Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp4478319rwb; Tue, 6 Sep 2022 08:05:30 -0700 (PDT) X-Google-Smtp-Source: AA6agR5e07zGuNKMiTmeEZC9Cl8oNyRlptxWxTcwt3uBaDfcZzeYqaeBG2385VK/o1PUlLcVoqcT X-Received: by 2002:a63:982:0:b0:434:aafc:fc60 with SMTP id 124-20020a630982000000b00434aafcfc60mr2924060pgj.551.1662476730628; Tue, 06 Sep 2022 08:05:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662476730; cv=none; d=google.com; s=arc-20160816; b=E71YyAFkSXhpVlCtO+Eh3bE9mGlmeLDx3nhclzpFFt+JtALNGp1BZG/FkZOgIBgoZl GYaJljs7erJmPRKGA2dE07TP9RUWqN+FR66kyJa5FhcoVIgsrgdj1s220mDgauxLh3Jv oDYX6x0NPt4aBklDMWZO0NnO21ZJy2c81bc05wKbHbQvjW+ZiuriRwlef5kIgPw0rjwi t0WgyCA/gpIDCJqd/J7X8sKwGnb/WKeKgfGWTACDj4snSidwhnfGr+lnVMW8+ZhYwzbr /4zZVgL4vgBIdStAJsKlRQePfcQiO1ZVZDipE1kHf/UEOosGOXQA/54jltzgoY98i9+A 584g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=apcB/5F2cR8crsCHBmc2iapFLFUiEUPnALUwxIQK4cg=; b=q7iOVKb6wrMm365X+/cv8RBGRYooNMkhtRwTc4O6NMUqI9VY2jig4Odm21l7rbH4NJ Pni9ZZjfwMPppH8iQXSbs1p63iM8zbbmQjyvoJRLSk4MHR9CLsEHv7mnTwZWD1iI8lvu JzsHODx4I+mjGQE7CQ/y5/PGZq+BWXa1TPDjVYlbTn3+FTGwAd3e6d9/JrOadOeuWlA2 sM+y2iBmaDIxzTlx+QPw2oSkDcvA8/7QqYSfMqx9TZtISdmt78smZb/MO4qoCQYjofld hdwHdZoM8zaTf4AYGyyDAi+YsWkw9tipdfEERmE6CkYggMXEBQS8O+jZ+1J5W7+bjjU+ F9Hg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="T4d/YXoq"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i16-20020a635850000000b0041bd3212b81si10153495pgm.254.2022.09.06.08.05.19; Tue, 06 Sep 2022 08:05:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="T4d/YXoq"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241054AbiIFOM4 (ORCPT + 99 others); Tue, 6 Sep 2022 10:12:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51552 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239687AbiIFOKn (ORCPT ); Tue, 6 Sep 2022 10:10:43 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4DCB3870B4; Tue, 6 Sep 2022 06:47:22 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C30EEB818C0; Tue, 6 Sep 2022 13:46:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3226CC433D6; Tue, 6 Sep 2022 13:46:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1662471962; bh=o80GZTrPBxf1ZQzoH5YWgB4U+qWTYhlA8ZzvxmEb1gM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=T4d/YXoqKNYU5CSGsODyTILwQJcIlTCppi3sPCpIw8GGtR3s8UrKjthwQJx3LAdYb /Bg8Y6Q0meovU1T+cqSDg+R0XqEADaq2NRqBez827U9vQewqfb/SaFXayFIKESP4cv 6cUWgmbeyztg2rGA/4AIt3nvqduTylSgzBtkap+U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Paolo Bonzini , Jim Mattson , Vipin Sharma , Xiaoyao Li , Sasha Levin Subject: [PATCH 5.19 098/155] KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES Date: Tue, 6 Sep 2022 15:30:46 +0200 Message-Id: <20220906132833.616698784@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220906132829.417117002@linuxfoundation.org> References: <20220906132829.417117002@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jim Mattson [ Upstream commit 0204750bd4c6ccc2fb7417618477f10373b33f56 ] KVM should not claim to virtualize unknown IA32_ARCH_CAPABILITIES bits. When kvm_get_arch_capabilities() was originally written, there were only a few bits defined in this MSR, and KVM could virtualize all of them. However, over the years, several bits have been defined that KVM cannot just blindly pass through to the guest without additional work (such as virtualizing an MSR promised by the IA32_ARCH_CAPABILITES feature bit). Define a mask of supported IA32_ARCH_CAPABILITIES bits, and mask off any other bits that are set in the hardware MSR. Cc: Paolo Bonzini Fixes: 5b76a3cff011 ("KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry") Signed-off-by: Jim Mattson Reviewed-by: Vipin Sharma Reviewed-by: Xiaoyao Li Message-Id: <20220830174947.2182144-1-jmattson@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/x86.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index bc411d19dac08..55de0d1981e52 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1570,12 +1570,32 @@ static const u32 msr_based_features_all[] = { static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all)]; static unsigned int num_msr_based_features; +/* + * Some IA32_ARCH_CAPABILITIES bits have dependencies on MSRs that KVM + * does not yet virtualize. These include: + * 10 - MISC_PACKAGE_CTRLS + * 11 - ENERGY_FILTERING_CTL + * 12 - DOITM + * 18 - FB_CLEAR_CTRL + * 21 - XAPIC_DISABLE_STATUS + * 23 - OVERCLOCKING_STATUS + */ + +#define KVM_SUPPORTED_ARCH_CAP \ + (ARCH_CAP_RDCL_NO | ARCH_CAP_IBRS_ALL | ARCH_CAP_RSBA | \ + ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \ + ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \ + ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \ + ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO) + static u64 kvm_get_arch_capabilities(void) { u64 data = 0; - if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) + if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) { rdmsrl(MSR_IA32_ARCH_CAPABILITIES, data); + data &= KVM_SUPPORTED_ARCH_CAP; + } /* * If nx_huge_pages is enabled, KVM's shadow paging will ensure that @@ -1623,9 +1643,6 @@ static u64 kvm_get_arch_capabilities(void) */ } - /* Guests don't need to know "Fill buffer clear control" exists */ - data &= ~ARCH_CAP_FB_CLEAR_CTRL; - return data; } -- 2.35.1