Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp2776710pxb;
        Tue, 24 Aug 2021 07:22:53 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz1fQ98EDHrkp/y2IQbaJw52eXfSAaQp7HH6Rf2FxiayEVhf94TPu1vlk1Xy7GT6Cs2mCkj
X-Received: by 2002:a92:c808:: with SMTP id v8mr26858978iln.110.1629814972964;
        Tue, 24 Aug 2021 07:22:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1629814972; cv=none;
        d=google.com; s=arc-20160816;
        b=OWZeWAu7ffuO8gMBhoaMHHmBWG6YI4eOgQsUiF8Dr1dI2BUY+LjtbhJxPJAALpN5QP
         NMmBsMtpTi5CV7/ue2CJJV/LfwodS5Yf+1aYUB+ymAGxHhoxtWS2kavbO0zWyAvMET2a
         cu7NB7DhZOPQdwlV0cesiHXvHuHzilVSX6APZL0vdH9Ct/SihxanQ9ZVLrFR1kUnAz0r
         DYrcT4nyD5qZ1rZ6L2b9If02eureYdb+rZ3HGbmFoHd5F4F62sjgKDuYWhhVXGHQGjSZ
         1dblPdEYBEgVYamYhAYQyDG44WHKPfKz8dnUcxRqVKkkQt/6gWINL4ODPDlZMgY89MvD
         9NDg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=5T95M5lfE+srLIAkpG9PHutUq3ARWWsEvJ8TbETp7i0=;
        b=MbqnaPeyWz522ZvhnT4cHLWL57rRWZ4XbQUruLzsW5AoVoSa+9ZI5t+wM2oF8PswAF
         wmfnjeHXDf2C8Xs60KZ2dsj4BtqzJq5/5kRU3OtHcGt3lIOPPyLxCMCZK5n3uio77X6T
         MlrcBtM0bPbIa6VtMzHiRyXASObbpo7vHhm8gA2kgGklQ2dvqRSQ/vNTakOmhcfIYUJf
         RXR0x/T1F3cZKmeia+Dq3TotO7ftinOI9vRmm+kHRq4kklR4nP9zCJxistsOEnJWnBr8
         m7LcsNFqd9LdJXL6p7DwkyiTM9dm3RJLmEedDsTJ1d0ty4GjXdq+JiV5u9+qcij9y/JF
         0BFA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=bbMFlT0K;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c203si21392386iof.54.2021.08.24.07.22.37;
        Tue, 24 Aug 2021 07:22:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=bbMFlT0K;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237367AbhHXOVV (ORCPT <rfc822;liukuiyu0707@gmail.com>
        + 99 others); Tue, 24 Aug 2021 10:21:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47068 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232311AbhHXOVU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Aug 2021 10:21:20 -0400
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA4A9C061757
        for <linux-kernel@vger.kernel.org>; Tue, 24 Aug 2021 07:20:36 -0700 (PDT)
Received: by mail-pg1-x532.google.com with SMTP id r2so19915155pgl.10
        for <linux-kernel@vger.kernel.org>; Tue, 24 Aug 2021 07:20:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=5T95M5lfE+srLIAkpG9PHutUq3ARWWsEvJ8TbETp7i0=;
        b=bbMFlT0KhjOcGWgTjRCQ+dd/LrVYiNuirkt7WHtNe44YENjMWcnaoOwIm6OUe6T6oo
         93jmPglRpIJcK+qFjqrNLburIffZs0+xbu84oGGwb/pAXw5yMgL881msZriA8Y2lp25y
         lOYNlK9foRn/XrQyP42Qdp2AK6seI35w94Dgp3WhrbaONPS6/LDweLbHO4Ew7WvaD7p8
         5u18q/UaXM1/NQX7qVD4/kK4e3WFAXaCyQfr891eHBKKaOLhIHECxDZrbyzwcJXOUTOx
         SZlvuXvkWWad2+C5JdxcSHTkpR/8o5PoNQGTBVIjtNmN6xbgY9W44llPIhpof38EzZSE
         HWaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=5T95M5lfE+srLIAkpG9PHutUq3ARWWsEvJ8TbETp7i0=;
        b=kSL7glVsosCWUEQloTCf34nXMlLaEQ0zYPEnHzBfVm3wJHSQaIC1gutiep264DFCno
         LgH/TQq45SJbEEwKYABgTavEHPN4KuDhRimMDIHWUq1gM3zIh7C0P0DZfynjhQBZW1fl
         oY4xbg5CLPe8Z7mVe4TjHJsiz5YP9w8IFj0sgEy8M7DbJJvnpOgIqmn1tji/yxwdEuRL
         vUzt61sfrM+KsqHLDzIzsyEC0Sr/RriNn/E26pUcjzuqOeZF4cXzkj19tgW9cyxYDjXu
         RzlcwF2VkSyr0in7IMrofrm3jqrj/PA/vHtkc4lRXt2HPc/YAEiEt3iZ6UbNrCrZATPo
         ltRg==
X-Gm-Message-State: AOAM531yYWeymxY/QBac0J9L9ZCpYRwg0DFzbT4qGjLlROBLaDzkYF9W
        HhXuZqVbu2Bv+lMD/0zeARF04Q==
X-Received: by 2002:aa7:8f14:0:b0:3e1:3bdf:e4d3 with SMTP id x20-20020aa78f14000000b003e13bdfe4d3mr39140212pfr.39.1629814835939;
        Tue, 24 Aug 2021 07:20:35 -0700 (PDT)
Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157])
        by smtp.gmail.com with ESMTPSA id z4sm2790761pjl.53.2021.08.24.07.20.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 24 Aug 2021 07:20:35 -0700 (PDT)
Date:   Tue, 24 Aug 2021 14:20:30 +0000
From:   Sean Christopherson <seanjc@google.com>
To:     Xiaoyao Li <xiaoyao.li@intel.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH 4/5] KVM: VMX: Disallow PT MSRs accessing if PT is not
 exposed to guest
Message-ID: <YSUALsBF8rKNPiaS@google.com>
References: <20210824110743.531127-1-xiaoyao.li@intel.com>
 <20210824110743.531127-5-xiaoyao.li@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210824110743.531127-5-xiaoyao.li@intel.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Aug 24, 2021, Xiaoyao Li wrote:
> Per SDM, it triggers #GP for all the accessing of PT MSRs, if
> X86_FEATURE_INTEL_PT is not available.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  arch/x86/kvm/vmx/vmx.c | 20 ++++++++++++++------
>  1 file changed, 14 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 4a70a6d2f442..1bbc4d84c623 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -1010,9 +1010,16 @@ static unsigned long segment_base(u16 selector)
>  static inline bool pt_can_write_msr(struct vcpu_vmx *vmx)
>  {
>  	return vmx_pt_mode_is_host_guest() &&
> +	       guest_cpuid_has(&vmx->vcpu, X86_FEATURE_INTEL_PT) &&
>  	       !(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN);
>  }
>  
> +static inline bool pt_can_read_msr(struct kvm_vcpu *vcpu)
> +{
> +	return vmx_pt_mode_is_host_guest() &&
> +	       guest_cpuid_has(vcpu, X86_FEATURE_INTEL_PT);
> +}
> +
>  static inline bool pt_output_base_valid(struct kvm_vcpu *vcpu, u64 base)
>  {
>  	/* The base must be 128-byte aligned and a legal physical address. */
> @@ -1849,24 +1856,24 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>  							&msr_info->data);
>  		break;
>  	case MSR_IA32_RTIT_CTL:
> -		if (!vmx_pt_mode_is_host_guest())
> +		if (!pt_can_read_msr(vcpu))

These all need to provide exemptions for accesses from the host.  KVM allows
access to MSRs that are not exposed to the guest so long as all the other checks
pass.  Same for the next patch.

Easiest thing is probably to pass in @msr_info to the helpers and do the check
there.

>  			return 1;
>  		msr_info->data = vmx->pt_desc.guest.ctl;
>  		break;