From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>,
Weijiang Yang <weijiang.yang@intel.com>
Subject: [PATCH 00/10] KVM: x86: Clean up MSR access/failure handling
Date: Thu, 25 Apr 2024 11:14:12 -0700 [thread overview]
Message-ID: <20240425181422.3250947-1-seanjc@google.com> (raw)
Rework KVM's MSR access handling, and more specific the handling of failures,
to begin the march towards removing host_initiated exemptions for CPUID
checks, e.g. to eventually turn code like this:
if (!msr_info->host_initiated &&
!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
return 1;
into
if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
return KVM_MSR_RET_UNSUPPORTED;
For all intents and purposes, KVM already requires setting guest CPUID before
setting MSRs, as there are multiple MSR flows that simply cannot work if CPUID
isn't in place.
But because KVM's ABI is that userspace is allowed to save/restore MSRs that
are advertised to usersepace regardless of the vCPU CPUID model, KVM has ended
up with code like the above where KVM unconditionally allows host accesses.
The idea here is to funnel all MSR accesses through a single helper so that
KVM can make the "host_initiated" exception in a single location based on
KVM_MSR_RET_UNSUPPORTED, i.e. so that KVM doesn't need one-off checks for every
MSR, which is especially problematic for CET where a Venn diagram is needed to
map CET MSR existence to CPUID feature bits.
This series doesn't actually remove the existing host_initiated checks. I
*really* wanted to do that here, but removing all the existing checks is
non-trivial and has a high chance of subtly breaking userspace. I still want
to eventually get there, but it needs to be a slower, more thoughtful process.
For now, the goal is to allow new features to omit the host_initiated checks
without creating a weird userspace ABI, e.g to simplify the aforementioned CET
support.
Sean Christopherson (10):
KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG
value
KVM: x86: Move MSR_TYPE_{R,W,RW} values from VMX to x86, as enums
KVM: x86: Rename KVM_MSR_RET_INVALID to KVM_MSR_RET_UNSUPPORTED
KVM: x86: Refactor kvm_x86_ops.get_msr_feature() to avoid
kvm_msr_entry
KVM: x86: Rename get_msr_feature() APIs to get_feature_msr()
KVM: x86: Refactor kvm_get_feature_msr() to avoid struct kvm_msr_entry
KVM: x86: Funnel all fancy MSR return value handling into a common
helper
KVM: x86: Hoist x86.c's global msr_* variables up above
kvm_do_msr_access()
KVM: x86: Suppress failures on userspace access to advertised,
unsupported MSRs
KVM: x86: Suppress userspace access failures on unsupported,
"emulated" MSRs
arch/x86/include/asm/kvm-x86-ops.h | 2 +-
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/svm/svm.c | 29 +-
arch/x86/kvm/vmx/main.c | 2 +-
arch/x86/kvm/vmx/vmx.c | 8 +-
arch/x86/kvm/vmx/vmx.h | 4 -
arch/x86/kvm/vmx/x86_ops.h | 2 +-
arch/x86/kvm/x86.c | 513 ++++++++++++++---------------
arch/x86/kvm/x86.h | 21 +-
9 files changed, 294 insertions(+), 289 deletions(-)
base-commit: 7b076c6a308ec5bce9fc96e2935443ed228b9148
--
2.44.0.769.g3c40516874-goog
next reply other threads:[~2024-04-25 18:14 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-25 18:14 Sean Christopherson [this message]
2024-04-25 18:14 ` [PATCH 01/10] KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value Sean Christopherson
2024-04-25 18:14 ` [PATCH 02/10] KVM: x86: Move MSR_TYPE_{R,W,RW} values from VMX to x86, as enums Sean Christopherson
2024-04-25 18:14 ` [PATCH 03/10] KVM: x86: Rename KVM_MSR_RET_INVALID to KVM_MSR_RET_UNSUPPORTED Sean Christopherson
2024-04-25 18:14 ` [PATCH 04/10] KVM: x86: Refactor kvm_x86_ops.get_msr_feature() to avoid kvm_msr_entry Sean Christopherson
2024-04-25 18:14 ` [PATCH 05/10] KVM: x86: Rename get_msr_feature() APIs to get_feature_msr() Sean Christopherson
2024-04-26 6:58 ` Yang, Weijiang
2024-04-25 18:14 ` [PATCH 06/10] KVM: x86: Refactor kvm_get_feature_msr() to avoid struct kvm_msr_entry Sean Christopherson
2024-04-25 18:14 ` [PATCH 07/10] KVM: x86: Funnel all fancy MSR return value handling into a common helper Sean Christopherson
2024-04-25 18:14 ` [PATCH 08/10] KVM: x86: Hoist x86.c's global msr_* variables up above kvm_do_msr_access() Sean Christopherson
2024-04-25 18:14 ` [PATCH 09/10] KVM: x86: Suppress failures on userspace access to advertised, unsupported MSRs Sean Christopherson
2024-04-26 12:36 ` Yang, Weijiang
2024-04-26 17:18 ` Sean Christopherson
2024-04-25 18:14 ` [PATCH 10/10] KVM: x86: Suppress userspace access failures on unsupported, "emulated" MSRs Sean Christopherson
2024-04-26 7:43 ` Yang, Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240425181422.3250947-1-seanjc@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).