Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1667096ybt; Thu, 2 Jul 2020 10:46:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxasfEsGuwqDrnD/GfrJWpruI6JlX7KElWn+/ZYggFUYqECxwMFWJ6JbpT85tb+oW8H+v/9 X-Received: by 2002:aa7:c98d:: with SMTP id c13mr27511043edt.188.1593711998709; Thu, 02 Jul 2020 10:46:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593711998; cv=none; d=google.com; s=arc-20160816; b=NP6mH0onLPuGxARQKCsjsmX1Sc11QDnnQrh8zZleC72CAT7Kkh0Sbw348Fmc+P1XaU grrtb/245sYD452QndsQoaBj7EKmaggRVApCaeLNV5ObJhhHJoFN08PyPOt6nUnDnhqt bc8FIuwFcSSoUaT0tl5G2uIcMIQ4znvDWWFiY86/vmDQoOYDkUpO4Q/84IuNusUOLr35 MyU9CgK7eTMo+2svIJYTTFLWI8lBVrOF9KLoaMdgERNU72E9W53XfFkT1ze3I0XCJZ7s GIREcmt/tXGJSQK/vgg0pklIVLi9F3ZkX62UewuSQdPXfte3GVtljcH4XXznTvmX3Nj1 CJog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=2+YKOFsMFqgKEAlgmAfFeYOf9HVs9QXIdHNLGDvzQ5Y=; b=HKbEeKTMHuORpqPrzdfwUNo2IjmB6RrhCJraHEYwYKHY/MM35UufmTiuLRG3byEY+D vVj6YdeaP7B5HC+4aWxe2VQ5ig6M6PXQRnA2ko5P5ifpIgh8NoRXs/71G0osqjPSatma 9cEVp+FZ1wL9JiPSQZzRD+UZu/xt3HNGUW8u8bUBgQz9twFVvGBKncsbp6QAQ4JWzzhC dJdp1rBJB5XbyWdwcMYTo1xWOcIaAlhKeXA7awXE9BF/eKZpLYfYaufwQcLh1P9vTdGa P7SXJZTMOOR8T/Elrn8HC3vNu1fgSIH5cSYyY7qHTaEwpyulZFzsz0ekBLrRzHLZKYce f/0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Wc2BsjvR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id op10si6288712ejb.149.2020.07.02.10.46.15; Thu, 02 Jul 2020 10:46:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Wc2BsjvR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727914AbgGBRpO (ORCPT + 99 others); Thu, 2 Jul 2020 13:45:14 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:28661 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726754AbgGBRpN (ORCPT ); Thu, 2 Jul 2020 13:45:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593711912; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=2+YKOFsMFqgKEAlgmAfFeYOf9HVs9QXIdHNLGDvzQ5Y=; b=Wc2BsjvR9YIfHeFGYKy6VJ+c9FdrPbeJugQ6rxA8MsKyH6cbbh1M3Rj0EbRLchneivdedU fOX2IczsJ/+ajAZE5lEAWpjpFFLIFqqX8zg2RWmhyQKfShBLOCNYVoWao/6tqCn1SUY81s QM/m8gyQ7BWzEGZ7BgnaItb3K9OWP4E= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-423-Dorxu1FDMIOrZb7rmwInbg-1; Thu, 02 Jul 2020 13:45:08 -0400 X-MC-Unique: Dorxu1FDMIOrZb7rmwInbg-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 950A88015FE; Thu, 2 Jul 2020 17:45:06 +0000 (UTC) Received: from starship.redhat.com (unknown [10.35.206.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id D1CA4619C1; Thu, 2 Jul 2020 17:44:56 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), linux-kernel@vger.kernel.org, Joerg Roedel , Thomas Gleixner , Wanpeng Li , "H. Peter Anvin" , Borislav Petkov , Paolo Bonzini , Vitaly Kuznetsov , Ingo Molnar , Jim Mattson , Sean Christopherson , Maxim Levitsky Subject: [PATCH] kvm: x86: rewrite kvm_spec_ctrl_valid_bits Date: Thu, 2 Jul 2020 20:44:55 +0300 Message-Id: <20200702174455.282252-1-mlevitsk@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There are few cases when this function was creating a bogus #GP condition, for example case when and AMD host supports STIBP but doesn't support SSBD. Follow the rules for AMD and Intel strictly instead. AMD #GP rules for IA32_SPEC_CTRL can be found here: https://bugzilla.kernel.org/show_bug.cgi?id=199889 Fixes: 6441fa6178f5 ("KVM: x86: avoid incorrect writes to host MSR_IA32_SPEC_CTRL") Signed-off-by: Maxim Levitsky --- arch/x86/kvm/x86.c | 57 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 00c88c2f34e4..a6bed4670b7f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10670,27 +10670,54 @@ bool kvm_arch_no_poll(struct kvm_vcpu *vcpu) } EXPORT_SYMBOL_GPL(kvm_arch_no_poll); -u64 kvm_spec_ctrl_valid_bits(struct kvm_vcpu *vcpu) + +static u64 kvm_spec_ctrl_valid_bits_host(void) +{ + uint64_t bits = 0; + + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) + bits |= SPEC_CTRL_IBRS; + if (boot_cpu_has(X86_FEATURE_INTEL_STIBP)) + bits |= SPEC_CTRL_STIBP; + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD)) + bits |= SPEC_CTRL_SSBD; + + if (boot_cpu_has(X86_FEATURE_AMD_IBRS) || boot_cpu_has(X86_FEATURE_AMD_STIBP)) + bits |= SPEC_CTRL_STIBP | SPEC_CTRL_IBRS; + + if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) + bits |= SPEC_CTRL_STIBP | SPEC_CTRL_IBRS | SPEC_CTRL_SSBD; + + return bits; +} + +static u64 kvm_spec_ctrl_valid_bits_guest(struct kvm_vcpu *vcpu) { - uint64_t bits = SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD; + uint64_t bits = 0; - /* The STIBP bit doesn't fault even if it's not advertised */ - if (!guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) && - !guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS)) - bits &= ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP); - if (!boot_cpu_has(X86_FEATURE_SPEC_CTRL) && - !boot_cpu_has(X86_FEATURE_AMD_IBRS)) - bits &= ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP); + if (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) + bits |= SPEC_CTRL_IBRS; + if (guest_cpuid_has(vcpu, X86_FEATURE_INTEL_STIBP)) + bits |= SPEC_CTRL_STIBP; + if (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL_SSBD)) + bits |= SPEC_CTRL_SSBD; - if (!guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL_SSBD) && - !guest_cpuid_has(vcpu, X86_FEATURE_AMD_SSBD)) - bits &= ~SPEC_CTRL_SSBD; - if (!boot_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) && - !boot_cpu_has(X86_FEATURE_AMD_SSBD)) - bits &= ~SPEC_CTRL_SSBD; + if (guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS) || + guest_cpuid_has(vcpu, X86_FEATURE_AMD_STIBP)) + bits |= SPEC_CTRL_STIBP | SPEC_CTRL_IBRS; + if (guest_cpuid_has(vcpu, X86_FEATURE_AMD_SSBD)) + bits |= SPEC_CTRL_STIBP | SPEC_CTRL_IBRS | SPEC_CTRL_SSBD; return bits; } + +u64 kvm_spec_ctrl_valid_bits(struct kvm_vcpu *vcpu) +{ + return kvm_spec_ctrl_valid_bits_host() & + kvm_spec_ctrl_valid_bits_guest(vcpu); +} + + EXPORT_SYMBOL_GPL(kvm_spec_ctrl_valid_bits); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit); -- 2.25.4