From patchwork Wed Jul 19 02:45:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122367 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2167437vqt; Tue, 18 Jul 2023 20:32:38 -0700 (PDT) X-Google-Smtp-Source: APBJJlHRYQb7b249Y6eKcK6Y0fTalYuxNlGW3hXNGBIZAOpZPjI+oh5QtLokhMOKtNWjjZSvYrpz X-Received: by 2002:a50:ee0d:0:b0:51e:5cab:feb9 with SMTP id g13-20020a50ee0d000000b0051e5cabfeb9mr1411119eds.33.1689737558022; Tue, 18 Jul 2023 20:32:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689737558; cv=none; d=google.com; s=arc-20160816; b=UF/qTUXAzRUUoXn4lbf57KNmAijkq6o3kv8y8RHIq76crw49B7okZsVteDbcqD6zf9 dMFuwFlBuusdicoD1h1oICdJwjVcNuSOhdir8a38Zjdl59sRpV23vFV2AsjTjMx7QRrN XMTmrrhN6qn1Kql3bhxBSQRiCufLhiVa5vgeQGf7cmOvspA99l9TateeNn8SgS07AjMb zuHICln4WRByteO3hnoBL46e7D9AjPTaxvi7iwXGy5qwSCaO3jTbUN3WJYXXfjEtHGAb 49mSoh3Kv9+ph3sn/1Z5Bhv2bO27EZ1dbgLWYi8PLHjY1SRX80usuvZQRt5sXJXuU/8N Tr+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=4yYu6ud1GDlrpqgUo3UwIi+PASRIJMevjsJLsar+2VI=; fh=Anq9OfXDpkFCOPFtgh8QgUfzP993MEtJnx/ssiwHMkk=; b=fpXj+5sCP8vEzByIsrQIGLBL8jJr2HnE0wwQ6EIMEg6+acnTE8Wit2RkeksPKloir4 V3rsazDQN/2+yJkQrUCsIsNKa90KEyaqY5G7E6WXpOBI3pgLlI+nJfMYOsWVdUxAO+2G Pi0zLo4ppkbchy9x+ghrYMKadYsYeQD87nWmRmk1sNK1h1ujPXXkCLCft9aSAUbzrqnq 5DJVf4CS6Kw3ICmYHBIl4ddCqExgMQrgs82l3CgY3B+bq6AJn1rMd/4sTDIdAkil3FRP 3WzzgbyLYRisdA3rbEyDJs/WD/aDQie/b5c+s53Mm5scbdJEJsxS64DBRHYfh0Rt4072 8eDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Ergffhkr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o21-20020aa7c515000000b0051db82d2c02si2332940edq.170.2023.07.18.20.32.14; Tue, 18 Jul 2023 20:32:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Ergffhkr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230419AbjGSDZ4 (ORCPT + 99 others); Tue, 18 Jul 2023 23:25:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230397AbjGSDZr (ORCPT ); Tue, 18 Jul 2023 23:25:47 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A33AA1BEB; Tue, 18 Jul 2023 20:25:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689737146; x=1721273146; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=ige1qJhMK8nxK8ysQ4ntbs6E03QAU78QiBh/RtIQ02Q=; b=Ergffhkr0YQU1wxl/aziHES4Sey5imflpl+Jd7drYA0CD4/3i0V43RIi S0Mt/YSuodluDNlfjHtc2rBx7wRqXAV61wzssYuvj/HjPeH+Tb1VVxT+C EJwNr24TQlbjJLxPMdAwRHd5jrr2mYfvwj6fJcGe2ylA/pkDrZOdGLRcj 1c2hxiHDh+aW7RUzAIuhHADnAU8VHsyE0XVf7sNoGy74rSc7ZO64t1csE yJXsxQ3cbgC2t+kkWMFCcdUuM0sApDxf4hK4IItjIeD1EwdT99aKWH2c3 1tRFr5/HSjzjdGBT3T2IWw6ljcXW1h9YjFcV/osUEJFkMNDcZj38Bq+OZ g==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="346665789" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="346665789" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="813980258" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="813980258" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:43 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Binbin Wu , Zeng Guang Subject: [PATCH v2 1/8] KVM: x86: Consolidate flags for __linearize() Date: Wed, 19 Jul 2023 10:45:51 +0800 Message-Id: <20230719024558.8539-2-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com> References: <20230719024558.8539-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771818249421000204 X-GMAIL-MSGID: 1771818249421000204 From: Binbin Wu Consolidate @write and @fetch of __linearize() into a set of flags so that additional flags can be added without needing more/new boolean parameters, to precisely identify the access type. No functional change intended. Signed-off-by: Binbin Wu Reviewed-by: Chao Gao Acked-by: Kai Huang Signed-off-by: Zeng Guang --- arch/x86/kvm/emulate.c | 21 +++++++++++---------- arch/x86/kvm/kvm_emulate.h | 4 ++++ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 936a397a08cd..3ddfbc99fa4f 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -687,8 +687,8 @@ static unsigned insn_alignment(struct x86_emulate_ctxt *ctxt, unsigned size) static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, struct segmented_address addr, unsigned *max_size, unsigned size, - bool write, bool fetch, - enum x86emul_mode mode, ulong *linear) + enum x86emul_mode mode, ulong *linear, + unsigned int flags) { struct desc_struct desc; bool usable; @@ -717,11 +717,11 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, if (!usable) goto bad; /* code segment in protected mode or read-only data segment */ - if ((((ctxt->mode != X86EMUL_MODE_REAL) && (desc.type & 8)) - || !(desc.type & 2)) && write) + if ((((ctxt->mode != X86EMUL_MODE_REAL) && (desc.type & 8)) || !(desc.type & 2)) && + (flags & X86EMUL_F_WRITE)) goto bad; /* unreadable code segment */ - if (!fetch && (desc.type & 8) && !(desc.type & 2)) + if (!(flags & X86EMUL_F_FETCH) && (desc.type & 8) && !(desc.type & 2)) goto bad; lim = desc_limit_scaled(&desc); if (!(desc.type & 8) && (desc.type & 4)) { @@ -757,8 +757,8 @@ static int linearize(struct x86_emulate_ctxt *ctxt, ulong *linear) { unsigned max_size; - return __linearize(ctxt, addr, &max_size, size, write, false, - ctxt->mode, linear); + return __linearize(ctxt, addr, &max_size, size, ctxt->mode, linear, + write ? X86EMUL_F_WRITE : 0); } static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) @@ -771,7 +771,8 @@ static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) if (ctxt->op_bytes != sizeof(unsigned long)) addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1); - rc = __linearize(ctxt, addr, &max_size, 1, false, true, ctxt->mode, &linear); + rc = __linearize(ctxt, addr, &max_size, 1, ctxt->mode, &linear, + X86EMUL_F_FETCH); if (rc == X86EMUL_CONTINUE) ctxt->_eip = addr.ea; return rc; @@ -907,8 +908,8 @@ static int __do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, int op_size) * boundary check itself. Instead, we use max_size to check * against op_size. */ - rc = __linearize(ctxt, addr, &max_size, 0, false, true, ctxt->mode, - &linear); + rc = __linearize(ctxt, addr, &max_size, 0, ctxt->mode, &linear, + X86EMUL_F_FETCH); if (unlikely(rc != X86EMUL_CONTINUE)) return rc; diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index ab65f3a47dfd..86bbe997162d 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -88,6 +88,10 @@ struct x86_instruction_info { #define X86EMUL_IO_NEEDED 5 /* IO is needed to complete emulation */ #define X86EMUL_INTERCEPTED 6 /* Intercepted by nested VMCB/VMCS */ +/* x86-specific emulation flags */ +#define X86EMUL_F_WRITE BIT(0) +#define X86EMUL_F_FETCH BIT(1) + struct x86_emulate_ops { void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); /* From patchwork Wed Jul 19 02:45:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122376 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2184176vqt; Tue, 18 Jul 2023 21:20:11 -0700 (PDT) X-Google-Smtp-Source: APBJJlEAfbz0eHFvwDuncvEtI8GQBLTxoVFs+PhhAlxMtLqSjvs8cFz9RLkgABBzMV3Is8TJoRQC X-Received: by 2002:ac2:46f7:0:b0:4f8:6ac1:15a9 with SMTP id q23-20020ac246f7000000b004f86ac115a9mr10254025lfo.31.1689740411495; Tue, 18 Jul 2023 21:20:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689740411; cv=none; d=google.com; s=arc-20160816; b=UJFD7Z9IdzR/RGPNq7Upo7PD1qzn16hAKEcyUK+p+uiMJUYJRzKDkWRN0U6kmTlULJ 00za++BA+bLO7lOIjNEezyajStju8uOCOCBPP+5CR4/2w3DH0DT+mH9iq1WPcWUHgRAA 4Sho9ooPiKVD7oRbVqw0UGyex4tTpysj3WdG02022V9Ug0yT5o3FLVfoCMDKmqch9zaH 8w6PnD1ywUUQmghB/Xfv9pvzGS+bDjHEEbtWGjc4YTorLCqF5c8Ulyd405mMWeSL5ujb rFycDeMpETcHON+M9tVUO4mhiHJB045ZtORxybxgGOwHmk1d4CZ6ZeAmTgrrofiTL6oe OW8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=WXJ/AVtRi56tetzs9XfjudmzaPIWtzer/dctqDPJwqI=; fh=Anq9OfXDpkFCOPFtgh8QgUfzP993MEtJnx/ssiwHMkk=; b=st+3V6UPxMFDhcfNO5le90loVDE+L52SzOILriuyw93/8fXA541+OtOcqn6eRTvQvG QtXCLNtUa61inRKBGBk9Ri++7PgcBrvpZb2DWlxdFTThL7rnjA0iHrdVRSZJruiMFaD2 VguozmfrvfTegsCGcdo2WX5U4vEGm2p2GcCoVmyajWB1knS5xwtOtUKgXDFI9af3zKGK NhHtOVrilirrEbBXDSrgN8SjMt1pkPX5xc69wn2PHCwpB2hQL2f9828fbk30IcugweNB rixQsM5tY87unaZJOJVjIJJTdO17jLH0XiKxoMCHA5Ns0tEFBrrOPwKh4mOYeMJQYh7G tgbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=dDido+62; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y6-20020aa7d506000000b0051df8ee23f5si2298772edq.175.2023.07.18.21.19.47; Tue, 18 Jul 2023 21:20:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=dDido+62; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230454AbjGSD0B (ORCPT + 99 others); Tue, 18 Jul 2023 23:26:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48362 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230396AbjGSDZu (ORCPT ); Tue, 18 Jul 2023 23:25:50 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 918E21BF0; Tue, 18 Jul 2023 20:25:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689737149; x=1721273149; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=G5f5OxUaGuqF1xaVh2Um4pSh/J282MGxjVg91bM/270=; b=dDido+62IrzZOJPCuyABi54awAWmQjTzmLNWV7i3wxLqW/4/LBz88o9J QtXSC5eI4V8QeOIX+fJV+jNAbcvS2XL+HgUe1wkWwzic6KpUWGo7M7bJF 5fGVny4lIfPgpblTV9V8SJXovb/P78pHObyZ6/Y4fErTWJ+XT6vQ8T6ue DNVAG8Liy8DEPhN8vxHANEVuruaBl0QjwFP3EI2ZhcNzBbYOsioaikBgH j0YaQrVFGHJOEPQO+fmSbmVn1kasuTY0/U18WlR8CYtTKpina+noGrDsg 9snIwHaArmlGSXHHyoEctjmstbVLLyuGom5Yv/d4K4Wla85w7QgIb0lAB A==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="346665798" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="346665798" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="813980262" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="813980262" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:46 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Binbin Wu , Zeng Guang Subject: [PATCH v2 2/8] KVM: x86: Use a new flag for branch instructions Date: Wed, 19 Jul 2023 10:45:52 +0800 Message-Id: <20230719024558.8539-3-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com> References: <20230719024558.8539-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771821241976143512 X-GMAIL-MSGID: 1771821241976143512 From: Binbin Wu Use the new flag X86EMUL_F_BRANCH instead of X86EMUL_F_FETCH in assign_eip(), since strictly speaking it is not behavior of instruction fetch. Another reason is to distinguish instruction fetch and execution of branch instruction for feature(s) that handle differently on them. Branch instruction is not data access instruction, so skip checking against execute-only code segment as instruction fetch. Signed-off-by: Binbin Wu Signed-off-by: Zeng Guang --- arch/x86/kvm/emulate.c | 5 +++-- arch/x86/kvm/kvm_emulate.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 3ddfbc99fa4f..8e706d19ae45 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -721,7 +721,8 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, (flags & X86EMUL_F_WRITE)) goto bad; /* unreadable code segment */ - if (!(flags & X86EMUL_F_FETCH) && (desc.type & 8) && !(desc.type & 2)) + if (!(flags & (X86EMUL_F_FETCH | X86EMUL_F_BRANCH)) + && (desc.type & 8) && !(desc.type & 2)) goto bad; lim = desc_limit_scaled(&desc); if (!(desc.type & 8) && (desc.type & 4)) { @@ -772,7 +773,7 @@ static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) if (ctxt->op_bytes != sizeof(unsigned long)) addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1); rc = __linearize(ctxt, addr, &max_size, 1, ctxt->mode, &linear, - X86EMUL_F_FETCH); + X86EMUL_F_BRANCH); if (rc == X86EMUL_CONTINUE) ctxt->_eip = addr.ea; return rc; diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 86bbe997162d..9fc7d34a4ac1 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -91,6 +91,7 @@ struct x86_instruction_info { /* x86-specific emulation flags */ #define X86EMUL_F_WRITE BIT(0) #define X86EMUL_F_FETCH BIT(1) +#define X86EMUL_F_BRANCH BIT(2) struct x86_emulate_ops { void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); From patchwork Wed Jul 19 02:45:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122374 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2183822vqt; Tue, 18 Jul 2023 21:19:21 -0700 (PDT) X-Google-Smtp-Source: APBJJlEcw/PBxpCggglogWRH2aZoW5Iunz6aVDGfSqOcoDL02/WnyWJADlZGCM3XPa+PXPnk2S/P X-Received: by 2002:aa7:d1d9:0:b0:51a:5c1d:5c06 with SMTP id g25-20020aa7d1d9000000b0051a5c1d5c06mr1229624edp.42.1689740361119; Tue, 18 Jul 2023 21:19:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689740361; cv=none; d=google.com; s=arc-20160816; b=hhU4PBVETn1E5Yy2abbSXctHMvQwH6LY9eIP9PBhnYlkwTgHlRngYUgvw/nG8k9j+6 N61efLsp/7UtYj/MYlcpmbTTtsdhElpvyiIiqx/6AGHVXQv6mHRv+VyQR9MBmLCZaQXu Gkk2AyBHtJDHLuX9e+BvwfBw5sIeP1sO9Yj7GHcc+GEdmtAewmEXzNOXQJDx2GUb/sAn hpBVf8VA4Pl3SQ/25d9K0fZovJfwXevpmEcheNpQfh0x7gnrJDoJDgskaM7yE1HFJvJb yw08aylYGSEtr2hvh/bjXz82evGE/EV4nD4pAc1TA4AhBU5M8WWF+jjrmA/3Ai4/YR7o PDZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=rgHLzcVMhIFw1tOXRrc/vXJkxSauVijxB1HLq/hsq8I=; fh=Anq9OfXDpkFCOPFtgh8QgUfzP993MEtJnx/ssiwHMkk=; b=D/Ok26S+cUt1uK24MvYtK5ngkj2dxaVbUbW4RxJDvGfBpjpktCQqGTRL9j1twJ9x7J QKUpCxUPd139sIpsdOjvVZSx6NlX0q/oiUx4unYIASC1/3T8LSNYb0r2pansblSA57CF Rpy5vlgjRw6BQUuqXQiUMwLArejkA5qrrWUI1IijK8UO5UEtvFzPZtXcH4VQegM66iA3 y/E37WNZgmqpIHMTvRt3mLeH/mjJCNICzkpO67NnX+wxE9P/QmbQliZ24DRsG4TFMjbZ c82YLIRMPWDx/vQHrRQnnkCNz5TuJp9M4iuYncV/DERUeogDFeb7BuyHulFnrG2hQK8t zwwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JlWoO4oc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n13-20020aa7db4d000000b0051e3d143815si2225741edt.560.2023.07.18.21.18.57; Tue, 18 Jul 2023 21:19:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JlWoO4oc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230464AbjGSD0F (ORCPT + 99 others); Tue, 18 Jul 2023 23:26:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48368 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229502AbjGSDZx (ORCPT ); Tue, 18 Jul 2023 23:25:53 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 814611BDD; Tue, 18 Jul 2023 20:25:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689737152; x=1721273152; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=qeP1TX20L6bDrbjHG7LXoPTITHr/t0Ikc6UPLombWJs=; b=JlWoO4ocGildF4EUkShycmzmJNnVEAXXd3H5blx8h/ZTTzz+f0FbXwCC RPGVKZum1lBepVidFBKtS1uCyMAWCmkVD5Nlt6SQYaBpAJakDuZbZsvz2 dxNJ/EVHWMFbktO3kytItoSjQhfWIX57RQtk1vJOZLFzegCwZoMir3L8w o4Y74KqRzs5WSWLnQnoh2cGMja5Y+MrgH7ca46X/OYH9f51CN5Bd9PBPd axxxSgXH5Jyz1d12d2HdTP8D8dcIF1JcX6e0OCvvKf0PtBTO7LSRuKBBX t8GDFRtObS/XguQQPNwu6o504fIXCjloKeo4qMAcotEwjZWzPxsz69JC3 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="346665819" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="346665819" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="813980269" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="813980269" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:49 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Binbin Wu , Zeng Guang Subject: [PATCH v2 3/8] KVM: x86: Add an emulation flag for implicit system access Date: Wed, 19 Jul 2023 10:45:53 +0800 Message-Id: <20230719024558.8539-4-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com> References: <20230719024558.8539-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771821188577579241 X-GMAIL-MSGID: 1771821188577579241 From: Binbin Wu Add an emulation flag X86EMUL_F_IMPLICIT to identify the behavior of implicit system access in instruction emulation. Signed-off-by: Binbin Wu Signed-off-by: Zeng Guang --- arch/x86/kvm/kvm_emulate.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 9fc7d34a4ac1..c0e48f4fa7c4 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -92,6 +92,7 @@ struct x86_instruction_info { #define X86EMUL_F_WRITE BIT(0) #define X86EMUL_F_FETCH BIT(1) #define X86EMUL_F_BRANCH BIT(2) +#define X86EMUL_F_IMPLICIT BIT(3) struct x86_emulate_ops { void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); From patchwork Wed Jul 19 02:45:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122378 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2184619vqt; Tue, 18 Jul 2023 21:21:00 -0700 (PDT) X-Google-Smtp-Source: APBJJlGHrjrcR6Rn3VHjZvCn7ccPKLxs+R3A1eyqiTIBziq+xLxTQtR9WUwWu1Ccyhrt0Txzzx1/ X-Received: by 2002:a05:6402:1256:b0:51b:fbf3:d9a7 with SMTP id l22-20020a056402125600b0051bfbf3d9a7mr1558997edw.39.1689740460340; Tue, 18 Jul 2023 21:21:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689740460; cv=none; d=google.com; s=arc-20160816; b=VI459ia21HlTchoz+Za/pqHuXm9cWekcfHUL7obso/fvHGOKopU+noXVSed0rs7ftT XRuLZZvInsqqn1sFuwr52458Gk0wINd9QV7r/xsJnCDJQwTeHJW8DmfEC33QaTbiCApf HgV1QPLodejC+f1W51IxW1qXAhD701gn1UunXwQazDmYA2N5gAaRkMSxaaUS7s1MNtMA r4ArqlIafv3o8FQ7ucanFi4vZyHpBL/8jjj218zJCKESAase+ID0Uct5Tf/hk9Wry2i/ nkl1Iu8LtkQbMqBlRQjQ+D7tU15b85oXBcK88twRGm785SMHTCRjqVnyYZ8crdy+rZDd RQKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=KXEOYKKJWLTsPPDpjBiG7ga7pUtYW5FORiCFzJN5924=; fh=Anq9OfXDpkFCOPFtgh8QgUfzP993MEtJnx/ssiwHMkk=; b=pnfFhtdhk2uUQ8ajt6DFtBUHqP/S5rSwOFJoRVWG9PmQyjXfgZBKeuxgzE0F3PPOv1 TN/B4S9uvZtS4ToUi1D/jfb4cUbfT/UOeugLhFE4mr5tmMJkW+hqgLy9689t8AlZIGGC Y+UiMw47amlpT6ijqTDH0KehJeAHuwG42sJepcQN8rNSR7hJU7H7z+EuljHnkKS7iBbZ 1QEvOPZxo2PNLtohUPhRzUMhKMG0KAjDClx24RG3E3yAqrXOqrnrPicPRj/nFKNlW1zE tKm+QkRhgrUv3aXzJN2hVRtms/NBZJq0hUH/eSpfQuqW8LM+Z6K2ya6ZrTW+TJ/0RYCh ds6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Hwggx9t1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n13-20020aa7db4d000000b0051e3d143815si2225741edt.560.2023.07.18.21.20.36; Tue, 18 Jul 2023 21:21:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Hwggx9t1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230212AbjGSD0L (ORCPT + 99 others); Tue, 18 Jul 2023 23:26:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48392 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230423AbjGSDZ4 (ORCPT ); Tue, 18 Jul 2023 23:25:56 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 74C361BF1; Tue, 18 Jul 2023 20:25:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689737155; x=1721273155; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=LDXkVCSBwyltuNYKnmnknvsRCJGauTD4XIMPmA3/KsU=; b=Hwggx9t1chLv3NVybzPfnYTW0ez2/3lI54DPmbXUDIzWwTOzmnXOGx7L XtFoa5LSM4mMcjKB9dBYfGnRYcn3KZnCnctayAZ9j+1SvqwxTiiBUEIfq gcQvrTByxNcAezfaVf0OOVZXL95158g2AS4HW0UdNcdn84lpWs00KO8W7 v4YeN5Hz2OM9DSzYSh66sEShrKrXvsc9qZQ2r85DCzUXjizioI84n6GFV v6x1p5LxtXGSSFFRDrCvjgUIZOEpe5s98PLhgSp9rAMleFvyNG9y0EyOR qtHYM430Ncl0KPaUX7+EYBrqEg6G4wsl8ahe5pn4pRWydnblLEyJYGB1b A==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="346665837" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="346665837" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="813980273" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="813980273" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:52 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Binbin Wu , Zeng Guang Subject: [PATCH v2 4/8] KVM: x86: Add X86EMUL_F_INVTLB and pass it in em_invlpg() Date: Wed, 19 Jul 2023 10:45:54 +0800 Message-Id: <20230719024558.8539-5-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com> References: <20230719024558.8539-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771821292960535892 X-GMAIL-MSGID: 1771821292960535892 From: Binbin Wu Add an emulation flag X86EMUL_F_INVTLB, which is used to identify an instruction that does TLB invalidation without true memory access. Only invlpg & invlpga implemented in emulator belong to this kind. invlpga doesn't need additional information for emulation. Just pass the flag to em_invlpg(). Signed-off-by: Binbin Wu Signed-off-by: Zeng Guang --- arch/x86/kvm/emulate.c | 4 +++- arch/x86/kvm/kvm_emulate.h | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 8e706d19ae45..9b4b3ce6d52a 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -3443,8 +3443,10 @@ static int em_invlpg(struct x86_emulate_ctxt *ctxt) { int rc; ulong linear; + unsigned max_size; - rc = linearize(ctxt, ctxt->src.addr.mem, 1, false, &linear); + rc = __linearize(ctxt, ctxt->src.addr.mem, &max_size, 1, ctxt->mode, + &linear, X86EMUL_F_INVTLB); if (rc == X86EMUL_CONTINUE) ctxt->ops->invlpg(ctxt, linear); /* Disable writeback. */ diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index c0e48f4fa7c4..c944055091e1 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -93,6 +93,7 @@ struct x86_instruction_info { #define X86EMUL_F_FETCH BIT(1) #define X86EMUL_F_BRANCH BIT(2) #define X86EMUL_F_IMPLICIT BIT(3) +#define X86EMUL_F_INVTLB BIT(4) struct x86_emulate_ops { void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); From patchwork Wed Jul 19 02:45:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122391 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2192515vqt; Tue, 18 Jul 2023 21:42:27 -0700 (PDT) X-Google-Smtp-Source: APBJJlEOQD2YKc8lOcDV4KCEzcPVkeElulgvRJpJt+LydCdsCmp7NOYP9OvKmfRbHxVAK6w9zlS8 X-Received: by 2002:aa7:d787:0:b0:521:9d92:5863 with SMTP id s7-20020aa7d787000000b005219d925863mr1164662edq.42.1689741746920; Tue, 18 Jul 2023 21:42:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689741746; cv=none; d=google.com; s=arc-20160816; b=u7SkhliTJOIEUGYYMlGPc28QlK7FV0a1HgErUfiySwAXMGVAMoKco30qhSBXRe2j9F VCeIxWD6ukAHrifUhXwgC2/Fb9yU55cMBq04kCRGeIcifWwZETHpE7o0E5ESo/Nwo9ow sUjAJ+menTLAj6Tb3lMd49IEZYCsSDTWYJAM3U02kKoZJZzbBOSPiGnuKDfQzbo7Ztmv A0OvtAemC1zOCPuYTh5ox9kKKOLU3szjwgMRgr4TWNYiKQZXZuWfUAik28lURIJurcIF S1AqSHMhKwzwhms5Zj91Ruco6Sc8s2DEtb2+BVzHsbsKTUXFbw0cNefpNggp0hELoelf /IJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=OnHhZCJtQbd/SdDCMrK+NrqTFjZv11EOsx3JsynEbso=; fh=+xhtI/L+Xuj71uPNZC5AflMRtyY3k03T8mZbd4IgqqY=; b=zH8/NwGHLgl41c188y6B1Ab/FkFYMfmEd4Ktg1yNqo3t2bVW/2kDDtLY8rCMTgLc/n E477JqsNH5QTYEp2FRcBxpfEO0HL7j1PqfWRggkAsAWdV5nLEptvC7RB8ybvlAqxH/ce +ab2cJ1EY1OjyuB9H71+LByRsmvgKG9rmE+VV/PDmoKOZ1TumyQPZSlX//qdis5UtFaT HMcw8ywNgba51ADsxXAcMoStvpemTgmV9czt7sC/BW6KaaeKfKd23TjYuPYMEPA7arV+ XPTHSYqmbEno4wZQV5kf404uD6HFo8jGpLIqAO3RX7uxaVO2w67Dp9vyCiwKwH2dMhI8 nq8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=M4c0DFWW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i5-20020a056402054500b0051def0da189si2287729edx.547.2023.07.18.21.42.03; Tue, 18 Jul 2023 21:42:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=M4c0DFWW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230500AbjGSD0X (ORCPT + 99 others); Tue, 18 Jul 2023 23:26:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230428AbjGSD0A (ORCPT ); Tue, 18 Jul 2023 23:26:00 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44EE71FC8; Tue, 18 Jul 2023 20:25:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689737158; x=1721273158; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=gK9S28O0yb2c5sRuBfh69/s+sQG/LcPI+bV2vgiiFm0=; b=M4c0DFWWhK7slvPEM2eQsaZylVuXiZqk7axi+BFQF/BigbKpdYvZZXyh beE7+yf2MZnU+OzrxbfEHeJavUGEj8dW38F/tHeU9CHRqZlZ6JB9U490L yjAObH4gMOMlokeS4DlcaAJifG6saKYXafCY2sTFcITqUMyo6MYMkAlcH uaa8ruJ7ZwmZV0xQiDUiK7ZU1pah6yA7uQQR3TilYDPRDdtLT1PIH2x8g pHRT/zPngluve1e2xvF2q0QKk3FR7coWopdAnNnK6phsqSoaywXH8OukR gqytdacNOpPe+Hhr49IA9QhZfoDlnhwCq4tmvrOXLHl5Of3A6t756C08J w==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="346665849" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="346665849" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="813980278" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="813980278" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:55 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v2 5/8] KVM: emulator: Add emulation of LASS violation checks on linear address Date: Wed, 19 Jul 2023 10:45:55 +0800 Message-Id: <20230719024558.8539-6-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com> References: <20230719024558.8539-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771822642305699059 X-GMAIL-MSGID: 1771822642305699059 When enabled Intel CPU feature Linear Address Space Separation (LASS), KVM emulator will take LASS violation check on every access to guest memory by a linear address. We defined a new function prototype in kvm_x86_ops for emulator to construct the interface to identify whether a LASS violation occurs. It can have further practical implementation according to vendor specific requirements. Emulator will use the passed (address, size) pair and instruction operation type (flags) to enforce LASS protection when KVM emulates instruction fetch, data access including implicit data access to a system data structure. Signed-off-by: Zeng Guang Tested-by: Xuelian Guo --- arch/x86/include/asm/kvm-x86-ops.h | 3 ++- arch/x86/include/asm/kvm_host.h | 3 +++ arch/x86/kvm/emulate.c | 11 +++++++++++ arch/x86/kvm/kvm_emulate.h | 2 ++ arch/x86/kvm/x86.c | 10 ++++++++++ 5 files changed, 28 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 13bc212cd4bc..a301f0a46381 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -132,7 +132,8 @@ KVM_X86_OP_OPTIONAL(migrate_timers) KVM_X86_OP(msr_filter_changed) KVM_X86_OP(complete_emulated_msr) KVM_X86_OP(vcpu_deliver_sipi_vector) -KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons); +KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons) +KVM_X86_OP_OPTIONAL_RET0(is_lass_violation) #undef KVM_X86_OP #undef KVM_X86_OP_OPTIONAL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index fb9d1f2d6136..791f0dd48cd9 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1731,6 +1731,9 @@ struct kvm_x86_ops { * Returns vCPU specific APICv inhibit reasons */ unsigned long (*vcpu_get_apicv_inhibit_reasons)(struct kvm_vcpu *vcpu); + + bool (*is_lass_violation)(struct kvm_vcpu *vcpu, unsigned long addr, + unsigned int size, unsigned int flags); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 9b4b3ce6d52a..7bb595811486 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -742,6 +742,10 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, } break; } + + if (ctxt->ops->is_lass_violation(ctxt, *linear, size, flags)) + goto bad; + if (la & (insn_alignment(ctxt, size) - 1)) return emulate_gp(ctxt, 0); return X86EMUL_CONTINUE; @@ -848,6 +852,9 @@ static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel) static int linear_read_system(struct x86_emulate_ctxt *ctxt, ulong linear, void *data, unsigned size) { + if (ctxt->ops->is_lass_violation(ctxt, linear, size, X86EMUL_F_IMPLICIT)) + return emulate_gp(ctxt, 0); + return ctxt->ops->read_std(ctxt, linear, data, size, &ctxt->exception, true); } @@ -855,6 +862,10 @@ static int linear_write_system(struct x86_emulate_ctxt *ctxt, ulong linear, void *data, unsigned int size) { + if (ctxt->ops->is_lass_violation(ctxt, linear, size, + X86EMUL_F_IMPLICIT | X86EMUL_F_WRITE)) + return emulate_gp(ctxt, 0); + return ctxt->ops->write_std(ctxt, linear, data, size, &ctxt->exception, true); } diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index c944055091e1..6f0996d0da56 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -232,6 +232,8 @@ struct x86_emulate_ops { int (*leave_smm)(struct x86_emulate_ctxt *ctxt); void (*triple_fault)(struct x86_emulate_ctxt *ctxt); int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr); + bool (*is_lass_violation)(struct x86_emulate_ctxt *ctxt, unsigned long addr, + unsigned int size, unsigned int flags); }; /* Type, address-of, and value of an instruction's operand. */ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 04b57a336b34..6448ff706539 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8287,6 +8287,15 @@ static void emulator_vm_bugged(struct x86_emulate_ctxt *ctxt) kvm_vm_bugged(kvm); } +static bool emulator_is_lass_violation(struct x86_emulate_ctxt *ctxt, + unsigned long addr, + unsigned int size, + unsigned int flags) +{ + return static_call(kvm_x86_is_lass_violation)(emul_to_vcpu(ctxt), + addr, size, flags); +} + static const struct x86_emulate_ops emulate_ops = { .vm_bugged = emulator_vm_bugged, .read_gpr = emulator_read_gpr, @@ -8332,6 +8341,7 @@ static const struct x86_emulate_ops emulate_ops = { .leave_smm = emulator_leave_smm, .triple_fault = emulator_triple_fault, .set_xcr = emulator_set_xcr, + .is_lass_violation = emulator_is_lass_violation, }; static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask) From patchwork Wed Jul 19 02:45:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122377 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2184530vqt; Tue, 18 Jul 2023 21:20:48 -0700 (PDT) X-Google-Smtp-Source: APBJJlGHPsvvafElBlvdl7mv2UBFRHSPad9/MO5M/XFyf8BFbW+FNzEslhGzc0qPKgJtYqqwzwf9 X-Received: by 2002:aa7:d04a:0:b0:51e:3427:63ea with SMTP id n10-20020aa7d04a000000b0051e342763eamr1504570edo.8.1689740448485; Tue, 18 Jul 2023 21:20:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689740448; cv=none; d=google.com; s=arc-20160816; b=u9d+OjqgKjnv69e7jx4EH9H3K3OnWm9AyvVb42VPk8UmJMn3FeWUDXr64pFhLKB2u7 qpBJXQ7RWExCWakBjFX606yf8MOu+I+kYags0k5D4EMorKVg5KDXVCPSdT50vVhaOhCL SnKnJ7oKN5ncvpTjHsYc9fzcqUzgF/Xh3HyTNnsbOtPu49C/PAVRBTPQNpLY/Ol5Z2BF gV1dBfuvqdVP4b/QurmWpW2HEmVu6vBlYYgZiOiU6jUZNwJ9bgVT8p2jFAB8DWII/yvd KCielnW6hW/bLEP2csPd7HtRxZTXBcJJNKI/oCGfFDe7472lAbMUdsngMNxpWr6XnTXb 0MMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=KPpp8jG/SjFRxfJ2acIiX61p/TCP/+jRI0lkaddpUGc=; fh=+xhtI/L+Xuj71uPNZC5AflMRtyY3k03T8mZbd4IgqqY=; b=Fr9YR7ezaGGDbdcipbFQpa8kGr34kqfYorvZrGC2OphlxZhee5euCjpI0GwAixiGzS PpWiBYDAmmnHGDHD6lULoUDAiyUHhCOK8Sq8/Ty3bzsvBO0FqZvP5koN1N9UheYXQ+z/ 007174aLUJshmcP+Vk+Mf+H7eu/1Oe5wnaBPvP+HPFQ+xaIGy1JFa2Gd8MF0I6GDtAGq A+GQQlrhucvQrSRcCysQhznV4XNYvnBWHHMg/I62Irgbe/74WWJV6PnGze8JCZbdrAAg rPf3sgerLjglWj409S628YZ5Mgh9CAg9h4agwsZLQzlHU6q3beS53m+vPB1F6nMmprIV jvgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lzAxPpzC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y6-20020aa7d506000000b0051df8ee23f5si2298772edq.175.2023.07.18.21.20.24; Tue, 18 Jul 2023 21:20:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lzAxPpzC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231171AbjGSD0h (ORCPT + 99 others); Tue, 18 Jul 2023 23:26:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230501AbjGSD0X (ORCPT ); Tue, 18 Jul 2023 23:26:23 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 409361FF2; Tue, 18 Jul 2023 20:26:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689737161; x=1721273161; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=FjO1js6m8X5U2Hjn/Wte4F1bCdmgu0s821wN9N/Sqeo=; b=lzAxPpzCCCn3GRhGZcIQOMk9IOr5ObotQHcUFEnIFrrutslM9DMh+uMI /tkoeAAYDffXb4lp2Sm+ExTyXBoOFrK3i99ETdNTzpNQYBmnRqPWMSSZm KqqIBF71rHu6uPZJSzvmaz9yxuzpfpdfBQEcp3JOyZOTAH+uX1TmWYjsX 4dTWXLiS0IL01XqGDUdk9s84Jv+V2p9HFGEO57yygQ0g8Fl4eASKU25w1 veSWPhF2l5QlWoUG5uI0pWCm4JHMw3W5k/x0HX54oBfscZtWdIAdE/5db 6zuX/dUZsz1erxj0yEmr5JYJaBuYfpCovpKZ7ufsmaaQzYAnCTPaS8+03 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="346665863" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="346665863" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:26:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="813980283" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="813980283" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:25:58 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v2 6/8] KVM: VMX: Implement and apply vmx_is_lass_violation() for LASS protection Date: Wed, 19 Jul 2023 10:45:56 +0800 Message-Id: <20230719024558.8539-7-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com> References: <20230719024558.8539-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771821280490166860 X-GMAIL-MSGID: 1771821280490166860 Implement and wire up vmx_is_lass_violation() in kvm_x86_ops for VMX. LASS violation check takes effect in KVM emulation of instruction fetch and data access including implicit access when vCPU is running in long mode, and also involved in emulation of VMX instruction and SGX ENCLS instruction to enforce the mode-based protections before paging. But the target memory address of emulation of TLB invalidation and branch instructions aren't subject to LASS as exceptions. Signed-off-by: Zeng Guang Tested-by: Xuelian Guo --- arch/x86/kvm/vmx/nested.c | 3 ++- arch/x86/kvm/vmx/sgx.c | 4 ++++ arch/x86/kvm/vmx/vmx.c | 35 +++++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/vmx.h | 3 +++ 4 files changed, 44 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index e35cf0bd0df9..72e78566a3b6 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4985,7 +4985,8 @@ int get_vmx_mem_address(struct kvm_vcpu *vcpu, unsigned long exit_qualification, * non-canonical form. This is the only check on the memory * destination for long mode! */ - exn = is_noncanonical_address(*ret, vcpu); + exn = is_noncanonical_address(*ret, vcpu) || + vmx_is_lass_violation(vcpu, *ret, len, 0); } else { /* * When not in long mode, the virtual/linear address is diff --git a/arch/x86/kvm/vmx/sgx.c b/arch/x86/kvm/vmx/sgx.c index 2261b684a7d4..f8de637ce634 100644 --- a/arch/x86/kvm/vmx/sgx.c +++ b/arch/x86/kvm/vmx/sgx.c @@ -46,6 +46,10 @@ static int sgx_get_encls_gva(struct kvm_vcpu *vcpu, unsigned long offset, ((s.base != 0 || s.limit != 0xffffffff) && (((u64)*gva + size - 1) > s.limit + 1)); } + + if (!fault) + fault = vmx_is_lass_violation(vcpu, *gva, size, 0); + if (fault) kvm_inject_gp(vcpu, 0); return fault ? -EINVAL : 0; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 44fb619803b8..15a7c6e7a25d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8127,6 +8127,40 @@ static void vmx_vm_destroy(struct kvm *kvm) free_pages((unsigned long)kvm_vmx->pid_table, vmx_get_pid_table_order(kvm)); } +bool vmx_is_lass_violation(struct kvm_vcpu *vcpu, unsigned long addr, + unsigned int size, unsigned int flags) +{ + const bool is_supervisor_address = !!(addr & BIT_ULL(63)); + const bool implicit = !!(flags & X86EMUL_F_IMPLICIT); + const bool fetch = !!(flags & X86EMUL_F_FETCH); + const bool is_wraparound_access = size ? (addr + size - 1) < addr : false; + + if (!kvm_is_cr4_bit_set(vcpu, X86_CR4_LASS) || !is_long_mode(vcpu)) + return false; + + /* + * INVTLB isn't subject to LASS, e.g. to allow invalidating userspace + * addresses without toggling RFLAGS.AC. Branch targets aren't subject + * to LASS in order to simplifiy far control transfers (the subsequent + * fetch will enforce LASS as appropriate). + */ + if (flags & (X86EMUL_F_BRANCH | X86EMUL_F_INVTLB)) + return false; + + if (!implicit && vmx_get_cpl(vcpu) == 3) + return is_supervisor_address; + + /* LASS is enforced for supervisor-mode access iff SMAP is enabled. */ + if (!fetch && !kvm_is_cr4_bit_set(vcpu, X86_CR4_SMAP)) + return false; + + /* Like SMAP, RFLAGS.AC disables LASS checks in supervisor mode. */ + if (!fetch && !implicit && (kvm_get_rflags(vcpu) & X86_EFLAGS_AC)) + return false; + + return is_wraparound_access ? true : !is_supervisor_address; +} + static struct kvm_x86_ops vmx_x86_ops __initdata = { .name = KBUILD_MODNAME, @@ -8266,6 +8300,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { .complete_emulated_msr = kvm_complete_insn_gp, .vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector, + .is_lass_violation = vmx_is_lass_violation, }; static unsigned int vmx_handle_intel_pt_intr(void) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 9e66531861cf..c1e541a790bb 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -433,6 +433,9 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type); u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu); u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu); +bool vmx_is_lass_violation(struct kvm_vcpu *vcpu, unsigned long addr, + unsigned int size, unsigned int flags); + static inline void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type, bool value) { From patchwork Wed Jul 19 02:45:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122375 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2183996vqt; Tue, 18 Jul 2023 21:19:43 -0700 (PDT) X-Google-Smtp-Source: APBJJlF3NRFz3/oHU6llvqxaftFCTb4LBpbQI2lUgWNzHkvu63euY+EvgvAZ1RZQbwLrb7xC1vmO X-Received: by 2002:a17:906:5187:b0:993:d7c4:1a78 with SMTP id y7-20020a170906518700b00993d7c41a78mr1425172ejk.10.1689740382847; Tue, 18 Jul 2023 21:19:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689740382; cv=none; d=google.com; s=arc-20160816; b=HzrRyl7dwpSlnijMZ3/zAYa9gJpqHie7cYWT5Uj/B9eFva1cgmSj1cHXqVAhAPhMfg cqzJ8srFBZEPXczHoJCw8JlDu0ZMhK9nCH5WIg17dNFBmjKAqkF6WmD8olTWTTwUgLXk DvtwvOo7S6cvwSwoM3xdfVIAn6B7wARBypcm3NqzM6zdYEOyfOFRHItAG87Cda08v8UN x/iI1mAfSYen9oDFcMsH+qjLnrmEjOWP8zMyOpVtdQAo/dIz6QybSGoNyoKIkui/7IrI ZU74VGJi8UQ919TlngcIuqwq7gcM/idKUL+S8hKQH9TFoFdvKgIagkXA/x8KjyIc4U/j 79xA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=wwiXSBPk+dY3CrNHeUGrNMy7ccWowgVBojpHuErLMbc=; fh=+xhtI/L+Xuj71uPNZC5AflMRtyY3k03T8mZbd4IgqqY=; b=fPpMCDb3Gvpnm33zbJneR3yUtZU94UHqEjA6TvkDC7jfHI1OSzynCqn/Fc4hjyUYZV 7pxWk/m8b3U9CU0pOLGSv/pumxSgK5dItAmZtXi0UG1b6h0ZQC6c2Gub9nOBADr+i4pp Bw5r2IMd/+0p4cGr0M6skuI70Gfv1CMvKSljhaS7PiJpmHQKq76op10y8Kov+2+D5739 pK2/OPX+/lsTn9535CjhEpVXdvO/uUDGjzqBSjD8zf9zHYmwF4Sp+yjlsMfXJ8jIMvL6 IOfWKy9BE1RGdXgfldmHmfs32T+pPDMSM+wqVb5Bq4BIw6PEc2oEDy3Vq/lpd31PbIeq 5WGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hntBO0iJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u13-20020a170906408d00b009769ff4d234si2317101ejj.58.2023.07.18.21.19.18; Tue, 18 Jul 2023 21:19:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hntBO0iJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231130AbjGSD0y (ORCPT + 99 others); Tue, 18 Jul 2023 23:26:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230484AbjGSD0c (ORCPT ); Tue, 18 Jul 2023 23:26:32 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF86C2127; Tue, 18 Jul 2023 20:26:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689737164; x=1721273164; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=Zge9RC4suOhS4WSxzkRjdvntcW7BQ3V/JThuasqgeWI=; b=hntBO0iJTXHRRPb4sZZnGbjc6mvapaDkoLOVqumJkqT/rp2iGL4WXCB4 0+QQm1qyIeegy84thbCag9Tw8j4aGJ1/eO+rRzSSLWKrLMQ1GRnD1lKaw gicuHghPud5IjUa2qiIY+9vmLeG7vs0eagZWXKVT+biuwF0L4dvaxeLPn 1GjlqI2EbSoZt0lcWFggRRWvolgoon5nOilnMON6tW57Ylb00WFTEh+ZW /sVOM+Hc/U+hXzeMu9kyqP+FosvvN2NveVsD7dURXOhggIQyTguN2P2Gg T5B5o7daPiHTo2XuZl/ulVcSCkp3SNeuPAho2TFOI0SsguKP+GIQRrbn6 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="346665874" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="346665874" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:26:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="813980290" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="813980290" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:26:01 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v2 7/8] KVM: x86: Virtualize CR4.LASS Date: Wed, 19 Jul 2023 10:45:57 +0800 Message-Id: <20230719024558.8539-8-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com> References: <20230719024558.8539-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771821211992563694 X-GMAIL-MSGID: 1771821211992563694 Virtualize CR4.LASS[bit 27] under KVM control instead of being guest-owned as CR4.LASS generally set once for each vCPU at boot time and won't be toggled at runtime. Besides, only if VM has LASS capability enumerated with CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6], KVM allows guest software to be able to set CR4.LASS. Updating cr4_fixed1 to set CR4.LASS bit in the emulated IA32_VMX_CR4_FIXED1 MSR for guests and allow guests to enable LASS in nested VMX operation as well. Notes: Setting CR4.LASS to 1 enable LASS in IA-32e mode. It doesn't take effect in legacy mode even if CR4.LASS is set. Signed-off-by: Zeng Guang Tested-by: Xuelian Guo --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/vmx/vmx.c | 3 +++ arch/x86/kvm/x86.h | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 791f0dd48cd9..a881b0518a18 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -125,7 +125,7 @@ | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \ | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ - | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP)) + | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP | X86_CR4_LASS)) #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 15a7c6e7a25d..e74991bed362 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7603,6 +7603,9 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP)); cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57)); + entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 1); + cr4_fixed1_update(X86_CR4_LASS, eax, feature_bit(LASS)); + #undef cr4_fixed1_update } diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index c544602d07a3..e1295f490308 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -529,6 +529,8 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits |= X86_CR4_VMXE; \ if (!__cpu_has(__c, X86_FEATURE_PCID)) \ __reserved_bits |= X86_CR4_PCIDE; \ + if (!__cpu_has(__c, X86_FEATURE_LASS)) \ + __reserved_bits |= X86_CR4_LASS; \ __reserved_bits; \ }) From patchwork Wed Jul 19 02:45:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zeng Guang X-Patchwork-Id: 122373 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2183739vqt; Tue, 18 Jul 2023 21:19:09 -0700 (PDT) X-Google-Smtp-Source: APBJJlGCtIMV1pmyHE/zDe3BSvc6mJ4MAO4cH/YeAxmyGZ5KWhkH0anKoi22iWrM1+E0pgpotaD3 X-Received: by 2002:a05:6402:28d:b0:51e:57e7:3f0c with SMTP id l13-20020a056402028d00b0051e57e73f0cmr1685926edv.13.1689740349078; Tue, 18 Jul 2023 21:19:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689740349; cv=none; d=google.com; s=arc-20160816; b=TNZ5kqPemEd0h1eZLm798kijxR91722LgzUdcLtpde4baeBTbAnBjtbXfapSKECjp0 6PhPMnyBhgYIVWFtZ7nAsjvfgf4j24Zq+OZwoslRa3blkEH87e0vrN1tsE3RhCrJgjVz g/YLTUb6k1bc4bsm28pJ26lHTVfrggjFW/sRPcvwVHLrhrHPZ1b9LMt63yRfODLBQ23l 0n+zPffV0CqBE+h5b2h1PB9hdlFHyPqMpfqIZIDVyCKAnYc9LDvoHKsWFl7aHh7SkDa8 kycXOaH4ZK0STeni9lOVaOH2IDAPtxHGbhkzHsn4LMr9hkNr3GWj5PYPEkXZ6MFdhiiq LhKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=dBpyLNyO2uc/OvHMpsS6mwpjl4dk3A6MSxImx3qoZ8w=; fh=+xhtI/L+Xuj71uPNZC5AflMRtyY3k03T8mZbd4IgqqY=; b=fPWM1F28WMjDBxVEp6diGJvN67xk/jf6N4ps9S8xg9qYIYv44gzwuKl++NkJCmNvdA 8t1tPFUhDzwlP9wBT7i/yyVeqEM0WZQhY6n9F6x5CN+Fh6o5qCA2C2iRqSYj4DVSP/i1 OJ2mTJWRK5O7pyYwPteCo1nyaeGed+Vyjd5GbMtKP8OiAvmn+8mhtMNik61EXGDwMA08 lE87zvaKryDjaRTVJUUgvXh6j0DRKArd1Ecw0V7XKPgyZs1cV84q6CbrfVSfdCMnUxv8 Oj6UcPRsYhvxstsVWjAU9RR5CH8wzkePPBKcQ8WHPIrxnbNeK4vj5rFb2FVWCMlXhR5I pd0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lyWDkJql; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e22-20020a056402149600b0051a595dc64bsi2119833edv.105.2023.07.18.21.18.45; Tue, 18 Jul 2023 21:19:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lyWDkJql; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231158AbjGSD1K (ORCPT + 99 others); Tue, 18 Jul 2023 23:27:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230505AbjGSD0f (ORCPT ); Tue, 18 Jul 2023 23:26:35 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF3BA2690; Tue, 18 Jul 2023 20:26:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689737167; x=1721273167; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=m7F+bfcxslqE8nz+gTY6bLsLBtHdYH/TwQh4VN2/phU=; b=lyWDkJqlf+4Py1HbNsJvZGid17t+6CMp/z0wOFKv80PI9DrDpJWajSFo UiYYv8VCoUUzeBXVOwAaNNfoO2aHKBau4DBRYBsAE1KxPmOCGNPfAB1kS DoNsX+GkDW9TNI3gsOrzmeJ92UbHrCo6TMZW5fd5GsoWNdoUzJki/SmBY uOvKQH8AqLAF36EyndG5cEqCnit0k0OLQhAq7SnMgkAOz8o8bhxRsGsfx +cbD65Rl3OcmP6DKGdPIoxBAGegUGvtVCvz6ch9gjr34FpLzjAAILyWxm BugxqO3uNCedslogV3RlJcJL0vx0ZOLyXyEe+bA/9qraR87K5QRKXKt/Z Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="346665883" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="346665883" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:26:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10775"; a="813980304" X-IronPort-AV: E=Sophos;i="6.01,215,1684825200"; d="scan'208";a="813980304" Received: from arthur-vostro-3668.sh.intel.com ([10.238.200.123]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jul 2023 20:26:03 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Zeng Guang Subject: [PATCH v2 8/8] KVM: x86: Advertise LASS CPUID to user space Date: Wed, 19 Jul 2023 10:45:58 +0800 Message-Id: <20230719024558.8539-9-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com> References: <20230719024558.8539-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771821176273690470 X-GMAIL-MSGID: 1771821176273690470 Linear address space separation (LASS) is an independent mechanism to enforce the mode-based protection that can prevent user-mode accesses to supervisor-mode addresses, and vice versa. Because the LASS protections are applied before paging, malicious software can not acquire any paging-based timing information to compromise the security of system. The CPUID bit definition to support LASS: CPUID.(EAX=07H.ECX=1):EAX.LASS[bit 6] Advertise LASS to user space to support LASS virtualization. Signed-off-by: Zeng Guang Tested-by: Xuelian Guo --- arch/x86/kvm/cpuid.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0c9660a07b23..a7fafe99ffe4 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -646,9 +646,8 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); kvm_cpu_cap_mask(CPUID_7_1_EAX, - F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | - F(FZRM) | F(FSRS) | F(FSRC) | - F(AMX_FP16) | F(AVX_IFMA) + F(AVX_VNNI) | F(AVX512_BF16) | F(LASS) | F(CMPCCXADD) | + F(FZRM) | F(FSRS) | F(FSRC) | F(AMX_FP16) | F(AVX_IFMA) ); kvm_cpu_cap_init_kvm_defined(CPUID_7_1_EDX,