* [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED @ 2017-08-18 18:43 Jim Mattson 2017-08-18 18:45 ` [PATCH v2] " Jim Mattson 2017-08-21 13:00 ` [PATCH] " David Hildenbrand 0 siblings, 2 replies; 19+ messages in thread From: Jim Mattson @ 2017-08-18 18:43 UTC (permalink / raw) To: kvm; +Cc: Jim Mattson A guest may not be configured to support RDSEED, even when the host does. If the guest does not support RDSEED, intercept the instruction and synthesize #UD. --- arch/x86/kvm/vmx.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index ed1074e98b8e..8b9015f081b7 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_SHADOW_VMCS | SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_RDSEED_EXITING | SECONDARY_EXEC_ENABLE_PML | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_VMFUNC; @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) + exec_control &= ~SECONDARY_EXEC_RDSEED_EXITING; + return exec_control; } @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) return handle_nop(vcpu); } +static int handle_invalid_op(struct kvm_vcpu *vcpu) +{ + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; +} + static int handle_monitor_trap(struct kvm_vcpu *vcpu) { return 1; @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, [EXIT_REASON_INVEPT] = handle_invept, [EXIT_REASON_INVVPID] = handle_invvpid, + [EXIT_REASON_RDSEED] = handle_invalid_op, [EXIT_REASON_XSAVES] = handle_xsaves, [EXIT_REASON_XRSTORS] = handle_xrstors, [EXIT_REASON_PML_FULL] = handle_pml_full, -- 2.14.1.480.gb18f417b89-goog ^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v2] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-18 18:43 [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED Jim Mattson @ 2017-08-18 18:45 ` Jim Mattson 2017-08-21 1:49 ` Wanpeng Li 2017-08-21 13:00 ` [PATCH] " David Hildenbrand 1 sibling, 1 reply; 19+ messages in thread From: Jim Mattson @ 2017-08-18 18:45 UTC (permalink / raw) To: kvm; +Cc: Jim Mattson A guest may not be configured to support RDSEED, even when the host does. If the guest does not support RDSEED, intercept the instruction and synthesize #UD. --- arch/x86/kvm/vmx.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index ed1074e98b8e..30dac6eb4b3d 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_SHADOW_VMCS | SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_RDSEED | SECONDARY_EXEC_ENABLE_PML | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_VMFUNC; @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) + exec_control &= ~SECONDARY_EXEC_RDSEED; + return exec_control; } @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) return handle_nop(vcpu); } +static int handle_invalid_op(struct kvm_vcpu *vcpu) +{ + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; +} + static int handle_monitor_trap(struct kvm_vcpu *vcpu) { return 1; @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, [EXIT_REASON_INVEPT] = handle_invept, [EXIT_REASON_INVVPID] = handle_invvpid, + [EXIT_REASON_RDSEED] = handle_invalid_op, [EXIT_REASON_XSAVES] = handle_xsaves, [EXIT_REASON_XRSTORS] = handle_xrstors, [EXIT_REASON_PML_FULL] = handle_pml_full, -- 2.14.1.480.gb18f417b89-goog ^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH v2] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-18 18:45 ` [PATCH v2] " Jim Mattson @ 2017-08-21 1:49 ` Wanpeng Li 0 siblings, 0 replies; 19+ messages in thread From: Wanpeng Li @ 2017-08-21 1:49 UTC (permalink / raw) To: Jim Mattson; +Cc: kvm 2017-08-19 2:45 GMT+08:00 Jim Mattson <jmattson@google.com>: > A guest may not be configured to support RDSEED, even when the host > does. If the guest does not support RDSEED, intercept the instruction > and synthesize #UD. > --- You miss your SOB? Otherwise, Reviewed-by: Wanpeng Li <wanpeng.li@hotmail.com> > arch/x86/kvm/vmx.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index ed1074e98b8e..30dac6eb4b3d 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | > SECONDARY_EXEC_SHADOW_VMCS | > SECONDARY_EXEC_XSAVES | > + SECONDARY_EXEC_RDSEED | > SECONDARY_EXEC_ENABLE_PML | > SECONDARY_EXEC_TSC_SCALING | > SECONDARY_EXEC_ENABLE_VMFUNC; > @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) > if (!enable_pml) > exec_control &= ~SECONDARY_EXEC_ENABLE_PML; > > + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) > + exec_control &= ~SECONDARY_EXEC_RDSEED; > + > return exec_control; > } > > @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) > return handle_nop(vcpu); > } > > +static int handle_invalid_op(struct kvm_vcpu *vcpu) > +{ > + kvm_queue_exception(vcpu, UD_VECTOR); > + return 1; > +} > + > static int handle_monitor_trap(struct kvm_vcpu *vcpu) > { > return 1; > @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { > [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, > [EXIT_REASON_INVEPT] = handle_invept, > [EXIT_REASON_INVVPID] = handle_invvpid, > + [EXIT_REASON_RDSEED] = handle_invalid_op, > [EXIT_REASON_XSAVES] = handle_xsaves, > [EXIT_REASON_XRSTORS] = handle_xrstors, > [EXIT_REASON_PML_FULL] = handle_pml_full, > -- > 2.14.1.480.gb18f417b89-goog > ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-18 18:43 [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED Jim Mattson 2017-08-18 18:45 ` [PATCH v2] " Jim Mattson @ 2017-08-21 13:00 ` David Hildenbrand 2017-08-21 16:37 ` Jim Mattson 2017-08-21 16:38 ` [PATCH v3] " Jim Mattson 1 sibling, 2 replies; 19+ messages in thread From: David Hildenbrand @ 2017-08-21 13:00 UTC (permalink / raw) To: Jim Mattson, kvm On 18.08.2017 20:43, Jim Mattson wrote: > A guest may not be configured to support RDSEED, even when the host > does. If the guest does not support RDSEED, intercept the instruction > and synthesize #UD. Would the same also hold for nVMX guests? I think if our L1 CPU does not have RSEED, then also the L2 CPU should not be allowed to use it. @@ -10371,6 +10371,7 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, SECONDARY_EXEC_RDTSCP | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_APIC_REGISTER_VIRT | + SECONDARY_EXEC_RDSEED_EXITING | SECONDARY_EXEC_ENABLE_VMFUNC); if (nested_cpu_has(vmcs12, CPU_BASED_ACTIVATE_SECONDARY_CONTROLS)) { and maybe also +++ b/arch/x86/kvm/vmx.c @@ -2811,6 +2811,7 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) SECONDARY_EXEC_RDRAND | SECONDARY_EXEC_RDSEED | SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | SECONDARY_EXEC_RDTSCP | + SECONDARY_EXEC_RDSEED_EXITING | SECONDARY_EXEC_DESC | SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_APIC_REGISTER_VIRT | (but I always get confused about the level of filtering) > --- > arch/x86/kvm/vmx.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index ed1074e98b8e..8b9015f081b7 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | > SECONDARY_EXEC_SHADOW_VMCS | > SECONDARY_EXEC_XSAVES | > + SECONDARY_EXEC_RDSEED_EXITING | > SECONDARY_EXEC_ENABLE_PML | > SECONDARY_EXEC_TSC_SCALING | > SECONDARY_EXEC_ENABLE_VMFUNC; > @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) > if (!enable_pml) > exec_control &= ~SECONDARY_EXEC_ENABLE_PML; > > + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) > + exec_control &= ~SECONDARY_EXEC_RDSEED_EXITING; > + > return exec_control; > } > > @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) > return handle_nop(vcpu); > } > > +static int handle_invalid_op(struct kvm_vcpu *vcpu) > +{ > + kvm_queue_exception(vcpu, UD_VECTOR); > + return 1; > +} > + (unrelated to this patch) just wondering if we should now replace most code fragments kvm_queue_exception(vcpu, UD_VECTOR); return 1; by return handle_invalid_op(vcpu); > static int handle_monitor_trap(struct kvm_vcpu *vcpu) > { > return 1; > @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { > [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, > [EXIT_REASON_INVEPT] = handle_invept, > [EXIT_REASON_INVVPID] = handle_invvpid, > + [EXIT_REASON_RDSEED] = handle_invalid_op, > [EXIT_REASON_XSAVES] = handle_xsaves, > [EXIT_REASON_XRSTORS] = handle_xrstors, > [EXIT_REASON_PML_FULL] = handle_pml_full, > -- Thanks, David ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 13:00 ` [PATCH] " David Hildenbrand @ 2017-08-21 16:37 ` Jim Mattson 2017-08-21 16:50 ` David Hildenbrand 2017-08-21 16:38 ` [PATCH v3] " Jim Mattson 1 sibling, 1 reply; 19+ messages in thread From: Jim Mattson @ 2017-08-21 16:37 UTC (permalink / raw) To: David Hildenbrand; +Cc: kvm list Right. If L1 doesn't support RDSEED, then the corresponding "allowed-1" bit in the IA32_VMX_PROCBASED_CTLS2 MSR should be cleared. I think vmx_cpuid_update is the right place for this. Note, however, that prepare_vmcs02() should still respect L0's setting of this bit. On Mon, Aug 21, 2017 at 6:00 AM, David Hildenbrand <david@redhat.com> wrote: > On 18.08.2017 20:43, Jim Mattson wrote: >> A guest may not be configured to support RDSEED, even when the host >> does. If the guest does not support RDSEED, intercept the instruction >> and synthesize #UD. > > Would the same also hold for nVMX guests? I think if our L1 CPU does not > have RSEED, then also the L2 CPU should not be allowed to use it. > > @@ -10371,6 +10371,7 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, > struct vmcs12 *vmcs12, > SECONDARY_EXEC_RDTSCP | > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | > SECONDARY_EXEC_APIC_REGISTER_VIRT | > + SECONDARY_EXEC_RDSEED_EXITING | > SECONDARY_EXEC_ENABLE_VMFUNC); > if (nested_cpu_has(vmcs12, > CPU_BASED_ACTIVATE_SECONDARY_CONTROLS)) { > > > and maybe also > > > +++ b/arch/x86/kvm/vmx.c > @@ -2811,6 +2811,7 @@ static void nested_vmx_setup_ctls_msrs(struct > vcpu_vmx *vmx) > SECONDARY_EXEC_RDRAND | SECONDARY_EXEC_RDSEED | > SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | > SECONDARY_EXEC_RDTSCP | > + SECONDARY_EXEC_RDSEED_EXITING | > SECONDARY_EXEC_DESC | > SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | > SECONDARY_EXEC_APIC_REGISTER_VIRT | > > (but I always get confused about the level of filtering) > >> --- >> arch/x86/kvm/vmx.c | 11 +++++++++++ >> 1 file changed, 11 insertions(+) >> >> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >> index ed1074e98b8e..8b9015f081b7 100644 >> --- a/arch/x86/kvm/vmx.c >> +++ b/arch/x86/kvm/vmx.c >> @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) >> SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | >> SECONDARY_EXEC_SHADOW_VMCS | >> SECONDARY_EXEC_XSAVES | >> + SECONDARY_EXEC_RDSEED_EXITING | >> SECONDARY_EXEC_ENABLE_PML | >> SECONDARY_EXEC_TSC_SCALING | >> SECONDARY_EXEC_ENABLE_VMFUNC; >> @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) >> if (!enable_pml) >> exec_control &= ~SECONDARY_EXEC_ENABLE_PML; >> >> + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) >> + exec_control &= ~SECONDARY_EXEC_RDSEED_EXITING; >> + >> return exec_control; >> } >> >> @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) >> return handle_nop(vcpu); >> } >> >> +static int handle_invalid_op(struct kvm_vcpu *vcpu) >> +{ >> + kvm_queue_exception(vcpu, UD_VECTOR); >> + return 1; >> +} >> + > > (unrelated to this patch) > just wondering if we should now replace most code fragments > > kvm_queue_exception(vcpu, UD_VECTOR); > return 1; > > by > > return handle_invalid_op(vcpu); > > >> static int handle_monitor_trap(struct kvm_vcpu *vcpu) >> { >> return 1; >> @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { >> [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, >> [EXIT_REASON_INVEPT] = handle_invept, >> [EXIT_REASON_INVVPID] = handle_invvpid, >> + [EXIT_REASON_RDSEED] = handle_invalid_op, >> [EXIT_REASON_XSAVES] = handle_xsaves, >> [EXIT_REASON_XRSTORS] = handle_xrstors, >> [EXIT_REASON_PML_FULL] = handle_pml_full, >> > > > -- > > Thanks, > > David ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 16:37 ` Jim Mattson @ 2017-08-21 16:50 ` David Hildenbrand 2017-08-21 17:01 ` Jim Mattson 0 siblings, 1 reply; 19+ messages in thread From: David Hildenbrand @ 2017-08-21 16:50 UTC (permalink / raw) To: Jim Mattson; +Cc: kvm list On 21.08.2017 18:37, Jim Mattson wrote: > Right. If L1 doesn't support RDSEED, then the corresponding > "allowed-1" bit in the IA32_VMX_PROCBASED_CTLS2 MSR should be cleared. > I think vmx_cpuid_update is the right place for this. Note, however, > that prepare_vmcs02() should still respect L0's setting of this bit. > Right, now I also realize why you sent v2 (EXITING vs. !EXITING) :) -- Thanks, David ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 16:50 ` David Hildenbrand @ 2017-08-21 17:01 ` Jim Mattson 2017-08-21 18:37 ` Jim Mattson 0 siblings, 1 reply; 19+ messages in thread From: Jim Mattson @ 2017-08-21 17:01 UTC (permalink / raw) To: David Hildenbrand; +Cc: kvm list Perhaps this change to vmx_cpuid_update is too simplistic, and it should follow the pattern established for RDTSCP/INVPCID instead? On Mon, Aug 21, 2017 at 9:50 AM, David Hildenbrand <david@redhat.com> wrote: > On 21.08.2017 18:37, Jim Mattson wrote: >> Right. If L1 doesn't support RDSEED, then the corresponding >> "allowed-1" bit in the IA32_VMX_PROCBASED_CTLS2 MSR should be cleared. >> I think vmx_cpuid_update is the right place for this. Note, however, >> that prepare_vmcs02() should still respect L0's setting of this bit. >> > > Right, now I also realize why you sent v2 (EXITING vs. !EXITING) :) > > > -- > > Thanks, > > David ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 17:01 ` Jim Mattson @ 2017-08-21 18:37 ` Jim Mattson 2017-08-21 19:16 ` [PATCH v4] " Jim Mattson 0 siblings, 1 reply; 19+ messages in thread From: Jim Mattson @ 2017-08-21 18:37 UTC (permalink / raw) To: David Hildenbrand; +Cc: kvm list There is a potential conflict here between KVM_SET_CPUID and KVM_SET_MSRS, if the two don't agree about the setting of the RDSEED-exiting "allowed-1" bit in the IA32_VMX_PROCBASED_CTLS2 MSR. But we already have that issue with the "allowed-1" bit for "enable RDTSCP," so this is nothing new. Surprisingly, we don't have that issue with the "allowed-1" setting for "enable INVPCID," because vmx_cpuid_update() doesn't make any attempt to update that bit. On Mon, Aug 21, 2017 at 10:01 AM, Jim Mattson <jmattson@google.com> wrote: > Perhaps this change to vmx_cpuid_update is too simplistic, and it > should follow the pattern established for RDTSCP/INVPCID instead? > > On Mon, Aug 21, 2017 at 9:50 AM, David Hildenbrand <david@redhat.com> wrote: >> On 21.08.2017 18:37, Jim Mattson wrote: >>> Right. If L1 doesn't support RDSEED, then the corresponding >>> "allowed-1" bit in the IA32_VMX_PROCBASED_CTLS2 MSR should be cleared. >>> I think vmx_cpuid_update is the right place for this. Note, however, >>> that prepare_vmcs02() should still respect L0's setting of this bit. >>> >> >> Right, now I also realize why you sent v2 (EXITING vs. !EXITING) :) >> >> >> -- >> >> Thanks, >> >> David ^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH v4] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 18:37 ` Jim Mattson @ 2017-08-21 19:16 ` Jim Mattson 0 siblings, 0 replies; 19+ messages in thread From: Jim Mattson @ 2017-08-21 19:16 UTC (permalink / raw) To: David Hildenbrand, kvm list; +Cc: Jim Mattson A guest may not be configured to support RDSEED, even when the host does. If the guest does not support RDSEED, intercept the instruction and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting in the IA32_VMX_PROCBASED_CTLS2 MSR. Change-Id: Iac4f3f4ef22c0d6db9f7a23cf6830aac79116ced --- arch/x86/kvm/vmx.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index ed1074e98b8e..61174e1f7d0f 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_SHADOW_VMCS | SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_RDSEED | SECONDARY_EXEC_ENABLE_PML | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_VMFUNC; @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) + exec_control &= ~SECONDARY_EXEC_RDSEED; + return exec_control; } @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) return handle_nop(vcpu); } +static int handle_invalid_op(struct kvm_vcpu *vcpu) +{ + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; +} + static int handle_monitor_trap(struct kvm_vcpu *vcpu) { return 1; @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, [EXIT_REASON_INVEPT] = handle_invept, [EXIT_REASON_INVVPID] = handle_invvpid, + [EXIT_REASON_RDSEED] = handle_invalid_op, [EXIT_REASON_XSAVES] = handle_xsaves, [EXIT_REASON_XRSTORS] = handle_xrstors, [EXIT_REASON_PML_FULL] = handle_pml_full, @@ -8979,6 +8990,12 @@ static bool vmx_mpx_supported(void) (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS); } +static bool vmx_rdseed_supported(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_RDSEED; +} + static bool vmx_xsaves_supported(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & @@ -9665,6 +9682,24 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) } } + if (vmx_rdseed_supported()) { + bool rdseed_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDSEED); + + if (rdseed_enabled) + secondary_exec_ctl &= ~SECONDARY_EXEC_RDSEED; + else + secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; + + if (nested) { + if (rdseed_enabled) + vmx->nested.nested_vmx_secondary_ctls_high |= + SECONDARY_EXEC_RDSEED; + else + vmx->nested.nested_vmx_secondary_ctls_high &= + ~SECONDARY_EXEC_RDSEED; + } + } + if (cpu_has_secondary_exec_ctrls()) vmcs_set_secondary_exec_control(secondary_exec_ctl); -- 2.14.1.480.gb18f417b89-goog ^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v3] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 13:00 ` [PATCH] " David Hildenbrand 2017-08-21 16:37 ` Jim Mattson @ 2017-08-21 16:38 ` Jim Mattson 2017-08-21 19:26 ` [PATCH v5] " Jim Mattson 1 sibling, 1 reply; 19+ messages in thread From: Jim Mattson @ 2017-08-21 16:38 UTC (permalink / raw) To: David Hildenbrand, kvm; +Cc: Jim Mattson A guest may not be configured to support RDSEED, even when the host does. If the guest does not support RDSEED, intercept the instruction and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting in the IA32_VMX_PROCBASED_CTLS2 MSR. Signed-off-by: Jim Mattson <jmattson@google.com> --- arch/x86/kvm/vmx.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index ed1074e98b8e..482f4130c43f 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_SHADOW_VMCS | SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_RDSEED | SECONDARY_EXEC_ENABLE_PML | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_VMFUNC; @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) + exec_control &= ~SECONDARY_EXEC_RDSEED; + return exec_control; } @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) return handle_nop(vcpu); } +static int handle_invalid_op(struct kvm_vcpu *vcpu) +{ + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; +} + static int handle_monitor_trap(struct kvm_vcpu *vcpu) { return 1; @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, [EXIT_REASON_INVEPT] = handle_invept, [EXIT_REASON_INVVPID] = handle_invvpid, + [EXIT_REASON_RDSEED] = handle_invalid_op, [EXIT_REASON_XSAVES] = handle_xsaves, [EXIT_REASON_XRSTORS] = handle_xrstors, [EXIT_REASON_PML_FULL] = handle_pml_full, @@ -9665,6 +9676,10 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) } } + if (!guest_cpuid_has(vcpu, X86_FEATURE_RDSEED)) + vmx->nested.nested_vmx_secondary_ctls_high &= + ~SECONDARY_EXEC_RDSEED; + if (cpu_has_secondary_exec_ctrls()) vmcs_set_secondary_exec_control(secondary_exec_ctl); -- 2.14.1.480.gb18f417b89-goog ^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v5] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 16:38 ` [PATCH v3] " Jim Mattson @ 2017-08-21 19:26 ` Jim Mattson 2017-08-21 20:32 ` Radim Krčmář ` (2 more replies) 0 siblings, 3 replies; 19+ messages in thread From: Jim Mattson @ 2017-08-21 19:26 UTC (permalink / raw) To: David Hildenbrand, kvm; +Cc: Jim Mattson A guest may not be configured to support RDSEED, even when the host does. If the guest does not support RDSEED, intercept the instruction and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting in the IA32_VMX_PROCBASED_CTLS2 MSR. Signed-off-by: Jim Mattson <jmattson@google.com> --- arch/x86/kvm/vmx.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index ed1074e98b8e..61174e1f7d0f 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_SHADOW_VMCS | SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_RDSEED | SECONDARY_EXEC_ENABLE_PML | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_VMFUNC; @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) + exec_control &= ~SECONDARY_EXEC_RDSEED; + return exec_control; } @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) return handle_nop(vcpu); } +static int handle_invalid_op(struct kvm_vcpu *vcpu) +{ + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; +} + static int handle_monitor_trap(struct kvm_vcpu *vcpu) { return 1; @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, [EXIT_REASON_INVEPT] = handle_invept, [EXIT_REASON_INVVPID] = handle_invvpid, + [EXIT_REASON_RDSEED] = handle_invalid_op, [EXIT_REASON_XSAVES] = handle_xsaves, [EXIT_REASON_XRSTORS] = handle_xrstors, [EXIT_REASON_PML_FULL] = handle_pml_full, @@ -8979,6 +8990,12 @@ static bool vmx_mpx_supported(void) (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS); } +static bool vmx_rdseed_supported(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_RDSEED; +} + static bool vmx_xsaves_supported(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & @@ -9665,6 +9682,24 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) } } + if (vmx_rdseed_supported()) { + bool rdseed_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDSEED); + + if (rdseed_enabled) + secondary_exec_ctl &= ~SECONDARY_EXEC_RDSEED; + else + secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; + + if (nested) { + if (rdseed_enabled) + vmx->nested.nested_vmx_secondary_ctls_high |= + SECONDARY_EXEC_RDSEED; + else + vmx->nested.nested_vmx_secondary_ctls_high &= + ~SECONDARY_EXEC_RDSEED; + } + } + if (cpu_has_secondary_exec_ctrls()) vmcs_set_secondary_exec_control(secondary_exec_ctl); -- 2.14.1.480.gb18f417b89-goog ^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH v5] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 19:26 ` [PATCH v5] " Jim Mattson @ 2017-08-21 20:32 ` Radim Krčmář 2017-08-21 22:03 ` Jim Mattson 2017-08-22 11:11 ` David Hildenbrand 2017-08-23 21:34 ` Paolo Bonzini 2 siblings, 1 reply; 19+ messages in thread From: Radim Krčmář @ 2017-08-21 20:32 UTC (permalink / raw) To: Jim Mattson; +Cc: David Hildenbrand, kvm 2017-08-21 12:26-0700, Jim Mattson: > A guest may not be configured to support RDSEED, even when the host > does. If the guest does not support RDSEED, intercept the instruction > and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting > in the IA32_VMX_PROCBASED_CTLS2 MSR. (RDRAND looks the same.) > Signed-off-by: Jim Mattson <jmattson@google.com> > --- > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) > if (!enable_pml) > exec_control &= ~SECONDARY_EXEC_ENABLE_PML; > > + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) > + exec_control &= ~SECONDARY_EXEC_RDSEED; > + > return exec_control; > } > > @@ -9665,6 +9682,24 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) > } > } > > + if (vmx_rdseed_supported()) { > + bool rdseed_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDSEED); > + > + if (rdseed_enabled) > + secondary_exec_ctl &= ~SECONDARY_EXEC_RDSEED; All other CPUID-controlled features use vmx_cpuid_update(), but I would actually prefer to have it in vmx_secondary_exec_control. In any case, combining those two is weird. > + else > + secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; The feature can never be unset here, so we can have just the first branch, thanks. > + > + if (nested) { > + if (rdseed_enabled) > + vmx->nested.nested_vmx_secondary_ctls_high |= > + SECONDARY_EXEC_RDSEED; > + else > + vmx->nested.nested_vmx_secondary_ctls_high &= > + ~SECONDARY_EXEC_RDSEED; > + } > + } I think it would be nicer to generalize that pattern: (We can call it after updating the MSRs too.) ---8<--- Subject: [PATCH] KVM: nVMX: refactor secondary_ctls_high updates We should not enable a VMX feature if its instruction is not in guest CPUID or not provided by hardware. The change allows us to easily add more features. RDTSCP will always get configured with CPUID, so there is no need to set it from the beginning, just like INVPCID. Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> --- arch/x86/kvm/vmx.c | 46 +++++++++++++++++++++------------------------- 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 2b92c2de2b3a..7e2b33e0948d 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -2810,7 +2810,6 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) vmx->nested.nested_vmx_secondary_ctls_high &= SECONDARY_EXEC_RDRAND | SECONDARY_EXEC_RDSEED | SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | - SECONDARY_EXEC_RDTSCP | SECONDARY_EXEC_DESC | SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_APIC_REGISTER_VIRT | @@ -9623,25 +9622,28 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) #undef cr4_fixed1_update } +/* + * Update MSR_IA32_VMX_PROCBASED_CTLS2 according to CPUID. Selected features + * are enabled iff they are enabled in CPUID and supported by the host. + */ +static void nested_vmx_secondary_ctls_high_update(struct kvm_vcpu *vcpu, + u32 host_secondary_exec_ctl) +{ + u32 mask = SECONDARY_EXEC_RDTSCP | SECONDARY_EXEC_ENABLE_INVPCID; + + vcpu->vmx.nested.nested_vmx_secondary_ctls_high &= ~mask + vcpu->vmx.nested.nested_vmx_secondary_ctls_high |= + host_secondary_exec_ctl & mask; +} + static void vmx_cpuid_update(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); u32 secondary_exec_ctl = vmx_secondary_exec_control(vmx); - if (vmx_rdtscp_supported()) { - bool rdtscp_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP); - if (!rdtscp_enabled) - secondary_exec_ctl &= ~SECONDARY_EXEC_RDTSCP; - - if (nested) { - if (rdtscp_enabled) - vmx->nested.nested_vmx_secondary_ctls_high |= - SECONDARY_EXEC_RDTSCP; - else - vmx->nested.nested_vmx_secondary_ctls_high &= - ~SECONDARY_EXEC_RDTSCP; - } - } + if (vmx_rdtscp_supported() && + !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) + secondary_exec_ctl &= ~SECONDARY_EXEC_RDTSCP; if (vmx_invpcid_supported()) { /* Exposing INVPCID only when PCID is exposed */ @@ -9653,15 +9655,6 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) secondary_exec_ctl &= ~SECONDARY_EXEC_ENABLE_INVPCID; guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID); } - - if (nested) { - if (invpcid_enabled) - vmx->nested.nested_vmx_secondary_ctls_high |= - SECONDARY_EXEC_ENABLE_INVPCID; - else - vmx->nested.nested_vmx_secondary_ctls_high &= - ~SECONDARY_EXEC_ENABLE_INVPCID; - } } if (cpu_has_secondary_exec_ctrls()) @@ -9674,8 +9667,11 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &= ~FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX; - if (nested_vmx_allowed(vcpu)) + if (nested_vmx_allowed(vcpu)) { nested_vmx_cr_fixed1_bits_update(vcpu); + nested_vmx_secondary_ctls_high_update(vcpu, secondary_exec_ctl); + } + } static void vmx_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry) -- 2.13.3 ^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH v5] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 20:32 ` Radim Krčmář @ 2017-08-21 22:03 ` Jim Mattson 2017-08-22 11:21 ` David Hildenbrand 0 siblings, 1 reply; 19+ messages in thread From: Jim Mattson @ 2017-08-21 22:03 UTC (permalink / raw) To: Radim Krčmář; +Cc: David Hildenbrand, kvm list On Mon, Aug 21, 2017 at 1:32 PM, Radim Krčmář <rkrcmar@redhat.com> wrote: > 2017-08-21 12:26-0700, Jim Mattson: >> A guest may not be configured to support RDSEED, even when the host >> does. If the guest does not support RDSEED, intercept the instruction >> and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting >> in the IA32_VMX_PROCBASED_CTLS2 MSR. > > (RDRAND looks the same.) Agreed. A general paradigm would be nicer. > >> Signed-off-by: Jim Mattson <jmattson@google.com> >> --- >> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >> @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) >> if (!enable_pml) >> exec_control &= ~SECONDARY_EXEC_ENABLE_PML; >> >> + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) >> + exec_control &= ~SECONDARY_EXEC_RDSEED; >> + >> return exec_control; >> } >> >> @@ -9665,6 +9682,24 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) >> } >> } >> >> + if (vmx_rdseed_supported()) { >> + bool rdseed_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDSEED); >> + >> + if (rdseed_enabled) >> + secondary_exec_ctl &= ~SECONDARY_EXEC_RDSEED; > > All other CPUID-controlled features use vmx_cpuid_update(), but I would > actually prefer to have it in vmx_secondary_exec_control. In any case, > combining those two is weird. Yes, it is weird. The reasons I adopted this two-pronged approach are: 1. vmx_secondary_exec_control() is only used at VCPU creation time to set the default controls for the vmcs01. 2. Changes due to KVM_SET_CPUID2 are pushed into the vmcs01 by vmx_cpuid_update() [assuming that the vcpu is not in virtualized vmx non-root mode when the ioctl is called]. 3. vmx_secondary_exec_control() is used at every emulated VM-entry from L1 to L2 to determine the controls that L0 needs to set in the vmcs02. Ideally, vmx_secondary_exec_control() would always return the secondary processor-based execution controls for vmcs01, but too many changes are already being made behind its back. > >> + else >> + secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; > > The feature can never be unset here, so we can have just the first > branch, I believe that CPUID.07H:EBX.RDSEED can be unset by KVM_SET_CPUID/KVM_SET_CPUID2 (and both ioctls pass through here). How else would you defeature a VCPU? > thanks. > >> + >> + if (nested) { >> + if (rdseed_enabled) >> + vmx->nested.nested_vmx_secondary_ctls_high |= >> + SECONDARY_EXEC_RDSEED; Arguably, this isn't necessary. A sane platform could have support for the RDSEED instruction without support for "RDSEED exiting." The same applies to INVPCID, in the code above. >> + else >> + vmx->nested.nested_vmx_secondary_ctls_high &= >> + ~SECONDARY_EXEC_RDSEED; >> + } >> + } > > I think it would be nicer to generalize that pattern: In general, "<opcode> exiting" or enable <opcode>" VMX capabilities should be forced off if the CPUID feature bit for the opcode is cleared (except, perhaps, for the MONITOR/MWAIT oddity). > (We can call it after updating the MSRs too.) After updating the MSRs, perhaps the CPUID feature bit for the opcode should be forced on if the corresponding "allowed-1" VMX capability bit is set. Or, perhaps it should be an error to set the VMX capability bit via KVM_SET_MSRS after having already cleared the corresponding CPUID feature bit via KVM_SET_CPUID2. > > ---8<--- > Subject: [PATCH] KVM: nVMX: refactor secondary_ctls_high updates > > We should not enable a VMX feature if its instruction is not in guest > CPUID or not provided by hardware. The change allows us to easily add > more features. > > RDTSCP will always get configured with CPUID, so there is no need to set > it from the beginning, just like INVPCID. Isn't RDTSCP automatically set in the default CPUID if there is hardware support for "enable RDTSCP"? When the default CPUID is used, there is no call to kvm_x86_ops->cpuid_update. Shouldn't the default VMX capability MSRs match the default CPUID settings? > > Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> > --- > arch/x86/kvm/vmx.c | 46 +++++++++++++++++++++------------------------- > 1 file changed, 21 insertions(+), 25 deletions(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 2b92c2de2b3a..7e2b33e0948d 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -2810,7 +2810,6 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) > vmx->nested.nested_vmx_secondary_ctls_high &= > SECONDARY_EXEC_RDRAND | SECONDARY_EXEC_RDSEED | > SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | > - SECONDARY_EXEC_RDTSCP | > SECONDARY_EXEC_DESC | > SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | > SECONDARY_EXEC_APIC_REGISTER_VIRT | > @@ -9623,25 +9622,28 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) > #undef cr4_fixed1_update > } > > +/* > + * Update MSR_IA32_VMX_PROCBASED_CTLS2 according to CPUID. Selected features > + * are enabled iff they are enabled in CPUID and supported by the host. > + */ > +static void nested_vmx_secondary_ctls_high_update(struct kvm_vcpu *vcpu, > + u32 host_secondary_exec_ctl) > +{ > + u32 mask = SECONDARY_EXEC_RDTSCP | SECONDARY_EXEC_ENABLE_INVPCID; > + > + vcpu->vmx.nested.nested_vmx_secondary_ctls_high &= ~mask > + vcpu->vmx.nested.nested_vmx_secondary_ctls_high |= > + host_secondary_exec_ctl & mask; > +} > + > static void vmx_cpuid_update(struct kvm_vcpu *vcpu) > { > struct vcpu_vmx *vmx = to_vmx(vcpu); > u32 secondary_exec_ctl = vmx_secondary_exec_control(vmx); > > - if (vmx_rdtscp_supported()) { > - bool rdtscp_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP); > - if (!rdtscp_enabled) > - secondary_exec_ctl &= ~SECONDARY_EXEC_RDTSCP; > - > - if (nested) { > - if (rdtscp_enabled) > - vmx->nested.nested_vmx_secondary_ctls_high |= > - SECONDARY_EXEC_RDTSCP; > - else > - vmx->nested.nested_vmx_secondary_ctls_high &= > - ~SECONDARY_EXEC_RDTSCP; > - } > - } > + if (vmx_rdtscp_supported() && > + !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) > + secondary_exec_ctl &= ~SECONDARY_EXEC_RDTSCP; > > if (vmx_invpcid_supported()) { > /* Exposing INVPCID only when PCID is exposed */ > @@ -9653,15 +9655,6 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) > secondary_exec_ctl &= ~SECONDARY_EXEC_ENABLE_INVPCID; > guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID); > } > - > - if (nested) { > - if (invpcid_enabled) > - vmx->nested.nested_vmx_secondary_ctls_high |= > - SECONDARY_EXEC_ENABLE_INVPCID; > - else > - vmx->nested.nested_vmx_secondary_ctls_high &= > - ~SECONDARY_EXEC_ENABLE_INVPCID; > - } > } > > if (cpu_has_secondary_exec_ctrls()) > @@ -9674,8 +9667,11 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) > to_vmx(vcpu)->msr_ia32_feature_control_valid_bits &= > ~FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX; > > - if (nested_vmx_allowed(vcpu)) > + if (nested_vmx_allowed(vcpu)) { > nested_vmx_cr_fixed1_bits_update(vcpu); > + nested_vmx_secondary_ctls_high_update(vcpu, secondary_exec_ctl); > + } > + > } > > static void vmx_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry) > -- > 2.13.3 > ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v5] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 22:03 ` Jim Mattson @ 2017-08-22 11:21 ` David Hildenbrand 0 siblings, 0 replies; 19+ messages in thread From: David Hildenbrand @ 2017-08-22 11:21 UTC (permalink / raw) To: Jim Mattson, Radim Krčmář; +Cc: kvm list >> >>> + >>> + if (nested) { >>> + if (rdseed_enabled) >>> + vmx->nested.nested_vmx_secondary_ctls_high |= >>> + SECONDARY_EXEC_RDSEED; > > Arguably, this isn't necessary. A sane platform could have support for > the RDSEED instruction without support for "RDSEED exiting." The same > applies to INVPCID, in the code above. I agree. It should be handled like this: Host has RDSEED but L1 does not (via CPUID): a) If RDSEED_EXITING is available, enable it (to fake absence) b) If RDSEED_EXITING is available, enable it in vmcs02 (to fake absence) b) Forbid RDSEED_EXITING for L1->L2 (in vmcs12) and via MSR Host and L1 have RDSEED: a) Don't set RDSEED_EXITING b) Allow RDSEED_EXITING for L1->L2 (in vmcs12) and via MSR (if available) Neither has RDSEED: a) Don't set RDSEED_EXITING b) Forbid RDSEED_EXITING for L1->L2 (in vmcs12) and via MSR I wonder if we would have to take care about !RDSEED but RDSEED_EXITING (could be created in nested setups, right?) > >>> + else >>> + vmx->nested.nested_vmx_secondary_ctls_high &= >>> + ~SECONDARY_EXEC_RDSEED; >>> + } >>> + } >> >> I think it would be nicer to generalize that pattern: > > In general, "<opcode> exiting" or enable <opcode>" VMX capabilities > should be forced off if the CPUID feature bit for the opcode is > cleared (except, perhaps, for the MONITOR/MWAIT oddity). Yes, I agree. > >> (We can call it after updating the MSRs too.) > > After updating the MSRs, perhaps the CPUID feature bit for the opcode > should be forced on if the corresponding "allowed-1" VMX capability > bit is set. Or, perhaps it should be an error to set the VMX > capability bit via KVM_SET_MSRS after having already cleared the > corresponding CPUID feature bit via KVM_SET_CPUID2. I prefer the latter (implicit enabling sounds strange), if that doesn't result in any other conflicts. -- Thanks, David ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v5] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 19:26 ` [PATCH v5] " Jim Mattson 2017-08-21 20:32 ` Radim Krčmář @ 2017-08-22 11:11 ` David Hildenbrand 2017-08-23 21:34 ` Paolo Bonzini 2 siblings, 0 replies; 19+ messages in thread From: David Hildenbrand @ 2017-08-22 11:11 UTC (permalink / raw) To: Jim Mattson, kvm On 21.08.2017 21:26, Jim Mattson wrote: > A guest may not be configured to support RDSEED, even when the host > does. If the guest does not support RDSEED, intercept the instruction > and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting > in the IA32_VMX_PROCBASED_CTLS2 MSR. > > Signed-off-by: Jim Mattson <jmattson@google.com> I'd really vote to update SECONDARY_EXEC_RDSEED -> SECONDARY_EXEC_RDSEED_EXITING SECONDARY_EXEC_RDRAND -> SECONDARY_EXEC_RDRAND_EXITING Otherwise this looks like it would enable RDSEED interpretation. And this way it matches the SDM definition. -- Thanks, David ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v5] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-21 19:26 ` [PATCH v5] " Jim Mattson 2017-08-21 20:32 ` Radim Krčmář 2017-08-22 11:11 ` David Hildenbrand @ 2017-08-23 21:34 ` Paolo Bonzini 2017-08-23 22:37 ` Jim Mattson 2 siblings, 1 reply; 19+ messages in thread From: Paolo Bonzini @ 2017-08-23 21:34 UTC (permalink / raw) To: Jim Mattson, David Hildenbrand, kvm On 21/08/2017 21:26, Jim Mattson wrote: > A guest may not be configured to support RDSEED, even when the host > does. If the guest does not support RDSEED, intercept the instruction > and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting > in the IA32_VMX_PROCBASED_CTLS2 MSR. > > Signed-off-by: Jim Mattson <jmattson@google.com> Usually we're not that particular about #UD-ing on disabled instructions (because you cannot do it for all instructions), but in this case I agree that we should do it for the sake of getting vmexits right. I'm applying v5 and posting shortly a similar patch for RDRAND. Paolo > --- > arch/x86/kvm/vmx.c | 35 +++++++++++++++++++++++++++++++++++ > 1 file changed, 35 insertions(+) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index ed1074e98b8e..61174e1f7d0f 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | > SECONDARY_EXEC_SHADOW_VMCS | > SECONDARY_EXEC_XSAVES | > + SECONDARY_EXEC_RDSEED | > SECONDARY_EXEC_ENABLE_PML | > SECONDARY_EXEC_TSC_SCALING | > SECONDARY_EXEC_ENABLE_VMFUNC; > @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) > if (!enable_pml) > exec_control &= ~SECONDARY_EXEC_ENABLE_PML; > > + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) > + exec_control &= ~SECONDARY_EXEC_RDSEED; > + > return exec_control; > } > > @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) > return handle_nop(vcpu); > } > > +static int handle_invalid_op(struct kvm_vcpu *vcpu) > +{ > + kvm_queue_exception(vcpu, UD_VECTOR); > + return 1; > +} > + > static int handle_monitor_trap(struct kvm_vcpu *vcpu) > { > return 1; > @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { > [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, > [EXIT_REASON_INVEPT] = handle_invept, > [EXIT_REASON_INVVPID] = handle_invvpid, > + [EXIT_REASON_RDSEED] = handle_invalid_op, > [EXIT_REASON_XSAVES] = handle_xsaves, > [EXIT_REASON_XRSTORS] = handle_xrstors, > [EXIT_REASON_PML_FULL] = handle_pml_full, > @@ -8979,6 +8990,12 @@ static bool vmx_mpx_supported(void) > (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS); > } > > +static bool vmx_rdseed_supported(void) > +{ > + return vmcs_config.cpu_based_2nd_exec_ctrl & > + SECONDARY_EXEC_RDSEED; > +} > + > static bool vmx_xsaves_supported(void) > { > return vmcs_config.cpu_based_2nd_exec_ctrl & > @@ -9665,6 +9682,24 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) > } > } > > + if (vmx_rdseed_supported()) { > + bool rdseed_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDSEED); > + > + if (rdseed_enabled) > + secondary_exec_ctl &= ~SECONDARY_EXEC_RDSEED; > + else > + secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; > + > + if (nested) { > + if (rdseed_enabled) > + vmx->nested.nested_vmx_secondary_ctls_high |= > + SECONDARY_EXEC_RDSEED; > + else > + vmx->nested.nested_vmx_secondary_ctls_high &= > + ~SECONDARY_EXEC_RDSEED; > + } > + } > + > if (cpu_has_secondary_exec_ctrls()) > vmcs_set_secondary_exec_control(secondary_exec_ctl); > > ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v5] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-23 21:34 ` Paolo Bonzini @ 2017-08-23 22:37 ` Jim Mattson 2017-08-23 23:32 ` [PATCH v6 1/2] " Jim Mattson 0 siblings, 1 reply; 19+ messages in thread From: Jim Mattson @ 2017-08-23 22:37 UTC (permalink / raw) To: Paolo Bonzini; +Cc: David Hildenbrand, kvm list Wait, wait! I have v6 almost ready! On Wed, Aug 23, 2017 at 2:34 PM, Paolo Bonzini <pbonzini@redhat.com> wrote: > On 21/08/2017 21:26, Jim Mattson wrote: >> A guest may not be configured to support RDSEED, even when the host >> does. If the guest does not support RDSEED, intercept the instruction >> and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting >> in the IA32_VMX_PROCBASED_CTLS2 MSR. >> >> Signed-off-by: Jim Mattson <jmattson@google.com> > > Usually we're not that particular about #UD-ing on disabled instructions > (because you cannot do it for all instructions), but in this case I > agree that we should do it for the sake of getting vmexits right. > > I'm applying v5 and posting shortly a similar patch for RDRAND. > > Paolo > >> --- >> arch/x86/kvm/vmx.c | 35 +++++++++++++++++++++++++++++++++++ >> 1 file changed, 35 insertions(+) >> >> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >> index ed1074e98b8e..61174e1f7d0f 100644 >> --- a/arch/x86/kvm/vmx.c >> +++ b/arch/x86/kvm/vmx.c >> @@ -3662,6 +3662,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) >> SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | >> SECONDARY_EXEC_SHADOW_VMCS | >> SECONDARY_EXEC_XSAVES | >> + SECONDARY_EXEC_RDSEED | >> SECONDARY_EXEC_ENABLE_PML | >> SECONDARY_EXEC_TSC_SCALING | >> SECONDARY_EXEC_ENABLE_VMFUNC; >> @@ -5298,6 +5299,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) >> if (!enable_pml) >> exec_control &= ~SECONDARY_EXEC_ENABLE_PML; >> >> + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) >> + exec_control &= ~SECONDARY_EXEC_RDSEED; >> + >> return exec_control; >> } >> >> @@ -6806,6 +6810,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) >> return handle_nop(vcpu); >> } >> >> +static int handle_invalid_op(struct kvm_vcpu *vcpu) >> +{ >> + kvm_queue_exception(vcpu, UD_VECTOR); >> + return 1; >> +} >> + >> static int handle_monitor_trap(struct kvm_vcpu *vcpu) >> { >> return 1; >> @@ -8050,6 +8060,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { >> [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, >> [EXIT_REASON_INVEPT] = handle_invept, >> [EXIT_REASON_INVVPID] = handle_invvpid, >> + [EXIT_REASON_RDSEED] = handle_invalid_op, >> [EXIT_REASON_XSAVES] = handle_xsaves, >> [EXIT_REASON_XRSTORS] = handle_xrstors, >> [EXIT_REASON_PML_FULL] = handle_pml_full, >> @@ -8979,6 +8990,12 @@ static bool vmx_mpx_supported(void) >> (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS); >> } >> >> +static bool vmx_rdseed_supported(void) >> +{ >> + return vmcs_config.cpu_based_2nd_exec_ctrl & >> + SECONDARY_EXEC_RDSEED; >> +} >> + >> static bool vmx_xsaves_supported(void) >> { >> return vmcs_config.cpu_based_2nd_exec_ctrl & >> @@ -9665,6 +9682,24 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) >> } >> } >> >> + if (vmx_rdseed_supported()) { >> + bool rdseed_enabled = guest_cpuid_has(vcpu, X86_FEATURE_RDSEED); >> + >> + if (rdseed_enabled) >> + secondary_exec_ctl &= ~SECONDARY_EXEC_RDSEED; >> + else >> + secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; >> + >> + if (nested) { >> + if (rdseed_enabled) >> + vmx->nested.nested_vmx_secondary_ctls_high |= >> + SECONDARY_EXEC_RDSEED; >> + else >> + vmx->nested.nested_vmx_secondary_ctls_high &= >> + ~SECONDARY_EXEC_RDSEED; >> + } >> + } >> + >> if (cpu_has_secondary_exec_ctrls()) >> vmcs_set_secondary_exec_control(secondary_exec_ctl); >> >> > ^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH v6 1/2] kvm: vmx: Raise #UD on unsupported RDSEED 2017-08-23 22:37 ` Jim Mattson @ 2017-08-23 23:32 ` Jim Mattson 2017-08-23 23:32 ` [PATCH v6 2/2] kvm: vmx: Raise #UD on unsupported RDRAND Jim Mattson 0 siblings, 1 reply; 19+ messages in thread From: Jim Mattson @ 2017-08-23 23:32 UTC (permalink / raw) To: Paolo Bonzini, David Hildenbrand, kvm list; +Cc: Jim Mattson A guest may not be configured to support RDSEED, even when the host does. If the guest does not support RDSEED, intercept the instruction and synthesize #UD. Also clear the "allowed-1" bit for RDSEED exiting in the IA32_VMX_PROCBASED_CTLS2 MSR. Signed-off-by: Jim Mattson <jmattson@google.com> --- arch/x86/kvm/vmx.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 19aa69af7c2d..9dd8637c3392 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3667,6 +3667,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_SHADOW_VMCS | SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_RDSEED | SECONDARY_EXEC_ENABLE_PML | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_VMFUNC; @@ -5300,6 +5301,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) + exec_control &= ~SECONDARY_EXEC_RDSEED; + return exec_control; } @@ -6804,6 +6808,12 @@ static int handle_mwait(struct kvm_vcpu *vcpu) return handle_nop(vcpu); } +static int handle_invalid_op(struct kvm_vcpu *vcpu) +{ + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; +} + static int handle_monitor_trap(struct kvm_vcpu *vcpu) { return 1; @@ -8047,6 +8057,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor, [EXIT_REASON_INVEPT] = handle_invept, [EXIT_REASON_INVVPID] = handle_invvpid, + [EXIT_REASON_RDSEED] = handle_invalid_op, [EXIT_REASON_XSAVES] = handle_xsaves, [EXIT_REASON_XRSTORS] = handle_xrstors, [EXIT_REASON_PML_FULL] = handle_pml_full, @@ -8975,6 +8986,12 @@ static bool vmx_mpx_supported(void) (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_BNDCFGS); } +static bool vmx_rdseed_supported(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_RDSEED; +} + static bool vmx_xsaves_supported(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & @@ -9620,6 +9637,12 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) #undef cr4_fixed1_update } +static void nested_vmx_secondary_ctrls_clear(struct kvm_vcpu *vcpu, u32 mask) +{ + if (nested) + to_vmx(vcpu)->nested.nested_vmx_secondary_ctls_high &= ~mask; +} + static void vmx_cpuid_update(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -9661,6 +9684,12 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) } } + if (vmx_rdseed_supported() && + !guest_cpuid_has(vcpu, X86_FEATURE_RDSEED)) { + nested_vmx_secondary_ctrls_clear(vcpu, SECONDARY_EXEC_RDSEED); + secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; + } + if (cpu_has_secondary_exec_ctrls()) vmcs_set_secondary_exec_control(secondary_exec_ctl); -- 2.14.1.342.g6490525c54-goog ^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v6 2/2] kvm: vmx: Raise #UD on unsupported RDRAND 2017-08-23 23:32 ` [PATCH v6 1/2] " Jim Mattson @ 2017-08-23 23:32 ` Jim Mattson 0 siblings, 0 replies; 19+ messages in thread From: Jim Mattson @ 2017-08-23 23:32 UTC (permalink / raw) To: Paolo Bonzini, David Hildenbrand, kvm list; +Cc: Jim Mattson A guest may not be configured to support RDRAND, even when the host does. If the guest does not support RDRAND, intercept the instruction and synthesize #UD. Also clear the "allowed-1" bit for RDRAND exiting in the IA32_VMX_PROCBASED_CTLS2 MSR. Signed-off-by: Jim Mattson <jmattson@google.com> --- arch/x86/kvm/vmx.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 9dd8637c3392..1d59806b315b 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3668,6 +3668,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) SECONDARY_EXEC_SHADOW_VMCS | SECONDARY_EXEC_XSAVES | SECONDARY_EXEC_RDSEED | + SECONDARY_EXEC_RDRAND | SECONDARY_EXEC_ENABLE_PML | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_VMFUNC; @@ -5304,6 +5305,9 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDSEED)) exec_control &= ~SECONDARY_EXEC_RDSEED; + if (guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDRAND)) + exec_control &= ~SECONDARY_EXEC_RDRAND; + return exec_control; } @@ -8058,6 +8062,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = { [EXIT_REASON_INVEPT] = handle_invept, [EXIT_REASON_INVVPID] = handle_invvpid, [EXIT_REASON_RDSEED] = handle_invalid_op, + [EXIT_REASON_RDRAND] = handle_invalid_op, [EXIT_REASON_XSAVES] = handle_xsaves, [EXIT_REASON_XRSTORS] = handle_xrstors, [EXIT_REASON_PML_FULL] = handle_pml_full, @@ -8992,6 +8997,12 @@ static bool vmx_rdseed_supported(void) SECONDARY_EXEC_RDSEED; } +static bool vmx_rdrand_supported(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_RDRAND; +} + static bool vmx_xsaves_supported(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & @@ -9690,6 +9701,12 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu) secondary_exec_ctl |= SECONDARY_EXEC_RDSEED; } + if (vmx_rdrand_supported() && + !guest_cpuid_has(vcpu, X86_FEATURE_RDRAND)) { + nested_vmx_secondary_ctrls_clear(vcpu, SECONDARY_EXEC_RDRAND); + secondary_exec_ctl |= SECONDARY_EXEC_RDRAND; + } + if (cpu_has_secondary_exec_ctrls()) vmcs_set_secondary_exec_control(secondary_exec_ctl); -- 2.14.1.342.g6490525c54-goog ^ permalink raw reply related [flat|nested] 19+ messages in thread
end of thread, other threads:[~2017-08-23 23:33 UTC | newest] Thread overview: 19+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-08-18 18:43 [PATCH] kvm: vmx: Raise #UD on unsupported RDSEED Jim Mattson 2017-08-18 18:45 ` [PATCH v2] " Jim Mattson 2017-08-21 1:49 ` Wanpeng Li 2017-08-21 13:00 ` [PATCH] " David Hildenbrand 2017-08-21 16:37 ` Jim Mattson 2017-08-21 16:50 ` David Hildenbrand 2017-08-21 17:01 ` Jim Mattson 2017-08-21 18:37 ` Jim Mattson 2017-08-21 19:16 ` [PATCH v4] " Jim Mattson 2017-08-21 16:38 ` [PATCH v3] " Jim Mattson 2017-08-21 19:26 ` [PATCH v5] " Jim Mattson 2017-08-21 20:32 ` Radim Krčmář 2017-08-21 22:03 ` Jim Mattson 2017-08-22 11:21 ` David Hildenbrand 2017-08-22 11:11 ` David Hildenbrand 2017-08-23 21:34 ` Paolo Bonzini 2017-08-23 22:37 ` Jim Mattson 2017-08-23 23:32 ` [PATCH v6 1/2] " Jim Mattson 2017-08-23 23:32 ` [PATCH v6 2/2] kvm: vmx: Raise #UD on unsupported RDRAND Jim Mattson
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.