From nobody Sat Feb 7 11:29:58 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BF221547D3 for ; Fri, 2 Aug 2024 18:55:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624919; cv=none; b=Br0G/DjTUId6vP9qfNoKO/a2t3OBQo0DjhzlCWPqkHyoFnmK7kgZanz8QlhXQt4J/aSXDZpIL1LLNSb26BHbPT3WLIyCBEJTU3FUNr+qq7hr0ruDhTrQTlVt/wRh0QGazp6ggSosnV1O2C4L6H2O80LBEiMFeJ89AQ2Cd9SqbvU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624919; c=relaxed/simple; bh=mnZrmuWPX5t5ja+UqCYeyUexo17oJVd0vuCAX1ZnhL0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ViEcZh/HsW0gTP9eB9kJZm45fGfBejt1lpLHLY89u5YYPdDV5Uw077nvRVhNTmxHWXhZHz85rmBKMnMHojWDMPBUe5uo7JBgMSwnhUHfMd8aY0VQUpqrrIZE9Bo8cM/WaiSr6eFiV7sYfHaixkNCN40asmKT37wuslEMgvA6e+8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=O6niLgpp; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="O6niLgpp" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-1fc58790766so86861255ad.3 for ; Fri, 02 Aug 2024 11:55:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624918; x=1723229718; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=EajeKonpCp6o2uEc/AdOOPSf3UouMnnGsvqbuEFiuOQ=; b=O6niLgppqygRnW6C4uydYsE3KkEYJJN6bCWkDqhDxCWy77HpKaXhH0dm+eNiCkdRDE Kf2+fHpGyrujS/gXDog+21EbmumXbSc/RspukCBp63aQ0LtCoeNZPHPqLXOWUsS9TZ5Z f0bj3ypQs9IH5KIBcGyZKZwCGQN4wDt3nz/PCv8WqRSU/lM0LBuFO3vNrToOO+EKB3mx GqJKl9EzoUPAHJW6Wb69oDTyl/iT2C30VWQdtBG6gMmnsurUbP4AFeBxQLsf+7t91v10 V07DB1aLZyjqONURQEgoL6RAED2Q89d67YKGgXC4WlSyOIIS1dTJesMFMFQqFYaS1zu/ 0KtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624918; x=1723229718; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EajeKonpCp6o2uEc/AdOOPSf3UouMnnGsvqbuEFiuOQ=; b=rBVoDKE0LvFewyZkEc6wm/x8ESMmXf8mYlpyniqc+7slO8IXgZIWAW5KkjKbVgpLyv Zu/V5g78LUeYDA2lzSJ/1ObBby7I0lpzid5RKpshoRglUWyTJ3//BXBfWy08YAHTvhUk VQ6HUErjsBIsN93UbjT04R69uDtmF/e6lePlOC3lw0G29/ppyhROUXxlFsW9Gqo+E5ZN c5dBvX6dA7JLw4RR/frpSMHQhCybT11L2vzIxCjAS28KFKB8fxiO3ypKPYkRsMes6VBO zyDcxNNcNqnDxhUGF6ZERbk7DU3pBy0CJ/U+MT0Yy4OuKzV5+mQaxO19wD7PRG4NdVC6 udOQ== X-Forwarded-Encrypted: i=1; AJvYcCXBnH5Lf1UO8eyFQSzOm5+kgYMcDJP5JsQGEItPmWJpISrNsTMAQ3EMLlLOBEf3ztY0x1ovgEqs00MMCxOcT7/QqJrnRMxLBS40ruRz X-Gm-Message-State: AOJu0YzUDtZauNuxrMGBZM9k/OSh/pYnpxFnhfCw8ncC750UDFpEktMt gCnSoMHqW0NuHjXjnKw/QcZRMS+Koq7tVE+NC0hLrB+r3fW20OB82pgxZEPqgKe0dDdOdaImQkT FJw== X-Google-Smtp-Source: AGHT+IH4+t9YlrlI1s9wcp4ujmavOTmaJnP3SWsealeFsAcIA1+C7/YLWm0qqu4tVUlW2gwx478HHOJLckI= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:903:234e:b0:1fd:d740:b1e5 with SMTP id d9443c01a7336-1ff572a81a2mr3170335ad.6.1722624917668; Fri, 02 Aug 2024 11:55:17 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:03 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-2-seanjc@google.com> Subject: [PATCH 1/9] KVM: x86: Co-locate initialization of feature MSRs in kvm_arch_vcpu_create() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Bunch all of the feature MSR initialization in kvm_arch_vcpu_create() so that it can be easily quirked in a future patch. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 08c3480f1606..9d667c5ab1a9 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12259,6 +12259,8 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) =20 kvm_async_pf_hash_reset(vcpu); =20 + vcpu->arch.arch_capabilities =3D kvm_get_arch_capabilities(); + vcpu->arch.msr_platform_info =3D MSR_PLATFORM_INFO_CPUID_FAULT; vcpu->arch.perf_capabilities =3D kvm_caps.supported_perf_cap; kvm_pmu_init(vcpu); =20 @@ -12273,8 +12275,6 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) if (r) goto free_guest_fpu; =20 - vcpu->arch.arch_capabilities =3D kvm_get_arch_capabilities(); - vcpu->arch.msr_platform_info =3D MSR_PLATFORM_INFO_CPUID_FAULT; kvm_xen_init_vcpu(vcpu); vcpu_load(vcpu); kvm_set_tsc_khz(vcpu, vcpu->kvm->arch.default_tsc_khz); --=20 2.46.0.rc2.264.g509ed76dc8-goog From nobody Sat Feb 7 11:29:58 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67AEF1547F8 for ; Fri, 2 Aug 2024 18:55:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624921; cv=none; b=FTs4BErH3Rc7UuqZkc7AuLJI2Q874TOM4XqeN50s+4Xv2+Vqlnxr/9TRVlknJwnhTP/7IrMwortPcbDLLUp1zeEJ4sNVPb4FWJiSjUlme2e9zVf7nOBOdY+eestQGKMiKaOs88oqbpDXhdJbuViayTHFtEtBKQ5RknijY0WO+z0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624921; c=relaxed/simple; bh=QyNQ0Oqb7FdCfzwjFj1xkToJr6T5PE0/uvPgcJWZ4C0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=hHdNp7C1aqVbZY4BxQOLuxqchcW5LIuAMNBDdBXg2lyYyWWsA8Ug2/XjnQ3GwAoH47pK+OdZb7PSAtRuEEQ3M8ose1ITQBGtfgd6lzDRzTg8xN6IgAt8p3m/h7NTuS+CYXWCzTMyilV9BqpHkQ0p1T9f+MUGfFQGSvaPB3IU4IA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CP5EEHLs; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CP5EEHLs" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-7a12bb066aaso5867429a12.3 for ; Fri, 02 Aug 2024 11:55:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624920; x=1723229720; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=JttS58Cfh+ARtvi0QJi1xDgFsf8r3SUnJHwvWqtvGCM=; b=CP5EEHLshI0P9XkxDv/jIfpj/AG/uSu01rJX27pRCbvDLNDpdINA385yevp+IyYmIo uawy9WMwEjIlUObOGGSFbzrAP4Du9GybHpXgbmkQPwSv2EAciMGRo+lM6qk5LjFKukNl UNs0kzJCRC+r32vyenC7Yilv/04i/IdMCNM0S2V288rtEjbmMbF4KyTeJeorRx1QtbT1 ApimKBXc3PiEqJg3JtwT4OJNQwCq9cCw0rMEE/xsd+Ji9woZUK81c1F6rRa89LuUOYij XsLVdaaLfTvfeUV7suUor3uJL4diqGuWUzb8IwgEayUjhKs8Zo0gXlm8y7u8GN5oiHY1 TsKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624920; x=1723229720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JttS58Cfh+ARtvi0QJi1xDgFsf8r3SUnJHwvWqtvGCM=; b=EezLhvsoZQ76S1Ezj38kLEem+EGcMipzOFVFHkbfTI/X/v9Dah46sm84+0vq0bCT6M 4HDAULq+UAP8BshO5WwXDecl+3qU4Rx1os42SjqnzFBFXPnCbhaJVCIZfAIXhLwWm0wj Y9DHdxg1+UfF9gzP/89P1cjw9LJtr5qWmPaH9kUG3j+EG/HinZDjTA977SQFQ6nTcLEH QioXVCeQccEsRBuULy7CIMeNYNozXkh1328mqE5f9eMt9FvTlUkfd6h5AOnUcF0detu5 dfd/AmGpLmwkBB9PxFRaxO6pkCPlGE4ubQKbE+kzuEuYYPIwllPC/EA+Bo5XWcUeT7+z akIQ== X-Forwarded-Encrypted: i=1; AJvYcCVQnSSnclopJXzZvklhi+7AmpW0OSf0ISrEjuJn6s1/AlwZXiba+OduPrdwpVUBBcXOMgeP/ROqFQt/Ede2Q1HxG/XKE4RlrQBzzxqx X-Gm-Message-State: AOJu0Yys0p2ItmWgBIUOo2V0cB0BuSIaubUZic+yjv0PyU4ZZFONlMnx kxWAnnt0KVlo9IFw6IxxnZYzKBO/uODW2PVJpT7WcB+THkFxMmhHp/gWMu2EfeJjpxlp9HcU28n 8FA== X-Google-Smtp-Source: AGHT+IGo6Vxup1v+/CZGAhM43Qpz2OsOQJshZPvUx0Dh2/2uLVkIkkMAp/Ex2vkPA4R7A6V1ps33MfM7cx8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:6f01:0:b0:785:e3e:38db with SMTP id 41be03b00d2f7-7b749040f0amr8475a12.8.1722624919563; Fri, 02 Aug 2024 11:55:19 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:04 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-3-seanjc@google.com> Subject: [PATCH 2/9] KVM: x86: Disallow changing MSR_PLATFORM_INFO after vCPU has run From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Tag MSR_PLATFORM_INFO as a feature MSR (because it is), i.e. disallow it from being modified after the vCPU has run. To make KVM's selftest compliant, simply delete the userspace MSR write that restores KVM's original value at the end of the test. Verifying that userspace can write back what it originally read is uninteresting in this particular case, because KVM doesn't enforce _any_ bits in the MSR, i.e. userspace should be able to write any arbitrary value. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 1 + tools/testing/selftests/kvm/x86_64/platform_info_test.c | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9d667c5ab1a9..a9566c035857 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -451,6 +451,7 @@ static const u32 msr_based_features_all_except_vmx[] = =3D { MSR_IA32_UCODE_REV, MSR_IA32_ARCH_CAPABILITIES, MSR_IA32_PERF_CAPABILITIES, + MSR_PLATFORM_INFO, }; =20 static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all_except_vmx= ) + diff --git a/tools/testing/selftests/kvm/x86_64/platform_info_test.c b/tool= s/testing/selftests/kvm/x86_64/platform_info_test.c index eda88080c186..9cbf283ebc55 100644 --- a/tools/testing/selftests/kvm/x86_64/platform_info_test.c +++ b/tools/testing/selftests/kvm/x86_64/platform_info_test.c @@ -72,8 +72,6 @@ int main(int argc, char *argv[]) } =20 done: - vcpu_set_msr(vcpu, MSR_PLATFORM_INFO, msr_platform_info); - kvm_vm_free(vm); =20 return 0; --=20 2.46.0.rc2.264.g509ed76dc8-goog From nobody Sat Feb 7 11:29:58 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CFD7165EF1 for ; Fri, 2 Aug 2024 18:55:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624923; cv=none; b=aCpY2UJDGk0V0tGl97rafh24P1Oj3HZxYTaKMv0VC6jDSaC7PnzglxGga5p1lqc7DXqJb/cV33C1xt0G/2NR9ACmkf6zwIVmauO8nApmH7qtTvSlkQhxjrbMAq3GR/UvyRoK/82BSMjKEz2a14zaC7Qql8HiYWedUZWuzqmqdsQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624923; c=relaxed/simple; bh=0EUjKhOb/qAcXw2TJAojZ2e/rlWYWY/bDSh0AscjqPg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VY8DOhvQhe1r3qZSJx76rsLKZgYhncShOwapE8ZI3VP54yn8YJgckeu+XNLMcDmBQUr+NuQ+uN0ejNb402LkQGHLaggZOrALE6hwREIc2/cP0Go+QzwRltnksMasin1FlDGqto8CxUNGAoVtInya8nxOAzVBiWiI5d7syanccxo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pVtV5P5j; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pVtV5P5j" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-721d20a0807so8538113a12.1 for ; Fri, 02 Aug 2024 11:55:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624922; x=1723229722; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ZeKhc7uJU0ly0EH4yS5FJhheQ+g3afko+j38ACvpc04=; b=pVtV5P5jIJJgACKsA+mr+YDhlaoJ8S1Fznd63CUIG/tpNJCdt7BYFEhJQP4Ut9cnHR Cy6H++53/E7TYGKpFX83RRy+/aaGSJNB+kIhOwKq4A5Amz+IxdggSKvTQgEEuVaQNUIs GSmoU+0yTFw5atM6EtiT+9zE4uwM648DGNwLGBmfA7b6avNt3wPe9b4XKyV6PNJLQdVS jgQ65tG+BlsgVwbqWXNs4bpER4p0kKBG/h7FOy3l7hId4WCuRlwlRZ7W/TS+5WyGXNNi JVcsmqJ7/HWkzrx9gQ1BuF6hUcobZbAC9YaAuTWDid+qbVt/ugSbq6eeLcRsGGFfRG8v Ik9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624922; x=1723229722; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZeKhc7uJU0ly0EH4yS5FJhheQ+g3afko+j38ACvpc04=; b=QQvOfUb/AhHumfYPMx3B3+Gm9Vr3zWpDFTwRTcUi2mas6Bq6LXBgTOurRT5lsFz/TE 6d1kBmcSCoXhncTX3lj65vqw1wrMScebthb3nV6qFMrnuFDl23fXtBoK3fCpwlTUMBac kuIhusAd5vramqVgj0Pkh3GbwhhBQR7Zq1aYwQwpZp+vxZjmhRAazy2JnrQVPsO3q+MK FBh5WHLlALPXgB2lK0uMxVZlJezYKdY64IcHBwSJ2otxlgsL2Bz5ryNGaEvp9esuUgej GHlMBc4FIncHX8YnxKkn21iB5gbhzm9PxJLQp1ek+ULcB+kYL5WSpZCBpGsvsAF5T5T1 XleQ== X-Forwarded-Encrypted: i=1; AJvYcCWM/rHOCUCBFls2mZQq5/kHALTqpsi2nkLk30D47lCcNA0SPZEaKf7JvalbelGwkrcCXGUHYHp2xdwYRB4TOWokucT8IEmWcdiulOz6 X-Gm-Message-State: AOJu0YwJ9HYgzlDFChq8FyjXoNCJpKVHmMOaLoo2sTezG75JzDhItEfK VUa9otJc6xL+XhF278VQcfJzDegUM4FWcaOLL+aObgGc5Gi2QVEFTUpvljjKXygTvwUlCZhU4tX z0g== X-Google-Smtp-Source: AGHT+IGbXJaDAT9nvHVWKusCP/1z3KHkzJApomQZ+AuPhnH1DVFIUTEo4MrCd9FFNveRJe0aD3eYnnY268E= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:dac4:b0:1fd:d6d8:134e with SMTP id d9443c01a7336-1ff573a358bmr2214785ad.8.1722624921634; Fri, 02 Aug 2024 11:55:21 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:05 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-4-seanjc@google.com> Subject: [PATCH 3/9] KVM: x86: Quirk initialization of feature MSRs to KVM's max configuration From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a quirk to control KVM's misguided initialization of select feature MSRs to KVM's max configuration, as enabling features by default violates KVM's approach of letting userspace own the vCPU model, and is actively problematic for MSRs that are conditionally supported, as the vCPU will end up with an MSR value that userspace can't restore. E.g. if the vCPU is configured with PDCM=3D0, userspace will save and attempt to restore a non-zero PERF_CAPABILITIES, thanks to KVM's meddling. Signed-off-by: Sean Christopherson --- Documentation/virt/kvm/api.rst | 22 ++++++++++++++++++++++ arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/svm/svm.c | 4 +++- arch/x86/kvm/vmx/vmx.c | 9 ++++++--- arch/x86/kvm/x86.c | 8 +++++--- 6 files changed, 39 insertions(+), 8 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 8e5dad80b337..d85480848e4e 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -8073,6 +8073,28 @@ KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS By default, KVM = emulates MONITOR/MWAIT (if guest CPUID on writes to MISC_ENABLE if KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT is disabled. + +KVM_X86_QUIRK_STUFF_FEATURE_MSRS By default, at vCPU creation, KVM sets= the + vCPU's MSR_IA32_PERF_CAPABILITIES (0x3= 45), + MSR_IA32_ARCH_CAPABILITIES (0x10a), + MSR_PLATFORM_INFO (0xce), and all VMX = MSRs + (0x480..0x492) to the maximal capabili= ties + supported by KVM. KVM also sets + MSR_IA32_UCODE_REV (0x8b) to an arbitr= ary + value (which is different for Intel vs. + AMD). Lastly, when guest CPUID is set= (by + userspace), KVM modifies select VMX MSR + fields to force consistency between gu= est + CPUID and L2's effective ISA. When th= is + quirk is disabled, KVM zeroes the vCPU= 's MSR + values (with two exceptions, see below= ), + i.e. treats the feature MSRs like CPUID + leaves and gives userspace full contro= l of + the vCPU model definition. This quirk= does + not affect VMX MSRs CR0/CR4_FIXED1 (0x= 487 + and 0x489), as KVM does now allow them= to + be set by userspace (KVM sets them bas= ed on + guest CPUID, for safety purposes). =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D =20 7.32 KVM_CAP_MAX_VCPU_ID diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index b9d784abafdf..2fee988a6a44 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2342,7 +2342,8 @@ int memslot_rmap_alloc(struct kvm_memory_slot *slot, = unsigned long npages); KVM_X86_QUIRK_OUT_7E_INC_RIP | \ KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT | \ KVM_X86_QUIRK_FIX_HYPERCALL_INSN | \ - KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS) + KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS | \ + KVM_X86_QUIRK_STUFF_FEATURE_MSRS) =20 /* * KVM previously used a u32 field in kvm_run to indicate the hypercall was diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kv= m.h index bf57a824f722..f768902a73d4 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -439,6 +439,7 @@ struct kvm_sync_regs { #define KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT (1 << 4) #define KVM_X86_QUIRK_FIX_HYPERCALL_INSN (1 << 5) #define KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS (1 << 6) +#define KVM_X86_QUIRK_STUFF_FEATURE_MSRS (1 << 7) =20 #define KVM_STATE_NESTED_FORMAT_VMX 0 #define KVM_STATE_NESTED_FORMAT_SVM 1 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f6980e0d2941..e21c3a622764 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1390,7 +1390,9 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu) svm_vcpu_init_msrpm(vcpu, svm->msrpm); =20 svm_init_osvw(vcpu); - vcpu->arch.microcode_version =3D 0x01000065; + + if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_STUFF_FEATURE_MSRS)) + vcpu->arch.microcode_version =3D 0x01000065; svm->tsc_ratio_msr =3D kvm_caps.default_tsc_scaling_ratio; =20 svm->nmi_masked =3D false; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index cf85f8d50ccb..c1d06f800b8e 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4556,7 +4556,8 @@ vmx_adjust_secondary_exec_control(struct vcpu_vmx *vm= x, u32 *exec_control, * Update the nested MSR settings so that a nested VMM can/can't set * controls for features that are/aren't exposed to the guest. */ - if (nested) { + if (nested && + kvm_check_has_quirk(vmx->vcpu.kvm, KVM_X86_QUIRK_STUFF_FEATURE_MSRS))= { /* * All features that can be added or removed to VMX MSRs must * be supported in the first place for nested virtualization. @@ -4846,7 +4847,8 @@ static void __vmx_vcpu_reset(struct kvm_vcpu *vcpu) =20 init_vmcs(vmx); =20 - if (nested) + if (nested && + kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_STUFF_FEATURE_MSRS)) memcpy(&vmx->nested.msrs, &vmcs_config.nested, sizeof(vmx->nested.msrs)); =20 vcpu_setup_sgx_lepubkeyhash(vcpu); @@ -4859,7 +4861,8 @@ static void __vmx_vcpu_reset(struct kvm_vcpu *vcpu) vmx->nested.hv_evmcs_vmptr =3D EVMPTR_INVALID; #endif =20 - vcpu->arch.microcode_version =3D 0x100000000ULL; + if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_STUFF_FEATURE_MSRS)) + vcpu->arch.microcode_version =3D 0x100000000ULL; vmx->msr_ia32_feature_control_valid_bits =3D FEAT_CTL_LOCKED; =20 /* diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a9566c035857..9b52d8f3304f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12260,9 +12260,11 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) =20 kvm_async_pf_hash_reset(vcpu); =20 - vcpu->arch.arch_capabilities =3D kvm_get_arch_capabilities(); - vcpu->arch.msr_platform_info =3D MSR_PLATFORM_INFO_CPUID_FAULT; - vcpu->arch.perf_capabilities =3D kvm_caps.supported_perf_cap; + if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_STUFF_FEATURE_MSRS)) { + vcpu->arch.arch_capabilities =3D kvm_get_arch_capabilities(); + vcpu->arch.msr_platform_info =3D MSR_PLATFORM_INFO_CPUID_FAULT; + vcpu->arch.perf_capabilities =3D kvm_caps.supported_perf_cap; + } kvm_pmu_init(vcpu); =20 vcpu->arch.pending_external_vector =3D -1; --=20 2.46.0.rc2.264.g509ed76dc8-goog From nobody Sat Feb 7 11:29:58 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 73CEA165F1F for ; Fri, 2 Aug 2024 18:55:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624925; cv=none; b=fRkgDimyf0410L32TwS/I+mZnD6styInp+gl9QgPgodknlGNpJNRvjbEMpNKTfOF3++htftChrFcI/1ZWBob3Gvv2vCntZHRtYWAbh3TGpGyeqIWcgUgrjmU3WkhHp5QxgSFchkkcK4N/kcRGaEyovYXw/+oUZ3Xl8Ok/4IRS7g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624925; c=relaxed/simple; bh=kjmltdsCXgKPMkW3IMsblXwYB48Jaerc0S/NQl7JwnA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=HcYeFs6nNEbK+JL9NTEG7gSF0tB084BGHT5/73oMNW6TQYF2OC1puopJWwBGMmeD0wk7WQcQvs6meT2OMQf99fT4JdxbHjLGb6ZApPkOS86mEu3seQT3auLk6vSJcgjLptSz7XcuwcqFZru2VUwFIgkTZDpKHo16VPit7HvYhgU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=xjWyUzkZ; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="xjWyUzkZ" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-7106fcb5543so1100526b3a.2 for ; Fri, 02 Aug 2024 11:55:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624924; x=1723229724; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=we0IZnPi8qUdBH21Q34g43aYFvRsaJnFKoOJjzQh/Cc=; b=xjWyUzkZNKxNtn+r2nW2p9Bsf/fIsdIwzcjl37OTGwZJcnW8v4FNXoaK7g4GJXFktK w81tDg29tOA0sS3NnLeqcL8HfJ23vTiwvZRdjyTYgM1/N6PkT7Eu/0wL49VvvozmJuIy igE25Y8h4D3eIcePUzjekGlUeHoH5SA1eB2sKyGKC88qOxkHSai0TzW+Lj+qxNNcQtIY Rw/iQQPaTPkTqdxvSTQ4oTv7acxrAOdT7QsOCKKhQWbHoLmIfT1gX65TnuAFYwsuE5wP P2fbEwvXuFPj1+cKpYaPuNzbt9eKxYkiSEvv1vjf95RgTutYcQhrg0UIsv+CourmxOpi R9Dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624924; x=1723229724; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=we0IZnPi8qUdBH21Q34g43aYFvRsaJnFKoOJjzQh/Cc=; b=OFbU+vpmO6Y9DYJNWd6zGQNdc6To0IKnsMJ2Tw5kKOY/tKrB/PknTjnpQKABo3+iqS R128iOErIL1rdHKx1gPM2RKmjj9Akd9jDQYI/Qzn+ajHEBR5fyUGU3xnWSotW/ApOJer 2aQDeJZG+QrV7LGmoOq3hfXFuZ6bqeRezkFEbYoF0Bzzgw4AYiWGrGXFaSj8YAdvaOlF OWind6ImAgwa3Jk09bXQOgdlmGz0UNrameMM+rEHprF1Ls6l2fVhpi+LdRLJGRIWHYuK GjnnXsoqzUdKTfMOnyF3U+apNMaQrs8yXse2NLKScGaHHgBLDeYWGMpnsbsZFRenusHO ez6A== X-Forwarded-Encrypted: i=1; AJvYcCWw9rOlrVM9H+m9bGBP9/Q0MfljQPyn16UKntOrj1t/FuWKgnMd/Y1lihPTI4mv543//cHv3Eb+gvFDK1voxAPTm28IqxqFB/2PPC55 X-Gm-Message-State: AOJu0YxuMgO1FVq0WtFRBQD5SH9/ndtbGp9aAEtEZQrQUG9LcbDKYZDL 8Pxq0nh91M/XXRfw6PRjGxJY/CeyOJwjn4CQtdrjpFAITcDfxRvt3Kp6jlANNucaz2mPrTPhvVL k2g== X-Google-Smtp-Source: AGHT+IEiVUyg3cRTenUl1DMYkpNViP+8/KEgruSIT0O6BErR/eJJeNw48joChrB8Tb77n+YwJBdtgeqOjr8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:6f0e:b0:710:4d08:e41f with SMTP id d2e1a72fcca58-7106d08296emr34497b3a.4.1722624923625; Fri, 02 Aug 2024 11:55:23 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:06 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-5-seanjc@google.com> Subject: [PATCH 4/9] KVM: x86: Reject userspace attempts to access PERF_CAPABILITIES w/o PDCM From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Reject userspace accesses to PERF_CAPABILITIES if PDCM isn't set in guest CPUID, i.e. if the vCPU doesn't actually have PERF_CAPABILITIES. But! Do so via KVM_MSR_RET_UNSUPPORTED, so that reads get '0' and writes of '0' are ignored if KVM advertised support PERF_CAPABILITIES. KVM's ABI is that userspace must set guest CPUID prior to setting MSRs, and that setting MSRs that aren't supposed exist is disallowed (modulo the '0' exemption). Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9b52d8f3304f..dbb5e06ef264 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3803,8 +3803,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct= msr_data *msr_info) vcpu->arch.arch_capabilities =3D data; break; case MSR_IA32_PERF_CAPABILITIES: - if (!msr_info->host_initiated) - return 1; + if (!msr_info->host_initiated || + !guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) + return KVM_MSR_RET_UNSUPPORTED; + if (data & ~kvm_caps.supported_perf_cap) return 1; =20 @@ -4263,9 +4265,8 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) msr_info->data =3D vcpu->arch.arch_capabilities; break; case MSR_IA32_PERF_CAPABILITIES: - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) - return 1; + if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) + return KVM_MSR_RET_UNSUPPORTED; msr_info->data =3D vcpu->arch.perf_capabilities; break; case MSR_IA32_POWER_CTL: --=20 2.46.0.rc2.264.g509ed76dc8-goog From nobody Sat Feb 7 11:29:58 2026 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FE76166F20 for ; Fri, 2 Aug 2024 18:55:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624927; cv=none; b=PBWyGa3zAghAokGitHr6LRi6VViskF/sHu/XihSqu1ML+MPlRPCeEdJN8ZxMq/kmOIa7sEgCF51werLXzCKT4UvJlEEGgOMKPTw+/mdCVKm+/tme/bZQP5SH/c3RXIEfcUbC7ojJO2W1dEwGHRNF2m6qTvdgYHxthf1kf4ziSY8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624927; c=relaxed/simple; bh=LDOaWJALh8LIEd1qVXVH8rc9BOsSwO8ZCATmsDwRVXQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=bM6u3GDMhUYj14Wa50sGaA2OFhmOw9RtsLL9h95Pcu4ODG23xPfT1SzVn+JgL/jyZ+CjdvWhhAVZEMkZj8ypMDPf3785EQ+FkZgzJ7RPNPxg5lq/fd07uuYXbe5nGC0EB0i2/jq3t+XAnTRFwep+y4KitZ0nqd+U7grFNf0Pvm0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=PDw3Ddam; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="PDw3Ddam" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e0be1808a36so2207100276.1 for ; Fri, 02 Aug 2024 11:55:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624925; x=1723229725; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=FE77h25ouI+MvHqHcKNFD0Aq2a2Ny5IL+xeLrJLvY5s=; b=PDw3DdamHXrRNXvwvIcYifvgTmEBS7X4Qz3hQbuupkM4SxaQvUxRqWmNPiNZn6TkwV 2KlvUdUokRBQ3NOmBly0C8JlQl30QB1HhGQbINRnKscyNvDvXi5Rd6cBkew4+4zi21rf k5OWASfQzDPhRJwC+AIoQ3GYiSi3xAFNcBCC/U80SN/7xS8Cj8mT3dXeNwdLAOD3lLsB 2NBSihb4gqzMo9hulpm1SF6toxxRBv9B+U81l09nmYVxy0iMpAS6oLYl5ySOH/uXtxMV zSR5Tagz1TQ0ndVVt8qSagsobAp2KiCHq81diK6LuUalEtOpG8Y5z7XlQd/s6AQclKkt 0w7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624925; x=1723229725; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FE77h25ouI+MvHqHcKNFD0Aq2a2Ny5IL+xeLrJLvY5s=; b=Nq+x09RwozkT3Toj6VgJqfg6/3acpAaaLRrkIKmUgU7xxNhUsz4cMUesXzhBvcx1MD C+lfzBdCEoPE+oddjZTYRBl2KIqN2LVEcM+kYasdxS0IdhMAf4QyXe/OKEbwEfibUTIw fSmOzrdI50ERoUTZSM6kXPJZ7O8yGf9BBxqrVq+9qkrAKE7AGtqaja0D4UAkhobnDHdb ffAhUf2FY5tr4Kc2SW86omP0IRcfTUmu8+LhM2tJsI7YSY4JJZeB7crJlQoTR9wHTlIZ IK1mtyX9cRnntdygoail9c/Ol7U6aBKRwAVlADWdPVKAp0tKwlkyoUcaq3fPpz2/vzy4 jEDQ== X-Forwarded-Encrypted: i=1; AJvYcCWsHQ0iboSLmXT/SZFYVwH8xCXrHAiY7DIDp6ox3Maku1c+t1KH0YLqDDgzJgxRS5mIbrfoPXpPXmCoc44kV8Sd69sBdiyOOq9k7Rtz X-Gm-Message-State: AOJu0YwzShLbsIipn4K5y6mlbl9cd7lNBfrjtbfPf/djkG3e10aiLwKg +ep/0bMeCS7aADAzg3SZAgo0Xh9DZc/Ng8JWjMp6qJRUbpe0kgygTnk6sFUjFcUOB56W2Qg9T9r K0A== X-Google-Smtp-Source: AGHT+IEzFcg9v5dqpL46Kk3NBRRR4k+8FlZyX8gqz3k2cnpL3lAj/Gmokl2ZzR9H5/8TOAiTDCSBElhz7Yk= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:154e:b0:dfb:22ca:1efd with SMTP id 3f1490d57ef6-e0bde3ec6a5mr266556276.9.1722624925601; Fri, 02 Aug 2024 11:55:25 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:07 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-6-seanjc@google.com> Subject: [PATCH 5/9] KVM: VMX: Remove restriction that PMU version > 0 for PERF_CAPABILITIES From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop the restriction that the PMU version is non-zero when handling writes to PERF_CAPABILITIES now that KVM unconditionally checks for PDCM support. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c1d06f800b8e..f636d811bdc1 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2460,8 +2460,6 @@ int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) vmx->pt_desc.guest.addr_a[index / 2] =3D data; break; case MSR_IA32_PERF_CAPABILITIES: - if (data && !vcpu_to_pmu(vcpu)->version) - return 1; if (data & PMU_CAP_LBR_FMT) { if ((data & PMU_CAP_LBR_FMT) !=3D (kvm_caps.supported_perf_cap & PMU_CAP_LBR_FMT)) --=20 2.46.0.rc2.264.g509ed76dc8-goog From nobody Sat Feb 7 11:29:58 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFF32166F3E for ; Fri, 2 Aug 2024 18:55:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624929; cv=none; b=dVxD1GkFWA1qacR3xknL7NrQWOzJnLfl4LJOjCebDxIiltSyNGadcajsAsfyqgMb0uOjvxWjftPGs6CBGbggF0L/G37YEjVB3X9RL5Z6g7rZxDZgCC0zuwVXwGYKBgllatwsnC8+5g0z/Cg4ZCE0Is66u94L/oaIUn/mLaBWqx4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624929; c=relaxed/simple; bh=G/B6WUt3Y43Ka6gRSs9wrMo/WyNhvm5mHZGpnxZk2As=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=aFLvKQ8Ow1sXda+C7g2KxvvfcsAT8MGe/e8/DbnLcQpcNp3elno/jsGNxbacifZ/LeAaLsul3L2YoDCKPaA3diOi7/7nWKmWRyGbJu5oZJX7WYVIHNwPgLxZT9/6UoF5x5JoKsYxJK9SrjE/dkx4FhJXCBcRRSk3Q09UdGb/1Vs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=gc/YGKGV; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="gc/YGKGV" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-6fd42bf4316so6137288a12.2 for ; Fri, 02 Aug 2024 11:55:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624927; x=1723229727; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=HOLp5fYsCIx/0E8sk/NBfI4RDAGs98gxBhfbvXYogHI=; b=gc/YGKGV6n7c5Fcjucw55JZVBUqE9JweyYPwZ6WeQnjnMgM6RJ/L4AqF4cRaDiJr8S vvXY/dfk3SLCspJae4MQLVuZi6bgwdO4wG3nVastrAIXgkc1V8wQCh01AK2/W75MYk+o Iy4pfG7EDnmeVerresdv4FrFGhYfK/1eVNA0y9WJxuIVD+YiEk2XqY5mHjH3L86Fe7tN A4rICrJ340CWsJ3VdF9nscFEZfTgQ3muCZFzb3imEOAijorBWpDwMS5KzgcEyvC3MV7K uVdidnvP9ugmqY61zPgxOz8U8IRvKVN1rhUAIl2dJEfsuVHdy7uPEIk7RUULY/IZLqgq QCCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624927; x=1723229727; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HOLp5fYsCIx/0E8sk/NBfI4RDAGs98gxBhfbvXYogHI=; b=F8iatIqrp3MtBzyKQoEqbH/pxXDmrIAOP/igN2Mw2XXFZX888zUHreKUOLW8+zf1h2 +OfJ9rcBK37j2G3QXpAIS9ZFKLKF/u+zFDtdECECAJRTNNznjOevcyVpVlsInLR3IN0U GObX7T6v+aMkDEGDUyBf06euk6k/oVvKoi45EjObsEvPY6Suv3s/45oL/hYyigE0VJ74 UIYdo7lyRyMjVrG+rmum7BhgOaqCJT2wonQloNTRHjEkrkoCHfH6cA7enNoe3PHOhmYH VUOQMpjyBJEeFeT4Vavi/NCSw04qeHUhffLCMmzvNJCQj8p9SyHL0dyI9TziKTNpDiID C/gw== X-Forwarded-Encrypted: i=1; AJvYcCWOQrvDi/SVJfP7yGcmRwTQGrWaZ6v7PIRPD78fX5ALULX6C69Ez4wsakbo/rM9go84hgilUSzpG7S2oA+8t40rl/UyRKTStZytBO1r X-Gm-Message-State: AOJu0Yzb8p8CYdyBOO2RYtDgbw3dRC5Z1UJLjWcuRBX1M9ZdIBxLysfS V2Z92wpfEumKfCpvPPYiuuE3/GI9U1ZzzdwJNXsHHPQVZW7H/A58rMTDQdjUrpC3xzupeHivQBG 0+Q== X-Google-Smtp-Source: AGHT+IE019EkY48Pq6FtmDruiJuBqNgMOwrM//OALnsTngQLGRuIf226VPF4zumYJFi8ByQW2CBB5ZWNB4Q= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:4643:0:b0:75a:6218:3d10 with SMTP id 41be03b00d2f7-7b747451bdfmr8868a12.5.1722624927159; Fri, 02 Aug 2024 11:55:27 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:08 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-7-seanjc@google.com> Subject: [PATCH 6/9] KVM: x86: Reject userspace attempts to access ARCH_CAPABILITIES w/o support From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Reject userspace accesses to ARCH_CAPABILITIES if the MSR isn't supposed to exist, according to guest CPUID. However, "reject" accesses with KVM_MSR_RET_UNSUPPORTED, so that reads get '0' and writes of '0' are ignored if KVM advertised support ARCH_CAPABILITIES. KVM's ABI is that userspace must set guest CPUID prior to setting MSRs, and that setting MSRs that aren't supposed exist is disallowed (modulo the '0' exemption). Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index dbb5e06ef264..8bce40c649b4 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3798,8 +3798,9 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) vcpu->arch.microcode_version =3D data; break; case MSR_IA32_ARCH_CAPABILITIES: - if (!msr_info->host_initiated) - return 1; + if (!msr_info->host_initiated || + !guest_cpuid_has(vcpu, X86_FEATURE_ARCH_CAPABILITIES)) + return KVM_MSR_RET_UNSUPPORTED; vcpu->arch.arch_capabilities =3D data; break; case MSR_IA32_PERF_CAPABILITIES: @@ -4259,9 +4260,8 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) msr_info->data =3D vcpu->arch.microcode_version; break; case MSR_IA32_ARCH_CAPABILITIES: - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_ARCH_CAPABILITIES)) - return 1; + if (!guest_cpuid_has(vcpu, X86_FEATURE_ARCH_CAPABILITIES)) + return KVM_MSR_RET_UNSUPPORTED; msr_info->data =3D vcpu->arch.arch_capabilities; break; case MSR_IA32_PERF_CAPABILITIES: --=20 2.46.0.rc2.264.g509ed76dc8-goog From nobody Sat Feb 7 11:29:58 2026 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 819F8175D5F for ; Fri, 2 Aug 2024 18:55:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624932; cv=none; b=Epd7NznKR+HuR9ljGHdtHBAc9Z/2CRoUWCggvbGyEsMqaziQN9aYjJ2Umexih56SRGbLWV5PExJJ0j8qREoxCYAom+mJ60R5Nfy6mM7e2Box1zgKTUnnM98dUGPlmPS9UV2TDsqvjF3h0GEXHHZg9PPmp8aYefUSz4nXfYtxAGg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624932; c=relaxed/simple; bh=eldBfQsKlvf6Q8sBz99QXD7HgSq5xAkX0So1tJInRi4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=T/YeU9mfztgtlGUY4n8g5+K14xXrvinZBnS8EmyuvXDrkyQdbfWtsJQGPDxU+FXazAhp8AsGl5CS4sD4zMDrdmKKwRJE+Eh1u4K+YIsgkOZmoDR7X/MBSRv8KIrf9BzMhcMbywVm9VGq0g4oomwn0K5iTyoObFuHNSOanbDE2hY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RChvzNbP; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RChvzNbP" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e0b9d33cc94so7515987276.3 for ; Fri, 02 Aug 2024 11:55:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624929; x=1723229729; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=+Ms2G/N43YcnOQEtV252HZgnjvxOb+bhJxEe42LzAOQ=; b=RChvzNbPxO5wqCRDS5GNGJPvsZWis9vVM7aYGxOSDDsBU2fTjUfCmHjDBwvXqpuWS7 x5Auyd5RScbOUHu7IzdBfcHr4vtci5kBxko5zJUknTcJ/jDnVQtKVnkIkRN3KvOzrGF1 uN5PHd3oVxG5/iwdLUWnQBJQz7Q2UsgNbFWrTdzdDXVPnFfv68hmPlSb+n7wWMO/Zq+J fp2jx/n3NMcHhs2SlR33FQN/XNutHAIvgcYeCYXJI9wn722MQeczlZtrceMp+ZFBrmuT 9lmD2G2hp0dm/3Godk7gaGHhLHFw7vEvVCVC7t3VoWLIXN9rKYLLhFSTURC99Ok2rrM7 9NXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624929; x=1723229729; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+Ms2G/N43YcnOQEtV252HZgnjvxOb+bhJxEe42LzAOQ=; b=mOIrgSKMvibFrcml+NYkE6CinAGM0jPEoqguqb8EesVZEbvqRMKB6IzciMNDEz1Oqu Pn4B8tMahAR064bnTcz43KvtfE+9MRWIM667tJp3XyykzNLx06AVSMnZVvCouMPGHLrJ Qvl2dzd3Ncq5WjFEsbCpdnxLULgO2YHlcl7W8vrewUkzZljrUZCK8TGAzLqFkOgTiZP0 4S5Es9un4YJzr3vWaOU1+UgPNGV1SYR9K/fR8kKLbDM+fGcn1e8vr4jwpPbcWUi7Lf9r szJaxYCH9ZfK8UQ6goPhe5+Eg+rAb4p7nNd6LSfMyb5rqbTRV6i8yR4MlTFy5Fexj7nm Xu8w== X-Forwarded-Encrypted: i=1; AJvYcCVFkSh/L96sl6q4qp+ncg8fJ1gMTuTTZJsju1j1ijt819g//M6+Gw+yO9hrMFO7NqFyofo3Kx7xKbf4jvsqO7F/x4T3z9bwSXIcrLiS X-Gm-Message-State: AOJu0YyT5aVlxI4uy+fZwOj3d147gdu9k2dj94Nop9GA6Yn8diKSfRT4 7voH4s0covP41PVbfSf/DEqQNbNQcnT/Z5XbVT5HskpDvMANKIQyDQEwXmDizNPVmnDqvgetvEU bkw== X-Google-Smtp-Source: AGHT+IE5ZituWgyzRKqfrwI9WzmKAGDShHhzJZxZ/psL0bnmPJfQgggduhQLEwCQFk9i2qOOViKCepO0JC0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:154e:b0:e0b:bcd2:b2ee with SMTP id 3f1490d57ef6-e0bde290b7bmr7689276.6.1722624929082; Fri, 02 Aug 2024 11:55:29 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:09 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-8-seanjc@google.com> Subject: [PATCH 7/9] KVM: x86: Remove ordering check b/w MSR_PLATFORM_INFO and MISC_FEATURES_ENABLES From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop KVM's odd restriction that disallows clearing CPUID_FAULT in MSR_PLATFORM_INFO if CPL>0 CPUID faulting is enabled in MSR_MISC_FEATURES_ENABLES. KVM generally doesn't require specific ordering when userspace sets MSRs, and the completely arbitrary order of MSRs in emulated_msrs_all means that a userspace that uses KVM's list verbatim could run afoul of the check. Dropping the restriction obviously means that userspace could stuff a nonsensical vCPU model, but that's the case all over KVM. KVM typically restricts userspace MSR writes only when it makes things easier for KVM and/or userspace. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8bce40c649b4..32483cc16d6a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4119,9 +4119,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) vcpu->arch.osvw.status =3D data; break; case MSR_PLATFORM_INFO: - if (!msr_info->host_initiated || - (!(data & MSR_PLATFORM_INFO_CPUID_FAULT) && - cpuid_fault_enabled(vcpu))) + if (!msr_info->host_initiated) return 1; vcpu->arch.msr_platform_info =3D data; break; --=20 2.46.0.rc2.264.g509ed76dc8-goog From nobody Sat Feb 7 11:29:58 2026 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6411D1A34BF for ; Fri, 2 Aug 2024 18:55:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624933; cv=none; b=JK1lUefLbISynYLFiutL3UefVRmF2S5jefG/7y+kWskF8T2MZGD79GligME0Sissu9Bylmu3QTNrTQ50iUmmJC5QKU+bQErIkmTLyJO2+CfK7Pm1ktJ9sYAplcMcJEMJ+INxw+oEatp37dx+PZmdDFr7sdii81X46xe4sOJIukU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624933; c=relaxed/simple; bh=eIV+FYdJhQs5sXuHNlkR0r+AyOQQyHcB8GM1pTTn+fc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=RIxQcf/ibIAGb07LCulJlR9SBJ0KgB2K6NssKc4nenfncVFwezzTzXPliJMjMum1FGf60Z+nR1mrBJtWUjLqd26svrgNSezL4fRNcodK1qMkyQPnqDoQHA3YmvyVijexg6GXAc9dMtuda2rDvnSHdXYlsFkxf4Jb/yCFuGnFyOI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TUMfBmJN; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TUMfBmJN" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e0bebbbebeaso1303489276.3 for ; Fri, 02 Aug 2024 11:55:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624931; x=1723229731; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=MerlJqn4bVyg3mGydSW2OGMbCzaSyxYLo7ygyAWKfwY=; b=TUMfBmJNd8cyYCPPfeIri8h913Evp559Iil3ZzIKaj7woy688p37ZbxI8zgTto/6U8 /A2nOJVdFf5evXRyvd6i24AZ2kSHCVoVy77qfAcrMogy7ShpM73JF8F8F4nv8zmCvv14 ZqaH/AgtLy8S3tTt/SeNI1aE3KIZ9foCvtz4iO72AHFVC/WkMto08pEWJLG21nAXygY7 m28AR11wlqFoLpJNiLZSkYpBpc9RSUemcw0mKwiL0gV7bHaa5I0DzSSJVKx7ACBL+P0X jRTJXC7UDmGAT72dNieoYR5ekyVo013nc4OXjWlFIfm5md0dwbquwMhralafEELbkjeF wI4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624931; x=1723229731; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MerlJqn4bVyg3mGydSW2OGMbCzaSyxYLo7ygyAWKfwY=; b=H+9XW1JYzx9vlHlhVu8Qc0NxoegeifFjoKm0E7gVtMjbhZ9h19/bjQvgKodgm9nc3c VwHdUuP9/R4zUuPKAFWpaItZOItIycGHwvmk4fd7Q6tqJsgji6sk7WbmhEHviZE1xHPe hLfNPiJmmPBMVDqSOn3hcGQa+j9dy6EsAimMsdXyt4R5IIPzzFi6WYwrHaFdwwlBETgs n4YjoPcU4An62RkQTPLWxDVlES/2vPiUJU5LM4EWOubyhnC/zKe6HOvIberuQg/57c77 FiMGsQ8R9ij5i4fR15CQpYmRs3xnulvCmpFDtaeuiWruA0NV6Ah04wa6FgQS7iV8EmTU qxhQ== X-Forwarded-Encrypted: i=1; AJvYcCXZ+NoKv4r1k2RX4PRBn/LGXl7BXMeU90s623DVcNfhBVTeLsEcibAf1sZv5wUW4Cg0z+dUWqRT6nh2iN3OKZbfYIYnLQzwFZpObjIu X-Gm-Message-State: AOJu0YySfemFq5ew4ZstYFwMHqCrOLXRQ/ix7fclji4o/q/5eruIvSya I2j+Fuvs11z3TqEv1SOltSEQ7w+BdT9STXfTAVPfrDfbo/4Po605toF7R4UTzrrRxA+0Stvd04+ T5g== X-Google-Smtp-Source: AGHT+IHswe5/CkX/DtlsTvaAS5oC9dYy6wH3QqDG0ZluG+o3E35qvyo4ilahXxkGw4Z6a6FaqYnqfF/to1M= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:2b12:b0:e03:6556:9fb5 with SMTP id 3f1490d57ef6-e0bde481682mr107222276.11.1722624931070; Fri, 02 Aug 2024 11:55:31 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:10 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-9-seanjc@google.com> Subject: [PATCH 8/9] KVM: selftests: Verify get/set PERF_CAPABILITIES w/o guest PDMC behavior From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add another testcase to x86's PMU capabilities test to verify that KVM's handling of userspace accesses to PERF_CAPABILITIES when the vCPU doesn't support the MSR (per the vCPU's CPUID). KVM's (newly established) ABI is that userspace MSR accesses are subject to architectural existence checks, but that if the MSR is advertised as supported _by KVM_, "bad" reads get '0' and writes of '0' are always allowed. Signed-off-by: Sean Christopherson --- .../selftests/kvm/x86_64/vmx_pmu_caps_test.c | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tools/testing/selftests/kvm/x86_64/vmx_pmu_caps_test.c b/tools= /testing/selftests/kvm/x86_64/vmx_pmu_caps_test.c index 7c92536551cc..a1f5ff45d518 100644 --- a/tools/testing/selftests/kvm/x86_64/vmx_pmu_caps_test.c +++ b/tools/testing/selftests/kvm/x86_64/vmx_pmu_caps_test.c @@ -207,6 +207,29 @@ KVM_ONE_VCPU_TEST(vmx_pmu_caps, lbr_perf_capabilities,= guest_code) TEST_ASSERT(!r, "Writing LBR_TOS should fail after disabling vPMU"); } =20 +KVM_ONE_VCPU_TEST(vmx_pmu_caps, perf_capabilities_unsupported, guest_code) +{ + uint64_t val; + int i, r; + + vcpu_set_msr(vcpu, MSR_IA32_PERF_CAPABILITIES, host_cap.capabilities); + val =3D vcpu_get_msr(vcpu, MSR_IA32_PERF_CAPABILITIES); + TEST_ASSERT_EQ(val, host_cap.capabilities); + + vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_PDCM); + + val =3D vcpu_get_msr(vcpu, MSR_IA32_PERF_CAPABILITIES); + TEST_ASSERT_EQ(val, 0); + + vcpu_set_msr(vcpu, MSR_IA32_PERF_CAPABILITIES, 0); + + for (i =3D 0; i < 64; i++) { + r =3D _vcpu_set_msr(vcpu, MSR_IA32_PERF_CAPABILITIES, BIT_ULL(i)); + TEST_ASSERT(!r, "Setting PERF_CAPABILITIES bit %d (=3D 0x%llx) should fa= il without PDCM", + i, BIT_ULL(i)); + } +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_is_pmu_enabled()); --=20 2.46.0.rc2.264.g509ed76dc8-goog From nobody Sat Feb 7 11:29:58 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 93DAA175D5D for ; Fri, 2 Aug 2024 18:55:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624935; cv=none; b=ljDUZbrmWgdqJIdCRaZW+8sGoVVW37zeA25GpmzXuz8imCUCoIfbWEOFlT91N9TRMCLSS2P5nCNVSsm9VVWj0TmVZC7vshBMgn+4/9CWzX+Dk/pu4jU6PO6D+iZOH93EZeCBhVYxBotCog27S0IWnpVCMwa/TI4LNpHbuKkhmqU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722624935; c=relaxed/simple; bh=nN94EdUS9XdoLYGq4cV5S9KQKM8sOq6fMUYOehoYu+A=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=c4WdTaGllijiYwJ8M3CMTDulJdC/pEAyoB7CuU/N3nu8a9OGabTnP6ei1ns7tr4JnWU4nTTQKnHMT95h6Odn+30/syk03o4rY4c8KS/iDHpW32btlSE4czJx/sfs2UJhUycMRLO/+eGodQAHgW8VMdiItyRhMpDmTnIqDI6dxDI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TXD/xPgz; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TXD/xPgz" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-78e323b3752so5641082a12.0 for ; Fri, 02 Aug 2024 11:55:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722624933; x=1723229733; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=P1dllkuPBdFGoq66LwoZDW3BVSVl+pHV+qHFjbtP1CA=; b=TXD/xPgzLq2m2Cs4KDTvsnf+9qtIdMRIL5kWCehGUlosKkjnfAejwhswLaz8lCxa/O +0c0P7KYKW0uCom+XHA2b5N/coOGv5PlN0In+EVsLQDA0NdntVz1dfDXaEbMefuW/efU BbVvsyG5TGaSYtCod4HPr4vHPVyLvKpFMCUuxEclGGpTxlNbnt+UZelfDALg3ERqhiBU qSIu8TiWCpUoMI7yyshZH66lrQQlnaV4BC/tHGknWwtYoODYxa/Sr0Pa4OimnZdMmRL2 N+mwWTQIRIX1xbjA7YDu46rN6S5mKUF7mGhZCDuIpIxQx6RBceGkiXMtFCuJ3H2w4tq2 dlRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722624933; x=1723229733; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=P1dllkuPBdFGoq66LwoZDW3BVSVl+pHV+qHFjbtP1CA=; b=wdLgoAIqK1TS8KgTEIuDLRvCa38vWmj4Bn3Ghep70DZGugXPdaYj+bXj3RhxgYwmUK B1WihToH52dXTSW/HDVHPEQe4ao4lY1bw9FgzmcpUINISoWyAW6drpM9AmEDFsUv45cI A7jc02UHbqAXYyZDab0EWis3TdxcMnWciIpxDEk/9ZQq1+hgChOn3/ZOYe69PDeXCkRo /egTczplsvoUyN3Oy/WmAeh7p+VV0wqEhwkTdKgFPb9IHBFcXiTLNWawlFI1xtAHD172 wJKZf7v/DTURqlPngnFQAi8vT8rxETbvtZgyBT3TyRazu33Ks0P0lCuJN9r0uGROUkhj /oog== X-Forwarded-Encrypted: i=1; AJvYcCUcMkney8rVzU3OTvM6K27nQzL0dJkfQJQdGCr2yzHSJM2OBYhiXOte8TZHeRMs49cGIFHRRaTMlTEt5tS88Xp07lbwEmwsTk8iKuxI X-Gm-Message-State: AOJu0YwrpWDaj4TL4Yvox3W/nd7FrJ2spCTdGn4k654c7igJUGlXGyyO UQu1pgxxKYykCElXyHckl/z6iaBongaTb5sAbxB+16lQor1zrXls/efDZm/svVs/gYjG+6MTARI Itw== X-Google-Smtp-Source: AGHT+IGF/Uer4uQKdi8nVuIRV33BvnYIkl97WidqrB2j7Q/ZBCuCCKyt5W5hQi9b4thjF+o+u5mrrq8akfQ= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:3f41:0:b0:7a1:2fb5:3ff7 with SMTP id 41be03b00d2f7-7b7438b1dc8mr8680a12.0.1722624932740; Fri, 02 Aug 2024 11:55:32 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Aug 2024 11:55:11 -0700 In-Reply-To: <20240802185511.305849-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240802185511.305849-1-seanjc@google.com> X-Mailer: git-send-email 2.46.0.rc2.264.g509ed76dc8-goog Message-ID: <20240802185511.305849-10-seanjc@google.com> Subject: [PATCH 9/9] KVM: selftests: Add a testcase for disabling feature MSRs init quirk From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Expand and rename the feature MSRs test to verify KVM's ABI and quirk for initializing feature MSRs. Exempt VM_CR{0,4}_FIXED1 from most tests as KVM intentionally takes full control of the MSRs, e.g. to prevent L1 from running L2 with bogus CR0 and/or CR4 values. Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/Makefile | 2 +- .../selftests/kvm/x86_64/feature_msrs_test.c | 113 ++++++++++++++++++ .../kvm/x86_64/get_msr_index_features.c | 35 ------ 3 files changed, 114 insertions(+), 36 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/feature_msrs_test.c delete mode 100644 tools/testing/selftests/kvm/x86_64/get_msr_index_featur= es.c diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests= /kvm/Makefile index b084ba2262a0..827b523a18fa 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -67,7 +67,7 @@ TEST_PROGS_x86_64 +=3D x86_64/nx_huge_pages_test.sh TEST_GEN_PROGS_x86_64 =3D x86_64/cpuid_test TEST_GEN_PROGS_x86_64 +=3D x86_64/cr4_cpuid_sync_test TEST_GEN_PROGS_x86_64 +=3D x86_64/dirty_log_page_splitting_test -TEST_GEN_PROGS_x86_64 +=3D x86_64/get_msr_index_features +TEST_GEN_PROGS_x86_64 +=3D x86_64/feature_msrs_test TEST_GEN_PROGS_x86_64 +=3D x86_64/exit_on_emulation_failure_test TEST_GEN_PROGS_x86_64 +=3D x86_64/fix_hypercall_test TEST_GEN_PROGS_x86_64 +=3D x86_64/hwcr_msr_test diff --git a/tools/testing/selftests/kvm/x86_64/feature_msrs_test.c b/tools= /testing/selftests/kvm/x86_64/feature_msrs_test.c new file mode 100644 index 000000000000..a72f13ae2edb --- /dev/null +++ b/tools/testing/selftests/kvm/x86_64/feature_msrs_test.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2020, Red Hat, Inc. + */ +#include +#include +#include +#include +#include + +#include "test_util.h" +#include "kvm_util.h" +#include "processor.h" + +static bool is_kvm_controlled_msr(uint32_t msr) +{ + return msr =3D=3D MSR_IA32_VMX_CR0_FIXED1 || msr =3D=3D MSR_IA32_VMX_CR4_= FIXED1; +} + +/* + * For VMX MSRs with a "true" variant, KVM requires userspace to set the "= true" + * MSR, and doesn't allow setting the hidden version. + */ +static bool is_hidden_vmx_msr(uint32_t msr) +{ + switch (msr) { + case MSR_IA32_VMX_PINBASED_CTLS: + case MSR_IA32_VMX_PROCBASED_CTLS: + case MSR_IA32_VMX_EXIT_CTLS: + case MSR_IA32_VMX_ENTRY_CTLS: + return true; + default: + return false; + } +} + +static bool is_quirked_msr(uint32_t msr) +{ + return msr !=3D MSR_AMD64_DE_CFG; +} + +static void test_feature_msr(uint32_t msr) +{ + const uint64_t supported_mask =3D kvm_get_feature_msr(msr); + uint64_t reset_value =3D is_quirked_msr(msr) ? supported_mask : 0; + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + + /* + * Don't bother testing KVM-controlled MSRs beyond verifying that the + * MSR can be read from userspace. Any value is effectively legal, as + * KVM is bound by x86 architecture, not by ABI. + */ + if (is_kvm_controlled_msr(msr)) + return; + + /* + * More goofy behavior. KVM reports the host CPU's actual revision ID, + * but initializes the vCPU's revision ID to an arbitrary value. + */ + if (msr =3D=3D MSR_IA32_UCODE_REV) + reset_value =3D host_cpu_is_intel ? 0x100000000ULL : 0x01000065; + + /* + * For quirked MSRs, KVM's ABI is to initialize the vCPU's value to the + * full set of features supported by KVM. For non-quirked MSRs, and + * when the quirk is disabled, KVM must zero-initialize the MSR and let + * userspace do the configuration. + */ + vm =3D vm_create_with_one_vcpu(&vcpu, NULL); + TEST_ASSERT(vcpu_get_msr(vcpu, msr) =3D=3D reset_value, + "Wanted 0x%lx for %squirked MSR 0x%x, got 0x%lx", + reset_value, is_quirked_msr(msr) ? "" : "non-", msr, + vcpu_get_msr(vcpu, msr)); + if (!is_hidden_vmx_msr(msr)) + vcpu_set_msr(vcpu, msr, supported_mask); + kvm_vm_free(vm); + + if (is_hidden_vmx_msr(msr)) + return; + + if (!kvm_has_cap(KVM_CAP_DISABLE_QUIRKS2) || + !(kvm_check_cap(KVM_CAP_DISABLE_QUIRKS2) & KVM_X86_QUIRK_STUFF_FEATUR= E_MSRS)) + return; + + vm =3D vm_create(1); + vm_enable_cap(vm, KVM_CAP_DISABLE_QUIRKS2, KVM_X86_QUIRK_STUFF_FEATURE_MS= RS); + + vcpu =3D vm_vcpu_add(vm, 0, NULL); + TEST_ASSERT(!vcpu_get_msr(vcpu, msr), + "Quirk disabled, wanted '0' for MSR 0x%x, got 0x%lx", + msr, vcpu_get_msr(vcpu, msr)); + kvm_vm_free(vm); +} + +int main(int argc, char *argv[]) +{ + const struct kvm_msr_list *feature_list; + int i; + + /* + * Skip the entire test if MSR_FEATURES isn't supported, other tests + * will cover the "regular" list of MSRs, the coverage here is purely + * opportunistic and not interesting on its own. + */ + TEST_REQUIRE(kvm_has_cap(KVM_CAP_GET_MSR_FEATURES)); + + (void)kvm_get_msr_index_list(); + + feature_list =3D kvm_get_feature_msr_index_list(); + for (i =3D 0; i < feature_list->nmsrs; i++) + test_feature_msr(feature_list->indices[i]); +} diff --git a/tools/testing/selftests/kvm/x86_64/get_msr_index_features.c b/= tools/testing/selftests/kvm/x86_64/get_msr_index_features.c deleted file mode 100644 index d09b3cbcadc6..000000000000 --- a/tools/testing/selftests/kvm/x86_64/get_msr_index_features.c +++ /dev/null @@ -1,35 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Test that KVM_GET_MSR_INDEX_LIST and - * KVM_GET_MSR_FEATURE_INDEX_LIST work as intended - * - * Copyright (C) 2020, Red Hat, Inc. - */ -#include -#include -#include -#include -#include - -#include "test_util.h" -#include "kvm_util.h" -#include "processor.h" - -int main(int argc, char *argv[]) -{ - const struct kvm_msr_list *feature_list; - int i; - - /* - * Skip the entire test if MSR_FEATURES isn't supported, other tests - * will cover the "regular" list of MSRs, the coverage here is purely - * opportunistic and not interesting on its own. - */ - TEST_REQUIRE(kvm_has_cap(KVM_CAP_GET_MSR_FEATURES)); - - (void)kvm_get_msr_index_list(); - - feature_list =3D kvm_get_feature_msr_index_list(); - for (i =3D 0; i < feature_list->nmsrs; i++) - kvm_get_feature_msr(feature_list->indices[i]); -} --=20 2.46.0.rc2.264.g509ed76dc8-goog