From patchwork Tue Sep 14 15:48:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 12494037 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1CEDC433EF for ; Tue, 14 Sep 2021 15:48:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C6BA561155 for ; Tue, 14 Sep 2021 15:48:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234636AbhINPt7 (ORCPT ); Tue, 14 Sep 2021 11:49:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:37318 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233875AbhINPt5 (ORCPT ); Tue, 14 Sep 2021 11:49:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631634519; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YZMobtPiLymC8tuLOJluN+oODsj69C/BDz562LLkYOc=; b=AURLcYP/Au6lp4R47NMoOis0HbtvMdOuZsA+kYJpQx59Zf3dv5iD8Nxrrb2GS4WraMN5k/ LsGJRg82rC19RqgBHJ3rXCELWsbsPibcwmKvGmQQ04l31DAS9DOLGir08pcyC8jsagICu1 AY+W7KzHGaz2lQ0kWtZXbtZWpmZ6bJM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-444-7cyYFuGVNLK5QGArfF8b_A-1; Tue, 14 Sep 2021 11:48:36 -0400 X-MC-Unique: 7cyYFuGVNLK5QGArfF8b_A-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9F93D19253C0; Tue, 14 Sep 2021 15:48:34 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.50]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4F6245C1D1; Tue, 14 Sep 2021 15:48:26 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Vitaly Kuznetsov , Paolo Bonzini , Borislav Petkov , Bandan Das , linux-kernel@vger.kernel.org (open list), Joerg Roedel , Ingo Molnar , Wei Huang , Sean Christopherson , linux-kselftest@vger.kernel.org (open list:KERNEL SELFTEST FRAMEWORK), Maxim Levitsky , "H. Peter Anvin" , Jim Mattson , Thomas Gleixner , x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), Shuah Khan , Wanpeng Li Subject: [PATCH 00/14] nSVM fixes and optional features Date: Tue, 14 Sep 2021 18:48:11 +0300 Message-Id: <20210914154825.104886-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Those are few patches I was working on lately, all somewhat related to the two CVEs that I found recently. First 7 patches fix various minor bugs that relate to these CVEs. The rest of the patches implement various optional SVM features, some of which the guest could enable anyway due to incorrect checking of virt_ext field. Last patch is somewhat an RFC, I would like to hear your opinion on that. I also implemented nested TSC scaling while at it. As for other optional SVM features here is my summary of few features I took a look at: X86_FEATURE_DECODEASSISTS: this feature should make it easier for the L1 to emulate an instruction on MMIO access, by not needing to read the guest memory but rather using the instruction bytes that the CPU already fetched. The challenge of implementing this is that we sometimes inject #PF and #NPT syntenically and in those cases we must be sure we set the correct instruction bytes. Also this feature adds assists for MOV CR/DR, INTn, and INVLPG, which aren't that interesting but must be supported as well to expose this feature to the nested guest. X86_FEATURE_VGIF Might allow the L2 to run the L3 a bit faster, but due to crazy complex logic we already have around int_ctl and vgif probably not worth it. X86_FEATURE_VMCBCLEAN Should just be enabled, because otherwise L1 doesn't even attempt to set the clean bits. But we need to know if we can take an advantage of these bits first. X86_FEATURE_FLUSHBYASID X86_FEATURE_AVIC These two features would be very good to enable, but that would require lots of work, and will be done eventually. There are few more nested SVM features that I didn't yet had a chance to take a look at. Best regards, Maxim Levitsky Maxim Levitsky (14): KVM: x86: nSVM: restore int_vector in svm_clear_vintr KVM: x86: selftests: test simultaneous uses of V_IRQ from L1 and L0 KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround KVM: x86: nSVM: don't copy pause related settings KVM: x86: nSVM: don't copy virt_ext from vmcb12 KVM: x86: SVM: don't set VMLOAD/VMSAVE intercepts on vCPU reset KVM: x86: SVM: add warning for CVE-2021-3656 KVM: x86: SVM: add module param to control LBR virtualization KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running KVM: x86: nSVM: implement nested LBR virtualization KVM: x86: nSVM: implement nested VMLOAD/VMSAVE KVM: x86: SVM: add module param to control TSC scaling KVM: x86: nSVM: implement nested TSC scaling KVM: x86: nSVM: support PAUSE filter threshold and count arch/x86/kvm/svm/nested.c | 105 +++++++-- arch/x86/kvm/svm/svm.c | 218 +++++++++++++++--- arch/x86/kvm/svm/svm.h | 20 +- arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 1 + tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/x86_64/svm_int_ctl_test.c | 128 ++++++++++ 8 files changed, 427 insertions(+), 48 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/svm_int_ctl_test.c