Received: by 2002:a05:7412:b130:b0:e2:908c:2ebd with SMTP id az48csp2152503rdb; Mon, 20 Nov 2023 03:41:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IHW5oRx7dS18pGhdrY2c5ZpMlPfJ2cA1mTvz/m036JXwzuZ5GJto2hpjMa7EMEIgdMTFri0 X-Received: by 2002:a05:6a00:2d18:b0:6c6:aaa4:5d68 with SMTP id fa24-20020a056a002d1800b006c6aaa45d68mr5553838pfb.27.1700480502458; Mon, 20 Nov 2023 03:41:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700480502; cv=none; d=google.com; s=arc-20160816; b=EVuBysbrdBJe2AjHUwus6pOy+x535/CwhF5BFAy8Xwy+s28s5slP3KCTS4Nzikah55 BMuu7rlgR3V5PGPDN7tirN98mAt+5/3NVxsZglF9tW59HtxRGU8CNiHJJmkvOj7G31zG 0H0ZnRbjmWc/+FUyOqJhRIM9toUtp8J+XMxVGSbNZcX/xsmvpJa71b8yqyQCBmDfTazw mEWT8IlnHM78DwRnE15XuU2WptdH+1yZ8vUg9bFtI2Df8eRoQU0zqSSvyZSjenxyywDb tPLWXrjurqnW6PYpQktcGqqroEfH98fI3T4RBwEkVoUchzZjCIxdXlg1pJH+SaS6+Ki9 7n/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=XroWRvXs+Y4iSNm22W3/JdNTVL8TEZs8UV4UrMaRAU8=; fh=Nq0oepwhCxvN5xgp/oTsTcwmzxolMYHrK7DBemx3XjM=; b=xawLyEh5auOCvVVq2C0kf/6xMv7PXwjBm0K35i/SVoyk4xvvdn/EjHQ0zaaaimhBHj iWwvw0BCTLkhxH9w+v/08J347m4mJ13i2fC5VfIozG7oRG3lyCn4Rtl2YhDWzSxm0x1m 7QNAqrO9fb6t999wIFoWYIjpckClujaryqmszp42ejJ9RtzRaG+45/UFle1d1FnDoOWd ixA4H3j9PK3sB0b8vNQnh/7QGp4w+YbYr6xkM4bObvhE/FnUxo3kffTOxFEBFJFcXz3u eIgZlvf+syuytcqGt9oKLbx2KenL852P/ihjlVsDwuooFC9H8Z37m3Mc7ikHAIDgKah3 SlPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Px9sVBae; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id t187-20020a632dc4000000b005b99bfe3301si8232278pgt.462.2023.11.20.03.41.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Nov 2023 03:41:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Px9sVBae; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 866A3806895F; Mon, 20 Nov 2023 03:41:39 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232762AbjKTLl3 (ORCPT + 99 others); Mon, 20 Nov 2023 06:41:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232627AbjKTLl2 (ORCPT ); Mon, 20 Nov 2023 06:41:28 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2B9C9C for ; Mon, 20 Nov 2023 03:41:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700480483; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XroWRvXs+Y4iSNm22W3/JdNTVL8TEZs8UV4UrMaRAU8=; b=Px9sVBaeOWtyjcrVkc7AopIeuck2+tKg1uegBSQA5mFztYi4SXiAz6bHDBjY3nFs2CjQ96 VU+Ht/N8O0su+LQb0ucixq+z6GIAK8DBtkzoxNMJc19zklpGCvV4aMMOOlyJB8+RZMsxwK kN7ST3RB9tHH+fpOqHy26t4GyS8Fcqo= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-126-OwlrFnZWM9GjNlRZSgA4sA-1; Mon, 20 Nov 2023 06:41:17 -0500 X-MC-Unique: OwlrFnZWM9GjNlRZSgA4sA-1 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-32f8371247fso2338760f8f.2 for ; Mon, 20 Nov 2023 03:41:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700480476; x=1701085276; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=XroWRvXs+Y4iSNm22W3/JdNTVL8TEZs8UV4UrMaRAU8=; b=UMSPTCPvxfbCCKQf9P+y7xl+M4BmHdnruz6/vRu/guYo0/uE3m/c7bwuPw2h1B/WQq 5t9otCMM89Vhc8yIPSTgY9B8O1weqCC1B/P84F94g1YmWcNL/2X+eAEmK8nyKg2Z+C41 uldfMUjxWIBMT2IskE8ZSHJNyjnelb8Jo9iJwrSSLg0ntzdBWWZiiJm6DFpnVGnFnRVg qh5Ywek2d3uwxJQh4+pYYREIAdla5vZvGrbiqcH3qbO0+ZvPZ8N036NhMW86wm5myHbi 849YFcpaEBtM+wXRCGIndjteyKIF6rQrsk1+neJHsegVowdl0Dg5ac1exwIB/i+P6P14 G+aA== X-Gm-Message-State: AOJu0YwJWtc6rIFn1emyHdeAkUT/ljlbml3ySTbJMnYYbqDAtKy3+2FB 6iq87hqdUMzUvQlDRBaVhL/zoJfxZn9ckxzpxRx5206syhMmRzp7ZCgwFt1xBlZtA2y3lW9w00N zi2jOEglInwaavdcdneebSqPd X-Received: by 2002:adf:8b5e:0:b0:331:6945:9d11 with SMTP id v30-20020adf8b5e000000b0033169459d11mr4491910wra.71.1700480475873; Mon, 20 Nov 2023 03:41:15 -0800 (PST) X-Received: by 2002:adf:8b5e:0:b0:331:6945:9d11 with SMTP id v30-20020adf8b5e000000b0033169459d11mr4491896wra.71.1700480475496; Mon, 20 Nov 2023 03:41:15 -0800 (PST) Received: from starship ([77.137.131.4]) by smtp.gmail.com with ESMTPSA id v9-20020a5d5909000000b0032f9688ea48sm10955278wrd.10.2023.11.20.03.41.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Nov 2023 03:41:15 -0800 (PST) Message-ID: <8018a697eae37a5e749afcb19368ac7c32b91d57.camel@redhat.com> Subject: Re: [PATCH 1/2] Revert "nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB" From: Maxim Levitsky To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Stefan Sterz Date: Mon, 20 Nov 2023 13:41:13 +0200 In-Reply-To: <20231018194104.1896415-2-seanjc@google.com> References: <20231018194104.1896415-1-seanjc@google.com> <20231018194104.1896415-2-seanjc@google.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 20 Nov 2023 03:41:39 -0800 (PST) On Wed, 2023-10-18 at 12:41 -0700, Sean Christopherson wrote: > Revert KVM's made-up consistency check on SVM's TLB control. The APM says > that unsupported encodings are reserved, but the APM doesn't state that > VMRUN checks for a supported encoding. Unless something is called out > in "Canonicalization and Consistency Checks" or listed as MBZ (Must Be > Zero), AMD behavior is typically to let software shoot itself in the foot. > > This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1. > > Fixes: 174a921b6975 ("nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB") > Reported-by: Stefan Sterz > Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com > Cc: stable@vger.kernel.org > Signed-off-by: Sean Christopherson > --- > arch/x86/kvm/svm/nested.c | 15 --------------- > 1 file changed, 15 deletions(-) > > diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c > index 3fea8c47679e..60891b9ce25f 100644 > --- a/arch/x86/kvm/svm/nested.c > +++ b/arch/x86/kvm/svm/nested.c > @@ -247,18 +247,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size) > kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1); > } > > -static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl) > -{ > - /* Nested FLUSHBYASID is not supported yet. */ > - switch(tlb_ctl) { > - case TLB_CONTROL_DO_NOTHING: > - case TLB_CONTROL_FLUSH_ALL_ASID: > - return true; > - default: > - return false; > - } > -} > - > static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu, > struct vmcb_ctrl_area_cached *control) > { > @@ -278,9 +266,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu, > IOPM_SIZE))) > return false; > > - if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl))) > - return false; > - > if (CC((control->int_ctl & V_NMI_ENABLE_MASK) && > !vmcb12_is_intercept(control, INTERCEPT_NMI))) { > return false; Yes, after checking Jim's comment (*) on this I still agree that revert is OK. KVM never passes through the tlb_ctl field (but does copy it to the cache), thus there is no need to sanitize it. https://www.spinics.net/lists/kvm/msg316072.html Reviewed-by: Maxim Levitsky Best regards, Maxim Levitsky