[PATCH 0/2] x86/kvm: Enable MCE injection in the guest v2

[PATCH 0/2] x86/kvm: Enable MCE injection in the guest v2

[Borislav Petkov]

From: Borislav Petkov <bp@suse.de>

Hi all,

here's v2, dropping patch 3 and incorporating hopefully all of Radim's
feedback.

Thx.

v1 cover letter:

there's this mce-inject.ko module in the kernel which allows for
injecting real MCEs and thus test the MCE handling code.

It is doubly useful to be able to inject same MCEs in a guest so that
testing of the MCE handling code can happen even easier/faster. In order
to be able to do that on an AMD guest, we need to emulate some bits
and pieces like the HWCR[McStatusWrEn] bit which allows writes to the
MCi_STATUS registers without a #GP.

The below does that and with it I'm able to properly inject MCEs in said
guest.

Borislav Petkov (2):
  kvm/x86: Move MSR_K7_HWCR to svm.c
  x86/kvm: Implement MSR_HWCR support

 arch/x86/kvm/svm.c | 20 ++++++++++++++++++++
 arch/x86/kvm/x86.c | 46 +++++++++++++++++++++++++++++++---------------
 2 files changed, 51 insertions(+), 15 deletions(-)

-- 
2.17.0.582.gccdcbd54c

[PATCH 1/2] kvm/x86: Move MSR_K7_HWCR to svm.c

[Borislav Petkov]

From: Borislav Petkov <bp@suse.de>

This is an AMD-specific MSR. Put it where it belongs.

Signed-off-by: Borislav Petkov <bp@suse.de>
---
 arch/x86/kvm/svm.c | 14 ++++++++++++++
 arch/x86/kvm/x86.c | 12 ------------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index f059a73f0fd0..72e60daf3ab8 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -4153,6 +4153,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_F10H_DECFG:
 		msr_info->data = svm->msr_decfg;
 		break;
+	case MSR_K7_HWCR:
+		msr_info->data = 0;
+		break;
 	default:
 		return kvm_get_msr_common(vcpu, msr_info);
 	}
@@ -4357,6 +4360,17 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 		svm->msr_decfg = data;
 		break;
 	}
+	case MSR_K7_HWCR:
+		data &= ~(u64)0x40;	/* ignore flush filter disable */
+		data &= ~(u64)0x100;	/* ignore ignne emulation enable */
+		data &= ~(u64)0x8;	/* ignore TLB cache disable */
+		data &= ~(u64)0x40000;  /* ignore Mc status write enable */
+		if (data != 0) {
+			vcpu_unimpl(vcpu, "unimplemented HWCR wrmsr: 0x%llx\n",
+				    data);
+			return 1;
+		}
+		break;
 	case MSR_IA32_APICBASE:
 		if (kvm_vcpu_apicv_active(vcpu))
 			avic_update_vapic_bar(to_svm(vcpu), data);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 0046aa70205a..3bf721c22124 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2317,17 +2317,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 		break;
 	case MSR_EFER:
 		return set_efer(vcpu, data);
-	case MSR_K7_HWCR:
-		data &= ~(u64)0x40;	/* ignore flush filter disable */
-		data &= ~(u64)0x100;	/* ignore ignne emulation enable */
-		data &= ~(u64)0x8;	/* ignore TLB cache disable */
-		data &= ~(u64)0x40000;  /* ignore Mc status write enable */
-		if (data != 0) {
-			vcpu_unimpl(vcpu, "unimplemented HWCR wrmsr: 0x%llx\n",
-				    data);
-			return 1;
-		}
-		break;
 	case MSR_FAM10H_MMIO_CONF_BASE:
 		if (data != 0) {
 			vcpu_unimpl(vcpu, "unimplemented MMIO_CONF_BASE wrmsr: "
@@ -2597,7 +2586,6 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_K8_SYSCFG:
 	case MSR_K8_TSEG_ADDR:
 	case MSR_K8_TSEG_MASK:
-	case MSR_K7_HWCR:
 	case MSR_VM_HSAVE_PA:
 	case MSR_K8_INT_PENDING_MSG:
 	case MSR_AMD64_NB_CFG:
-- 
2.17.0.582.gccdcbd54c

[PATCH 2/2] x86/kvm: Implement MSR_HWCR support

[Borislav Petkov]

From: Borislav Petkov <bp@suse.de>

The hardware configuration register has some useful bits which can be
used by guests. Implement McStatusWrEn which can be used by guests when
injecting MCEs with the in-kernel mce-inject module.

For that, we need to set bit 18 - McStatusWrEn - first, before writing
the MCi_STATUS registers (otherwise we #GP).

Add the required machinery to do so.

Signed-off-by: Borislav Petkov <bp@suse.de>
---
 arch/x86/kvm/svm.c | 12 +++++++++---
 arch/x86/kvm/x86.c | 34 +++++++++++++++++++++++++++++++---
 2 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 72e60daf3ab8..623be0034f7d 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -251,6 +251,9 @@ struct vcpu_svm {
 
 	/* which host CPU was used for running this vcpu */
 	unsigned int last_cpu;
+
+	/* MSRC001_0015 Hardware Configuration */
+	u64 msr_hwcr;
 };
 
 /*
@@ -4154,7 +4157,7 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 		msr_info->data = svm->msr_decfg;
 		break;
 	case MSR_K7_HWCR:
-		msr_info->data = 0;
+		msr_info->data = svm->msr_hwcr;
 		break;
 	default:
 		return kvm_get_msr_common(vcpu, msr_info);
@@ -4364,8 +4367,11 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 		data &= ~(u64)0x40;	/* ignore flush filter disable */
 		data &= ~(u64)0x100;	/* ignore ignne emulation enable */
 		data &= ~(u64)0x8;	/* ignore TLB cache disable */
-		data &= ~(u64)0x40000;  /* ignore Mc status write enable */
-		if (data != 0) {
+
+		/* Handle McStatusWrEn */
+		if (data == BIT_ULL(18)) {
+			svm->msr_hwcr = data;
+		} else if (data != 0) {
 			vcpu_unimpl(vcpu, "unimplemented HWCR wrmsr: 0x%llx\n",
 				    data);
 			return 1;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 3bf721c22124..19f9f43b6094 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2146,6 +2146,30 @@ static void kvmclock_sync_fn(struct work_struct *work)
 					KVMCLOCK_SYNC_PERIOD);
 }
 
+/*
+ * On AMD, HWCR[McStatusWrEn] controls whether setting MCi_STATUS results in #GP.
+ */
+static bool __set_mci_status(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
+{
+	if (guest_cpuid_is_amd(vcpu)) {
+		struct msr_data tmp;
+
+		tmp.index = MSR_K7_HWCR;
+
+		if (kvm_x86_ops->get_msr(vcpu, &tmp))
+			return false;
+
+		/* McStatusWrEn enabled? */
+		if (tmp.data & BIT_ULL(18))
+			return true;
+	}
+
+	if (msr_info->data != 0)
+		return false;
+
+	return true;
+}
+
 static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 {
 	u64 mcg_cap = vcpu->arch.mcg_cap;
@@ -2176,9 +2200,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 			if ((offset & 0x3) == 0 &&
 			    data != 0 && (data | (1 << 10)) != ~(u64)0)
 				return -1;
-			if (!msr_info->host_initiated &&
-				(offset & 0x3) == 1 && data != 0)
-				return -1;
+
+			/* MCi_STATUS */
+			if ((offset & 0x3) == 1 && !msr_info->host_initiated) {
+				if (!__set_mci_status(vcpu, msr_info))
+						return -1;
+			}
+
 			vcpu->arch.mce_banks[offset] = data;
 			break;
 		}
-- 
2.17.0.582.gccdcbd54c

RE: [PATCH 0/2] x86/kvm: Enable MCE injection in the guest v2

[Ghannam, Yazen]

> -----Original Message-----
> From: Borislav Petkov <bp@alien8.de>
> Sent: Thursday, June 28, 2018 1:38 PM
> To: KVM <kvm@vger.kernel.org>
> Cc: Joerg Roedel <joro@8bytes.org>; Radim Krčmář <rkrcmar@redhat.com>;
> Lendacky, Thomas <Thomas.Lendacky@amd.com>; Tony Luck
> <tony.luck@intel.com>; Ghannam, Yazen <Yazen.Ghannam@amd.com>; LKML
> <linux-kernel@vger.kernel.org>
> Subject: [PATCH 0/2] x86/kvm: Enable MCE injection in the guest v2
> 
> From: Borislav Petkov <bp@suse.de>
> 
> Hi all,
> 
> here's v2, dropping patch 3 and incorporating hopefully all of Radim's
> feedback.
> 
> Thx.
> 
> v1 cover letter:
> 
> there's this mce-inject.ko module in the kernel which allows for
> injecting real MCEs and thus test the MCE handling code.
> 
> It is doubly useful to be able to inject same MCEs in a guest so that
> testing of the MCE handling code can happen even easier/faster. In order
> to be able to do that on an AMD guest, we need to emulate some bits
> and pieces like the HWCR[McStatusWrEn] bit which allows writes to the
> MCi_STATUS registers without a #GP.
> 
> The below does that and with it I'm able to properly inject MCEs in said
> guest.
> 
> Borislav Petkov (2):
>   kvm/x86: Move MSR_K7_HWCR to svm.c
>   x86/kvm: Implement MSR_HWCR support
> 
>  arch/x86/kvm/svm.c | 20 ++++++++++++++++++++
>  arch/x86/kvm/x86.c | 46 +++++++++++++++++++++++++++++++---------------
>  2 files changed, 51 insertions(+), 15 deletions(-)
> 

Tested-by: Yazen Ghannam <yazen.ghannam@amd.com>

Thanks!

-Yazen

Re: [PATCH 0/2] x86/kvm: Enable MCE injection in the guest v2

[Borislav Petkov]

Ping...

On Thu, Jun 28, 2018 at 07:38:06PM +0200, Borislav Petkov wrote:
> From: Borislav Petkov <bp@suse.de>
> 
> Hi all,
> 
> here's v2, dropping patch 3 and incorporating hopefully all of Radim's
> feedback.
> 
> Thx.
> 
> v1 cover letter:
> 
> there's this mce-inject.ko module in the kernel which allows for
> injecting real MCEs and thus test the MCE handling code.
> 
> It is doubly useful to be able to inject same MCEs in a guest so that
> testing of the MCE handling code can happen even easier/faster. In order
> to be able to do that on an AMD guest, we need to emulate some bits
> and pieces like the HWCR[McStatusWrEn] bit which allows writes to the
> MCi_STATUS registers without a #GP.
> 
> The below does that and with it I'm able to properly inject MCEs in said
> guest.
> 
> Borislav Petkov (2):
>   kvm/x86: Move MSR_K7_HWCR to svm.c
>   x86/kvm: Implement MSR_HWCR support
> 
>  arch/x86/kvm/svm.c | 20 ++++++++++++++++++++
>  arch/x86/kvm/x86.c | 46 +++++++++++++++++++++++++++++++---------------
>  2 files changed, 51 insertions(+), 15 deletions(-)
> 
> -- 
> 2.17.0.582.gccdcbd54c
> 

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.