From patchwork Sat Mar 11 00:45:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 6448 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp52446wrd; Fri, 10 Mar 2023 16:53:41 -0800 (PST) X-Google-Smtp-Source: AK7set9wfDRu15O34AiLCpR1OaI8vPNgcgWAuwTZhnSj7noe9qUrq14rp0n3mUUJTezlAdzGfqry X-Received: by 2002:a17:903:187:b0:199:1996:71ec with SMTP id z7-20020a170903018700b00199199671ecmr32231433plg.16.1678496021445; Fri, 10 Mar 2023 16:53:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678496021; cv=none; d=google.com; s=arc-20160816; b=tz+hWU9pfD0lVTkTT6iSgr758e4Vlgd4ezLulXuV8frUOJkl5ssduDjAwt26muKoUU 3FwsEMphKL8QQSYV+N4KdcL2YE8U9ZhtzS4fW2tOAhpyX2A27csqflsABqDb5yZUP8ME Op9ho7m5p11au9iYsGpuLM2uGLvLMSNpXNSILGrvktZEbxBJn0z03SpqXvTbubpBpKTn uttkaMwSEc7/+0+QayQZZxUzJIbrkHWCp06qyD3maTV25MQF6LyUCQDPmMEK+l007p7I BAdUlmyVBZm2Abbfx+d7HGy6+nx4GOmnF28rxFydRN9BreIyWaIkQOPDr4KCk36jo2Xw G4gQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :reply-to:dkim-signature; bh=n6jB3AffI+mzIeDfH7lhfpRtRWP3b9HQWuNQ7/qAbfQ=; b=tIjTR5elJPQ3hT0rGZY2z1t34JQZXzfyul4P6818oYnzAheAmd9bbtpPIiKAunCRm7 Shy1r1PLUo44YKFvYjMbKMxPmc5kv9lrTVqAVQ+8q3OvIj68Jhh0HBGSzgR9QNfJKSRd bXeZtDYVyTSrLM2nFcDKKgtokFKxxlqEtIX1f8lHrrhn5ojrHjwmB+laNzv4NE9+Dmqb +LuIOvZx769VTfbLqmZW/XO6ZvtUhPFunRlW769PsW0zlQCzPyvJx+HRbAKIUz2NMP6S 2hIRgN91IT8fhV+xd7G/nhvaMmus3g7KzUYuosVkxxzgwH4T5CgoFw41B66aXMvvF6ms dzqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=PCgmNstk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kr16-20020a170903081000b0019e27966ce5si1129376plb.218.2023.03.10.16.53.29; Fri, 10 Mar 2023 16:53:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=PCgmNstk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229758AbjCKAqZ (ORCPT + 99 others); Fri, 10 Mar 2023 19:46:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36488 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229623AbjCKAqX (ORCPT ); Fri, 10 Mar 2023 19:46:23 -0500 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94F7610CEAF for ; Fri, 10 Mar 2023 16:46:22 -0800 (PST) Received: by mail-pf1-x449.google.com with SMTP id cr10-20020a056a000f0a00b005cfec6c2354so3621129pfb.9 for ; Fri, 10 Mar 2023 16:46:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1678495582; h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc :subject:date:message-id:reply-to; bh=n6jB3AffI+mzIeDfH7lhfpRtRWP3b9HQWuNQ7/qAbfQ=; b=PCgmNstkwCq+t9aNKV5H7SBwehSEZfL3UigzGdkYxjcn/GyFQzTrk1CFufFxdbBzNh i/9gLASWq3yoqqRyGlIvmsN/IkOxukWHCTD0bL1z5sR5yZMZxCqSUMfEWJvKDtmLidEl 7+ft3ttv03XQlaNbqAW65LJX9HycjJ3vXOThrfLgdQTvLS0HbjzdvhCCuDOEfDfuobVd yya3y4FPNyVCRUg9VXkwBBWrVnDVhyzR9x6dUp/GxF1eXl06TKnKHrBzaP9sOJYhqlRX Iy1Um+3m635nQ/99QzaZNaDWosrLj4t6aQI/hDkit6g6wwv8USSgRcnKqooXCZZXi8PT 105Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678495582; h=cc:to:from:subject:message-id:mime-version:date:reply-to :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=n6jB3AffI+mzIeDfH7lhfpRtRWP3b9HQWuNQ7/qAbfQ=; b=VgGEGO3FzTkorUmNfFbh88FYjGk9FEikNuYZIGdGZYfuQVa5pH91INlIxvd45eA2PA nV8yCdBm7yNE6saNCDFToT4a0HB8LB3+uUnSMi9qoxEOYwlJ4Xk+0S4oTrSBWDcecNOh WDiQSzVOhk5ZPLfWsfDcEDdQXif71VWQRgcD2IczBASOAFe4HqZKDK9hiXuHESmB4xvR 0ZQl4skDAT+UK3bMslJ5wIsFpqN/YHJcyXw97Y+gNfmveUwjPl56qleO7ARXf4sMOgnt M0yzWtT1U41GVzqnPPxuBsN2hBagfsbRvttWfBSL/AH9hshAewHfH0Gx6TB6Lhybz0qU f3/g== X-Gm-Message-State: AO0yUKXyHTUw6e+eAHvwIadbPPUYz7L1rLpLI7fcDKMsS04Pm3LhqsSO m6nYhWgVxAQ0zEa3Izq3pGpGoKN+T/c= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:1a1f:0:b0:4f2:8281:8afb with SMTP id a31-20020a631a1f000000b004f282818afbmr9015323pga.4.1678495582183; Fri, 10 Mar 2023 16:46:22 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 10 Mar 2023 16:45:57 -0800 Mime-Version: 1.0 X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog Message-ID: <20230311004618.920745-1-seanjc@google.com> Subject: [PATCH v3 00/21] KVM: x86: Disallow writes to feature MSRs post-KVM_RUN From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Xiaoyao Li , Like Xu , Yu Zhang X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760030643932845026?= X-GMAIL-MSGID: =?utf-8?q?1760030643932845026?= Give feature MSRs that same treatment as CPUID and disallow changing said MSRs after KVM_RUN. Fix a tangentially related bug in the vPMU where KVM leaves the vLBRs enabled after userspace disables the guest's entire vPMU. The bulk of this series is a rework of the vmx_pmu_caps_test, a.k.a. the PERF_CAPABILITIES selftests, to expand its coverage. In addition to verifying that KVM rejects changes after KVM_RUN, verify other bits beyond full-width writes and the LBR format. Note! There is a sneaky, small, but massive change buried halfway through this series that will affect all x86 selftests. Patch Verify KVM preserves userspace writes to "durable" MSRs adds a KVM_GET_MSRS after every KVM_SET_MSRS that writes a single MSR and expects to succeeded. The intent is to opportunistically verify that KVM provides "read what you wrote" for all "durable" MSRs. The PERF_CAPS test was manually verifying this behavior, and while it seems kinda gratuitous, the coverage is quite cheap from both a performance and maintenance cost, i.e. I can't think of a reason _not_ to do it. v3: - Collect reviews. [Xiaoyao] - Fix the PMU selftests _before_ introducing the breaking KVM change. [Like] - Actually use kvm_vcpu_has_run()... [Yu] v2: https://lore.kernel.org/all/20230210003148.2646712-1-seanjc@google.com v1: https://lore.kernel.org/all/20220805172945.35412-1-seanjc@google.com Sean Christopherson (21): KVM: x86: Rename kvm_init_msr_list() to clarify it inits multiple lists KVM: x86: Add a helper to query whether or not a vCPU has ever run KVM: x86: Add macros to track first...last VMX feature MSRs KVM: x86: Generate set of VMX feature MSRs using first/last definitions KVM: selftests: Split PMU caps sub-tests to avoid writing MSR after KVM_RUN KVM: x86: Disallow writes to immutable feature MSRs after KVM_RUN KVM: x86/pmu: WARN and bug the VM if PMU is refreshed after vCPU has run KVM: x86/pmu: Zero out LBR capabilities during PMU refresh KVM: selftests: Move 0/initial value PERF_CAPS checks to dedicated sub-test KVM: selftests: Assert that full-width PMC writes are supported if PDCM=1 KVM: selftests: Print out failing MSR and value in vcpu_set_msr() KVM: selftests: Verify KVM preserves userspace writes to "durable" MSRs KVM: selftests: Drop now-redundant checks on PERF_CAPABILITIES writes KVM: selftests: Test all fungible features in PERF_CAPABILITIES KVM: selftests: Test all immutable non-format bits in PERF_CAPABILITIES KVM: selftests: Expand negative testing of guest writes to PERF_CAPABILITIES KVM: selftests: Test post-KVM_RUN writes to PERF_CAPABILITIES KVM: selftests: Drop "all done!" printf() from PERF_CAPABILITIES test KVM: selftests: Refactor LBR_FMT test to avoid use of separate macro KVM: selftests: Add negative testcase for PEBS format in PERF_CAPABILITIES KVM: selftests: Verify LBRs are disabled if vPMU is disabled arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/pmu.c | 3 + arch/x86/kvm/svm/svm.c | 2 +- arch/x86/kvm/vmx/pmu_intel.c | 10 + arch/x86/kvm/vmx/vmx.c | 8 +- arch/x86/kvm/x86.c | 102 ++++--- arch/x86/kvm/x86.h | 13 + .../selftests/kvm/include/x86_64/processor.h | 41 ++- .../selftests/kvm/x86_64/vmx_pmu_caps_test.c | 248 ++++++++++++++---- 10 files changed, 341 insertions(+), 90 deletions(-) base-commit: 45dd9bc75d9adc9483f0c7d662ba6e73ed698a0b