* [PATCH 0/2] KVM: x86: Sanitize writes to MSR_KVM_PV_EOI_EN
@ 2021-11-08 15:28 Vitaly Kuznetsov
2021-11-08 15:28 ` [PATCH 1/2] KVM: x86: Rename kvm_lapic_enable_pv_eoi() Vitaly Kuznetsov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Vitaly Kuznetsov @ 2021-11-08 15:28 UTC (permalink / raw)
To: kvm, Paolo Bonzini
Cc: Sean Christopherson, Wanpeng Li, Jim Mattson, Li RongQing, linux-kernel
This is a continuation of work started by Li RongQing with
"[PATCH] KVM: x86: disable pv eoi if guest gives a wrong address":
https://lore.kernel.org/kvm/1636078404-48617-1-git-send-email-lirongqing@baidu.com/
Instead of resetting 'KVM_MSR_ENABLED' when a bogus address was written to
MSR_KVM_PV_EOI_EN I suggest we refuse to update MSR at all, this aligns
with #GP which is being injected on such writes.
Vitaly Kuznetsov (2):
KVM: x86: Rename kvm_lapic_enable_pv_eoi()
KVM: x86: Don't update vcpu->arch.pv_eoi.msr_val when a bogus value
was written to MSR_KVM_PV_EOI_EN
arch/x86/kvm/hyperv.c | 4 ++--
arch/x86/kvm/lapic.c | 23 ++++++++++++++---------
arch/x86/kvm/lapic.h | 2 +-
arch/x86/kvm/x86.c | 2 +-
4 files changed, 18 insertions(+), 13 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] KVM: x86: Rename kvm_lapic_enable_pv_eoi()
2021-11-08 15:28 [PATCH 0/2] KVM: x86: Sanitize writes to MSR_KVM_PV_EOI_EN Vitaly Kuznetsov
@ 2021-11-08 15:28 ` Vitaly Kuznetsov
2021-11-08 15:28 ` [PATCH 2/2] KVM: x86: Don't update vcpu->arch.pv_eoi.msr_val when a bogus value was written to MSR_KVM_PV_EOI_EN Vitaly Kuznetsov
2021-11-11 13:59 ` [PATCH 0/2] KVM: x86: Sanitize writes " Paolo Bonzini
2 siblings, 0 replies; 4+ messages in thread
From: Vitaly Kuznetsov @ 2021-11-08 15:28 UTC (permalink / raw)
To: kvm, Paolo Bonzini
Cc: Sean Christopherson, Wanpeng Li, Jim Mattson, Li RongQing, linux-kernel
kvm_lapic_enable_pv_eoi() is a misnomer as the function is also
used to disable PV EOI. Rename it to kvm_lapic_set_pv_eoi().
No functional change intended.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
arch/x86/kvm/hyperv.c | 4 ++--
arch/x86/kvm/lapic.c | 2 +-
arch/x86/kvm/lapic.h | 2 +-
arch/x86/kvm/x86.c | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
index 4f15c0165c05..4a555f32885a 100644
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -1472,7 +1472,7 @@ static int kvm_hv_set_msr(struct kvm_vcpu *vcpu, u32 msr, u64 data, bool host)
if (!(data & HV_X64_MSR_VP_ASSIST_PAGE_ENABLE)) {
hv_vcpu->hv_vapic = data;
- if (kvm_lapic_enable_pv_eoi(vcpu, 0, 0))
+ if (kvm_lapic_set_pv_eoi(vcpu, 0, 0))
return 1;
break;
}
@@ -1490,7 +1490,7 @@ static int kvm_hv_set_msr(struct kvm_vcpu *vcpu, u32 msr, u64 data, bool host)
return 1;
hv_vcpu->hv_vapic = data;
kvm_vcpu_mark_page_dirty(vcpu, gfn);
- if (kvm_lapic_enable_pv_eoi(vcpu,
+ if (kvm_lapic_set_pv_eoi(vcpu,
gfn_to_gpa(gfn) | KVM_MSR_ENABLED,
sizeof(struct hv_vp_assist_page)))
return 1;
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 76fb00921203..3573b50d9036 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -2852,7 +2852,7 @@ int kvm_hv_vapic_msr_read(struct kvm_vcpu *vcpu, u32 reg, u64 *data)
return 0;
}
-int kvm_lapic_enable_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len)
+int kvm_lapic_set_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len)
{
u64 addr = data & ~KVM_MSR_ENABLED;
struct gfn_to_hva_cache *ghc = &vcpu->arch.pv_eoi.data;
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index d7c25d0c1354..2b44e533fc8d 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -127,7 +127,7 @@ int kvm_x2apic_msr_read(struct kvm_vcpu *vcpu, u32 msr, u64 *data);
int kvm_hv_vapic_msr_write(struct kvm_vcpu *vcpu, u32 msr, u64 data);
int kvm_hv_vapic_msr_read(struct kvm_vcpu *vcpu, u32 msr, u64 *data);
-int kvm_lapic_enable_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len);
+int kvm_lapic_set_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len);
void kvm_lapic_exit(void);
#define VEC_POS(v) ((v) & (32 - 1))
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ac83d873d65b..41d4fe7374f5 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3517,7 +3517,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
if (!guest_pv_has(vcpu, KVM_FEATURE_PV_EOI))
return 1;
- if (kvm_lapic_enable_pv_eoi(vcpu, data, sizeof(u8)))
+ if (kvm_lapic_set_pv_eoi(vcpu, data, sizeof(u8)))
return 1;
break;
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] KVM: x86: Don't update vcpu->arch.pv_eoi.msr_val when a bogus value was written to MSR_KVM_PV_EOI_EN
2021-11-08 15:28 [PATCH 0/2] KVM: x86: Sanitize writes to MSR_KVM_PV_EOI_EN Vitaly Kuznetsov
2021-11-08 15:28 ` [PATCH 1/2] KVM: x86: Rename kvm_lapic_enable_pv_eoi() Vitaly Kuznetsov
@ 2021-11-08 15:28 ` Vitaly Kuznetsov
2021-11-11 13:59 ` [PATCH 0/2] KVM: x86: Sanitize writes " Paolo Bonzini
2 siblings, 0 replies; 4+ messages in thread
From: Vitaly Kuznetsov @ 2021-11-08 15:28 UTC (permalink / raw)
To: kvm, Paolo Bonzini
Cc: Sean Christopherson, Wanpeng Li, Jim Mattson, Li RongQing, linux-kernel
When kvm_gfn_to_hva_cache_init() call from kvm_lapic_set_pv_eoi() fails,
MSR write to MSR_KVM_PV_EOI_EN results in #GP so it is reasonable to
expect that the value we keep internally in KVM wasn't updated.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
arch/x86/kvm/lapic.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 3573b50d9036..4388d22df500 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -2857,20 +2857,25 @@ int kvm_lapic_set_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len)
u64 addr = data & ~KVM_MSR_ENABLED;
struct gfn_to_hva_cache *ghc = &vcpu->arch.pv_eoi.data;
unsigned long new_len;
+ int ret;
if (!IS_ALIGNED(addr, 4))
return 1;
- vcpu->arch.pv_eoi.msr_val = data;
- if (!pv_eoi_enabled(vcpu))
- return 0;
+ if (data & KVM_MSR_ENABLED) {
+ if (addr == ghc->gpa && len <= ghc->len)
+ new_len = ghc->len;
+ else
+ new_len = len;
- if (addr == ghc->gpa && len <= ghc->len)
- new_len = ghc->len;
- else
- new_len = len;
+ ret = kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc, addr, new_len);
+ if (ret)
+ return ret;
+ }
+
+ vcpu->arch.pv_eoi.msr_val = data;
- return kvm_gfn_to_hva_cache_init(vcpu->kvm, ghc, addr, new_len);
+ return 0;
}
int kvm_apic_accept_events(struct kvm_vcpu *vcpu)
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] KVM: x86: Sanitize writes to MSR_KVM_PV_EOI_EN
2021-11-08 15:28 [PATCH 0/2] KVM: x86: Sanitize writes to MSR_KVM_PV_EOI_EN Vitaly Kuznetsov
2021-11-08 15:28 ` [PATCH 1/2] KVM: x86: Rename kvm_lapic_enable_pv_eoi() Vitaly Kuznetsov
2021-11-08 15:28 ` [PATCH 2/2] KVM: x86: Don't update vcpu->arch.pv_eoi.msr_val when a bogus value was written to MSR_KVM_PV_EOI_EN Vitaly Kuznetsov
@ 2021-11-11 13:59 ` Paolo Bonzini
2 siblings, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2021-11-11 13:59 UTC (permalink / raw)
To: Vitaly Kuznetsov, kvm
Cc: Sean Christopherson, Wanpeng Li, Jim Mattson, Li RongQing, linux-kernel
On 11/8/21 16:28, Vitaly Kuznetsov wrote:
> This is a continuation of work started by Li RongQing with
> "[PATCH] KVM: x86: disable pv eoi if guest gives a wrong address":
> https://lore.kernel.org/kvm/1636078404-48617-1-git-send-email-lirongqing@baidu.com/
>
> Instead of resetting 'KVM_MSR_ENABLED' when a bogus address was written to
> MSR_KVM_PV_EOI_EN I suggest we refuse to update MSR at all, this aligns
> with #GP which is being injected on such writes.
>
> Vitaly Kuznetsov (2):
> KVM: x86: Rename kvm_lapic_enable_pv_eoi()
> KVM: x86: Don't update vcpu->arch.pv_eoi.msr_val when a bogus value
> was written to MSR_KVM_PV_EOI_EN
>
> arch/x86/kvm/hyperv.c | 4 ++--
> arch/x86/kvm/lapic.c | 23 ++++++++++++++---------
> arch/x86/kvm/lapic.h | 2 +-
> arch/x86/kvm/x86.c | 2 +-
> 4 files changed, 18 insertions(+), 13 deletions(-)
>
Queued, thanks.
Paolo
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-11 13:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-08 15:28 [PATCH 0/2] KVM: x86: Sanitize writes to MSR_KVM_PV_EOI_EN Vitaly Kuznetsov
2021-11-08 15:28 ` [PATCH 1/2] KVM: x86: Rename kvm_lapic_enable_pv_eoi() Vitaly Kuznetsov
2021-11-08 15:28 ` [PATCH 2/2] KVM: x86: Don't update vcpu->arch.pv_eoi.msr_val when a bogus value was written to MSR_KVM_PV_EOI_EN Vitaly Kuznetsov
2021-11-11 13:59 ` [PATCH 0/2] KVM: x86: Sanitize writes " Paolo Bonzini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.