Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp18119151rwd; Tue, 27 Jun 2023 11:56:45 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5aEmE5oW0+AxuYazUcfrG6m9Avr5cyr58oIPm18VI3hOYsLOmgCUgqFkQ6e0SUNNlWgNEa X-Received: by 2002:a17:906:8a56:b0:98e:4b2:2e83 with SMTP id gx22-20020a1709068a5600b0098e04b22e83mr7317550ejc.50.1687892205396; Tue, 27 Jun 2023 11:56:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687892205; cv=none; d=google.com; s=arc-20160816; b=Yfwrwy04M14EF94y4McsngH7IabwZvH72mLogi2erocnjM6HkMYSZd/hqNa66xthlH 75KZPGOTy6NXvVgoiS3hH7HdhpUpAJeCLMq98o0SLheqoIEJlVQu48CN+oBGqBIEfrEw sEfIZqKBWBkuwpU+kxYCUqbVTCp7XtLTXGfz/KXCeeim7gncEccZO/JIYxbvFrsrXFQA EzZgo58uyeXKO4BVjmKInZ7qzP6sQPz+7brAhs3vb6qxmi99g2n2gT1ML2RSmIAzf0s3 sK6+CfHdWPZDGbHSUlVXP/xgXV7RQYdAdXvKEkIIF9CRh6vDRAAtXuLx0F3lQu1WAX1c y/Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=MOaqBvixOW3x98UwibxOqBic6iDT/fgo05f/EM7KrhE=; fh=v9lJtdyQfw6lzjOHsDgcsQVqwzf5RsHATh7ckD9UBoY=; b=QEMU+ct3sXl+IHIpNDSHs5oMid3m2pEIqF0z83xIG3gSSrqaZYKjzOBBJsrU0KKmmr Z6d0b2MtG4TEltlHUt5C7aQ3vYnDii8DePhHDtMyUwVJBAOtmK1N+usnqu2aP9qpkoYZ E1S8ABIqGodr1jAx0RiiHXuhXT3RPBB3K6hR84jEpWNT0vW4vh2f/fcZzXJHvPHHwrrD yLJTVlwF79Dsb0OUZ45tCS5u4c/PieweRmcUfE+jH60E5SkoGYIWXCDyMqmHtmEBFMtz QaP1pEPuG4tnWKLTIJYgfLVcv7pEKMaqm/fQoMvBw6Jw067VO0MpDEhskQWZPNoTzpz9 IwQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=I3gXWAJg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qo25-20020a170907213900b0098e266c9592si3844175ejb.262.2023.06.27.11.56.20; Tue, 27 Jun 2023 11:56:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=I3gXWAJg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231204AbjF0S3E (ORCPT + 99 others); Tue, 27 Jun 2023 14:29:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54534 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231148AbjF0S3A (ORCPT ); Tue, 27 Jun 2023 14:29:00 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D19EEE71 for ; Tue, 27 Jun 2023 11:28:59 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id d9443c01a7336-1b80c1966d4so670895ad.1 for ; Tue, 27 Jun 2023 11:28:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1687890539; x=1690482539; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MOaqBvixOW3x98UwibxOqBic6iDT/fgo05f/EM7KrhE=; b=I3gXWAJgtGihnOVBLkXXabjfTRTeupaaaW6Xn54va727a8UVTmIc0oTRGqiu9PgkGT Ecjj/yJaji3m8v79Bf+O3tISmzqtJiXStCbFMpj7ebJo6kTLjOQYlMF7f2VwLmjcP/bo 3bD3Js4TrDmJ53ObLgJmyxQm3yPkoXmfyzJFWhi5oepuhKfFF86WCsCDY7Suo56N1brM oIBjJyjeiMZNgmQHxMBqw1zb5AzXxLSsJ5aGfdq9J6012Jy3rotkcr3nomLim4Fs4T2O j891mDYppfBGO1NxF6zABmrIayZhJjgFVPrR2W6pZrq5Njflgjc5nhwlfO92cb9bn6HW 2qKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687890539; x=1690482539; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MOaqBvixOW3x98UwibxOqBic6iDT/fgo05f/EM7KrhE=; b=GMgnVKSmJlZeTW0fwj/GTa9DTPHIkqUkEZOwZnL300ZqLeaQg2O11jLVUPmwcjHqk8 n3AROjRnQj0sisyvk8udFX9u8CfAwGolvA/eLS7boY6v7hW+TaANyXP96lUqO2qFJ2LH /XdoGH85Zb8EK81zz13hCNwpgO+mbU6Laxrk0G6rTeXOI8gDXsG5cd5RO5TuH/keDFKn 5OdAvzSZX+nAdGsZ+8iqAJD2gjaQmjLgwUlqPcb7pW+Uui2CyLTlvSmxOCCz53QoYF3q QItL4pGT4CGT6EdvltTG2l4h6daZh6D78rLysNojbKORLgDycRkT5kw5H/lWJ6fmXGKu I3oQ== X-Gm-Message-State: AC+VfDyaCH4Y6oGHG3v22VYFwOkieKSbbL286veU+9ohi3CMuJUSOCLR brjv52QP+JKV4iywGFPYXAwk9crVkZU= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:9893:b0:1b5:1610:d550 with SMTP id s19-20020a170902989300b001b51610d550mr1538915plp.3.1687890539298; Tue, 27 Jun 2023 11:28:59 -0700 (PDT) Date: Tue, 27 Jun 2023 11:28:58 -0700 In-Reply-To: <20230601142309.6307-5-guang.zeng@intel.com> Mime-Version: 1.0 References: <20230601142309.6307-1-guang.zeng@intel.com> <20230601142309.6307-5-guang.zeng@intel.com> Message-ID: Subject: Re: [PATCH v1 4/6] KVM: x86: Add emulator helper for LASS violation check From: Sean Christopherson To: Zeng Guang Cc: Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , H Peter Anvin , kvm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 01, 2023, Zeng Guang wrote: > When LASS is enabled, KVM need apply LASS violation check to instruction > emulations. Add helper for the usage of x86 emulator to perform LASS > protection. > > Signed-off-by: Zeng Guang > Tested-by: Xuelian Guo > --- > arch/x86/kvm/kvm_emulate.h | 1 + > arch/x86/kvm/x86.c | 12 ++++++++++++ > 2 files changed, 13 insertions(+) > > diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h > index f1439ab7c14b..fd1c2b22867e 100644 > --- a/arch/x86/kvm/kvm_emulate.h > +++ b/arch/x86/kvm/kvm_emulate.h > @@ -230,6 +230,7 @@ struct x86_emulate_ops { > int (*leave_smm)(struct x86_emulate_ctxt *ctxt); > void (*triple_fault)(struct x86_emulate_ctxt *ctxt); > int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr); > + bool (*check_lass)(struct x86_emulate_ctxt *ctxt, u64 access, u64 la, u32 flags); > }; > > /* Type, address-of, and value of an instruction's operand. */ > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index c0778ca39650..faf01fecc4ca 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -8287,6 +8287,17 @@ static void emulator_vm_bugged(struct x86_emulate_ctxt *ctxt) > kvm_vm_bugged(kvm); > } > > +static bool emulator_check_lass(struct x86_emulate_ctxt *ctxt, > + u64 access, u64 la, u32 flags) > +{ > + struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); > + > + if (!is_long_mode(vcpu)) > + return false; Likely a moot point if we wrap ->gva_to_gpa(), but most this into the vendor implementation. And if we keep these emulator hooks, massage the patch ordering: 1. Add plumbing to emulator to pass new flags 2. Add kvm_x86_ops definition and invocation from emulator 3. Implement and wire up vmx_is_lass_violation() That way the changes to each area of KVM are better isolated. > + return static_call(kvm_x86_check_lass)(vcpu, access, la, flags); > +} > + > static const struct x86_emulate_ops emulate_ops = { > .vm_bugged = emulator_vm_bugged, > .read_gpr = emulator_read_gpr, > @@ -8332,6 +8343,7 @@ static const struct x86_emulate_ops emulate_ops = { > .leave_smm = emulator_leave_smm, > .triple_fault = emulator_triple_fault, > .set_xcr = emulator_set_xcr, > + .check_lass = emulator_check_lass, > }; > > static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask) > -- > 2.27.0 >