmap[read_idx] =3D 0; + msr_bitmap[read_idx] =3D ~kvm_lapic_readable_reg_mask(vcpu->arch.apic); else msr_bitmap[read_idx] =3D ~0ull; msr_bitmap[write_idx] =3D ~0ull; --=20 2.39.0.314.g84b9a713c41-goog