From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 29/61] KVM: x86: Add Kconfig-controlled auditing of reverse CPUID lookups
Date: Mon, 24 Feb 2020 14:46:13 -0800 [thread overview]
Message-ID: <20200224224613.GO29865@linux.intel.com> (raw)
In-Reply-To: <87a758oztt.fsf@vitty.brq.redhat.com>
On Mon, Feb 24, 2020 at 02:54:38PM +0100, Vitaly Kuznetsov wrote:
> Sean Christopherson <sean.j.christopherson@intel.com> writes:
>
> > Add WARNs in the low level __cpuid_entry_get_reg() to assert that the
> > function and index of the CPUID entry and reverse CPUID entry match.
> > Wrap the WARNs in a new Kconfig, KVM_CPUID_AUDIT, as the checks add
> > almost no value in a production environment, i.e. will only detect
> > blatant KVM bugs and fatal hardware errors. Add a Kconfig instead of
> > simply wrapping the WARNs with an off-by-default #ifdef so that syzbot
> > and other automated testing can enable the auditing.
> >
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> > ---
> > arch/x86/kvm/Kconfig | 10 ++++++++++
> > arch/x86/kvm/cpuid.h | 5 +++++
> > 2 files changed, 15 insertions(+)
> >
> > diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
> > index 840e12583b85..bbbc3258358e 100644
> > --- a/arch/x86/kvm/Kconfig
> > +++ b/arch/x86/kvm/Kconfig
> > @@ -96,6 +96,16 @@ config KVM_MMU_AUDIT
> > This option adds a R/W kVM module parameter 'mmu_audit', which allows
> > auditing of KVM MMU events at runtime.
> >
> > +config KVM_CPUID_AUDIT
> > + bool "Audit KVM reverse CPUID lookups"
> > + depends on KVM
> > + help
> > + This option enables runtime checking of reverse CPUID lookups in KVM
> > + to verify the function and index of the referenced X86_FEATURE_* match
> > + the function and index of the CPUID entry being accessed.
> > +
> > + If unsure, say N.
> > +
> > # OK, it's a little counter-intuitive to do this, but it puts it neatly under
> > # the virtualization menu.
> > source "drivers/vhost/Kconfig"
> > diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
> > index 51f19eade5a0..41ff94a7d3e0 100644
> > --- a/arch/x86/kvm/cpuid.h
> > +++ b/arch/x86/kvm/cpuid.h
> > @@ -98,6 +98,11 @@ static __always_inline struct cpuid_reg x86_feature_cpuid(unsigned x86_feature)
> > static __always_inline u32 *__cpuid_entry_get_reg(struct kvm_cpuid_entry2 *entry,
> > const struct cpuid_reg *cpuid)
> > {
> > +#ifdef CONFIG_KVM_CPUID_AUDIT
> > + WARN_ON_ONCE(entry->function != cpuid->function);
> > + WARN_ON_ONCE(entry->index != cpuid->index);
> > +#endif
> > +
> > switch (cpuid->reg) {
> > case CPUID_EAX:
> > return &entry->eax;
>
> Honestly, I was thinking we should BUG_ON() and even in production builds
> but not everyone around is so rebellious I guess, so
LOL. It's a waste of cycles for something that will "never" be hit, i.e.
we _really_ dropped the ball if a bug of this natures makes it into a
kernel release.
> Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
>
> --
> Vitaly
>
next prev parent reply other threads:[~2020-02-24 22:46 UTC|newest]
Thread overview: 168+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-01 18:51 [PATCH 00/61] KVM: x86: Introduce KVM cpu caps Sean Christopherson
2020-02-01 18:51 ` [PATCH 01/61] KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries Sean Christopherson
2020-02-03 12:55 ` Vitaly Kuznetsov
2020-02-03 15:59 ` Sean Christopherson
2020-02-25 14:36 ` Paolo Bonzini
2020-02-01 18:51 ` [PATCH 02/61] KVM: x86: Refactor loop around do_cpuid_func() to separate helper Sean Christopherson
2020-02-06 14:59 ` Vitaly Kuznetsov
2020-02-07 19:53 ` Sean Christopherson
2020-02-25 14:37 ` Paolo Bonzini
2020-02-25 15:09 ` Vitaly Kuznetsov
2020-02-26 11:35 ` Paolo Bonzini
2020-02-01 18:51 ` [PATCH 03/61] KVM: x86: Simplify handling of Centaur CPUID leafs Sean Christopherson
2020-02-06 15:05 ` Vitaly Kuznetsov
2020-02-07 19:47 ` Sean Christopherson
2020-02-01 18:51 ` [PATCH 04/61] KVM: x86: Clean up error handling in kvm_dev_ioctl_get_cpuid() Sean Christopherson
2020-02-06 15:09 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 05/61] KVM: x86: Check userapce CPUID array size after validating sub-leaf Sean Christopherson
2020-02-06 15:24 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 06/61] KVM: x86: Move CPUID 0xD.1 handling out of the index>0 loop Sean Christopherson
2020-02-07 15:38 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 07/61] KVM: x86: Check for CPUID 0xD.N support before validating array size Sean Christopherson
2020-02-07 15:48 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 08/61] KVM: x86: Warn on zero-size save state for valid CPUID 0xD.N sub-leaf Sean Christopherson
2020-02-07 15:54 ` Vitaly Kuznetsov
2020-02-07 15:56 ` Sean Christopherson
2020-02-01 18:51 ` [PATCH 09/61] KVM: x86: Refactor CPUID 0xD.N sub-leaf entry creation Sean Christopherson
2020-02-07 15:56 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 10/61] KVM: x86: Clean up CPUID 0x7 sub-leaf loop Sean Christopherson
2020-02-21 14:20 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 11/61] KVM: x86: Drop the explicit @index from do_cpuid_7_mask() Sean Christopherson
2020-02-21 14:22 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 12/61] KVM: x86: Drop redundant boot cpu checks on SSBD feature bits Sean Christopherson
2020-02-01 18:51 ` [PATCH 13/61] KVM: x86: Consolidate CPUID array max num entries checking Sean Christopherson
2020-02-01 18:51 ` [PATCH 14/61] KVM: x86: Hoist loop counter and terminator to top of __do_cpuid_func() Sean Christopherson
2020-02-01 18:51 ` [PATCH 15/61] KVM: x86: Refactor CPUID 0x4 and 0x8000001d handling Sean Christopherson
2020-02-21 14:40 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 16/61] KVM: x86: Encapsulate CPUID entries and metadata in struct Sean Christopherson
2020-02-21 14:58 ` Vitaly Kuznetsov
2020-02-24 21:55 ` Sean Christopherson
2020-02-24 23:12 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 17/61] KVM: x86: Drop redundant array size check Sean Christopherson
2020-02-01 18:51 ` [PATCH 18/61] KVM: x86: Use common loop iterator when handling CPUID 0xD.N Sean Christopherson
2020-02-21 15:04 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 19/61] KVM: VMX: Add helpers to query Intel PT mode Sean Christopherson
[not found] ` <87pne8q8c0.fsf@vitty.brq.redhat.com>
2020-02-24 22:18 ` Sean Christopherson
2020-02-25 14:54 ` Paolo Bonzini
2020-03-03 22:41 ` Sean Christopherson
2020-02-01 18:51 ` [PATCH 20/61] KVM: x86: Calculate the supported xcr0 mask at load time Sean Christopherson
2020-02-13 14:21 ` Xiaoyao Li
2020-02-01 18:51 ` [PATCH 21/61] KVM: x86: Use supported_xcr0 to detect MPX support Sean Christopherson
2020-02-13 14:25 ` Xiaoyao Li
2020-02-21 15:32 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 22/61] KVM: x86: Make kvm_mpx_supported() an inline function Sean Christopherson
2020-02-13 14:26 ` Xiaoyao Li
2020-02-21 15:33 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 23/61] KVM: x86: Clear output regs for CPUID 0x14 if PT isn't exposed to guest Sean Christopherson
2020-02-21 15:36 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 24/61] KVM: x86: Drop explicit @func param from ->set_supported_cpuid() Sean Christopherson
2020-02-21 15:39 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 25/61] KVM: x86: Use u32 for holding CPUID register value in helpers Sean Christopherson
2020-02-21 15:43 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 26/61] KVM: x86: Introduce cpuid_entry_{get,has}() accessors Sean Christopherson
2020-02-14 9:44 ` Xiaoyao Li
2020-02-14 17:09 ` Sean Christopherson
2020-02-21 15:57 ` Vitaly Kuznetsov
2020-02-21 16:29 ` Sean Christopherson
2020-02-01 18:51 ` [PATCH 27/61] KVM: x86: Introduce cpuid_entry_{change,set,clear}() mutators Sean Christopherson
[not found] ` <87ftf0p0d0.fsf@vitty.brq.redhat.com>
2020-02-24 22:42 ` Sean Christopherson
2020-02-01 18:51 ` [PATCH 28/61] KVM: x86: Refactor cpuid_mask() to auto-retrieve the register Sean Christopherson
2020-02-24 13:49 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 29/61] KVM: x86: Add Kconfig-controlled auditing of reverse CPUID lookups Sean Christopherson
2020-02-24 13:54 ` Vitaly Kuznetsov
2020-02-24 22:46 ` Sean Christopherson [this message]
2020-02-25 15:02 ` Paolo Bonzini
2020-02-25 15:00 ` Paolo Bonzini
2020-02-01 18:51 ` [PATCH 30/61] KVM: x86: Handle MPX CPUID adjustment in VMX code Sean Christopherson
2020-02-13 13:51 ` Xiaoyao Li
2020-02-13 17:37 ` Sean Christopherson
2020-02-24 15:14 ` Vitaly Kuznetsov
2020-02-24 15:45 ` Sean Christopherson
2020-02-01 18:51 ` [PATCH 31/61] KVM: x86: Handle INVPCID " Sean Christopherson
2020-02-24 15:19 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 32/61] KVM: x86: Handle UMIP emulation " Sean Christopherson
2020-02-24 15:21 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 33/61] KVM: x86: Handle PKU " Sean Christopherson
2020-02-24 15:24 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 34/61] KVM: x86: Handle RDTSCP " Sean Christopherson
2020-02-24 15:28 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 35/61] KVM: x86: Handle Intel PT " Sean Christopherson
2020-02-24 15:30 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 36/61] KVM: x86: Handle GBPAGE CPUID adjustment for EPT " Sean Christopherson
2020-02-24 15:34 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 37/61] KVM: x86: Refactor handling of XSAVES CPUID adjustment Sean Christopherson
2020-02-24 15:39 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 38/61] KVM: x86: Introduce kvm_cpu_caps to replace runtime CPUID masking Sean Christopherson
2020-02-24 16:32 ` Vitaly Kuznetsov
2020-02-24 22:57 ` Sean Christopherson
2020-02-24 23:20 ` Vitaly Kuznetsov
2020-02-24 23:25 ` Sean Christopherson
2020-02-01 18:51 ` [PATCH 39/61] KVM: SVM: Convert feature updates from CPUID to KVM cpu caps Sean Christopherson
2020-02-24 21:33 ` Vitaly Kuznetsov
2020-02-25 15:10 ` Paolo Bonzini
2020-02-28 0:28 ` Sean Christopherson
2020-02-28 0:36 ` Sean Christopherson
2020-02-28 7:03 ` Paolo Bonzini
2020-02-28 15:09 ` Sean Christopherson
2020-02-01 18:51 ` [PATCH 40/61] KVM: VMX: " Sean Christopherson
2020-02-24 21:40 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 41/61] KVM: x86: Move XSAVES CPUID adjust to VMX's KVM cpu cap update Sean Christopherson
2020-02-24 21:43 ` Vitaly Kuznetsov
2020-02-01 18:51 ` [PATCH 42/61] KVM: x86: Add a helper to check kernel support when setting cpu cap Sean Christopherson
2020-02-24 21:47 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 43/61] KVM: x86: Use KVM cpu caps to mark CR4.LA57 as not-reserved Sean Christopherson
2020-02-24 22:08 ` Vitaly Kuznetsov
2020-02-24 23:23 ` Sean Christopherson
2020-02-25 15:12 ` Paolo Bonzini
2020-02-25 15:19 ` David Laight
2020-02-25 21:22 ` Sean Christopherson
2020-02-26 11:35 ` Paolo Bonzini
2020-02-01 18:52 ` [PATCH 44/61] KVM: x86: Use KVM cpu caps to track UMIP emulation Sean Christopherson
2020-02-24 22:13 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 45/61] KVM: x86: Fold CPUID 0x7 masking back into __do_cpuid_func() Sean Christopherson
2020-02-24 22:21 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 46/61] KVM: x86: Remove the unnecessary loop on CPUID 0x7 sub-leafs Sean Christopherson
2020-02-24 22:25 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 47/61] KVM: x86: Squash CPUID 0x2.0 insanity for modern CPUs Sean Christopherson
2020-02-24 22:35 ` Vitaly Kuznetsov
2020-02-25 15:17 ` Paolo Bonzini
2020-02-01 18:52 ` [PATCH 48/61] KVM: x86: Do host CPUID at load time to mask KVM cpu caps Sean Christopherson
[not found] ` <87o8tnmwni.fsf@vitty.brq.redhat.com>
2020-02-24 23:31 ` Sean Christopherson
2020-02-25 13:53 ` Vitaly Kuznetsov
2020-02-25 15:18 ` Paolo Bonzini
2020-02-25 21:08 ` Sean Christopherson
2020-02-29 18:38 ` Sean Christopherson
2020-02-01 18:52 ` [PATCH 49/61] KVM: x86: Override host CPUID results with kvm_cpu_caps Sean Christopherson
2020-02-24 22:57 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 50/61] KVM: x86: Set emulated/transmuted feature bits via kvm_cpu_caps Sean Christopherson
2020-02-25 13:59 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 51/61] KVM: x86: Use kvm_cpu_caps to detect Intel PT support Sean Christopherson
2020-02-25 14:06 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 52/61] KVM: x86: Use KVM cpu caps to detect MSR_TSC_AUX virt support Sean Christopherson
2020-02-25 14:08 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 53/61] KVM: VMX: Directly use VMX capabilities helper to detect RDTSCP support Sean Christopherson
2020-02-25 14:10 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 54/61] KVM: x86: Check for Intel PT MSR virtualization using KVM cpu caps Sean Christopherson
2020-02-25 14:11 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 55/61] KVM: VMX: Directly query Intel PT mode when refreshing PMUs Sean Christopherson
2020-02-25 14:16 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 56/61] KVM: SVM: Refactor logging of NPT enabled/disabled Sean Christopherson
2020-02-25 14:21 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 57/61] KVM: x86/mmu: Merge kvm_{enable,disable}_tdp() into a common function Sean Christopherson
2020-02-25 14:27 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 58/61] KVM: x86/mmu: Configure max page level during hardware setup Sean Christopherson
2020-02-25 14:43 ` Vitaly Kuznetsov
2020-02-25 21:01 ` Sean Christopherson
2020-02-26 14:55 ` Vitaly Kuznetsov
2020-02-26 15:56 ` Sean Christopherson
2020-02-01 18:52 ` [PATCH 59/61] KVM: x86: Don't propagate MMU lpage support to memslot.disallow_lpage Sean Christopherson
2020-02-25 14:55 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 60/61] KVM: Drop largepages_enabled and its accessor/mutator Sean Christopherson
2020-02-25 14:56 ` Vitaly Kuznetsov
2020-02-01 18:52 ` [PATCH 61/61] KVM: x86: Move VMX's host_efer to common x86 code Sean Christopherson
2020-02-25 15:02 ` Vitaly Kuznetsov
[not found] ` <87wo8ak84x.fsf@vitty.brq.redhat.com>
2020-02-25 15:25 ` [PATCH 00/61] KVM: x86: Introduce KVM cpu caps Paolo Bonzini
2020-02-28 1:37 ` Sean Christopherson
2020-02-28 7:04 ` Paolo Bonzini
2020-02-29 18:32 ` Sean Christopherson
2020-03-02 9:03 ` Vitaly Kuznetsov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200224224613.GO29865@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.