Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2378288pxj; Mon, 10 May 2021 01:11:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxmZOR9/qeGtfpLy0lq5XRv4w2vjK05OIbYiZul1rH8hRkhlmywlg0//RAhK+8Jy2At/J4x X-Received: by 2002:a92:c9cd:: with SMTP id k13mr21145087ilq.180.1620634267353; Mon, 10 May 2021 01:11:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620634267; cv=none; d=google.com; s=arc-20160816; b=d2J66Fvv4ySApRfbdx+E7mBJjQ7CfAFFqCGJaguXl7ufxPPthaqs0E8MMnhpZTXGpu azF9lGn3OhLt2VwBq4Aox4xUKils3W+UK8aC0dMh7Rbk1vbAhjlxYh7xqTCHKLu+gAaW X+E2PK7bYrrfrGXYAnh/U0ffIIn0kKU0h1/oB7/2EdoW2qMpOPaWAu8RdTWnLwN/Ag/+ h9QEk/DbxDtlZq696u9fWs6tm0VnM3Qc+9d57fNA/6BQPEWoPP872iGU1iCwRMTfXtgm t4z8TfoMDf3PN7h5MBQ789xYZcYygdFGmju1K9nmt7QVT0HQ0Zz8fqEGzJu0GU1aeeDJ BG+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=oxvquNN/DeRfOUijTSqwF2POGMiEDfmanVEjyhInYWM=; b=qcZ8YmcjOoBHdsl5jAmFnhgHyeq+kMtdsstwDQUaJc8yxUJb+7nXzCgUceW6g+rN2S DS8/j0gujfaZ7v+YigXvDFmGS0Os6Zb2LCFvBp8LlAI30P1TjoX3OW84+r4aXe0ZSlXO Rp6/BvF+Pqc9AyarHhQLsukYmHhe9VSXX5P6XsFwztOpR1tHkV/VmzqGu23734DaX7K6 UwLK1ZLY2SmNQlKH9WcerwID6VD1IYVFM1ecXpAC4i/zbJQN28DcU0u26YEG61o/yZFW b01O+gA3VWs7YNRs4U2NtjN5uWPLgwxoGA/Pmdy5MfWb/YPXlzRD+gUcrNgH5JWJUbpN EPag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=MIkDMf9D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e5si14634295jaq.6.2021.05.10.01.10.54; Mon, 10 May 2021 01:11:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=MIkDMf9D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230215AbhEJIKC (ORCPT + 99 others); Mon, 10 May 2021 04:10:02 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:25944 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230093AbhEJIKB (ORCPT ); Mon, 10 May 2021 04:10:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620634137; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oxvquNN/DeRfOUijTSqwF2POGMiEDfmanVEjyhInYWM=; b=MIkDMf9DqwhzsdnWqnFilIEYyDQ22UbKU2wADpTCjyRk49DFS1P23pZ65iWq4sD3685F36 Nuet039PpuPmZRr9GPYta6LPv5zUohkkQ4FMVr1iQeHZHBxWGEWSDLmCReWgOebthIUU2U 0Ei2MYWHuplobibTusjUXa955R4jj8s= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-254-UcUC3CJwMcqTVcGXkNrq1Q-1; Mon, 10 May 2021 04:08:55 -0400 X-MC-Unique: UcUC3CJwMcqTVcGXkNrq1Q-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3E8BD801817; Mon, 10 May 2021 08:08:54 +0000 (UTC) Received: from starship (unknown [10.40.194.86]) by smtp.corp.redhat.com (Postfix) with ESMTP id 627846268E; Mon, 10 May 2021 08:08:51 +0000 (UTC) Message-ID: Subject: Re: [PATCH 03/15] KVM: SVM: Inject #UD on RDTSCP when it should be disabled in the guest From: Maxim Levitsky To: Sean Christopherson , Paolo Bonzini Cc: Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Xiaoyao Li , Reiji Watanabe Date: Mon, 10 May 2021 11:08:50 +0300 In-Reply-To: <20210504171734.1434054-4-seanjc@google.com> References: <20210504171734.1434054-1-seanjc@google.com> <20210504171734.1434054-4-seanjc@google.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2021-05-04 at 10:17 -0700, Sean Christopherson wrote: > Intercept RDTSCP to inject #UD if RDTSC is disabled in the guest. > > Note, SVM does not support intercepting RDPID. Unlike VMX's > ENABLE_RDTSCP control, RDTSCP interception does not apply to RDPID. This > is a benign virtualization hole as the host kernel (incorrectly) sets > MSR_TSC_AUX if RDTSCP is supported, and KVM loads the guest's MSR_TSC_AUX > into hardware if RDTSCP is supported in the host, i.e. KVM will not leak > the host's MSR_TSC_AUX to the guest. > > But, when the kernel bug is fixed, KVM will start leaking the host's > MSR_TSC_AUX if RDPID is supported in hardware, but RDTSCP isn't available > for whatever reason. This leak will be remedied in a future commit. > > Fixes: 46896c73c1a4 ("KVM: svm: add support for RDTSCP") > Cc: stable@vger.kernel.org > Signed-off-by: Sean Christopherson > --- > arch/x86/kvm/svm/svm.c | 17 +++++++++++++---- > 1 file changed, 13 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index a7271f31df47..8f2b184270c0 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -1100,7 +1100,9 @@ static u64 svm_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) > return svm->vmcb->control.tsc_offset; > } > > -static void svm_check_invpcid(struct vcpu_svm *svm) > +/* Evaluate instruction intercepts that depend on guest CPUID features. */ > +static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu, > + struct vcpu_svm *svm) > { > /* > * Intercept INVPCID if shadow paging is enabled to sync/free shadow > @@ -1113,6 +1115,13 @@ static void svm_check_invpcid(struct vcpu_svm *svm) > else > svm_clr_intercept(svm, INTERCEPT_INVPCID); > } > + > + if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) { > + if (guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) > + svm_clr_intercept(svm, INTERCEPT_RDTSCP); > + else > + svm_set_intercept(svm, INTERCEPT_RDTSCP); > + } > } > > static void init_vmcb(struct kvm_vcpu *vcpu) > @@ -1248,7 +1257,7 @@ static void init_vmcb(struct kvm_vcpu *vcpu) > svm_clr_intercept(svm, INTERCEPT_PAUSE); > } > > - svm_check_invpcid(svm); > + svm_recalc_instruction_intercepts(vcpu, svm); > > /* > * If the host supports V_SPEC_CTRL then disable the interception > @@ -3084,6 +3093,7 @@ static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) = { > [SVM_EXIT_STGI] = stgi_interception, > [SVM_EXIT_CLGI] = clgi_interception, > [SVM_EXIT_SKINIT] = skinit_interception, > + [SVM_EXIT_RDTSCP] = kvm_handle_invalid_op, > [SVM_EXIT_WBINVD] = kvm_emulate_wbinvd, > [SVM_EXIT_MONITOR] = kvm_emulate_monitor, > [SVM_EXIT_MWAIT] = kvm_emulate_mwait, > @@ -4007,8 +4017,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) > svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) && > guest_cpuid_has(vcpu, X86_FEATURE_NRIPS); > > - /* Check again if INVPCID interception if required */ > - svm_check_invpcid(svm); > + svm_recalc_instruction_intercepts(vcpu, svm); > > /* For sev guests, the memory encryption bit is not reserved in CR3. */ > if (sev_guest(vcpu->kvm)) { Reviewed-by: Maxim Levitsky Best regards, Maxim Levitsky