From patchwork Sat Feb 1 01:55:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956037 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A62CB224CC for ; Sat, 1 Feb 2025 01:55:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374924; cv=none; b=JW1RJyEeX3SxwEoyJE2rp7lYGzILQVedJnhaI5f8sqj75n6BsUBAJjDR4fv2JIYBktWvGxYwxyxSnfC65epM+LcsItPdcpqE/K+wVP89BQ1pzFTuT2I7HS6YjSwAtqRRpRDotugtvQYX7ToNvsJ982HSW84KoZLy/+/PmiMy9qE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374924; c=relaxed/simple; bh=0UVEz7Yf4APmVdd/+AGLKukxGO1cn8yh9iUuPAteZH0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Y+AD2wr64OFur1xl2ohPPVbsg5MOEQMQRpiYYi4L/qTaIXEfMcR88hooY+MjD3KOnvS7tDBSgRcBvtIfn6Q/zmkB7ZjzYhACDEyYwNfYv2yvoi1Xy+LfeEDA/BXG/lb0/2pd8jEjE0umS2u4U5EZOszIHM2a04bR6cg+IJdIoW0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=iicOtG3b; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="iicOtG3b" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2efc3292021so7243802a91.1 for ; Fri, 31 Jan 2025 17:55:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374922; x=1738979722; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ch7J5FApSjtLmMgjboJuXdLA8zQpXCRwdiOWm7e70JA=; b=iicOtG3bpbeHW44yFQ8yLwn+p2w8oZxs+jt0zfEvwHRKOqtxxcSbkYpF/M3ZM0feDi jplq2VOTsiLMtCjZHRcMV8TOVt9p2xeElMWuebUR1U+j2ffVWWviJxyITT9s6bx9dXRn FRdBEzBTmJ+lyqxWo5PQDuY1s1HVKUlxM60gNcUoI5E+1VL893FVim4v+V+NE1lBr8sl hF8LzVGKihB5MfYybljA+uemWgsIQ9sU4b9W7OpA9HIsPjxA8Li7mpo9GbQIlCTE06UP iNWqrnso19e3Z4gcrZOpM4e1CFSC4vtNvLbAqkg4F0nDsi0Z2lOAs6Z9Mw+5CC2JSOZ5 Diew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374922; x=1738979722; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ch7J5FApSjtLmMgjboJuXdLA8zQpXCRwdiOWm7e70JA=; b=OKQaixv9pFM3zfv9EFE/9kLY7EstCVAroP4wSzgyiOJct+dey0Uz6KhL3J4hry8ZNo wfotSpHRBenjfRQpRqHhfzgYzPq46EmIGbiwZM0MycVzojv3Bn7/FkGORmJWG3LHxR9B D91bkOORGRthVhY0v99GhXO2XXpr0zYK84+bRx5Q89c6xYYoyBrS1FnDb676DHaNUTIK i5zNEcVs4nFyp9IEU3OfYFK0fsOF7naJIDTpYpfGkhv92Jmf03pwlmEaRObHfuriFgye /eRGxp6lgz4cS9S+11paeVRr7LYGTJ9dr/BMe/mndHHwmBZRrUHtUqlAq9zvO6BRXe6M 7KnA== X-Gm-Message-State: AOJu0YxjlCLCDdkzD6hVN3Zn1WmVasQe2vsWwusbP0+NIy2KtBeK0Ghk 2g9KyKbQsKkU/aGEUuYwBBW9o5IT2sidhG4BDNt32GDMsnGggyIKDMVhex4EFN5GyvOFBRqmZCj 41g== X-Google-Smtp-Source: AGHT+IGvjkw8fnnEbcSuYvUL2VtZua6gMJ2cUrDqwz56RDm9CnaQqFl8dZRTAPoXgRzxuzyE3ZLzmsbAtzc= X-Received: from pjbqb8.prod.google.com ([2002:a17:90b:2808:b0:2ea:6b84:3849]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:c88e:b0:2ee:ad18:b309 with SMTP id 98e67ed59e1d1-2f83aba9d18mr18457927a91.3.1738374921915; Fri, 31 Jan 2025 17:55:21 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:08 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-2-seanjc@google.com> Subject: [PATCH v2 01/11] KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org When emulating PAUSE on behalf of L2, check for interception in vmcs12 by looking at primary execution controls, not secondary execution controls. Checking for PAUSE_EXITING in secondary execution controls effectively results in KVM looking for BUS_LOCK_DETECTION, which KVM doesn't expose to L1, i.e. is always off in vmcs12, and ultimately results in KVM failing to "intercept" PAUSE. Because KVM doesn't handle interception during emulation correctly on VMX, i.e. the "fixed" code is still quite broken, and not intercepting PAUSE is relatively benign, for all intents and purposes the bug means that L2 gets to live when it would otherwise get an unexpected #UD. Fixes: 4984563823f0 ("KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted") Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f72835e85b6d..3654c08cfa31 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8092,7 +8092,7 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, * the PAUSE. */ if ((info->rep_prefix != REPE_PREFIX) || - !nested_cpu_has2(vmcs12, CPU_BASED_PAUSE_EXITING)) + !nested_cpu_has(vmcs12, CPU_BASED_PAUSE_EXITING)) return X86EMUL_CONTINUE; break; From patchwork Sat Feb 1 01:55:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956038 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A94638FA3 for ; Sat, 1 Feb 2025 01:55:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374925; cv=none; b=ToxRV5DgTmEatn3cAlo50aTgfz6erlMMFlUQuBjUQHBRUVPRoARp3ik671z7fgjee/EcPuaraqOBFIhgDE51FISJTVLwXPUEXvf7t9SwVuTPU0xZgysHDNiINsFQ4pXtSaC+5bECiivtrf60peio/oCKjN0ujTGnNnZ5fjx0K0E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374925; c=relaxed/simple; bh=2nRKDkSWDDf8jzC//34iIp61t0/QFHqNiM2wu/iV0a0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MnPH/VrkV3enJGay0X75jM3dmB4NcFtREukoe4vAkzjkIA33LL7hHH+aPnxrdTCKiJHv2H8BZDqIxDj8z93/cNl1fn3MRMSOsM+Y+YWbZaMLwY41h7ALdtGsDtCbcwZ0mjtOcMAwNQJ49IMHsW+XHtqFQYgFtpPQj4T0HrlXI+Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2hbg7+8i; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2hbg7+8i" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2f550d28f7dso4949823a91.3 for ; Fri, 31 Jan 2025 17:55:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374923; x=1738979723; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=hIrDaupeXQ8y0x86Zzi3JQgYPukIHboTrBwjEiiwuw4=; b=2hbg7+8ikYMk2wIJazfc04kvyiiaxdRdbmdhJnjgsgjvTYgqmqnzEnd7wBlWn5W+LP xgctsMkQS0QUGWNMuWeI5LfRnaYJNyB+6CqEqAuVla3EG253GePIUK+qe5e6N3Jf32k3 04fgHo0qEMr6OJ+NSUBvJal16/dFl1fkpL+nKceaZHf1nleDH9HLstqA0eH499yNlolU gFPTa/HfCAHpmQxp25ZM1wQLzVeGD3B5uMZAsOqPjY7GOWLwH6eeLgkWWg6y7rkxmlBF DfrSAGG3sF8stO6CzWp6OzliQ2Xze10hFLY4oro2EXfOSbGz2xXjN96q3pOzT7iu8DiW Y8JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374923; x=1738979723; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hIrDaupeXQ8y0x86Zzi3JQgYPukIHboTrBwjEiiwuw4=; b=b11gjeOT8sG5xo+yA3RI/uuwL+KmdWNzf9QFZWjCaTBWahVonjmzsW0u9KR1Kmuue8 UHHe8kCACs+GfUv6Cr20qBWkh5RWXirSjete4EzDIUd3RUodumvbZdWfdCL5XJxSe5Dt i0gbRxKaD1W+JMwUAtEV7PnrGcj+9wYRAjOLliooVTHOrD6lH5fxwM2wrLFVdCwfVfi0 Sj1ZYf6x1nzOXfrx5CkMrFOIulfnwTpjqluCnZnXOynnJqv4mKidmgX2i206Nv9TvVHf aoTlTkAzc4RKnNK0NRcdETZAlR3ttBlQSU1UAAGqYtThWof8Ms+oWm0lq2hlfhTi6o2J 2n0w== X-Gm-Message-State: AOJu0YyZbyZY3PbX2KmcWS0X4z8eIDs3vfvr53QzW8KwTD40AibgnI27 9nBFFJhutTojUdjsk8Lv47vy5Z6yFxioOXvul5MSpalYwcgpZ+uy5z+2976Z9ZEDgS569+urHXG ccA== X-Google-Smtp-Source: AGHT+IHT7N7Q088xoXBNld7OpzfjuKQVGlZu3JPwD40gzpt9LBs7F2KvjEbfG5sWR9bPdoFOLRy/GEsuv5U= X-Received: from pjtu5.prod.google.com ([2002:a17:90a:c885:b0:2ee:3128:390f]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:538e:b0:2ea:7fd8:9dc1 with SMTP id 98e67ed59e1d1-2f83abfedfemr22296630a91.18.1738374923421; Fri, 31 Jan 2025 17:55:23 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:09 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-3-seanjc@google.com> Subject: [PATCH v2 02/11] KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Set "next_rip" in the emulation interception info passed to vendor code using the emulator context's "_eip", not "eip". "eip" holds RIP from the start of emulation, i.e. the RIP of the instruction that's being emulated, whereas _eip tracks the context's current position in decoding the code stream, which at the time of the intercept checks is effectively the RIP of the next instruction. Passing the current RIP as next_rip causes SVM to stuff the wrong value value into vmcb12->control.next_rip if a nested VM-Exit is generated, i.e. if L1 wants to intercept the instruction, and could result in L1 putting L2 into an infinite loop due to restarting L2 with the same RIP over and over. Fixes: 8a76d7f25f8f ("KVM: x86: Add x86 callback for intercept check") Signed-off-by: Sean Christopherson --- arch/x86/kvm/emulate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 60986f67c35a..0915b5e8aa71 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -478,7 +478,7 @@ static int emulator_check_intercept(struct x86_emulate_ctxt *ctxt, .src_bytes = ctxt->src.bytes, .dst_bytes = ctxt->dst.bytes, .ad_bytes = ctxt->ad_bytes, - .next_rip = ctxt->eip, + .next_rip = ctxt->_eip, }; return ctxt->ops->intercept(ctxt, &info, stage); From patchwork Sat Feb 1 01:55:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956039 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDA917DA9C for ; Sat, 1 Feb 2025 01:55:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374927; cv=none; b=iqezfAlHUPftqB8U8XOGj26zLlvYTxJtwKVno5RM1Ru2zIxnh+r6szuA21k1SVYrtogSz0f9pPDtuZaI/L2hHzI+6RqXCsAQwPSCcRAX55wrFD54rICVUKz57dUhnbiM7Bn74s7jFQSqb2VNWLES92bAoADMreU55EMKy3ax8k0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374927; c=relaxed/simple; bh=WTPZCV619SX538Cn6Abym6cnK99EEExx7aoodOVpBsw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CwepP6HYejkLLuN/kVZd+xttxqsoB5QmdSlXXLRO5PYzXYGSqaeBweGrl8nLlizh0MQWUul7aaVHciOXRmHfDSYJUgLTD7+GaYph5NuTBZqke/C961jOKZr77/x6V1H0HnlCwJL/JfYAWAupiw0bQV0yKjlViezsJELA0bvG1KQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=uhG4C+Js; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uhG4C+Js" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2efa74481fdso5175664a91.1 for ; Fri, 31 Jan 2025 17:55:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374925; x=1738979725; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=m3XOaiGIiENgl8NnCw2lngMp/lfgzjhOH8n22r5XeXs=; b=uhG4C+Jsyf7SQb5nbd/RoqDQo9efDc6yDtsZKyKZm+kR6nzG52nYL9hE1aOETaplfi GbDmZsmF2/JDGIL23IU9gjFwYdXMzTvcTVrouABvrG68Xp94rzXwHMP4u+FOy4ZUk97U z9Ypl9yVt5P2+3MiYy3W58DSP4XqnUqr2GuYMIMztqdDZdXfC2cNhAw2a6tflvkqcwAU Z0trLM7UxfFRecZvatlz4DekyTxFcZ436V4rA1I2jxKMjZSEmO2ZzdZeZ3DwghqkTkJM 61PbFxtCDitM9eyFQxqVvjleKzQWwRNiUWQjJe3fwAGp6jOGrlAL4VGHmruWkf00Oow5 /7cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374925; x=1738979725; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=m3XOaiGIiENgl8NnCw2lngMp/lfgzjhOH8n22r5XeXs=; b=RMdUFA8kU82LWrKOfzy7dyCf3oiWV0WwFBDoMyhnhQjVMWCrZtIrtmo7DJUvbdmikf AcXLnD0AIuZs4AuFWO056U1w7OgchGKLegGPP+FD0PdjeSIJF+LpITRLEKhSAd688Eaz YfY6v2KGOimiMLF45tkEUWqYXMfKnwRQ5e4UohK9MuNujzcL5XqrunqhqcuhIN8LJvd6 LdvgfVRgTno0XUt/OpUtN6zqHTc/L0iVvTFQi69GkxZZqwXET7fxAthHE+2fPVP9PO4y CYuHfHOdZ/tyjhce3O4HWXvQoy3xDcNdOwRLWN7a5cxA0Y5jZiZ1LcJsQw9GrUB6M+RY I+Ew== X-Gm-Message-State: AOJu0YwDO+eO2FY09CbderNYDQ1MyGIeF5gl5USoCGKf7plM5CU/Q8/J schdwi5SbDxHz38vs8xbesDAP3Wy676bDXvQHib2cFHOuIevd8CTvdkgdrdJTRKP4NRShAY6FMz 4AA== X-Google-Smtp-Source: AGHT+IFuItppbgWp7/fYWByB+OH6h9nXO6RPKexQwfXO/X+6riuHAEF3pgKvJptYfZThPrJiMZ3r6hXCHQI= X-Received: from pjb14.prod.google.com ([2002:a17:90b:2f0e:b0:2e5:5ffc:1c36]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:d610:b0:2ee:4513:f1d1 with SMTP id 98e67ed59e1d1-2f83ac5e5bcmr16213901a91.23.1738374925164; Fri, 31 Jan 2025 17:55:25 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:10 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-4-seanjc@google.com> Subject: [PATCH v2 03/11] KVM: nVMX: Allow emulating RDPID on behalf of L2 From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Return X86EMUL_CONTINUE instead X86EMUL_UNHANDLEABLE when emulating RDPID on behalf of L2 and L1 _does_ expose RDPID/RDTSCP to L2. When RDPID emulation was added by commit fb6d4d340e05 ("KVM: x86: emulate RDPID"), KVM incorrectly allowed emulation by default. Commit 07721feee46b ("KVM: nVMX: Don't emulate instructions in guest mode") fixed that flaw, but missed that RDPID emulation was relying on the common return path to allow emulation on behalf of L2. Fixes: 07721feee46b ("KVM: nVMX: Don't emulate instructions in guest mode") Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 3654c08cfa31..9773287acade 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8049,18 +8049,19 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12 = get_vmcs12(vcpu); switch (info->intercept) { - /* - * RDPID causes #UD if disabled through secondary execution controls. - * Because it is marked as EmulateOnUD, we need to intercept it here. - * Note, RDPID is hidden behind ENABLE_RDTSCP. - */ case x86_intercept_rdpid: + /* + * RDPID causes #UD if not enabled through secondary execution + * controls (ENABLE_RDTSCP). Note, the implicit MSR access to + * TSC_AUX is NOT subject to interception, i.e. checking only + * the dedicated execution control is architecturally correct. + */ if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_RDTSCP)) { exception->vector = UD_VECTOR; exception->error_code_valid = false; return X86EMUL_PROPAGATE_FAULT; } - break; + return X86EMUL_CONTINUE; case x86_intercept_in: case x86_intercept_ins: From patchwork Sat Feb 1 01:55:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956040 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66E9D179A7 for ; Sat, 1 Feb 2025 01:55:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374929; cv=none; b=JiOx1dYHgPCoHM6bk6ofzCH4XzTEsgUO2ml/3TyXOcIkjzk1LCc2+fSHwVVuLhD4p0YSuYj7fEGHGQzv+dvlyWxJPh0JLgKSewszQbkOAv/6xjQ4R5mbkj7KpJaKx0AXvq/DFjBOtBk5A6Qc29mM77YQxeqqKtvXh6nMY6k9Z+E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374929; c=relaxed/simple; bh=2L/cnO9EtXQAJOsgX3k8m5pz/6fkrIp1s4+pPXI7COU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=EVImZGvpKWrSfSGHP8fdHUk7ueo63Ab2pU5jXqDD8DdirJUEikm5achWgE4YFYrtZ8uLTbNLe6skUdvLipzhbimvflRI1jFEcLuylLloWgdNGBOQjOGhbgIB+70NJBKuK4nox99e2ftLxIkE3Kam+DvCQ/2RiOnhhtSIUscKduI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=togLWU4P; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="togLWU4P" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2166464e236so77952115ad.1 for ; Fri, 31 Jan 2025 17:55:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374927; x=1738979727; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=POYPQ5yMJ4zL9xLSOyVPlGOIMkdLL5mZFIi+OVlxA4k=; b=togLWU4PwCPHAA9d27IUou1fAo1AgBKoNtYLoN/TjCSmNc6m22heoekzY5LXtskzne AXw4GyyRamuPrHc6RzvRUoMFPvuPyS2/6STU6OSATnCrHPB4E8NLwI2aW38HJJw92XpH HLiikN9eT0HpvsNxpqPzBGHFJtieNu2BCHxGtXcuvLI22vYb8Wa2GNvIt4Un6/PDkjDp lS5fwE4Rsgoz15nHmBpyFTsjNRGBpmlBTZDse1cUrrlC7t8HC1Q5UstHJdYIMaydLWAJ UdTH6CAcH15H2F28aCj0L03uGZ5m95iJe6FzHlY6MOG1qLGvMy1lzImRB3rod/HIdmna KDvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374927; x=1738979727; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=POYPQ5yMJ4zL9xLSOyVPlGOIMkdLL5mZFIi+OVlxA4k=; b=mlVPaQhXiI2WFZNVeOBYExvhbOoo3HonwRcJpk6EyhQbW/XNcoVfz2bFjA0TE81iMO ZLSLCyG7W1GGhrRbtJHIAgRo1Pe7LlYOEICEZl2WltwTBDic4lt7aRv1Q2Jpbx5ddofx v5VlewRKaSlm4lNpSTEYBe2vyPrxxeII+uP4l3uj1j4K58n6A9Xc8oH0jXzB0rKzjNvm 8jN3s1IwiA1Ur6tj1FBRrSGH6lgjeDBQTGzVYhm6Ya3egfnP8m4+EkwGoxKV8LdHl2k/ URDU5gD00+CrDt1311Yh7nT9rM4wRix/MW5WVxvhmpZMqlOL++k15oX7tUQ6DR5VxisX 4I2g== X-Gm-Message-State: AOJu0Yw9LcY0eYjSo50Px4paWx5jvmj3bQjfZcDOlYj8lpt22FYsAdMJ cQbOEQP4hD2xY8NEPlrN2twKvfsfxkthpS7DlpK9uAP7mZGBNnHJ4H+n516JCo6nlUlSIJbZXx5 75g== X-Google-Smtp-Source: AGHT+IFucuJj48dbyTnCbLgl25vShezhlevEBnCH9ynRc5KSrkn3lU4zojxv7hZQDWHfYCSBvzxzdIeNmFE= X-Received: from pjtu8.prod.google.com ([2002:a17:90a:c888:b0:2f7:f660:cfe7]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:7c8c:b0:216:7ee9:21ff with SMTP id d9443c01a7336-21dd7df06f5mr157673425ad.49.1738374926702; Fri, 31 Jan 2025 17:55:26 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:11 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-5-seanjc@google.com> Subject: [PATCH v2 04/11] KVM: nVMX: Emulate HLT in L2 if it's not intercepted From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Extend VMX's nested intercept logic for emulated instructions to handle HLT interception, primarily for testing purposes. Failure to allow emulation of HLT isn't all that interesting, as emulating HLT while L2 is active either requires forced emulation (and no #UD intercept in L1), TLB games in the guest to coerce KVM into emulating the wrong instruction, or a bug elsewhere in KVM. E.g. without commit 47ef3ef843c0 ("KVM: VMX: Handle event vectoring error in check_emulate_instruction()"), KVM can end up trying to emulate HLT if RIP happens to point at a HLT when a vectored event arrives with L2's IDT pointing at emulated MMIO. Note, vmx_check_intercept() is still broken when L1 wants to intercept an instruction, as KVM injects a #UD instead of synthesizing a nested VM-Exit. That issue extends far beyond HLT, punt on it for now. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 9773287acade..fb4e9290e6c4 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8083,6 +8083,11 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */ break; + case x86_intercept_hlt: + if (!nested_cpu_has(vmcs12, CPU_BASED_HLT_EXITING)) + return X86EMUL_CONTINUE; + break; + case x86_intercept_pause: /* * PAUSE is a single-byte NOP with a REPE prefix, i.e. collides From patchwork Sat Feb 1 01:55:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956041 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A287413E3F5 for ; Sat, 1 Feb 2025 01:55:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374930; cv=none; b=hI0JtjQJHSv/93F12ixpaZjW5BFrVIfSL2SSM7OcJFGbcVp0xJJE8Mq0gOgBtjlSxqmwIXNxvf+pUH9YSv28zwa7OH+cJ4X63VSkEBAA3CR3jLWdiwHg0Nqfo6UNTS1xZ23VyhoQwqzAkc8ocMjTMNEQPEgl/OuRFgw+gm781yM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374930; c=relaxed/simple; bh=4KLJLbNb3dm5XQSSplNU+uwKog1RwQjU+uH/1EHjBWE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Va7Bp1ApZL9smiNDId4CN166VXNNHtNEymYQCAh+ot6KR+sE0g1Un76bi1IlBZKpyfoIvEbRoi/5qpyoaElyPGSQEQQ/rkHJjATQMKgP47jiIOWyi4vRLTJ4iWKmPQs+PYAf4SN694W7craZNLAlBlFD2fvGggGLaqGBw3EqiLU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=y92IgAIr; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="y92IgAIr" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ef9da03117so7078183a91.1 for ; Fri, 31 Jan 2025 17:55:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374928; x=1738979728; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=8fgNag4pP/Al/+jEnlzyFsUV+JTyAkY6cS8rvrrIp0U=; b=y92IgAIrikDSXHbuB6TMccQFPaLb9fatP0vEq4PCjTd0nlt8Yyvex1YY86Lj4kJzMs 99XRQsTBFgjJzFqbTn8Bv0Ar7WXlQAZfJinb6Cz5M1m1b4YBtmSxX247QJbpDTipN6vf zA7cJ7lzVVwdkWsIqJ/vSRJTzqscmpDaPvycpOhy/bim1SA0SjvurFxmXPbIbkoIlmPH 7uRWxgiLKY0ylo3IRon9grhvjaDZmELAoK5DqAnGC5y1GnfKXgw8ZBiwWLkhJR8h78kl hbInnlZG+ECU2mU2vLeubLCupv/ZcKu3UyegWnRicdRObRTllLMEll5RCndDpNc13VSq QZyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374928; x=1738979728; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8fgNag4pP/Al/+jEnlzyFsUV+JTyAkY6cS8rvrrIp0U=; b=u4w17zYqnZyqFw9y9Nb/yIjiGYvbVhpHR06eCtF4D/xa5vHn9Eaw1hIAmSJxrjNj5W JekIhfqhPUtxkljloKKnrx9NhU5DQdEommeR+senVs05OTVoSa9xqNVLXvxWtl2oxHjJ ILN8tpoM5UWj38C68D2FkLYlZmwLFqmdp9966ansYWEsyfurpLgNK2vb3FWQ0z03hRmM 1vWK2x2ra6dhe9oli+Nx81/37E72id9XeWf5Pkclyg2wGjDf+YiDAbyAottQfSp9QM3l KWoNRkx9xRQ2sNRyIGJhygmrotOWwh1gSFaoAGMdcqwp8t6xZVoP2QIEsivDOHCR9Hzp GGLQ== X-Gm-Message-State: AOJu0Yx+pnT9+glZYK+d/C98Dr9sOHl9orShfq1+mQ/1wYkr5Ud9W032 GRqrL8iXA/doB6/QbO3zcwANcncs9B6Wbe+Ne88P7jKITi4ZjRcGHvNMmEVUAiP7dYibdQduSqh jLw== X-Google-Smtp-Source: AGHT+IGat+UI+PbiqPp0x4IlhMTMlQ4Wh/0OH9JXwg33xEB/TjQQwBsT7F9d2kQn++dFr13DA3e5CEPT9Os= X-Received: from pjbfr16.prod.google.com ([2002:a17:90a:e2d0:b0:2ea:5c73:542c]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:264e:b0:2ee:53b3:3f1c with SMTP id 98e67ed59e1d1-2f83abb4032mr18429535a91.5.1738374928261; Fri, 31 Jan 2025 17:55:28 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:12 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-6-seanjc@google.com> Subject: [PATCH v2 05/11] KVM: nVMX: Consolidate missing X86EMUL_INTERCEPTED logic in L2 emulation From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Refactor the handling of port I/O interception checks when emulating on behalf of L2 in anticipation of synthesizing a nested VM-Exit to L1 instead of injecting a #UD into L2. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index fb4e9290e6c4..dba22536eea3 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8007,12 +8007,11 @@ static __init void vmx_set_cpu_caps(void) kvm_cpu_cap_check_and_set(X86_FEATURE_WAITPKG); } -static int vmx_check_intercept_io(struct kvm_vcpu *vcpu, +static bool vmx_is_io_intercepted(struct kvm_vcpu *vcpu, struct x86_instruction_info *info) { struct vmcs12 *vmcs12 = get_vmcs12(vcpu); unsigned short port; - bool intercept; int size; if (info->intercept == x86_intercept_in || @@ -8032,13 +8031,9 @@ static int vmx_check_intercept_io(struct kvm_vcpu *vcpu, * Otherwise, IO instruction VM-exits are controlled by the IO bitmaps. */ if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS)) - intercept = nested_cpu_has(vmcs12, - CPU_BASED_UNCOND_IO_EXITING); - else - intercept = nested_vmx_check_io_bitmaps(vcpu, port, size); + return nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING); - /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */ - return intercept ? X86EMUL_UNHANDLEABLE : X86EMUL_CONTINUE; + return nested_vmx_check_io_bitmaps(vcpu, port, size); } int vmx_check_intercept(struct kvm_vcpu *vcpu, @@ -8067,7 +8062,9 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, case x86_intercept_ins: case x86_intercept_out: case x86_intercept_outs: - return vmx_check_intercept_io(vcpu, info); + if (!vmx_is_io_intercepted(vcpu, info)) + return X86EMUL_CONTINUE; + break; case x86_intercept_lgdt: case x86_intercept_lidt: @@ -8079,8 +8076,6 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, case x86_intercept_str: if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_DESC)) return X86EMUL_CONTINUE; - - /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */ break; case x86_intercept_hlt: @@ -8108,6 +8103,7 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, break; } + /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */ return X86EMUL_UNHANDLEABLE; } From patchwork Sat Feb 1 01:55:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956042 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6BA051474A5 for ; Sat, 1 Feb 2025 01:55:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374931; cv=none; b=oBrtpQ5zbDxPB6XpGIdGZ6dzqyq6fwIg8Q8AEv9NeC9DzpLWC2yxCfV9fxyziuDZG6J76xStw7a7MJhQUwWqajTFiKwg/39qJF0UuHvy6r7kbSBq5RWArrl4uHn+lV6tBxIdEuK+5lMjNnAN3sTL/HxkS3VvGa/tJZ468yHw6zs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374931; c=relaxed/simple; bh=UVo6Z/4dhiFoOhJN3891jfwkXaQHO7XmA6oXNp4w27k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Qu8nSi5KTVK52U/an7rD+32z/0id1j5/4Pr2LN6G/bUIlGbL/C5uitjlF3b/HPEKnKZNKAx1NuMNUixM5CJZXDyVg6XKomQYzu4BlXGT837wQQRuU+fjBGMu9jQDqYqyjINUBYNL0jNks8pyQrXRRuZ7Zbq2zj65DYMUaKDNca8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mzEZ5Vs9; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mzEZ5Vs9" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2165433e229so55771165ad.1 for ; Fri, 31 Jan 2025 17:55:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374930; x=1738979730; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=0INf1hRV37RA1+YvoWbzTJR4dkVI99fKTSGmyPC5dJU=; b=mzEZ5Vs97O31l/9kt1fkZuYauIIbpjCeKMbgYDDnqRfI7tAH+JqYZ7JiGKepum6kSi sMsAOjezG5AT61e8Sg8y7+ftKjTF9N/hO2BQ75xLpS48efhBTLhQkwkxAZMLFcchmTVo ouFvVRijd2AWPVIlEMouW+lTPLJNoVKec7+QduM6BMSgOY/8SXx+1SC+RHtBqguaNAK6 AGTM07VsC/rThvxKV81U6zKgpmlzJUnIRPi+2244yPkt9VGKLBichYKOALxXe314sncB uz23Qfyz4miMcqqCCghzvIECRTgmtlkXasa46tNwY+J46+quTwNxPw+9hwKmOdRfLxCU gy7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374930; x=1738979730; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0INf1hRV37RA1+YvoWbzTJR4dkVI99fKTSGmyPC5dJU=; b=VZaoB85vksfOPGYrn64nzIw2XAM2dNrJpKt+7h1uAEgM+kO0A/9rBk3NfLeOdJ8RcT RkNQZCasLpcvzLQpiqT+dLY9e5pGb6uzYQWsjUUTISRJQgqyjU3qQv1THOewVKdC0U3i QZ3CL9xHTcYze5NHyTpre8PH42TG6blfZxbGETCJi2J/KVkD2wCZXJjFPtASCnIlhp+s 3z/PR5e+Sv7N399HSX26LWVbsCbImPJ/m4UHY838Xc36kbKW1StiAXecVwJ9h2v8xXG/ pNlT4QhIEEMHjKsLEfstQDx6/tPWaWr/dWV+QImTHXK2vtyudwSRLHe/urkj5iwh4E2d bHNw== X-Gm-Message-State: AOJu0YxG/sJvSFi+cz7A6VKfyH1Kab3dMyTEyc66eHM+d6tORXK9geb7 TqBzntHBTUebyVmPMNePmNf2+SVbqLX/nEJ8OhHotrm1la2rEoMgsb+ND4Fn4qFbP8HjY1T3+nS PLg== X-Google-Smtp-Source: AGHT+IGLVsvqFq/nTpkDat1Ox1psJO6hj3GlefNPyyLrelICESYBuGk1uv8jjM8KmSylaMLfqRUmiTgQ0Cw= X-Received: from pjbov11.prod.google.com ([2002:a17:90b:258b:b0:2ef:7352:9e97]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:d582:b0:215:19ae:77bf with SMTP id d9443c01a7336-21dd7c66949mr218457115ad.19.1738374929971; Fri, 31 Jan 2025 17:55:29 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:13 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-7-seanjc@google.com> Subject: [PATCH v2 06/11] KVM: x86: Plumb the src/dst operand types through to .check_intercept() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org When checking for intercept when emulating an instruction on behalf of L2, forward the source and destination operand types to vendor code so that VMX can synthesize the correct EXIT_QUALIFICATION for port I/O VM-Exits. Signed-off-by: Sean Christopherson --- arch/x86/kvm/emulate.c | 2 ++ arch/x86/kvm/kvm_emulate.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 0915b5e8aa71..ca613796b5af 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -477,6 +477,8 @@ static int emulator_check_intercept(struct x86_emulate_ctxt *ctxt, .dst_val = ctxt->dst.val64, .src_bytes = ctxt->src.bytes, .dst_bytes = ctxt->dst.bytes, + .src_type = ctxt->src.type, + .dst_type = ctxt->dst.type, .ad_bytes = ctxt->ad_bytes, .next_rip = ctxt->_eip, }; diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 73072585e164..49ab8b060137 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -44,6 +44,8 @@ struct x86_instruction_info { u64 dst_val; /* value of destination operand */ u8 src_bytes; /* size of source operand */ u8 dst_bytes; /* size of destination operand */ + u8 src_type; /* type of source operand */ + u8 dst_type; /* type of destination operand */ u8 ad_bytes; /* size of src/dst address */ u64 next_rip; /* rip following the instruction */ }; From patchwork Sat Feb 1 01:55:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956043 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F8F314AD29 for ; Sat, 1 Feb 2025 01:55:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374933; cv=none; b=sxN1jZ0mbGNDzK0JN+dtM4S5DtzHEJhVxVf1Su0m+hI1Ho9BbG8JzIAIBbx+YpalDI2OVkJprEfyu+htuY1YcbVL9Qwaupcs3QYs2Dz/Rivyi5J4mxQ/5IImPGKoce0swHAcPvSWiihM+vDeo47GAT8CfZFAL9Por43Nvb0tpr0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374933; c=relaxed/simple; bh=vmEbPbxbMS9aUOXfyT+ZSZRy/eMxMmE8Iua31butyQA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=lbsg7mGl/03glSmQFKqkHvwjwryYypZc0ouJtl6ZIQk8Sql3eNVVCr+HYjhQEfUyJrmFQmgCoMKkLgqDqx37TMy5zOmSaMs6OhQmuXx6wVwFcebRUPVliDoPmbsv5kGXxc0/ojDV2KWBrqHtSb8OPogYLFtM7DpbLk1KeC1JDRE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ixcVm+kT; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ixcVm+kT" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ef728e36d5so5029845a91.3 for ; Fri, 31 Jan 2025 17:55:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374931; x=1738979731; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=SSq5rYLAYG2vKFAF70mfCTOkmocHERBtCqn9i2vcAtY=; b=ixcVm+kT6Brw2ZztMSq1Qyqza4qGWq2GYtbj9GQ15xl8XlxP79inYPtXDjRukspZ8f BQBwUFx+MGdJQA4lWbdCCEgjY25fvewS4POj/zc9S0w4T8THjpMDNkNa088ALea2BZ12 1sfHiQTshHN6rcm7Vqikk79brVhKjGDzZpDAraJc8CmfOT3bSiHFdpwpK9BG7KYX2xVU npj5+6oIbaviw8k/1FZp6j9z16axRIdh5tEvZLLgEMjfvOahLknWXdYSSL2Xk1tThzDX 5p6rJ0+vej5A6ruM0M7xZg9nvbUEk77sVdZng49Q+g2C7Ld9vbHEXrIEg5h85OQmoRR9 8Ogg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374931; x=1738979731; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SSq5rYLAYG2vKFAF70mfCTOkmocHERBtCqn9i2vcAtY=; b=Ix49MZvAuOmBi056Dvn6hpuB/0Of+gbrYG89NSXLgn79wyNGZRIgQhuZ2finoeri3J SBCSlL4j2YpI9oEqSoLrN8tr0Qe+uTIAdn/tgGs9WKr2AmrSicbuLUBtisX+Sk1VGkXb kthixvfVdWmEBnh6K8ydDgaeLQaG2cQ9Aqaevbqi4VUbsCBiPr/xZxiheOpyej85KNfD btt8kawMgmkgFvOXZbh6JdKPKXA/WFDq7SZgVvGS/d4shH//TVg2NSlQaEVWNx+q5h7f odvOMg5WX15EhlouQ9/sXmA68T+vSbInmb778FJ1qNQJZjgD4bfHG9YLxsMoPw9WzJFY 1HpQ== X-Gm-Message-State: AOJu0YxlIyqTBTz0jZ6QCExhvfsgLGfmxB1DaLcl6JHiI5/6ZB1Cd2CM ZYxKJEi7ldwRJ69q409XRidKBSvrsIKrsDSJVk/+kaxMgy2muCpBkD2M/PnqDzQm8t2IJvVZ6U/ 19A== X-Google-Smtp-Source: AGHT+IEFpzfH3dkO4+Y860/dfQ4O1AiD1t9jfO7r11k85kQFFgtWqnFjO6ht6BavxIM9aAIGs8WsY8WQD2s= X-Received: from pjbeu6.prod.google.com ([2002:a17:90a:f946:b0:2f4:47fc:7f17]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:390c:b0:2f8:4a3f:dd37 with SMTP id 98e67ed59e1d1-2f84a3fed3dmr12867960a91.16.1738374931514; Fri, 31 Jan 2025 17:55:31 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:14 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-8-seanjc@google.com> Subject: [PATCH v2 07/11] KVM: x86: Plumb the emulator's starting RIP into nested intercept checks From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org When checking for intercept when emulating an instruction on behalf of L2, pass the emulator's view of the RIP of the instruction being emulated to vendor code. Unlike SVM, which communicates the next RIP on VM-Exit, VMX communicates the length of the instruction that generated the VM-Exit, i.e. requires the current and next RIPs. Note, unless userspace modifies RIP during a userspace exit that requires completion, kvm_rip_read() will contain the same information. Pass the emulator's view largely out of a paranoia, and because there is no meaningful cost in doing so. Signed-off-by: Sean Christopherson --- arch/x86/kvm/emulate.c | 1 + arch/x86/kvm/kvm_emulate.h | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index ca613796b5af..1349e278cd2a 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -480,6 +480,7 @@ static int emulator_check_intercept(struct x86_emulate_ctxt *ctxt, .src_type = ctxt->src.type, .dst_type = ctxt->dst.type, .ad_bytes = ctxt->ad_bytes, + .rip = ctxt->eip, .next_rip = ctxt->_eip, }; diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 49ab8b060137..35029b12667f 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -47,6 +47,7 @@ struct x86_instruction_info { u8 src_type; /* type of source operand */ u8 dst_type; /* type of destination operand */ u8 ad_bytes; /* size of src/dst address */ + u64 rip; /* rip of the instruction */ u64 next_rip; /* rip following the instruction */ }; From patchwork Sat Feb 1 01:55:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956044 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B723A1534FB for ; Sat, 1 Feb 2025 01:55:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374935; cv=none; b=I2u/aVHMybSOMQsdiHMlfCbG5mrYrRxAvjtLA86d+ugyl4m8g9ggRjINC0hk/fD6ZEbsOyokfQybRXR/dxh6Bdu1KXd26ev3ffNHuCa3j2X5m2ylb8sEylBl+hp6UA54M0r4GmktOo07iSLlTh48P60stkdJjbM1TJXmF7PtRTY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374935; c=relaxed/simple; bh=U3aXYtXvj8rJ6en4q57EqfG8FlNrWEsTovi78JWBpUA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=b9Djie6nsPRwl0Mw7few7foUN9BWigKO4QrCWSanttzB8l0gMLalLUtNI1B/IcVDFR2/YkQy5bOh9tmYvwVr3qDZEmZ9RFpg7gBcyD4fR148i/C8V298RxZyBnqxCXXoar78BHkoptKoluJCrlUS8HsFwgkQ3cQGHEh3PJKbYwQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0dgpIlbX; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0dgpIlbX" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ef9e38b0cfso4988292a91.0 for ; Fri, 31 Jan 2025 17:55:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374933; x=1738979733; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=v6o3I4DBxjxkxXVmgva/ae+3lJMpdQxl+ZvTS60XPAM=; b=0dgpIlbXH/nk/f+ntCR66WCWi/dJgWHyos7+TcjRTir2R2E0YiHc8DlenTQu+1AoCr uq2NOpg9P/wetKjvuO1pguoWkFXeI6G5J1GUQiEt9rDvYnfvjdMBRw0Rw0/L1tmdKXHO 0S3+ftzo+1Fa7H9x/zVBzzwnnXWrcKZQ34Tn2R2jWA29wj7Muu6wmphUfzV+J18S5fss 2Vfz13DMInf5peD8VGGJ2Z7H9C27qstEpz03YyCSX0qkbyOd6MOcq5naf5C7xhghRYaO JoeHGYtVV0JanVuyD2xrFXqgsffnonm+sptkugnB0580g+q/MGblVzdJ3Mgx97JwcLU4 MLqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374933; x=1738979733; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=v6o3I4DBxjxkxXVmgva/ae+3lJMpdQxl+ZvTS60XPAM=; b=WSNSKjC5fEG/ruEhf2ZZADxyKUMTV+L7CgSdIzxds10Eg+OD5XcKLFTMRfqGw128k+ WAheUjWagD9oFfoAnfPEYw7+QlF74TchHAMVgnYvaoRZRiwbgFzU5Xs83giezmBg6H6D +hzWPAXNIO0CUfMgcVMg0kaViAkYTC5/6eCwxYMyMG4kbtOQofyrcyRgrst/6JewMGIU IMy+08/TMbaNUABY9y+2wgrkaQULM8NGPUIaOvZsydj7qFah/jwDKEdoRDjG1G4U6MCd X1IHmsuQp/dU02uHMx+y6yUurJCsksPFs2ms/+j/zzPqVMNlvuiBOBCU2LTadmbFVTjB w3Rg== X-Gm-Message-State: AOJu0YySQlQSVt8X81dvceMC7y9o3pKlf9sXmrV+I/3Xf22/4/SOFdiT iVhgN+hU4XgK51jnDSgQanGeoduhK+i9OVLx3AfV4030mofG2x5MGignGPYnx2colj6uqGyhXJ1 IxQ== X-Google-Smtp-Source: AGHT+IEJyl6b/CyC+v0x5BmLUOl5YD0/ntJw9qfYUQQK6gKPQKvDqtvewlO1PBrsM/VzRTPHCwo9rVN/4f8= X-Received: from pjbpx11.prod.google.com ([2002:a17:90b:270b:b0:2e9:5043:f55b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:3de4:b0:2f8:4589:a305 with SMTP id 98e67ed59e1d1-2f84589a325mr13600663a91.1.1738374932981; Fri, 31 Jan 2025 17:55:32 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:15 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-9-seanjc@google.com> Subject: [PATCH v2 08/11] KVM: x86: Add a #define for the architectural max instruction length From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Add a #define to capture x86's architecturally defined max instruction length instead of open coding the literal in a variety of places. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/kvm_emulate.h | 4 +++- arch/x86/kvm/trace.h | 14 +++++++------- arch/x86/kvm/vmx/nested.c | 2 +- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 35029b12667f..c1df5acfacaf 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -275,8 +275,10 @@ struct operand { }; }; +#define X86_MAX_INSTRUCTION_LENGTH 15 + struct fetch_cache { - u8 data[15]; + u8 data[X86_MAX_INSTRUCTION_LENGTH]; u8 *ptr; u8 *end; }; diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h index 0b844cb97978..ccda95e53f62 100644 --- a/arch/x86/kvm/trace.h +++ b/arch/x86/kvm/trace.h @@ -830,12 +830,12 @@ TRACE_EVENT(kvm_emulate_insn, TP_ARGS(vcpu, failed), TP_STRUCT__entry( - __field( __u64, rip ) - __field( __u32, csbase ) - __field( __u8, len ) - __array( __u8, insn, 15 ) - __field( __u8, flags ) - __field( __u8, failed ) + __field( __u64, rip ) + __field( __u32, csbase ) + __field( __u8, len ) + __array( __u8, insn, X86_MAX_INSTRUCTION_LENGTH ) + __field( __u8, flags ) + __field( __u8, failed ) ), TP_fast_assign( @@ -846,7 +846,7 @@ TRACE_EVENT(kvm_emulate_insn, __entry->rip = vcpu->arch.emulate_ctxt->_eip - __entry->len; memcpy(__entry->insn, vcpu->arch.emulate_ctxt->fetch.data, - 15); + X86_MAX_INSTRUCTION_LENGTH); __entry->flags = kei_decode_mode(vcpu->arch.emulate_ctxt->mode); __entry->failed = failed; ), diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 8a7af02d466e..fb4fd96ce0f8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2970,7 +2970,7 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, case INTR_TYPE_SOFT_EXCEPTION: case INTR_TYPE_SOFT_INTR: case INTR_TYPE_PRIV_SW_EXCEPTION: - if (CC(vmcs12->vm_entry_instruction_len > 15) || + if (CC(vmcs12->vm_entry_instruction_len > X86_MAX_INSTRUCTION_LENGTH) || CC(vmcs12->vm_entry_instruction_len == 0 && CC(!nested_cpu_has_zero_length_injection(vcpu)))) return -EINVAL; From patchwork Sat Feb 1 01:55:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956045 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 383B514AD29 for ; Sat, 1 Feb 2025 01:55:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374936; cv=none; b=NtX7v3n2Y4MD/NpLFofTA0YpLpZW5k2lmC+s/EXiFV4mXkUfW1PxavHdOrFd7lsSPZyyspEGsQlav1lGYq/ie8awYskCdlbcI7pxYDRrcCRO5AV2YeGgxB1nLYZXgmUwBqEiPh5uMcq3VXRHaDDcnNs5bzsHVWKkyo6RUkSzRB8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374936; c=relaxed/simple; bh=9iTUooTz+GzVh7vu6TOu+J68+KiYzSjVIC9jQQLaLOA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=NEcww78hJIU3MRW12KLyRq3/qUSsnm+/m3UhS12CPVO2+S6JqTOid0wruQmjPbvMXrv81+16NLprunT+FvkcxlreU36DZrgHTR5km41qDxht6q3ZjXHen7lloy9rEw/pel8/E4CUIgBAdg8Rina+HgV/zawz0sGoK1UzvIC1Yy8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GkxcYgxu; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GkxcYgxu" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ef8c7ef51dso5129109a91.1 for ; Fri, 31 Jan 2025 17:55:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374935; x=1738979735; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=3XvAvsURv6o+VBrJhyeGBkEYBU2JVuvbJ6IwloO/TZA=; b=GkxcYgxu0vHUVBHp9OhoP7jzzjcnUoodKe9oW04kojqnxnyVLvpMRB0CzTr6V70GN5 G+K/mKCruldubRQGcOZzIBNkpB8CBULmyHPJ6yMKUvFdR4uvf2ceZjBVL50WGQZL3d97 9w7VQcNJLnOa1RippEhRgNAJoDmKJ1ThW7AhzDcDVkGipMrbNUWzWBRg+B/vqCPlmMNb Dt3axv0NOgefFiZ+fp9H+nFMg/y9/Sz0eURfmCwgyK3gpHF1N8VQHvmFSwxrRfYtvuTm 8zt4obe9/8TrUaGjrAb71tlb3xKz5vzVFtGrpjoUpPrySEHvt7dCObV8jwQUZhqHhosf WB1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374935; x=1738979735; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3XvAvsURv6o+VBrJhyeGBkEYBU2JVuvbJ6IwloO/TZA=; b=fwM1GxGnv0S4f5OnmPARFUyg6Fl1BaHENnlp4PiGq7Fm8pjKglILWjAeq7U7/97tUg gljXbYbyBJOiH5uU6iNZNTzdQmpk6hWQJ/Tjnf4QUHcvPmkXvJf2SzdpBY1Geku6Q/ss d8opf7DgmbwlWrTxLmWkyBpgKUpbXi/7vvKCe3F6u1IgrNs8EzVBE7X9HG0t5uHJvaxC mFvspL+vnqgkmYAL/jxkmxJp/8JXMiktoBtMwg1AHtzV9jr//dTt+NdAxkuesAFRq9o6 l60qIEHeStebkQmKtVpGZCqDd+lXMSadruxIaK68DIgsWNuz6J0UNGKHqjff2Ycq6k/R Em5Q== X-Gm-Message-State: AOJu0Yw2ULX7NkG4EjIRlbGrVVW8Z5c9G5Vj8l/5TatpafEdmbJoFCF+ m2U7sqLNfvrt9xIXcUR5cl/TviCUPc8ofmpaTK1EJTj5aCReYFBhNGQVjx4gJb8XrhRnOZbmYGc 54A== X-Google-Smtp-Source: AGHT+IGOzvDdQI0HEUYlP00LQniZPDx482XdAtwcGW/8CaLpA5IH2YAm75ndxRKBH6ny5DWYhQDp8G6wGwM= X-Received: from pjbeu13.prod.google.com ([2002:a17:90a:f94d:b0:2ef:85ba:108f]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:568f:b0:2ea:8aac:6ac1 with SMTP id 98e67ed59e1d1-2f8464056b9mr14855857a91.15.1738374934730; Fri, 31 Jan 2025 17:55:34 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:16 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-10-seanjc@google.com> Subject: [PATCH v2 09/11] KVM: nVMX: Allow the caller to provide instruction length on nested VM-Exit From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Rework the nested VM-Exit helper to take the instruction length as a parameter, and convert nested_vmx_vmexit() into a "default" wrapper that grabs the length from vmcs02 as appropriate. This will allow KVM to set the correct instruction length when synthesizing a nested VM-Exit when emulating an instruction that L1 wants to intercept. No functional change intended, as the path to prepare_vmcs12()'s reading of vmcs02.VM_EXIT_INSTRUCTION_LEN is gated on the same set of conditions as the VMREAD in the new nested_vmx_vmexit(). Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 12 +++++++----- arch/x86/kvm/vmx/nested.h | 22 ++++++++++++++++++++-- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index fb4fd96ce0f8..791e00d467df 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4618,7 +4618,7 @@ static void sync_vmcs02_to_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12) */ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, u32 vm_exit_reason, u32 exit_intr_info, - unsigned long exit_qualification) + unsigned long exit_qualification, u32 exit_insn_len) { /* update exit information fields: */ vmcs12->vm_exit_reason = vm_exit_reason; @@ -4646,7 +4646,7 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, vm_exit_reason, exit_intr_info); vmcs12->vm_exit_intr_info = exit_intr_info; - vmcs12->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN); + vmcs12->vm_exit_instruction_len = exit_insn_len; vmcs12->vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO); /* @@ -4930,8 +4930,9 @@ static void nested_vmx_restore_host_state(struct kvm_vcpu *vcpu) * and modify vmcs12 to make it see what it would expect to see there if * L2 was its real guest. Must only be called when in L2 (is_guest_mode()) */ -void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, - u32 exit_intr_info, unsigned long exit_qualification) +void __nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, + u32 exit_intr_info, unsigned long exit_qualification, + u32 exit_insn_len) { struct vcpu_vmx *vmx = to_vmx(vcpu); struct vmcs12 *vmcs12 = get_vmcs12(vcpu); @@ -4981,7 +4982,8 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, if (vm_exit_reason != -1) prepare_vmcs12(vcpu, vmcs12, vm_exit_reason, - exit_intr_info, exit_qualification); + exit_intr_info, exit_qualification, + exit_insn_len); /* * Must happen outside of sync_vmcs02_to_vmcs12() as it will diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index 2c296b6abb8c..6eedcfc91070 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -26,8 +26,26 @@ void nested_vmx_free_vcpu(struct kvm_vcpu *vcpu); enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu, bool from_vmentry); bool nested_vmx_reflect_vmexit(struct kvm_vcpu *vcpu); -void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, - u32 exit_intr_info, unsigned long exit_qualification); +void __nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, + u32 exit_intr_info, unsigned long exit_qualification, + u32 exit_insn_len); + +static inline void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, + u32 exit_intr_info, + unsigned long exit_qualification) +{ + u32 exit_insn_len; + + if (to_vmx(vcpu)->fail || vm_exit_reason == -1 || + (vm_exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY)) + exit_insn_len = 0; + else + exit_insn_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN); + + __nested_vmx_vmexit(vcpu, vm_exit_reason, exit_intr_info, + exit_qualification, exit_insn_len); +} + void nested_sync_vmcs12_to_shadow(struct kvm_vcpu *vcpu); int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data); int vmx_get_vmx_msr(struct nested_vmx_msrs *msrs, u32 msr_index, u64 *pdata); From patchwork Sat Feb 1 01:55:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956046 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3F91A1741D2 for ; Sat, 1 Feb 2025 01:55:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374938; cv=none; b=d61H3mipoYvSX6+8YXdHw98OCjI+saNE0hL8jaRW8L/Wz+KviKkXK8qqhSjDTIYdvca04L3f77nhIl4ON346ozukc/G0T+1t8F3TyWAMyOyAfSUaVuMTtbkGYqcoGobL+bwYM9bHcIt0YIYBDxDawoLcE+c3reeCa2cCu/yQwpY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374938; c=relaxed/simple; bh=fM1n6FDclVKHXlvkcF8mqpqAtx9unY5xnqToGnbHTSI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=HykbCDXjanwjbTjiGgTrRGIAKuN369KEuDEhLDfja182e2wGydXqLUxoIYRziEUPRgK9zF0YL1LOve8hP5CgVxidiRX9cVOHnkVsJR8jEyB2sgwjmD7v17xONIrG+FnQ+XVqImO9lmvIFBy6i3DU2n9MMoZeXRJTxggfgzmccvk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WZC8sR7k; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WZC8sR7k" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2f816a85facso5031488a91.3 for ; Fri, 31 Jan 2025 17:55:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374936; x=1738979736; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=3rffIwZzBf9w84td9LkYxb8GhDME9X7gCVMSc0UnAfs=; b=WZC8sR7k5BetvDrfTeU1Q4m0g6YPFGcOY/l+Hnzl6Vqr0Q0wLiUltxdw5n4TONAreX 11hcStpGpCR9A9jBIIuaFomY9BfYoUUX/WlK47R994X4D0sL72xD12a39+/Ir1ts4lmN YoxJu7AFkkpmKq00QT1i3gf5HAJAjZvFLx1DZJc7Sa2f4hpqZOpVqJVvFBcBFisb6fqn Vxv1qwY4mFH6WbLr5rDRGj8cv8k2Sr6wU9dIqyPw0N4K8Hvzog1raXGDfE5IktH4VOsF Oj92rxUfHQPSFitYYgXVuXzQMvbnouLM5gta9S8oh2VR6J/7hctiFbV0d5uUXx4BvRWK VY2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374936; x=1738979736; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3rffIwZzBf9w84td9LkYxb8GhDME9X7gCVMSc0UnAfs=; b=UvT+e1kAdrZv4LgDaESKMjlMI8jfiqHZzFwcvGe4uk/NNHRdGgjvZD6kI+OyhbjeHV 07iMvzqMnJIX7Djs183fSkVlkyKimzTV+VMiBr2aQiMdm5h7dEWwKhSzrs4XicHf5iqW Dt4eiBXVcKghEKie1pZHP/8RkGAf5A9o43w4OeNNG5qTNPneejhn1y8OYUkhqpArTULC PyekrO8nOW8e416ZCTzSWVtJ4Jm4JfRXp8irAexCYTtIPDlZFIi8bwQDlGHxNjatLPdI MV1MGTlgu7d1KDrqxy7ttajz9xPshOPh2KXp3ocng/9g0vZTctJwG3BXgAas3WUX4LD+ M5Jg== X-Gm-Message-State: AOJu0YzV1AKLrx620j9XpvsR+8Fh9tUiBk460btWkrOBiQObSmtVYEMo QwwV7aCNPAp1u1gDeihdV0Q+QsjXfUxtKNzG8487Vld8Lfez4p3kQeG95FGtgqwsO7WbkmBOeRM hgw== X-Google-Smtp-Source: AGHT+IGBrZrpg8PhfwimecksOm2WshEEHhnGVFTAyj8Gg4iqO42wRkXAmfH9Cuj7cPTKzFEH7NV75D/W+ME= X-Received: from pjbqi9.prod.google.com ([2002:a17:90b:2749:b0:2ee:4679:4a6b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2709:b0:2ee:693e:ed7c with SMTP id 98e67ed59e1d1-2f83acb10c6mr22641043a91.33.1738374936503; Fri, 31 Jan 2025 17:55:36 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:17 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-11-seanjc@google.com> Subject: [PATCH v2 10/11] KVM: nVMX: Synthesize nested VM-Exit for supported emulation intercepts From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org When emulating an instruction on behalf of L2 that L1 wants to intercept, generate a nested VM-Exit instead of injecting a #UD into L2. Now that (most of) the necessary information is available, synthesizing a VM-Exit isn't terribly difficult. Punt on decoding the ModR/M for descriptor table exits for now. There is no evidence that any hypervisor intercepts descriptor table accesses *and* uses the EXIT_QUALIFICATION to expedite emulation, i.e. it's not worth delaying basic support for. To avoid doing more harm than good, e.g. by putting L2 into an infinite or effectively corrupting its code stream, inject #UD if the instruction length is nonsensical. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 70 +++++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index dba22536eea3..7b2a6921f156 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8008,20 +8008,13 @@ static __init void vmx_set_cpu_caps(void) } static bool vmx_is_io_intercepted(struct kvm_vcpu *vcpu, - struct x86_instruction_info *info) + struct x86_instruction_info *info, + unsigned long *exit_qualification) { struct vmcs12 *vmcs12 = get_vmcs12(vcpu); unsigned short port; int size; - - if (info->intercept == x86_intercept_in || - info->intercept == x86_intercept_ins) { - port = info->src_val; - size = info->dst_bytes; - } else { - port = info->dst_val; - size = info->src_bytes; - } + bool imm; /* * If the 'use IO bitmaps' VM-execution control is 0, IO instruction @@ -8033,6 +8026,30 @@ static bool vmx_is_io_intercepted(struct kvm_vcpu *vcpu, if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS)) return nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING); + if (info->intercept == x86_intercept_in || + info->intercept == x86_intercept_ins) { + port = info->src_val; + size = info->dst_bytes; + imm = info->src_type == OP_IMM; + } else { + port = info->dst_val; + size = info->src_bytes; + imm = info->dst_type == OP_IMM; + } + + + *exit_qualification = ((unsigned long)port << 16) | (size - 1); + + if (info->intercept == x86_intercept_ins || + info->intercept == x86_intercept_outs) + *exit_qualification |= BIT(4); + + if (info->rep_prefix) + *exit_qualification |= BIT(5); + + if (imm) + *exit_qualification |= BIT(6); + return nested_vmx_check_io_bitmaps(vcpu, port, size); } @@ -8042,6 +8059,9 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, struct x86_exception *exception) { struct vmcs12 *vmcs12 = get_vmcs12(vcpu); + unsigned long exit_qualification = 0; + u32 vm_exit_reason; + u64 exit_insn_len; switch (info->intercept) { case x86_intercept_rdpid: @@ -8062,8 +8082,10 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, case x86_intercept_ins: case x86_intercept_out: case x86_intercept_outs: - if (!vmx_is_io_intercepted(vcpu, info)) + if (!vmx_is_io_intercepted(vcpu, info, &exit_qualification)) return X86EMUL_CONTINUE; + + vm_exit_reason = EXIT_REASON_IO_INSTRUCTION; break; case x86_intercept_lgdt: @@ -8076,11 +8098,25 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, case x86_intercept_str: if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_DESC)) return X86EMUL_CONTINUE; + + if (info->intercept == x86_intercept_lldt || + info->intercept == x86_intercept_ltr || + info->intercept == x86_intercept_sldt || + info->intercept == x86_intercept_str) + vm_exit_reason = EXIT_REASON_LDTR_TR; + else + vm_exit_reason = EXIT_REASON_GDTR_IDTR; + /* + * FIXME: Decode the ModR/M to generate the correct exit + * qualification for memory operands. + */ break; case x86_intercept_hlt: if (!nested_cpu_has(vmcs12, CPU_BASED_HLT_EXITING)) return X86EMUL_CONTINUE; + + vm_exit_reason = EXIT_REASON_HLT; break; case x86_intercept_pause: @@ -8096,15 +8132,21 @@ int vmx_check_intercept(struct kvm_vcpu *vcpu, !nested_cpu_has(vmcs12, CPU_BASED_PAUSE_EXITING)) return X86EMUL_CONTINUE; + vm_exit_reason = EXIT_REASON_PAUSE_INSTRUCTION; break; /* TODO: check more intercepts... */ default: - break; + return X86EMUL_UNHANDLEABLE; } - /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */ - return X86EMUL_UNHANDLEABLE; + exit_insn_len = abs_diff((s64)info->next_rip, (s64)info->rip); + if (!exit_insn_len || exit_insn_len > X86_MAX_INSTRUCTION_LENGTH) + return X86EMUL_UNHANDLEABLE; + + __nested_vmx_vmexit(vcpu, vm_exit_reason, 0, exit_qualification, + exit_insn_len); + return X86EMUL_INTERCEPTED; } #ifdef CONFIG_X86_64 From patchwork Sat Feb 1 01:55:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13956047 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5A2B15C15C for ; Sat, 1 Feb 2025 01:55:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374940; cv=none; b=aOgnxeTKiRCvTLrZMDSf53uCFAe1KyNhQkqtGX9RapkSSOfQ0ZhYDXnSoztlrI2b/dFwzLkDfgatQzgMGBtd1UCAEAMbWyYYobqHAB+mb8tdZ3cAYH+FM7/7+6oG1X37zt712VeXwnY8DdieFkt2PpVrK4NAzM3/x4DF6F5T5Fk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738374940; c=relaxed/simple; bh=b6etz9i2RP+7QRExjC2SLRQVHjwYvlu/F+QZh/r2q6U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=lYJOSRkP+u1cuD2qWH06tMhQ3NVnYNprrQEWpagKckzkiWfxhhUk7asBD4zl6HqyRPfLW8lr+ngoSw8A/pyLI4PGxl8OdD4YlXa+Vmb45JGXxQ5TTxkqZgtxywbmEkmQ+5Iyh9P2mFc9xt3/FEkSTsWGlEL5SF3akw7PrXMnPhs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NP2hW6Ua; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NP2hW6Ua" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ef9e38b0cfso4988340a91.0 for ; Fri, 31 Jan 2025 17:55:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738374938; x=1738979738; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=P9OmM+sDu38vDrQYwzEU5YwA1UJzt3FjXx/dBaYsJEk=; b=NP2hW6Ua0MdGpog1jd5NlkOEcb5m+DbqxUJ1zUGJAL4Gyr1J1vF8c5mLynFcz1g587 GIFRWkOKjXuqtB6Hofvk2vOFuzdwN88IqArgE1SUGbdvrhV5ijSgJpXLugLbbzGRYiRv mS5KttbvM+6CTw9PIaCSTxxT8Id/27hrUijhy3pU+bXzl2RBdbS9io4WoP2iOewfG7Hu B++b6ESTibM5TKUs+VDqRNJx4DxVrHgKnSy5MJHBW0+5s+RkJJxO64YDvogvc4rjo4jv qCzu4m1DrH3x3U6jNWPXRpPzuq0hHo3zNVq3Oq4YXD6DB7i4Nf5QT93seYy1HWkUT7NN AdGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738374938; x=1738979738; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=P9OmM+sDu38vDrQYwzEU5YwA1UJzt3FjXx/dBaYsJEk=; b=WoNePvLcXxjwZnr7i+gXeW+foeD/pjMSuhz8RhayzhPgIYkU4X0OfT9hFP3MrQMHUt QhHode5jpNkrBPY6ttfCTapDkOQ3zp2rimR9YXSUc3lM1S8ZKRTdJzXYVEb9gVCpV0l6 w4OwFMQgm0sGdNpsZi8zJoYZOXLIwygh67CACrPWMfSKfvkJbHCdSDy1l1hkK5lVI3kC 9117ePfGU6D8YU0gCkWX4XZhbR0VpKy36p7D1PyG33oC8UDyXchySej4ZrrfJLP/E6t8 pFzh8p6cK61g93X4fAHGLdLr373KXhS75N3bi/F56dMZRXzFqUY6yinyOFnrSNpW5pQQ qHNA== X-Gm-Message-State: AOJu0YxBXrlwU/am9mQ8uCvF7Mx1x/k1S+uawUUAco90RQcQeBRmNaPk 51SQV8087K1ZXKI/BhFgVgmYX3zUdkMCubD1+3qJtkBwURx9OjQo1aSZ0cNMwnIKxN8PPFbHUfT 0og== X-Google-Smtp-Source: AGHT+IGdd3i7WLWE6L1sJjjSeejxkxKdfst0PcdT8Ti/xqhwNIREB3iVs/B5jAoGWZX/W33UitjN50Udz8U= X-Received: from pjbeu16.prod.google.com ([2002:a17:90a:f950:b0:2ea:756d:c396]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3f50:b0:2f8:34df:5652 with SMTP id 98e67ed59e1d1-2f83ac1a52fmr18331282a91.21.1738374938398; Fri, 31 Jan 2025 17:55:38 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 31 Jan 2025 17:55:18 -0800 In-Reply-To: <20250201015518.689704-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250201015518.689704-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.362.g079036d154-goog Message-ID: <20250201015518.689704-12-seanjc@google.com> Subject: [PATCH v2 11/11] KVM: selftests: Add a nested (forced) emulation intercept test for x86 From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Add a rudimentary test for validating KVM's handling of L1 hypervisor intercepts during instruction emulation on behalf of L2. To minimize complexity and avoid overlap with other tests, only validate KVM's handling of instructions that L1 wants to intercept, i.e. that generate a nested VM-Exit. Full testing of emulation on behalf of L2 is better achieved by running existing (forced) emulation tests in a VM, (although on VMX, getting L0 to emulate on #UD requires modifying either L1 KVM to not intercept #UD, or modifying L0 KVM to prioritize L0's exception intercepts over L1's intercepts, as is done by KVM for SVM). Since emulation should never be successful, i.e. L2 always exits to L1, dynamically generate the L2 code stream instead of adding a helper for each instruction. Doing so requires hand coding instruction opcodes, but makes it significantly easier for the test to compute the expected "next RIP" and instruction length. Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/x86/nested_emulation_test.c | 146 ++++++++++++++++++ 2 files changed, 147 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86/nested_emulation_test.c diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selftests/kvm/Makefile.kvm index 4277b983cace..f773f8f99249 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -69,6 +69,7 @@ TEST_GEN_PROGS_x86 += x86/hyperv_tlb_flush TEST_GEN_PROGS_x86 += x86/kvm_clock_test TEST_GEN_PROGS_x86 += x86/kvm_pv_test TEST_GEN_PROGS_x86 += x86/monitor_mwait_test +TEST_GEN_PROGS_x86 += x86/nested_emulation_test TEST_GEN_PROGS_x86 += x86/nested_exceptions_test TEST_GEN_PROGS_x86 += x86/platform_info_test TEST_GEN_PROGS_x86 += x86/pmu_counters_test diff --git a/tools/testing/selftests/kvm/x86/nested_emulation_test.c b/tools/testing/selftests/kvm/x86/nested_emulation_test.c new file mode 100644 index 000000000000..abc824dba04f --- /dev/null +++ b/tools/testing/selftests/kvm/x86/nested_emulation_test.c @@ -0,0 +1,146 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include "test_util.h" +#include "kvm_util.h" +#include "processor.h" +#include "vmx.h" +#include "svm_util.h" + +enum { + SVM_F, + VMX_F, + NR_VIRTUALIZATION_FLAVORS, +}; + +struct emulated_instruction { + const char name[32]; + uint8_t opcode[15]; + uint32_t exit_reason[NR_VIRTUALIZATION_FLAVORS]; +}; + +static struct emulated_instruction instructions[] = { + { + .name = "pause", + .opcode = { 0xf3, 0x90 }, + .exit_reason = { SVM_EXIT_PAUSE, + EXIT_REASON_PAUSE_INSTRUCTION, } + }, + { + .name = "hlt", + .opcode = { 0xf4 }, + .exit_reason = { SVM_EXIT_HLT, + EXIT_REASON_HLT, } + }, +}; + +static uint8_t kvm_fep[] = { 0x0f, 0x0b, 0x6b, 0x76, 0x6d }; /* ud2 ; .ascii "kvm" */ +static uint8_t l2_guest_code[sizeof(kvm_fep) + 15]; +static uint8_t *l2_instruction = &l2_guest_code[sizeof(kvm_fep)]; + +static uint32_t get_instruction_length(struct emulated_instruction *insn) +{ + uint32_t i; + + for (i = 0; i < ARRAY_SIZE(insn->opcode) && insn->opcode[i]; i++) + ; + + return i; +} + +static void guest_code(void *test_data) +{ + int f = this_cpu_has(X86_FEATURE_SVM) ? SVM_F : VMX_F; + int i; + + memcpy(l2_guest_code, kvm_fep, sizeof(kvm_fep)); + + if (f == SVM_F) { + struct svm_test_data *svm = test_data; + struct vmcb *vmcb = svm->vmcb; + + generic_svm_setup(svm, NULL, NULL); + vmcb->save.idtr.limit = 0; + vmcb->save.rip = (u64)l2_guest_code; + + vmcb->control.intercept |= BIT_ULL(INTERCEPT_SHUTDOWN) | + BIT_ULL(INTERCEPT_PAUSE) | + BIT_ULL(INTERCEPT_HLT); + vmcb->control.intercept_exceptions = 0; + } else { + GUEST_ASSERT(prepare_for_vmx_operation(test_data)); + GUEST_ASSERT(load_vmcs(test_data)); + + prepare_vmcs(test_data, NULL, NULL); + GUEST_ASSERT(!vmwrite(GUEST_IDTR_LIMIT, 0)); + GUEST_ASSERT(!vmwrite(GUEST_RIP, (u64)l2_guest_code)); + GUEST_ASSERT(!vmwrite(EXCEPTION_BITMAP, 0)); + + vmwrite(CPU_BASED_VM_EXEC_CONTROL, vmreadz(CPU_BASED_VM_EXEC_CONTROL) | + CPU_BASED_PAUSE_EXITING | + CPU_BASED_HLT_EXITING); + } + + for (i = 0; i < ARRAY_SIZE(instructions); i++) { + struct emulated_instruction *insn = &instructions[i]; + uint32_t insn_len = get_instruction_length(insn); + uint32_t exit_insn_len; + u32 exit_reason; + + /* + * Copy the target instruction to the L2 code stream, and fill + * the remaining bytes with INT3s so that a missed intercept + * results in a consistent failure mode (SHUTDOWN). + */ + memcpy(l2_instruction, insn->opcode, insn_len); + memset(l2_instruction + insn_len, 0xcc, sizeof(insn->opcode) - insn_len); + + if (f == SVM_F) { + struct svm_test_data *svm = test_data; + struct vmcb *vmcb = svm->vmcb; + + run_guest(vmcb, svm->vmcb_gpa); + exit_reason = vmcb->control.exit_code; + exit_insn_len = vmcb->control.next_rip - vmcb->save.rip; + GUEST_ASSERT_EQ(vmcb->save.rip, (u64)l2_instruction); + } else { + GUEST_ASSERT_EQ(i ? vmresume() : vmlaunch(), 0); + exit_reason = vmreadz(VM_EXIT_REASON); + exit_insn_len = vmreadz(VM_EXIT_INSTRUCTION_LEN); + GUEST_ASSERT_EQ(vmreadz(GUEST_RIP), (u64)l2_instruction); + } + + __GUEST_ASSERT(exit_reason == insn->exit_reason[f], + "Wanted exit_reason '0x%x' for '%s', got '0x%x'", + insn->exit_reason[f], insn->name, exit_reason); + + __GUEST_ASSERT(exit_insn_len == insn_len, + "Wanted insn_len '%u' for '%s', got '%u'", + insn_len, insn->name, exit_insn_len); + } + + GUEST_DONE(); +} + +int main(int argc, char *argv[]) +{ + vm_vaddr_t nested_test_data_gva; + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + + TEST_REQUIRE(is_forced_emulation_enabled); + TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_SVM) || kvm_cpu_has(X86_FEATURE_VMX)); + + vm = vm_create_with_one_vcpu(&vcpu, guest_code); + vm_enable_cap(vm, KVM_CAP_EXCEPTION_PAYLOAD, -2ul); + + if (kvm_cpu_has(X86_FEATURE_SVM)) + vcpu_alloc_svm(vm, &nested_test_data_gva); + else + vcpu_alloc_vmx(vm, &nested_test_data_gva); + + vcpu_args_set(vcpu, 1, nested_test_data_gva); + + vcpu_run(vcpu); + TEST_ASSERT_EQ(get_ucall(vcpu, NULL), UCALL_DONE); + + kvm_vm_free(vm); +}