Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp3910557iog; Tue, 28 Jun 2022 05:26:28 -0700 (PDT) X-Google-Smtp-Source: AGRyM1s94h7YqlGn165jSEVog6YzGM9mpiBfGt10SlxYsUr/S7MVQx/FGXgcvY0d59tMFkFTpUAu X-Received: by 2002:a17:907:968f:b0:726:9f9b:ab0f with SMTP id hd15-20020a170907968f00b007269f9bab0fmr11031171ejc.237.1656419187892; Tue, 28 Jun 2022 05:26:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656419187; cv=none; d=google.com; s=arc-20160816; b=JxrwjN7nykU7FiBCdg0LpcsiWy2DhVjFknkPimpYsbnqnfHuMvu87yA7+SWXQpToYy DX6SQPI93Wcv89+XNz24cvjpCrhs+kTNrddFHtRwueMzgwjHej6pHgACeeO2ELOkwJSy k+HpuVSirIQzLFWjCfCQ1NKRNu210O87MN6rUkPOmwno3JhCAfrbwnYbflYp60zISvEN pSYxQqZ75qz8sdKR+bUFzeHwJw75KtWWI7akqaqrkc4L5ElGr47v4TYCI50g31BpWSUH 34MoiC9vKyKtQ3C2c7m2HQztXMjSlVXfE/JgfNDrIIv/ptxgaQ4j3GuZMICg1Ki2Z/kC 1YLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=aiFneYnWaLi2y/lwyk0xtCtPW1xJaeDQIG0+th5sfkA=; b=aFmE9mJH8BO7WobXMEeQZ+Ox1fTJ6mNMcOvPPH1i+6LP6KFXO/jnKE5UcwkhiFhez+ 3OJdz36VTQXc4zyE0N9Q2qJkWal9uhVU1AHCFYuo+HTUtadAHYAlBcjgJqXrfMwEmdrO qnWpIzhnjDjfFS3RgruhOi3lmiYPCoEae0UShvbdgWUWYB0VPRneeAkglIhtFM043gzj ptohUxn3WfOUZsyEJFOJi8ZDq25h7segvg4L/jJhAzHJpnnI9Jf8lKtqPWpnQycy7/LD hnscSKX8eyHlz2kZxR92zbnYaj0o4iOXGFSEcAgzYLmWa09zP0oWONOMCHsEg6yeWNyU PXSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EzfzkNeC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e18-20020a056402191200b0043590d1c8b6si19631902edz.223.2022.06.28.05.25.59; Tue, 28 Jun 2022 05:26:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EzfzkNeC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345648AbiF1MOd (ORCPT + 99 others); Tue, 28 Jun 2022 08:14:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345129AbiF1MOc (ORCPT ); Tue, 28 Jun 2022 08:14:32 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2B79C23BCA for ; Tue, 28 Jun 2022 05:14:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1656418470; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=aiFneYnWaLi2y/lwyk0xtCtPW1xJaeDQIG0+th5sfkA=; b=EzfzkNeCxhx3y+hSV9A50xU2olr22NGJsH0BWjlkv/n3NegmCpGNqvFJ238HCIj5pzseWk 6CAIAJ2cvg5Rfwt5rwImNIHrH0b8+7rwcxma9PwwgbPrjKWhMLqFfdlOm6np6/XcsEY2uy hH1Gx4LOlvXTwmkVbCLMQaTiJTnOQxI= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-209-QU2DiHpBMWOIGRK-adPJJw-1; Tue, 28 Jun 2022 08:14:29 -0400 X-MC-Unique: QU2DiHpBMWOIGRK-adPJJw-1 Received: by mail-wm1-f71.google.com with SMTP id k16-20020a7bc310000000b0038e6cf00439so7050739wmj.0 for ; Tue, 28 Jun 2022 05:14:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=aiFneYnWaLi2y/lwyk0xtCtPW1xJaeDQIG0+th5sfkA=; b=O5NmMPUq58z/hC5W1h5u2t+L7mHmpqHWmSsgXGf1H1MCZ9Qk+GhZHNchhhFDWhB2za o+VaRx6mScBRvvHGOB9eaIfDATv+7moRLkgGLcyhYzQgidl3/ke5StBeFlUU+PwBwFzP h79JJae/fqMPTDygYFKT9tluBqglngfhjgk8/EOY3XZI/aC6HI7JuTUKCJLAV+R4G6xP e1TLTrm1NeL46Cvw1b7/odZcca7jS6wL4dxpHFoZyxmO5yhzfE1j0oKl7y1BT/NVJlk1 Er/0tkVBXTeBsl6noc1GeZnHXquhKAYjsbgFf7yA82lO+9aywsIMEXnNFMv/Gv033Pok nnYA== X-Gm-Message-State: AJIora95DLCAW4xlccOXKCSduMW87xsiwdH+INm5ZSRnHgrKBX60oOe7 UJxKFHHJ/9rB87BZ6aNUoJYCtjRdugOKS0k9LLWFAZtqKL76TezUgFjoS54Bv+2cd18i+IhhOLo 8KeFEE0Y6XMAIjfAuir7RYGpS X-Received: by 2002:a05:600c:19cf:b0:3a0:3df0:867 with SMTP id u15-20020a05600c19cf00b003a03df00867mr21556948wmq.106.1656418468015; Tue, 28 Jun 2022 05:14:28 -0700 (PDT) X-Received: by 2002:a05:600c:19cf:b0:3a0:3df0:867 with SMTP id u15-20020a05600c19cf00b003a03df00867mr21556924wmq.106.1656418467728; Tue, 28 Jun 2022 05:14:27 -0700 (PDT) Received: from fedora (nat-2.ign.cz. [91.219.240.2]) by smtp.gmail.com with ESMTPSA id w9-20020a5d6089000000b0020e5b4ebaecsm13594634wrt.4.2022.06.28.05.14.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Jun 2022 05:14:26 -0700 (PDT) From: Vitaly Kuznetsov To: Anirudh Rayabharam Cc: mail@anirudhrb.com, kumarpraveen@linux.microsoft.com, Anirudh Rayabharam , wei.liu@kernel.org, robert.bradford@intel.com, liuwe@microsoft.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Paolo Bonzini , Sean Christopherson , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Maxim Levitsky , Ilias Stamatis Subject: Re: [PATCH v2] KVM: nVMX: Don't expose eVMCS unsupported fields to L1 In-Reply-To: <20220628103241.1785380-1-anrayabh@linux.microsoft.com> References: <20220628103241.1785380-1-anrayabh@linux.microsoft.com> Date: Tue, 28 Jun 2022 14:14:25 +0200 Message-ID: <87bkudugri.fsf@redhat.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Anirudh Rayabharam writes: > When running cloud-hypervisor tests, VM entry into an L2 guest on KVM on > Hyper-V fails with this splat (stripped for brevity): > > [ 1481.600386] WARNING: CPU: 4 PID: 7641 at arch/x86/kvm/vmx/nested.c:4563 nested_vmx_vmexit+0x70d/0x790 [kvm_intel] > [ 1481.600427] CPU: 4 PID: 7641 Comm: vcpu2 Not tainted 5.15.0-1008-azure #9-Ubuntu > [ 1481.600429] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 07/22/2021 > [ 1481.600430] RIP: 0010:nested_vmx_vmexit+0x70d/0x790 [kvm_intel] > [ 1481.600447] Call Trace: > [ 1481.600449] > [ 1481.600451] nested_vmx_reflect_vmexit+0x10b/0x440 [kvm_intel] > [ 1481.600457] __vmx_handle_exit+0xef/0x670 [kvm_intel] > [ 1481.600467] vmx_handle_exit+0x12/0x50 [kvm_intel] > [ 1481.600472] vcpu_enter_guest+0x83a/0xfd0 [kvm] > [ 1481.600524] vcpu_run+0x5e/0x240 [kvm] > [ 1481.600560] kvm_arch_vcpu_ioctl_run+0xd7/0x550 [kvm] > [ 1481.600597] kvm_vcpu_ioctl+0x29a/0x6d0 [kvm] > [ 1481.600634] __x64_sys_ioctl+0x91/0xc0 > [ 1481.600637] do_syscall_64+0x5c/0xc0 > [ 1481.600667] entry_SYSCALL_64_after_hwframe+0x44/0xae > [ 1481.600670] RIP: 0033:0x7f688becdaff > [ 1481.600686] > > TSC multiplier field is currently not supported in EVMCS in KVM. It was > previously not supported from Hyper-V but has been added since. Because > it is not supported in KVM the use "TSC scaling control" is filtered out > of vmcs_config by evmcs_sanitize_exec_ctrls(). > > However, in nested_vmx_setup_ctls_msrs(), TSC scaling is exposed to L1. > eVMCS unsupported fields are not sanitized. When L1 tries to launch an L2 > guest, vmcs12 has TSC scaling enabled. This propagates to vmcs02. But KVM > doesn't set the TSC multiplier value because kvm_has_tsc_control is false. > Due to this VM entry for L2 guest fails. (VM entry fails if > "use TSC scaling" is 1 but TSC multiplier is 0.) > > To fix, in nested_vmx_setup_ctls_msrs(), sanitize the values read from MSRs > by filtering out fields that are not supported by eVMCS. > > This is a stable-friendly intermediate fix. A more comprehensive fix is > in progress [1] but is probably too complicated to safely apply to > stable. > > [1]: https://lore.kernel.org/kvm/20220627160440.31857-1-vkuznets@redhat.com/ > > Fixes: d041b5ea93352 ("KVM: nVMX: Enable nested TSC scaling") > Signed-off-by: Anirudh Rayabharam > --- > > Changes since v1: > - Sanitize all eVMCS unsupported fields instead of just TSC scaling. > > v1: https://lore.kernel.org/lkml/20220613161611.3567556-1-anrayabh@linux.microsoft.com/ > > --- > arch/x86/kvm/vmx/nested.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c > index f5cb18e00e78..f88d748c7cc6 100644 > --- a/arch/x86/kvm/vmx/nested.c > +++ b/arch/x86/kvm/vmx/nested.c > @@ -6564,6 +6564,10 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps) > msrs->pinbased_ctls_high); > msrs->pinbased_ctls_low |= > PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR; > +#if IS_ENABLED(CONFIG_HYPERV) > + if (static_branch_unlikely(&enable_evmcs)) > + msrs->pinbased_ctls_high &= ~EVMCS1_UNSUPPORTED_PINCTRL; > +#endif > msrs->pinbased_ctls_high &= > PIN_BASED_EXT_INTR_MASK | > PIN_BASED_NMI_EXITING | > @@ -6580,6 +6584,10 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps) > msrs->exit_ctls_low = > VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR; > > +#if IS_ENABLED(CONFIG_HYPERV) > + if (static_branch_unlikely(&enable_evmcs)) > + msrs->exit_ctls_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL; > +#endif > msrs->exit_ctls_high &= > #ifdef CONFIG_X86_64 > VM_EXIT_HOST_ADDR_SPACE_SIZE | > @@ -6600,6 +6608,10 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps) > msrs->entry_ctls_high); > msrs->entry_ctls_low = > VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR; > +#if IS_ENABLED(CONFIG_HYPERV) > + if (static_branch_unlikely(&enable_evmcs)) > + msrs->entry_ctls_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL; > +#endif > msrs->entry_ctls_high &= > #ifdef CONFIG_X86_64 > VM_ENTRY_IA32E_MODE | > @@ -6657,6 +6669,10 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps) > msrs->secondary_ctls_high); > > msrs->secondary_ctls_low = 0; > +#if IS_ENABLED(CONFIG_HYPERV) > + if (static_branch_unlikely(&enable_evmcs)) > + msrs->secondary_ctls_high &= ~EVMCS1_UNSUPPORTED_2NDEXEC; > +#endif > msrs->secondary_ctls_high &= > SECONDARY_EXEC_DESC | > SECONDARY_EXEC_ENABLE_RDTSCP | (In theory, threre's also EVMCS1_UNSUPPORTED_VMFUNC filtering out VMX_VMFUNC_EPTP_SWITCHING (as eVMCS EPTP_LIST_ADDRESS) but it is not used by KVM) As I said in another thread, I think this is fine as a stable@/intermediate fix. Assuming the way to go for mainline is my "KVM: nVMX: Use vmcs_config for setting up nested VMX MSRs", this patch won't be needed and can be reverted. -- Vitaly