| Message ID | 20230721223711.2334426-1-seanjc@google.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp509085vqg;
Fri, 21 Jul 2023 16:00:56 -0700 (PDT)
X-Google-Smtp-Source:
APBJJlFUHWaefb/NtXtKAsE+geJsgOhTvz7Z/u8JoxZr0lEfffgqsMZk+QzJTEqy8XAlrXhlKNlM
X-Received: by 2002:a17:906:292:b0:992:a838:a564 with SMTP id
18-20020a170906029200b00992a838a564mr2493313ejf.28.1689980456064;
Fri, 21 Jul 2023 16:00:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1689980456; cv=none;
d=google.com; s=arc-20160816;
b=UR80vJ0M7EBr7lj9IRMVJIkSVSuxZ6ridmiTc172y483GKniU6W8IhSpwUYXwbDo7Q
Z31GD2oGERjcWnRqebDvKzcRtBP0NDPE7D04/kMzbu1ZESraope3aUgyKSuuCsEQv1pl
lOsr5AjLfQNUQyseHLiKTUu6fpE/87uNIb3Jbrf3o3DRTrKFG4zdqAt5R2ctAXLw4IPc
dGpBp5GKa58fj/Xq6WtGiqXldJYL0HxdgZY1bUbeQapZ0g6NGsOrf2vIsUl+CoU8xecc
Y00zlXxN74+HDewi2M6jkMjEyOtmVrZiRrdCIrO2IhE0IFkP1kRcPX2jyjSfdq7SRHlf
Fdrw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:reply-to:dkim-signature;
bh=nb2s/VVy5vEUTAq5dFAiQTgXU9RDEXhEPes4mc/LgaE=;
fh=IYltlaa/cHY4Hy0cg0M1t7DPag1CgojBjoYmgb2Gp54=;
b=iQBbPoNuzNJJKyG4GHvKUfXlD1kTLVBVQ9bEHRehug9rVcQMrR3ArY3Na+BU2uwo+c
JO3gsazUczIzT506Jh3XaAOJPxgBm0SFyMEGp3YRWTyn1D/AUCIzYJ86+8UF6v7AtORd
zASXfJjiZAt0IhoYOCf4NTEqNdbGdK9I3xULY7hDAskYxAx+W+U0Pbj2xpwzfyVoWnoQ
6ZhMGsFKE90zV1NyQs4WmdHAsFhAiJyjAV1sGGw7W0Sj9MdGvHxr/0RaUH3ju6heiFn4
oygzQZYjjRS2xvkn5E5PnaOZ1r7AOZ8Tw7CLbgV0H8dvcCBVxi9OMj9rcGS5J4T1Sisd
+iow==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20221208 header.b=hrnZx3bQ;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
b13-20020a170906490d00b00992b75dedafsi2551530ejq.507.2023.07.21.16.00.30;
Fri, 21 Jul 2023 16:00:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20221208 header.b=hrnZx3bQ;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230449AbjGUWhR (ORCPT <rfc822;assdfgzxcv4@gmail.com>
+ 99 others); Fri, 21 Jul 2023 18:37:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41498 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230321AbjGUWhQ (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 21 Jul 2023 18:37:16 -0400
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com
[IPv6:2607:f8b0:4864:20::114a])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B8C53A8C
for <linux-kernel@vger.kernel.org>;
Fri, 21 Jul 2023 15:37:14 -0700 (PDT)
Received: by mail-yw1-x114a.google.com with SMTP id
00721157ae682-58378ae25bfso25024927b3.0
for <linux-kernel@vger.kernel.org>;
Fri, 21 Jul 2023 15:37:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20221208; t=1689979033; x=1690583833;
h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc
:subject:date:message-id:reply-to;
bh=nb2s/VVy5vEUTAq5dFAiQTgXU9RDEXhEPes4mc/LgaE=;
b=hrnZx3bQTbAYbnZBbI23Btu4RUwP0QbpLJBgafmTuZQTWWdqjy6qmocK+eAwwcxsYP
IJ5OcEGMQ0ZxJ8xGPp7nhAvW1orYdk6aPUb2klwpOm9t8sVVeYbZElO3aUY7ln7UZR6H
K/rnzg1O+9xEJO4ZV2GHYtq9xPGElvC5PKdHH6KLqy7qbfkdMelBTwPBySWMlss2tDMK
9RhIMG5wuOba8ReovgRtw1d1mJi6byKm6rb1EajIXUK71ea32K93XWu8f/093LZBTz85
poWUEnh3I0h+V20ryx8r5FnL0DC+3B2yixtnsHDQMr/AQqPPK7OgZqiqA5tUKl+mEIG7
YEyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1689979033; x=1690583833;
h=cc:to:from:subject:message-id:mime-version:date:reply-to
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=nb2s/VVy5vEUTAq5dFAiQTgXU9RDEXhEPes4mc/LgaE=;
b=fGuUqFub+ek7fDL+1+baroeRxaABsTUe8CEgySERW989uSb3TiZfp2ypVjI1QVFTSp
I3Oex5iMOgaqTJer9rYR4xbyhle3P5iYOON0McKwT75c9ng9x/KibFkBfHoFZG0BuQK6
+JGgm8BQTP1j+4LfcUwnEJl2iWynobRqLZNlZPsT5tZjWmfVSVfm0B3Nj+24MPpChXte
dktIdCz5eO3gxudndNH0JRZwmcgKn2Msrn6a5dWsbRe6duhl62nZOaimXUYfSTgeDJg2
gu5Mvmd0J+74jwvdAaI5jAvV51cRYCVyKjVfjDVqQT3nKGaNzWa2+pZGpAPVwyCPchjV
v5BA==
X-Gm-Message-State: ABy/qLZgapzYESmK8eOWgtzP95lwLkIy1GzgvmD55es8NBHqvdP05Xmi
QhwQYpBxHV7Y2awyinXVHmHh5elUqwU=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a05:6902:102f:b0:c22:38c2:43de with SMTP id
x15-20020a056902102f00b00c2238c243demr23100ybt.11.1689979033628; Fri, 21 Jul
2023 15:37:13 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 21 Jul 2023 15:37:11 -0700
Mime-Version: 1.0
X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog
Message-ID: <20230721223711.2334426-1-seanjc@google.com>
Subject: [PATCH] KVM: x86/mmu: Guard against collision with KVM-defined
PFERR_IMPLICIT_ACCESS
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1772072947068224988
X-GMAIL-MSGID: 1772072947068224988
|
| Series |
KVM: x86/mmu: Guard against collision with KVM-defined PFERR_IMPLICIT_ACCESS
|
|
Commit Message
Sean Christopherson
July 21, 2023, 10:37 p.m. UTC
Add an assertion in kvm_mmu_page_fault() to ensure the error code provided
by hardware doesn't conflict with KVM's software-defined IMPLICIT_ACCESS
flag. In the unlikely scenario that future hardware starts using bit 48
for a hardware-defined flag, preserving the bit could result in KVM
incorrectly interpreting the unknown flag as KVM's IMPLICIT_ACCESS flag.
WARN so that any such conflict can be surfaced to KVM developers and
resolved, but otherwise ignore the bit as KVM can't possibly rely on a
flag it knows nothing about.
Fixes: 4f4aa80e3b88 ("KVM: X86: Handle implicit supervisor access with SMAP")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
Note, Isaku already posted an RFC version of this, but that doesn't have
Isaku's SoB, so I'm taking the easy (for me) route so that this can land
sooner than later.
https://lore.kernel.org/all/0d71b1cdd5d901478cbfd421b4b0071cce44e16a.1689893403.git.isaku.yamahata@intel.com
arch/x86/kvm/mmu/mmu.c | 11 +++++++++++
1 file changed, 11 insertions(+)
base-commit: fdf0eaf11452d72945af31804e2a1048ee1b574c
Comments
> WARN so that any such conflict can be surfaced to KVM developers and > resolved, but otherwise ignore the bit as KVM can't possibly rely on a > flag it knows nothing about. > > Fixes: 4f4aa80e3b88 ("KVM: X86: Handle implicit supervisor access with SMAP") > Signed-off-by: Sean Christopherson <seanjc@google.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Paolo
On Fri, 2023-07-21 at 15:37 -0700, Sean Christopherson wrote: > Add an assertion in kvm_mmu_page_fault() to ensure the error code provided > by hardware doesn't conflict with KVM's software-defined IMPLICIT_ACCESS > flag. In the unlikely scenario that future hardware starts using bit 48 > for a hardware-defined flag, preserving the bit could result in KVM > incorrectly interpreting the unknown flag as KVM's IMPLICIT_ACCESS flag. > > WARN so that any such conflict can be surfaced to KVM developers and > resolved, but otherwise ignore the bit as KVM can't possibly rely on a > flag it knows nothing about. > > Fixes: 4f4aa80e3b88 ("KVM: X86: Handle implicit supervisor access with SMAP") > Signed-off-by: Sean Christopherson <seanjc@google.com> Acked-by: Kai Huang <kai.huang@intel.com>
On Fri, 21 Jul 2023 15:37:11 -0700, Sean Christopherson wrote: > Add an assertion in kvm_mmu_page_fault() to ensure the error code provided > by hardware doesn't conflict with KVM's software-defined IMPLICIT_ACCESS > flag. In the unlikely scenario that future hardware starts using bit 48 > for a hardware-defined flag, preserving the bit could result in KVM > incorrectly interpreting the unknown flag as KVM's IMPLICIT_ACCESS flag. > > WARN so that any such conflict can be surfaced to KVM developers and > resolved, but otherwise ignore the bit as KVM can't possibly rely on a > flag it knows nothing about. > > [...] Applied to kvm-x86 mmu, thanks! [1/1] KVM: x86/mmu: Guard against collision with KVM-defined PFERR_IMPLICIT_ACCESS https://github.com/kvm-x86/linux/commit/3e90c27b4209 -- https://github.com/kvm-x86/linux/tree/next https://github.com/kvm-x86/linux/tree/fixes
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index ec169f5c7dce..ef554fe9f477 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5742,6 +5742,17 @@ int noinline kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u64 err int r, emulation_type = EMULTYPE_PF; bool direct = vcpu->arch.mmu->root_role.direct; + /* + * IMPLICIT_ACCESS is a KVM-defined flag used to correctly perform SMAP + * checks when emulating instructions that triggers implicit access. + * WARN if hardware generates a fault with an error code that collides + * with the KVM-defined value. Clear the flag and continue on, i.e. + * don't terminate the VM, as KVM can't possibly be relying on a flag + * that KVM doesn't know about. + */ + if (WARN_ON_ONCE(error_code & PFERR_IMPLICIT_ACCESS)) + error_code &= ~PFERR_IMPLICIT_ACCESS; + if (WARN_ON(!VALID_PAGE(vcpu->arch.mmu->root.hpa))) return RET_PF_RETRY;