Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp709481ybk; Wed, 20 May 2020 10:00:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwegL1LOBFAmo5/cG3q6Ca7dxPxWbEXoYZVr6rWZTyHlmJKi8wo2GI8o1vrg/mOTp5kNDMy X-Received: by 2002:a05:6402:c0f:: with SMTP id co15mr4179935edb.286.1589994047419; Wed, 20 May 2020 10:00:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589994047; cv=none; d=google.com; s=arc-20160816; b=f2llO0GVstolAYRa7UuG8cSuXtWYVPPrg33B/Xw7gFpQsPPN+Aqe+hiuTaVkKySJ/O A00sER/37FXTEa9y0Yrhdpn5vc1vhjJbnMA5DpaCMU5N0CZDidQR62WEQNTTFK+GHdip yJM2y2jlPl68mndC+n2KvwYmqZ6piXOpqTf4fEvfnaafGUfwO8G8ak07an3GGN7TOxxE RH/2WB+Vnthhotxn29kvAOqRTQ4NLSyo/lN4rS758I8Z0g1GsAbJdQH381dVB5o8xClY WKyotmSpmzdQVZFy5Ani1NrYphFcB24T688HEqFyqjpLrNV9pwi+xFcN1H+Ys0e6vhOD Bvfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=QaZb1dScaBd+ZKT5FJJNAu4zg30y7sIbqMztcEcLgo4=; b=rx+WTnEl+NSHNpwWpCyB9H74Hh9SCDikTlH51pD737LLQ8g33C8wBSVGZhyHOXXU5j F3Cf51P2/FIKKX7zQ8onYKxwunTP+WmNPzJPNbQIFaXOUea20McfYG9N8MHs8ilHWTbu +dL7P+TmQMhyTqHy54MWwIzt7ZjHwGSg8jPHnazYSPcbxJ7Koql1UB9UkmgxYHNyZwmT SX/Ux/mC54Ebs3IBk43N2NB8tlp1GmBPzCkqzbHRX0XwGMGK1jlSXVh95qjSK2mMJoL1 f9+JzeOsk+hkedlgTQglr7II3yJESSpNw4sBQ+UwcaO9V7gyGo4g1NQW+HrESeAo2bkO 0MsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NJmZATl7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y20si1993752ejf.224.2020.05.20.10.00.22; Wed, 20 May 2020 10:00:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NJmZATl7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726839AbgETQ4w (ORCPT + 99 others); Wed, 20 May 2020 12:56:52 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:42139 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726548AbgETQ4w (ORCPT ); Wed, 20 May 2020 12:56:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589993810; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QaZb1dScaBd+ZKT5FJJNAu4zg30y7sIbqMztcEcLgo4=; b=NJmZATl7RI35wLZFIyNWR31qRXP80q1smB9lOVz9jH1hyM3X0FL6+TCm1293d8hOr/mIfz eOzn7sLxO4yVKdWZfvuL6qMxhZxVx/rERj3bd5x/YQwhVVpHz0k6Wg5+SHLFGFB4VxsNFh BK69v4uOh2S5yZYxty8p+cOZeyQ20pc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-156-NywVvRHRMOe8vsWxjz5dnA-1; Wed, 20 May 2020 12:56:48 -0400 X-MC-Unique: NywVvRHRMOe8vsWxjz5dnA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D603E81A3FF; Wed, 20 May 2020 16:56:47 +0000 (UTC) Received: from starship (unknown [10.35.207.28]) by smtp.corp.redhat.com (Postfix) with ESMTP id C3FFD5D994; Wed, 20 May 2020 16:56:44 +0000 (UTC) Message-ID: <0c1a0c81bbdcfaf4ae9af545f4a38439b1a56d11.camel@redhat.com> Subject: Re: [PATCH 2/2] kvm/x86: don't expose MSR_IA32_UMWAIT_CONTROL unconditionally From: Maxim Levitsky To: Vitaly Kuznetsov , kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Date: Wed, 20 May 2020 19:56:43 +0300 In-Reply-To: <874ksatvkr.fsf@vitty.brq.redhat.com> References: <20200520160740.6144-1-mlevitsk@redhat.com> <20200520160740.6144-3-mlevitsk@redhat.com> <874ksatvkr.fsf@vitty.brq.redhat.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 (3.34.4-1.fc31) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2020-05-20 at 18:33 +0200, Vitaly Kuznetsov wrote: > Maxim Levitsky writes: > > > This msr is only available when the host supports WAITPKG feature. > > > > This breaks a nested guest, if the L1 hypervisor is set to ignore > > unknown msrs, because the only other safety check that the > > kernel does is that it attempts to read the msr and > > rejects it if it gets an exception. > > > > Fixes: 6e3ba4abce KVM: vmx: Emulate MSR IA32_UMWAIT_CONTROL > > > > Signed-off-by: Maxim Levitsky > > --- > > arch/x86/kvm/x86.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > index fe3a24fd6b263..9c507b32b1b77 100644 > > --- a/arch/x86/kvm/x86.c > > +++ b/arch/x86/kvm/x86.c > > @@ -5314,6 +5314,10 @@ static void kvm_init_msr_list(void) > > if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_EVENTSEL0 >= > > min(INTEL_PMC_MAX_GENERIC, x86_pmu.num_counters_gp)) > > continue; > > + break; > > + case MSR_IA32_UMWAIT_CONTROL: > > + if (!kvm_cpu_cap_has(X86_FEATURE_WAITPKG)) > > + continue; > > I'm probably missing something but (if I understand correctly) the only > effect of dropping MSR_IA32_UMWAIT_CONTROL from msrs_to_save would be > that KVM userspace won't see it in e.g. KVM_GET_MSR_INDEX_LIST. But why > is this causing an issue? I see both vmx_get_msr()/vmx_set_msr() have > 'host_initiated' check: > > case MSR_IA32_UMWAIT_CONTROL: > if (!msr_info->host_initiated && !vmx_has_waitpkg(vmx)) > return 1; Here it fails like that: 1. KVM_GET_MSR_INDEX_LIST returns this msrs, and qemu notes that it is supported in 'has_msr_umwait' global var 2. Qemu does kvm_arch_get/put_registers->kvm_get/put_msrs->ioctl(KVM_GET_MSRS) and while doing this it adds MSR_IA32_UMWAIT_CONTROL to that msr list. That reaches 'svm_get_msr', and this one knows nothing about MSR_IA32_UMWAIT_CONTROL. So the difference here is that vmx_get_msr not called at all. I can add this msr to svm_get_msr instead but that feels wrong since this feature is not yet supported on AMD. When AMD adds support for this feature, then the VMX specific code can be moved to kvm_get_msr_common I guess. > > so KVM userspace should be able to read/write this MSR even when there's > no hardware support for it. Or who's trying to read/write it? > > Also, kvm_cpu_cap_has() check is not equal to vmx_has_waitpkg() which > checks secondary execution controls. I was afraid that something like that will happen, but in this particular case we can only check CPUID support and if supported, the then it means we are dealing with intel system and thus vmx_get_msr will be called and ignore that msr. Calling vmx_has_waitpkg from the common code doesn't seem right, and besides, it checks the secondary controls which are set by the host and can change, at least in theory during runtime (I don't know if KVM does this). Note that if I now understand correctly, the 'host_initiated' means that MSR read/write is done by the host itself and not on behalf of the guest. Best regards, Maxim Levitsky > > > default: > > break; > > }