| Message ID | 20230210003148.2646712-8-seanjc@google.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp660664wrn;
Thu, 9 Feb 2023 16:33:46 -0800 (PST)
X-Google-Smtp-Source:
AK7set8PA2jLmxkrSVyepbg5AdOPT2Iu0YmmEgjIS4ZKTS6GJmfxD6lXqYOtyjqcVbkEtxLIMJRe
X-Received: by 2002:a05:6a20:698c:b0:c2:b228:dd8 with SMTP id
t12-20020a056a20698c00b000c2b2280dd8mr13131377pzk.3.1675989225812;
Thu, 09 Feb 2023 16:33:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1675989225; cv=none;
d=google.com; s=arc-20160816;
b=t1x0Rj9+XrDjJIXzCnSExLlbLI53EWS9NWKq60WunivXNXurN0imHIsXVDeAUGEYzG
nFOEWwZkV07/rCUtqY7eoiDdXycnSpopFV0RqViz6aKIKK2MyzcdqNE1fdMW5AuE0XBo
Yt7qq8ISerA9Jhv2N9GvxsSKR0BWspKhFquUyq4FAII/vrsM+QSzzmdUJJmzBTBjBKqO
mFHJSxu9IK5ujLhVopOHaOt8/o+YvgQkwFq/kAkelBB2PmGGCQa0YVdEgqmbjQUBfUJW
vkkbWIri8n9BnqT2IiaSYmN3fszhMLvzZfiZVtYcWcqbqmNBeX5FIEuuy7Flsnb4c60c
AhUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:references
:mime-version:in-reply-to:date:reply-to:dkim-signature;
bh=lmrHsEd1kvbCEq2I68uT6iSRNvZfXrvkq6sDzsXiSd8=;
b=YwcAcaGYH8SFSPMSIDPzzOG9IqgzPu4XTBIGRcGc8p1Z6qS61oQ4vSgJFKZBC+RoTq
WHzVfesA7rvwuupoJf3ZuHLZndMOVFci7NaiFbw7yD3EVc43h726/jAvVuIvE2PQZtsR
wjT0xkysBYQ9WT3Ywfe3INb8giE5eSyFmQzRlZlsn9dq/GcnU5gtWkaj0lBACOK4YXhu
rMlkjhMW8Ix3JHSOQPmGnq9VnHUO1fMqL7+JM4Gt76fAo2b9Nr/f8W6MjTWRMSh3OGl4
mFFC/eqBq/ZhtB0bXxO7SOTesQeN943nf2rI/TL6xxm+McZr4+VjVR+swREhtGkdZ8de
P8xQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=eFeXbUZs;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
q24-20020a656a98000000b004def536009dsi3357922pgu.180.2023.02.09.16.33.32;
Thu, 09 Feb 2023 16:33:45 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=eFeXbUZs;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230320AbjBJAcf (ORCPT <rfc822;ybw1215001957@gmail.com>
+ 99 others); Thu, 9 Feb 2023 19:32:35 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53086 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230236AbjBJAcR (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 9 Feb 2023 19:32:17 -0500
Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com
[IPv6:2607:f8b0:4864:20::1049])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1EFA6E880
for <linux-kernel@vger.kernel.org>;
Thu, 9 Feb 2023 16:32:03 -0800 (PST)
Received: by mail-pj1-x1049.google.com with SMTP id
mi18-20020a17090b4b5200b00230e56d5a44so1702774pjb.1
for <linux-kernel@vger.kernel.org>;
Thu, 09 Feb 2023 16:32:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:from:to:cc:subject:date:message-id:reply-to;
bh=lmrHsEd1kvbCEq2I68uT6iSRNvZfXrvkq6sDzsXiSd8=;
b=eFeXbUZsLbfNmRG2IC3K5Td95hJyMIBDyhLJbX7KOnO7j9qBQs4ffh7MH+DTeFYR66
GPxjZuzdYJs926CDgjuSJrEU4CZlAnm5YBPHzTt61cE605mDF0frD062wM7KlwwBlT5R
oD2TMUDVjJy1Xs9xM0JOmDVSNaPLJj7wphE07o3YIeYrupB8gBOrRAKCEFErIyMXJBux
s6tysAlHtj05f2QLU5bIke6dc1SeNxA5u+vZ6zppv5bzec2Cgae0Sk4Ttc3eMgkNWGMy
UZt09U2thAEQDY52kwh0mv/0Ie1OwtkxyTfqTMmArhrrn68GXeX0glrtW8tPE1/Yc8fp
bYFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=lmrHsEd1kvbCEq2I68uT6iSRNvZfXrvkq6sDzsXiSd8=;
b=RqszdTmFyguA3l5Bf0q27G1v+LCW5oUwA1frz05PAxYzrZsa0JldUt/0dSaTkv7rOP
za3HVhseWby6N8URrFAf+AJQwupuQ/oYmm0QYLllMG7dwq7bx/Zuyz5uAuX5wVc8SncK
W0y0fLjw2SVKM9IO46pH+AVjy5xe9qa7Vnc871CSmi7Ah4Pb9fFDQOwoYJBaRwB0dk3z
+Dxy0x+XjaZhQpuL1MhU+0RJ8cdZyXKwyzmtSksVww/1XQKtSvSXxyJdEAX2apaUmNKB
/X1eKURL9s/QFxwVGZZBdKLAQLNSzPTrXI7J39Z02r0OzpqYOqdmwPuzyRZbmrgzxj4H
sOXw==
X-Gm-Message-State: AO0yUKX+WgP0bPeDAvmglp5UVnx1U8N5KB0vsb0g78XvSLN05xw808F/
NnKmkjv1mzM6GcK4agyskcFgEFBJvko=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a63:b346:0:b0:4df:c991:3a74 with SMTP id
x6-20020a63b346000000b004dfc9913a74mr2450713pgt.94.1675989122972; Thu, 09 Feb
2023 16:32:02 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 10 Feb 2023 00:31:34 +0000
In-Reply-To: <20230210003148.2646712-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230210003148.2646712-1-seanjc@google.com>
X-Mailer: git-send-email 2.39.1.581.gbfd45094c4-goog
Message-ID: <20230210003148.2646712-8-seanjc@google.com>
Subject: [PATCH v2 07/21] KVM: x86/pmu: Zero out LBR capabilities during PMU
refresh
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Xiaoyao Li <xiaoyao.li@intel.com>,
Like Xu <like.xu.linux@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1757402078224911136?=
X-GMAIL-MSGID: =?utf-8?q?1757402078224911136?=
|
| Series |
KVM: x86: Disallow writes to feature MSRs post-KVM_RUN
|
|
Commit Message
Sean Christopherson
Feb. 10, 2023, 12:31 a.m. UTC
Zero out the LBR capabilities during PMU refresh to avoid exposing LBRs
to the guest against userspace's wishes. If userspace modifies the
guest's CPUID model or invokes KVM_CAP_PMU_CAPABILITY to disable vPMU
after an initial KVM_SET_CPUID2, but before the first KVM_RUN, KVM will
retain the previous LBR info due to bailing before refreshing the LBR
descriptor.
Note, this is a very theoretical bug, there is no known use case where a
VMM would deliberately enable the vPMU via KVM_SET_CPUID2, and then later
disable the vPMU.
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
arch/x86/kvm/vmx/pmu_intel.c | 10 ++++++++++
1 file changed, 10 insertions(+)
Comments
On 10/2/2023 8:31 am, Sean Christopherson wrote: > Note, this is a very theoretical bug, there is no known use case where a > VMM would deliberately enable the vPMU via KVM_SET_CPUID2, and then later > disable the vPMU. That's why we're getting more and more comfortable with selftests and fuzz testing on KVM interfaces. So is there a test for this ?
On Wed, Feb 15, 2023, Like Xu wrote: > On 10/2/2023 8:31 am, Sean Christopherson wrote: > > Note, this is a very theoretical bug, there is no known use case where a > > VMM would deliberately enable the vPMU via KVM_SET_CPUID2, and then later > > disable the vPMU. > > That's why we're getting more and more comfortable with selftests > and fuzz testing on KVM interfaces. So is there a test for this ? Yep, last patch in the series, "KVM: selftests: Verify LBRs are disabled if vPMU is disabled".
diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c index e8a3be0b9df9..d889bb2a1de5 100644 --- a/arch/x86/kvm/vmx/pmu_intel.c +++ b/arch/x86/kvm/vmx/pmu_intel.c @@ -531,6 +531,16 @@ static void intel_pmu_refresh(struct kvm_vcpu *vcpu) pmu->pebs_enable_mask = ~0ull; pmu->pebs_data_cfg_mask = ~0ull; + memset(&lbr_desc->records, 0, sizeof(lbr_desc->records)); + + /* + * Setting passthrough of LBR MSRs is done only in the VM-Entry loop, + * and PMU refresh is disallowed after the vCPU has run, i.e. this code + * should never be reached while KVM is passing through MSRs. + */ + if (KVM_BUG_ON(lbr_desc->msr_passthrough, vcpu->kvm)) + return; + entry = kvm_find_cpuid_entry(vcpu, 0xa); if (!entry || !vcpu->kvm->arch.enable_pmu) return;