Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp540913ybt;
        Fri, 19 Jun 2020 07:49:36 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw7cc7XUNeBJkPLrfQNQwgungO45f21JmfjNbn2uV2JOLfpDzT/oAh0FghsCBU+GKHbW9BJ
X-Received: by 2002:a17:906:4a03:: with SMTP id w3mr3956155eju.154.1592578176080;
        Fri, 19 Jun 2020 07:49:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1592578176; cv=none;
        d=google.com; s=arc-20160816;
        b=A8GA0tdPFfrUTTaKXB8NB7KPam1Zm4IgwWeKMiQpcmQGErJByd6k8r7ZzuarYuWCvC
         A/2jfdnZZ6OWqByu/vfelS1Mdcmk2drFYnZZ6CEKDlWUnWRENdK19AEdMZGgAGdAfhlu
         3gc/zRBxNs7Y2ouPQ5CSRTRZ0SnsE/1lmESlbgdJ8f3ouproyxUVZE074JDTcoOlWpwb
         7qXI1g2+ZHBcVq5335S4RfP7jtnyW2qxQl0All7Aq49zTM5hmVabGG6wp2YW+6VGg4+U
         smLct5i4iikcSHtB0U5abNVtx6aH3UQbHbsR4/ojSM3Z2zOOmDXATzAq9yC9EzZKIkBV
         4uoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=hTZ99WmwHS8brzFmxf5EksZbC6lABoBuQ0LDNxmwoVE=;
        b=z442JuOujj/uLIX5TOKybv07JnJN4Q7uyrmJOVqeMxoHB3ul06stUmVQtheXK38ECg
         Cgpe45jXWC4B2Rma+doYmQhpPWxT59WAdDbXC7/n9SxXWO/tZvfYq5ebhg1M8wglDLGe
         5dVQfNe3/x91XPGfmOTIlJ6VH4oibI6esjy7ERW97KpOAWHugPysNc1ztzZtfZCl9An9
         wz7FNxGGYdWyu9MLVRJMewlDDSCjSeCCe18hvDnha8alVKcRki03YbhvACSWkAACDjcI
         p0HbehQQi3H4OoO1o3HoNYk/DcMRxyUk1fgbcrra8uVFq2o0baSCykyI1O4L0oT7Jq6z
         XkCw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ScxYP0Fn;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g7si3900459ejx.451.2020.06.19.07.49.12;
        Fri, 19 Jun 2020 07:49:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ScxYP0Fn;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388475AbgFSOqi (ORCPT <rfc822;jaegeuk-test@gmail.com>
        + 99 others); Fri, 19 Jun 2020 10:46:38 -0400
Received: from mail.kernel.org ([198.145.29.99]:38136 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388836AbgFSOqY (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Jun 2020 10:46:24 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 7F48420DD4;
        Fri, 19 Jun 2020 14:46:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1592577984;
        bh=HjIIrdyaQ83b1V7S2LAZQuZL99+VB1+436lKSf7nNBU=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ScxYP0Fngg86ExrNg4OsU2SivT/j80XmT/OwhKhCiqIO2O1kIqz32LPHEMSrr0w/V
         nD0DP0ZXLc+wMqOrJ8uBJkO3NRhaDkCx3N5KMni17i1KiMC8wont2VXMMrD0fAnURY
         Xo5kFxc2brhD+UMRre3kbd9I18JCrW/0sr/2ZGac=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 038/190] KVM: x86: only do L1TF workaround on affected processors
Date:   Fri, 19 Jun 2020 16:31:23 +0200
Message-Id: <20200619141635.473250358@linuxfoundation.org>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200619141633.446429600@linuxfoundation.org>
References: <20200619141633.446429600@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Paolo Bonzini <pbonzini@redhat.com>

[ Upstream commit d43e2675e96fc6ae1a633b6a69d296394448cc32 ]

KVM stores the gfn in MMIO SPTEs as a caching optimization.  These are split
in two parts, as in "[high 11111 low]", to thwart any attempt to use these bits
in an L1TF attack.  This works as long as there are 5 free bits between
MAXPHYADDR and bit 50 (inclusive), leaving bit 51 free so that the MMIO
access triggers a reserved-bit-set page fault.

The bit positions however were computed wrongly for AMD processors that have
encryption support.  In this case, x86_phys_bits is reduced (for example
from 48 to 43, to account for the C bit at position 47 and four bits used
internally to store the SEV ASID and other stuff) while x86_cache_bits in
would remain set to 48, and _all_ bits between the reduced MAXPHYADDR
and bit 51 are set.  Then low_phys_bits would also cover some of the
bits that are set in the shadow_mmio_value, terribly confusing the gfn
caching mechanism.

To fix this, avoid splitting gfns as long as the processor does not have
the L1TF bug (which includes all AMD processors).  When there is no
splitting, low_phys_bits can be set to the reduced MAXPHYADDR removing
the overlap.  This fixes "npt=0" operation on EPYC processors.

Thanks to Maxim Levitsky for bisecting this bug.

Cc: stable@vger.kernel.org
Fixes: 52918ed5fcf0 ("KVM: SVM: Override default MMIO mask if memory encryption is enabled")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/kvm/mmu.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index d8878266553c..7220ab210dcf 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -275,6 +275,8 @@ static bool is_executable_pte(u64 spte);
 void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value)
 {
 	BUG_ON((mmio_mask & mmio_value) != mmio_value);
+	WARN_ON(mmio_value & (shadow_nonpresent_or_rsvd_mask << shadow_nonpresent_or_rsvd_mask_len));
+	WARN_ON(mmio_value & shadow_nonpresent_or_rsvd_lower_gfn_mask);
 	shadow_mmio_value = mmio_value | SPTE_SPECIAL_MASK;
 	shadow_mmio_mask = mmio_mask | SPTE_SPECIAL_MASK;
 }
@@ -467,16 +469,15 @@ static void kvm_mmu_reset_all_pte_masks(void)
 	 * the most significant bits of legal physical address space.
 	 */
 	shadow_nonpresent_or_rsvd_mask = 0;
-	low_phys_bits = boot_cpu_data.x86_cache_bits;
-	if (boot_cpu_data.x86_cache_bits <
-	    52 - shadow_nonpresent_or_rsvd_mask_len) {
+	low_phys_bits = boot_cpu_data.x86_phys_bits;
+	if (boot_cpu_has_bug(X86_BUG_L1TF) &&
+	    !WARN_ON_ONCE(boot_cpu_data.x86_cache_bits >=
+			  52 - shadow_nonpresent_or_rsvd_mask_len)) {
+		low_phys_bits = boot_cpu_data.x86_cache_bits
+			- shadow_nonpresent_or_rsvd_mask_len;
 		shadow_nonpresent_or_rsvd_mask =
-			rsvd_bits(boot_cpu_data.x86_cache_bits -
-				  shadow_nonpresent_or_rsvd_mask_len,
-				  boot_cpu_data.x86_cache_bits - 1);
-		low_phys_bits -= shadow_nonpresent_or_rsvd_mask_len;
-	} else
-		WARN_ON_ONCE(boot_cpu_has_bug(X86_BUG_L1TF));
+			rsvd_bits(low_phys_bits, boot_cpu_data.x86_cache_bits - 1);
+	}
 
 	shadow_nonpresent_or_rsvd_lower_gfn_mask =
 		GENMASK_ULL(low_phys_bits - 1, PAGE_SHIFT);
-- 
2.25.1