Received: by 2002:a05:6512:3d0e:0:0:0:0 with SMTP id d14csp43043lfv; Tue, 12 Apr 2022 16:31:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyPxW0m7P4XHcRce7LwwUcCc72OMq8Z7D1JNa/YDa8IfHblL9gYLpXgeeXZA/XdLqtHE4Ks X-Received: by 2002:a17:902:f70a:b0:153:88c7:774 with SMTP id h10-20020a170902f70a00b0015388c70774mr39492221plo.166.1649806289444; Tue, 12 Apr 2022 16:31:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649806289; cv=none; d=google.com; s=arc-20160816; b=wNGcxLOD2INXEDTFCFcU6SNwyj3BybQabYubjoRanPp/aYuUwNy6vnL0etVp97P+Gv 77RA2xsE+BwoiwpWUSdelwOwuCpySv60El3ZXbDVs3+z4P7sG17H7VzskKA3R6+K2Z+3 8ObHB7CvwxANJSBLPzSspIF7Op5ybJ6adgDSYVY706RUul6CCTB1delkJMVPur7XMnJG Vq4wlsDnUJxTghKg3mBfnd/tIKRcbVBZI5nRf0Cz8CXq311h8RxfBiZ3+4nnNDgOgqgv t2z3v5z8h/us+PDxb8PqX9HzL1DwrZStaSb5C7EjQhUXRaH7wDCeM5XQ4o77Njf6cknu k8HA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=L+sDbYC80YIsVJhCBdNT3xP4K57BAZpg7xf4h+EjHuA=; b=GGrqhIlGFbYRZbkhNjix2bzZvPBHkYqAejMg4LcEQFQox/sfjOYvooiq69Vno8ilRu fhjdBMZgPP4kaXlWVSQ7YTnNESSXje8YxFrZzKrSS3QJhIzhkeNFwayEfInpcec/Ze1q 0K1xf2XDsebKUgQBYbJkOM6c2ILG5qBl/1zgbkEvVxWqnvwVDDpU4PhQLL+HDk/3c6/C NGTPgELPHHLJ7XQ5PVZCY2oCo/3+YRI9eNs0npYvC1yzzRua8zWJyqcAKubpvQJ+qkTz IxupRD6ulWhvlE3jISl2OkDVTPZWsTufagJy5WZHCn26GVcyvzZUH90CfuSacCNXXtFC +tNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RpLbOXie; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id x191-20020a6386c8000000b00398a43ddfa3si4035398pgd.19.2022.04.12.16.31.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 16:31:29 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RpLbOXie; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 241F418B25A; Tue, 12 Apr 2022 14:23:52 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344587AbiDKJjk (ORCPT + 99 others); Mon, 11 Apr 2022 05:39:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37588 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344552AbiDKJjW (ORCPT ); Mon, 11 Apr 2022 05:39:22 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BA634090F; Mon, 11 Apr 2022 02:37:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1649669824; x=1681205824; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=j7yxrIW5JHTanE/rqGKH77B25ab5eWBeaxexb2VIdDk=; b=RpLbOXieJnlXFBKLCHkIGiU0K/MXMW/cB6tUYLDF4zquBKyMAEHUO7rU TU+5TVJoNaZdAFucFU4VVrndcxzPXMJ4zzKb98QFYIjvYKHt/dTQqJPjY oZdXtJVa6OOrvRaFBSQdhr0yzNWyaqFbzeEqMZ5PY4uYb5TQI2+fy6RHe eqow5XXErVT1/SLQV89ZwJWtSp1qG/KoPSf5FomqG/4qP5FalvwIBCTr5 pGyxG4vlCSfmdhGcIHSYmKNyzXmeZZXnYND7BrrKEysKDaOKfG9W7Y9Gf T18K3nMNfydpqWWCqsLbKbwsZeHBL1ikWrv93dYJFJyzmbhhLTfd0QgoO g==; X-IronPort-AV: E=McAfee;i="6400,9594,10313"; a="260923505" X-IronPort-AV: E=Sophos;i="5.90,251,1643702400"; d="scan'208";a="260923505" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2022 02:37:04 -0700 X-IronPort-AV: E=Sophos;i="5.90,251,1643702400"; d="scan'208";a="572050545" Received: from arthur-vostro-3668.sh.intel.com ([10.239.13.120]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2022 02:36:57 -0700 From: Zeng Guang To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, Dave Hansen , Tony Luck , Kan Liang , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Kim Phillips , Jarkko Sakkinen , Jethro Beekman , Kai Huang Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Robert Hu , Gao Chao , Zeng Guang , Maxim Levitsky Subject: [PATCH v8 6/9] KVM: x86: lapic: don't allow to change APIC ID unconditionally Date: Mon, 11 Apr 2022 17:04:44 +0800 Message-Id: <20220411090447.5928-7-guang.zeng@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220411090447.5928-1-guang.zeng@intel.com> References: <20220411090447.5928-1-guang.zeng@intel.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Maxim Levitsky No normal guest has any reason to change physical APIC IDs, and allowing this introduces bugs into APIC acceleration code. And Intel recent hardware just ignores writes to APIC_ID in xAPIC mode. More background can be found at: https://lore.kernel.org/lkml/Yfw5ddGNOnDqxMLs@google.com/ Looks there is no much value to support writable xAPIC ID in guest except supporting some old and crazy use cases which probably would fail on real hardware. So, make xAPIC ID read-only for KVM guests. Signed-off-by: Maxim Levitsky Signed-off-by: Zeng Guang --- arch/x86/kvm/lapic.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 137c3a2f5180..62d5ce4dc0c5 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2047,10 +2047,17 @@ static int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) switch (reg) { case APIC_ID: /* Local APIC ID */ - if (!apic_x2apic_mode(apic)) - kvm_apic_set_xapic_id(apic, val >> 24); - else + if (apic_x2apic_mode(apic)) { ret = 1; + break; + } + /* Don't allow changing APIC ID to avoid unexpected issues */ + if ((val >> 24) != apic->vcpu->vcpu_id) { + kvm_vm_bugged(apic->vcpu->kvm); + break; + } + + kvm_apic_set_xapic_id(apic, val >> 24); break; case APIC_TASKPRI: @@ -2635,11 +2642,15 @@ int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu) static int kvm_apic_state_fixup(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s, bool set) { - if (apic_x2apic_mode(vcpu->arch.apic)) { - u32 *id = (u32 *)(s->regs + APIC_ID); - u32 *ldr = (u32 *)(s->regs + APIC_LDR); - u64 icr; + u32 *id = (u32 *)(s->regs + APIC_ID); + u32 *ldr = (u32 *)(s->regs + APIC_LDR); + u64 icr; + if (!apic_x2apic_mode(vcpu->arch.apic)) { + /* Don't allow changing APIC ID to avoid unexpected issues */ + if ((*id >> 24) != vcpu->vcpu_id) + return -EINVAL; + } else { if (vcpu->kvm->arch.x2apic_format) { if (*id != vcpu->vcpu_id) return -EINVAL; -- 2.27.0