Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1108558lqo;
        Fri, 17 May 2024 10:53:06 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUdoUDp00UuHTvdtICTPfxRuTRRaZ8qoNX7sQeMUVjZqNFn8TgI2am6TIg/FOSjjNQYuuiC5ERasy7RYIx323aNLCrQqbGCx4PVREGVfA==
X-Google-Smtp-Source: AGHT+IHioRTvsNfe4VJ7bJr0uUZ8ExhChR/opKAONERMN71g0D8FYZ1HabCuCKIixjDZTn+BqRwN
X-Received: by 2002:a50:f61e:0:b0:568:d55c:1bb3 with SMTP id 4fb4d7f45d1cf-5734d67ef0emr15640218a12.31.1715968386319;
        Fri, 17 May 2024 10:53:06 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715968386; cv=pass;
        d=google.com; s=arc-20160816;
        b=SWUp+r5tf1ctbMgrtziXi0/CmbSXXFiAN0MesA8r8N3zOaA8oz3mdzcyK0KjDafIFH
         f71ywEnqrv9Ginv7GA6fU1QrS9oHu+ZGoSFZwFZDubLk7+a/4AHyBdB68g0RTBkseY36
         PFNdOHE+yi537ajn9hHO8w4Vq/oxKddjip9EbyCx0QvEoeWOM4piDclO9YlATvpdmIAo
         y/KarbTthnRLk6dUFU4T4XU5yDjtkSy3txQ/lnKZfTy17rHqTg0Lhcj/s77tdhDqlEUV
         6JAa/NxzLfE5GOqn6Tf9s1bPvDopy5wl9FnU2mSZqURtEMKCm8fsi70z1o9xb0rrQs8j
         O9oQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:from:subject:message-id:references:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date
         :reply-to:dkim-signature;
        bh=fknuicu/P7ZeItkSn6tGc+U7pN3vSqibLegNNza/UIw=;
        fh=stojxcJ+nA84WNFqFuOY4Whz9wV3QYi2T/UYUiu+f1E=;
        b=tz6xHyzkf+LW9utdPTmCneju/R9Y8IHiE8S26ldWtmSGCZmED9sdQf3Xi70I5gqAI5
         zNYUnXJ+qMAC09hGeP37RX8Nv7vVhZkEijnb6SO1nvZqPl/f4TzMdc6A9bhBk2ig3cNI
         sQ3bLSiKYFkovkEE60pCPVCUuYu4fpe6HhRtL4c9h85suDQj6Qh7Qwj2JlkBUeOVqnyn
         IXFdwzG6IgkmMrjSj6UNej49GEcakTe/XRXV2LrLfN2bkl0I4o8uM1u0751ke3BSVzqi
         tx3cJ4mvcYo0b1p0JnuV6LlqoEmm8kRR7lIYv76bBvKqjAfR1wPsbR6rXBibmAd6lZUF
         OuYw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=cA25VLje;
       arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-182451-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182451-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-182451-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5733c378049si9749545a12.627.2024.05.17.10.53.06
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 17 May 2024 10:53:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-182451-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=cA25VLje;
       arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-182451-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182451-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id EBCC81F285C5
	for <linux.lists.archive@gmail.com>; Fri, 17 May 2024 17:45:36 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 654C5146A9E;
	Fri, 17 May 2024 17:40:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="cA25VLje"
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38072144D39
	for <linux-kernel@vger.kernel.org>; Fri, 17 May 2024 17:40:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715967619; cv=none; b=RLHYAMALelHavEH+1GYZ/InAA2YWw/sMjQEevrERbb5SdO6noxtalaABxXUYvZgyioSMMbK3NFhi62rKgXjnfFaB6olcN5fstMq9CXNMM6XbieE8x7V+bl3eddSQ4TijiASSU9Da6uEicugJ6k70oE8WF1r0XoVNCPZzd8spN2c=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715967619; c=relaxed/simple;
	bh=E6LgUeDIffwkx0+8Lxw4NCEFqiek6fuwZ9kkRbcXbvc=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type; b=Kht02AB8FwacsLvryYv4qSlt/iR+wx7wqif1CcO+vE4XMiWp+g4ukNaAXenMgMwmknzJV84hQKRymfmIQkDlUQvgjMkj57q8aut2EcheL8ZpA5aPPTLB/WLG7YVYTm5Tsp8tG5mLq38DcMVqZGSifH+Ex1lKwA7+QpJ+DgkjkuM=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=cA25VLje; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-6f46acb3537so6689720b3a.1
        for <linux-kernel@vger.kernel.org>; Fri, 17 May 2024 10:40:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1715967617; x=1716572417; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=fknuicu/P7ZeItkSn6tGc+U7pN3vSqibLegNNza/UIw=;
        b=cA25VLjezgJd70261B8TG0b7LIEi1s7tBOGcxegHFwnm0LzVIt1VcJUlmk4YeBS7Y3
         JYMm/B1YvO72NmrxVYD0nXvWJuLPtO5TcNwoBKwwNGBRlVHwdT0ELXQrZmzZkiI/BRqz
         gz5XQOladAGUkX9jxJtCpwSoskLs9YpoSGk5869nZFJU48sQnxyksURQnTWC3+xhXBDC
         PA4ie0T/Kt4bMyBiGiZjcQI0mbSEYCkp0ALKa1DqEqYwc+dwXppaoBz95T/X3YIymVTo
         YmTQbZAjz7/bjLdZWyrRI11dG3SoEoZ2DcvmLfTXuivn8E6KjuDE3rG56Ho31tn411BA
         9MzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715967617; x=1716572417;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=fknuicu/P7ZeItkSn6tGc+U7pN3vSqibLegNNza/UIw=;
        b=HXbS0OHLoLVhOE5PlaY4zb1I8yHCdkEQ1/jNGGl7ifS4sRnXGwbeyA+/rITM2PjMdV
         33xKVESS1JOBfbBFOF4zOYu/Lhvf6J9lrhNK35YuibUAjsCiMD75oNCg+zSbmXAge7kd
         lCfoJ90AGk3v8SNyVIX4+mpXu2FVjU68xFWnH4vPrpNRpDqof49iL2u1yvIBhNwaeYtO
         /U3DWz8iu0fJT/kKOAH/8dAGnKpQdB6iURdqwBQauQPP2GKH+rETIhAFp/QUmUPjHzbw
         EJDcpnvwaqjn52upcwcLpdT1aD0qurfk2akokvOpf9TIn0CtGLULFlxk0OLGycRsl+EW
         QZOg==
X-Forwarded-Encrypted: i=1; AJvYcCWCWZRhfzx6am5aUAHflSoPMYnP1TnvAMlr62QI8XXpraaKoLCL7oNaVJtp11oYJ+xMAfqyZj2hBnJjrhL6CgA5jdlcw02/YWT7wJWH
X-Gm-Message-State: AOJu0YyR7v5k3BMiB9qx3vbG/22REqgBb04vJlHnrczfR3eD7fw6V/nb
	vkLnSaRQpdURkILmjoxWeCqO7q8azhlvdsaKPvcrxk2wtTicqMAmYPyq4Hd3atFCIf7OIWBW82A
	NZw==
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6a00:3999:b0:6ec:f3e8:46a8 with SMTP id
 d2e1a72fcca58-6f4c8e4058bmr121470b3a.1.1715967617457; Fri, 17 May 2024
 10:40:17 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 May 2024 10:38:55 -0700
In-Reply-To: <20240517173926.965351-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240517173926.965351-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.0.215.g3402c0e53f-goog
Message-ID: <20240517173926.965351-19-seanjc@google.com>
Subject: [PATCH v2 18/49] KVM: x86: Account for max supported CPUID leaf when
 getting raw host CPUID
From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson <seanjc@google.com>, 
	Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, 
	Hou Wenlong <houwenlong.hwl@antgroup.com>, Kechen Lu <kechenl@nvidia.com>, 
	Oliver Upton <oliver.upton@linux.dev>, Maxim Levitsky <mlevitsk@redhat.com>, 
	Binbin Wu <binbin.wu@linux.intel.com>, Yang Weijiang <weijiang.yang@intel.com>, 
	Robert Hoo <robert.hoo.linux@gmail.com>
Content-Type: text/plain; charset="UTF-8"

Explicitly zero out the feature word in kvm_cpu_caps if the word's
associated CPUID function is greater than the max leaf supported by the
CPU.  For such unsupported functions, Intel CPUs return the output from
the last supported leaf, not all zeros.

Practically speaking, this is likely a benign bug, as KVM uses the raw
host CPUID to mask the kernel's computed capabilities, and the kernel does
perform max leaf checks when populating boot_cpu_data.  The only way KVM's
goof could be problematic is if the kernel force-set a feature in a leaf
that is completely unsupported, _and_ the max supported leaf happened to
return a value with '1' the same bit position.  Which is theoretically
possible, but extremely unlikely.  And even if that did happen, it's
entirely possible that KVM would still provide the correct functionality;
the kernel did set the capability after all.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/cpuid.c | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index a51e48663f53..77625a5477b1 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -571,18 +571,37 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
 	return 0;
 }
 
+static __always_inline u32 raw_cpuid_get(struct cpuid_reg cpuid)
+{
+	struct kvm_cpuid_entry2 entry;
+	u32 base;
+
+	/*
+	 * KVM only supports features defined by Intel (0x0), AMD (0x80000000),
+	 * and Centaur (0xc0000000).  WARN if a feature for new vendor base is
+	 * defined, as this and other code would need to be updated.
+	 */
+	base = cpuid.function & 0xffff0000;
+	if (WARN_ON_ONCE(base && base != 0x80000000 && base != 0xc0000000))
+		return 0;
+
+	if (cpuid_eax(base) < cpuid.function)
+		return 0;
+
+	cpuid_count(cpuid.function, cpuid.index,
+		    &entry.eax, &entry.ebx, &entry.ecx, &entry.edx);
+
+	return *__cpuid_entry_get_reg(&entry, cpuid.reg);
+}
+
 /* Mask kvm_cpu_caps for @leaf with the raw CPUID capabilities of this CPU. */
 static __always_inline void __kvm_cpu_cap_mask(unsigned int leaf)
 {
 	const struct cpuid_reg cpuid = x86_feature_cpuid(leaf * 32);
-	struct kvm_cpuid_entry2 entry;
 
 	reverse_cpuid_check(leaf);
 
-	cpuid_count(cpuid.function, cpuid.index,
-		    &entry.eax, &entry.ebx, &entry.ecx, &entry.edx);
-
-	kvm_cpu_caps[leaf] &= *__cpuid_entry_get_reg(&entry, cpuid.reg);
+	kvm_cpu_caps[leaf] &= raw_cpuid_get(cpuid);
 }
 
 static __always_inline
-- 
2.45.0.215.g3402c0e53f-goog