Message ID | 20230405004520.421768-1-seanjc@google.com |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp249362vqo; Tue, 4 Apr 2023 17:50:12 -0700 (PDT) X-Google-Smtp-Source: AKy350aNl7d31A48u7g1ee1iEo9mnKsnHlzCGxSndtXxUmBH3affW9r//rXcTr2SgUUknOYPGr9f X-Received: by 2002:a05:6a20:6982:b0:cc:70df:ae20 with SMTP id t2-20020a056a20698200b000cc70dfae20mr1017843pzk.0.1680655812451; Tue, 04 Apr 2023 17:50:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680655812; cv=none; d=google.com; s=arc-20160816; b=uCXdfM8NUvdWBMjvpuKktJO6x/HcPohajTvRtpqJfFnpAbbfQVZL0/HMC3Xtg8Cqi1 bQiCXNVyTFWWGA47ZrJqK8aWHJZYYqnYHrXuRLchbVAuXzxvv5aygVVkDWYG9gom4rih WlWaPtEED+djkyf3kOTLf22njeuBxPOy/pyCi5bSmG6eepRLd/hckN/hPhjNoWfQSr2r LQFa5sp0OOEO3K01Mv7c/dSQODCmimC/hVhsyOq0QAAOe1Ml8/vYhVRPd/QyOmExK61U nbT23MM6ooz/Oq8BD8QLtWpcsXAyLnN7thy8oFiSG4GxxLi49caBXCdmvSW3ckoC9Rdi GAUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :reply-to:dkim-signature; bh=yr/0bqvdRlJJapuJ2d3ftTVbp9EO1JmQOBdaKr9lPBU=; b=MhlPJLzHKmIZI9Jk+FeWYjpxZsf5wFXmPy5SVtOVSZ4dN77Qn8yGC0KI3FFwpFeRrp FW1LOq+92mH1nKGevXDWNXYFU7Q3f16VM+/IGE7G7/hXvMVUSLj9UBtkBvgytThpnXQJ ajypIjStsMup9tWl7uB0od9NqwoOKTRljVxI4CfF+e03oP11Ik3w/pYX8yhg6TK9mKDG 697wMo1BodN7aaLpFxNfrrIlmjA+hMBlVXggU3XjpWwWv1jCJhS7Rh19FQ0Zk/5LjUUi WrNDjj43gmYqTTpBYXRjg7PrEdKisj5Y/Z4U+1scW1YtYWQcbBT3joaSbpWG70zGjn3l qhNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=d0MupX+U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d12-20020a630e0c000000b00513f16584d1si5109997pgl.465.2023.04.04.17.49.55; Tue, 04 Apr 2023 17:50:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=d0MupX+U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236587AbjDEAp0 (ORCPT <rfc822;lkml4gm@gmail.com> + 99 others); Tue, 4 Apr 2023 20:45:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230489AbjDEApY (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 4 Apr 2023 20:45:24 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DAED18E for <linux-kernel@vger.kernel.org>; Tue, 4 Apr 2023 17:45:23 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id q196-20020a632acd000000b005140cc9e00aso1746200pgq.22 for <linux-kernel@vger.kernel.org>; Tue, 04 Apr 2023 17:45:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680655523; h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc :subject:date:message-id:reply-to; bh=yr/0bqvdRlJJapuJ2d3ftTVbp9EO1JmQOBdaKr9lPBU=; b=d0MupX+URvilqybd49E3iMgN/IuNtrfkMX0C6+qK2FNexNrf3FjmJ/D8uOziC0g5pd xqx6gHPbj/jwxEcjjCnVJVWMBXqM+lUG5rQY8oiOXYsOyW9XVlcM1rhysY91dBHf4+ye F/OJU8dWi+Cb2lrDLeLH/4OBO/OsJee4wg/RA+G+LcBECYGzrhnHQmh4YyVnqBoXcOaP h0rA2wWJKRUzyh33Ob1gq3qtoZ27MOmS3UoD3ta7XSvK2FlQKcoyn15CfWA+TL3LzjbB Cq6OzXKyAD09KXOtpuiPNqcB0xoVITGLgIhP7cljkGTDqA8ovpBRzK9CGEobU46UIdTm pnIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680655523; h=cc:to:from:subject:message-id:mime-version:date:reply-to :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yr/0bqvdRlJJapuJ2d3ftTVbp9EO1JmQOBdaKr9lPBU=; b=TQhNgdSmy1sH8RC1ocTZ6kroCohWheYiaKhETxNim2eJeUZg97aFK51iEALNrvHFGV 7YW4913LHgN32PkiyqkdPdVygZZ+D3djQpBsWUVxSTh5sq8QimQwAkZ1EcuEKnVlbhIB kexkWIwuJVtWPslirxDodikXF+pN16eIWMsc0OcMYaEqWNCCy7Ar+hePg8v4XuEFa+eT S77uwtRaNqHcsZjPxhX8F1eJuTFuSc2KxgV8XGmlHnwVOkaWtxTuMi2Z4QHQhMUHueKg rGmFALy4Q43aE0Ej7glbvHD5/6RY55D/CIc3Ks8YG89eLvG72Z4WkfEFaL9ZuRZp7zS5 RQ4Q== X-Gm-Message-State: AAQBX9dYME0nMxFLC9L6L/NHTUfsjP5NLR/Frvg3EAHXZh2rZVzgW35P k1T1pzXtODxqMeY9F1OlR8cmDwz6NUQ= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:2e9a:b0:625:dac0:5263 with SMTP id fd26-20020a056a002e9a00b00625dac05263mr2356256pfb.0.1680655523046; Tue, 04 Apr 2023 17:45:23 -0700 (PDT) Reply-To: Sean Christopherson <seanjc@google.com> Date: Tue, 4 Apr 2023 17:45:14 -0700 Mime-Version: 1.0 X-Mailer: git-send-email 2.40.0.348.gf938b09366-goog Message-ID: <20230405004520.421768-1-seanjc@google.com> Subject: [PATCH v4 0/6] KVM: x86: Fix unpermitted XTILE CPUID reporting From: Sean Christopherson <seanjc@google.com> To: Sean Christopherson <seanjc@google.com>, Paolo Bonzini <pbonzini@redhat.com> Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Aaron Lewis <aaronlewis@google.com>, Mingwei Zhang <mizhang@google.com>, Jim Mattson <jmattson@google.com> Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1762295348888510045?= X-GMAIL-MSGID: =?utf-8?q?1762295348888510045?= |
Series |
KVM: x86: Fix unpermitted XTILE CPUID reporting
|
|
Message
Sean Christopherson
April 5, 2023, 12:45 a.m. UTC
This is v4 of Aaron's "Clean up the supported xfeatures" series. Fix a bug where KVM treats/reports XTILE_CFG as supported without XTILE_DATA being supported if userspace queries the supported CPUID but doesn't request access to AMX, a.k.a. XTILE_DATA. If userspace reflects that CPUID info back into KVM, the resulting VM may use it verbatim and attempt to shove bad data into XCR0: XTILE_CFG and XTILE_DATA must be set/cleared as a pair in XCR0, despite being enumerated separately. This is effectively compile-tested only on my end. v4: - Apply the massaging _only to the XTILE case. - Add a build-time assertion to trigger a failure if a new dynamic XFeature comes along without updating kvm_get_filtered_xcr0(). v3: https://lore.kernel.org/all/20230224223607.1580880-1-aaronlewis@google.com Aaron Lewis (4): KVM: x86: Add a helper to handle filtering of unpermitted XCR0 features KVM: selftests: Move XGETBV and XSETBV helpers to common code KVM: selftests: Add all known XFEATURE masks to common code KVM: selftests: Add test to verify KVM's supported XCR0 Sean Christopherson (2): KVM: x86: Filter out XTILE_CFG if XTILE_DATA isn't permitted KVM: selftests: Rework dynamic XFeature helper to take mask, not bit arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/x86.c | 4 +- arch/x86/kvm/x86.h | 29 ++++ tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/include/x86_64/processor.h | 69 +++++++-- .../selftests/kvm/lib/x86_64/processor.c | 17 ++- tools/testing/selftests/kvm/x86_64/amx_test.c | 62 +++----- .../selftests/kvm/x86_64/xcr0_cpuid_test.c | 132 ++++++++++++++++++ 8 files changed, 251 insertions(+), 65 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/xcr0_cpuid_test.c base-commit: 27d6845d258b67f4eb3debe062b7dacc67e0c393
Comments
On Tue, Apr 04, 2023, Sean Christopherson wrote: > This is v4 of Aaron's "Clean up the supported xfeatures" series. > > Fix a bug where KVM treats/reports XTILE_CFG as supported without > XTILE_DATA being supported if userspace queries the supported CPUID but > doesn't request access to AMX, a.k.a. XTILE_DATA. If userspace reflects > that CPUID info back into KVM, the resulting VM may use it verbatim and > attempt to shove bad data into XCR0: XTILE_CFG and XTILE_DATA must be > set/cleared as a pair in XCR0, despite being enumerated separately. > > This is effectively compile-tested only on my end. Aaron, can you give this series a quick spin (and review) to make sure it works as intended? I'd like to get this into 6.4, but I'd really like it to be tested on AMX hardware first.
On Mon, Apr 10, 2023 at 5:34 PM Sean Christopherson <seanjc@google.com> wrote: > > On Tue, Apr 04, 2023, Sean Christopherson wrote: > > This is v4 of Aaron's "Clean up the supported xfeatures" series. > > > > Fix a bug where KVM treats/reports XTILE_CFG as supported without > > XTILE_DATA being supported if userspace queries the supported CPUID but > > doesn't request access to AMX, a.k.a. XTILE_DATA. If userspace reflects > > that CPUID info back into KVM, the resulting VM may use it verbatim and > > attempt to shove bad data into XCR0: XTILE_CFG and XTILE_DATA must be > > set/cleared as a pair in XCR0, despite being enumerated separately. > > > > This is effectively compile-tested only on my end. > > Aaron, can you give this series a quick spin (and review) to make sure it works > as intended? I'd like to get this into 6.4, but I'd really like it to be tested > on AMX hardware first. LGTM. I ran the test on SPR and it worked as intended. I also tried it with the dynamic feature enabled, i.e. XTILEDATA, and that also worked as expected. The first run the guest XCR0 was 0x2e7 and all tests passed. The second run the guest XCR0 was 0x602e7 and all tests passed again. Reviewed-by: Aaron Lewis <aaronlewis@google.com> Tested-by: Aaron Lewis <aaronlewis@google.com>
On Tue, 04 Apr 2023 17:45:14 -0700, Sean Christopherson wrote: > This is v4 of Aaron's "Clean up the supported xfeatures" series. > > Fix a bug where KVM treats/reports XTILE_CFG as supported without > XTILE_DATA being supported if userspace queries the supported CPUID but > doesn't request access to AMX, a.k.a. XTILE_DATA. If userspace reflects > that CPUID info back into KVM, the resulting VM may use it verbatim and > attempt to shove bad data into XCR0: XTILE_CFG and XTILE_DATA must be > set/cleared as a pair in XCR0, despite being enumerated separately. > > [...] Applied to kvm-x86 selftests (due to the dependencies on the earlier AMX selftests rework). Thanks! [1/6] KVM: x86: Add a helper to handle filtering of unpermitted XCR0 features https://github.com/kvm-x86/linux/commit/6be3ae45f567 [2/6] KVM: x86: Filter out XTILE_CFG if XTILE_DATA isn't permitted https://github.com/kvm-x86/linux/commit/55cd57b596e8 [3/6] KVM: selftests: Move XGETBV and XSETBV helpers to common code https://github.com/kvm-x86/linux/commit/b213812d3f4c [4/6] KVM: selftests: Rework dynamic XFeature helper to take mask, not bit https://github.com/kvm-x86/linux/commit/7040e54fddf6 [5/6] KVM: selftests: Add all known XFEATURE masks to common code https://github.com/kvm-x86/linux/commit/28f2302584af [6/6] KVM: selftests: Add test to verify KVM's supported XCR0 https://github.com/kvm-x86/linux/commit/03a405b7a522 -- https://github.com/kvm-x86/linux/tree/next https://github.com/kvm-x86/linux/tree/fixes