From patchwork Wed Nov  8 18:29:58 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Li, Xin3" <xin3.li@intel.com>
X-Patchwork-Id: 163142
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:aa0b:0:b0:403:3b70:6f57 with SMTP id k11csp1124999vqo;
        Wed, 8 Nov 2023 11:03:50 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IGQFOnGeR7UMwpVW0hAPM7t+et9hAEO/AgDQgp/oRS9YOm7Jj0oxwf2+ICuyEjHrF3zf1m8
X-Received: by 2002:a05:6a00:3a1e:b0:6c3:402a:d54d with SMTP id
 fj30-20020a056a003a1e00b006c3402ad54dmr3078393pfb.11.1699470230058;
        Wed, 08 Nov 2023 11:03:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1699470230; cv=none;
        d=google.com; s=arc-20160816;
        b=NZnRmGmooPraqBtu9WeNhNpQ/cm/+j2jm/ccMFk8cvgWaNFVzxdMY11Tf8wNWMMjA1
         Cr1BnEdv2GhzXeB2PVzUCsAsT4uhRbBa1pDV6+ZhYHfVzx6rpPNr73cOCSfWu8nAuTi/
         2/HVqRYPjpgO9m6kGYeJ250+AM7uVyJzhV13IcUY26VHqX4OYbgXRSg9/773/LEuhrg8
         Vy43T6T10r1TE8ILUlZgmRstirAbcM4qOuvb8o+iqYw4iKrWJ9yXAYeo++Rlst5j+Q9G
         gGdaxY2BNCPsns/BWNaavoLrRn9z9oGdFl4d3zPxM8Sgu2lB4b9KGjD2iVWDe284M2LD
         0l0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=xt445Fywxq1NpefbUv1ZfSMDh0D26V6M8qXbiGg6oLk=;
        fh=jyCs2STAghiemYCMqutk2CMon3BCEX6sSSqaVLqDaaU=;
        b=gSYmGzQC9oSOeJRQahyNqw0FL7SIP5U+rTHBSDwBiTqGGRUhMBAod/36N6FqSQSnJM
         5URB31np+gR5E2m/CyAblZnnCHzNqjMjma60c1VVpBeqj2zFsgVrwEUwQXjmxRw2SI9W
         YVgRPPAVm6naseyK6dlc9bGSeQLTY3UnSxdOcdoDnYbOvXH5yEwF2aY8lrvNRvbutAil
         Zt63lIIi9JgwC1yrzdTFSkFBv2mDqHkln5wDXEqaNfR4BASwgujG2wdOACQzkolTyOcP
         0iatGiBhxwPmYTbukpe1Ke9wHIzlYxCrgGoMoFdNhZOBUctGS6yCi+/+2P9R+kkGXI8l
         ZESg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=m4G+UnkA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.38 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from fry.vger.email (fry.vger.email. [23.128.96.38])
        by mx.google.com with ESMTPS id
 j10-20020a056a00130a00b006c1691263cesi13528994pfu.291.2023.11.08.11.03.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 08 Nov 2023 11:03:50 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=m4G+UnkA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.38 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by fry.vger.email (Postfix) with ESMTP id 7CEC3805E01C;
	Wed,  8 Nov 2023 11:03:37 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233196AbjKHTBZ (ORCPT <rfc822;jaysivo@gmail.com> + 32 others);
        Wed, 8 Nov 2023 14:01:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56736 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232749AbjKHTAb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 8 Nov 2023 14:00:31 -0500
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F30612132;
        Wed,  8 Nov 2023 11:00:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1699470026; x=1731006026;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=ukS+/b5BwUHCj+QqTdfJhuP2WcGpUwcg7AQHZyyo+p8=;
  b=m4G+UnkAQRoNu38+P1kCKjofAFVvUV6r0FiYU935R73M8WSEqnr5UJ6V
   v63xRYU/pJMC1zzA24/oeD+bmCwc5sM0imvFcOmTj7JsL/1CO3qAGOwmr
   FZipAswXLEJNdhyWP4Ioz2Uay+nv/Itv78aZpDvypYxJOfxIiBaATMGCg
   LVNJtx0KMUlRBHgs/XXfuTMXkJjUkzNm64NZAG2IicHdDajB3DAGpqms1
   p9OWqONJeB1vqu9dp4DN6Ttt4f92jhYcuWKWrTDOg0YOctq26qjuQon1a
   fYbqjfNJXMIJIQhvagS2f4ZQ82ZomIcMwfN2ftPYlH33pSyTuL9MMMe06
   w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10888"; a="8486422"
X-IronPort-AV: E=Sophos;i="6.03,287,1694761200";
   d="scan'208";a="8486422"
Received: from orviesa001.jf.intel.com ([10.64.159.141])
  by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 08 Nov 2023 11:00:26 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.03,287,1694761200";
   d="scan'208";a="10892498"
Received: from unknown (HELO fred..) ([172.25.112.68])
  by orviesa001.jf.intel.com with ESMTP; 08 Nov 2023 11:00:25 -0800
From: Xin Li <xin3.li@intel.com>
To: kvm@vger.kernel.org, linux-doc@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org,
        linux-kselftest@vger.kernel.org
Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net,
        kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org,
        decui@microsoft.com, tglx@linutronix.de, mingo@redhat.com,
        bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org,
        hpa@zytor.com, vkuznets@redhat.com, peterz@infradead.org,
        ravi.v.shankar@intel.com
Subject: [PATCH v1 18/23] KVM: nVMX: Add VMCS FRED states checking
Date: Wed,  8 Nov 2023 10:29:58 -0800
Message-ID: <20231108183003.5981-19-xin3.li@intel.com>
X-Mailer: git-send-email 2.42.0
In-Reply-To: <20231108183003.5981-1-xin3.li@intel.com>
References: <20231108183003.5981-1-xin3.li@intel.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]);
 Wed, 08 Nov 2023 11:03:37 -0800 (PST)
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1782023696087981084
X-GMAIL-MSGID: 1782023696087981084

Add FRED related VMCS fields checkings.

As real hardware, nested VMX performs checks on various VMCS fields,
including both controls and guest/host states.  With the introduction
of VMX FRED, add FRED related VMCS fields checkings.

Tested-by: Shan Kang <shan.kang@intel.com>
Signed-off-by: Xin Li <xin3.li@intel.com>
---
 arch/x86/kvm/vmx/nested.c | 70 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 69 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index b85cd5c0ec98..bbfa09d575d3 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2940,6 +2940,7 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu,
 					  struct vmcs12 *vmcs12)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
+	bool fred_enabled = !!(vmcs12->guest_cr4 & X86_CR4_FRED);
 
 	if (CC(!vmx_control_verify(vmcs12->vm_entry_controls,
 				    vmx->nested.msrs.entry_ctls_low,
@@ -2958,6 +2959,7 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu,
 		u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK;
 		bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK;
 		bool should_have_error_code;
+		bool has_nested_exception = vmx->nested.msrs.basic & VMX_BASIC_NESTED_EXCEPTION;
 		bool urg = nested_cpu_has2(vmcs12,
 					   SECONDARY_EXEC_UNRESTRICTED_GUEST);
 		bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE;
@@ -2971,7 +2973,9 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu,
 		/* VM-entry interruption-info field: vector */
 		if (CC(intr_type == INTR_TYPE_NMI_INTR && vector != NMI_VECTOR) ||
 		    CC(intr_type == INTR_TYPE_HARD_EXCEPTION && vector > 31) ||
-		    CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0))
+		    CC(intr_type == INTR_TYPE_OTHER_EVENT &&
+		       ((!fred_enabled && vector > 0) ||
+		        (fred_enabled && vector > 2))))
 			return -EINVAL;
 
 		/* VM-entry interruption-info field: deliver error code */
@@ -2990,6 +2994,15 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu,
 		if (CC(intr_info & INTR_INFO_RESVD_BITS_MASK))
 			return -EINVAL;
 
+		/*
+		 * When the CPU enumerates VMX nested-exception support, bit 13
+		 * (set to indicate a nested exception) of the intr info field
+		 * may have value 1. Otherwise the bit 13 is reserved.
+		 */
+		if (CC(!has_nested_exception &&
+		       (intr_info & INTR_INFO_NESTED_EXCEPTION_MASK)))
+			return -EINVAL;
+
 		/* VM-entry instruction length */
 		switch (intr_type) {
 		case INTR_TYPE_SOFT_EXCEPTION:
@@ -2999,6 +3012,12 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu,
 			    CC(vmcs12->vm_entry_instruction_len == 0 &&
 			    CC(!nested_cpu_has_zero_length_injection(vcpu))))
 				return -EINVAL;
+			break;
+		case INTR_TYPE_OTHER_EVENT:
+			if (fred_enabled && (vector == 1 || vector == 2))
+				if (CC(vmcs12->vm_entry_instruction_len > 15))
+					return -EINVAL;
+			break;
 		}
 	}
 
@@ -3056,14 +3075,31 @@ static int nested_vmx_check_host_state(struct kvm_vcpu *vcpu,
 					   vmcs12->host_ia32_perf_global_ctrl)))
 		return -EINVAL;
 
+	/* Host FRED state checking */
 	if (ia32e) {
 		if (CC(!(vmcs12->host_cr4 & X86_CR4_PAE)))
 			return -EINVAL;
+		if (vmcs12->vm_exit_controls & VM_EXIT_ACTIVATE_SECONDARY_CONTROLS &&
+		    vmcs12->secondary_vm_exit_controls & SECONDARY_VM_EXIT_LOAD_IA32_FRED) {
+			/* Bit 2, bits 5:4, and bit 11 of the IA32_FRED_CONFIG must be zero */
+			if (CC(vmcs12->host_ia32_fred_config & 0x834) ||
+			    CC(vmcs12->host_ia32_fred_rsp1 & 0x3F) ||
+			    CC(vmcs12->host_ia32_fred_rsp2 & 0x3F) ||
+			    CC(vmcs12->host_ia32_fred_rsp3 & 0x3F))
+				return -EINVAL;
+			if (CC(is_noncanonical_address(vmcs12->host_ia32_fred_config & ~0xFFFULL, vcpu)) ||
+			    CC(is_noncanonical_address(vmcs12->host_ia32_fred_rsp1, vcpu)) ||
+			    CC(is_noncanonical_address(vmcs12->host_ia32_fred_rsp2, vcpu)) ||
+			    CC(is_noncanonical_address(vmcs12->host_ia32_fred_rsp3, vcpu)))
+				return -EINVAL;
+		}
 	} else {
 		if (CC(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) ||
 		    CC(vmcs12->host_cr4 & X86_CR4_PCIDE) ||
 		    CC((vmcs12->host_rip) >> 32))
 			return -EINVAL;
+		if (CC(vmcs12->host_cr4 & X86_CR4_FRED))
+			return -EINVAL;
 	}
 
 	if (CC(vmcs12->host_cs_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) ||
@@ -3205,6 +3241,38 @@ static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu,
 	     CC((vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD))))
 		return -EINVAL;
 
+	/* Guest FRED state checking */
+	if (ia32e) {
+		if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_FRED) {
+			/* Bit 2, bits 5:4, and bit 11 of the IA32_FRED_CONFIG must be zero */
+			if (CC(vmcs12->guest_ia32_fred_config & 0x834) ||
+			    CC(vmcs12->guest_ia32_fred_rsp1 & 0x3F) ||
+			    CC(vmcs12->guest_ia32_fred_rsp2 & 0x3F) ||
+			    CC(vmcs12->guest_ia32_fred_rsp3 & 0x3F))
+				return -EINVAL;
+			if (CC(is_noncanonical_address(vmcs12->guest_ia32_fred_config & ~0xFFFULL, vcpu)) ||
+			    CC(is_noncanonical_address(vmcs12->guest_ia32_fred_rsp1, vcpu)) ||
+			    CC(is_noncanonical_address(vmcs12->guest_ia32_fred_rsp2, vcpu)) ||
+			    CC(is_noncanonical_address(vmcs12->guest_ia32_fred_rsp3, vcpu)))
+				return -EINVAL;
+		}
+		if (vmcs12->guest_cr4 & X86_CR4_FRED) {
+			unsigned int ss_dpl = VMX_AR_DPL(vmcs12->guest_ss_ar_bytes);
+			if (CC(ss_dpl == 1 || ss_dpl == 2))
+				return -EINVAL;
+			if (ss_dpl == 0 &&
+			    CC(!(vmcs12->guest_cs_ar_bytes & VMX_AR_L_MASK)))
+				return -EINVAL;
+			if (ss_dpl == 3 &&
+			    (CC(vmcs12->guest_rflags & X86_EFLAGS_IOPL) ||
+			     CC(vmcs12->guest_interruptibility_info & GUEST_INTR_STATE_STI)))
+				return -EINVAL;
+		}
+	} else {
+		if (CC(vmcs12->guest_cr4 & X86_CR4_FRED))
+			return -EINVAL;
+	}
+
 	if (nested_check_guest_non_reg_state(vmcs12))
 		return -EINVAL;