[RFC PATCH 15/27] KVM: x86: Add infrastructure to track CPUID entries ignored in paranoid mode

[Binbin Wu <binbin.wu@linux.intel.com>]

Add a structure and helpers to register and query CPUID leafs/registers
that should be excluded from validation in KVM's CPUID paranoid mode.

CPUID paranoid mode will cross-check CPUID values exposed to guests
against KVM's expected values to detect inconsistencies. Some CPUID
leafs/registers could be expected from paranoid checks, i.e., allow
whatever the inputs from userspace.

It could use kvm_cpu_cap_init_mf() to use 0xFFFFFFFF to allow all bits
for a 32-bit CPUID output register, however, it would require to add an
entry in enum kvm_only_cpuid_leafs and reverse_cpuid[], which brings
more COLs.

Each ignored entry specifies a CPUID function, an inclusive index range
(with index_end=-1 meaning "all sub-leaves starting from the
index_start"), a bitmask of registers (EAX/EBX/ECX/EDX), and an overlay
mask to scope the exemption to specific VM types.

KVM_MAX_CPUID_ENTRIES may be a bit oversized, but since it's global, the
waste of memory should be acceptable.

Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
---
 arch/x86/kvm/cpuid.c | 47 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 3bd9608770a9..e633707277f9 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -45,7 +45,21 @@ struct cpuid_xstate_sizes {
 	u32 ecx;
 };
 
+struct ignored_entry {
+	u32 func;
+	u32 index_start;
+	u32 index_end;
+	u32 reg_mask;
+	u32 overlay_mask;
+};
+
+struct cpuid_paranoid_ignored_set {
+	u32 nr;
+	struct ignored_entry entries[KVM_MAX_CPUID_ENTRIES];
+};
+
 static struct cpuid_xstate_sizes xstate_sizes[XFEATURE_MAX] __ro_after_init;
+static struct cpuid_paranoid_ignored_set ignored_set __read_mostly;
 
 void __init kvm_init_xstate_sizes(void)
 {
@@ -372,6 +386,39 @@ static u32 cpuid_get_reg_unsafe(struct kvm_cpuid_entry2 *entry, u32 reg)
 static int cpuid_func_emulated(struct kvm *kvm, struct kvm_cpuid_entry2 *entry,
 			       u32 func, bool include_partially_emulated);
 
+/*
+ * index_start and index_end are inclusive:
+ * - Use 0 for both index_start and index_end if the function is not indexed.
+ * - Use -1 as index_end to indicate open-ended index ranges starting from
+ *   index_start.
+ */
+static void __maybe_unused kvm_cpu_cap_ignore(u32 func, u32 index_start, u32 index_end,
+					      u32 reg_mask, u32 overlay_mask)
+{
+	if (WARN_ON_ONCE(ignored_set.nr >= KVM_MAX_CPUID_ENTRIES))
+		return;
+
+	ignored_set.entries[ignored_set.nr].func = func;
+	ignored_set.entries[ignored_set.nr].index_start = index_start;
+	ignored_set.entries[ignored_set.nr].index_end = index_end;
+	ignored_set.entries[ignored_set.nr].reg_mask = reg_mask;
+	ignored_set.entries[ignored_set.nr].overlay_mask = overlay_mask;
+	ignored_set.nr++;
+}
+
+static bool __maybe_unused is_cpuid_paranoid_ignored(u32 func, u32 index, int reg, u8 overlay)
+{
+	for (int i = 0; i < ignored_set.nr; i++) {
+		struct ignored_entry *e = &ignored_set.entries[i];
+
+		if ((e->func == func) && (e->reg_mask & BIT(reg)) &&
+		    (e->overlay_mask & BIT(overlay)) &&
+		    (index >= e->index_start && index <= e->index_end))
+			return true;
+	}
+	return false;
+}
+
 void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
 {
 	u8 cpuid_overlay = get_cpuid_overlay(vcpu->kvm);
-- 
2.46.0