| Message ID | 20180622095101.32587-3-bp@alien8.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
2018-06-22 11:51+0200, Borislav Petkov: > From: Borislav Petkov <bp@suse.de> > > The hardware configuration register has some useful bits which can be > used by guests. Implement McStatusWrEn which can be used by guests when > injecting MCEs with the in-kernel mce-inject module. > > For that, we need to set bit 18 - McStatusWrEn - first, before writing > the MCi_STATUS registers (otherwise we #GP). > > Add the required machinery to do so. > > Signed-off-by: Borislav Petkov <bp@suse.de> > --- > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > @@ -2146,6 +2146,30 @@ static void kvmclock_sync_fn(struct work_struct *work) > KVMCLOCK_SYNC_PERIOD); > } > > +/* > + * On AMD, HWCR[McStatusWrEn] controls whether setting MCi_STATUS results in #GP. > + */ > +static bool __set_mci_status(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > +{ > + if (guest_cpuid_is_amd(vcpu)) { > + struct msr_data tmp; > + > + tmp.index = MSR_K7_HWCR; > + > + if (kvm_x86_ops->get_msr(vcpu, &tmp)) > + return false; > + > + /* McStatusWrEn enabled? */ > + if (tmp.data & BIT_ULL(18)) > + return true; > + } > + > + if (!msr_info->host_initiated && msr_info->data != 0) > + return false; msr_info->host_initiated is always going to return true, so it would be better to put it outside of __set_mci_status. Maybe we could just write the whole logic inline, otherwise I'd call it something like mci_status_is_writeable. > static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > { > u64 mcg_cap = vcpu->arch.mcg_cap; > @@ -2176,9 +2200,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > if ((offset & 0x3) == 0 && > data != 0 && (data | (1 << 10)) != ~(u64)0) > return -1; > - if (!msr_info->host_initiated && > - (offset & 0x3) == 1 && data != 0) > - return -1; > + > + /* MCi_STATUS */ > + if ((offset & 0x3) == 1) { > + if (!__set_mci_status(vcpu, msr_info)) > + return -1; > + } if (!msr_info->host_initiated && (offset & 0x3) == 1 && data != 0) { struct msr_data tmp = {.index = MSR_K7_HWCR}; if (!guest_cpuid_is_amd(vcpu) || !kvm_x86_ops->get_msr(vcpu, &tmp) || !(tmp.data & BIT_ULL(18))) return -1; } > + > vcpu->arch.mce_banks[offset] = data; > break; > } > -- > 2.17.0.582.gccdcbd54c >
On Fri, Jun 22, 2018 at 08:52:38PM +0200, Radim Krčmář wrote: > msr_info->host_initiated is always going to return true, so it would be > better to put it outside of __set_mci_status. > > Maybe we could just write the whole logic inline, otherwise I'd call it > something like mci_status_is_writeable. > > > static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > > { > > u64 mcg_cap = vcpu->arch.mcg_cap; > > @@ -2176,9 +2200,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > > if ((offset & 0x3) == 0 && > > data != 0 && (data | (1 << 10)) != ~(u64)0) > > return -1; > > - if (!msr_info->host_initiated && > > - (offset & 0x3) == 1 && data != 0) > > - return -1; > > + > > + /* MCi_STATUS */ > > + if ((offset & 0x3) == 1) { > > + if (!__set_mci_status(vcpu, msr_info)) > > + return -1; > > + } > > if (!msr_info->host_initiated && > (offset & 0x3) == 1 && data != 0) { > struct msr_data tmp = {.index = MSR_K7_HWCR}; > > if (!guest_cpuid_is_amd(vcpu) || > !kvm_x86_ops->get_msr(vcpu, &tmp) || > !(tmp.data & BIT_ULL(18))) > return -1; Don't you feel it is cleaner if all the MCi_STATUS checking is done in a separate function? The indentation level and the bunch of checks in set_msr_mce() make it hard to read while having a separate function separates it and makes it easier to follow. I mean, you're the maintainer but if I may give a suggestion, moving the whole logic into a separate function would be more readable. And then do: if (!msr_info->host_initiated) { if (check_mci_status(...)) return -1; } Something like that...
2018-06-22 21:09+0200, Borislav Petkov: > On Fri, Jun 22, 2018 at 08:52:38PM +0200, Radim Krčmář wrote: > > msr_info->host_initiated is always going to return true, so it would be > > better to put it outside of __set_mci_status. > > > > Maybe we could just write the whole logic inline, otherwise I'd call it > > something like mci_status_is_writeable. > > > > > static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > > > { > > > u64 mcg_cap = vcpu->arch.mcg_cap; > > > @@ -2176,9 +2200,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > > > if ((offset & 0x3) == 0 && > > > data != 0 && (data | (1 << 10)) != ~(u64)0) > > > return -1; > > > - if (!msr_info->host_initiated && > > > - (offset & 0x3) == 1 && data != 0) > > > - return -1; > > > + > > > + /* MCi_STATUS */ > > > + if ((offset & 0x3) == 1) { > > > + if (!__set_mci_status(vcpu, msr_info)) > > > + return -1; > > > + } > > > > if (!msr_info->host_initiated && > > (offset & 0x3) == 1 && data != 0) { > > struct msr_data tmp = {.index = MSR_K7_HWCR}; > > > > if (!guest_cpuid_is_amd(vcpu) || > > !kvm_x86_ops->get_msr(vcpu, &tmp) || > > !(tmp.data & BIT_ULL(18))) > > return -1; > > Don't you feel it is cleaner if all the MCi_STATUS checking is done in > a separate function? The indentation level and the bunch of checks in > set_msr_mce() make it hard to read while having a separate function > separates it and makes it easier to follow. Yes, I feel the same. > I mean, you're the maintainer but if I may give a suggestion, moving the > whole logic into a separate function would be more readable. > > And then do: > > if (!msr_info->host_initiated) { > if (check_mci_status(...)) > return -1; > } > > Something like that... Much better, thanks.
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 72e60daf3ab8..623be0034f7d 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -251,6 +251,9 @@ struct vcpu_svm { /* which host CPU was used for running this vcpu */ unsigned int last_cpu; + + /* MSRC001_0015 Hardware Configuration */ + u64 msr_hwcr; }; /* @@ -4154,7 +4157,7 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = svm->msr_decfg; break; case MSR_K7_HWCR: - msr_info->data = 0; + msr_info->data = svm->msr_hwcr; break; default: return kvm_get_msr_common(vcpu, msr_info); @@ -4364,8 +4367,11 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) data &= ~(u64)0x40; /* ignore flush filter disable */ data &= ~(u64)0x100; /* ignore ignne emulation enable */ data &= ~(u64)0x8; /* ignore TLB cache disable */ - data &= ~(u64)0x40000; /* ignore Mc status write enable */ - if (data != 0) { + + /* Handle McStatusWrEn */ + if (data == BIT_ULL(18)) { + svm->msr_hwcr = data; + } else if (data != 0) { vcpu_unimpl(vcpu, "unimplemented HWCR wrmsr: 0x%llx\n", data); return 1; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3bf721c22124..80452b0f0e8c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -2146,6 +2146,30 @@ static void kvmclock_sync_fn(struct work_struct *work) KVMCLOCK_SYNC_PERIOD); } +/* + * On AMD, HWCR[McStatusWrEn] controls whether setting MCi_STATUS results in #GP. + */ +static bool __set_mci_status(struct kvm_vcpu *vcpu, struct msr_data *msr_info) +{ + if (guest_cpuid_is_amd(vcpu)) { + struct msr_data tmp; + + tmp.index = MSR_K7_HWCR; + + if (kvm_x86_ops->get_msr(vcpu, &tmp)) + return false; + + /* McStatusWrEn enabled? */ + if (tmp.data & BIT_ULL(18)) + return true; + } + + if (!msr_info->host_initiated && msr_info->data != 0) + return false; + + return true; +} + static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) { u64 mcg_cap = vcpu->arch.mcg_cap; @@ -2176,9 +2200,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) if ((offset & 0x3) == 0 && data != 0 && (data | (1 << 10)) != ~(u64)0) return -1; - if (!msr_info->host_initiated && - (offset & 0x3) == 1 && data != 0) - return -1; + + /* MCi_STATUS */ + if ((offset & 0x3) == 1) { + if (!__set_mci_status(vcpu, msr_info)) + return -1; + } + vcpu->arch.mce_banks[offset] = data; break; }