All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Wheeler <kvm@lists.ewheeler.net>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	rkrcmar@redhat.com, liran.alon@oracle.com, jmattson@google.com,
	aliguori@amazon.com, thomas.lendacky@amd.com, dwmw@amazon.co.uk,
	bp@alien8.de, x86@kernel.org
Subject: Re: [PATCH 9/8] KVM: x86: limit MSR_IA32_SPEC_CTRL access based on CPUID availability
Date: Tue, 16 Jan 2018 00:55:56 +0000 (UTC)	[thread overview]
Message-ID: <alpine.LRH.2.11.1801160044340.7350@mail.ewheeler.net> (raw)
In-Reply-To: <20180109120311.27565-10-pbonzini@redhat.com>

On Tue, 9 Jan 2018, Paolo Bonzini wrote:
> MSR_IA32_SPEC_CTRL is not available unless CPU[7,0].EDX[26] is 1.
> Check that against host CPUID or guest CPUID, respectively for
> host-initiated and guest-initiated accesses.

Hi Radim, Paolo:

In porting this patch series to v4.14, I'm getting this BUILD_BUG_ON:

In file included from arch/x86/kvm/vmx.c:21:0:
In function 'x86_feature_cpuid',
    inlined from 'guest_cpuid_get_register' at arch/x86/kvm/cpuid.h:72:25,
    inlined from 'vmx_get_msr' at arch/x86/kvm/cpuid.h:101:6:
arch/x86/kvm/cpuid.h:64:232: error: call to '__compiletime_assert_64' 
declared with attribute error: BUILD_BUG_ON failed: 
reverse_cpuid[x86_leaf].function == 0
  BUILD_BUG_ON(reverse_cpuid[x86_leaf].function == 0);
                                                                                                                                                                                                                                        
^
In function 'x86_feature_cpuid',
    inlined from 'guest_cpuid_get_register' at arch/x86/kvm/cpuid.h:72:25,
    inlined from 'vmx_set_msr' at arch/x86/kvm/cpuid.h:101:6:
arch/x86/kvm/cpuid.h:64:232: error: call to '__compiletime_assert_64' 
declared with attribute error: BUILD_BUG_ON failed: 
reverse_cpuid[x86_leaf].function == 0
  BUILD_BUG_ON(reverse_cpuid[x86_leaf].function == 0);
                                                                                                                                                                                                                                        

I think this is caused by the following call stack for 
X86_FEATURE_SPEC_CTRL, but if not please correct me here:

arch/x86/kvm/vmx.c:
vmx_get_msr/vmx_set_msr()
	guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)
		guest_cpuid_get_register(vcpu, x86_feature); 
			x86_feature_cpuid(x86_feature);
				x86_feature_cpuid(unsigned x86_feature)
					BUILD_BUG_ON(reverse_cpuid[x86_leaf].function == 0);


It looks like I need to add something to reverse_cpuid[] but I'm not sure 
what.  

Do you know what needs to be added here?

-Eric

--
Eric Wheeler



> 
> Suggested-by: Jim Mattson <jmattson@google.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> 	This is for after X86_FEATURE_SPEC_CTRL is added to Linux, but
> 	I still wanted to ack Jim's improvement.
> 
>  arch/x86/kvm/svm.c | 8 ++++++++
>  arch/x86/kvm/vmx.c | 8 ++++++++
>  2 files changed, 16 insertions(+)
> 
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 97126c2bd663..3a646580d7c5 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -3648,6 +3648,10 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>  		msr_info->data = svm->nested.vm_cr_msr;
>  		break;
>  	case MSR_IA32_SPEC_CTRL:
> +		if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +	    	    (!msr_info->host_initiated &&
> +       		     !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
> +			return 1;
>  		msr_info->data = svm->spec_ctrl;
>  		break;
>  	case MSR_IA32_UCODE_REV:
> @@ -3806,6 +3810,10 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
>  		vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
>  		break;
>  	case MSR_IA32_SPEC_CTRL:
> +		if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +	    	    (!msr_info->host_initiated &&
> +       		     !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
> +			return 1;
>  		svm->spec_ctrl = data;
>  		break;
>  	case MSR_IA32_APICBASE:
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 49b4a2d61603..42bc7ee293e4 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -3368,6 +3368,10 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>  		msr_info->data = guest_read_tsc(vcpu);
>  		break;
>  	case MSR_IA32_SPEC_CTRL:
> +		if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +		    (!msr_info->host_initiated &&
> +		     !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
> +			return 1;
>  		msr_info->data = to_vmx(vcpu)->spec_ctrl;
>  		break;
>  	case MSR_IA32_SYSENTER_CS:
> @@ -3510,6 +3514,10 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>  		kvm_write_tsc(vcpu, msr_info);
>  		break;
>  	case MSR_IA32_SPEC_CTRL:
> +		if (!static_cpu_has(X86_FEATURE_SPEC_CTRL) ||
> +		    (!msr_info->host_initiated &&
> +		     !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)))
> +			return 1;
>  		to_vmx(vcpu)->spec_ctrl = data;
>  		break;
>  	case MSR_IA32_CR_PAT:
> -- 
> 1.8.3.1
> 
> 

  reply	other threads:[~2018-01-16  0:55 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-09 12:03 [PATCH v2 0/8] KVM: x86: expose CVE-2017-5715 ("Spectre variant 2") mitigations to guest Paolo Bonzini
2018-01-09 12:03 ` [PATCH 1/8] KVM: x86: add SPEC_CTRL and IBPB_SUPPORT accessors Paolo Bonzini
2018-01-15  9:42   ` David Hildenbrand
2018-01-09 12:03 ` [PATCH 2/8] x86/msr: add definitions for indirect branch predictor MSRs Paolo Bonzini
2018-01-09 12:03 ` [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD down to the guest Paolo Bonzini
2018-01-13 10:16   ` Longpeng (Mike)
2018-01-15  9:23     ` Paolo Bonzini
2018-01-15  9:34       ` Thomas Gleixner
     [not found]   ` <1515839272.22302.520.camel@amazon.co.uk>
2018-01-15  9:23     ` Paolo Bonzini
2018-01-09 12:03 ` [PATCH 4/8] kvm: vmx: Set IBPB when running a different VCPU Paolo Bonzini
2018-01-12  1:49   ` Wanpeng Li
2018-01-12 17:03     ` Jim Mattson
2018-01-13  9:29       ` Woodhouse, David
2018-01-15  9:21         ` Paolo Bonzini
2018-01-09 12:03 ` [PATCH 5/8] KVM: SVM: fix comment Paolo Bonzini
2018-01-15  9:53   ` David Hildenbrand
2018-01-09 12:03 ` [PATCH 6/8] kvm: svm: pass MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD down to guest Paolo Bonzini
2018-01-09 14:22   ` Konrad Rzeszutek Wilk
2018-01-09 16:05     ` Paolo Bonzini
2018-01-09 16:08     ` Paolo Bonzini
2018-01-11 10:45       ` Wanpeng Li
2018-01-10 20:13   ` Tom Lendacky
2018-01-11 10:33     ` Paolo Bonzini
2018-01-09 12:03 ` [PATCH 7/8] x86/svm: Set IBPB when running a different VCPU Paolo Bonzini
2018-01-09 14:23   ` Konrad Rzeszutek Wilk
2018-01-09 12:03 ` [PATCH 8/8] KVM: x86: add SPEC_CTRL and IBPB_SUPPORT to MSR and CPUID lists Paolo Bonzini
2018-01-13  1:25   ` Eric Wheeler
2018-01-13  8:00     ` Paolo Bonzini
2018-01-16  0:40       ` Eric Wheeler
2018-01-16  7:39         ` R: " Paolo Bonzini
2018-01-09 12:03 ` [PATCH 9/8] KVM: x86: limit MSR_IA32_SPEC_CTRL access based on CPUID availability Paolo Bonzini
2018-01-16  0:55   ` Eric Wheeler [this message]
2018-01-16 12:59     ` Paolo Bonzini
2018-01-30 13:21   ` [9/8] " Mihai Carabas
2018-01-30 16:33     ` Jim Mattson
2018-01-30 16:43       ` Mihai Carabas
2018-01-30 16:57         ` Jim Mattson
2018-01-30 17:14           ` David Woodhouse
2018-01-30 17:38             ` Jim Mattson
2018-01-30 17:45             ` Thomas Gleixner
2018-01-30 23:11               ` Paolo Bonzini
2018-01-30 23:47                 ` David Woodhouse
2018-01-31  1:06                   ` Paolo Bonzini
2018-02-05 11:10                 ` Ingo Molnar
2018-02-05 11:15                   ` David Woodhouse
2018-02-05 12:10                     ` Ingo Molnar
2018-01-09 15:58 [PATCH 9/8] " Liran Alon
2018-01-09 16:11 ` Paolo Bonzini
2018-01-09 16:40   ` Jim Mattson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LRH.2.11.1801160044340.7350@mail.ewheeler.net \
    --to=kvm@lists.ewheeler.net \
    --cc=aliguori@amazon.com \
    --cc=bp@alien8.de \
    --cc=dwmw@amazon.co.uk \
    --cc=jmattson@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=liran.alon@oracle.com \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.