* [PATCH 0/3] KVM: nVMX: fixes for host get/set MSR
@ 2019-07-02 15:04 Paolo Bonzini
2019-07-02 15:04 ` [PATCH 1/3] KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS Paolo Bonzini
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Paolo Bonzini @ 2019-07-02 15:04 UTC (permalink / raw)
To: linux-kernel, kvm; +Cc: Liran Alon
These are three small bugs that were found while implementing QEMU
support for user-specified VMX features.
Paolo
Paolo Bonzini (3):
KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS
KVM: nVMX: allow setting the VMFUNC controls MSR
KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST
arch/x86/kvm/svm.c | 1 +
arch/x86/kvm/vmx/nested.c | 12 +++++++++++-
arch/x86/kvm/vmx/vmx.c | 2 ++
arch/x86/kvm/x86.c | 20 ++++++++++++++++++++
4 files changed, 34 insertions(+), 1 deletion(-)
--
1.8.3.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/3] KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS
2019-07-02 15:04 [PATCH 0/3] KVM: nVMX: fixes for host get/set MSR Paolo Bonzini
@ 2019-07-02 15:04 ` Paolo Bonzini
2019-07-02 15:17 ` Liran Alon
2019-07-02 15:04 ` [PATCH 2/3] KVM: nVMX: allow setting the VMFUNC controls MSR Paolo Bonzini
2019-07-02 15:04 ` [PATCH 3/3] KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST Paolo Bonzini
2 siblings, 1 reply; 6+ messages in thread
From: Paolo Bonzini @ 2019-07-02 15:04 UTC (permalink / raw)
To: linux-kernel, kvm; +Cc: Liran Alon
Some secondary controls are automatically enabled/disabled based on the CPUID
values that are set for the guest. However, they are still available at a
global level and therefore should be present when KVM_GET_MSRS is sent to
/dev/kvm.
Fixes: 1389309c811 ("KVM: nVMX: expose VMX capabilities for nested hypervisors to userspace", 2018-02-26)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/vmx/nested.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 990e543f4531..c4e29ef0b21e 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5750,10 +5750,15 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps,
msrs->secondary_ctls_low = 0;
msrs->secondary_ctls_high &=
SECONDARY_EXEC_DESC |
+ SECONDARY_EXEC_RDTSCP |
SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
+ SECONDARY_EXEC_WBINVD_EXITING |
SECONDARY_EXEC_APIC_REGISTER_VIRT |
SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
- SECONDARY_EXEC_WBINVD_EXITING;
+ SECONDARY_EXEC_RDRAND_EXITING |
+ SECONDARY_EXEC_ENABLE_INVPCID |
+ SECONDARY_EXEC_RDSEED_EXITING |
+ SECONDARY_EXEC_XSAVES;
/*
* We can emulate "VMCS shadowing," even if the hardware
--
1.8.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/3] KVM: nVMX: allow setting the VMFUNC controls MSR
2019-07-02 15:04 [PATCH 0/3] KVM: nVMX: fixes for host get/set MSR Paolo Bonzini
2019-07-02 15:04 ` [PATCH 1/3] KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS Paolo Bonzini
@ 2019-07-02 15:04 ` Paolo Bonzini
2019-07-02 15:27 ` Liran Alon
2019-07-02 15:04 ` [PATCH 3/3] KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST Paolo Bonzini
2 siblings, 1 reply; 6+ messages in thread
From: Paolo Bonzini @ 2019-07-02 15:04 UTC (permalink / raw)
To: linux-kernel, kvm; +Cc: Liran Alon, stable
Allow userspace to set a custom value for the VMFUNC controls MSR, as long
as the capabilities it advertises do not exceed those of the host.
Fixes: 27c42a1bb ("KVM: nVMX: Enable VMFUNC for the L1 hypervisor", 2017-08-03)
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/vmx/nested.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index c4e29ef0b21e..163d226efa96 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -1234,6 +1234,11 @@ int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
case MSR_IA32_VMX_VMCS_ENUM:
vmx->nested.msrs.vmcs_enum = data;
return 0;
+ case MSR_IA32_VMX_VMFUNC:
+ if (data & ~vmx->nested.msrs.vmfunc_controls)
+ return -EINVAL;
+ vmx->nested.msrs.vmfunc_controls = data;
+ return 0;
default:
/*
* The rest of the VMX capability MSRs do not support restore.
--
1.8.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/3] KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST
2019-07-02 15:04 [PATCH 0/3] KVM: nVMX: fixes for host get/set MSR Paolo Bonzini
2019-07-02 15:04 ` [PATCH 1/3] KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS Paolo Bonzini
2019-07-02 15:04 ` [PATCH 2/3] KVM: nVMX: allow setting the VMFUNC controls MSR Paolo Bonzini
@ 2019-07-02 15:04 ` Paolo Bonzini
2 siblings, 0 replies; 6+ messages in thread
From: Paolo Bonzini @ 2019-07-02 15:04 UTC (permalink / raw)
To: linux-kernel, kvm; +Cc: Liran Alon, stable
This allows userspace to know which MSRs are supported by the hypervisor.
Unfortunately userspace must resort to tricks for everything except
MSR_IA32_VMX_VMFUNC (which was just added in the previous patch).
One possibility is to use the feature control MSR, which is tied to nested
VMX as well and is present on all KVM versions that support feature MSRs.
Fixes: 1389309c811 ("KVM: nVMX: expose VMX capabilities for nested hypervisors to userspace", 2018-02-26)
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/svm.c | 1 +
arch/x86/kvm/vmx/vmx.c | 2 ++
arch/x86/kvm/x86.c | 20 ++++++++++++++++++++
3 files changed, 23 insertions(+)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index bbc31f7213ed..5db50c19d1c7 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5885,6 +5885,7 @@ static bool svm_has_emulated_msr(int index)
{
switch (index) {
case MSR_IA32_MCG_EXT_CTL:
+ case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
return false;
default:
break;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index a35459ce7e29..c43635942693 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6223,6 +6223,8 @@ static bool vmx_has_emulated_msr(int index)
* real mode.
*/
return enable_unrestricted_guest || emulate_invalid_guest_state;
+ case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
+ return nested;
case MSR_AMD64_VIRT_SPEC_CTRL:
/* This is AMD only. */
return false;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 8996a3131116..a02d4c244422 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1177,6 +1177,26 @@ bool kvm_rdpmc(struct kvm_vcpu *vcpu)
MSR_AMD64_VIRT_SPEC_CTRL,
MSR_IA32_POWER_CTL,
+ /*
+ * The following list leaves out MSRs whose values are determined
+ * by arch/x86/kvm/vmx/nested.c based on CPUID or other MSRs.
+ * We always support the "true" VMX control MSRs, even if the host
+ * processor does not, so I am putting these registers here rather
+ * than in msrs_to_save.
+ */
+ MSR_IA32_VMX_BASIC,
+ MSR_IA32_VMX_TRUE_PINBASED_CTLS,
+ MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
+ MSR_IA32_VMX_TRUE_EXIT_CTLS,
+ MSR_IA32_VMX_TRUE_ENTRY_CTLS,
+ MSR_IA32_VMX_MISC,
+ MSR_IA32_VMX_CR0_FIXED0,
+ MSR_IA32_VMX_CR4_FIXED0,
+ MSR_IA32_VMX_VMCS_ENUM,
+ MSR_IA32_VMX_PROCBASED_CTLS2,
+ MSR_IA32_VMX_EPT_VPID_CAP,
+ MSR_IA32_VMX_VMFUNC,
+
MSR_K7_HWCR,
MSR_KVM_POLL_CONTROL,
};
--
1.8.3.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS
2019-07-02 15:04 ` [PATCH 1/3] KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS Paolo Bonzini
@ 2019-07-02 15:17 ` Liran Alon
0 siblings, 0 replies; 6+ messages in thread
From: Liran Alon @ 2019-07-02 15:17 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: linux-kernel, kvm
> On 2 Jul 2019, at 18:04, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> Some secondary controls are automatically enabled/disabled based on the CPUID
> values that are set for the guest. However, they are still available at a
> global level and therefore should be present when KVM_GET_MSRS is sent to
> /dev/kvm.
>
> Fixes: 1389309c811 ("KVM: nVMX: expose VMX capabilities for nested hypervisors to userspace", 2018-02-26)
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
> ---
> arch/x86/kvm/vmx/nested.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 990e543f4531..c4e29ef0b21e 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -5750,10 +5750,15 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps,
> msrs->secondary_ctls_low = 0;
> msrs->secondary_ctls_high &=
> SECONDARY_EXEC_DESC |
> + SECONDARY_EXEC_RDTSCP |
> SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
> + SECONDARY_EXEC_WBINVD_EXITING |
> SECONDARY_EXEC_APIC_REGISTER_VIRT |
> SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
> - SECONDARY_EXEC_WBINVD_EXITING;
> + SECONDARY_EXEC_RDRAND_EXITING |
> + SECONDARY_EXEC_ENABLE_INVPCID |
> + SECONDARY_EXEC_RDSEED_EXITING |
> + SECONDARY_EXEC_XSAVES;
>
> /*
> * We can emulate "VMCS shadowing," even if the hardware
> --
> 1.8.3.1
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/3] KVM: nVMX: allow setting the VMFUNC controls MSR
2019-07-02 15:04 ` [PATCH 2/3] KVM: nVMX: allow setting the VMFUNC controls MSR Paolo Bonzini
@ 2019-07-02 15:27 ` Liran Alon
0 siblings, 0 replies; 6+ messages in thread
From: Liran Alon @ 2019-07-02 15:27 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: linux-kernel, kvm, stable
> On 2 Jul 2019, at 18:04, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> Allow userspace to set a custom value for the VMFUNC controls MSR, as long
> as the capabilities it advertises do not exceed those of the host.
>
> Fixes: 27c42a1bb ("KVM: nVMX: Enable VMFUNC for the L1 hypervisor", 2017-08-03)
> Cc: stable@vger.kernel.org
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
> ---
> arch/x86/kvm/vmx/nested.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index c4e29ef0b21e..163d226efa96 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -1234,6 +1234,11 @@ int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
> case MSR_IA32_VMX_VMCS_ENUM:
> vmx->nested.msrs.vmcs_enum = data;
> return 0;
> + case MSR_IA32_VMX_VMFUNC:
> + if (data & ~vmx->nested.msrs.vmfunc_controls)
> + return -EINVAL;
> + vmx->nested.msrs.vmfunc_controls = data;
> + return 0;
> default:
> /*
> * The rest of the VMX capability MSRs do not support restore.
> --
> 1.8.3.1
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-07-02 15:28 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-02 15:04 [PATCH 0/3] KVM: nVMX: fixes for host get/set MSR Paolo Bonzini
2019-07-02 15:04 ` [PATCH 1/3] KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS Paolo Bonzini
2019-07-02 15:17 ` Liran Alon
2019-07-02 15:04 ` [PATCH 2/3] KVM: nVMX: allow setting the VMFUNC controls MSR Paolo Bonzini
2019-07-02 15:27 ` Liran Alon
2019-07-02 15:04 ` [PATCH 3/3] KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).