From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: dgilbert@redhat.com, jmattson@google.com,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [PATCH] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses
Date: Thu, 06 Feb 2020 15:17:06 +0100 [thread overview]
Message-ID: <87v9ojg5r1.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <1580915628-42930-1-git-send-email-pbonzini@redhat.com>
Paolo Bonzini <pbonzini@redhat.com> writes:
> Userspace that does not know about the AMD_IBRS bit might still
> allow the guest to protect itself with MSR_IA32_SPEC_CTRL using
> the Intel SPEC_CTRL bit. However, svm.c disallows this and will
> cause a #GP in the guest when writing to the MSR. Fix this by
> loosening the test and allowing the Intel CPUID bit, and in fact
> allow the AMD_STIBP bit as well since it allows writing to
> MSR_IA32_SPEC_CTRL too.
>
> Reported-by: Zhiyi Guo <zhguo@redhat.com>
> Analyzed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> Analyzed-by: Laszlo Ersek <lersek@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> arch/x86/kvm/svm.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index bf0556588ad0..a3e32d61d60c 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -4225,6 +4225,8 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> break;
> case MSR_IA32_SPEC_CTRL:
> if (!msr_info->host_initiated &&
> + !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) &&
> + !guest_cpuid_has(vcpu, X86_FEATURE_AMD_STIBP) &&
> !guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS) &&
> !guest_cpuid_has(vcpu, X86_FEATURE_AMD_SSBD))
> return 1;
> @@ -4310,6 +4312,8 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
> break;
> case MSR_IA32_SPEC_CTRL:
> if (!msr->host_initiated &&
> + !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) &&
> + !guest_cpuid_has(vcpu, X86_FEATURE_AMD_STIBP) &&
> !guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS) &&
> !guest_cpuid_has(vcpu, X86_FEATURE_AMD_SSBD))
> return 1;
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
but out of pure curiosity, why do we need these checks?
At least for the 'set' case right below them we have:
if (data & ~kvm_spec_ctrl_valid_bits(vcpu))
return 1;
so if guest will try using unsupported features it will #GP. So
basically, these checks will only fire when reading/writing '0' and all
features are missing, right? Do we care?
--
Vitaly
next prev parent reply other threads:[~2020-02-06 14:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-05 15:13 [PATCH] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses Paolo Bonzini
2020-02-06 14:17 ` Vitaly Kuznetsov [this message]
2020-02-06 14:21 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v9ojg5r1.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=dgilbert@redhat.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.