From patchwork Thu Apr 20 13:37:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 85929 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp380401vqo; Thu, 20 Apr 2023 07:31:24 -0700 (PDT) X-Google-Smtp-Source: AKy350Y9Om7QTDEq/n/UPcD+67u5UclvZbES0RvbCQZgifbXzXLMEGQ6VAJ5qw42ygOtz6L1oqxy X-Received: by 2002:a6b:5918:0:b0:763:5f38:6e3e with SMTP id n24-20020a6b5918000000b007635f386e3emr1490470iob.3.1682001083910; Thu, 20 Apr 2023 07:31:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682001083; cv=none; d=google.com; s=arc-20160816; b=iQzT6MVhif+AmPRxr7W3d5nLdDF/H3zVncmrhA2ALgk3lx/W4D+SYRoQOpqk3Rw8lN R0gKM4Kyb4BQkNDesFtyp3z+8w72fV6kgd1bMU6ODD0yE36Np8iuq5W7aPtLrVYpAO/U jpYAdBjnFnyZ+V8utJ8GgVggFQEDjWj9JPOArJqLRaluYIuo8QHLn1OFCXKsgLRmbLQj pmIq/yKSvKSoTlQmpNn7cnogAFaEr98CFPgm6CF1hf7O4Bq/2F6LUjs2hpeNM3+zsSQG c3ZlzAaNYDl/MR1fKY1G1D5QdfW4u788zLoMzkyOn0gZns5ir/br3OdOSCSLytvnlZrP 0dCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=OFBNAHFFF+2AQRmEQ9D4oPWz8uYJ9+J28G3qOemhnYk=; b=gXX34+DorlvTxEPzOYY3wGIHnNQ6axVVbrZTIzppiWysMJcOw6/bKuZearkO0dDKf1 Abv/V4+IFtxq0zXBnO7FrhX5AInqLtXvjOfLLuKaV+gSyLD1RC3z3xcxREi+BR24TSvh uduEeHtYqyXGl19O7QKw6N5B1vT4wA5gktvQTZhJGQkwn1Fy9zvQ0svR2UQWnfkZ1Vnm 2s9aU+mFLgegPrObY63SbaZg/qlEa+YjApyxzcylgRJ1IFMBQ2TyiZmKix2DHzXIpALS XC3NdUlf2p9l/vvA+iHLDhTR5iGZh/w1y0plPTo99Em2owauQB/DmAKRVQplZdWnkunV wnhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=i1G+nSwS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g35-20020a028526000000b0040f6694877fsi1601274jai.106.2023.04.20.07.31.04; Thu, 20 Apr 2023 07:31:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=i1G+nSwS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231987AbjDTOQW (ORCPT + 99 others); Thu, 20 Apr 2023 10:16:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39534 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231928AbjDTOQQ (ORCPT ); Thu, 20 Apr 2023 10:16:16 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 070D64217; Thu, 20 Apr 2023 07:16:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682000175; x=1713536175; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=X5UoG8xozByeuHc7S3vpOJzvxFI1farY3KuVu17e7rI=; b=i1G+nSwSA3A/rIQhPBT0v/OzlJBcAwumWOj9gIYVd3wNc8/8p6TRMtWx iev1XfOCWlYOvonefpGvtKruF9q1IYjr1hWTMtugs3P0gH/nrCrRfXih/ 9bS38O/3ySWmIoN396nteyaq3sTvxapc4xrPPL2YsxSfAaXksUC70+Lw+ Fn5GoqtkP2ZDeoLkbY6/9Qs+d2GVZZIKxRjf+t92nNziyU5DVeqM4+FzX GWYgJ48RCWH6nY5xCFN07D1U2cpORw5kAWZrekH2JFKYkZdQgT97m9/Kn V2qZiD9nJvLH8yPqfZ4O1Z9uCfwIUBYMAOR7ZUlFYCSZtLMee2Q+cd3cs A==; X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="343217782" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="343217782" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="816028815" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="816028815" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.53]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:00 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Gao Chao , Zeng Guang Subject: [PATCH 1/6] KVM: x86: Virtualize CR4.LASS Date: Thu, 20 Apr 2023 21:37:19 +0800 Message-Id: <20230420133724.11398-2-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230420133724.11398-1-guang.zeng@intel.com> References: <20230420133724.11398-1-guang.zeng@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1763705968171085596?= X-GMAIL-MSGID: =?utf-8?q?1763705968171085596?= Virtualize CR4.LASS[bit 27] under KVM control instead of being guest-owned as CR4.LASS generally set once for each vCPU at boot time and won't be toggled at runtime. Besides, only if VM has LASS capability enumerated with CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], KVM allows guest software to be able to set CR4.LASS. By design CR4.LASS can be manipulated by nested guest as well. Notes: Setting CR4.LASS to 1 enable LASS in IA-32e mode. It doesn't take effect in legacy mode even if CR4.LASS is set. Signed-off-by: Zeng Guang Reviewed-by: Binbin Wu --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/vmx/vmx.c | 3 +++ arch/x86/kvm/x86.h | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 6aaae18f1854..8ff89a52ef66 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -125,7 +125,7 @@ | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \ | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ - | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP)) + | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP | X86_CR4_LASS)) #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 43ff3276918b..c923d7599d71 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7569,6 +7569,9 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP)); cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57)); + entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 1); + cr4_fixed1_update(X86_CR4_LASS, eax, feature_bit(LASS)); + #undef cr4_fixed1_update } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 7c8a30d44c29..218f4c73789a 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -475,6 +475,8 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits |= X86_CR4_VMXE; \ if (!__cpu_has(__c, X86_FEATURE_PCID)) \ __reserved_bits |= X86_CR4_PCIDE; \ + if (!__cpu_has(__c, X86_FEATURE_LASS)) \ + __reserved_bits |= X86_CR4_LASS; \ __reserved_bits; \ }) From patchwork Thu Apr 20 13:37:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 85926 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp372716vqo; Thu, 20 Apr 2023 07:19:55 -0700 (PDT) X-Google-Smtp-Source: AKy350azk6YbPZi/SU0fIrlcZnextv1Kxn9Py+zUn8NSRwr8oclUVP+3bZWA0cohzmLVwIlcsaYm X-Received: by 2002:a17:902:fac6:b0:1a9:30eb:3314 with SMTP id ld6-20020a170902fac600b001a930eb3314mr1518603plb.31.1682000395381; Thu, 20 Apr 2023 07:19:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682000395; cv=none; d=google.com; s=arc-20160816; b=NsoZYRe7heuB6pwEjfQ28IP2WYIRzAh+DYPd5Ze9kk9+bMu6sDdQi/tyToKCu40WhZ 8IxMsBBTthd04h9UZgzEdFo5rI6VCHSjjjLBHugqER7dJeq+HyWWAK+RJfBlHWtvhgvK kYCdcT4+zuKn6OJpT0Xk62ylIieE7L26NdC/IPXC+SPVHS7yVczrWVnzhTUTCh/fujPN c+GhiksVDGo40Pw4JXY5n1pzLm96ydBXa5U24n2L19mCLe4izLTUPa8mnHiKJ3XY5PL7 ZquZbF1HdZliHPiwHfa9Bwf919xW7kNYQEugAvSMi9wUIbHqmnojq35aaHRROIJG5mOD iyfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=K6kMkiob2g08Hj/xrUVhMCA82YbCGmDKJqTKusyQGVc=; b=IgiOScVSfpPYTsTBvBJG0Rbrlx4jCthaGzt7Yip1PBhwG+siDZGy3GbLfUTPwPblsV i0FawnWy3qSf9BLiAXTt4CvLk8J1gJuS4ju49IKdBKF0GwPEYkOPvMOYIYbJB/jd3XYx Lrx8kC2iWLwQpb2e+vp/SDgA81KtHkFNWoTHdQ+Jw/Ak0J0IbadZXW4M+wt6w25IDkPv JaLbbERIPfRNPOvBn9v34wqUm/rmaDDhHIOFh7H877qx3avA/LZ0lfiNAEg7Z8yZFHzx KOabJfOReQQLiUjnum82tXlJy0YdY9pPF8Da9l+XEWAHsLyUXaqP2Su8ljGixGIg0NBP S6CA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="ADzl7iY/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i9-20020a1709026ac900b001a20296932fsi1765300plt.538.2023.04.20.07.19.41; Thu, 20 Apr 2023 07:19:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="ADzl7iY/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232029AbjDTOQ0 (ORCPT + 99 others); Thu, 20 Apr 2023 10:16:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39524 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231933AbjDTOQR (ORCPT ); Thu, 20 Apr 2023 10:16:17 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1349A449D; Thu, 20 Apr 2023 07:16:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682000176; x=1713536176; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=8vcqBoPnJSsP+PR1vJco3USQMMRGQCpM1hb/P9YwlSA=; b=ADzl7iY/e2QalQndR+u7ksiViYrax1kHYFcrYyBakxt5E6xxOO4UIoDQ ZpCixLwPLvwrQZHj8XVsK4asqZR9riZUcbU5eykkxDn3Ibcupv98kaHkr iwAdL3FyGrKo/KN+vvs4IRvIVLSpG9QBduMS/ff/renm/G4aQ/wO1g0+L VFtvtA+jbmhFR9c6OJPO6eH2NumFywRit6twF73GosmwB1dFws3QMQFxQ GEKmyEWi2aSi8qmgP+qYAXtElo9c3YI1YC7ovSRruAKt312qMuxSXqlRD K3r2o7YAkq9jj3lB19EuLLsayhC2WSodf0hdbTiYbnSrJxrxwz6wfccDW Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="343217803" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="343217803" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="816028837" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="816028837" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.53]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:03 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Gao Chao , Zeng Guang Subject: [PATCH 2/6] KVM: VMX: Add new ops in kvm_x86_ops for LASS violation check Date: Thu, 20 Apr 2023 21:37:20 +0800 Message-Id: <20230420133724.11398-3-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230420133724.11398-1-guang.zeng@intel.com> References: <20230420133724.11398-1-guang.zeng@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1763705246471930179?= X-GMAIL-MSGID: =?utf-8?q?1763705246471930179?= Intel introduce LASS (Linear Address Separation) feature providing an independent mechanism to achieve the mode-based protection. LASS partitions 64-bit linear address space into two halves, user-mode address (LA[bit 63]=0) and supervisor-mode address (LA[bit 63]=1). It stops any code execution or data access 1. from user mode to supervisor-mode address space 2. from supervisor mode to user-mode address space and generates LASS violation fault accordingly. A supervisor mode data access causes a LASS violation only if supervisor mode access protection is enabled (CR4.SMAP = 1) and either RFLAGS.AC = 0 or the access implicitly accesses a system data structure. Following are the rule of LASS violation check on the linear address(LA). User access to supervisor-mode address space: LA[bit 63] && (CPL == 3) Supervisor access to user-mode address space: Instruction fetch: !LA[bit 63] && (CPL < 3) Data access: !LA[bit 63] && (CR4.SMAP==1) && ((RFLAGS.AC == 0 && CPL < 3) || Implicit supervisor access) Add new ops in kvm_x86_ops to do LASS violation check. Signed-off-by: Zeng Guang --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 5 +++ arch/x86/kvm/vmx/vmx.c | 55 ++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/vmx.h | 2 ++ 4 files changed, 63 insertions(+) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index abccd51dcfca..f76c07f2674b 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -131,6 +131,7 @@ KVM_X86_OP(msr_filter_changed) KVM_X86_OP(complete_emulated_msr) KVM_X86_OP(vcpu_deliver_sipi_vector) KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons); +KVM_X86_OP_OPTIONAL_RET0(check_lass); #undef KVM_X86_OP #undef KVM_X86_OP_OPTIONAL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 8ff89a52ef66..31fb8699a1ff 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -69,6 +69,9 @@ #define KVM_X86_NOTIFY_VMEXIT_VALID_BITS (KVM_X86_NOTIFY_VMEXIT_ENABLED | \ KVM_X86_NOTIFY_VMEXIT_USER) +/* x86-specific emulation flags */ +#define KVM_X86_EMULFLAG_SKIP_LASS _BITULL(1) + /* x86-specific vcpu->requests bit members */ #define KVM_REQ_MIGRATE_TIMER KVM_ARCH_REQ(0) #define KVM_REQ_REPORT_TPR_ACCESS KVM_ARCH_REQ(1) @@ -1706,6 +1709,8 @@ struct kvm_x86_ops { * Returns vCPU specific APICv inhibit reasons */ unsigned long (*vcpu_get_apicv_inhibit_reasons)(struct kvm_vcpu *vcpu); + + bool (*check_lass)(struct kvm_vcpu *vcpu, u64 access, u64 la, u64 flags); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index c923d7599d71..581327ede66a 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8070,6 +8070,59 @@ static void vmx_vm_destroy(struct kvm *kvm) free_pages((unsigned long)kvm_vmx->pid_table, vmx_get_pid_table_order(kvm)); } +/* + * Determine whether an access to the linear address causes a LASS violation. + * LASS protection is only effective in long mode. As a prerequisite, caller + * should make sure VM running in long mode and invoke this api to do LASS + * violation check. + */ +bool __vmx_check_lass(struct kvm_vcpu *vcpu, u64 access, u64 la, u64 flags) +{ + bool user_mode, user_as, rflags_ac; + + if (!!(flags & KVM_X86_EMULFLAG_SKIP_LASS) || + !kvm_is_cr4_bit_set(vcpu, X86_CR4_LASS)) + return false; + + WARN_ON_ONCE(!is_long_mode(vcpu)); + + user_as = !(la >> 63); + + /* + * An access is a supervisor-mode access if CPL < 3 or if it implicitly + * accesses a system data structure. For implicit accesses to system + * data structure, the processor acts as if RFLAGS.AC is clear. + */ + if (access & PFERR_IMPLICIT_ACCESS) { + user_mode = false; + rflags_ac = false; + } else { + user_mode = vmx_get_cpl(vcpu) == 3; + if (!user_mode) + rflags_ac = !!(kvm_get_rflags(vcpu) & X86_EFLAGS_AC); + } + + if (user_mode != user_as) { + /* + * Supervisor-mode _data_ accesses to user address space + * cause LASS violations only if SMAP is enabled. + */ + if (!user_mode && !(access & PFERR_FETCH_MASK)) { + return kvm_is_cr4_bit_set(vcpu, X86_CR4_SMAP) && + !rflags_ac; + } else { + return true; + } + } + + return false; +} + +static bool vmx_check_lass(struct kvm_vcpu *vcpu, u64 access, u64 la, u64 flags) +{ + return is_long_mode(vcpu) && __vmx_check_lass(vcpu, access, la, flags); +} + static struct kvm_x86_ops vmx_x86_ops __initdata = { .name = "kvm_intel", @@ -8207,6 +8260,8 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { .complete_emulated_msr = kvm_complete_insn_gp, .vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector, + + .check_lass = vmx_check_lass, }; static unsigned int vmx_handle_intel_pt_intr(void) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index a3da84f4ea45..6569385a5978 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -433,6 +433,8 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type); u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu); u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu); +bool __vmx_check_lass(struct kvm_vcpu *vcpu, u64 access, u64 la, u64 flags); + static inline void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type, bool value) { From patchwork Thu Apr 20 13:37:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 85927 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp378696vqo; Thu, 20 Apr 2023 07:28:53 -0700 (PDT) X-Google-Smtp-Source: AKy350ZXZB1YVZ2oqXp3Kuzea8KtQk8di3IrOPXicaR3JBc/9rqkjwaC7DgjFW06j6Izkygsayrm X-Received: by 2002:a17:903:d3:b0:1a8:1d1e:409d with SMTP id x19-20020a17090300d300b001a81d1e409dmr1319904plc.58.1682000932934; Thu, 20 Apr 2023 07:28:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682000932; cv=none; d=google.com; s=arc-20160816; b=NKqoLjvbm4Kd0HvnlE36xfBoXCzxT7u4HM6ekYK9ZIEWnTNkrGXX3Vokex4WC6Cn59 zZoJLJnVsQwb6hLE0b8vwtwG85l+WnwLhNsTrKfFj2UitexeSVjTzU7wuzahzQh+aHwH ++/Fanpg30tyBkKI+cUAmsUY8YbwBWW1Tk4SHHQ174d0mUUbtHX5mSeY1Dzh/BLbPkxx sQP4lReeRy4GsuOmMJMitemmwehGG1pTn5yATefCBqtwdm7IGYICUiDJAd9TVGPTQPyU gTi3ll0LLw+nzmcJo88uk8OTlTIP+JfadNgd8QWcHpMyJU3GsZOCMSpIYV4yHdZB+Lbs XJBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=iTNAH9gHifVYFXl0c2C53aKN2pckS8H0h/R/vl25Qfg=; b=y48e7G3zVnTCfEg9GbfZY8wKyYjook/KhAf90Eg2Cn/i1DFEdaLQcGou1YGDWZ7aRY NjBNgGBU7esbG3YD5qWvupd3oxXxbUJeTCz1sKvvcfc+I+mkBLrpkWKRbsQ2dDH/Wq0g aOWpsw7/CrzehkrKvSjaD8a7qUzfWu+o1OB7rBig1X/FIbvmSyRNR9JuryPas2nebkRD UzgXlV5WX/NiSNz1P7r+DoVg8aB1uqF+69HQR3aQEp/4ndDtHr0x7ZUTTMFnfCJNS5n5 5q6PTuB8bCGLBttV0XTCxNktGR09GvZxiytpKaDx5e6oC4RFwjnGtKM8zcqm/N9GRZsB 6FAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hvxPxf42; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j8-20020a170902da8800b001a64ce81521si2000311plx.554.2023.04.20.07.28.40; Thu, 20 Apr 2023 07:28:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hvxPxf42; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232042AbjDTOQa (ORCPT + 99 others); Thu, 20 Apr 2023 10:16:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39536 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231926AbjDTOQS (ORCPT ); Thu, 20 Apr 2023 10:16:18 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C355540DB; Thu, 20 Apr 2023 07:16:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682000177; x=1713536177; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=DAVFBOgJwmbdVgPRUhLaouaTcJcJ1MnxKOkOedpXi1U=; b=hvxPxf42OVYIY39GpTsSGfjw3rEsjqU8OSQGrVMBo+TS7Zr5FBUgnRSH x9/1/I+C81J//Z8BwPYFAMiNfk7lmvCspzcL9GHPdqqvzLaLklDtJJJDb IlPOeKRc4cb/knbAOYa8Pl23xS/KeAHt2qmNqD/ENAhkb2n8YvTUtFrsf +de6EuiBVkd4ItdWjNYjrBVpooQM+tX3rVooeiq/sL0Udriz73HbfqMgp v32cRjiNYQDxs509N7Tqe3Xa2oof77Xx8KqBxrQlSMRej9lqKk2XmO5RT k64Nxa+Hni1IT+W5Y4CSHfWeUDqNilUBNVD0fU7tBcW90mhaUxRmeQw0E Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="343217826" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="343217826" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="816028858" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="816028858" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.53]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:06 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Gao Chao , Zeng Guang Subject: [PATCH 3/6] KVM: x86: Add emulator helper for LASS violation check Date: Thu, 20 Apr 2023 21:37:21 +0800 Message-Id: <20230420133724.11398-4-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230420133724.11398-1-guang.zeng@intel.com> References: <20230420133724.11398-1-guang.zeng@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1763705810179562885?= X-GMAIL-MSGID: =?utf-8?q?1763705810179562885?= When LASS is enabled, KVM need apply LASS violation check to instruction emulations. Add helper for the usage of x86 emulator to perform LASS protection. Signed-off-by: Zeng Guang --- arch/x86/kvm/kvm_emulate.h | 1 + arch/x86/kvm/x86.c | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 2d9662be8333..1c55247d52d7 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -224,6 +224,7 @@ struct x86_emulate_ops { int (*leave_smm)(struct x86_emulate_ctxt *ctxt); void (*triple_fault)(struct x86_emulate_ctxt *ctxt); int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr); + bool (*check_lass)(struct x86_emulate_ctxt *ctxt, u64 access, u64 la, u64 flags); }; /* Type, address-of, and value of an instruction's operand. */ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 87feb1249ad6..704c5e4b9e76 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8193,6 +8193,14 @@ static void emulator_vm_bugged(struct x86_emulate_ctxt *ctxt) kvm_vm_bugged(kvm); } +static bool emulator_check_lass(struct x86_emulate_ctxt *ctxt, + u64 access, u64 la, u64 flags) +{ + struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); + + return static_call(kvm_x86_check_lass)(vcpu, access, la, flags); +} + static const struct x86_emulate_ops emulate_ops = { .vm_bugged = emulator_vm_bugged, .read_gpr = emulator_read_gpr, @@ -8237,6 +8245,7 @@ static const struct x86_emulate_ops emulate_ops = { .leave_smm = emulator_leave_smm, .triple_fault = emulator_triple_fault, .set_xcr = emulator_set_xcr, + .check_lass = emulator_check_lass, }; static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask) From patchwork Thu Apr 20 13:37:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 85928 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp380284vqo; Thu, 20 Apr 2023 07:31:14 -0700 (PDT) X-Google-Smtp-Source: AKy350ZlpwUKReW8PRYDHoWQObCF6esdIEjd+dsHpkyssdpD3KJ7YA7EqkMenY9EP6dwr1jHpRTn X-Received: by 2002:a05:6a20:ab98:b0:f0:cef6:9d2e with SMTP id da24-20020a056a20ab9800b000f0cef69d2emr2164942pzb.28.1682001074529; Thu, 20 Apr 2023 07:31:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682001074; cv=none; d=google.com; s=arc-20160816; b=Mk9qPSzT/16HCUv59j1+BDRWDchA6P7uyYn7zBMZI0qLV6bK8uR4CLB+dtcwDMLAch XWMO5AUOZiDn6/jV1M2Xu4TEzYl3nyVXmGavVqL6S2ceU/EXxi7LK8oss+B87ITPKGVf riUIHX4fosFjm06NJZF5bo3GpRiu9axq4KmO6NC8BGCofdE4NoIWoGyjuh3MKokiwyMj 0iUTFILYHDtv3MrHvB2w9OTOYqPNJ07SFV0w6irStJ01vsPKYkBkbqQ94m8qmoQFGN0q US3H96QjKpg3RPkpwb6+2+r7nKZHPZLmZiz7YL0UMmnkQwK8/K23HKe8b+qeSwRaxbmV 1gvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=HKnECYt1doTbKt9dAcPOUFbxbKicqcKHFy8f1vq3gPU=; b=ETjhmfV5//AciBOcn2XwWqOhZ2TU3tF++8xmi/ayGEDilhB/iAQzDYCybcuS7/G54o b8onDlAbL5kR3Huc36w3BRMSSR5ymYRKtwhUw7KwBM5XPRKXa6/ZcYvrm3rLbTiYIok8 6v1Hv+ebjLc0p12le7SN01rmveFOeveP0MjXjmypU/r3uRM5jwof1x98PzriWW/TLlui sSCG4qQ0HSIucwYdbrWRgEAbZwV1K7LtNUmo2WpRWA78nOy88BnttNZ1Es9fmeKc7jrz p1Z1JVFKMDUmWwJnzTtRtNRxd6zZvhho8jOkSx2/wSXHDadXA6u/QhTi66DoBDQoj2Ip x5Uw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VC7rCWEg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h71-20020a63834a000000b004fab9a24dddsi1766150pge.732.2023.04.20.07.30.58; Thu, 20 Apr 2023 07:31:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VC7rCWEg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232055AbjDTOQd (ORCPT + 99 others); Thu, 20 Apr 2023 10:16:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39524 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231956AbjDTOQV (ORCPT ); Thu, 20 Apr 2023 10:16:21 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8BFEF40EE; Thu, 20 Apr 2023 07:16:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682000179; x=1713536179; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=vRwyjqtJWovvtpBFmwcHt38o9HcKHdqbwSJI0tUzb2s=; b=VC7rCWEgc5Qg7C7YhhHfBYQLK6cl2TKYQdNQd+Gu+reHNUdNzVyuYDJE sNEbtCTn3dH/OvCDDSRvDyk8jFIlHNyfUF1r5gLF0cqRhz7ff6M44tFYA U5RJUsfFcJrVvYC/rbfePfPU3XLRS8MIksPyQwSvvHGylxdQnmmgGuEN3 LmP7+Tr1+bHbiPhfXZC8O0SjeaDek8FKwOmptF18t1X9mz5Vb6eJS0cv5 V2hdf4Q30QzwWun6SU0JHTNOJHkgsfc6WG3C/DFwV5lIy3PaOQ2aKE72F hhwMH+l/OX5Wo9HoszMZNy6CQq5SF5xjgYJIt12DdC2AMMKAWvHGI5CVR Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="343217849" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="343217849" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="816028886" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="816028886" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.53]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:10 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Gao Chao , Zeng Guang Subject: [PATCH 4/6] KVM: x86: LASS protection on KVM emulation when LASS enabled Date: Thu, 20 Apr 2023 21:37:22 +0800 Message-Id: <20230420133724.11398-5-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230420133724.11398-1-guang.zeng@intel.com> References: <20230420133724.11398-1-guang.zeng@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1763705958841582642?= X-GMAIL-MSGID: =?utf-8?q?1763705958841582642?= Do LASS violation check for instructions emulated by KVM. Note that for instructions executed in the guest directly, hardware will perform the check. Not all instruction emulation leads to accesses to guest linear addresses because 1) some instrutions like CPUID, RDMSR, don't take memory as operands 2) instruction fetch in most cases is already done inside the guest. Four cases in which kvm may access guest linear addresses are identified by code inspection: - KVM emulator uses segmented address for instruction fetches or data accesses. - For implicit data access, KVM emulator gets address to a system data structure(GDT/LDT/IDT/TR). - For VMX instruction emulation, KVM gets the address from "VM-exit instruction information" field in VMCS. - For SGX ENCLS instruction emulation, KVM gets the address from registers. LASS violation check applies to these linear address so as to enforce mode-based protections as hardware behaves. As exceptions, the target memory address of emulation of invlpg, branch and call instructions doesn't require LASS violation check. Signed-off-by: Zeng Guang --- arch/x86/kvm/emulate.c | 36 +++++++++++++++++++++++++++++++----- arch/x86/kvm/vmx/nested.c | 3 +++ arch/x86/kvm/vmx/sgx.c | 2 ++ 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 5cc3efa0e21c..a9a022fd712e 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -687,7 +687,8 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, struct segmented_address addr, unsigned *max_size, unsigned size, bool write, bool fetch, - enum x86emul_mode mode, ulong *linear) + enum x86emul_mode mode, ulong *linear, + u64 flags) { struct desc_struct desc; bool usable; @@ -695,6 +696,7 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, u32 lim; u16 sel; u8 va_bits; + u64 access = fetch ? PFERR_FETCH_MASK : 0; la = seg_base(ctxt, addr.seg) + addr.ea; *max_size = 0; @@ -740,6 +742,10 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, } break; } + + if (ctxt->ops->check_lass(ctxt, access, *linear, flags)) + goto bad; + if (la & (insn_alignment(ctxt, size) - 1)) return emulate_gp(ctxt, 0); return X86EMUL_CONTINUE; @@ -757,7 +763,7 @@ static int linearize(struct x86_emulate_ctxt *ctxt, { unsigned max_size; return __linearize(ctxt, addr, &max_size, size, write, false, - ctxt->mode, linear); + ctxt->mode, linear, 0); } static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) @@ -770,7 +776,10 @@ static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) if (ctxt->op_bytes != sizeof(unsigned long)) addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1); - rc = __linearize(ctxt, addr, &max_size, 1, false, true, ctxt->mode, &linear); + + /* LASS doesn't apply to address for branch and call instructions */ + rc = __linearize(ctxt, addr, &max_size, 1, false, true, ctxt->mode, + &linear, KVM_X86_EMULFLAG_SKIP_LASS); if (rc == X86EMUL_CONTINUE) ctxt->_eip = addr.ea; return rc; @@ -845,6 +854,13 @@ static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) static int linear_read_system(struct x86_emulate_ctxt *ctxt, ulong linear, void *data, unsigned size) { + if (ctxt->ops->check_lass(ctxt, PFERR_IMPLICIT_ACCESS, linear, 0)) { + ctxt->exception.vector = GP_VECTOR; + ctxt->exception.error_code = 0; + ctxt->exception.error_code_valid = true; + return X86EMUL_PROPAGATE_FAULT; + } + return ctxt->ops->read_std(ctxt, linear, data, size, &ctxt->exception, true); } @@ -852,6 +868,13 @@ static int linear_write_system(struct x86_emulate_ctxt *ctxt, ulong linear, void *data, unsigned int size) { + if (ctxt->ops->check_lass(ctxt, PFERR_IMPLICIT_ACCESS, linear, 0)) { + ctxt->exception.vector = GP_VECTOR; + ctxt->exception.error_code = 0; + ctxt->exception.error_code_valid = true; + return X86EMUL_PROPAGATE_FAULT; + } + return ctxt->ops->write_std(ctxt, linear, data, size, &ctxt->exception, true); } @@ -907,7 +930,7 @@ static int __do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, int op_size) * against op_size. */ rc = __linearize(ctxt, addr, &max_size, 0, false, true, ctxt->mode, - &linear); + &linear, 0); if (unlikely(rc != X86EMUL_CONTINUE)) return rc; @@ -3432,8 +3455,11 @@ static int em_invlpg(struct x86_emulate_ctxt *ctxt) { int rc; ulong linear; + unsigned max_size; - rc = linearize(ctxt, ctxt->src.addr.mem, 1, false, &linear); + /* LASS doesn't apply to the memory address for invlpg */ + rc = __linearize(ctxt, ctxt->src.addr.mem, &max_size, 1, false, false, + ctxt->mode, &linear, KVM_X86_EMULFLAG_SKIP_LASS); if (rc == X86EMUL_CONTINUE) ctxt->ops->invlpg(ctxt, linear); /* Disable writeback. */ diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index c8ae9d0e59b3..55c88c4593a6 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4974,6 +4974,9 @@ int get_vmx_mem_address(struct kvm_vcpu *vcpu, unsigned long exit_qualification, * destination for long mode! */ exn = is_noncanonical_address(*ret, vcpu); + + if (!exn) + exn = __vmx_check_lass(vcpu, 0, *ret, 0); } else { /* * When not in long mode, the virtual/linear address is diff --git a/arch/x86/kvm/vmx/sgx.c b/arch/x86/kvm/vmx/sgx.c index b12da2a6dec9..30cb5d0980be 100644 --- a/arch/x86/kvm/vmx/sgx.c +++ b/arch/x86/kvm/vmx/sgx.c @@ -37,6 +37,8 @@ static int sgx_get_encls_gva(struct kvm_vcpu *vcpu, unsigned long offset, fault = true; } else if (likely(is_long_mode(vcpu))) { fault = is_noncanonical_address(*gva, vcpu); + if (!fault) + fault = __vmx_check_lass(vcpu, 0, *gva, 0); } else { *gva &= 0xffffffff; fault = (s.unusable) || From patchwork Thu Apr 20 13:37:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 85925 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp372654vqo; Thu, 20 Apr 2023 07:19:49 -0700 (PDT) X-Google-Smtp-Source: AKy350Y7gL3zLulJMvCUkcXV3i0sXifDW42p1bxiokhizGcxse6gAyqNHt/jZJDsn6GgG+CJDLSp X-Received: by 2002:a05:6a00:a06:b0:63b:5c82:e209 with SMTP id p6-20020a056a000a0600b0063b5c82e209mr2236136pfh.10.1682000388906; Thu, 20 Apr 2023 07:19:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682000388; cv=none; d=google.com; s=arc-20160816; b=ZQT8eAG8Nz2jll8RUJH0t/yUjt6qM8qSq4chi4yZUYi9inUC2/1C968VtYisBl6wiL CH19o3eSGZHMlRqKe+AB2vtHtTIpxX9gmxHQSxIntoQKJNpocB5SmhYk7H+mY7sXAak0 z+yyYcwzzwLgcqOTPQuUCih6qVoVy1LX5bA9hyq0W23luzDZMo9qQQf+opvzUxcdezlB R4XSu0GDRXTzk7BSyyUuwCKMYkjP9PHlKJTOi303K/S22BrgC83lQoLXpyiPt06zE7g5 gTi7VCkJC3i1W30RCDZSWO8V41GoFnPPseTkdg1LJuqOa5gJWUAcsHl054GjO2KTq0Qm 01gQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=O6UlCGL1bWb2Pmfj9Y5Tepq3fChrvjOPq8vSAGt0dek=; b=NxhmFLXfeUdeTGYarnozoUtXOksr/P6+rdsGreAGm0advzOOl8CDAe8oZuNqaGukL1 EU7ocV0X1ej4GnHUWpE+3/tiszmrhdyD7Iar0YG5ye8dHNdwpPRz0yTvZM6tGiq3aqtv RqFW36W7Cjg9lOVH26C6DnbKVPQXrZ6dSddDjpRQtAr79RaW89YVA9K8bLHujeXF7QuR pCHo1oFQo+9jZs4H3h0kRMeHt4imEtB8LZXqJ/uY+3h0tlRnbWFGyvt2O0B8Vft63qtt jp8FT/MHl+d12aaPsZspBVfhm425YMJ6kdxcqHjpqq54pLkpyn25AGdG2ZNGtKAu7l/r QNvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FGLh1XN6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q8-20020aa79608000000b0063a6dbeaa56si1819232pfg.60.2023.04.20.07.19.34; Thu, 20 Apr 2023 07:19:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FGLh1XN6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230248AbjDTOQh (ORCPT + 99 others); Thu, 20 Apr 2023 10:16:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39536 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231962AbjDTOQV (ORCPT ); Thu, 20 Apr 2023 10:16:21 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 967FE5594; Thu, 20 Apr 2023 07:16:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682000180; x=1713536180; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=/9rOO3Vbv54KntD8O0wgn+L44l9VgaKRnztR0QPc7F0=; b=FGLh1XN6L0CmuLbhgRPOwS0kpy2wfbadqE3Vrb+pdgG60Jx9yNssS98X TKHqfr5a4AwcdCr/ljmidxJ8209H29UESkdaNwNmzvCTSo092PF8PoOEz nWjmNf9I8JCLeBT9avg8JBQKSXr3whtGJXIxBqsfdkamiFbab2exkapZK GLRZhXykzXToKbj5/lBDTxlybZFUqY/1WxlHWHYuDHRxcYdUI12bV97Fp sjnoNBpc/cz3+XQ2RT1vqEJMVukI6OTJZ4Mcf0sclr0+Hc/FmXUKtex6E QklRIumkp76Ks6MjLrw/t+rDsEy3DA9m1Ufn8GFNg5W1D/mPHU9uGail6 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="343217863" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="343217863" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="816028909" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="816028909" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.53]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:13 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Gao Chao , Zeng Guang Subject: [PATCH 5/6] KVM: x86: Advertise LASS CPUID to user space Date: Thu, 20 Apr 2023 21:37:23 +0800 Message-Id: <20230420133724.11398-6-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230420133724.11398-1-guang.zeng@intel.com> References: <20230420133724.11398-1-guang.zeng@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1763705239510678189?= X-GMAIL-MSGID: =?utf-8?q?1763705239510678189?= LASS (Linear-address space separation) is an independent mechanism to enforce the mode-based protection that can prevent user-mode accesses to supervisor-mode addresses, and vice versa. Because the LASS protections are applied before paging, malicious software can not acquire any paging-based timing information to compromise the security of system. The CPUID bit definition to support LASS: CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6] Advertise LASS to user space to support LASS virtualization. Signed-off-by: Zeng Guang --- arch/x86/kvm/cpuid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index ba7f7abc8964..5facb8037140 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -663,8 +663,8 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); kvm_cpu_cap_mask(CPUID_7_1_EAX, - F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | F(AMX_FP16) | - F(AVX_IFMA) + F(AVX_VNNI) | F(AVX512_BF16) | F(LASS) | F(CMPCCXADD) | + F(AMX_FP16) | F(AVX_IFMA) ); kvm_cpu_cap_init_kvm_defined(CPUID_7_1_EDX, From patchwork Thu Apr 20 13:37:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 85930 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp381189vqo; Thu, 20 Apr 2023 07:32:18 -0700 (PDT) X-Google-Smtp-Source: AKy350Z8UYFWs8gT4QCSi8M09/+ahmNfiFICp2vNACSUg6s73pQBLvq8FNAxYVxTCB4MA5ZxRRBB X-Received: by 2002:a05:6a20:7283:b0:ef:daa2:4a40 with SMTP id o3-20020a056a20728300b000efdaa24a40mr2481334pzk.49.1682001137939; Thu, 20 Apr 2023 07:32:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682001137; cv=none; d=google.com; s=arc-20160816; b=QDqNTm/0rnt5QLAYfq9CXInq91V1VxsgA4Qvj2eE/BRt0msCr/X6o70Mnn0Mo1zLXf 8GYI2BjSJaMZqr6YdXNinW9//RUEHiHcbmNNEUiuU5RKl7IMTunZf6wf6WcxnZwe1isD U7DH25sGX6ePRhj8oFUT+nO7p7pn+Y1SucciK7J4k4t5bGRUkMXTWKlZWk/7U3qub5v1 IsjfzWz3NkZ/uaydQB/3+zXdK/w5aOQqQ5XBFhkXubL72Spxs7G9qdKMyaw1OIu3fWWh 4FEUeQP7uz+RUfszyCXTFWrJCiz4CG7yHB419FC0St8wJ7nyNl5LF/2Mntos4a0t/X0J K7VQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=G8mdqNh1qUrnMIkJx+6cxUevKVNK3jbXU/6Z4d+ueWI=; b=iRsFhY0d71rFs8uLS0YCkDmQI4oiU9nqAIImOxQuRFk3VIugD8MBt3hCWPv3YNCNYM FBW0/3pGkBGKZWCOTkKofYXQTVFYskYlgU0gzJmsPIChgX4irbhImA5U2jYQc3Cnijb2 CXQy5XX5FtgEqj2mxk8HkE5SWHITgnQqVIj01ItipO1uFdLKlffsMEPsmudkYJ/5auUN fAfEw8QoKcA340+/LWRMXuqIV9539nPv1tTTzrprqGxv0n6hypL/NgobtFMsG39wN9Hk 30VWaPYEu2ejJjI1lkxEcIVCyoqTZekJoUeqHZTKpHIoVbVPk0oanzoHbUnrgl9C0ZXD fnUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fQwdg0q9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u70-20020a638549000000b0050b51e62c19si1804876pgd.825.2023.04.20.07.32.02; Thu, 20 Apr 2023 07:32:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fQwdg0q9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231951AbjDTOQo (ORCPT + 99 others); Thu, 20 Apr 2023 10:16:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39524 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231969AbjDTOQW (ORCPT ); Thu, 20 Apr 2023 10:16:22 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A78C5FFB; Thu, 20 Apr 2023 07:16:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682000181; x=1713536181; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=mBqjl0yhEeb8HytbOFw3rMDfti8h06Ban5qDOvLFqy8=; b=fQwdg0q9wJaME2h+ePIxss6z6WIOGNZOE+lkFBr7SdxMsNulLMQ5g+za EdaxQQDy6y5r5TgvdfEu+ilPQLvTy3frTK/keponnTSbMjylWgl/bOfA0 ijM0RO5EOtRQd/GJqeI92GVIaaVnbaU6pcHaR0Xgb1FTI2u/9fjzI1uXO XEoPrbcqZiz4nIjyDWB5kngCVo2aVw2RXdawkv7RmK9iUykiN6tsUxbR+ xaYvJdAEDOyHGPxLy4Tpf0Nd5WJvC7tTSOzeFm60J+6O4NM+uyxYKUaVl Z2zAXaOV4rNnnKjgE84G6LbRfZz5JPPgdZMSUCsEn2/ezi7udenIbY77k g==; X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="343217882" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="343217882" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="816028928" X-IronPort-AV: E=Sophos;i="5.99,212,1677571200"; d="scan'208";a="816028928" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.53]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2023 07:16:16 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Gao Chao , Zeng Guang Subject: [PATCH 6/6] KVM: x86: Set KVM LASS based on hardware capability Date: Thu, 20 Apr 2023 21:37:24 +0800 Message-Id: <20230420133724.11398-7-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230420133724.11398-1-guang.zeng@intel.com> References: <20230420133724.11398-1-guang.zeng@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1763706025408085290?= X-GMAIL-MSGID: =?utf-8?q?1763706025408085290?= Host kernel may clear LASS capability in boot_cpu_data.x86_capability besides explicitly using clearcpuid parameter. That will cause guest not being able to manage LASS independently. So set KVM LASS directly based on hardware capability to eliminate the dependency. Add new helper functions to facilitate getting result of CPUID sub-leaf. Signed-off-by: Zeng Guang --- arch/x86/include/asm/cpuid.h | 36 ++++++++++++++++++++++++++++++++++++ arch/x86/kvm/cpuid.c | 4 ++++ 2 files changed, 40 insertions(+) diff --git a/arch/x86/include/asm/cpuid.h b/arch/x86/include/asm/cpuid.h index 9bee3e7bf973..a25dd00b7c0a 100644 --- a/arch/x86/include/asm/cpuid.h +++ b/arch/x86/include/asm/cpuid.h @@ -127,6 +127,42 @@ static inline unsigned int cpuid_edx(unsigned int op) return edx; } +static inline unsigned int cpuid_count_eax(unsigned int op, int count) +{ + unsigned int eax, ebx, ecx, edx; + + cpuid_count(op, count, &eax, &ebx, &ecx, &edx); + + return eax; +} + +static inline unsigned int cpuid_count_ebx(unsigned int op, int count) +{ + unsigned int eax, ebx, ecx, edx; + + cpuid_count(op, count, &eax, &ebx, &ecx, &edx); + + return ebx; +} + +static inline unsigned int cpuid_count_ecx(unsigned int op, int count) +{ + unsigned int eax, ebx, ecx, edx; + + cpuid_count(op, count, &eax, &ebx, &ecx, &edx); + + return ecx; +} + +static inline unsigned int cpuid_count_edx(unsigned int op, int count) +{ + unsigned int eax, ebx, ecx, edx; + + cpuid_count(op, count, &eax, &ebx, &ecx, &edx); + + return edx; +} + static __always_inline bool cpuid_function_is_indexed(u32 function) { switch (function) { diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 5facb8037140..e99b99ebe1fe 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -667,6 +667,10 @@ void kvm_set_cpu_caps(void) F(AMX_FP16) | F(AVX_IFMA) ); + /* Set LASS based on hardware capability */ + if (cpuid_count_eax(7, 1) & F(LASS)) + kvm_cpu_cap_set(X86_FEATURE_LASS); + kvm_cpu_cap_init_kvm_defined(CPUID_7_1_EDX, F(AVX_VNNI_INT8) | F(AVX_NE_CONVERT) | F(PREFETCHITI) );