From patchwork Tue Jul 18 13:18:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122067 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1788986vqt; Tue, 18 Jul 2023 07:30:41 -0700 (PDT) X-Google-Smtp-Source: APBJJlFBUMzasg2YWXb2yeGQyXF1uSnbgLcMoYSMK8EuagKbhY2iaYnqg+aRfRGDFA2n3vLlkHx6 X-Received: by 2002:a05:6512:3e21:b0:4fd:cc8c:54e5 with SMTP id i33-20020a0565123e2100b004fdcc8c54e5mr1666985lfv.41.1689690641191; Tue, 18 Jul 2023 07:30:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689690641; cv=none; d=google.com; s=arc-20160816; b=u8QcBEbuQYe4I866CGqCCPFaAXG15covNC4rCnY/eZFuMgWObIXdIoKmD0C0ey5zMI 7Yn8dMD5DSzXW7Z12lrbM7yy7tPsANzRgY1wJurehQ9yqNtuQ0mx11o9HSqQX0EZ24r7 ugd4TerKOi81PBytKcz3iHVi3CO7l7VBMOFtq+KEOF0BH/LfBu4ZgzYHnk94ifGD9HAF +yXVRIDzrcPBhiZKOIvoKaczoDRCmSZRm1ugsByr76LSmHh0d8x9gf7IPS9RoTQq8yDy yPRWKksKWb0+p+7nzVe4/7ueiZjD4Zcb+tHGBumCJJRH6mc4CLD6qfY5yrrTr2HDybpd 7gBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=4yYu6ud1GDlrpqgUo3UwIi+PASRIJMevjsJLsar+2VI=; fh=Anq9OfXDpkFCOPFtgh8QgUfzP993MEtJnx/ssiwHMkk=; b=Q+WyMsHJXXVCOUTe7a4j5RpuiEKWss5FeGg+m/aVXfmlTSEveZpF0S5CpJ0869IUGq oT9+WGXjij4FycTzl8Y/5Ve8K//mDNjOcwPR5wo/Z5hq7uEPOEJwd3k8eS2XpVq3N99R rKLiyOD4YuI9t6oBpFxR6jATRL35MNoEnRuwGIxpkbVBg1HGghnM7L6OX/V3TCfsX1yY eK5ul1X8nqBgBIH24qS/pUA9KolMO62YR366z4WW+QAa2i6pNugGZ8d8g0/mLp7uu4gH PQ0kv9Bj3Z8LglXKW8c/7GBpYeV2XmWYQrMyWXhg8p7Pt5RHJ8XUnHsgAiIUkrvqWI1K 7KUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=nQcXUTsq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v22-20020aa7d9d6000000b0051e04e2e4b7si1307524eds.168.2023.07.18.07.30.17; Tue, 18 Jul 2023 07:30:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=nQcXUTsq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233097AbjGROAR (ORCPT + 99 others); Tue, 18 Jul 2023 10:00:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232741AbjGROAI (ORCPT ); Tue, 18 Jul 2023 10:00:08 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CDD9A199F; Tue, 18 Jul 2023 06:59:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689688783; x=1721224783; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=ige1qJhMK8nxK8ysQ4ntbs6E03QAU78QiBh/RtIQ02Q=; b=nQcXUTsqpzn2r3cpt/7A4QyUClkI4K/G68gBaUewzJ9/XqZGRzvbf2L+ yYNxiCGV/bUo5H+vDrIvP1nu7LDfczYqRrQHA7oSZSK9UGQIjjDVsx6xX 94zFU/emSlQxYPLOiPFUDGx7wGeHhLGkJAv46RKglaG8FJwxfdgCuXK7R pUE9+VBTWfbqJZcriGIO6+ybieQSYmVpMQQY8U83eoGqRUN3mZRyejIlT BnVfd2XjT0R84Wfdk+HZpQx2V3UM3js+F4Jku5TAfvyo1vw5loJ+AgPfk gBXsJOTHG68WovLbuMfKp9am6UGrZlBpeuzkP5mE8FivnMbtuRgEeHnRt g==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="363676080" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="363676080" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="1054291116" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="1054291116" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:40 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Binbin Wu , Zeng Guang Subject: [PATCH v2 1/8] KVM: x86: Consolidate flags for __linearize() Date: Tue, 18 Jul 2023 21:18:37 +0800 Message-Id: <20230718131844.5706-2-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230718131844.5706-1-guang.zeng@intel.com> References: <20230718131844.5706-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771769053777929882 X-GMAIL-MSGID: 1771769053777929882 From: Binbin Wu Consolidate @write and @fetch of __linearize() into a set of flags so that additional flags can be added without needing more/new boolean parameters, to precisely identify the access type. No functional change intended. Signed-off-by: Binbin Wu Reviewed-by: Chao Gao Acked-by: Kai Huang Signed-off-by: Zeng Guang --- arch/x86/kvm/emulate.c | 21 +++++++++++---------- arch/x86/kvm/kvm_emulate.h | 4 ++++ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 936a397a08cd..3ddfbc99fa4f 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -687,8 +687,8 @@ static unsigned insn_alignment(struct x86_emulate_ctxt *ctxt, unsigned size) static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, struct segmented_address addr, unsigned *max_size, unsigned size, - bool write, bool fetch, - enum x86emul_mode mode, ulong *linear) + enum x86emul_mode mode, ulong *linear, + unsigned int flags) { struct desc_struct desc; bool usable; @@ -717,11 +717,11 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, if (!usable) goto bad; /* code segment in protected mode or read-only data segment */ - if ((((ctxt->mode != X86EMUL_MODE_REAL) && (desc.type & 8)) - || !(desc.type & 2)) && write) + if ((((ctxt->mode != X86EMUL_MODE_REAL) && (desc.type & 8)) || !(desc.type & 2)) && + (flags & X86EMUL_F_WRITE)) goto bad; /* unreadable code segment */ - if (!fetch && (desc.type & 8) && !(desc.type & 2)) + if (!(flags & X86EMUL_F_FETCH) && (desc.type & 8) && !(desc.type & 2)) goto bad; lim = desc_limit_scaled(&desc); if (!(desc.type & 8) && (desc.type & 4)) { @@ -757,8 +757,8 @@ static int linearize(struct x86_emulate_ctxt *ctxt, ulong *linear) { unsigned max_size; - return __linearize(ctxt, addr, &max_size, size, write, false, - ctxt->mode, linear); + return __linearize(ctxt, addr, &max_size, size, ctxt->mode, linear, + write ? X86EMUL_F_WRITE : 0); } static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) @@ -771,7 +771,8 @@ static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) if (ctxt->op_bytes != sizeof(unsigned long)) addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1); - rc = __linearize(ctxt, addr, &max_size, 1, false, true, ctxt->mode, &linear); + rc = __linearize(ctxt, addr, &max_size, 1, ctxt->mode, &linear, + X86EMUL_F_FETCH); if (rc == X86EMUL_CONTINUE) ctxt->_eip = addr.ea; return rc; @@ -907,8 +908,8 @@ static int __do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, int op_size) * boundary check itself. Instead, we use max_size to check * against op_size. */ - rc = __linearize(ctxt, addr, &max_size, 0, false, true, ctxt->mode, - &linear); + rc = __linearize(ctxt, addr, &max_size, 0, ctxt->mode, &linear, + X86EMUL_F_FETCH); if (unlikely(rc != X86EMUL_CONTINUE)) return rc; diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index ab65f3a47dfd..86bbe997162d 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -88,6 +88,10 @@ struct x86_instruction_info { #define X86EMUL_IO_NEEDED 5 /* IO is needed to complete emulation */ #define X86EMUL_INTERCEPTED 6 /* Intercepted by nested VMCB/VMCS */ +/* x86-specific emulation flags */ +#define X86EMUL_F_WRITE BIT(0) +#define X86EMUL_F_FETCH BIT(1) + struct x86_emulate_ops { void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); /* From patchwork Tue Jul 18 13:18:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122057 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1767877vqt; Tue, 18 Jul 2023 07:02:47 -0700 (PDT) X-Google-Smtp-Source: APBJJlHTwG/w0d6ghlLXlzbB05UKunKoOwpEw+r0xMZsN7ZhUJrHwD9K5CsvGChIYgrwQs+Y0lel X-Received: by 2002:a17:906:535b:b0:997:bb66:3d1 with SMTP id j27-20020a170906535b00b00997bb6603d1mr10787ejo.25.1689688967590; Tue, 18 Jul 2023 07:02:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689688967; cv=none; d=google.com; s=arc-20160816; b=VNM/qBGomuWhiD/pDLnOuOo6FrI9xCLBhK1RhVLLmLXUdh4L0l1JAhanfPtWAiYuZh /Y2MATOloWHCfMeHtHu4CyPf4Bt0GduiJwfUtJgHYUPqyGk5be5i8ei0oadc6J+Nhc67 RWY4K4LR99U1+D/WMFn3evHnAn1MjWA9gJFWGFz/P5+YbRhi4BtzobVLtXTgi2a0n94q Jx1bOKqkbPZW2DabL9VdVVMqj+x6dFLRc2UE5yVxfyzr3WAncQrh6tT0AxbWS/K0Y1TE bDLxxIXFj+KwC4vffpi+17z03Galj2lBX2uCEwGGo+9fTXtaiK7EihcITIG9T1jlFaDI i5sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=WXJ/AVtRi56tetzs9XfjudmzaPIWtzer/dctqDPJwqI=; fh=Anq9OfXDpkFCOPFtgh8QgUfzP993MEtJnx/ssiwHMkk=; b=NqWkBXMSKHFfu814z/HLlk9oqDaDdElK5pQV0ACPfJyXpUc18GgvpFw7mJOwQ18uwL oKN97q53oSlcpMzAFB1CR0LS5UuoIwtw3tcIRVYMCQiexvfs3nN2G8u4WUXUgTjMytIe NeiYlDlPl4QzJGmMkTgX1bBZdHP0qBAvcILjcsEjfEQAMxB+5zjpHMacgr8JJWrs73+H Ar6LE3NnoLo87vMsAYrClsKpkuBFWd602Djb1FjnWNchDDN5CVkg9ovLPf8Knq0UgUtZ 3g7JKI1b4BQwVctQooi4ts9DpE6QJIv9Q36eYnW+k9CzhU+hplf3BcOicOabg7l7V0fR RmfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ValBGWoC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jt22-20020a170906dfd600b009662960f217si1195748ejc.303.2023.07.18.07.02.23; Tue, 18 Jul 2023 07:02:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ValBGWoC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232001AbjGROAX (ORCPT + 99 others); Tue, 18 Jul 2023 10:00:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58798 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233060AbjGROAN (ORCPT ); Tue, 18 Jul 2023 10:00:13 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E56019A9; Tue, 18 Jul 2023 06:59:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689688788; x=1721224788; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=G5f5OxUaGuqF1xaVh2Um4pSh/J282MGxjVg91bM/270=; b=ValBGWoCOLcYqoRTQ73LMiL9nz/9VeR74RTf77kl93HogVK4eY9N4fNh A8uZVeXKq/rihDwUcKJJ+31mqWKDeG3U+kVwKiNv5CZLdJCMafAeiP380 B3UCcUl249J+Cbpzg8DXd6h6NPhqfnIBUWX1Q+CX1/34jp0/IQKDJmplU qIx8bQhISWF0wy2SO9kFH7V3SBdWg2eKCr6PY2VfmPoYM+I9y5oxpy/Ot OXdrAbGh60oDwMmAaFaVBNJX6V/Aad2UQWSDqRmYDCptuo3eRghfdbPg5 BeHPOLgg7lVJysbKAwr0SlaLNJ8q/a9UKECBH6UN1lKeC2JQuZ+qr9qtG A==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="363676095" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="363676095" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="1054291124" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="1054291124" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:43 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Binbin Wu , Zeng Guang Subject: [PATCH v2 2/8] KVM: x86: Use a new flag for branch instructions Date: Tue, 18 Jul 2023 21:18:38 +0800 Message-Id: <20230718131844.5706-3-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230718131844.5706-1-guang.zeng@intel.com> References: <20230718131844.5706-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771767298725695893 X-GMAIL-MSGID: 1771767298725695893 From: Binbin Wu Use the new flag X86EMUL_F_BRANCH instead of X86EMUL_F_FETCH in assign_eip(), since strictly speaking it is not behavior of instruction fetch. Another reason is to distinguish instruction fetch and execution of branch instruction for feature(s) that handle differently on them. Branch instruction is not data access instruction, so skip checking against execute-only code segment as instruction fetch. Signed-off-by: Binbin Wu Signed-off-by: Zeng Guang --- arch/x86/kvm/emulate.c | 5 +++-- arch/x86/kvm/kvm_emulate.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 3ddfbc99fa4f..8e706d19ae45 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -721,7 +721,8 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, (flags & X86EMUL_F_WRITE)) goto bad; /* unreadable code segment */ - if (!(flags & X86EMUL_F_FETCH) && (desc.type & 8) && !(desc.type & 2)) + if (!(flags & (X86EMUL_F_FETCH | X86EMUL_F_BRANCH)) + && (desc.type & 8) && !(desc.type & 2)) goto bad; lim = desc_limit_scaled(&desc); if (!(desc.type & 8) && (desc.type & 4)) { @@ -772,7 +773,7 @@ static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) if (ctxt->op_bytes != sizeof(unsigned long)) addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1); rc = __linearize(ctxt, addr, &max_size, 1, ctxt->mode, &linear, - X86EMUL_F_FETCH); + X86EMUL_F_BRANCH); if (rc == X86EMUL_CONTINUE) ctxt->_eip = addr.ea; return rc; diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 86bbe997162d..9fc7d34a4ac1 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -91,6 +91,7 @@ struct x86_instruction_info { /* x86-specific emulation flags */ #define X86EMUL_F_WRITE BIT(0) #define X86EMUL_F_FETCH BIT(1) +#define X86EMUL_F_BRANCH BIT(2) struct x86_emulate_ops { void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); From patchwork Tue Jul 18 13:18:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122075 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1791890vqt; Tue, 18 Jul 2023 07:34:41 -0700 (PDT) X-Google-Smtp-Source: APBJJlHqfMwMKpOb0zMjjCdfflHRrJDwttKGzuHUOVx13Ryoqq7RBVkYR0Zgx3PYDGLQcfJZsD+G X-Received: by 2002:aa7:c68e:0:b0:51e:d4b:3c9d with SMTP id n14-20020aa7c68e000000b0051e0d4b3c9dmr97574edq.23.1689690881555; Tue, 18 Jul 2023 07:34:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689690881; cv=none; d=google.com; s=arc-20160816; b=vpIm0sRBDwExvioCpQ0yppVVoiklB6S+oKtLs2iVmBDq6ZNpUItJdSzINc32K8SUOW 1J4b29TQN6guTR2xP2uqAZooSQqfpXg6HQbarEwZNlpKLOV9FVxDn5Eg9nFbS/5TtUy2 4UYmNWxTA/90WV1x16ZUqHZzzVjK0r4/ssBegLm2Q07lnsSuU2QFpPxRIcXgrjJ+k5Ug js2+WmTSMJFoU4uzELOSrVZXU1GMdKwZltKjeUdTpSAx06mpxM+gkwzkcBuB/sNLU2IS xGnkiTlB1ztmojf8yOuZNRdWOUdKAJJUJuwNYKm5wONUXLGCItxCtMcGcLsQTxcUQjRd nLtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=rgHLzcVMhIFw1tOXRrc/vXJkxSauVijxB1HLq/hsq8I=; fh=Anq9OfXDpkFCOPFtgh8QgUfzP993MEtJnx/ssiwHMkk=; b=xXMduonjdC6IO2F/BneVmWqlSV8rywEVmzDVkj+D61lBJD8ucQrwHBnVZ8vUlR29h3 PEnaQr19Ox/KhOzAE1ehvO2G2eeBMhAmrTfzHP4hXbZrXXTYCZpDy5cmBTA7tZJb6hcX UbLrfQilioymBUGh02Qk4cSMvGc9jTJh2O8Z2+v2dULB4Y1F8UNc3tJ8YcLhb244Q8BY 9uZPmcnQ/KfFzUmdX5yeWITqbOpnws5w6ANoj4fcldsVXaCPAYr2KSdPtZqyMe+Tn5bV U2AZq4FaWNFVyAeJdJiMce9/3iVK6Ww5nnkNLkQTzgjwL2mK66iu4rOXhSHyTN7TqdN2 8BiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="EFasp/xR"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l14-20020a056402124e00b0051de1903200si1246116edw.423.2023.07.18.07.34.17; Tue, 18 Jul 2023 07:34:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="EFasp/xR"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229819AbjGROAe (ORCPT + 99 others); Tue, 18 Jul 2023 10:00:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233048AbjGROA0 (ORCPT ); Tue, 18 Jul 2023 10:00:26 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6709419B6; Tue, 18 Jul 2023 06:59:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689688798; x=1721224798; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=qeP1TX20L6bDrbjHG7LXoPTITHr/t0Ikc6UPLombWJs=; b=EFasp/xRaK69IOzfm8thWsnogV5ivWCM94lI0W71vbonJsfRSF/FiES9 aSqVMXNREjyQr9iUi3LNXmXeWiWk8WdrSknQIrEdF1xgB3z6T/SDPsXqv tHb5W0r6QTxxK/9NRWBcT9NNV711L19/aEVnb0kkhZQJRrKt01h8W3ghu jhyly2uTTzhBln0YcHrTACpOU3KkrMTL+g7KHsZhl+C6C4cSNNisOU2QK rhObTX5HBwaIsqwEoFRy8eNy1g0RLvUcorPrDQIZaNyDzABZZGnNKLDDi OJWQa+VRFK3VMaKo2GYDagHtC5qRmJUeKy4/T2B0Sh5HqyAn19jPx42ey g==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="363676107" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="363676107" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="1054291132" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="1054291132" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:46 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Binbin Wu , Zeng Guang Subject: [PATCH v2 3/8] KVM: x86: Add an emulation flag for implicit system access Date: Tue, 18 Jul 2023 21:18:39 +0800 Message-Id: <20230718131844.5706-4-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230718131844.5706-1-guang.zeng@intel.com> References: <20230718131844.5706-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771769306102691756 X-GMAIL-MSGID: 1771769306102691756 From: Binbin Wu Add an emulation flag X86EMUL_F_IMPLICIT to identify the behavior of implicit system access in instruction emulation. Signed-off-by: Binbin Wu Signed-off-by: Zeng Guang --- arch/x86/kvm/kvm_emulate.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 9fc7d34a4ac1..c0e48f4fa7c4 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -92,6 +92,7 @@ struct x86_instruction_info { #define X86EMUL_F_WRITE BIT(0) #define X86EMUL_F_FETCH BIT(1) #define X86EMUL_F_BRANCH BIT(2) +#define X86EMUL_F_IMPLICIT BIT(3) struct x86_emulate_ops { void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); From patchwork Tue Jul 18 13:18:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122074 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1791263vqt; Tue, 18 Jul 2023 07:33:48 -0700 (PDT) X-Google-Smtp-Source: APBJJlGtKdGJVN6/yADzd8DKBu/360iJ1Mei0FUFeb1jqkBmHdLzWq6x9MYQCVtt+NlaTWV4ElJF X-Received: by 2002:a05:6402:b06:b0:51e:166d:8e95 with SMTP id bm6-20020a0564020b0600b0051e166d8e95mr122042edb.4.1689690828538; Tue, 18 Jul 2023 07:33:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689690828; cv=none; d=google.com; s=arc-20160816; b=KZyIyK0tQ0JxyCt4p0ij0s/R4c5a2C48Hsv9jk53761GYy1Kj0q/41fGpteTXEUYt7 0C6xo9RkK5b7wuLcZ6dbZGgQD8couLcJvYi2MphzdS9bgSEjUG49M59HbLznEpakENgD AcWcuErbCB+Zb2E/8vfHkFB8vaYD+0TSGo/pFIefZ+zejlXbxgPKMxQd9WY/8n1+KHg5 8ot0q5SxTHXNbbu6DU3DEtWLfMrlHx+4Va0F0gKgob5laooAWQewCxyUl0ElH6LZlNCp FM/wg+EnWN9aSO5dpyUbTUdZhakxyl2/M5Wbfp3YI527c1NRD6oHBWaYryALKJBPXfAj XESg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=KXEOYKKJWLTsPPDpjBiG7ga7pUtYW5FORiCFzJN5924=; fh=Anq9OfXDpkFCOPFtgh8QgUfzP993MEtJnx/ssiwHMkk=; b=0+J3qSxiJ/pWoajERoMlZPquN25F7Oqvp5LF2Q0LOLIDhv3WhjrpFVlUTTXBB3Pxs6 UkasaBMcIZDPaO5A5XYX4mAw7n4CZhWQ9rgOD52G3mPeIVRpgYvxGnjEFYDusEID6I86 HX95WoUxoR0qmrIZg8RQZ1fUBaCZDrhZQZnGErQ/cpk366NxHQhUgVeWJUysdWszKwaE XViZ/ig8UHxSpN7zn8YfB4Jpa18KL1GtJCVfQa4psTogmsHyqGi6gLG5jBu0WoNN0HfV +04uZewvK0bdwdlvB3rJ71Q72fY74WVuy0+nYbc7zDsHPn+7SzLJ2cnO6+28uXzo4Ft9 HD6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HCmzmvnB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e19-20020aa7d7d3000000b0051d882750d2si1306459eds.569.2023.07.18.07.33.25; Tue, 18 Jul 2023 07:33:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HCmzmvnB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232764AbjGROAp (ORCPT + 99 others); Tue, 18 Jul 2023 10:00:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233070AbjGROAh (ORCPT ); Tue, 18 Jul 2023 10:00:37 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9C671BE4; Tue, 18 Jul 2023 07:00:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689688810; x=1721224810; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=LDXkVCSBwyltuNYKnmnknvsRCJGauTD4XIMPmA3/KsU=; b=HCmzmvnBFUZemQgVqopA8Gy5wiSiRGGyHMpYZrwpaf+h7Old2Br055q3 VhWoZsSl+IPuHJnOr5m1PyZIC9P/KUSsloRI+kK3zJqPqqL1sEsqVLKtj gvr+V2EKts8SrL1DAt6WvDz0fPFy+vAhLg9b5lP7HMouNJ6lN52oL93fa uD5UwmjdJq6E5JdW7x0lxO/FY6qy7BtmGcbc4cREAsPprsQB4XtoGJTDx v/zyBq81z6EsQNJYoPgEvYD/ob8wc12JrauTxebdE3VcSdY6QRq5uNlIs HtjPWr2OvqMV5T1od2NBwl+HgN7LlQUEgx5A0CcvACLh65ULO+4W976Lv g==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="363676126" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="363676126" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="1054291147" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="1054291147" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:49 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Binbin Wu , Zeng Guang Subject: [PATCH v2 4/8] KVM: x86: Add X86EMUL_F_INVTLB and pass it in em_invlpg() Date: Tue, 18 Jul 2023 21:18:40 +0800 Message-Id: <20230718131844.5706-5-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230718131844.5706-1-guang.zeng@intel.com> References: <20230718131844.5706-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771769250487016464 X-GMAIL-MSGID: 1771769250487016464 From: Binbin Wu Add an emulation flag X86EMUL_F_INVTLB, which is used to identify an instruction that does TLB invalidation without true memory access. Only invlpg & invlpga implemented in emulator belong to this kind. invlpga doesn't need additional information for emulation. Just pass the flag to em_invlpg(). Signed-off-by: Binbin Wu Signed-off-by: Zeng Guang --- arch/x86/kvm/emulate.c | 4 +++- arch/x86/kvm/kvm_emulate.h | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 8e706d19ae45..9b4b3ce6d52a 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -3443,8 +3443,10 @@ static int em_invlpg(struct x86_emulate_ctxt *ctxt) { int rc; ulong linear; + unsigned max_size; - rc = linearize(ctxt, ctxt->src.addr.mem, 1, false, &linear); + rc = __linearize(ctxt, ctxt->src.addr.mem, &max_size, 1, ctxt->mode, + &linear, X86EMUL_F_INVTLB); if (rc == X86EMUL_CONTINUE) ctxt->ops->invlpg(ctxt, linear); /* Disable writeback. */ diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index c0e48f4fa7c4..c944055091e1 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -93,6 +93,7 @@ struct x86_instruction_info { #define X86EMUL_F_FETCH BIT(1) #define X86EMUL_F_BRANCH BIT(2) #define X86EMUL_F_IMPLICIT BIT(3) +#define X86EMUL_F_INVTLB BIT(4) struct x86_emulate_ops { void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); From patchwork Tue Jul 18 13:18:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122069 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1789469vqt; Tue, 18 Jul 2023 07:31:18 -0700 (PDT) X-Google-Smtp-Source: APBJJlFincRkbhLX1Tq431FTlR/JFzIugL61/7/2Iq2VGwFlJEf5KmN4AM6RehhlkDyv6pLZryPh X-Received: by 2002:aa7:d1d8:0:b0:51d:9f71:23e2 with SMTP id g24-20020aa7d1d8000000b0051d9f7123e2mr80162edp.21.1689690678252; Tue, 18 Jul 2023 07:31:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689690678; cv=none; d=google.com; s=arc-20160816; b=QreinJ44MBUc7ji0w1rpUI/b3q7lpNVGl5/uWPNyCezX+duMKoFDjOtDw2YjGCEH16 RMB/7Ee5NI0cCGVpKJ4AQnLWe3Slk96UIOh6WPtM8Psdafxl1fgkYNkODdwRNPYbnpzO T/4LKIs26PEr8VXk3FbH2JuFbBFU3HqZ2bhVt1HrkvP4apHovrV2Xblq+NQMMQH4yvSx XwDTbQUX/5rGyHOjVt21qjWX5P0DepUOsr/Y8ZKmXUWunJ6iUsU4YAFjj3gi6kfdmYiC T+1nwpDDr7f0qGjoLQEnQDenTuEUl2aOma1jt1xQmQ7JPa6p0T7D1hohxn36dHFBU5Q5 dNfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=+LABWNjjQEAH3A3Mtr2W0G7gb8+FFHOahN4UdLkCzDw=; fh=+xhtI/L+Xuj71uPNZC5AflMRtyY3k03T8mZbd4IgqqY=; b=GXht1ZNoqZUnBSS0OEa6PgV/Oy+ywYZpf76Dd9KiIJRGIcBcz2rT+lQIppdq4m1Hh6 waciBnQmvB4ghVC23VR6UYx6gKTSBN/EtCIv1vaTAA7stcoNU+jHrgV7dPRXQuPJ+DxW JsiL/MUSk06dTLpawd6yyVE2h6uoZPKGUj5X8h7Dw0ZinJ0TaaMaOP8WOHZhXgTI+aUe TEEGYbMd3sSs70l8QcnStyM4QcsdDdg4rCsTNzy4Y8e3II3J3sS4yoN9C21aSQF2wrt1 AY6n73ha0jWxj0x8qYIhMRFudO+xKSvN02KmeQ9ZzHbNzJEaGVDL25whfKhP4XEXPAY4 9W3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="K/fKy8Qa"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b1-20020aa7cd01000000b0051a53f2684fsi1237691edw.576.2023.07.18.07.30.54; Tue, 18 Jul 2023 07:31:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="K/fKy8Qa"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233166AbjGROAu (ORCPT + 99 others); Tue, 18 Jul 2023 10:00:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59232 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233098AbjGROAk (ORCPT ); Tue, 18 Jul 2023 10:00:40 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA4C51BF1; Tue, 18 Jul 2023 07:00:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689688813; x=1721224813; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=eJh02u55Iq9hH4SpIMmLkWcnyfdfBdoH4sJ4Pj2PV2M=; b=K/fKy8QarUoPbEpPYjNNkN494Fo4LzdB/wmzmh6KlmFkdYEpAU+zj6PB QU612QsDnTu+WTVZ02DvFgqBsjXFlK03O8ho8FN94sTvgI1VODAATSIm0 iRzCh93utYVQbrjb2tsaUXgJm5R5jTeZconVQlBpmTz43L2isSpGLLM9B jFdj+zGJh5jBBRgEEKhXamvTsHHDf/qosSuMRRyonmFc0PztqzmSSvr4c Tglwrof6LdRB6oE1zmTjTZ6r9RdqOwasD9OULOe6I/j4DGgScn+KmqxRv z74v6MaHjLePmLQ38i7jHUPMeym9w17yzIuzeUFe3KmV6Nnl7gksZTpBf w==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="363676144" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="363676144" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="1054291161" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="1054291161" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:52 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v2 5/8] KVM: emulator: Add emulation of LASS violation checks on linear address Date: Tue, 18 Jul 2023 21:18:41 +0800 Message-Id: <20230718131844.5706-6-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230718131844.5706-1-guang.zeng@intel.com> References: <20230718131844.5706-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771769092136387537 X-GMAIL-MSGID: 1771769092136387537 When enabled Intel CPU feature Linear Address Space Separation (LASS), KVM emulator will take LASS violation check on every access to guest memory by a linear address. We defined a new function prototype in kvm_x86_ops for emulator to construct the interface to identify whether a LASS violation occurs. It can have further practical implementation according to vendor specific requirements. Emulator will use the passed (address, size) pair and instruction operation type (flags) to enforce LASS protection when KVM emulates instruction fetch, data access including implicit data access to a system data structure. Signed-off-by: Zeng Guang Tested-by: Xuelian Guo --- arch/x86/include/asm/kvm-x86-ops.h | 3 ++- arch/x86/include/asm/kvm_host.h | 3 +++ arch/x86/kvm/emulate.c | 11 +++++++++++ arch/x86/kvm/kvm_emulate.h | 2 ++ arch/x86/kvm/x86.c | 10 ++++++++++ 5 files changed, 28 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 13bc212cd4bc..a301f0a46381 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -132,7 +132,8 @@ KVM_X86_OP_OPTIONAL(migrate_timers) KVM_X86_OP(msr_filter_changed) KVM_X86_OP(complete_emulated_msr) KVM_X86_OP(vcpu_deliver_sipi_vector) -KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons); +KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons) +KVM_X86_OP_OPTIONAL_RET0(is_lass_violation) #undef KVM_X86_OP #undef KVM_X86_OP_OPTIONAL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index fb9d1f2d6136..791f0dd48cd9 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1731,6 +1731,9 @@ struct kvm_x86_ops { * Returns vCPU specific APICv inhibit reasons */ unsigned long (*vcpu_get_apicv_inhibit_reasons)(struct kvm_vcpu *vcpu); + + bool (*is_lass_violation)(struct kvm_vcpu *vcpu, unsigned long addr, + unsigned int size, unsigned int flags); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 9b4b3ce6d52a..2289a4ad21be 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -742,6 +742,10 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, } break; } + + if (ctxt->ops->is_lass_violation(ctxt, *linear, size, flags)) + goto bad; + if (la & (insn_alignment(ctxt, size) - 1)) return emulate_gp(ctxt, 0); return X86EMUL_CONTINUE; @@ -848,6 +852,9 @@ static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) static int linear_read_system(struct x86_emulate_ctxt *ctxt, ulong linear, void *data, unsigned size) { + if (ctxt->ops->is_lass_violation(ctxt, linear, size, X86EMUL_F_IMPLICIT)) + return emulate_gp(ctxt, 0); + return ctxt->ops->read_std(ctxt, linear, data, size, &ctxt->exception, true); } @@ -855,6 +862,10 @@ static int linear_write_system(struct x86_emulate_ctxt *ctxt, ulong linear, void *data, unsigned int size) { + if (ctxt->ops->is_lass_violation(ctxt, linear, size, + X86EMUL_F_IMPLICIT | X86EMUL_F_FETCH)) + return emulate_gp(ctxt, 0); + return ctxt->ops->write_std(ctxt, linear, data, size, &ctxt->exception, true); } diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index c944055091e1..6f0996d0da56 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -232,6 +232,8 @@ struct x86_emulate_ops { int (*leave_smm)(struct x86_emulate_ctxt *ctxt); void (*triple_fault)(struct x86_emulate_ctxt *ctxt); int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr); + bool (*is_lass_violation)(struct x86_emulate_ctxt *ctxt, unsigned long addr, + unsigned int size, unsigned int flags); }; /* Type, address-of, and value of an instruction's operand. */ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 04b57a336b34..6448ff706539 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8287,6 +8287,15 @@ static void emulator_vm_bugged(struct x86_emulate_ctxt *ctxt) kvm_vm_bugged(kvm); } +static bool emulator_is_lass_violation(struct x86_emulate_ctxt *ctxt, + unsigned long addr, + unsigned int size, + unsigned int flags) +{ + return static_call(kvm_x86_is_lass_violation)(emul_to_vcpu(ctxt), + addr, size, flags); +} + static const struct x86_emulate_ops emulate_ops = { .vm_bugged = emulator_vm_bugged, .read_gpr = emulator_read_gpr, @@ -8332,6 +8341,7 @@ static const struct x86_emulate_ops emulate_ops = { .leave_smm = emulator_leave_smm, .triple_fault = emulator_triple_fault, .set_xcr = emulator_set_xcr, + .is_lass_violation = emulator_is_lass_violation, }; static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask) From patchwork Tue Jul 18 13:18:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122058 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1770052vqt; Tue, 18 Jul 2023 07:05:00 -0700 (PDT) X-Google-Smtp-Source: APBJJlF09/ci/2PJkvc4ftFeK5WYhYI5dqY8DYzbpH1mdFc5H3cMmF4R1q0P9E6yMQUkq9d4f73s X-Received: by 2002:a2e:b617:0:b0:2b7:33b9:8809 with SMTP id r23-20020a2eb617000000b002b733b98809mr14448229ljn.16.1689689099919; Tue, 18 Jul 2023 07:04:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689689099; cv=none; d=google.com; s=arc-20160816; b=cCz68EAJt7/2cZxU0aIKHUbw2c3qEQEoAOMGpT2BZEz7akCBkWZhP31GbV6WZIXxH/ WX/JpMLJweEQ3/WrZN7drr/lxNoesB2waMeziVlpkQMpz6Bm0p9Ogl+bb4qvRy6/EGVY ApvGwZOOSXIxgAPLaA3GfStwkhKpyw0WaeNJVfzs9Wcs2YicWPVBLPc7hY15qX/C0atT 1oRPw1iuxmbcxLp/o6qCTKVZ1eOUdhwzFK0KgqeJKZM8RKqd1MAHtkdlt2b2ntBIrzdR RDTsJwjNbv3a6FP/t1wrE625crQAa+bfZQ7KSyvh6Ta3lK7DIMaPXJWjwe8eQeoF2/ZH eedg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=KPpp8jG/SjFRxfJ2acIiX61p/TCP/+jRI0lkaddpUGc=; fh=+xhtI/L+Xuj71uPNZC5AflMRtyY3k03T8mZbd4IgqqY=; b=TWVpvdSpRzRPv+QhPFUGWGBZ9GHCGlYdq40WeT0vkAMxYxhn8Tm9VzzfIL7Ej85SEI xbO5NEdTLTvgoa6likHxripGQnwo1DY7iyNC25013DpspOJPyq0o127lvbsvEmiLAgE0 cATlhGo5NJrGg5KGHmEEMCxaiqd0if8s8vbWDCQnwWvOWGNUZ1r/OwEsHP5yLF25EVJH LEgiz+B9MnzurEGYH/5Ippt+ssaf0LrPH1WfFIvErXB6/QZCd6vjsD4XOu7WB93FYcgu oHFQ8nfW1AGzCKZg2kK5TyNWqdhKAtwdl9jsSSiaTaAlaYiJLnKSfcYD6UGgZeby6R0X om3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EiA1Yjl+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a24-20020a1709064a5800b00993a68a3af8si1207969ejv.568.2023.07.18.07.04.34; Tue, 18 Jul 2023 07:04:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EiA1Yjl+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233202AbjGROBN (ORCPT + 99 others); Tue, 18 Jul 2023 10:01:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233155AbjGROAu (ORCPT ); Tue, 18 Jul 2023 10:00:50 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 180CE10FF; Tue, 18 Jul 2023 07:00:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689688827; x=1721224827; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=FjO1js6m8X5U2Hjn/Wte4F1bCdmgu0s821wN9N/Sqeo=; b=EiA1Yjl+xfSctM8Dm1jN4qKxqqU/ZGHySOCq39KED7bJO484BIGIk4KN nlhGUBd5lsFuXFis3YOju0YoV7nCUKE7kco0NqNXiKGUQxh9SXyrYkZm+ RB1Pud1hQkbht+4Y/WkK0oFAXSuxeVmeI5Q4n0ggfABswInCD8PufQmp2 UD7+CI5YBOYIP3kf3i7YWEB64nC6X22516SrQWKUIEO7AaTgJZwsMCDCj 6Re5qIeFpxTUSh0Ak6ZTUMIStKFfQlB9tEOrxq1zE3Ib3XxV37FK3POLC Z+3WOIXldW1uEXaZBKRF00L/PeVapDJ0b6Hy8it2IR5Bz36ea4H4G+1xU w==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="363676178" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="363676178" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="1054291180" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="1054291180" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:55 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v2 6/8] KVM: VMX: Implement and apply vmx_is_lass_violation() for LASS protection Date: Tue, 18 Jul 2023 21:18:42 +0800 Message-Id: <20230718131844.5706-7-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230718131844.5706-1-guang.zeng@intel.com> References: <20230718131844.5706-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771767437995729894 X-GMAIL-MSGID: 1771767437995729894 Implement and wire up vmx_is_lass_violation() in kvm_x86_ops for VMX. LASS violation check takes effect in KVM emulation of instruction fetch and data access including implicit access when vCPU is running in long mode, and also involved in emulation of VMX instruction and SGX ENCLS instruction to enforce the mode-based protections before paging. But the target memory address of emulation of TLB invalidation and branch instructions aren't subject to LASS as exceptions. Signed-off-by: Zeng Guang Tested-by: Xuelian Guo --- arch/x86/kvm/vmx/nested.c | 3 ++- arch/x86/kvm/vmx/sgx.c | 4 ++++ arch/x86/kvm/vmx/vmx.c | 35 +++++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/vmx.h | 3 +++ 4 files changed, 44 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index e35cf0bd0df9..72e78566a3b6 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4985,7 +4985,8 @@ int get_vmx_mem_address(struct kvm_vcpu *vcpu, unsigned long exit_qualification, * non-canonical form. This is the only check on the memory * destination for long mode! */ - exn = is_noncanonical_address(*ret, vcpu); + exn = is_noncanonical_address(*ret, vcpu) || + vmx_is_lass_violation(vcpu, *ret, len, 0); } else { /* * When not in long mode, the virtual/linear address is diff --git a/arch/x86/kvm/vmx/sgx.c b/arch/x86/kvm/vmx/sgx.c index 2261b684a7d4..f8de637ce634 100644 --- a/arch/x86/kvm/vmx/sgx.c +++ b/arch/x86/kvm/vmx/sgx.c @@ -46,6 +46,10 @@ static int sgx_get_encls_gva(struct kvm_vcpu *vcpu, unsigned long offset, ((s.base != 0 || s.limit != 0xffffffff) && (((u64)*gva + size - 1) > s.limit + 1)); } + + if (!fault) + fault = vmx_is_lass_violation(vcpu, *gva, size, 0); + if (fault) kvm_inject_gp(vcpu, 0); return fault ? -EINVAL : 0; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 44fb619803b8..15a7c6e7a25d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8127,6 +8127,40 @@ static void vmx_vm_destroy(struct kvm *kvm) free_pages((unsigned long)kvm_vmx->pid_table, vmx_get_pid_table_order(kvm)); } +bool vmx_is_lass_violation(struct kvm_vcpu *vcpu, unsigned long addr, + unsigned int size, unsigned int flags) +{ + const bool is_supervisor_address = !!(addr & BIT_ULL(63)); + const bool implicit = !!(flags & X86EMUL_F_IMPLICIT); + const bool fetch = !!(flags & X86EMUL_F_FETCH); + const bool is_wraparound_access = size ? (addr + size - 1) < addr : false; + + if (!kvm_is_cr4_bit_set(vcpu, X86_CR4_LASS) || !is_long_mode(vcpu)) + return false; + + /* + * INVTLB isn't subject to LASS, e.g. to allow invalidating userspace + * addresses without toggling RFLAGS.AC. Branch targets aren't subject + * to LASS in order to simplifiy far control transfers (the subsequent + * fetch will enforce LASS as appropriate). + */ + if (flags & (X86EMUL_F_BRANCH | X86EMUL_F_INVTLB)) + return false; + + if (!implicit && vmx_get_cpl(vcpu) == 3) + return is_supervisor_address; + + /* LASS is enforced for supervisor-mode access iff SMAP is enabled. */ + if (!fetch && !kvm_is_cr4_bit_set(vcpu, X86_CR4_SMAP)) + return false; + + /* Like SMAP, RFLAGS.AC disables LASS checks in supervisor mode. */ + if (!fetch && !implicit && (kvm_get_rflags(vcpu) & X86_EFLAGS_AC)) + return false; + + return is_wraparound_access ? true : !is_supervisor_address; +} + static struct kvm_x86_ops vmx_x86_ops __initdata = { .name = KBUILD_MODNAME, @@ -8266,6 +8300,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { .complete_emulated_msr = kvm_complete_insn_gp, .vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector, + .is_lass_violation = vmx_is_lass_violation, }; static unsigned int vmx_handle_intel_pt_intr(void) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 9e66531861cf..c1e541a790bb 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -433,6 +433,9 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type); u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu); u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu); +bool vmx_is_lass_violation(struct kvm_vcpu *vcpu, unsigned long addr, + unsigned int size, unsigned int flags); + static inline void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type, bool value) { From patchwork Tue Jul 18 13:18:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122070 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1789474vqt; Tue, 18 Jul 2023 07:31:18 -0700 (PDT) X-Google-Smtp-Source: APBJJlEQgzWs8id/yBOqb3U7w16NwVKpWzPcP0n35eKKEE17u/jL2GIRVzcNDIM0ZqwXskrshtkI X-Received: by 2002:aa7:c943:0:b0:51e:5254:1d89 with SMTP id h3-20020aa7c943000000b0051e52541d89mr84305edt.19.1689690678305; Tue, 18 Jul 2023 07:31:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689690678; cv=none; d=google.com; s=arc-20160816; b=Cf0lmMz/Z1nr0gVVVN62r0/exckFIG3KVc2vWX3CmjNWlcQi8OpUuaORK1dCsxNMa8 55AqcYfaJay2/OrsIgpcGCGWhWkn8fWSmsVaSus9ngkKjqiHGgrqLPefK4Yk9MRYI7cQ LdH+EIWAplTEoJqEYAoNu8dpq70WNUCQE3RYZWcKGHwoZTIt9D+EmTnNuCTyJdGAGrPU erZDf16+9ztJ85itmf+2zw9F8kGUan7kgJzaItPFvOWhCg/4lborCBV3dSbZZ5UdM3Rv tSZWw+3RQZS4E6I48+XI2BNSOwWaCla7k8kWVcZRgbTLZgLk7FwASsUI04RehagfoJK+ 2uEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=wwiXSBPk+dY3CrNHeUGrNMy7ccWowgVBojpHuErLMbc=; fh=+xhtI/L+Xuj71uPNZC5AflMRtyY3k03T8mZbd4IgqqY=; b=rYu1KyzSuDFz6ZNEdM+8IQU7W648EYyKZbyy1pIYxt3l6ecMNVD2hdzctR2k7TXfcc HPoUJErhJZ2bC4qazqrZqls7jFLCNEMOTBXS13HhtjBAFU4TaeNMrZ1nkZBKYtBdOnfW WVQ289K7RCveywGdxXgI3sdjD5MClqrF+ODLrNpzSMeQLsXZhfMZs1C17uU2MqiQ5VuV fscetVXGVJQkMSDATUpqaDCGCZCZv4xaG9JwsZbXJLudC5R/jq/Nvk7cTMdEQFxEPHOe P/2STpNjnLyqLmkiZ1fbvU/KOe8QAgMjNLKHWOzJBdM+XydYiyEDh3GUPKQEIda36euQ 68gg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=kS1aGROF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a21-20020a50ff15000000b0051a7bccf383si1292939edu.86.2023.07.18.07.30.55; Tue, 18 Jul 2023 07:31:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=kS1aGROF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233181AbjGROBT (ORCPT + 99 others); Tue, 18 Jul 2023 10:01:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233118AbjGROAy (ORCPT ); Tue, 18 Jul 2023 10:00:54 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC0131BC3; Tue, 18 Jul 2023 07:00:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689688837; x=1721224837; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=Zge9RC4suOhS4WSxzkRjdvntcW7BQ3V/JThuasqgeWI=; b=kS1aGROFRzzHFqLIS4HE7RkA3kUHg8k4PPGBGorq1wveatdflDN1uklC n3xUAeob+JZ4nBvMp9xSzZg1oZr9hTdu6SY5V9juJIJkyqurVfkgwVdYe YhJ5IiJpr1KCA/uKyTdMlqCKhk6G/tikc9+AUFatbJeOIVM/vvSY9f2hU QZjS3/ddawd32y5mkzc7za3LdFhn5qtZRVE/5iMALDrrgEeZq2+7kG8Xz RZmMVLQuYGUTP1b/p8mqedyVx0ffwV4VUkw+oLYyDnzyU2aslgrkUQrk1 1ZXTi6c9C9EZRcHB01wadXPZCPfO9oJO0DvYKl/pUMhhlWdUdcs7qU7qu w==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="363676199" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="363676199" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:59:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="1054291194" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="1054291194" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:58:59 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v2 7/8] KVM: x86: Virtualize CR4.LASS Date: Tue, 18 Jul 2023 21:18:43 +0800 Message-Id: <20230718131844.5706-8-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230718131844.5706-1-guang.zeng@intel.com> References: <20230718131844.5706-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771769093112669011 X-GMAIL-MSGID: 1771769093112669011 Virtualize CR4.LASS[bit 27] under KVM control instead of being guest-owned as CR4.LASS generally set once for each vCPU at boot time and won't be toggled at runtime. Besides, only if VM has LASS capability enumerated with CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], KVM allows guest software to be able to set CR4.LASS. Updating cr4_fixed1 to set CR4.LASS bit in the emulated IA32_VMX_CR4_FIXED1 MSR for guests and allow guests to enable LASS in nested VMX operation as well. Notes: Setting CR4.LASS to 1 enable LASS in IA-32e mode. It doesn't take effect in legacy mode even if CR4.LASS is set. Signed-off-by: Zeng Guang Tested-by: Xuelian Guo --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/vmx/vmx.c | 3 +++ arch/x86/kvm/x86.h | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 791f0dd48cd9..a881b0518a18 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -125,7 +125,7 @@ | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \ | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ - | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP)) + | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP | X86_CR4_LASS)) #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 15a7c6e7a25d..e74991bed362 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7603,6 +7603,9 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP)); cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57)); + entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 1); + cr4_fixed1_update(X86_CR4_LASS, eax, feature_bit(LASS)); + #undef cr4_fixed1_update } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index c544602d07a3..e1295f490308 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -529,6 +529,8 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits |= X86_CR4_VMXE; \ if (!__cpu_has(__c, X86_FEATURE_PCID)) \ __reserved_bits |= X86_CR4_PCIDE; \ + if (!__cpu_has(__c, X86_FEATURE_LASS)) \ + __reserved_bits |= X86_CR4_LASS; \ __reserved_bits; \ }) From patchwork Tue Jul 18 13:18:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122063 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp1782533vqt; Tue, 18 Jul 2023 07:20:53 -0700 (PDT) X-Google-Smtp-Source: APBJJlEhvYji6H1R0GeteEkvhfapo+XbKqfsoCvmj0sLd+NNe7Z3kMYlpLCBLwCsXB2JYpNpz9pd X-Received: by 2002:a05:6a20:1043:b0:134:db84:7e6 with SMTP id gt3-20020a056a20104300b00134db8407e6mr5326093pzc.40.1689690053016; Tue, 18 Jul 2023 07:20:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689690053; cv=none; d=google.com; s=arc-20160816; b=TXqRM6O4M+TGd2B6dyDp9ErfSwdOmZTe1sO87xRirf3vvo12Uw+GvERZHTD1052RMf ORk6Ybn8SGsZA+McAeZ5EUDBbsQswKKb/4t1W32T0rdhyFXMXF+FxcOBpJy+8HKjEmse rhjKCf4hss/lQ+8bIXOZ6fTByYDf5RygNV3zwYPwKCa9a5Zxv/6mLpGQ/sBvRmnQLUAt +CziQYofJGjT1DRRTmRou4UqRsAYbWYZHdQIDhR9ZqyjCxE8PtuY7usyBehGJgqdRjti rPIodexpxpvg0CiDUDTqNHwRt65lv6eI6z0kD8kWIJJx307JCYC0BGkgsPKo7lIgSzPK fG4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=dBpyLNyO2uc/OvHMpsS6mwpjl4dk3A6MSxImx3qoZ8w=; fh=+xhtI/L+Xuj71uPNZC5AflMRtyY3k03T8mZbd4IgqqY=; b=HUY/s/Nph8hTgKu84pAUOyxxcv1hsPSXchIuWQ67GuP86b/yTVPUe2tolSPdqgu/Ud T9yyUrFVDB328a4bk3rENzi3G3p+Yi22vAsNG/ldEflKbXWB4njpkmsPn7v5m7jUoiGq 5PmCNDWhwIL7kwxKXHtB8d+Y7Ynhl7AVIIrFBlGSN7UBP6rWCjdRl2tZNopoA1CItV7E 85axdrFoZCRnDAG03jlqArVwqfFlPNTUkGm4Z2o07NXkJM1lMRJfxDifZ3goCv/2uHJ0 3vaiFLpwMApbmzHelTtWurNagAv4r6YCimnyM/uCzcUh6eWD9ClY9XKD7bLERDOyJsUX dwxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=a7Kd2Cch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p14-20020a634f4e000000b0053fbde21369si1643740pgl.503.2023.07.18.07.20.39; Tue, 18 Jul 2023 07:20:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=a7Kd2Cch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233222AbjGROBX (ORCPT + 99 others); Tue, 18 Jul 2023 10:01:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233129AbjGROA6 (ORCPT ); Tue, 18 Jul 2023 10:00:58 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 932AE1BCD; Tue, 18 Jul 2023 07:00:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689688840; x=1721224840; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=m7F+bfcxslqE8nz+gTY6bLsLBtHdYH/TwQh4VN2/phU=; b=a7Kd2CchCOKP65+qJTCKzfzpD0zqZ9gT8L3reqGMPzhj69T0DeKTEy3p az+/m5K8UeVr6ZIzB23ShZA6YBnw+KDQIOptty6tovheB3yrLH7fN1JIB DnNKY1ca7ytSyL6g3QUQSodsaCCSKvlS+kwREfTIzi+lfmTm4iocYoB3c V3M0mLGK7Qz/wjEG6cZqN1asaE5W2bUcXpjmHMX9NCevBRTIkjBAQ0R3Y bwW15ZebLst4ivfK9+GsxOhXxmAjiBSbuBk88UdEEnBZ0U6KKXnmWfwYo 9Jt8gIIRi5U+uRyoAaN7eVZanxLDRZs0ZrQrl5ckLabJUGxALjHp9kfFR g==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="363676209" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="363676209" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:59:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="1054291208" X-IronPort-AV: E=Sophos;i="6.01,214,1684825200"; d="scan'208";a="1054291208" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 06:59:02 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v2 8/8] KVM: x86: Advertise LASS CPUID to user space Date: Tue, 18 Jul 2023 21:18:44 +0800 Message-Id: <20230718131844.5706-9-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230718131844.5706-1-guang.zeng@intel.com> References: <20230718131844.5706-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771768436676958228 X-GMAIL-MSGID: 1771768436676958228 Linear address space separation (LASS) is an independent mechanism to enforce the mode-based protection that can prevent user-mode accesses to supervisor-mode addresses, and vice versa. Because the LASS protections are applied before paging, malicious software can not acquire any paging-based timing information to compromise the security of system. The CPUID bit definition to support LASS: CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6] Advertise LASS to user space to support LASS virtualization. Signed-off-by: Zeng Guang Tested-by: Xuelian Guo --- arch/x86/kvm/cpuid.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0c9660a07b23..a7fafe99ffe4 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -646,9 +646,8 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); kvm_cpu_cap_mask(CPUID_7_1_EAX, - F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | - F(FZRM) | F(FSRS) | F(FSRC) | - F(AMX_FP16) | F(AVX_IFMA) + F(AVX_VNNI) | F(AVX512_BF16) | F(LASS) | F(CMPCCXADD) | + F(FZRM) | F(FSRS) | F(FSRC) | F(AMX_FP16) | F(AVX_IFMA) ); kvm_cpu_cap_init_kvm_defined(CPUID_7_1_EDX,