Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp558686pxk; Wed, 23 Sep 2020 09:53:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzjMhk0sFwzOjsS4OmZWXK97dZPUk0+knXlZae6dagr5lpxcub4FAzEWJryWNY6o4XjyL1S X-Received: by 2002:a17:906:2619:: with SMTP id h25mr593459ejc.142.1600880015811; Wed, 23 Sep 2020 09:53:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600880015; cv=none; d=google.com; s=arc-20160816; b=LpbDOF+FFe655qBgPxpSPLHWRYnYwBDZyDxF6ausrii0N3gdiReYSkilDtI1cwXV/F Ys7tAge/R2HUZVShvspO42njTA4P9v1JRYRdYFCYzK5IV0istmDZog04IG+FYzy2Dtgd qZrC0HyxKbGd9SevNpBrVX3SOeX2OZOa7vHC15jWt67jmkCC0ZtSTcvDPDInUKmmfAyB mCu1utsv97KL9vIz+oho7r8mZLxdXn5gA3IzT4hZEBp3oTh2aNR8tl4kKxMXDLxnOXON xhH52wZIet+pQE3KjgtC/nH/EBbsi/E+/3xvHTqWG+9b84SBL7R9fM4E9orv0ZDVFfpg QxvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=pr9WljCkx4pGw21i2oIxnuTwB3/Ot1Te9lI8gdVAtqM=; b=Xk3GK3h/CcFhykTx61xav4vD3WSRWO+ZGaD9RaKHs0wrnY6yWlpnrRW+itvgScbZHR 6iZi8nfRfSQYHPe5dEdTfKN/NJ6LX719NspFvJoXtjKBxD5j+U1Klb0JLwW7DiMD+ivU oKA0+LS3z0A/YvbsJjrOz71MoDopL9F0lRH3tQklaRzpyqLrtzapcpzoUgrOdIUhaVIX UnQytOQm2zxBoZuYtXgZYsCNFgUPgYaIwtqzLTCKb6xHb/Rzyqb75AJADJYh2st4nfTs RlUDZpjB9rGDu/TAKL8ZWq2dP5OQzoYzoXCYcet5Wd65jAKhet/LhNDdYYSKfi/bhDfQ yD2Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c12si237210edy.146.2020.09.23.09.53.11; Wed, 23 Sep 2020 09:53:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726670AbgIWQuu (ORCPT + 99 others); Wed, 23 Sep 2020 12:50:50 -0400 Received: from mga06.intel.com ([134.134.136.31]:17994 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726184AbgIWQut (ORCPT ); Wed, 23 Sep 2020 12:50:49 -0400 IronPort-SDR: F/fretrXfzeCEWNQemE60rLuGjORalX9m1f1+79oZNYe+37F8SzR2wDnEjFBgPxOGqwFOB+v36 0db31aiY9lSw== X-IronPort-AV: E=McAfee;i="6000,8403,9753"; a="222529027" X-IronPort-AV: E=Sophos;i="5.77,293,1596524400"; d="scan'208";a="222529027" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Sep 2020 09:50:48 -0700 IronPort-SDR: 2gcjom9DEQpF2izpHbXLtYH7jQGi8ELW2PWYwc2mkedzZ8iTfcVrFIeFsxporCVfoTeMToJ0JK Nljkga1Z4o4g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,293,1596524400"; d="scan'208";a="454985298" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.160]) by orsmga004.jf.intel.com with ESMTP; 23 Sep 2020 09:50:48 -0700 From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/4] KVM: VMX: Unconditionally clear CPUID.INVPCID if !CPUID.PCID Date: Wed, 23 Sep 2020 09:50:46 -0700 Message-Id: <20200923165048.20486-3-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200923165048.20486-1-sean.j.christopherson@intel.com> References: <20200923165048.20486-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If PCID is not exposed to the guest, clear INVPCID in the guest's CPUID even if the VMCS INVPCID enable is not supported. This will allow consolidating the secondary execution control adjustment code without having to special case INVPCID. Technically, this fixes a bug where !CPUID.PCID && CPUID.INVCPID would result in unexpected guest behavior (#UD instead of #GP/#PF), but KVM doesn't support exposing INVPCID if it's not supported in the VMCS, i.e. such a config is broken/bogus no matter what. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index cfed29329e4f..57e48c5a1e91 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4149,16 +4149,22 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx) } } + /* + * Expose INVPCID if and only if PCID is also exposed to the guest. + * INVPCID takes a #UD when it's disabled in the VMCS, but a #GP or #PF + * if CR4.PCIDE=0. Enumerating CPUID.INVPCID=1 would lead to incorrect + * behavior from the guest perspective (it would expect #GP or #PF). + */ + if (!guest_cpuid_has(vcpu, X86_FEATURE_PCID)) + guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID); + if (cpu_has_vmx_invpcid()) { /* Exposing INVPCID only when PCID is exposed */ bool invpcid_enabled = - guest_cpuid_has(vcpu, X86_FEATURE_INVPCID) && - guest_cpuid_has(vcpu, X86_FEATURE_PCID); + guest_cpuid_has(vcpu, X86_FEATURE_INVPCID); - if (!invpcid_enabled) { + if (!invpcid_enabled) exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID; - guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID); - } if (nested) { if (invpcid_enabled) -- 2.28.0