From patchwork Thu Nov 10 00:57:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 1416 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp652510wru; Wed, 9 Nov 2022 17:04:02 -0800 (PST) X-Google-Smtp-Source: AMsMyM5MpTGfCyOspDFBauGyxzMZ6GrLvWNm+oTCdwF9Gh3NbJjEQuWoGkpETOsXYvWLf0lZy53G X-Received: by 2002:a17:902:cf4b:b0:178:a0eb:d7c8 with SMTP id e11-20020a170902cf4b00b00178a0ebd7c8mr1344697plg.137.1668042242332; Wed, 09 Nov 2022 17:04:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668042242; cv=none; d=google.com; s=arc-20160816; b=mJLmM7xmtKwvGKEK/kw/XYT+/axkAqPDC0vdY/4doqHFFbX4FI7HrQOv/aD4wp3aBm MoH/r4wJzIuTHPbpC2VIkxuxw1pPOhlkZqXNnCKH3kEAXKif0Ig0lV8wLXjd/kTv9yUV Vzuk/AkWia9zjtpBswKb4uKr4RFdxsSk2YlRjObh3YldXRgOA1GEqi0tWzOre5BKY9se 2nsr7QZs6pyJPjDnZG/wsE5vWrARJVdTefcCkAuXTq8C7XzL+SSyRq7XWkHBHh2rSzmP yzUGr1sR/srejyUbOLdW8SsqDq86jPvcwb8e5ZjPDUNTFVIEmbKPjuPh8Fufku3sJeQd FA9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :reply-to:dkim-signature; bh=eUq0vFA8ndY9d6ONKF6p5o14/szo67j4mO31X1fzXhQ=; b=erJf+SKAg5TRTeCp6TJIXt//NOhhQ29+LDCzWpr+f7qlI5NzL/9yhFQzTZ6gmT05nv oRm02Ztl3AXmVZqKFnNOaVN2/U1EOm3Wxyd99GUD/t4BeWW56L4wD5bZWakN+UeNwfIu oSKB8ULNvOlhBsiyOZuDiG3usBgVjUxW+vaWsr4k80Z1yqZsbmurLpjYhcwZpSshM6uN +32/5e+oP34MfLfYWw4SXSbDEzpcOc4+bOsbctL6AHnCiwgyex9uV7vcWmuGBkoemimS 9YUD0kVBXXzYGxyy4MW//3EYZD+nunc05v7XwlVnKq2cUYL6A1vjTI+MRLXB3b+Mt2/M EBrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ISnjkw4U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u14-20020a170902e5ce00b0016f5e7d0febsi8860370plf.244.2022.11.09.17.03.47; Wed, 09 Nov 2022 17:04:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ISnjkw4U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231772AbiKJA5U (ORCPT + 99 others); Wed, 9 Nov 2022 19:57:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232038AbiKJA5J (ORCPT ); Wed, 9 Nov 2022 19:57:09 -0500 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA1B520353 for ; Wed, 9 Nov 2022 16:57:08 -0800 (PST) Received: by mail-pg1-x549.google.com with SMTP id a33-20020a630b61000000b00429d91cc649so127517pgl.8 for ; Wed, 09 Nov 2022 16:57:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc :subject:date:message-id:reply-to; bh=eUq0vFA8ndY9d6ONKF6p5o14/szo67j4mO31X1fzXhQ=; b=ISnjkw4UhuHmVKuUmoCNvGEqjV3MQKsrd9zzkNWNwK8a5nTV5bjg+MAfo5L3xdGRlH I0bzMV0ysYNJajwQ0GqoVKfcBtI3elSbtl+H99V23yzRL4DL16WsVVSKaCaB4IznNo71 5JIfdPkB5N0lAq/MAzTD1wvFA5xFsZoasy3Bf1EJshqmdFWP+IBW5krsZlRwypozTO8Q 30XcaOD5aQh+PopTn9CMmqzy+ML1WhKHi2ZS9JzEkl1BLzwu/MWAmLGQBh4/WwqlPMuj IRkiKYYSWwd8xRcApXG60iCqKce2bCZN5qmzIjAkGyes06ExYOFbWEJpqGE5cENTJW64 64Bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:mime-version:date:reply-to :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eUq0vFA8ndY9d6ONKF6p5o14/szo67j4mO31X1fzXhQ=; b=dQGahMh8zlqX3km6oWcyXkspSVw7mOhivgEJ817pqfi73sLogAWYES5JU4A2Z65Lij VOAImGyjfS6zSj893I285R2YlT3pWnJoJFZFKAqx7cMBzoXMZXLYzBclq8a+keWDR/+Q ZXhwtGEo473/boeftYu3h95+Cd650ialMln94yROEQ8cm6fTek2MaBMya2bl98VsP7tK jV3XlGJp/7CWdLy27i8qGIvmbJDI0iI8Q6nFF42paF+BEConKV98noXE3Y2/cZwiEZ+2 IL8CcNfuGWuJSsbEjTrkAfOBS2FyF+++gvLf8X3evELv81tIhcJYpbc2a0LiFjf+Vp+p ATwg== X-Gm-Message-State: ACrzQf29RotBdZGSAjwElwMXVfsVTT1eYdF6wn5RAeAlQUK2esZgANDB kZg6s4qln8Xjq1mAmKBNrnnS8wM59Mw= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:aa7:8549:0:b0:56c:ba99:7951 with SMTP id y9-20020aa78549000000b0056cba997951mr63536349pfn.83.1668041828368; Wed, 09 Nov 2022 16:57:08 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 10 Nov 2022 00:57:04 +0000 Mime-Version: 1.0 X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog Message-ID: <20221110005706.1064832-1-seanjc@google.com> Subject: [PATCH 0/2] KVM: nVMX: Fix another case where KVM overrides VMX MSRs From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yu Zhang X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749069062101527649?= X-GMAIL-MSGID: =?utf-8?q?1749069062101527649?= Fix another case where KVM overrides the VMX MSRs (well, just the one MSR) during KVM_SET_CPUID. Similar to somewhat recent reverts 8805875aa473 ("Revert "KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled"") 9389d5774aca ("Revert "KVM: nVMX: Expose load IA32_PERF_GLOBAL_CTRL VM-{Entry,Exit} control"") undo misguided KVM behavior where KVM overrides allowed-1 settings in the secondary execution controls in response to changes to the guest's CPUID model. To avoid breaking userspace that doesn't take ownership of the VMX MSRs, go hands off if and only if userpace sets the MSR in question Sean Christopherson (2): KVM: nVMX: Don't muck with allowed sec exec controls on CPUID changes KVM: selftests: Test KVM's handling of VMX's sec exec MSR on KVM_SET_CPUID arch/x86/kvm/vmx/capabilities.h | 1 + arch/x86/kvm/vmx/nested.c | 3 + arch/x86/kvm/vmx/vmx.c | 2 +- .../selftests/kvm/include/x86_64/processor.h | 1 + .../selftests/kvm/include/x86_64/vmx.h | 4 +- .../selftests/kvm/x86_64/vmx_msrs_test.c | 92 +++++++++++++++++++ 6 files changed, 100 insertions(+), 3 deletions(-) base-commit: d663b8a285986072428a6a145e5994bc275df994