KVM Archive on lore.kernel.org
 help / color / Atom feed
From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>,
	Siddharth Chandrasekaran <sidcha@amazon.de>,
	linux-kernel@vger.kernel.org
Subject: [PATCH 04/30] KVM: x86: hyper-v: Prepare to check access to Hyper-V MSRs
Date: Mon, 19 Apr 2021 18:01:01 +0200
Message-ID: <20210419160127.192712-5-vkuznets@redhat.com> (raw)
In-Reply-To: <20210419160127.192712-1-vkuznets@redhat.com>

Introduce hv_check_msr_access() to check if the particular MSR
should be accessible by guest, this will be used with
KVM_CAP_HYPERV_ENFORCE_CPUID mode.

No functional change intended.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/kvm/hyperv.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
index ccb298cfc933..b5bc16ea2595 100644
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -1193,12 +1193,21 @@ void kvm_hv_invalidate_tsc_page(struct kvm *kvm)
 	mutex_unlock(&hv->hv_lock);
 }
 
+
+static bool hv_check_msr_access(struct kvm_vcpu_hv *hv_vcpu, u32 msr)
+{
+	return true;
+}
+
 static int kvm_hv_set_msr_pw(struct kvm_vcpu *vcpu, u32 msr, u64 data,
 			     bool host)
 {
 	struct kvm *kvm = vcpu->kvm;
 	struct kvm_hv *hv = to_kvm_hv(kvm);
 
+	if (unlikely(!host && !hv_check_msr_access(to_hv_vcpu(vcpu), msr)))
+		return 1;
+
 	switch (msr) {
 	case HV_X64_MSR_GUEST_OS_ID:
 		hv->hv_guest_os_id = data;
@@ -1327,6 +1336,9 @@ static int kvm_hv_set_msr(struct kvm_vcpu *vcpu, u32 msr, u64 data, bool host)
 {
 	struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu);
 
+	if (unlikely(!host && !hv_check_msr_access(hv_vcpu, msr)))
+		return 1;
+
 	switch (msr) {
 	case HV_X64_MSR_VP_INDEX: {
 		struct kvm_hv *hv = to_kvm_hv(vcpu->kvm);
@@ -1441,6 +1453,9 @@ static int kvm_hv_get_msr_pw(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata,
 	struct kvm *kvm = vcpu->kvm;
 	struct kvm_hv *hv = to_kvm_hv(kvm);
 
+	if (unlikely(!host && !hv_check_msr_access(to_hv_vcpu(vcpu), msr)))
+		return 1;
+
 	switch (msr) {
 	case HV_X64_MSR_GUEST_OS_ID:
 		data = hv->hv_guest_os_id;
@@ -1490,6 +1505,9 @@ static int kvm_hv_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata,
 	u64 data = 0;
 	struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu);
 
+	if (unlikely(!host && !hv_check_msr_access(hv_vcpu, msr)))
+		return 1;
+
 	switch (msr) {
 	case HV_X64_MSR_VP_INDEX:
 		data = hv_vcpu->vp_index;
-- 
2.30.2


  parent reply index

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-19 16:00 [PATCH 00/30] KVM: x86: hyper-v: Fine-grained access check to Hyper-V hypercalls and MSRs Vitaly Kuznetsov
2021-04-19 16:00 ` [PATCH 01/30] asm-generic/hyperv: add HV_STATUS_ACCESS_DENIED definition Vitaly Kuznetsov
2021-04-19 16:00 ` [PATCH 02/30] KVM: x86: hyper-v: Introduce KVM_CAP_HYPERV_ENFORCE_CPUID Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 03/30] KVM: x86: hyper-v: Cache guest CPUID leaves determining features availability Vitaly Kuznetsov
2021-04-19 16:01 ` Vitaly Kuznetsov [this message]
2021-04-19 16:01 ` [PATCH 05/30] KVM: x86: hyper-v: Honor HV_MSR_HYPERCALL_AVAILABLE privilege bit Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 06/30] KVM: x86: hyper-v: Honor HV_MSR_VP_RUNTIME_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 07/30] KVM: x86: hyper-v: Honor HV_MSR_TIME_REF_COUNT_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 08/30] KVM: x86: hyper-v: Honor HV_MSR_VP_INDEX_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 09/30] KVM: x86: hyper-v: Honor HV_MSR_RESET_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 10/30] KVM: x86: hyper-v: Honor HV_MSR_REFERENCE_TSC_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 11/30] KVM: x86: hyper-v: Honor HV_MSR_SYNIC_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 12/30] KVM: x86: hyper-v: Honor HV_MSR_SYNTIMER_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 13/30] KVM: x86: hyper-v: Honor HV_MSR_APIC_ACCESS_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 14/30] KVM: x86: hyper-v: Honor HV_ACCESS_FREQUENCY_MSRS " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 15/30] KVM: x86: hyper-v: Honor HV_ACCESS_REENLIGHTENMENT " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 16/30] KVM: x86: hyper-v: Honor HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 17/30] KVM: x86: hyper-v: Honor HV_FEATURE_DEBUG_MSRS_AVAILABLE " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 18/30] KVM: x86: hyper-v: Inverse the default in hv_check_msr_access() Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 19/30] KVM: x86: hyper-v: Honor HV_STIMER_DIRECT_MODE_AVAILABLE privilege bit Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 20/30] KVM: x86: hyper-v: Prepare to check access to Hyper-V hypercalls Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 21/30] KVM: x86: hyper-v: Check access to HVCALL_NOTIFY_LONG_SPIN_WAIT hypercall Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 22/30] KVM: x86: hyper-v: Honor HV_POST_MESSAGES privilege bit Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 23/30] KVM: x86: hyper-v: Honor HV_SIGNAL_EVENTS " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 24/30] KVM: x86: hyper-v: Honor HV_DEBUGGING " Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 25/30] KVM: x86: hyper-v: Honor HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED bit Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 26/30] KVM: x86: hyper-v: Honor HV_X64_CLUSTER_IPI_RECOMMENDED bit Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 27/30] KVM: x86: hyper-v: Honor HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED bit Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 28/30] KVM: selftests: move Hyper-V MSR definitions to hyperv.h Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 29/30] KVM: selftests: Move evmcs.h to x86_64/ Vitaly Kuznetsov
2021-04-19 16:01 ` [PATCH 30/30] KVM: selftests: Introduce hyperv_features test Vitaly Kuznetsov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210419160127.192712-5-vkuznets@redhat.com \
    --to=vkuznets@redhat.com \
    --cc=jmattson@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=seanjc@google.com \
    --cc=sidcha@amazon.de \
    --cc=wanpengli@tencent.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

KVM Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kvm/0 kvm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kvm kvm/ https://lore.kernel.org/kvm \
		kvm@vger.kernel.org
	public-inbox-index kvm

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.kvm


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git