Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2005952ybt; Thu, 2 Jul 2020 21:05:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzxh+KRB4UVtkwiM+/3RBX62GsBC8xCzaKdL5C1QbF4fR78JHqo80F3t/NhICTQIq/PG6fv X-Received: by 2002:a17:906:1491:: with SMTP id x17mr31276566ejc.416.1593749107616; Thu, 02 Jul 2020 21:05:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593749107; cv=none; d=google.com; s=arc-20160816; b=acU8Hv+uxnxCmlzqopnhKZWVimtN4iW2B0mD1v0VFDSIMSPcChfvT2Mfkwh5/DCvdZ vRBD4yzENztKm49T7v7YIzG/Qy4B8ZNfWrLN4vhcsaMRkPUtF+/jeqOYzhoimXb0Rnuc cO7xDdFcMZSKbZkiqJx1euWp/YF7yTwbyB9dAjxjcapygtqjmiR2AfL2bGCHRja0ydJx Bv5xXcsnbSEDopKlgyVhCQ9OCJZWU7PrPOnlRrA+7t5F8mZSIyN/+rLFlh6zm2CcUEOV mKDdtvrLwVZjyqM6HCNa9vBrRuxWPzPOBEFFKfNfyImM3agKEUjVAyy2GPrWAWx8H675 JPCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=UgJhKZefgSVf6D8yAaTr4FmXUmS5jeZYWu17S9nDoYw=; b=vY5y/L/QJFshdBFTJakGPGCgKnA4boSw0MFUI4TiJ5cSQXtP6liuxBe3v1EQD+Qc+m Eo7ETk0RHYG0B2/aknVnXzV9M9OBFhSyKhRjX1di334OTik88WEw7XmAbjPujjIOfc2/ PONtp/Cvq8aNgAj0rXfq26RHgZ+VVU2MEGveB11i2ZzTLFbBl2naesgFdaueGTx+KOvQ 9256u5yNpcsGwndx0savJPHZGYS8oH1pPanjKZgNDw3x87phX0aZuu93uBL+W2WJ38YS 9KFXUSRDA9bcU6ssmYDACDSdocK3DVE4XqE7nlYd4XBt23OXO4y51YAJtHF+qTC18dmC X9tw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y5si7401453edm.400.2020.07.02.21.04.44; Thu, 02 Jul 2020 21:05:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726140AbgGCEE2 (ORCPT + 99 others); Fri, 3 Jul 2020 00:04:28 -0400 Received: from mga06.intel.com ([134.134.136.31]:9178 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725972AbgGCEEY (ORCPT ); Fri, 3 Jul 2020 00:04:24 -0400 IronPort-SDR: TNFo0jCvEt1leNVMv8xG1NfSgGflZlFEqlZz59bSwa6dPmPG/aFuFvXTcmuOAMtqda7VvsOYeL wYYnUR3ttzeg== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="208604066" X-IronPort-AV: E=Sophos;i="5.75,306,1589266800"; d="scan'208";a="208604066" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jul 2020 21:04:23 -0700 IronPort-SDR: +ws7XUAIPTao+0J8/4eqJV3WVnxdMymWnm06JW1o0fjTGFZkI8cv/HynvXEOtSNCvZc8oRzRRo pgtC7yOfuHaQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,306,1589266800"; d="scan'208";a="387520211" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.152]) by fmsmga001.fm.intel.com with ESMTP; 02 Jul 2020 21:04:23 -0700 From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/2] KVM: x86: Mark CR4.TSD as being possibly owned by the guest Date: Thu, 2 Jul 2020 21:04:21 -0700 Message-Id: <20200703040422.31536-2-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200703040422.31536-1-sean.j.christopherson@intel.com> References: <20200703040422.31536-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Mark CR4.TSD as being possibly owned by the guest as that is indeed the case on VMX. Without TSD being tagged as possibly owned by the guest, a targeted read of CR4 to get TSD could observe a stale value. This bug is benign in the current code base as the sole consumer of TSD is the emulator (for RDTSC) and the emulator always "reads" the entirety of CR4 when grabbing bits. Add a build-time assertion in to ensure VMX doesn't hand over more CR4 bits without also updating x86. Fixes: 52ce3c21aec3 ("x86,kvm,vmx: Don't trap writes to CR4.TSD") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/kvm_cache_regs.h | 2 +- arch/x86/kvm/vmx/vmx.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/kvm_cache_regs.h b/arch/x86/kvm/kvm_cache_regs.h index ff2d0e9ca3bc..cfe83d4ae625 100644 --- a/arch/x86/kvm/kvm_cache_regs.h +++ b/arch/x86/kvm/kvm_cache_regs.h @@ -7,7 +7,7 @@ #define KVM_POSSIBLE_CR0_GUEST_BITS X86_CR0_TS #define KVM_POSSIBLE_CR4_GUEST_BITS \ (X86_CR4_PVI | X86_CR4_DE | X86_CR4_PCE | X86_CR4_OSFXSR \ - | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_PGE) + | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_PGE | X86_CR4_TSD) #define BUILD_KVM_GPR_ACCESSORS(lname, uname) \ static __always_inline unsigned long kvm_##lname##_read(struct kvm_vcpu *vcpu)\ diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b1a23ad986ff..7fc5ca9cb5a0 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4034,6 +4034,8 @@ void vmx_set_constant_host_state(struct vcpu_vmx *vmx) void set_cr4_guest_host_mask(struct vcpu_vmx *vmx) { + BUILD_BUG_ON(KVM_CR4_GUEST_OWNED_BITS & ~KVM_POSSIBLE_CR4_GUEST_BITS); + vmx->vcpu.arch.cr4_guest_owned_bits = KVM_CR4_GUEST_OWNED_BITS; if (enable_ept) vmx->vcpu.arch.cr4_guest_owned_bits |= X86_CR4_PGE; -- 2.26.0