| Message ID | 20230107011025.565472-1-seanjc@google.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp1107032wrt;
Fri, 6 Jan 2023 17:12:50 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXu6RrIQpKUnvMfRB4KrUfo8Vha84CUVz+l8652ymPTpXbrHnRlKNa50phJjlEcQtd6yUyqK
X-Received: by 2002:a17:902:f78d:b0:192:ae36:f760 with SMTP id
q13-20020a170902f78d00b00192ae36f760mr31684791pln.47.1673053970140;
Fri, 06 Jan 2023 17:12:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673053970; cv=none;
d=google.com; s=arc-20160816;
b=yDW/pPWjJrukl15a0Z8W91LI+A+NQX0hLc/3JWrPoexJlfvDRcFC0qQW7NcXw00CRo
8nYj17jEZicJxjCHOM/ko+1cuEgSb1qSXZL7KXK2S1coIIFYRFRphPwvLBg9ugK/ZVN6
eCf6cAXUCCiAeJMNjgdEwMiuYOudx75RscNlEWO+3B8gqcop8T0hOU1vIwmTqZ13Pfm5
Zhm44agqw2BmwAZ4Y+qy0L1k8WvgPU8Qq2uGSktappG0yKW+3pgBMDjySEk6lQF/qnLT
A2i/Wuiax4Y7r8CFuSr50MTpMN41XlOEAIWb6qaJ0kLLTVS/d5S7Wj4BZgEDGY9kAY/L
83iA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:reply-to:dkim-signature;
bh=tmPQz2zK/dB2NTddZcwOldRAv/bdux625ajDDkMbuHk=;
b=bWQDsnOkEs1+DJ6rvtB6cOXgX4ruImyt1oxgVBtQSqRj8lVPBVbK+XL5/MyffVSryV
2GudR01UWPtk+Vy+tn2IOKkyCL1AqVa+mgxz3oezLDidS1jtsaAEZmQOOsPGfAG02n8W
i2v0JnFhcmkPqcviz6h0uxFX00BC60clQUn18ua43KllBRa83Ptu6iIDupsif0D3rphz
5dnLhHa01CfHUwMACOgEcl5qbTjPUtT2LzrVczFLS4ZZOoli4DdS7IRUHOqXhVL+Ogtp
HyN0rVs5mfBG80WP0F6W4hk4By7IjHMLTpBz+7Pl5jwfcK5zuTvYf4V3w3eWbui44THM
B7LA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=iVjG2Dn6;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
n12-20020a170903110c00b00186b3cb9b80si2640544plh.354.2023.01.06.17.12.37;
Fri, 06 Jan 2023 17:12:50 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=iVjG2Dn6;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S236779AbjAGBKd (ORCPT <rfc822;ahmedalshaiji.dev@gmail.com>
+ 99 others); Fri, 6 Jan 2023 20:10:33 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59492 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230201AbjAGBKb (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 6 Jan 2023 20:10:31 -0500
Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com
[IPv6:2607:f8b0:4864:20::549])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CA89848CA
for <linux-kernel@vger.kernel.org>;
Fri, 6 Jan 2023 17:10:29 -0800 (PST)
Received: by mail-pg1-x549.google.com with SMTP id
g32-20020a635660000000b00478c21b8095so1716749pgm.10
for <linux-kernel@vger.kernel.org>;
Fri, 06 Jan 2023 17:10:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112;
h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc
:subject:date:message-id:reply-to;
bh=tmPQz2zK/dB2NTddZcwOldRAv/bdux625ajDDkMbuHk=;
b=iVjG2Dn6BJBzk+IgWmNfLGDv0w9EAWaRFXsphtRQSAQogeDcidQWbOJOEL9duYesJ/
KWgDMbu4JmoKcdGX+lRkcZJI8sj5+OehlPoaXX6DRMHhzmH9xOL6cKV66kWdbv5/RJS5
elAJ6VyypAiWCYbthqFbOqweSBkK8T0gZ69W1CdMqAWKyt+rLgVh5fVUQBARpb7rKn2F
WO1PHNNDA15lrQB112fSwfFiJkFSpOJwTindRe9H/IW+GBwq9u8H7AbOxrz2Qva4AgqY
3v3FDloHFh8hNU0yeDR8x48dZJ6AYiDSKqOytKmScNhcEErtpbP0Y3cH6mT8S6F3eF/b
BOew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:from:subject:message-id:mime-version:date:reply-to
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=tmPQz2zK/dB2NTddZcwOldRAv/bdux625ajDDkMbuHk=;
b=PR2GtLNfqTEHT7F9RVzEDVBW8IrIdl+Bih2lTTH83IJAKZ/Q5azE7k20sT7etXgLr+
i5AoxvBGqljWGQ1LzXTOshqm+rLIvOyVoxIDGORpoj3lmVZhKKzlYwS2KtYtFxTwCfno
H3o2xLM6kkjm80Z40cedZIlXumrZWk9tJ9Iy0mjtwOGbthS4ipUGT7OMdmD4p+VknlLn
G6nCSOdUcvHaLfLa2K2+Mm6bJjeTXvmduKmWLMNphorMjWYNIn+XMXG2zR37tNEc74Ik
Dd2pD3rSjBtPbxvtC8qGaYbsghoYdYNRpCQfFJwer2sB9URHmZDl2W/kzWT8D5c0wIZN
gXBw==
X-Gm-Message-State: AFqh2krrmSxKYIvV1BVHElRJX4FlTVZlNjfh/EoGyK0lWrGWRL4EOeo2
jcHZWUXAktyo46Wz/KDy8iA9dT7lKdk=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a05:6a00:4394:b0:585:ff31:600 with SMTP id
bt20-20020a056a00439400b00585ff310600mr108443pfb.51.1673053828686; Fri, 06
Jan 2023 17:10:28 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Sat, 7 Jan 2023 01:10:19 +0000
Mime-Version: 1.0
X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog
Message-ID: <20230107011025.565472-1-seanjc@google.com>
Subject: [PATCH 0/6] KVM: x86: x2APIC reserved bits/regs fixes
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Marc Orr <marcorr@google.com>, Ben Gardon <bgardon@google.com>,
Venkatesh Srinivas <venkateshs@chromium.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754324239714030704?=
X-GMAIL-MSGID: =?utf-8?q?1754324239714030704?=
|
| Series |
KVM: x86: x2APIC reserved bits/regs fixes
|
|
Message
Sean Christopherson
Jan. 7, 2023, 1:10 a.m. UTC
Fixes for edge cases where KVM mishandles reserved bits/regs checks when
the vCPU is in x2APIC mode.
The first two patches were previously posted[*], but both patches were
broken (as posted against upstream), hence I took full credit for doing
the work and changed Marc to a reporter.
The VMX APICv fixes are for bugs found when writing tests. *sigh*
I didn't Cc those to stable as the odds of breaking something when touching
the MSR bitmaps seemed higher than someone caring about a 10 year old bug.
AMD x2AVIC support may or may not suffer similar interception bugs, but I
don't have hardware to test and this already snowballed further than
expected...
[*] https://lore.kernel.org/kvm/20220525173933.1611076-1-venkateshs@chromium.org
Sean Christopherson (6):
KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32
KVM: x86: Mark x2APIC DFR reg as non-existent for x2APIC
KVM: x86: Split out logic to generate "readable" APIC regs mask to
helper
KVM: VMX: Always intercept accesses to unsupported "extended" x2APIC
regs
KVM: VMX: Intercept reads to invalid and write-only x2APIC registers
arch/x86/kvm/lapic.c | 55 ++++++++++++++++++++++++++----------------
arch/x86/kvm/lapic.h | 2 ++
arch/x86/kvm/vmx/vmx.c | 40 +++++++++++++++---------------
3 files changed, 57 insertions(+), 40 deletions(-)
base-commit: 91dc252b0dbb6879e4067f614df1e397fec532a1
Comments
On 1/7/23 02:10, Sean Christopherson wrote: > Fixes for edge cases where KVM mishandles reserved bits/regs checks when > the vCPU is in x2APIC mode. > > The first two patches were previously posted[*], but both patches were > broken (as posted against upstream), hence I took full credit for doing > the work and changed Marc to a reporter. > > The VMX APICv fixes are for bugs found when writing tests. *sigh* > I didn't Cc those to stable as the odds of breaking something when touching > the MSR bitmaps seemed higher than someone caring about a 10 year old bug. > > AMD x2AVIC support may or may not suffer similar interception bugs, but I > don't have hardware to test and this already snowballed further than > expected... > > [*] https://lore.kernel.org/kvm/20220525173933.1611076-1-venkateshs@chromium.org Looks good; please feel free to start gathering this in your tree for 6.3. Next week I'll go through Ben's series as well as Aaron's "Clean up the supported xfeatures" and others. Let me know if you would like me to queue anything of these instead, and please remember to set up the tree in linux-next. :) Thanks, Paolo > Sean Christopherson (6): > KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI > KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32 > KVM: x86: Mark x2APIC DFR reg as non-existent for x2APIC > KVM: x86: Split out logic to generate "readable" APIC regs mask to > helper > KVM: VMX: Always intercept accesses to unsupported "extended" x2APIC > regs > KVM: VMX: Intercept reads to invalid and write-only x2APIC registers > > arch/x86/kvm/lapic.c | 55 ++++++++++++++++++++++++++---------------- > arch/x86/kvm/lapic.h | 2 ++ > arch/x86/kvm/vmx/vmx.c | 40 +++++++++++++++--------------- > 3 files changed, 57 insertions(+), 40 deletions(-) > > > base-commit: 91dc252b0dbb6879e4067f614df1e397fec532a1
On Fri, Jan 13, 2023, Paolo Bonzini wrote: > On 1/7/23 02:10, Sean Christopherson wrote: > > Fixes for edge cases where KVM mishandles reserved bits/regs checks when > > the vCPU is in x2APIC mode. > > > > The first two patches were previously posted[*], but both patches were > > broken (as posted against upstream), hence I took full credit for doing > > the work and changed Marc to a reporter. > > > > The VMX APICv fixes are for bugs found when writing tests. *sigh* > > I didn't Cc those to stable as the odds of breaking something when touching > > the MSR bitmaps seemed higher than someone caring about a 10 year old bug. > > > > AMD x2AVIC support may or may not suffer similar interception bugs, but I > > don't have hardware to test and this already snowballed further than > > expected... > > > > [*] https://lore.kernel.org/kvm/20220525173933.1611076-1-venkateshs@chromium.org > > Looks good; please feel free to start gathering this in your tree for 6.3. Thanks! > Next week I'll go through Ben's series as well as Aaron's "Clean up the > supported xfeatures" and others. > > Let me know if you would like me to queue anything of these instead, and > please remember to set up the tree in linux-next. :) Ya, next week is going to be dedicated to sorting out maintenance mechanics.
On Sat, 07 Jan 2023 01:10:19 +0000, Sean Christopherson wrote: > Fixes for edge cases where KVM mishandles reserved bits/regs checks when > the vCPU is in x2APIC mode. > > The first two patches were previously posted[*], but both patches were > broken (as posted against upstream), hence I took full credit for doing > the work and changed Marc to a reporter. > > [...] Applied to kvm-x86 apic, thanks past me! [1/6] KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI https://github.com/kvm-x86/linux/commit/aeee623ea411 [2/6] KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32 https://github.com/kvm-x86/linux/commit/a927a2508121 [3/6] KVM: x86: Mark x2APIC DFR reg as non-existent for x2APIC https://github.com/kvm-x86/linux/commit/6d4719e1b5a2 [4/6] KVM: x86: Split out logic to generate "readable" APIC regs mask to helper https://github.com/kvm-x86/linux/commit/1088d5e5cf70 [5/6] KVM: VMX: Always intercept accesses to unsupported "extended" x2APIC regs https://github.com/kvm-x86/linux/commit/cbb3f75487a9 [6/6] KVM: VMX: Intercept reads to invalid and write-only x2APIC registers https://github.com/kvm-x86/linux/commit/7b205379c53d -- https://github.com/kvm-x86/linux/tree/next https://github.com/kvm-x86/linux/tree/fixes