From: Maxim Levitsky <mlevitsk@redhat.com>
To: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: pbonzini@redhat.com, seanjc@google.com, joro@8bytes.org,
jon.grimm@amd.com, wei.huang2@amd.com, terry.bowman@amd.com
Subject: Re: [PATCH v5 16/17] KVM: x86: nSVM: always intercept x2apic msrs
Date: Wed, 18 May 2022 20:18:31 +0300 [thread overview]
Message-ID: <92fb7b8962e1da874dde2789f0d9c1f3887a63dc.camel@redhat.com> (raw)
In-Reply-To: <20220518162652.100493-17-suravee.suthikulpanit@amd.com>
On Wed, 2022-05-18 at 11:26 -0500, Suravee Suthikulpanit wrote:
> From: Maxim Levitsky <mlevitsk@redhat.com>
>
> As a preparation for x2avic, this patch ensures that x2apic msrs
> are always intercepted for the nested guest.
>
> Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
> Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
> arch/x86/kvm/svm/nested.c | 5 +++++
> arch/x86/kvm/svm/svm.h | 9 +++++++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index f209c1ca540c..b61f8939c210 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -230,6 +230,11 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
> break;
>
> p = msrpm_offsets[i];
> +
> + /* x2apic msrs are intercepted always for the nested guest */
> + if (is_x2apic_msrpm_offset(p))
> + continue;
> +
> offset = svm->nested.ctl.msrpm_base_pa + (p * 4);
>
> if (kvm_vcpu_read_guest(&svm->vcpu, offset, &value, 4))
> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> index 818817b11f53..309445619756 100644
> --- a/arch/x86/kvm/svm/svm.h
> +++ b/arch/x86/kvm/svm/svm.h
> @@ -517,6 +517,15 @@ static inline bool nested_npt_enabled(struct vcpu_svm *svm)
> return svm->nested.ctl.nested_ctl & SVM_NESTED_CTL_NP_ENABLE;
> }
>
> +static inline bool is_x2apic_msrpm_offset(u32 offset)
> +{
> + /* 4 msrs per u8, and 4 u8 in u32 */
> + u32 msr = offset * 16;
> +
> + return (msr >= APIC_BASE_MSR) &&
> + (msr < (APIC_BASE_MSR + 0x100));
> +}
> +
> /* svm.c */
> #define MSR_INVALID 0xffffffffU
>
Just one thing, this patch should be earlier in the series (or even first one),
to avoid having a commit window where the problem exists, where malicious
L1 can get access to L0's apic msrs this way.
Best regards,
Maxim Levitsky
next prev parent reply other threads:[~2022-05-18 17:18 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-18 16:26 [PATCH v5 00/17] Introducing AMD x2AVIC and hybrid-AVIC modes Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 01/17] x86/cpufeatures: Introduce x2AVIC CPUID bit Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 02/17] KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 03/17] KVM: SVM: Detect X2APIC virtualization (x2AVIC) support Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 04/17] KVM: SVM: Update max number of vCPUs supported for x2AVIC mode Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 05/17] KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 06/17] KVM: SVM: Do not support updating APIC ID when in x2APIC mode Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 07/17] KVM: SVM: Adding support for configuring x2APIC MSRs interception Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 08/17] KVM: x86: Deactivate APICv on vCPU with APIC disabled Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 09/17] KVM: SVM: Refresh AVIC configuration when changing APIC mode Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 10/17] KVM: SVM: Introduce helper functions to (de)activate AVIC and x2AVIC Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 11/17] KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 12/17] KVM: SVM: Introduce hybrid-AVIC mode Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 13/17] KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 14/17] KVM: SVM: Use target APIC ID to complete x2AVIC IRQs when possible Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 15/17] KVM: SVM: Add AVIC doorbell tracepoint Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 16/17] KVM: x86: nSVM: always intercept x2apic msrs Suravee Suthikulpanit
2022-05-18 17:18 ` Maxim Levitsky [this message]
2022-05-18 17:25 ` Maxim Levitsky
2022-05-19 10:29 ` Suravee Suthikulpanit
2022-05-18 16:26 ` [PATCH v5 17/17] KVM: x86: nSVM: optimize svm_set_x2apic_msr_interception Suravee Suthikulpanit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=92fb7b8962e1da874dde2789f0d9c1f3887a63dc.camel@redhat.com \
--to=mlevitsk@redhat.com \
--cc=jon.grimm@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=terry.bowman@amd.com \
--cc=wei.huang2@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.