[PATCH 01/10] KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value

KVM Archive mirror
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	 Tom Lendacky <thomas.lendacky@amd.com>,
	Weijiang Yang <weijiang.yang@intel.com>
Subject: [PATCH 01/10] KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value
Date: Thu, 25 Apr 2024 11:14:13 -0700	[thread overview]
Message-ID: <20240425181422.3250947-2-seanjc@google.com> (raw)
In-Reply-To: <20240425181422.3250947-1-seanjc@google.com>

Inject a #GP if the guest attempts to change MSR_AMD64_DE_CFG from its
*current* value, not if the guest attempts to write a value other than
KVM's set of supported bits.  As per the comment and the changelog of the
original code, the intent is to effectively make MSR_AMD64_DE_CFG read-
only for the guest.

Opportunistically use a more conventional equality check instead of an
exclusive-OR check to detect attempts to change bits.

Fixes: d1d93fa90f1a ("KVM: SVM: Add MSR-based feature support for serializing LFENCE")
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/svm.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 0f3b59da0d4a..00f0c0b506d4 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -3142,8 +3142,13 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 		if (data & ~msr_entry.data)
 			return 1;
 
-		/* Don't allow the guest to change a bit, #GP */
-		if (!msr->host_initiated && (data ^ msr_entry.data))
+		/*
+		 * Don't let the guest change the host-programmed value.  The
+		 * MSR is very model specific, i.e. contains multiple bits that
+		 * are completely unknown to KVM, and the one bit known to KVM
+		 * is simply a reflection of hardware capatibilies.
+		 */
+		if (!msr->host_initiated && data != svm->msr_decfg)
 			return 1;
 
 		svm->msr_decfg = data;
-- 
2.44.0.769.g3c40516874-goog

next prev parent reply	other threads:[~2024-04-25 18:14 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-25 18:14 [PATCH 00/10] KVM: x86: Clean up MSR access/failure handling Sean Christopherson
2024-04-25 18:14 ` Sean Christopherson [this message]
2024-04-25 18:14 ` [PATCH 02/10] KVM: x86: Move MSR_TYPE_{R,W,RW} values from VMX to x86, as enums Sean Christopherson
2024-04-25 18:14 ` [PATCH 03/10] KVM: x86: Rename KVM_MSR_RET_INVALID to KVM_MSR_RET_UNSUPPORTED Sean Christopherson
2024-04-25 18:14 ` [PATCH 04/10] KVM: x86: Refactor kvm_x86_ops.get_msr_feature() to avoid kvm_msr_entry Sean Christopherson
2024-04-25 18:14 ` [PATCH 05/10] KVM: x86: Rename get_msr_feature() APIs to get_feature_msr() Sean Christopherson
2024-04-26  6:58   ` Yang, Weijiang
2024-04-25 18:14 ` [PATCH 06/10] KVM: x86: Refactor kvm_get_feature_msr() to avoid struct kvm_msr_entry Sean Christopherson
2024-04-25 18:14 ` [PATCH 07/10] KVM: x86: Funnel all fancy MSR return value handling into a common helper Sean Christopherson
2024-04-25 18:14 ` [PATCH 08/10] KVM: x86: Hoist x86.c's global msr_* variables up above kvm_do_msr_access() Sean Christopherson
2024-04-25 18:14 ` [PATCH 09/10] KVM: x86: Suppress failures on userspace access to advertised, unsupported MSRs Sean Christopherson
2024-04-26 12:36   ` Yang, Weijiang
2024-04-26 17:18     ` Sean Christopherson
2024-04-25 18:14 ` [PATCH 10/10] KVM: x86: Suppress userspace access failures on unsupported, "emulated" MSRs Sean Christopherson
2024-04-26  7:43   ` Yang, Weijiang

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:0f3b59da0d4 dfblob:00f0c0b506d
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240425181422.3250947-2-seanjc@google.com \
    --to=seanjc@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=thomas.lendacky@amd.com \
    --cc=weijiang.yang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).