Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp1653137rwl; Thu, 5 Jan 2023 17:32:01 -0800 (PST) X-Google-Smtp-Source: AMrXdXugH2UDpJIgXtj0L1gVfwb3ROEmRj9DdTJpcet2CMD0ylza9S9XVrefnk01/gKkxhTIy9UZ X-Received: by 2002:a05:6a20:6f47:b0:a3:7d0b:5dcb with SMTP id gu7-20020a056a206f4700b000a37d0b5dcbmr67023244pzb.15.1672968721528; Thu, 05 Jan 2023 17:32:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672968721; cv=none; d=google.com; s=arc-20160816; b=wPZKbZYeWwuI/ao3MNL8lONQB8v/x7wMlB8ZQIVx2oZn8s72jtPz57XmbzDVifwWAS RP4Du1StfwzpAv7HCu4R+6Bb4wVPyUbASSuJYzhc89KZB20lHNuyfZDvOM1D95yNhh5t osKyW1uEQNLKLJSrvdn89PWpjO3YTFgSaVD/h3zvHP0jJpbd3AVY/V9hPm1vHqhIX+UI xEZA31te1iyiSrelWKQlI+sqinfM6aFcqSyrCpzj9cadKOvZkenGJMCMFmLplW2vMBZl uz4hew9SDDg0KK/YVBEGH/Yp7s4Dn1pk5Q3G0XulV5fr/KSkOhu9ffQYqbFTSqc4WaMk 6WOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=O/yK9t38GUx7xAC8BnI1OsbEu+wskTkGWc8pHxjCI1M=; b=qHvKR/8ptVUDGCZy/5IkUK77C8OGQ3AeEl1/KX6qQ9ImVQKm6AeQknCXJICwjKW3A4 S1v2Imp9ygoXoyfGP3vPH5eWgJ0QpRCtiCnwlu0lPfypZV3wQd80D5UwYrr7/xpaasqS rNtspNtOaTnV5Ldg3eo9WXIggE36T34DycC7tU29yMPAmw3hq/Nyv26I4Ltz3lVdUUEN NDHc7Er22sYWRwtuLokF72bVyavNL3QduJpQdbaLtoBgMApOYuGcgSV72RNQ4KUrplai /PI7JfR8yHtWLMt677L8wcKG6iKShCbAujOUQCMIyopPbrWyD4gYmQ0uxn1T4RGCaaY4 IduQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=XC1QRawb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g12-20020a63fa4c000000b00477dd72d2b9si39915298pgk.72.2023.01.05.17.31.54; Thu, 05 Jan 2023 17:32:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=XC1QRawb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236797AbjAFBNi (ORCPT + 55 others); Thu, 5 Jan 2023 20:13:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236747AbjAFBNR (ORCPT ); Thu, 5 Jan 2023 20:13:17 -0500 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6585B71FFF for ; Thu, 5 Jan 2023 17:13:16 -0800 (PST) Received: by mail-pj1-x104a.google.com with SMTP id z4-20020a17090ab10400b002195a146546so2085980pjq.9 for ; Thu, 05 Jan 2023 17:13:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=O/yK9t38GUx7xAC8BnI1OsbEu+wskTkGWc8pHxjCI1M=; b=XC1QRawbtqcuGIvkyZGXfO4dWvKusbHvx7Ceuk2s9f1EDWyGwTXKxmEF/7/RoIyTQl 83ZnpCeWlNJvN0EszGtRNrqExAEYtasediUZNG+ehmTQiMkhoIjKnQhWX+hIoogU83y5 xCHw6f+G8TqjvtBXoV0fhoUCuqOQwLxYgvCx9gO1Yv6C08Kbd4rG0qe2BBVTMw5geDsF YPuiC4gu1ZtesL5MNl+S7dkrBrISA94kw1YYFc7EnChdP1MFnbPrSXyA/2qtyEzjSHcX TfB3JBGQsJtAUeyHu6mN2XX8OUtEzSnJzI4Mv2SeSy55WQ4uXyfv6rzWDVYiIitmKYhS xNBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=O/yK9t38GUx7xAC8BnI1OsbEu+wskTkGWc8pHxjCI1M=; b=7/rzBzGPaR6a+u6jsRU4g0NWZhPtzBdclwvvwUHJVEfxHXsd/XC2o7Syhmd5nAyNJr hMSUpzIeDY2BtEOW3qnF1EfGnnFwlxRVkJhQNWG93VTRDAWdIkbsjVQUcKIJHAe/4/wh j/8iy0FZPSFoDQB9aI+6g5TgZXW9jIx2VtWGkHeZ2G1B2O6bkDP+18jYyus13NW8w5LP QE7QgjBSlTr3lnT8HdkMQplB0iC5b8HQHhuQs0od4S38rArOdQhbNso2Cq9QEvQdhUAY FNJ3f7sWeZ13TXWRlC7wkgvLm5EHq/G0osYx+clYyLSMJLVaX+wMOFbToOzahAWXByFO rDVA== X-Gm-Message-State: AFqh2kqyEbdWGvZYl6p8A6pHRQf4b9NmRx6pxmuJqQuFv6AGrlG752Ui 8GVjB9/BBb3+fZbIMv+5/6vgjKIHLwI= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:903:40c8:b0:189:7a15:134b with SMTP id t8-20020a17090340c800b001897a15134bmr2814877pld.143.1672967595896; Thu, 05 Jan 2023 17:13:15 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 6 Jan 2023 01:12:34 +0000 In-Reply-To: <20230106011306.85230-1-seanjc@google.com> Mime-Version: 1.0 References: <20230106011306.85230-1-seanjc@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Message-ID: <20230106011306.85230-2-seanjc@google.com> Subject: [PATCH v5 01/33] KVM: x86: Blindly get current x2APIC reg value on "nodecode write" traps From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Alejandro Jimenez , Maxim Levitsky , Suravee Suthikulpanit , Li RongQing , Greg Edwards Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When emulating a x2APIC write in response to an APICv/AVIC trap, get the the written value from the vAPIC page without checking that reads are allowed for the target register. AVIC can generate trap-like VM-Exits on writes to EOI, and so KVM needs to get the written value from the backing page without running afoul of EOI's write-only behavior. Alternatively, EOI could be special cased to always write '0', e.g. so that the sanity check could be preserved, but x2APIC on AMD is actually supposed to disallow non-zero writes (not emulated by KVM), and the sanity check was a byproduct of how the KVM code was written, i.e. wasn't added to guard against anything in particular. Fixes: 70c8327c11c6 ("KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a "bad" reg") Fixes: 1bd9dfec9fd4 ("KVM: x86: Do not block APIC write for non ICR registers") Reported-by: Alejandro Jimenez Cc: stable@vger.kernel.org Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/lapic.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 4efdb4a4d72c..5c0f93fc073a 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2284,23 +2284,18 @@ void kvm_apic_write_nodecode(struct kvm_vcpu *vcpu, u32 offset) struct kvm_lapic *apic = vcpu->arch.apic; u64 val; - if (apic_x2apic_mode(apic)) { - if (KVM_BUG_ON(kvm_lapic_msr_read(apic, offset, &val), vcpu->kvm)) - return; - } else { - val = kvm_lapic_get_reg(apic, offset); - } - /* * ICR is a single 64-bit register when x2APIC is enabled. For legacy * xAPIC, ICR writes need to go down the common (slightly slower) path * to get the upper half from ICR2. */ if (apic_x2apic_mode(apic) && offset == APIC_ICR) { + val = kvm_lapic_get_reg64(apic, APIC_ICR); kvm_apic_send_ipi(apic, (u32)val, (u32)(val >> 32)); trace_kvm_apic_write(APIC_ICR, val); } else { /* TODO: optimize to just emulate side effect w/o one more write */ + val = kvm_lapic_get_reg(apic, offset); kvm_lapic_reg_write(apic, offset, (u32)val); } } -- 2.39.0.314.g84b9a713c41-goog