| Message ID | 20230311004618.920745-1-seanjc@google.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp52446wrd;
Fri, 10 Mar 2023 16:53:41 -0800 (PST)
X-Google-Smtp-Source:
AK7set9wfDRu15O34AiLCpR1OaI8vPNgcgWAuwTZhnSj7noe9qUrq14rp0n3mUUJTezlAdzGfqry
X-Received: by 2002:a17:903:187:b0:199:1996:71ec with SMTP id
z7-20020a170903018700b00199199671ecmr32231433plg.16.1678496021445;
Fri, 10 Mar 2023 16:53:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1678496021; cv=none;
d=google.com; s=arc-20160816;
b=tz+hWU9pfD0lVTkTT6iSgr758e4Vlgd4ezLulXuV8frUOJkl5ssduDjAwt26muKoUU
3FwsEMphKL8QQSYV+N4KdcL2YE8U9ZhtzS4fW2tOAhpyX2A27csqflsABqDb5yZUP8ME
Op9ho7m5p11au9iYsGpuLM2uGLvLMSNpXNSILGrvktZEbxBJn0z03SpqXvTbubpBpKTn
uttkaMwSEc7/+0+QayQZZxUzJIbrkHWCp06qyD3maTV25MQF6LyUCQDPmMEK+l007p7I
BAdUlmyVBZm2Abbfx+d7HGy6+nx4GOmnF28rxFydRN9BreIyWaIkQOPDr4KCk36jo2Xw
G4gQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:reply-to:dkim-signature;
bh=n6jB3AffI+mzIeDfH7lhfpRtRWP3b9HQWuNQ7/qAbfQ=;
b=tIjTR5elJPQ3hT0rGZY2z1t34JQZXzfyul4P6818oYnzAheAmd9bbtpPIiKAunCRm7
Shy1r1PLUo44YKFvYjMbKMxPmc5kv9lrTVqAVQ+8q3OvIj68Jhh0HBGSzgR9QNfJKSRd
bXeZtDYVyTSrLM2nFcDKKgtokFKxxlqEtIX1f8lHrrhn5ojrHjwmB+laNzv4NE9+Dmqb
+LuIOvZx769VTfbLqmZW/XO6ZvtUhPFunRlW769PsW0zlQCzPyvJx+HRbAKIUz2NMP6S
2hIRgN91IT8fhV+xd7G/nhvaMmus3g7KzUYuosVkxxzgwH4T5CgoFw41B66aXMvvF6ms
dzqA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=PCgmNstk;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
kr16-20020a170903081000b0019e27966ce5si1129376plb.218.2023.03.10.16.53.29;
Fri, 10 Mar 2023 16:53:41 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=PCgmNstk;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229758AbjCKAqZ (ORCPT <rfc822;carlos.wei.hk@gmail.com>
+ 99 others); Fri, 10 Mar 2023 19:46:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36488 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229623AbjCKAqX (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 10 Mar 2023 19:46:23 -0500
Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com
[IPv6:2607:f8b0:4864:20::449])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94F7610CEAF
for <linux-kernel@vger.kernel.org>;
Fri, 10 Mar 2023 16:46:22 -0800 (PST)
Received: by mail-pf1-x449.google.com with SMTP id
cr10-20020a056a000f0a00b005cfec6c2354so3621129pfb.9
for <linux-kernel@vger.kernel.org>;
Fri, 10 Mar 2023 16:46:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112; t=1678495582;
h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc
:subject:date:message-id:reply-to;
bh=n6jB3AffI+mzIeDfH7lhfpRtRWP3b9HQWuNQ7/qAbfQ=;
b=PCgmNstkwCq+t9aNKV5H7SBwehSEZfL3UigzGdkYxjcn/GyFQzTrk1CFufFxdbBzNh
i/9gLASWq3yoqqRyGlIvmsN/IkOxukWHCTD0bL1z5sR5yZMZxCqSUMfEWJvKDtmLidEl
7+ft3ttv03XQlaNbqAW65LJX9HycjJ3vXOThrfLgdQTvLS0HbjzdvhCCuDOEfDfuobVd
yya3y4FPNyVCRUg9VXkwBBWrVnDVhyzR9x6dUp/GxF1eXl06TKnKHrBzaP9sOJYhqlRX
Iy1Um+3m635nQ/99QzaZNaDWosrLj4t6aQI/hDkit6g6wwv8USSgRcnKqooXCZZXi8PT
105Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1678495582;
h=cc:to:from:subject:message-id:mime-version:date:reply-to
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=n6jB3AffI+mzIeDfH7lhfpRtRWP3b9HQWuNQ7/qAbfQ=;
b=VgGEGO3FzTkorUmNfFbh88FYjGk9FEikNuYZIGdGZYfuQVa5pH91INlIxvd45eA2PA
nV8yCdBm7yNE6saNCDFToT4a0HB8LB3+uUnSMi9qoxEOYwlJ4Xk+0S4oTrSBWDcecNOh
WDiQSzVOhk5ZPLfWsfDcEDdQXif71VWQRgcD2IczBASOAFe4HqZKDK9hiXuHESmB4xvR
0ZQl4skDAT+UK3bMslJ5wIsFpqN/YHJcyXw97Y+gNfmveUwjPl56qleO7ARXf4sMOgnt
M0yzWtT1U41GVzqnPPxuBsN2hBagfsbRvttWfBSL/AH9hshAewHfH0Gx6TB6Lhybz0qU
f3/g==
X-Gm-Message-State: AO0yUKXyHTUw6e+eAHvwIadbPPUYz7L1rLpLI7fcDKMsS04Pm3LhqsSO
m6nYhWgVxAQ0zEa3Izq3pGpGoKN+T/c=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a63:1a1f:0:b0:4f2:8281:8afb with SMTP id
a31-20020a631a1f000000b004f282818afbmr9015323pga.4.1678495582183; Fri, 10 Mar
2023 16:46:22 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 10 Mar 2023 16:45:57 -0800
Mime-Version: 1.0
X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog
Message-ID: <20230311004618.920745-1-seanjc@google.com>
Subject: [PATCH v3 00/21] KVM: x86: Disallow writes to feature MSRs
post-KVM_RUN
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Xiaoyao Li <xiaoyao.li@intel.com>,
Like Xu <like.xu.linux@gmail.com>,
Yu Zhang <yu.c.zhang@linux.intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1760030643932845026?=
X-GMAIL-MSGID: =?utf-8?q?1760030643932845026?=
|
| Series |
KVM: x86: Disallow writes to feature MSRs post-KVM_RUN
|
|
Message
Sean Christopherson
March 11, 2023, 12:45 a.m. UTC
Give feature MSRs that same treatment as CPUID and disallow changing said
MSRs after KVM_RUN. Fix a tangentially related bug in the vPMU where KVM
leaves the vLBRs enabled after userspace disables the guest's entire vPMU.
The bulk of this series is a rework of the vmx_pmu_caps_test, a.k.a.
the PERF_CAPABILITIES selftests, to expand its coverage. In addition to
verifying that KVM rejects changes after KVM_RUN, verify other bits beyond
full-width writes and the LBR format.
Note! There is a sneaky, small, but massive change buried halfway through
this series that will affect all x86 selftests. Patch
Verify KVM preserves userspace writes to "durable" MSRs
adds a KVM_GET_MSRS after every KVM_SET_MSRS that writes a single MSR and
expects to succeeded. The intent is to opportunistically verify that KVM
provides "read what you wrote" for all "durable" MSRs. The PERF_CAPS test
was manually verifying this behavior, and while it seems kinda gratuitous,
the coverage is quite cheap from both a performance and maintenance cost,
i.e. I can't think of a reason _not_ to do it.
v3:
- Collect reviews. [Xiaoyao]
- Fix the PMU selftests _before_ introducing the breaking KVM change. [Like]
- Actually use kvm_vcpu_has_run()... [Yu]
v2: https://lore.kernel.org/all/20230210003148.2646712-1-seanjc@google.com
v1: https://lore.kernel.org/all/20220805172945.35412-1-seanjc@google.com
Sean Christopherson (21):
KVM: x86: Rename kvm_init_msr_list() to clarify it inits multiple
lists
KVM: x86: Add a helper to query whether or not a vCPU has ever run
KVM: x86: Add macros to track first...last VMX feature MSRs
KVM: x86: Generate set of VMX feature MSRs using first/last
definitions
KVM: selftests: Split PMU caps sub-tests to avoid writing MSR after
KVM_RUN
KVM: x86: Disallow writes to immutable feature MSRs after KVM_RUN
KVM: x86/pmu: WARN and bug the VM if PMU is refreshed after vCPU has
run
KVM: x86/pmu: Zero out LBR capabilities during PMU refresh
KVM: selftests: Move 0/initial value PERF_CAPS checks to dedicated
sub-test
KVM: selftests: Assert that full-width PMC writes are supported if
PDCM=1
KVM: selftests: Print out failing MSR and value in vcpu_set_msr()
KVM: selftests: Verify KVM preserves userspace writes to "durable"
MSRs
KVM: selftests: Drop now-redundant checks on PERF_CAPABILITIES writes
KVM: selftests: Test all fungible features in PERF_CAPABILITIES
KVM: selftests: Test all immutable non-format bits in
PERF_CAPABILITIES
KVM: selftests: Expand negative testing of guest writes to
PERF_CAPABILITIES
KVM: selftests: Test post-KVM_RUN writes to PERF_CAPABILITIES
KVM: selftests: Drop "all done!" printf() from PERF_CAPABILITIES test
KVM: selftests: Refactor LBR_FMT test to avoid use of separate macro
KVM: selftests: Add negative testcase for PEBS format in
PERF_CAPABILITIES
KVM: selftests: Verify LBRs are disabled if vPMU is disabled
arch/x86/kvm/cpuid.c | 2 +-
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/kvm/pmu.c | 3 +
arch/x86/kvm/svm/svm.c | 2 +-
arch/x86/kvm/vmx/pmu_intel.c | 10 +
arch/x86/kvm/vmx/vmx.c | 8 +-
arch/x86/kvm/x86.c | 102 ++++---
arch/x86/kvm/x86.h | 13 +
.../selftests/kvm/include/x86_64/processor.h | 41 ++-
.../selftests/kvm/x86_64/vmx_pmu_caps_test.c | 248 ++++++++++++++----
10 files changed, 341 insertions(+), 90 deletions(-)
base-commit: 45dd9bc75d9adc9483f0c7d662ba6e73ed698a0b
Comments
On Fri, 10 Mar 2023 16:45:57 -0800, Sean Christopherson wrote: > Give feature MSRs that same treatment as CPUID and disallow changing said > MSRs after KVM_RUN. Fix a tangentially related bug in the vPMU where KVM > leaves the vLBRs enabled after userspace disables the guest's entire vPMU. > > The bulk of this series is a rework of the vmx_pmu_caps_test, a.k.a. > the PERF_CAPABILITIES selftests, to expand its coverage. In addition to > verifying that KVM rejects changes after KVM_RUN, verify other bits beyond > full-width writes and the LBR format. > > [...] Applied to kvm-x86 pmu, thanks! [01/21] KVM: x86: Rename kvm_init_msr_list() to clarify it inits multiple lists https://github.com/kvm-x86/linux/commit/b1932c5c19dd [02/21] KVM: x86: Add a helper to query whether or not a vCPU has ever run https://github.com/kvm-x86/linux/commit/fb3146b4dc3b [03/21] KVM: x86: Add macros to track first...last VMX feature MSRs https://github.com/kvm-x86/linux/commit/5757f5b95622 [04/21] KVM: x86: Generate set of VMX feature MSRs using first/last definitions https://github.com/kvm-x86/linux/commit/9eb6ba31db27 [05/21] KVM: selftests: Split PMU caps sub-tests to avoid writing MSR after KVM_RUN https://github.com/kvm-x86/linux/commit/e4d86fb910df [06/21] KVM: x86: Disallow writes to immutable feature MSRs after KVM_RUN https://github.com/kvm-x86/linux/commit/0094f62c7eaa [07/21] KVM: x86/pmu: WARN and bug the VM if PMU is refreshed after vCPU has run https://github.com/kvm-x86/linux/commit/3a6de51a437f [08/21] KVM: x86/pmu: Zero out LBR capabilities during PMU refresh https://github.com/kvm-x86/linux/commit/957d0f70e97b [09/21] KVM: selftests: Move 0/initial value PERF_CAPS checks to dedicated sub-test https://github.com/kvm-x86/linux/commit/710fb612672e [10/21] KVM: selftests: Assert that full-width PMC writes are supported if PDCM=1 https://github.com/kvm-x86/linux/commit/b1b705627cb3 [11/21] KVM: selftests: Print out failing MSR and value in vcpu_set_msr() https://github.com/kvm-x86/linux/commit/22234c2495ea [12/21] KVM: selftests: Verify KVM preserves userspace writes to "durable" MSRs https://github.com/kvm-x86/linux/commit/f138258565d1 [13/21] KVM: selftests: Drop now-redundant checks on PERF_CAPABILITIES writes https://github.com/kvm-x86/linux/commit/69713940d2b4 [14/21] KVM: selftests: Test all fungible features in PERF_CAPABILITIES https://github.com/kvm-x86/linux/commit/37f4e79c43e5 [15/21] KVM: selftests: Test all immutable non-format bits in PERF_CAPABILITIES https://github.com/kvm-x86/linux/commit/a2a34d148e75 [16/21] KVM: selftests: Expand negative testing of guest writes to PERF_CAPABILITIES https://github.com/kvm-x86/linux/commit/baa36dac6ca8 [17/21] KVM: selftests: Test post-KVM_RUN writes to PERF_CAPABILITIES https://github.com/kvm-x86/linux/commit/81fd92411264 [18/21] KVM: selftests: Drop "all done!" printf() from PERF_CAPABILITIES test https://github.com/kvm-x86/linux/commit/bc7bb0082960 [19/21] KVM: selftests: Refactor LBR_FMT test to avoid use of separate macro https://github.com/kvm-x86/linux/commit/8ac2f774b9ea [20/21] KVM: selftests: Add negative testcase for PEBS format in PERF_CAPABILITIES https://github.com/kvm-x86/linux/commit/8b95b4155523 [21/21] KVM: selftests: Verify LBRs are disabled if vPMU is disabled https://github.com/kvm-x86/linux/commit/d8f992e9fde8 -- https://github.com/kvm-x86/linux/tree/next https://github.com/kvm-x86/linux/tree/fixes