Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4928621pxj; Tue, 22 Jun 2021 11:02:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy8g4CtvsWTuaN9vBcUjcX2WVcl1/yANeN7YYOu6On/MQWmCbI2m3dfcd8ZJO0J3Z3P3KR6 X-Received: by 2002:a6b:720f:: with SMTP id n15mr3796000ioc.209.1624384959659; Tue, 22 Jun 2021 11:02:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624384959; cv=none; d=google.com; s=arc-20160816; b=ePlzI8bLArrLQDR5ajcNY0RLHS0gP+BKy3xaidkJeMBEYm/OkhZrq/sjW+2scmX8ia 1hJpaplPIREqSxr4jTe5EuoCO24mZXQj+3r44NDZvHjiMXTv2FanoHTFWV7eaXtcDpLF 8zXV8lcgBT3N2oFSAHXdqbhEpfd+0YndW4gFrW+eqTZrs981dah4USR6sQskFnsGgIGq JiA4wCpnbjZfSwfHBTGPGnLsQRvG1iM/FOfWczDbV9zx0S4SP34wXGSTtRx+VJWQxDdB k/NCOucWwvrPtd2Ynp7OQ+o+UcevzIwU0GHZJDDl/z6l5dMIvvpzhPrro1NZqYUuSFUR 0yJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:reply-to:dkim-signature; bh=pivc7qr4sT4+j8JNTwOxv+4OmDX8fKwSLBhBV0jBRec=; b=aR2IT2wkByLZsq6atrA1uAMFAlaaXuZz6N2pm34VHsfaqWisYkOQTyM5NqZ0A1QFnz hwLho/4W3X0oWpRaAauecCPKs+cAmE5n5srkEsCTgTv8pwT4EI5+M7H2FqOTXZQPPMKB Gc9H2cUAr1ulWsDeqzH56AVITu/lBjtzdxvpgyZe14L3baU9lEiMj/8YkSGjyHT2vCoD PLQyl2xRen8Trf0ncurF0MA0SUm4vGeSBR1+3UJO5XYHyAw0RMEeDQM5ISdXFRu0uL5d nqMONUhg+bXd7qf2ClFPagn+i6bKY4TqDpwdLP23x0pixnedc3XRAp2UMhy1cUUNU9Hi 0hyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="LOuf/n0b"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k9si3217440ilo.95.2021.06.22.11.02.25; Tue, 22 Jun 2021 11:02:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="LOuf/n0b"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232965AbhFVSEC (ORCPT + 99 others); Tue, 22 Jun 2021 14:04:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232697AbhFVSDW (ORCPT ); Tue, 22 Jun 2021 14:03:22 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5050C061198 for ; Tue, 22 Jun 2021 10:59:12 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id y5-20020a37af050000b02903a9c3f8b89fso19031235qke.2 for ; Tue, 22 Jun 2021 10:59:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=pivc7qr4sT4+j8JNTwOxv+4OmDX8fKwSLBhBV0jBRec=; b=LOuf/n0b/jOkC5l+HdXmVP2fx3jHAayfatW/ZxJfv7QSu3qjpg4JIH8rFgP6oRLRUu SezQXmkFyqC6cuhiG+sqEIcSRc+m8F1kv77AZ4k/7jytk5vO2HXkruApcAaJoVR3+1QT gFs3f3BYboxssIi5RubGLwZtoHW54N98O1wf0WKxBRQnlS7AYWtyjDlSwkd/luvYw+Vo S1W1L+ERGK3ZIY2jjXLlibdxJzQtgTCRSFapZhKcgQopIoBzBpJjMfn8Qraz6tk5Cta8 NTeIakwjnIwQ/N0b9nr+kBSiPCs+xD/PqA1417nOMcT+mVNiw3qzOOkKYx6LIsAlkSul eCcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=pivc7qr4sT4+j8JNTwOxv+4OmDX8fKwSLBhBV0jBRec=; b=k2IoITXStYfsjxRO74A/a0RT2qsObyDZ7ow7vZyAW5VBhz5Q91zy5pZhNq4Z6ddqwr JyO+eBv5GfDDwIZsDgx6UukTLztT0Hnt03B055j9AKR5BMp1ngR0V2DoIWKN9qMkwtP2 9zRIlXzsjoz8dutzxT6ht+CV4cLRUcccBS2PPoDaIIESQKnAeA0CJz5HlvsEuCJ/A2Tr uxST7Uou2DusnB0fAL3pe15lGAZchDJ/dXVMv7Ex7LRzd0DLLGdz0uSXANI9268PUa0e krmP525lKzEOpo/jNI3W/L9eR0L+/RJxZG7qQTw/38Y55OizxprJJLHcR7r5e6NMe8XQ 0DUQ== X-Gm-Message-State: AOAM533GAtHZdL2dpVFZ0QlZaf0dHn6MYQqXJMSNSMZPmY2o6+bi7d2y uK3gjN6wIj4AeYkwk8ympm3C1B8m260= X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:f:10:5722:92ce:361f:3832]) (user=seanjc job=sendgmr) by 2002:a25:da8f:: with SMTP id n137mr6440668ybf.520.1624384751889; Tue, 22 Jun 2021 10:59:11 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 22 Jun 2021 10:57:18 -0700 In-Reply-To: <20210622175739.3610207-1-seanjc@google.com> Message-Id: <20210622175739.3610207-34-seanjc@google.com> Mime-Version: 1.0 References: <20210622175739.3610207-1-seanjc@google.com> X-Mailer: git-send-email 2.32.0.288.g62a8d224e6-goog Subject: [PATCH 33/54] KVM: x86/mmu: Use MMU's role to compute PKRU bitmask From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yu Zhang , Maxim Levitsky Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Use the MMU's role to calculate the Protection Keys (Restrict Userspace) bitmask instead of pulling bits from current vCPU state. For some flows, the vCPU state may not be correct (or relevant), e.g. EPT doesn't interact with PKRU. Case in point, the "ept" param simply disappears. Signed-off-by: Sean Christopherson --- arch/x86/kvm/mmu/mmu.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index bd412e082356..dcde7514358b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4460,24 +4460,17 @@ static void update_permission_bitmask(struct kvm_mmu *mmu, bool ept) * away both AD and WD. For all reads or if the last condition holds, WD * only will be masked away. */ -static void update_pkru_bitmask(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, - bool ept) +static void update_pkru_bitmask(struct kvm_mmu *mmu) { unsigned bit; bool wp; - if (ept) { + if (!is_cr4_pke(mmu)) { mmu->pkru_mask = 0; return; } - /* PKEY is enabled only if CR4.PKE and EFER.LMA are both set. */ - if (!kvm_read_cr4_bits(vcpu, X86_CR4_PKE) || !is_long_mode(vcpu)) { - mmu->pkru_mask = 0; - return; - } - - wp = is_write_protection(vcpu); + wp = is_cr0_wp(mmu); for (bit = 0; bit < ARRAY_SIZE(mmu->permissions); ++bit) { unsigned pfec, pkey_bits; @@ -4672,7 +4665,7 @@ static void init_kvm_tdp_mmu(struct kvm_vcpu *vcpu) } update_permission_bitmask(context, false); - update_pkru_bitmask(vcpu, context, false); + update_pkru_bitmask(context); update_last_nonleaf_level(vcpu, context); reset_tdp_shadow_zero_bits_mask(vcpu, context); } @@ -4730,7 +4723,7 @@ static void shadow_mmu_init_context(struct kvm_vcpu *vcpu, struct kvm_mmu *conte if (____is_cr0_pg(regs)) { reset_rsvds_bits_mask(vcpu, context); update_permission_bitmask(context, false); - update_pkru_bitmask(vcpu, context, false); + update_pkru_bitmask(context); update_last_nonleaf_level(vcpu, context); } context->shadow_root_level = new_role.base.level; @@ -4838,8 +4831,8 @@ void kvm_init_shadow_ept_mmu(struct kvm_vcpu *vcpu, bool execonly, context->direct_map = false; update_permission_bitmask(context, true); - update_pkru_bitmask(vcpu, context, true); update_last_nonleaf_level(vcpu, context); + update_pkru_bitmask(context); reset_rsvds_bits_mask_ept(vcpu, context, execonly); reset_ept_shadow_zero_bits_mask(vcpu, context, execonly); } @@ -4935,7 +4928,7 @@ static void init_kvm_nested_mmu(struct kvm_vcpu *vcpu) } update_permission_bitmask(g_context, false); - update_pkru_bitmask(vcpu, g_context, false); + update_pkru_bitmask(g_context); update_last_nonleaf_level(vcpu, g_context); } -- 2.32.0.288.g62a8d224e6-goog