Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp2920540rwb; Mon, 15 Aug 2022 14:04:52 -0700 (PDT) X-Google-Smtp-Source: AA6agR6MFHJ34o0DrVZOQRZBeBBZgTppT4tw3TyzOiIUWKhRl3ru8TrR1A5my2y5L/arHb/SgMrN X-Received: by 2002:a05:6402:28c8:b0:43e:8622:1c21 with SMTP id ef8-20020a05640228c800b0043e86221c21mr15964200edb.135.1660597492696; Mon, 15 Aug 2022 14:04:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660597492; cv=none; d=google.com; s=arc-20160816; b=KlqFzwj/MhTCQ45EpebjEJ9trR4sI4Gy+eewooZsaeW9VYiObDOINxmsAjO6FTzjN7 75B0h32UsfNlRg3UagF4irZog8QUdyPa6rW2lqN7xZaGIeZ2xj41HeHWIu5QELzX1Gpa EcKY5XzCjz90QesYVAJUiMUMOISQD5cW9Ur3orxFtTvWEhjq2nlcVCTmplx7YL+1bID5 sJyWzsU/LS9YpuipZBsF/X/Pe0eB7QIN6qnpqdPAtL9cyIxHrIh6A97tD/G+vU+N8QIO PjTNfHPjljaGALxRBfDjyZJXME7uExzMWlho5pRU5NAPw26sY53XmL1DQaGSgDPKAGob aJKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=O1vgEFpN6Ssta3/EuZdS+3/mSGYThFh4rS+3/PZdDBs=; b=fgDegIX6QaFac3wMv5F/dCqFM/s5jIiJn3HfZQHutJIrJjIsC4xIjcotpa9Agm06DZ cN7zQg1MG/OK1Zrjl1bWARxNDeiVwilfm1yRJtBmgB/BTjdmtmVyPo7A2oguXb/UEQNQ WvkBqEnYIVya8oKVN6478g91fbHxG/Rsupsx11pKFhk8/D+jZRzN1FzbqYVn3NhCTQXn zcvrdpuFUJoiCr5oDssxWOYM+YjRpOoqrBwBGL1qLS2aRDMKJSfdacus9UnwAMx/75/l ZBf9rMiumPOrZmOiwQ7hyPNQ0EOBZG7SqtSEWGDCqvRPi22cFuD1NnhLCnRpUDrWkGc0 GMFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DgadFkyY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w14-20020a05640234ce00b0043be308c841si9251557edc.251.2022.08.15.14.04.27; Mon, 15 Aug 2022 14:04:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DgadFkyY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241656AbiHOUCj (ORCPT + 99 others); Mon, 15 Aug 2022 16:02:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55516 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345851AbiHOT7s (ORCPT ); Mon, 15 Aug 2022 15:59:48 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E9F479ECB; Mon, 15 Aug 2022 11:53:18 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 4F502B810A2; Mon, 15 Aug 2022 18:53:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C4B7C433D7; Mon, 15 Aug 2022 18:53:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1660589595; bh=PMPYjq2JiHZbSUHAfzaeQfLG/lMgdualaXIQxXHhGVE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DgadFkyYnJk9t331kHufPlvxUTJ/Ta2FcRFzdvpU4T6zEaFZl0MSEQyY5uLLoaZZP 4c7In0bkRwcG80U5SsslJKifFjkdmjhVH/BknO0zEAOzJFEXVStivxoU/9zWbOa6K7 NMpyYqbWG8jRZcbIeN5PaeoumOD53vAtN80YeFdw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sean Christopherson , Paolo Bonzini , Sasha Levin Subject: [PATCH 5.15 736/779] KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists Date: Mon, 15 Aug 2022 20:06:20 +0200 Message-Id: <20220815180408.906188557@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220815180337.130757997@linuxfoundation.org> References: <20220815180337.130757997@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson [ Upstream commit 4496a6f9b45e8cd83343ad86a3984d614e22cf54 ] Attempt to load PERF_GLOBAL_CTRL during nested VM-Enter/VM-Exit if and only if the MSR exists (according to the guest vCPU model). KVM has very misguided handling of VM_{ENTRY,EXIT}_LOAD_IA32_PERF_GLOBAL_CTRL and attempts to force the nVMX MSR settings to match the vPMU model, i.e. to hide/expose the control based on whether or not the MSR exists from the guest's perspective. KVM's modifications fail to handle the scenario where the vPMU is hidden from the guest _after_ being exposed to the guest, e.g. by userspace doing multiple KVM_SET_CPUID2 calls, which is allowed if done before any KVM_RUN. nested_vmx_pmu_refresh() is called if and only if there's a recognized vPMU, i.e. KVM will leave the bits in the allow state and then ultimately reject the MSR load and WARN. KVM should not force the VMX MSRs in the first place. KVM taking control of the MSRs was a misguided attempt at mimicking what commit 5f76f6f5ff96 ("KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled", 2018-10-01) did for MPX. However, the MPX commit was a workaround for another KVM bug and not something that should be imitated (and it should never been done in the first place). In other words, KVM's ABI _should_ be that userspace has full control over the MSRs, at which point triggering the WARN that loading the MSR must not fail is trivial. The intent of the WARN is still valid; KVM has consistency checks to ensure that vmcs12->{guest,host}_ia32_perf_global_ctrl is valid. The problem is that '0' must be considered a valid value at all times, and so the simple/obvious solution is to just not actually load the MSR when it does not exist. It is userspace's responsibility to provide a sane vCPU model, i.e. KVM is well within its ABI and Intel's VMX architecture to skip the loads if the MSR does not exist. Fixes: 03a8871add95 ("KVM: nVMX: Expose load IA32_PERF_GLOBAL_CTRL VM-{Entry,Exit} control") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Message-Id: <20220722224409.1336532-5-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/vmx/nested.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 9f845556dde8..61d601387058 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2611,6 +2611,7 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, vcpu->arch.walk_mmu->inject_page_fault = vmx_inject_page_fault_nested; if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) && + intel_pmu_has_perf_global_ctrl(vcpu_to_pmu(vcpu)) && WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, vmcs12->guest_ia32_perf_global_ctrl))) { *entry_failure_code = ENTRY_FAIL_DEFAULT; @@ -4329,7 +4330,8 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu, vmcs_write64(GUEST_IA32_PAT, vmcs12->host_ia32_pat); vcpu->arch.pat = vmcs12->host_ia32_pat; } - if (vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) + if ((vmcs12->vm_exit_controls & VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) && + intel_pmu_has_perf_global_ctrl(vcpu_to_pmu(vcpu))) WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, vmcs12->host_ia32_perf_global_ctrl)); -- 2.35.1