Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2357138pxa; Mon, 3 Aug 2020 14:15:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyQadj0xzr89aI6YmXQVoFJNDk5b8V7PmisWzIyN6AJ9pAcQPwLtRzTIo7OTIeM9fE/BlwX X-Received: by 2002:a17:906:64d1:: with SMTP id p17mr18548411ejn.440.1596489340074; Mon, 03 Aug 2020 14:15:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596489340; cv=none; d=google.com; s=arc-20160816; b=UhW4b+7fGwu4GUlC111DvE9Z51faOM7RaS6lWLPnfSjL2Ge+DE9dr61gsA3NPrKNMs jMF85ftLvvW6VNtv4ZrFBbgMVaFx04lfSRACAucVl8AMc2bgYlpkQkn5cjMcz0OUXmZe pE5u9chtZ/9CddlH8VKYBv/hvnbErL4wISgadKjy3z6Xk87afw2oC8bLjN/2UcNy6o6N /V0g5pqC5K2rG1yH9NUlgYzNSj2rswcCzuS/Xs3WcUoJgb99c1b9pjhr4flJP5pGy7Ky OqE+dHj5lxvnnPaQG9t+w0N6gfyDsMQL00fX9Ginus1Vtx+Rn3dnU0Qk8ZWN1wNjJEGd ++UQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:ironport-sdr:dkim-signature; bh=A9YeFP9lUcJ4Il7shxNgntYRt+kEhRaIhYpWYV0cPJ0=; b=g8WY8GSI59vlfHjNiuDdyznj9XMIBBmM6O6ri+dfhA3aQCCU62VQ7q4KRdBa0LTbE8 t1PxTZp8X0P5At7twVufReGm8XWI+l8vFTWE10HaNyuwVLOTGEvFAkwZb9hIzaOUmsK7 GAgUWuU2EwbrsaQ7qwamXBsRptNFG5ndHH4MyR/a6gKIGOEa6UrUw+U6xDt4EY8njhul FeOpmy1TLBIGZwQeIVWIaKV8nUSNphD7PsiT1zLsXFLHD6P7uL3TPvnlolJmaDwbjNhG ssOxfJSX7n7DVTZco19MXMds5vqh+4HtvnjhoibmH29m6Xg+L1SsDP3AHpUyh3v+nDQC AXmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=J1+kXVUQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s23si10918602eji.327.2020.08.03.14.15.18; Mon, 03 Aug 2020 14:15:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=J1+kXVUQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729239AbgHCVPB (ORCPT + 99 others); Mon, 3 Aug 2020 17:15:01 -0400 Received: from smtp-fw-33001.amazon.com ([207.171.190.10]:22592 "EHLO smtp-fw-33001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728570AbgHCVOz (ORCPT ); Mon, 3 Aug 2020 17:14:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1596489294; x=1628025294; h=from:to:cc:subject:date:message-id:mime-version; bh=A9YeFP9lUcJ4Il7shxNgntYRt+kEhRaIhYpWYV0cPJ0=; b=J1+kXVUQLiFhSSstL55tYHEXdYCwW/MRwYZ8PeIIF6YuRK3/9+T7zR8e ZpUchcIeeKJTWXkS8NHWdrx70G0Kqx+qpbv/T+B9qP/+xpEls9nwgPLlL QMKj0Ls0Tu/gdiF4nwL5T/yJzJrFjXhoQgkZG2loSgvjPDT5x1ExCBtmr 4=; IronPort-SDR: 0MUbpDfmLkGtC4er2il2s+Yd9ppFbgY98rd66QIbjUNRSq7kxydYQmSdoltQzGDv9cogKeNmHx sWyiZB3kMncg== X-IronPort-AV: E=Sophos;i="5.75,431,1589241600"; d="scan'208";a="63982103" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-1e-62350142.us-east-1.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 03 Aug 2020 21:14:39 +0000 Received: from EX13MTAUWC001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan2.iad.amazon.com [10.40.159.162]) by email-inbound-relay-1e-62350142.us-east-1.amazon.com (Postfix) with ESMTPS id 20832A1E72; Mon, 3 Aug 2020 21:14:34 +0000 (UTC) Received: from EX13D20UWC001.ant.amazon.com (10.43.162.244) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 3 Aug 2020 21:14:34 +0000 Received: from u79c5a0a55de558.ant.amazon.com (10.43.161.145) by EX13D20UWC001.ant.amazon.com (10.43.162.244) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 3 Aug 2020 21:14:31 +0000 From: Alexander Graf To: Paolo Bonzini CC: Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , "Joerg Roedel" , KarimAllah Raslan , Aaron Lewis , , , Subject: [PATCH v4 0/3] Allow user space to restrict and augment MSR emulation Date: Mon, 3 Aug 2020 23:14:20 +0200 Message-ID: <20200803211423.29398-1-graf@amazon.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.43.161.145] X-ClientProxiedBy: EX13D36UWB001.ant.amazon.com (10.43.161.84) To EX13D20UWC001.ant.amazon.com (10.43.162.244) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org While tying to add support for the MSR_CORE_THREAD_COUNT MSR in KVM, I realized that we were still in a world where user space has no control over what happens with MSR emulation in KVM. That is bad for multiple reasons. In my case, I wanted to emulate the MSR in user space, because it's a CPU specific register that does not exist on older CPUs and that really only contains informational data that is on the package level, so it's a natural fit for user space to provide it. However, it is also bad on a platform compatibility level. Currrently, KVM has no way to expose different MSRs based on the selected target CPU type. This patch set introduces a way for user space to indicate to KVM which MSRs should be handled in kernel space. With that, we can solve part of the platform compatibility story. Or at least we can not handle AMD specific MSRs on an Intel platform and vice versa. In addition, it introduces a way for user space to get into the loop when an MSR access would generate a #GP fault, such as when KVM finds an MSR that is not handled by the in-kernel MSR emulation or when the guest is trying to access reserved registers. In combination with the allow list, the user space trapping allows us to emulate arbitrary MSRs in user space, paving the way for target CPU specific MSR implementations from user space. v1 -> v2: - s/ETRAP_TO_USER_SPACE/ENOENT/g - deflect all #GP injection events to user space, not just unknown MSRs. That was we can also deflect allowlist errors later - fix emulator case - new patch: KVM: x86: Introduce allow list for MSR emulation - new patch: KVM: selftests: Add test for user space MSR handling v2 -> v3: - return r if r == X86EMUL_IO_NEEDED - s/KVM_EXIT_RDMSR/KVM_EXIT_X86_RDMSR/g - s/KVM_EXIT_WRMSR/KVM_EXIT_X86_WRMSR/g - Use complete_userspace_io logic instead of reply field - Simplify trapping code - document flags for KVM_X86_ADD_MSR_ALLOWLIST - generalize exit path, always unlock when returning - s/KVM_CAP_ADD_MSR_ALLOWLIST/KVM_CAP_X86_MSR_ALLOWLIST/g - Add KVM_X86_CLEAR_MSR_ALLOWLIST - Add test to clear whitelist - Adjust to reply-less API - Fix asserts - Actually trap on MSR_IA32_POWER_CTL writes v3 -> v4: - Mention exit reasons in re-enter mandatory section of API documentation - Clear padding bytes - Generalize get/set deflect functions - Remove redundant pending_user_msr field - lock allow check and clearing - free bitmaps on clear Alexander Graf (3): KVM: x86: Deflect unknown MSR accesses to user space KVM: x86: Introduce allow list for MSR emulation KVM: selftests: Add test for user space MSR handling Documentation/virt/kvm/api.rst | 157 ++++++++++- arch/x86/include/asm/kvm_host.h | 13 + arch/x86/include/uapi/asm/kvm.h | 15 + arch/x86/kvm/emulate.c | 18 +- arch/x86/kvm/x86.c | 259 +++++++++++++++++- include/trace/events/kvm.h | 2 +- include/uapi/linux/kvm.h | 15 + tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/x86_64/user_msr_test.c | 221 +++++++++++++++ 9 files changed, 692 insertions(+), 9 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/user_msr_test.c -- 2.17.1 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879