From patchwork Wed Sep 21 15:15:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aaron Lewis X-Patchwork-Id: 12983815 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9CF2C6FA82 for ; Wed, 21 Sep 2022 15:15:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229716AbiIUPPh (ORCPT ); Wed, 21 Sep 2022 11:15:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229825AbiIUPPc (ORCPT ); Wed, 21 Sep 2022 11:15:32 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83BC28709B for ; Wed, 21 Sep 2022 08:15:31 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id n85-20020a254058000000b006b0148d96f7so5482709yba.2 for ; Wed, 21 Sep 2022 08:15:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=AM15ozgnm9QNndhOKNzfVvo5El/vEuh9XgSZLRgqagw=; b=ZUK3knhYDTN88jBE2UQJYzdMWV9TlcnC8QuEHW9pwVd2nfww003o1qt9dQafLZZv2j gDCEmGvbfw7RhN3KNunZLYwE8WcTzoZ9nSr72POPqaVQu+cEpDO21+1W5WJq/3VetL// Gslv91eKzgxdI6VErVbk2QVd7W7PyzqG/a1nYPu9Uvvk+tEM47KBODw4vMZG4957PuDv fgUFRXtd5FY1Hi7Od139OcrQAYLZWTbUZqex9wO3MqTtNhdnzCKZvGiQAn2SCez8Goci sgD+sW1tgvkiAUeRdmkPPcrcl7kzTelc8X8mdl4qHBbzkb8bnOeeOlAdxZipK1cTT0jm Vpcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=AM15ozgnm9QNndhOKNzfVvo5El/vEuh9XgSZLRgqagw=; b=emVsw/yylwc+pVWcJ07OtamIUHDG6rdk/8W6e1RA7jPg6mWfFUIRiLIgl2ott+8dr1 NdScPzqyfNMMVN+yFx17Nw4gntRmCG76ATuK7PgCZhO32BWOpGQ8e2/INaziwxte5p4K Pm8XOWgRDA9hXPhO2AZi/QMxr6maX8crjTOxhsmCz1Jo7lIPUzTujY1/Cd30MS+eL6eK Emri91XlN9/M+DOuTrHCpwkh1SXQXaNc3SuuMN6R0vM2WiqKIiTFd2wWAdS3dXEkhgBv BIatOV+eykHJQ0WnJRUXeFMrCcrilI0dnZcqloJdAbgXrYrReeQCJpOaADXPzpCS6FgN COnw== X-Gm-Message-State: ACrzQf1f2I+MhxVructSHC4a6En7fApxzBqafNua11nqgPT76nPXm5WM t1Ru4/u1lrLRVIluadfgFUvtw6z5xKh5kQxZHr0dzt64vlaN43nwHp15k/nWYQMs5KxgOJNZyaZ m5U80caXNq/pdNdPsUqESmKw3RCmC9t/Hs5RWox588SfNPGPV2ahkUfiRyP3xUgCQ6KjF X-Google-Smtp-Source: AMsMyM7idMkirR35YRuojB5Y6ZutngmwG2j3tDjFibWicUzLxR9FFXgBthA/jLlNCP99hrYu+29dbebBS9twtETG X-Received: from aaronlewis.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2675]) (user=aaronlewis job=sendgmr) by 2002:a25:bbcc:0:b0:6a8:e269:5eec with SMTP id c12-20020a25bbcc000000b006a8e2695eecmr25496715ybk.219.1663773330757; Wed, 21 Sep 2022 08:15:30 -0700 (PDT) Date: Wed, 21 Sep 2022 15:15:21 +0000 In-Reply-To: <20220921151525.904162-1-aaronlewis@google.com> Mime-Version: 1.0 References: <20220921151525.904162-1-aaronlewis@google.com> X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog Message-ID: <20220921151525.904162-2-aaronlewis@google.com> Subject: [PATCH v4 1/5] KVM: x86: Disallow the use of KVM_MSR_FILTER_DEFAULT_ALLOW in the kernel From: Aaron Lewis To: kvm@vger.kernel.org Cc: pbonzini@redhat.com, jmattson@google.com, seanjc@google.com, Aaron Lewis Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Protect the kernel from using the flag KVM_MSR_FILTER_DEFAULT_ALLOW. Its value is 0, and using it incorrectly could have unintended consequences. E.g. prevent someone in the kernel from writing something like this. if (filter.flags & KVM_MSR_FILTER_DEFAULT_ALLOW) and getting confused when it doesn't work. It would be more ideal to remove this flag altogether, but userspace may already be using it, so protecting the kernel is all that can reasonably be done at this point. Suggested-by: Sean Christopherson Signed-off-by: Aaron Lewis Reviewed-by: Sean Christopherson --- Google's VMM is already using this flag, so we *know* that dropping the flag entirely will break userspace. All we can do at this point is prevent the kernel from using it. arch/x86/include/uapi/asm/kvm.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index 46de10a809ec..73ad693aa653 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -222,7 +222,9 @@ struct kvm_msr_filter_range { #define KVM_MSR_FILTER_MAX_RANGES 16 struct kvm_msr_filter { +#ifndef __KERNEL__ #define KVM_MSR_FILTER_DEFAULT_ALLOW (0 << 0) +#endif #define KVM_MSR_FILTER_DEFAULT_DENY (1 << 0) __u32 flags; struct kvm_msr_filter_range ranges[KVM_MSR_FILTER_MAX_RANGES]; From patchwork Wed Sep 21 15:15:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aaron Lewis X-Patchwork-Id: 12983816 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E50A9C6FA82 for ; Wed, 21 Sep 2022 15:15:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229963AbiIUPPj (ORCPT ); Wed, 21 Sep 2022 11:15:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48202 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229761AbiIUPPf (ORCPT ); Wed, 21 Sep 2022 11:15:35 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EBFE8A7CE for ; Wed, 21 Sep 2022 08:15:33 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id k126-20020a253d84000000b0068bb342010dso5471994yba.1 for ; Wed, 21 Sep 2022 08:15:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=lF3Reezuhyb2LBP8KxxkRM/gjijnUv8OAEcc3rfK5XU=; b=haKyNeV5X1/gX6FH1qbQrta5Kw9mAhfJBBlBJ5cgEzbtHhUyGggtyQ8IVDm6/GRUaJ GqixoSQCP/m3MlWR6zrXCJke+MDU//esJnRcY4d5hnnL0eXcbEzeqC4T7PcFTcaiQFHp XfBOm86Kac2k1M12NJuZ23itH3tWkFP2Y+MdmDj54S4YPmpdJKmelfuirH/7R1Tacwr8 NsSoalHzZeWkchR7QMYvZWPKWxuthyuKeesQiRUGBEbKoc2KxIM96M7aUl5t4GG5vzjb 33HaS3sAdFxDreBwQH10y31EtpKBz1zPsLBmwI+zT/Mo3zgbui9DNRYibQA6IcPAg4vG PuFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=lF3Reezuhyb2LBP8KxxkRM/gjijnUv8OAEcc3rfK5XU=; b=J6r22vR4U4jQ+2qwq170s6k6+cWbPYPvUlc2zjy0oqJSowPdz5Iy0hAdR5Y2fm8SSL 9bDTe1MtTr6khBzWds7aLg+ETMlW8KROP0RF64rsUL5FjThvKFrb3z1tM8LHzeBrv46q 1mw5RdRkxZ/HXL/dpT8p2rH0Q5F01/JgbWe+urCAziGNuSSKFdqXqgghY3lD8s7V3lnd DT/hX7eUHeSmHKXPgurFQ1KEi6SGJ9OaOqO/uHW4kUxUJ8l4wO+qTmORwErvXsDP9Jmg TJshlLZRj/EWu6DQJ170HbSvc9s3Knz8RTTZ3+Wt9u2TqdYfr4S/3lEYXCNz2vOXbi30 rsCw== X-Gm-Message-State: ACrzQf1vx+tei3R2UtbOaSVT7OyDAQyi0nOTN/sHslObv5dlRSP/u5wb crm4FzFTHG4PU0LuvFuzJL16IJiilAyRMqml0ZFwDTKcWB2CZC5OgChNSVp1ouIxqRtoERBjFnu iwKEkwpV7Xs037opMFpfM0eP+8HquE7yrD6HJq4ijWWkz9gO2atr06CC1Bs/MtN6igP0m X-Google-Smtp-Source: AMsMyM5Bf83wvCosETZK9JQTWremeoMPMDbFYlfGOnjWw1Kib8VaX3LNyDOqhC1wb053fi0o/IyumY5/EjKbgqyT X-Received: from aaronlewis.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2675]) (user=aaronlewis job=sendgmr) by 2002:a25:6c06:0:b0:6b3:b370:44b5 with SMTP id h6-20020a256c06000000b006b3b37044b5mr17173112ybc.281.1663773332729; Wed, 21 Sep 2022 08:15:32 -0700 (PDT) Date: Wed, 21 Sep 2022 15:15:22 +0000 In-Reply-To: <20220921151525.904162-1-aaronlewis@google.com> Mime-Version: 1.0 References: <20220921151525.904162-1-aaronlewis@google.com> X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog Message-ID: <20220921151525.904162-3-aaronlewis@google.com> Subject: [PATCH v4 2/5] KVM: x86: Add a VALID_MASK for the MSR exit reason flags From: Aaron Lewis To: kvm@vger.kernel.org Cc: pbonzini@redhat.com, jmattson@google.com, seanjc@google.com, Aaron Lewis Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add the mask KVM_MSR_EXIT_REASON_VALID_MASK for the MSR exit reason flags. This simplifies checks that validate these flags, and makes it easier to introduce new flags in the future. No functional change intended. Signed-off-by: Aaron Lewis --- arch/x86/kvm/x86.c | 4 +--- include/uapi/linux/kvm.h | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d7374d768296..852614246825 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6182,9 +6182,7 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, break; case KVM_CAP_X86_USER_SPACE_MSR: r = -EINVAL; - if (cap->args[0] & ~(KVM_MSR_EXIT_REASON_INVAL | - KVM_MSR_EXIT_REASON_UNKNOWN | - KVM_MSR_EXIT_REASON_FILTER)) + if (cap->args[0] & ~KVM_MSR_EXIT_REASON_VALID_MASK) break; kvm->arch.user_space_msr_mask = cap->args[0]; r = 0; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index eed0315a77a6..44d476c3143a 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -485,6 +485,9 @@ struct kvm_run { #define KVM_MSR_EXIT_REASON_INVAL (1 << 0) #define KVM_MSR_EXIT_REASON_UNKNOWN (1 << 1) #define KVM_MSR_EXIT_REASON_FILTER (1 << 2) +#define KVM_MSR_EXIT_REASON_VALID_MASK (KVM_MSR_EXIT_REASON_INVAL | \ + KVM_MSR_EXIT_REASON_UNKNOWN | \ + KVM_MSR_EXIT_REASON_FILTER) __u32 reason; /* kernel -> user */ __u32 index; /* kernel -> user */ __u64 data; /* kernel <-> user */ From patchwork Wed Sep 21 15:15:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aaron Lewis X-Patchwork-Id: 12983817 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F31B6ECAAD8 for ; Wed, 21 Sep 2022 15:15:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230172AbiIUPPp (ORCPT ); Wed, 21 Sep 2022 11:15:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48380 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229960AbiIUPPi (ORCPT ); Wed, 21 Sep 2022 11:15:38 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 640188B2DE for ; Wed, 21 Sep 2022 08:15:35 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id p4-20020a17090a348400b00202c6d79591so3074152pjb.0 for ; Wed, 21 Sep 2022 08:15:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=q5FKg/0mjl2aM9VJREiLwHODyTQ+5pF2aj7ZjIqUAHY=; b=Ssvgf4FDEYaHaJdCcu92Ij3z3iz7n+1aVw4iavl9umcDPdXM/QMZV+teK6mm77l2qQ v+g6MMQlpHwBJ0KEsT9Uc/87HOdNr5rKVogMTvm08WAlIcj+eBHv84GoDT2MtkdvOkvg wVEYTwGnRWCC55acaHZYh4ku0AjqS+Gu7YgGzMiPkOEiUyooddyUL5h+OPXwyBMbygvZ CEg/t+yteX7ARNNlgaFICg0UHd/z/+zWB/BbW/rZfXU1weEn37d95OmYKwaIMoMYY8to t2YaMVIbSu3MRY1fH2yBTuoAKIGiK30OXc9l8gJF2bwVELn/M2DO3pJYmjNmape8/Ace qaXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=q5FKg/0mjl2aM9VJREiLwHODyTQ+5pF2aj7ZjIqUAHY=; b=c30baLWviUf2QlXjZ4R1w9CBxk8WijtyURTxsdKTz6u+Ak+AnuSKMtXAvConkbx5tQ NIx7dTBx+tEhCMHZDPvQ4k4Ux7csFGPCVBH5UpfA7MnshmJNexni2xae0Bh1JI/TxK7/ 0xwt4sENFeUuKlB/xEdWpw/xCDxwClhtcoTufuubjMONmcfi/xxg+/gxdZr/MtxvLgoj bw7gPpyg1Qx05xzATtmIvHVd/j0yQOMVscAJNHif1PdY7BmQrR0jcmHsoVGdYOsmsmzq QoSc/fs/IjJNvu1/Yu5OTBPc27LELzaR1xC+hEZXdD2OSHx/3XizmquMJ7J3VsJa1pFF ZyHQ== X-Gm-Message-State: ACrzQf2MvNbeLI9+/j7gRyDTqiHtgNZZbOnfQ4V90TIV1me5jhIhVT21 XJfw9ovYx4C2K3l7ESLsemVc7vmOCoNMOI9fvrRN7yZnV5phV++DzDUcJRUpg6WIBNNaiXyRqe1 TLjkaiC817K2coJNtNfnK4bii7D4L8iENx05eYiusDNl2hroCCFLE6qdCYDwh41nPOzA4 X-Google-Smtp-Source: AMsMyM7xo/g+PQl0HBmi0CCdOQ3m448tWSTW5q2DyTKTzxb1YGZ3gUl3M3xPNYJS4Wt06iI3OBIPVbKQDVoBLYgg X-Received: from aaronlewis.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2675]) (user=aaronlewis job=sendgmr) by 2002:a17:90b:10a:b0:200:2849:235f with SMTP id p10-20020a17090b010a00b002002849235fmr771305pjz.1.1663773334225; Wed, 21 Sep 2022 08:15:34 -0700 (PDT) Date: Wed, 21 Sep 2022 15:15:23 +0000 In-Reply-To: <20220921151525.904162-1-aaronlewis@google.com> Mime-Version: 1.0 References: <20220921151525.904162-1-aaronlewis@google.com> X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog Message-ID: <20220921151525.904162-4-aaronlewis@google.com> Subject: [PATCH v4 3/5] KVM: x86: Add a VALID_MASK for the flag in kvm_msr_filter From: Aaron Lewis To: kvm@vger.kernel.org Cc: pbonzini@redhat.com, jmattson@google.com, seanjc@google.com, Aaron Lewis Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add the mask KVM_MSR_FILTER_VALID_MASK for the flag in the struct kvm_msr_filter. This makes it easier to introduce new flags in the future. No functional change intended. Signed-off-by: Aaron Lewis --- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/x86.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index 73ad693aa653..ae4324674c49 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -226,6 +226,7 @@ struct kvm_msr_filter { #define KVM_MSR_FILTER_DEFAULT_ALLOW (0 << 0) #endif #define KVM_MSR_FILTER_DEFAULT_DENY (1 << 0) +#define KVM_MSR_FILTER_VALID_MASK (KVM_MSR_FILTER_DEFAULT_DENY) __u32 flags; struct kvm_msr_filter_range ranges[KVM_MSR_FILTER_MAX_RANGES]; }; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 852614246825..670ae38f8f3e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6397,7 +6397,7 @@ static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp) if (copy_from_user(&filter, user_msr_filter, sizeof(filter))) return -EFAULT; - if (filter.flags & ~KVM_MSR_FILTER_DEFAULT_DENY) + if (filter.flags & ~KVM_MSR_FILTER_VALID_MASK) return -EINVAL; for (i = 0; i < ARRAY_SIZE(filter.ranges); i++) From patchwork Wed Sep 21 15:15:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aaron Lewis X-Patchwork-Id: 12983818 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA4B5C6FA82 for ; Wed, 21 Sep 2022 15:15:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229990AbiIUPPr (ORCPT ); Wed, 21 Sep 2022 11:15:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229974AbiIUPPl (ORCPT ); Wed, 21 Sep 2022 11:15:41 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B592895C1 for ; Wed, 21 Sep 2022 08:15:37 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id np18-20020a17090b4c5200b00202c7bf5849so2628233pjb.0 for ; Wed, 21 Sep 2022 08:15:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=mDXx+o0SMLsD3PVy06z1zwjNDFp6zm0JfAMB6r9sun4=; b=H39EC1Dy73yp1U2mtg5STumZ9Ger+iASXr87KEagDsUZgz87eSINNk3ZXU17LMJd3o 4i2F8zshKUo/OxbzS5W8vbnDG/RnYYVZIgAinQi86t8dWuBDd5FVw236mZJ48wj/si4E lcvAGoOA1WiKKg3GBN62uQPmgGu6qxnEXiZsmJcXpcbLyygj3Jwz3yy47mEygL1D6ixY xNyhsRzQjT3ajRW/xQT6KuuvUUSkjuMXzbkkDhHaMZf5XFyfdnYHiIBhL1y98+7v90la EfR+E2yDHAYIjLfkYKMoBPTddEwEcPdRCEjR5bNdiJhlgW2f+mdmbMHwybBiTpD91owj 3sLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=mDXx+o0SMLsD3PVy06z1zwjNDFp6zm0JfAMB6r9sun4=; b=lrNT55besrDWyrf4rTdbhQBV0dyUPpgdZJ6jQy7p8J8HV6suZh0lJr6d5AzKwabbxr GiWFd9iqHoYS7aIC4Y9GrKHkfU/qBY6Zc48xwr9zocDYz8YpoBuJNLK0Oiu3B/PtmFaP gzIwYmxFEWHivUqyBdChyhg1vz0W+2pq3UzBs7Zn3ITrp58SQfFEW0cvznS55Qk+9d8X x2BLFU/cFe9JLgDLBoamrnH6i6s6BG5ke4MG7X1tlPR5u6+dotGv3PyUY2vXjt3LhoL7 5fPi5EajoBmd/QHWZFbpzB8AzkTpjcrrop0rIPvQ46klUxyPNmBFFSP3c5YKAHHyACk/ wt8w== X-Gm-Message-State: ACrzQf1Ymxqmh5OywF7VMPwpQuIGxloZ5AdQteYidiALQ7zhAWzmqZYB htWBmN43NehhojS1nS4p947C8Kv5o0dLPktELpm8jrT2DK4CcjOF/KU2r7V4B/WTi4+OnMpRxub YavdR/5MUQ2wc41wH9TURBtvWTdvV7D2ID/t0bhoUvq3ahSf+QgQ0h8ui+bVmQqKhUYD8 X-Google-Smtp-Source: AMsMyM7u/oPsr56Q5teFGbiM+yQwYa55dO8iXkZD4vgEEHN+d89/AhCWEjerSASO4ljCHkjbDWliYo1POsvUBMtK X-Received: from aaronlewis.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2675]) (user=aaronlewis job=sendgmr) by 2002:a17:90b:10a:b0:200:2849:235f with SMTP id p10-20020a17090b010a00b002002849235fmr771316pjz.1.1663773336391; Wed, 21 Sep 2022 08:15:36 -0700 (PDT) Date: Wed, 21 Sep 2022 15:15:24 +0000 In-Reply-To: <20220921151525.904162-1-aaronlewis@google.com> Mime-Version: 1.0 References: <20220921151525.904162-1-aaronlewis@google.com> X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog Message-ID: <20220921151525.904162-5-aaronlewis@google.com> Subject: [PATCH v4 4/5] KVM: x86: Add a VALID_MASK for the flags in kvm_msr_filter_range From: Aaron Lewis To: kvm@vger.kernel.org Cc: pbonzini@redhat.com, jmattson@google.com, seanjc@google.com, Aaron Lewis Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add the mask KVM_MSR_FILTER_RANGE_VALID_MASK for the flags in the struct kvm_msr_filter_range. This simplifies checks that validate these flags, and makes it easier to introduce new flags in the future. No functional change intended. Signed-off-by: Aaron Lewis --- arch/x86/include/uapi/asm/kvm.h | 2 ++ arch/x86/kvm/x86.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index ae4324674c49..c6df6b16a088 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -214,6 +214,8 @@ struct kvm_msr_list { struct kvm_msr_filter_range { #define KVM_MSR_FILTER_READ (1 << 0) #define KVM_MSR_FILTER_WRITE (1 << 1) +#define KVM_MSR_FILTER_RANGE_VALID_MASK (KVM_MSR_FILTER_READ | \ + KVM_MSR_FILTER_WRITE) __u32 flags; __u32 nmsrs; /* number of msrs in bitmap */ __u32 base; /* MSR index the bitmap starts at */ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 670ae38f8f3e..48fe6a5e625a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6359,7 +6359,7 @@ static int kvm_add_msr_filter(struct kvm_x86_msr_filter *msr_filter, if (!user_range->nmsrs) return 0; - if (user_range->flags & ~(KVM_MSR_FILTER_READ | KVM_MSR_FILTER_WRITE)) + if (user_range->flags & ~KVM_MSR_FILTER_RANGE_VALID_MASK) return -EINVAL; if (!user_range->flags) From patchwork Wed Sep 21 15:15:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aaron Lewis X-Patchwork-Id: 12983819 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 970A5ECAAD8 for ; Wed, 21 Sep 2022 15:15:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229658AbiIUPPt (ORCPT ); Wed, 21 Sep 2022 11:15:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48556 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230078AbiIUPPo (ORCPT ); Wed, 21 Sep 2022 11:15:44 -0400 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AF168C47B for ; Wed, 21 Sep 2022 08:15:39 -0700 (PDT) Received: by mail-pf1-x449.google.com with SMTP id u131-20020a627989000000b0054d3cf50780so3714791pfc.22 for ; Wed, 21 Sep 2022 08:15:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=2gChb2mZIRsjPOMMmksGp+RecOjQKuxIHCTvu3UAjtI=; b=P+agJWVynGZ+z9kGjbw/1DvFhP8x6E+hCKegnuO2tlmMLjudEN10aiTNFPUYraaOtj ye6ZTe4vCXxgabOsEChScm6Jk2F64EORRBQqHcJ8ax0r4TeT1yd4pQ8PVw6P00p1etH3 ek62m1JQ9F2CXfRPkF/9l/D9SHcG50kAtyQcSDIHzKA8l3sYakKyrFCYx3H4amVFEBOE gu/CcgqUBYPIrMnFwLhpxcO7PMnA0Anl5OBdlvdn/cpewtRMYk/znR5Y0IutSgYBzMlI 1KHfUHVeINe73sbzxoGveAk0Q4CK0x8xsciI1hfpnveTBmbg0lKcFnfpTQiYxaMi5gbh WpEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=2gChb2mZIRsjPOMMmksGp+RecOjQKuxIHCTvu3UAjtI=; b=IDlQLO/sHAyWUoJhF//N4WtTL6sQ++evqFJzLyfmhUbvi82zprGBJDfDtfWxUFP8OK 8HIgKa7B3G3tUAhPN3FaPKxguC/2/MfPDri+sw5d0a+j8SJ4wkE/xTU2zzKkqgnxjXwx DXvqvZCyOuD8ZNX2/a2+50H7sbjRKUF5ZH9fZ4LIMmiYehf6PmcszKTpfaF0o1B0I9R/ KK7MpJXjmOA/05cxIqjgiSG3PqZnSX8CaEv5lLkODGeAZyxEH1KKi/T8LgL8LjIEP83R rLTpMu0EsSnLdGasBFsrZk5TUvoWjTbR4D5+x1DhH1nqDsbxkz4jWKg3uAPT72LiVqac izKg== X-Gm-Message-State: ACrzQf2FA3B/R3M08nAV1YqMEyVcuIPoijMnBBzTVxTevUwyY3PEzUu2 AjGJ6y0vXc4EEw92mZOT1Qm2A3gu3N+SxvnSAeHCf2nK0PcSzWESL1XfJ3LfwbWeq4wXfwu5rkC jKa9/FUGjp1bPfWyELPCZUP04I5jllh5mSwnfULyYfgCBIT4NSaOMjI9QvFXbGM3StKOo X-Google-Smtp-Source: AMsMyM52YUOXkCVUFEU4YtM+hoCBb0Uj3NLhwjhBMTaMkd0/kUauYoV9Wg4I3jBw1ytcpTf3moFIrNTrGsoSZuCc X-Received: from aaronlewis.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2675]) (user=aaronlewis job=sendgmr) by 2002:a62:3303:0:b0:53e:30a2:8fb6 with SMTP id z3-20020a623303000000b0053e30a28fb6mr29236638pfz.39.1663773338541; Wed, 21 Sep 2022 08:15:38 -0700 (PDT) Date: Wed, 21 Sep 2022 15:15:25 +0000 In-Reply-To: <20220921151525.904162-1-aaronlewis@google.com> Mime-Version: 1.0 References: <20220921151525.904162-1-aaronlewis@google.com> X-Mailer: git-send-email 2.37.3.968.ga6b4b080e4-goog Message-ID: <20220921151525.904162-6-aaronlewis@google.com> Subject: [PATCH v4 5/5] selftests: kvm/x86: Test the flags in MSR filtering and MSR exiting From: Aaron Lewis To: kvm@vger.kernel.org Cc: pbonzini@redhat.com, jmattson@google.com, seanjc@google.com, Aaron Lewis Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org When using the flags in KVM_X86_SET_MSR_FILTER and KVM_CAP_X86_USER_SPACE_MSR it is expected that an attempt to write to any of the unused bits will fail. Add testing to walk over every bit in each of the flag fields in MSR filtering and MSR exiting to verify that unused bits return and error and used bits, i.e. valid bits, succeed. Signed-off-by: Aaron Lewis --- .../kvm/x86_64/userspace_msr_exit_test.c | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/tools/testing/selftests/kvm/x86_64/userspace_msr_exit_test.c b/tools/testing/selftests/kvm/x86_64/userspace_msr_exit_test.c index a4f06370a245..fae95089e655 100644 --- a/tools/testing/selftests/kvm/x86_64/userspace_msr_exit_test.c +++ b/tools/testing/selftests/kvm/x86_64/userspace_msr_exit_test.c @@ -733,6 +733,89 @@ static void test_msr_permission_bitmap(void) kvm_vm_free(vm); } +#define test_user_exit_msr_ioctl(vm, cmd, arg, flag, valid_mask) \ +({ \ + int r = __vm_ioctl(vm, cmd, arg); \ + \ + if (flag & valid_mask) \ + TEST_ASSERT(!r, __KVM_IOCTL_ERROR(#cmd, r)); \ + else \ + TEST_ASSERT(r == -1 && errno == EINVAL, \ + "Wanted EINVAL for %s with flag = 0x%llx, got rc: %i errno: %i (%s)", \ + #cmd, flag, r, errno, strerror(errno)); \ +}) + +static void run_user_space_msr_flag_test(struct kvm_vm *vm) +{ + struct kvm_enable_cap cap = { .cap = KVM_CAP_X86_USER_SPACE_MSR }; + int nflags = sizeof(cap.args[0]) * BITS_PER_BYTE; + int rc; + int i; + + rc = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); + TEST_ASSERT(rc, "KVM_CAP_X86_USER_SPACE_MSR is available"); + + for (i = 0; i < nflags; i++) { + cap.args[0] = BIT_ULL(i); + test_user_exit_msr_ioctl(vm, KVM_ENABLE_CAP, &cap, + BIT_ULL(i), KVM_MSR_EXIT_REASON_VALID_MASK); + } +} + +static void run_msr_filter_flag_test(struct kvm_vm *vm) +{ + u64 deny_bits = 0; + struct kvm_msr_filter filter = { + .flags = KVM_MSR_FILTER_DEFAULT_ALLOW, + .ranges = { + { + .flags = KVM_MSR_FILTER_READ, + .nmsrs = 1, + .base = 0, + .bitmap = (uint8_t *)&deny_bits, + }, + }, + }; + int nflags; + int rc; + int i; + + rc = kvm_check_cap(KVM_CAP_X86_MSR_FILTER); + TEST_ASSERT(rc, "KVM_CAP_X86_MSR_FILTER is available"); + + nflags = sizeof(filter.flags) * BITS_PER_BYTE; + for (i = 0; i < nflags; i++) { + filter.flags = BIT_ULL(i); + test_user_exit_msr_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter, + BIT_ULL(i), KVM_MSR_FILTER_VALID_MASK); + } + + filter.flags = KVM_MSR_FILTER_DEFAULT_ALLOW; + nflags = sizeof(filter.ranges[0].flags) * BITS_PER_BYTE; + for (i = 0; i < nflags; i++) { + filter.ranges[0].flags = BIT_ULL(i); + test_user_exit_msr_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter, + BIT_ULL(i), KVM_MSR_FILTER_RANGE_VALID_MASK); + } +} + +/* Test that attempts to write to the unused bits in a flag fails. */ +static void test_user_exit_msr_flags(void) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + + vm = vm_create_with_one_vcpu(&vcpu, NULL); + + /* Test flags for KVM_CAP_X86_USER_SPACE_MSR. */ + run_user_space_msr_flag_test(vm); + + /* Test flags and range flags for KVM_X86_SET_MSR_FILTER. */ + run_msr_filter_flag_test(vm); + + kvm_vm_free(vm); +} + int main(int argc, char *argv[]) { /* Tell stdout not to buffer its content */ @@ -744,5 +827,7 @@ int main(int argc, char *argv[]) test_msr_permission_bitmap(); + test_user_exit_msr_flags(); + return 0; }