Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1887093pxv; Fri, 2 Jul 2021 15:11:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxE+ZZ/fK9cBgOwYUUrxyXr3R+2ChLXQHuwqXp6d4dibUBadBouqDsY+nI/piVw8Z7oOQAV X-Received: by 2002:a17:907:3e8f:: with SMTP id hs15mr1964308ejc.446.1625263887665; Fri, 02 Jul 2021 15:11:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625263887; cv=none; d=google.com; s=arc-20160816; b=C03ffeVJd53Il38Xvbsm3sNiSnPjOKC9VK3ELmK3gKzkMKw2d5GTb77m1GurckJ5Hs peLmXHsLw3wltMhrHIIoj7OLRVN5EhtuPFoU1aUf0GL3v76d+zp8qik28b8E0mcvNON2 ip+qYanAz7x1R2igDmuuY8eYlp3vUtLJnRHkw1/BtbATwsr0CD+Uh893pHZw1d6vhmxi XYF423znJ0HN1EfW1fuUn3CRyzNTmpG1EPRn4PCVpMXXuPd4psoLq8Hw21GZazMhhP8x bGDW/ZJcEG0leXbq1gO398SSeEGZtShI8MjVHORxgAVdu5HAUp+il590hX+f4aU6bo/k GdsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=4HWuJNLLRNe6sHAZ+fIgtQcdPzmeQh+9dIvrOXPxZjo=; b=GdobKflsgs3W0ed6Xe4wzMeM/ug6dz0XSI/8ArjNIq6H9OiNZFOSBvGYcFSX9XJPFC qACFEtw33LBT+5XxEj5npXeBg2CWudlhZV/2A4Fw/7I9s3QLjn1IpoKFJg+A7J6+GoMK VOeabTepP6I8QpzgRVUC81I7l6g52iy1TxomG1B4YgySqcyvaXQ2xEei6dbVurcSZVQ+ BJimciVWzlsB3vCNp+8IZiWWiSrjxOH/7S83hpF7UgtEEYFdzA4zaGApNqJcU/TVPt4e Go+ekUNnwQ1PGr4V1+2ZikTvW2ElnByOlmtNIiNO/l/5xfdobPtVHh3UzeI737wGsuqG fSFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f29si4187819ejl.493.2021.07.02.15.11.02; Fri, 02 Jul 2021 15:11:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234151AbhGBWKL (ORCPT + 99 others); Fri, 2 Jul 2021 18:10:11 -0400 Received: from mga12.intel.com ([192.55.52.136]:50200 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233167AbhGBWH6 (ORCPT ); Fri, 2 Jul 2021 18:07:58 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10033"; a="188472737" X-IronPort-AV: E=Sophos;i="5.83,320,1616482800"; d="scan'208";a="188472737" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jul 2021 15:05:24 -0700 X-IronPort-AV: E=Sophos;i="5.83,320,1616482800"; d="scan'208";a="642814773" Received: from ls.sc.intel.com (HELO localhost) ([143.183.96.54]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jul 2021 15:05:24 -0700 From: isaku.yamahata@intel.com To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , erdemaktas@google.com, Connor Kuehl , Sean Christopherson , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com Subject: [RFC PATCH v2 31/69] KVM: x86: add per-VM flags to disable SMI/INIT/SIPI Date: Fri, 2 Jul 2021 15:04:37 -0700 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata Add a flag to let TDX disallow to inject interrupt with delivery mode of SMI/INIT/SIPI. add a check to reject SMI/INIT interrupt delivery mode. Signed-off-by: Isaku Yamahata --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/irq_comm.c | 4 ++++ arch/x86/kvm/x86.c | 3 +-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index f373d672b4ac..00333af724d7 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1055,6 +1055,8 @@ struct kvm_arch { enum kvm_irqchip_mode irqchip_mode; u8 nr_reserved_ioapic_pins; bool eoi_intercept_unsupported; + bool smm_unsupported; + bool init_sipi_unsupported; bool disabled_lapic_found; diff --git a/arch/x86/kvm/irq_comm.c b/arch/x86/kvm/irq_comm.c index bcfac99db579..396ccf086bdd 100644 --- a/arch/x86/kvm/irq_comm.c +++ b/arch/x86/kvm/irq_comm.c @@ -128,6 +128,10 @@ static inline bool kvm_msi_route_invalid(struct kvm *kvm, .data = e->msi.data }; return (kvm->arch.eoi_intercept_unsupported && msg.arch_data.is_level) || + (kvm->arch.smm_unsupported && + msg.arch_data.delivery_mode == APIC_DELIVERY_MODE_SMI) || + (kvm->arch.init_sipi_unsupported && + msg.arch_data.delivery_mode == APIC_DELIVERY_MODE_INIT) || (kvm->arch.x2apic_format && (msg.address_hi & 0xff)); } diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 92204bbc7ea5..3407870b6f44 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4311,8 +4311,7 @@ static int kvm_vcpu_ioctl_nmi(struct kvm_vcpu *vcpu) static int kvm_vcpu_ioctl_smi(struct kvm_vcpu *vcpu) { - /* TODO: use more precise flag */ - if (vcpu->arch.guest_state_protected) + if (vcpu->kvm->arch.smm_unsupported) return -EINVAL; kvm_make_request(KVM_REQ_SMI, vcpu); -- 2.25.1