Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp4448262rwb; Tue, 6 Sep 2022 07:41:17 -0700 (PDT) X-Google-Smtp-Source: AA6agR7IgO85eCG2esD82QPDxj+u4NvdWJj91sYZA8zB1R+utReWPrULFZMZQiEhk0JF+dJ/SNcD X-Received: by 2002:a05:6402:cbc:b0:448:95be:397 with SMTP id cn28-20020a0564020cbc00b0044895be0397mr32788699edb.417.1662475277014; Tue, 06 Sep 2022 07:41:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662475277; cv=none; d=google.com; s=arc-20160816; b=F9oESNeE4r+sezTBgh6E5lasECuUHbra+BIpexbI1KP7hhfUfJ5QkqEdkcoSxgio3O dLwYoAuhoaeIdU9j9Dz3opjrRUdbu+05EnoH33MCkQ0wJl5KsHPawgCfxf8HfFjGoKR+ TR+fVxiwMseZL2VckwXNGInCP20Ob9vh1H6GMVBbbYn+s0D7IfuMEZUwtDSPDsWfZ0q9 gSLOs/JSFV6E5WFirwPLQJt16AMOOnQH1Nze1ZVK0QKegu8jvKoVB76Wzn/hpy18rtko 839qbwIbmYwWPeSdIGgvWlBYIzPI9GOgq1mXFzsz55jZSQkt8mfcFsaxyFD6blIVmIpe fNVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=bKpkQ1+dQqimzXSjwUV+zuTqef6w1uqdVFdEgroxdBc=; b=QYIC/CuoGqe+Vmbb+bgo3dO6hOEYDv4Ng7Zf5LsDiyL260E17XFMjvdeheYBk23qSs FHbB1KZOYZjXhv/NQm2+9Sg7bInkfe0noxttB8bdt9GM5U/n9R15j4YpEDsql97xYiOb AevimLNbhmXibZzmL66doER+REiBftP1PECV3e5KNLXI9DxRGHH4IIHUiGorWStdnhtY q4K7ER3B+uMzuZhgHlFsGj/EcoFIL5YXrzrdrO+Sdg7YBpKlNbuWnpf80yA3pYstmT4E +2iMgjTpmB+zjCKHfpsQ6icENz9RjB7SuNvMfgPyuqyBetuIZp14RDdO1HXoeE9SJeS/ AojA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mis1Wp35; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i16-20020a1709064fd000b0076daf135b26si4111207ejw.791.2022.09.06.07.40.38; Tue, 06 Sep 2022 07:41:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mis1Wp35; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240781AbiIFNga (ORCPT + 99 others); Tue, 6 Sep 2022 09:36:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240546AbiIFNfk (ORCPT ); Tue, 6 Sep 2022 09:35:40 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA06278238; Tue, 6 Sep 2022 06:34:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 06B4DB81632; Tue, 6 Sep 2022 13:34:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 69551C433C1; Tue, 6 Sep 2022 13:34:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1662471240; bh=4r3L8Kgj4XHwUPeiSaPM69bu/XKXyX6+HgO0Mr+HtLM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mis1Wp35feNKUH6jUC58hr2BoW6X/oNNJ6uuXstBzt1rPl255yH0e79DW20z39XRk xqeJQjtvh2XBSL4isACXTshZnetX09u2ha09J52cPucDyxQKYeWHX4k7vFq1nZ/+uA EAr9a4bHphXAtfQIOJzsPSaVPQMZzPIJ7eGgI0iU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Paolo Bonzini , Jim Mattson , Vipin Sharma , Xiaoyao Li , Sasha Levin Subject: [PATCH 5.10 44/80] KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES Date: Tue, 6 Sep 2022 15:30:41 +0200 Message-Id: <20220906132818.848719304@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220906132816.936069583@linuxfoundation.org> References: <20220906132816.936069583@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jim Mattson [ Upstream commit 0204750bd4c6ccc2fb7417618477f10373b33f56 ] KVM should not claim to virtualize unknown IA32_ARCH_CAPABILITIES bits. When kvm_get_arch_capabilities() was originally written, there were only a few bits defined in this MSR, and KVM could virtualize all of them. However, over the years, several bits have been defined that KVM cannot just blindly pass through to the guest without additional work (such as virtualizing an MSR promised by the IA32_ARCH_CAPABILITES feature bit). Define a mask of supported IA32_ARCH_CAPABILITIES bits, and mask off any other bits that are set in the hardware MSR. Cc: Paolo Bonzini Fixes: 5b76a3cff011 ("KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry") Signed-off-by: Jim Mattson Reviewed-by: Vipin Sharma Reviewed-by: Xiaoyao Li Message-Id: <20220830174947.2182144-1-jmattson@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/x86.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5f4f855bb3b10..c5a08ec348e6f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1364,12 +1364,32 @@ static const u32 msr_based_features_all[] = { static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all)]; static unsigned int num_msr_based_features; +/* + * Some IA32_ARCH_CAPABILITIES bits have dependencies on MSRs that KVM + * does not yet virtualize. These include: + * 10 - MISC_PACKAGE_CTRLS + * 11 - ENERGY_FILTERING_CTL + * 12 - DOITM + * 18 - FB_CLEAR_CTRL + * 21 - XAPIC_DISABLE_STATUS + * 23 - OVERCLOCKING_STATUS + */ + +#define KVM_SUPPORTED_ARCH_CAP \ + (ARCH_CAP_RDCL_NO | ARCH_CAP_IBRS_ALL | ARCH_CAP_RSBA | \ + ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \ + ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \ + ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \ + ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO) + static u64 kvm_get_arch_capabilities(void) { u64 data = 0; - if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) + if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) { rdmsrl(MSR_IA32_ARCH_CAPABILITIES, data); + data &= KVM_SUPPORTED_ARCH_CAP; + } /* * If nx_huge_pages is enabled, KVM's shadow paging will ensure that @@ -1417,9 +1437,6 @@ static u64 kvm_get_arch_capabilities(void) */ } - /* Guests don't need to know "Fill buffer clear control" exists */ - data &= ~ARCH_CAP_FB_CLEAR_CTRL; - return data; } -- 2.35.1