Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp1723595pxy; Fri, 23 Apr 2021 15:37:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXZIpQfgotpfgQCwNKS3eA1nWbx0l7Rjm4O86xWUwr0Mgp9AgJEU9gYKnAn6XRKNIFNEqV X-Received: by 2002:a63:4c55:: with SMTP id m21mr6025993pgl.251.1619217438655; Fri, 23 Apr 2021 15:37:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619217438; cv=none; d=google.com; s=arc-20160816; b=ga47QXLinGgCVvz6lxum+cyNWbxxhgTv5F7oRB5g2BTpgC/OkQ7lPqZ8rIvK+Y7lGH qNhhO1OszsIkSd8tXtqPbnXciEXwvW4xbRx7ykPq7yjjqWZl2S4HeyjQvMUDVh1k6t5y W24lk3c+OdaJFdJvVDrcDTGjCIg4XrLOFeOvWBXoLapdSa09CeBEw6VvnHBTI7pbUehK V/eQiCsuUmEBOMp/3C3r55TLhDrcV6STRGK6dc3GElF0pfewI/IEdz3AhahKO/aH9shr TKw0xkvQPM37XhPe2dUxnxF8sh6cFrX6tuhU9ewKBbggGAH9+rQ4ojUtmd+ZnQLfBDPC 4V3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:reply-to:dkim-signature; bh=Y4iQrQo2idMgVCLJBfNHPP4hN3euA9dQLTSysYHWP4Y=; b=zIBBAToNAcZVYEYxMWTm1mhln4FUE6vKmGAVEiybXc0kBhYL9UAaSiMVuN8E/xvFMy h9vGt+xRThu5Agb/OtsNLT0/LYROwxHgN2IS2LeQVui28e62uX3YNq5kR64JkD5mjf1/ y4c09haDHOm/HO2GR2aHNs8tldx1J7kNkEYbklUltoyB5eQNZljoOoMOcaxiLZqpGiJa HhGT7A4pMroHASU4LLr+/jMq4a8+Ric12epZ12mxHaUg/pDA/gB2HoV1gcdMoKR7yKn2 N94q6aB6+UFqJ2uq+VPQQtVNHtQolUS9VUfFrT7ywh3hW85OScLrV6gesIZB6vj82OrC UjUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="u/a/AbF0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r7si8008986pgv.466.2021.04.23.15.37.06; Fri, 23 Apr 2021 15:37:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="u/a/AbF0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244212AbhDWWf1 (ORCPT + 99 others); Fri, 23 Apr 2021 18:35:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36234 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244015AbhDWWe6 (ORCPT ); Fri, 23 Apr 2021 18:34:58 -0400 Received: from mail-qv1-xf4a.google.com (mail-qv1-xf4a.google.com [IPv6:2607:f8b0:4864:20::f4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C86EC06138E for ; Fri, 23 Apr 2021 15:34:18 -0700 (PDT) Received: by mail-qv1-xf4a.google.com with SMTP id el4-20020ad459c40000b029019a47ec7a9dso15612345qvb.21 for ; Fri, 23 Apr 2021 15:34:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=Y4iQrQo2idMgVCLJBfNHPP4hN3euA9dQLTSysYHWP4Y=; b=u/a/AbF09+lGetelvU92prkShzTVv3APvauUzU956nfa+0+6lC4U5suIAU5bgFYXEM KbDW/g+5V/p/ebb/2jhFK3GsYTZ5AxDCWFewCpokthHMFuUIrKXVjSG48oLrhZkxidJQ QGUAEnQ3q8Jcca464P1xQha5rZYuzyas7cfoasxpRtcsZOS1mn9R1qs/nnJVmraYbYr8 gAWD0TaDldQTz32RTwNMhlu+cmn+KSx5L/5TJKBv4mOlKlJJQwCCOjtBqlC0BFpX8tsh tEaPUZThjGvuFrP3IgyNO4GKAxQV+y21z1OiYG+V7y9Ix4+Y3Lw072glAekk8c1EtylQ Rh7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=Y4iQrQo2idMgVCLJBfNHPP4hN3euA9dQLTSysYHWP4Y=; b=nVTTzilFesksd3aw13kUx+l3Otm+bNkpdzKDTQeRRC3zLpCo4g0tXseNM57EAD3AeR xSN8UP6ZaAk7kVOys5rn8l34WAPWUSW2MK3GoT5jWzFZ/HcAGwHJCmjQrp8g9EeWa248 yWVX5Rw63rDbUwtKqxje83Z19kRo6isby5Grg5GROeF9HP0+LqLrpKi/s72idue/kv4C YQC8bepxA0Toz3hjQjzl17+Gu6KvpTO9VyytEvlW1RAcY33mVt0qc/Ud1UgzfxAw3/2Z uH4h3KCfzIXngLTJ9zkxl729e3/tX8y3hXD3uXZ9qlHgfjvQlx4ZtCu0ptneQU6nEZKG WqLw== X-Gm-Message-State: AOAM531r7ft5RYGGn3lXDPRKJF81Xmzqhzt4sy00c/Na9i/d12axn5OB yGinPWyKGycmEne1sQJJjcwACVXLktg= X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:f:10:ad52:3246:e190:f070]) (user=seanjc job=sendgmr) by 2002:a05:6214:176a:: with SMTP id et10mr6640697qvb.23.1619217257247; Fri, 23 Apr 2021 15:34:17 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 23 Apr 2021 15:34:03 -0700 In-Reply-To: <20210423223404.3860547-1-seanjc@google.com> Message-Id: <20210423223404.3860547-4-seanjc@google.com> Mime-Version: 1.0 References: <20210423223404.3860547-1-seanjc@google.com> X-Mailer: git-send-email 2.31.1.498.g6c1eba8ee3d-goog Subject: [PATCH v3 3/4] KVM: x86: Tie Intel and AMD behavior for MSR_TSC_AUX to guest CPU model From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Reiji Watanabe Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Squish the Intel and AMD emulation of MSR_TSC_AUX together and tie it to the guest CPU model instead of the host CPU behavior. While not strictly necessary to avoid guest breakage, emulating cross-vendor "architecture" will provide consistent behavior for the guest, e.g. WRMSR fault behavior won't change if the vCPU is migrated to a host with divergent behavior. Note, this also adds a kvm_cpu_has() check on RDTSCP for VMX. For all practical purposes, the extra check is a nop as VMX's use of user return MSRs indirectly performs the same check by checking the result of WRMSR. Technically RDTSCP support can exist in bare metal but not in the VMCS, but no known Intel CPUs behave this way. In practice, the only scenario where adding the kvm_cpu_has() check isn't a nop is nested virtualization scenario where L0 hides the VMCS control from L1 (KVM in this case), and the L1 userspace VMM has decided to advertise RDTSCP _against_ the recommendations of KVM_GET_SUPPORTED_CPUID. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 22 +--------------------- arch/x86/kvm/vmx/vmx.c | 13 ------------- arch/x86/kvm/x86.c | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 34 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 71d704f8d569..4c7604fca009 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2672,11 +2672,6 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data |= (u64)svm->sysenter_esp_hi << 32; break; case MSR_TSC_AUX: - if (!boot_cpu_has(X86_FEATURE_RDTSCP)) - return 1; - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) - return 1; msr_info->data = svm->tsc_aux; break; /* @@ -2892,13 +2887,6 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->sysenter_esp_hi = guest_cpuid_is_intel(vcpu) ? (data >> 32) : 0; break; case MSR_TSC_AUX: - if (!boot_cpu_has(X86_FEATURE_RDTSCP)) - return 1; - - if (!msr->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) - return 1; - /* * This is rare, so we update the MSR here instead of using * direct_access_msrs. Doing that would require a rdmsr in @@ -2906,15 +2894,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) */ wrmsrl(MSR_TSC_AUX, svm->tsc_aux); - /* - * Per Intel's SDM, bits 63:32 are reserved, but AMD's APM has - * incomplete and conflicting architectural behavior. Current - * AMD CPUs completely ignore bits 63:32, i.e. they aren't - * reserved and always read as zeros. Emulate AMD CPU behavior - * to avoid explosions if the vCPU is migrated from an AMD host - * to an Intel host. - */ - svm->tsc_aux = (u32)data; + svm->tsc_aux = data; break; case MSR_IA32_DEBUGCTLMSR: if (!boot_cpu_has(X86_FEATURE_LBRV)) { diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6501d66167b8..d3fce53d89ac 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1992,11 +1992,6 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else msr_info->data = vmx->pt_desc.guest.addr_a[index / 2]; break; - case MSR_TSC_AUX: - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) - return 1; - goto find_uret_msr; case MSR_IA32_DEBUGCTLMSR: msr_info->data = vmcs_read64(GUEST_IA32_DEBUGCTL); break; @@ -2312,14 +2307,6 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) else vmx->pt_desc.guest.addr_a[index / 2] = data; break; - case MSR_TSC_AUX: - if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) - return 1; - /* Check reserved bit, higher 32 bits should be zero */ - if ((data >> 32) != 0) - return 1; - goto find_uret_msr; case MSR_IA32_PERF_CAPABILITIES: if (data && !vcpu_to_pmu(vcpu)->version) return 1; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index f0d0b6e043ae..95da9b1cabdb 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1610,6 +1610,29 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data, * invokes 64-bit SYSENTER. */ data = get_canonical(data, vcpu_virt_addr_bits(vcpu)); + break; + case MSR_TSC_AUX: + if (!kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) + return 1; + + if (!host_initiated && + !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) + return 1; + + /* + * Per Intel's SDM, bits 63:32 are reserved, but AMD's APM has + * incomplete and conflicting architectural behavior. Current + * AMD CPUs completely ignore bits 63:32, i.e. they aren't + * reserved and always read as zeros. Enforce Intel's reserved + * bits check if and only if the guest CPU is Intel, and clear + * the bits in all other cases. This ensures cross-vendor + * migration will provide consistent behavior for the guest. + */ + if (guest_cpuid_is_intel(vcpu) && (data >> 32) != 0) + return 1; + + data = (u32)data; + break; } msr.data = data; @@ -1646,6 +1669,17 @@ int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, if (!host_initiated && !kvm_msr_allowed(vcpu, index, KVM_MSR_FILTER_READ)) return KVM_MSR_RET_FILTERED; + switch (index) { + case MSR_TSC_AUX: + if (!kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) + return 1; + + if (!host_initiated && + !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) + return 1; + break; + } + msr.index = index; msr.host_initiated = host_initiated; -- 2.31.1.498.g6c1eba8ee3d-goog