Re: [PATCH v2 4/7] KVM: x86: Fix CPUID range checks for Hypervisor and Centaur classes

[Sean Christopherson <sean.j.christopherson@intel.com>]

On Thu, Mar 05, 2020 at 01:10:57PM -0800, Jim Mattson wrote:
> On Thu, Mar 5, 2020 at 11:25 AM Sean Christopherson
> <sean.j.christopherson@intel.com> wrote:
> >
> > On Thu, Mar 05, 2020 at 10:43:51AM -0800, Jim Mattson wrote:
> > > On Wed, Mar 4, 2020 at 5:34 PM Sean Christopherson
> > > <sean.j.christopherson@intel.com> wrote:
> > > >
> > > > Rework the masking in the out-of-range CPUID logic to handle the
> > > > Hypervisor sub-classes, as well as the Centaur class if the guest
> > > > virtual CPU vendor is Centaur.
> > > >
> > > > Masking against 0x80000000 only handles basic and extended leafs, which
> > > > results in Hypervisor range checks being performed against the basic
> > > > CPUID class, and Centuar range checks being performed against the
> > > > Extended class.  E.g. if CPUID.0x40000000.EAX returns 0x4000000A and
> > > > there is no entry for CPUID.0x40000006, then function 0x40000006 would
> > > > be incorrectly reported as out of bounds.
> > > >
> > > > While there is no official definition of what constitutes a class, the
> > > > convention established for Hypervisor classes effectively uses bits 31:8
> > > > as the mask by virtue of checking for different bases in increments of
> > > > 0x100, e.g. KVM advertises its CPUID functions starting at 0x40000100
> > > > when HyperV features are advertised at the default base of 0x40000000.
> > > >
> > > > The bad range check doesn't cause functional problems for any known VMM
> > > > because out-of-range semantics only come into play if the exact entry
> > > > isn't found, and VMMs either support a very limited Hypervisor range,
> > > > e.g. the official KVM range is 0x40000000-0x40000001 (effectively no
> > > > room for undefined leafs) or explicitly defines gaps to be zero, e.g.
> > > > Qemu explicitly creates zeroed entries up to the Cenatur and Hypervisor
> > > > limits (the latter comes into play when providing HyperV features).
> > > >
> > > > The bad behavior can be visually confirmed by dumping CPUID output in
> > > > the guest when running Qemu with a stable TSC, as Qemu extends the limit
> > > > of range 0x40000000 to 0x40000010 to advertise VMware's cpuid_freq,
> > > > without defining zeroed entries for 0x40000002 - 0x4000000f.
> > > >
> > > > Note, documentation of Centaur/VIA CPUs is hard to come by.  Designating
> > > > 0xc0000000 - 0xcfffffff as the Centaur class is a best guess as to the
> > > > behavior of a real Centaur/VIA CPU.
> > >
> > > Don't forget Transmeta's CPUID range at 0x80860000 through 0x8086FFFF!
> >
> > Hmm, is it actually needed here?  KVM doesn't advertise support for that
> > range in KVM_GET_SUPPORTED_CPUID.

> > That's also why I limited the Centaur
> > range to vendor==CENTAUR, as KVM_GET_SUPPORTED_CPUID enumerates the
> > Centaur range if and only if the host CPU is Centaur.

Actually, I take this part of that comment back.  I limited this to
vendor==CENTAUR so that it wouldn't conflict with an actual Intel CPU if
Intel adds a CPUID leaf in the 0xc0000000 range.

> Ah. So cross-vendor CPUID specifications are not supported?

Cross-vendor CPUID is sort of allowed?  E.g. this plays nice with creating
a Centaur CPU on an Intel platform.  My interpretation of GET_SUPPORTED...
is that KVM won't prevent enumerating what you want in CPUID, but it only
promises to correctly support select leafs.