Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp6724006ybl; Wed, 15 Jan 2020 09:12:01 -0800 (PST) X-Google-Smtp-Source: APXvYqyOzjYj8j2P0FhnRs5/J7HvXnHrih4ALQM1Hr1KeW7Dyey0hquihCkG9rllnziYv1peL0oR X-Received: by 2002:aca:5fc6:: with SMTP id t189mr674130oib.166.1579108321015; Wed, 15 Jan 2020 09:12:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579108321; cv=none; d=google.com; s=arc-20160816; b=ynJA0JvNGqONR40pBOdrGNhRNSr9RsVLefMc+ZeMV9xJIOvZAQV3vERMSXFhvxWc5J nwXjwOeXKZCr1NMR77xLBMCiy3Gb8KDTiQ4lk4zckJIOCSTb/2cfTfuQGC51Qg/Q42Zk jdQLIJe+xYBwucrxM99+PZkVk4bmvOhdgKHjSawdcNUDcojTmolks4OKziplHgiyFz+S oeN2n0SGhRSEvu9LasiMI8JCBGsV958zEvm8pdul82kpQRckQvTyDASewLmDcpJK+c6G o30l9ilqjs2wQXevUEwIFu5QI7thFdXltjzFxJdueQjA1lBGsQXef5WhHA00fnT33bgS 9sgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mPgwZ2FjiJ6HjtpTVTA+tuZ9QlXeQvuG1PK2sLPEBfc=; b=TWCi5Qj9m7OCyeMgIkkDJQfQ5EyovDY8zB/s2ESm0zUZcpngl9/7KkckcygZaPDktP zfOy9cJFstHMVwLdMza98tarURyEJURi8AbKCi2XP6ITWTMVQ4rS7pKw3oaOUH7ZQn9l VXauw6mGDqJ5OC9CaPomOXVGCJPLgFuTlNHi1nBth5+LZLx0r6BgMyX33JtbY0a1tT61 3yq+Y1B5bugeJrjZ9kGQJfsK+m5Xx1B+67k9dqHskw7CL7z4NB8no0+YkxWiEsqsm4FF UoC4IzDWEXFh6n2QsoBnRz1Okwgra7u17hg262ME1I3zl6W34C3kexsn8ZhecudXWXYB Ggjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NS60GhjO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f194si10185158oig.243.2020.01.15.09.11.49; Wed, 15 Jan 2020 09:12:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NS60GhjO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729159AbgAORKd (ORCPT + 99 others); Wed, 15 Jan 2020 12:10:33 -0500 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:55816 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728963AbgAORKY (ORCPT ); Wed, 15 Jan 2020 12:10:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579108223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mPgwZ2FjiJ6HjtpTVTA+tuZ9QlXeQvuG1PK2sLPEBfc=; b=NS60GhjOaBy/3TJznvsFgWh3gKyre6x0kyTTkPhyY9N113Hc04fd48X9MU6bo6QL6wSpe3 qdEjx3jl8Yh1QWnotYN1yfmGXs92kFnUU5MYOAkZ5KoqjwMhN9JG1FxULImcRuPjLqQAWj +bWoEMGEcEuk/vONihnH6gMnoJb6PHY= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-61-UkHHSHg6M_WFDyGjBTSMyQ-1; Wed, 15 Jan 2020 12:10:21 -0500 X-MC-Unique: UkHHSHg6M_WFDyGjBTSMyQ-1 Received: by mail-wr1-f72.google.com with SMTP id r2so8217848wrp.7 for ; Wed, 15 Jan 2020 09:10:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mPgwZ2FjiJ6HjtpTVTA+tuZ9QlXeQvuG1PK2sLPEBfc=; b=rvM89aKv0PN9dMf0emp0QGuEzSiguLTq5AxkfkhY4q9DKGBKn0A5DQWys4QoFKtgMO qbdjFwUoNB6bmoPbaxbL7pPTC016rvmWzs5E5uFZsfZD3g70sB8m7aeq5/fJVQa4gWC/ 3I/YbYraAqtSDtTepWyuR5gekpYfoCHoKu21JdK+Bvl45nSYAu7m+2cpeO0BDEN7zNKa /XJ7naC08enkw+ZK3joHFSCmhFcQnGjI7SE3IFSUOoJ5b98mZwcgwnT/j41phQYPfiwH hQfHNLBdp2HbT60iMLB4ksBFnWCN4vDGWo7LSI4D48UflXoyjy89o1R1hZnwEB17BP74 djaA== X-Gm-Message-State: APjAAAXaltCeD/2ZQXKv7+UA93890/aUQf5EAGFiT79hUw8M+TwstZR5 4CR4BpFG3vZpenaPBzjv4MtLGZ6n9WYILMk1M1bL61XJV+Vky4vJM89VCOaks0aJUvnvjGuTOxC lCxroVf+VbEAkkDRs8tXZv4kE X-Received: by 2002:a5d:6089:: with SMTP id w9mr31924017wrt.228.1579108220832; Wed, 15 Jan 2020 09:10:20 -0800 (PST) X-Received: by 2002:a5d:6089:: with SMTP id w9mr31923992wrt.228.1579108220555; Wed, 15 Jan 2020 09:10:20 -0800 (PST) Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id y20sm525071wmi.25.2020.01.15.09.10.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jan 2020 09:10:19 -0800 (PST) From: Vitaly Kuznetsov To: kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Jim Mattson , linux-kernel@vger.kernel.org, Liran Alon , Roman Kagan Subject: [PATCH RFC 3/3] x86/kvm/hyper-v: don't allow to turn on unsupported VMX controls for nested guests Date: Wed, 15 Jan 2020 18:10:14 +0100 Message-Id: <20200115171014.56405-4-vkuznets@redhat.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115171014.56405-1-vkuznets@redhat.com> References: <20200115171014.56405-1-vkuznets@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sane L1 hypervisors are not supposed to turn any of the unsupported VMX controls on for its guests and nested_vmx_check_controls() checks for that. This is, however, not the case for the controls which are supported on the host but are missing in enlightened VMCS and when eVMCS is in use. It would certainly be possible to add these missing checks to nested_check_vm_execution_controls()/_vm_exit_controls()/.. but it seems preferable to keep eVMCS-specific stuff in eVMCS and reduce the impact on non-eVMCS guests by doing less unrelated checks. Create a separate nested_evmcs_check_controls() for this purpose. Signed-off-by: Vitaly Kuznetsov --- arch/x86/kvm/vmx/evmcs.c | 56 ++++++++++++++++++++++++++++++++++++++- arch/x86/kvm/vmx/evmcs.h | 1 + arch/x86/kvm/vmx/nested.c | 3 +++ 3 files changed, 59 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c index b5d6582ba589..88f462866396 100644 --- a/arch/x86/kvm/vmx/evmcs.c +++ b/arch/x86/kvm/vmx/evmcs.c @@ -4,9 +4,11 @@ #include #include "../hyperv.h" -#include "evmcs.h" #include "vmcs.h" +#include "vmcs12.h" +#include "evmcs.h" #include "vmx.h" +#include "trace.h" DEFINE_STATIC_KEY_FALSE(enable_evmcs); @@ -378,6 +380,58 @@ void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata) *pdata = ctl_low | ((u64)ctl_high << 32); } +int nested_evmcs_check_controls(struct vmcs12 *vmcs12) +{ + int ret = 0; + u32 unsupp_ctl; + + unsupp_ctl = vmcs12->pin_based_vm_exec_control & + EVMCS1_UNSUPPORTED_PINCTRL; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported pin-based VM-execution controls", + unsupp_ctl); + ret = -EINVAL; + } + + unsupp_ctl = vmcs12->secondary_vm_exec_control & + EVMCS1_UNSUPPORTED_2NDEXEC; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported secondary VM-execution controls", + unsupp_ctl); + ret = -EINVAL; + } + + unsupp_ctl = vmcs12->vm_exit_controls & + EVMCS1_UNSUPPORTED_VMEXIT_CTRL; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported VM-exit controls", + unsupp_ctl); + ret = -EINVAL; + } + + unsupp_ctl = vmcs12->vm_entry_controls & + EVMCS1_UNSUPPORTED_VMENTRY_CTRL; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported VM-entry controls", + unsupp_ctl); + ret = -EINVAL; + } + + unsupp_ctl = vmcs12->vm_function_control & EVMCS1_UNSUPPORTED_VMFUNC; + if (unsupp_ctl) { + trace_kvm_nested_vmenter_failed( + "eVMCS: unsupported VM-function controls", + unsupp_ctl); + ret = -EINVAL; + } + + return ret; +} + int nested_enable_evmcs(struct kvm_vcpu *vcpu, uint16_t *vmcs_version) { diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h index b88d9807a796..cb7517a5a41c 100644 --- a/arch/x86/kvm/vmx/evmcs.h +++ b/arch/x86/kvm/vmx/evmcs.h @@ -202,5 +202,6 @@ uint16_t nested_get_evmcs_version(struct kvm_vcpu *vcpu); int nested_enable_evmcs(struct kvm_vcpu *vcpu, uint16_t *vmcs_version); void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata); +int nested_evmcs_check_controls(struct vmcs12 *vmcs12); #endif /* __KVM_X86_VMX_EVMCS_H */ diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 4aea7d304beb..7c720b095663 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2767,6 +2767,9 @@ static int nested_vmx_check_controls(struct kvm_vcpu *vcpu, nested_check_vm_entry_controls(vcpu, vmcs12)) return -EINVAL; + if (to_vmx(vcpu)->nested.enlightened_vmcs_enabled) + return nested_evmcs_check_controls(vmcs12); + return 0; } -- 2.24.1