From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>
Cc: xiaoyao.li@intel.com, erdemaktas@google.com,
Connor Kuehl <ckuehl@redhat.com>,
x86@kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, isaku.yamahata@intel.com,
Kai Huang <kai.huang@intel.com>
Subject: [PATCH 04/11] KVM: x86: Disable MCE related stuff for TDX
Date: Fri, 12 Nov 2021 23:37:26 +0800 [thread overview]
Message-ID: <20211112153733.2767561-5-xiaoyao.li@intel.com> (raw)
In-Reply-To: <20211112153733.2767561-1-xiaoyao.li@intel.com>
From: Sean Christopherson <sean.j.christopherson@intel.com>
MCE is not supported for TDX VM and KVM cannot inject #MC to TDX VM.
Introduce kvm_guest_mce_disallowed() which actually reports the MCE
availability based on vm_type. And use it to guard all the MCE related
CAPs and IOCTLs.
Note: KVM_X86_GET_MCE_CAP_SUPPORTED is KVM scope so that what it reports
may not match the behavior of specific VM (e.g., here for TDX VM). The
same for KVM_CAP_MCE when queried from /dev/kvm. To qeuery the precise
KVM_CAP_MCE of the VM, it should use VM's fd.
[ Xiaoyao: Guard MCE related CAPs ]
Co-developed-by: Kai Huang <kai.huang@linux.intel.com>
Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
arch/x86/kvm/x86.c | 10 ++++++++++
arch/x86/kvm/x86.h | 5 +++++
2 files changed, 15 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b02088343d80..2b21c5169f32 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4150,6 +4150,8 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
break;
case KVM_CAP_MCE:
r = KVM_MAX_MCE_BANKS;
+ if (kvm)
+ r = kvm_guest_mce_disallowed(kvm) ? 0 : r;
break;
case KVM_CAP_XCRS:
r = boot_cpu_has(X86_FEATURE_XSAVE);
@@ -5155,6 +5157,10 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
case KVM_X86_SETUP_MCE: {
u64 mcg_cap;
+ r = EINVAL;
+ if (kvm_guest_mce_disallowed(vcpu->kvm))
+ goto out;
+
r = -EFAULT;
if (copy_from_user(&mcg_cap, argp, sizeof(mcg_cap)))
goto out;
@@ -5164,6 +5170,10 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
case KVM_X86_SET_MCE: {
struct kvm_x86_mce mce;
+ r = EINVAL;
+ if (kvm_guest_mce_disallowed(vcpu->kvm))
+ goto out;
+
r = -EFAULT;
if (copy_from_user(&mce, argp, sizeof(mce)))
goto out;
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index a2813892740d..69c60297bef2 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -441,6 +441,11 @@ static __always_inline bool kvm_irq_injection_disallowed(struct kvm_vcpu *vcpu)
return vcpu->kvm->arch.vm_type == KVM_X86_TDX_VM;
}
+static __always_inline bool kvm_guest_mce_disallowed(struct kvm *kvm)
+{
+ return kvm->arch.vm_type == KVM_X86_TDX_VM;
+}
+
void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu);
void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu);
int kvm_spec_ctrl_test_value(u64 value);
--
2.27.0
next prev parent reply other threads:[~2021-11-12 15:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-12 15:37 [PATCH 00/11] KVM: x86: TDX preparation of introducing vm_type and blocking ioctls based on vm_type Xiaoyao Li
2021-11-12 15:37 ` [PATCH 01/11] KVM: x86: Introduce vm_type to differentiate normal VMs from confidential VMs Xiaoyao Li
2021-11-12 16:47 ` Sean Christopherson
2021-11-15 15:37 ` Xiaoyao Li
2021-11-12 15:37 ` [PATCH 02/11] KVM: x86: Disable direct IRQ injection for TDX Xiaoyao Li
2021-11-12 15:37 ` [PATCH 03/11] KVM: x86: Clean up kvm_vcpu_ioctl_x86_setup_mce() Xiaoyao Li
2021-12-02 1:19 ` Xiaoyao Li
2021-11-12 15:37 ` Xiaoyao Li [this message]
2021-11-12 17:01 ` [PATCH 04/11] KVM: x86: Disable MCE related stuff for TDX Sean Christopherson
2021-11-15 15:39 ` Xiaoyao Li
2021-11-12 15:37 ` [PATCH 05/11] KVM: x86: Disallow tsc manipulation " Xiaoyao Li
2021-11-12 15:37 ` [PATCH 06/11] KVM: x86: Disable in-kernel I/O APIC and level routes " Xiaoyao Li
2021-11-12 15:37 ` [PATCH 07/11] KVM: x86: Disable SMM " Xiaoyao Li
2021-11-12 18:04 ` Sean Christopherson
2021-11-12 18:35 ` Sean Christopherson
2021-12-01 6:29 ` Xiaoyao Li
2021-11-12 15:37 ` [PATCH 08/11] KVM: x86: Disable INIT/SIPI " Xiaoyao Li
2021-11-12 15:37 ` [PATCH 09/11] KVM: x86: Block ioctls to access guest state " Xiaoyao Li
2021-11-12 15:37 ` [PATCH 10/11] KVM: Disallow read-only memory for x86 TDX Xiaoyao Li
2021-11-12 16:52 ` Sean Christopherson
2021-11-14 3:43 ` Xiaoyao Li
2021-11-12 15:37 ` [PATCH 11/11] KVM: Disallow dirty logging " Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211112153733.2767561-5-xiaoyao.li@intel.com \
--to=xiaoyao.li@intel.com \
--cc=ckuehl@redhat.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.