Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp990510pxk; Thu, 3 Sep 2020 19:22:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2APW3Aw7wiHqgPaip88/lpFpvczoP1IsFvKA1swrLa87GNipWR1KnqPQ+DZhfoyobXhlC X-Received: by 2002:a17:907:110f:: with SMTP id qu15mr1042063ejb.359.1599186137254; Thu, 03 Sep 2020 19:22:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599186137; cv=none; d=google.com; s=arc-20160816; b=Gqr1OoixZTcuy6EOdiw23Lhyk+uWc7d8kaq9rFHQW6yD9Zfb1kiw86RQixGLv3iImq 4bVOABcXbNoLjnUraCzEGZE7ArpLApXjNYrVgngAOpC/kklAjQAhrKDMvxxG1Es/z9VS jiRL2C5xMENaVYKaYBtaMH16nMf0t2cqXahtL6udhz4bE+MiVM602HRGq1gcdZXajH5T ciJrrI/UIUtybX2EYOmX0M7kZE+yGBbVjve2CMf76zKvhLG27OEaiv1ynZ9eTjYkhdC3 4jIpJax9ObA3roGjxHjtaE6ttNdqCB7VjO1oT+RoeAb2d+3lgO9f0FkHcnUmmKBWuYJU /D5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=LrAdzv24TvKINI+TSt9YrTxl/N6E+xS4y6ll+3lQsBM=; b=KHk/Ij0rvH2jdj4J3IWXs5+dAuz3fKbkTbsaLgC00K5Kh+c8KvyInGGQOzUEorNMyz M7MKOZQ5BJ5pbMceFE9r2HUL2tUL2x2ytHr8KJLscRDLRkzy+JxIQ1u6SASUS/JYNiFf d+P7FTmWdQvPycHs101gO/gLbMU6skefTL5YKXK7GwXX03ji7EOyZER7YQkDUEgUpIpJ LCSUHe1jt0aqI7x+kknfsr8lvppZ5WERJ4hsM+OLmGd8NJ1Vuv4C1rutDztnghGKYCZu s8T4OnmpRy7mImzryXJD8YD1jApU88M0HfXP6g8E/g7Kqo6CXIDARQglHTco3cpMaTov pRfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=MRIf1HBg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e11si3075764edc.302.2020.09.03.19.21.54; Thu, 03 Sep 2020 19:22:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=MRIf1HBg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729564AbgIDCTJ (ORCPT + 99 others); Thu, 3 Sep 2020 22:19:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729468AbgIDCTI (ORCPT ); Thu, 3 Sep 2020 22:19:08 -0400 Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com [IPv6:2a00:1450:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEADAC061245 for ; Thu, 3 Sep 2020 19:19:07 -0700 (PDT) Received: by mail-ed1-x542.google.com with SMTP id b12so4586758edz.11 for ; Thu, 03 Sep 2020 19:19:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LrAdzv24TvKINI+TSt9YrTxl/N6E+xS4y6ll+3lQsBM=; b=MRIf1HBgmWXfY1BikF2IYGavdlt4nQmFrVJ6Mi+ad+vUFt0vx2nR0LP2LhUjG+MOoy y/BaY2dLXwr0smwGz3krb1Tp8HTvrZBPaxjjJswpXWPxv6eY9MBUdVuGde7aYtuDJ4fl vM4WtJ4alvKrxThlhkLGNlCGI2rDb91JN/ZjFLZ/CRmly547F0A2OlB7yDF546n0qcGv 32QV9KC3cBX+N7U5ISIfjFklMV66lljsGD2vDQSqAPwrTrxnegtZENKpP7AlOhf8OuAe bEWWikidflcbq6YaJCTNtFrd7PAjhQh5W4X+VczD8GPAuWc4xbg7ba7h8uc9XO9w0sRy Mwrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LrAdzv24TvKINI+TSt9YrTxl/N6E+xS4y6ll+3lQsBM=; b=jUf0ClM26EknSDg3HqZwhYo1mwU25nbumA7o3o28oW3hVpY78BtmIbbJTvfRxrLai1 PaQcsOMHnszF8nBigZUHTDQsY4EZr1oBvfgbKAAN6b4PXswiw7XpRUyF2e18gZhbhjo+ tQbglNFvOA7MqODes8fFx85wPHFTtkx6MzJmr/JwOu1+WxamccUgTRPJXDLCaez59iJ9 5FCAIOv/Paj3QhM/LXV+HqLPz1SVyBQGb31/iiqfp2CfRG95o/ur1RPkTnF7kcDlIRRn DNRyStKPtE6kgVEPwVloobODFeaq1Hf6AvMmI+vX7ssgnsjZZaGQwKWwXEsQjJGQiaov SRGQ== X-Gm-Message-State: AOAM531ejbyH+Qy1B6KAtQyVrAjMitAkVmxTjMeufIuEEbrLKm6dB/R8 3SpD6HxEds+9XAF0oHexGR9Te4g2Qk9rfuLIpJth3w== X-Received: by 2002:a50:d809:: with SMTP id o9mr6138860edj.12.1599185946357; Thu, 03 Sep 2020 19:19:06 -0700 (PDT) MIME-Version: 1.0 References: <20200902125935.20646-1-graf@amazon.com> <20200902125935.20646-6-graf@amazon.com> In-Reply-To: <20200902125935.20646-6-graf@amazon.com> From: Aaron Lewis Date: Thu, 3 Sep 2020 19:18:55 -0700 Message-ID: Subject: Re: [PATCH v6 5/7] KVM: x86: VMX: Prevent MSR passthrough when MSR access is denied To: Alexander Graf Cc: Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , KarimAllah Raslan , Dan Carpenter , kvm list , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > +/* > + * List of MSRs that can be directly passed to the guest. > + * In addition to these x2apic and PT MSRs are handled specially. > + */ > +static u32 vmx_possible_passthrough_msrs[MAX_POSSIBLE_PASSGHROUGH_MSRS] = { MAX_POSSIBLE_PASSGHROUGH_MSRS should be MAX_POSSIBLE_PASSTHROUGH_MSRS > + MSR_IA32_SPEC_CTRL, > + MSR_IA32_PRED_CMD, > + MSR_IA32_TSC, > + MSR_FS_BASE, > + MSR_GS_BASE, > + MSR_KERNEL_GS_BASE, > + MSR_IA32_SYSENTER_CS, > + MSR_IA32_SYSENTER_ESP, > + MSR_IA32_SYSENTER_EIP, > + MSR_CORE_C1_RES, > + MSR_CORE_C3_RESIDENCY, > + MSR_CORE_C6_RESIDENCY, > + MSR_CORE_C7_RESIDENCY, > +}; Is there any reason not to construct this list on the fly? That could help prevent the list from becoming stale over time if this is missed when calls to vmx_disable_intercept_for_msr() are added. > + > /* > * These 2 parameters are used to config the controls for Pause-Loop Exiting: > * ple_gap: upper bound on the amount of time between two successive > @@ -622,6 +642,41 @@ static inline bool report_flexpriority(void) > return flexpriority_enabled; > } One thing that seems to be missing is removing MSRs from the permission bitmap or resetting the permission bitmap to its original state before adding changes on top of it. This would be needed on subsequent calls to kvm_vm_ioctl_set_msr_filter(). When that happens the original changes made by KVM_REQ_MSR_FILTER_CHANGED need to be backed out before applying the new set.