| Message ID | 20230405004520.421768-1-seanjc@google.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp249362vqo;
Tue, 4 Apr 2023 17:50:12 -0700 (PDT)
X-Google-Smtp-Source:
AKy350aNl7d31A48u7g1ee1iEo9mnKsnHlzCGxSndtXxUmBH3affW9r//rXcTr2SgUUknOYPGr9f
X-Received: by 2002:a05:6a20:6982:b0:cc:70df:ae20 with SMTP id
t2-20020a056a20698200b000cc70dfae20mr1017843pzk.0.1680655812451;
Tue, 04 Apr 2023 17:50:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680655812; cv=none;
d=google.com; s=arc-20160816;
b=uCXdfM8NUvdWBMjvpuKktJO6x/HcPohajTvRtpqJfFnpAbbfQVZL0/HMC3Xtg8Cqi1
bQiCXNVyTFWWGA47ZrJqK8aWHJZYYqnYHrXuRLchbVAuXzxvv5aygVVkDWYG9gom4rih
WlWaPtEED+djkyf3kOTLf22njeuBxPOy/pyCi5bSmG6eepRLd/hckN/hPhjNoWfQSr2r
LQFa5sp0OOEO3K01Mv7c/dSQODCmimC/hVhsyOq0QAAOe1Ml8/vYhVRPd/QyOmExK61U
nbT23MM6ooz/Oq8BD8QLtWpcsXAyLnN7thy8oFiSG4GxxLi49caBXCdmvSW3ckoC9Rdi
GAUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:reply-to:dkim-signature;
bh=yr/0bqvdRlJJapuJ2d3ftTVbp9EO1JmQOBdaKr9lPBU=;
b=MhlPJLzHKmIZI9Jk+FeWYjpxZsf5wFXmPy5SVtOVSZ4dN77Qn8yGC0KI3FFwpFeRrp
FW1LOq+92mH1nKGevXDWNXYFU7Q3f16VM+/IGE7G7/hXvMVUSLj9UBtkBvgytThpnXQJ
ajypIjStsMup9tWl7uB0od9NqwoOKTRljVxI4CfF+e03oP11Ik3w/pYX8yhg6TK9mKDG
697wMo1BodN7aaLpFxNfrrIlmjA+hMBlVXggU3XjpWwWv1jCJhS7Rh19FQ0Zk/5LjUUi
WrNDjj43gmYqTTpBYXRjg7PrEdKisj5Y/Z4U+1scW1YtYWQcbBT3joaSbpWG70zGjn3l
qhNA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=d0MupX+U;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
d12-20020a630e0c000000b00513f16584d1si5109997pgl.465.2023.04.04.17.49.55;
Tue, 04 Apr 2023 17:50:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=d0MupX+U;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S236587AbjDEAp0 (ORCPT <rfc822;lkml4gm@gmail.com> + 99 others);
Tue, 4 Apr 2023 20:45:26 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56384 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230489AbjDEApY (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 4 Apr 2023 20:45:24 -0400
Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com
[IPv6:2607:f8b0:4864:20::549])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DAED18E
for <linux-kernel@vger.kernel.org>;
Tue, 4 Apr 2023 17:45:23 -0700 (PDT)
Received: by mail-pg1-x549.google.com with SMTP id
q196-20020a632acd000000b005140cc9e00aso1746200pgq.22
for <linux-kernel@vger.kernel.org>;
Tue, 04 Apr 2023 17:45:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112; t=1680655523;
h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc
:subject:date:message-id:reply-to;
bh=yr/0bqvdRlJJapuJ2d3ftTVbp9EO1JmQOBdaKr9lPBU=;
b=d0MupX+URvilqybd49E3iMgN/IuNtrfkMX0C6+qK2FNexNrf3FjmJ/D8uOziC0g5pd
xqx6gHPbj/jwxEcjjCnVJVWMBXqM+lUG5rQY8oiOXYsOyW9XVlcM1rhysY91dBHf4+ye
F/OJU8dWi+Cb2lrDLeLH/4OBO/OsJee4wg/RA+G+LcBECYGzrhnHQmh4YyVnqBoXcOaP
h0rA2wWJKRUzyh33Ob1gq3qtoZ27MOmS3UoD3ta7XSvK2FlQKcoyn15CfWA+TL3LzjbB
Cq6OzXKyAD09KXOtpuiPNqcB0xoVITGLgIhP7cljkGTDqA8ovpBRzK9CGEobU46UIdTm
pnIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1680655523;
h=cc:to:from:subject:message-id:mime-version:date:reply-to
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=yr/0bqvdRlJJapuJ2d3ftTVbp9EO1JmQOBdaKr9lPBU=;
b=TQhNgdSmy1sH8RC1ocTZ6kroCohWheYiaKhETxNim2eJeUZg97aFK51iEALNrvHFGV
7YW4913LHgN32PkiyqkdPdVygZZ+D3djQpBsWUVxSTh5sq8QimQwAkZ1EcuEKnVlbhIB
kexkWIwuJVtWPslirxDodikXF+pN16eIWMsc0OcMYaEqWNCCy7Ar+hePg8v4XuEFa+eT
S77uwtRaNqHcsZjPxhX8F1eJuTFuSc2KxgV8XGmlHnwVOkaWtxTuMi2Z4QHQhMUHueKg
rGmFALy4Q43aE0Ej7glbvHD5/6RY55D/CIc3Ks8YG89eLvG72Z4WkfEFaL9ZuRZp7zS5
RQ4Q==
X-Gm-Message-State: AAQBX9dYME0nMxFLC9L6L/NHTUfsjP5NLR/Frvg3EAHXZh2rZVzgW35P
k1T1pzXtODxqMeY9F1OlR8cmDwz6NUQ=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a05:6a00:2e9a:b0:625:dac0:5263 with SMTP id
fd26-20020a056a002e9a00b00625dac05263mr2356256pfb.0.1680655523046; Tue, 04
Apr 2023 17:45:23 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 4 Apr 2023 17:45:14 -0700
Mime-Version: 1.0
X-Mailer: git-send-email 2.40.0.348.gf938b09366-goog
Message-ID: <20230405004520.421768-1-seanjc@google.com>
Subject: [PATCH v4 0/6] KVM: x86: Fix unpermitted XTILE CPUID reporting
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Aaron Lewis <aaronlewis@google.com>,
Mingwei Zhang <mizhang@google.com>,
Jim Mattson <jmattson@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-7.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1762295348888510045?=
X-GMAIL-MSGID: =?utf-8?q?1762295348888510045?=
|
| Series |
KVM: x86: Fix unpermitted XTILE CPUID reporting
|
|
Message
Sean Christopherson
April 5, 2023, 12:45 a.m. UTC
This is v4 of Aaron's "Clean up the supported xfeatures" series.
Fix a bug where KVM treats/reports XTILE_CFG as supported without
XTILE_DATA being supported if userspace queries the supported CPUID but
doesn't request access to AMX, a.k.a. XTILE_DATA. If userspace reflects
that CPUID info back into KVM, the resulting VM may use it verbatim and
attempt to shove bad data into XCR0: XTILE_CFG and XTILE_DATA must be
set/cleared as a pair in XCR0, despite being enumerated separately.
This is effectively compile-tested only on my end.
v4:
- Apply the massaging _only to the XTILE case.
- Add a build-time assertion to trigger a failure if a new dynamic
XFeature comes along without updating kvm_get_filtered_xcr0().
v3: https://lore.kernel.org/all/20230224223607.1580880-1-aaronlewis@google.com
Aaron Lewis (4):
KVM: x86: Add a helper to handle filtering of unpermitted XCR0
features
KVM: selftests: Move XGETBV and XSETBV helpers to common code
KVM: selftests: Add all known XFEATURE masks to common code
KVM: selftests: Add test to verify KVM's supported XCR0
Sean Christopherson (2):
KVM: x86: Filter out XTILE_CFG if XTILE_DATA isn't permitted
KVM: selftests: Rework dynamic XFeature helper to take mask, not bit
arch/x86/kvm/cpuid.c | 2 +-
arch/x86/kvm/x86.c | 4 +-
arch/x86/kvm/x86.h | 29 ++++
tools/testing/selftests/kvm/Makefile | 1 +
.../selftests/kvm/include/x86_64/processor.h | 69 +++++++--
.../selftests/kvm/lib/x86_64/processor.c | 17 ++-
tools/testing/selftests/kvm/x86_64/amx_test.c | 62 +++-----
.../selftests/kvm/x86_64/xcr0_cpuid_test.c | 132 ++++++++++++++++++
8 files changed, 251 insertions(+), 65 deletions(-)
create mode 100644 tools/testing/selftests/kvm/x86_64/xcr0_cpuid_test.c
base-commit: 27d6845d258b67f4eb3debe062b7dacc67e0c393
Comments
On Tue, Apr 04, 2023, Sean Christopherson wrote: > This is v4 of Aaron's "Clean up the supported xfeatures" series. > > Fix a bug where KVM treats/reports XTILE_CFG as supported without > XTILE_DATA being supported if userspace queries the supported CPUID but > doesn't request access to AMX, a.k.a. XTILE_DATA. If userspace reflects > that CPUID info back into KVM, the resulting VM may use it verbatim and > attempt to shove bad data into XCR0: XTILE_CFG and XTILE_DATA must be > set/cleared as a pair in XCR0, despite being enumerated separately. > > This is effectively compile-tested only on my end. Aaron, can you give this series a quick spin (and review) to make sure it works as intended? I'd like to get this into 6.4, but I'd really like it to be tested on AMX hardware first.
On Mon, Apr 10, 2023 at 5:34 PM Sean Christopherson <seanjc@google.com> wrote: > > On Tue, Apr 04, 2023, Sean Christopherson wrote: > > This is v4 of Aaron's "Clean up the supported xfeatures" series. > > > > Fix a bug where KVM treats/reports XTILE_CFG as supported without > > XTILE_DATA being supported if userspace queries the supported CPUID but > > doesn't request access to AMX, a.k.a. XTILE_DATA. If userspace reflects > > that CPUID info back into KVM, the resulting VM may use it verbatim and > > attempt to shove bad data into XCR0: XTILE_CFG and XTILE_DATA must be > > set/cleared as a pair in XCR0, despite being enumerated separately. > > > > This is effectively compile-tested only on my end. > > Aaron, can you give this series a quick spin (and review) to make sure it works > as intended? I'd like to get this into 6.4, but I'd really like it to be tested > on AMX hardware first. LGTM. I ran the test on SPR and it worked as intended. I also tried it with the dynamic feature enabled, i.e. XTILEDATA, and that also worked as expected. The first run the guest XCR0 was 0x2e7 and all tests passed. The second run the guest XCR0 was 0x602e7 and all tests passed again. Reviewed-by: Aaron Lewis <aaronlewis@google.com> Tested-by: Aaron Lewis <aaronlewis@google.com>
On Tue, 04 Apr 2023 17:45:14 -0700, Sean Christopherson wrote: > This is v4 of Aaron's "Clean up the supported xfeatures" series. > > Fix a bug where KVM treats/reports XTILE_CFG as supported without > XTILE_DATA being supported if userspace queries the supported CPUID but > doesn't request access to AMX, a.k.a. XTILE_DATA. If userspace reflects > that CPUID info back into KVM, the resulting VM may use it verbatim and > attempt to shove bad data into XCR0: XTILE_CFG and XTILE_DATA must be > set/cleared as a pair in XCR0, despite being enumerated separately. > > [...] Applied to kvm-x86 selftests (due to the dependencies on the earlier AMX selftests rework). Thanks! [1/6] KVM: x86: Add a helper to handle filtering of unpermitted XCR0 features https://github.com/kvm-x86/linux/commit/6be3ae45f567 [2/6] KVM: x86: Filter out XTILE_CFG if XTILE_DATA isn't permitted https://github.com/kvm-x86/linux/commit/55cd57b596e8 [3/6] KVM: selftests: Move XGETBV and XSETBV helpers to common code https://github.com/kvm-x86/linux/commit/b213812d3f4c [4/6] KVM: selftests: Rework dynamic XFeature helper to take mask, not bit https://github.com/kvm-x86/linux/commit/7040e54fddf6 [5/6] KVM: selftests: Add all known XFEATURE masks to common code https://github.com/kvm-x86/linux/commit/28f2302584af [6/6] KVM: selftests: Add test to verify KVM's supported XCR0 https://github.com/kvm-x86/linux/commit/03a405b7a522 -- https://github.com/kvm-x86/linux/tree/next https://github.com/kvm-x86/linux/tree/fixes