Re: [PATCH 3/3] KVM: x86: Don't deflect MSRs to userspace that can't be filtered

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Aaron Lewis <aaronlewis@google.com>
Cc: kvm@vger.kernel.org, pbonzini@redhat.com, jmattson@google.com
Subject: Re: [PATCH 3/3] KVM: x86: Don't deflect MSRs to userspace that can't be filtered
Date: Thu, 7 Jul 2022 19:21:09 +0000	[thread overview]
Message-ID: <YscyJf3pzsSVZonS@google.com> (raw)
In-Reply-To: <20220703191636.2159067-4-aaronlewis@google.com>

On Sun, Jul 03, 2022, Aaron Lewis wrote:
> If an MSR is not permitted to be filtered and deflected to userspace,
> don't then allow it to be deflected to userspace by other means.  If an
> MSR that cannot be filtered #GP's, and KVM is configured to send all
> MSRs that #GP to userspace, that MSR will be sent to userspace as well.
> Prevent that from happening by filtering out disallowed MSRs from being
> deflected to userspace.

Why?  Honest question.  KVM doesn't allow filtering x2APIC accesses because
supporting that would be messy, and there's no sane use case for intercepting
x2APIC accesses if userspace has enabled the in-kernel local APIC.

I can't think of a meaningful use case for intercepting faults on x2APIC MSRs,
but I also don't see anything inherently broken with allowing userspace to intercept
such faults.

> Signed-off-by: Aaron Lewis <aaronlewis@google.com>
> ---
>  arch/x86/kvm/x86.c | 16 ++++++++++++++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 031678eff28e..a84741f7d254 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -1712,6 +1712,15 @@ void kvm_enable_efer_bits(u64 mask)
>  }
>  EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
>  
> +bool kvm_msr_filtering_disallowed(u32 index)

Should be static, per the test bot.

> +{
> +	/* x2APIC MSRs do not support filtering. */
> +	if (index >= 0x800 && index <= 0x8ff)
> +		return true;
> +
> +	return false;
> +}
> +
>  bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type)
>  {
>  	struct kvm_x86_msr_filter *msr_filter;
> @@ -1721,8 +1730,8 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type)
>  	int idx;
>  	u32 i;
>  
> -	/* x2APIC MSRs do not support filtering. */
> -	if (index >= 0x800 && index <= 0x8ff)
> +	/* Prevent certain MSRs from using MSR Filtering. */
> +	if (kvm_msr_filtering_disallowed(index))
>  		return true;
>  
>  	idx = srcu_read_lock(&kvm->srcu);
> @@ -1962,6 +1971,9 @@ static int kvm_msr_user_space(struct kvm_vcpu *vcpu, u32 index,
>  	if (!(vcpu->kvm->arch.user_space_msr_mask & msr_reason))
>  		return 0;
>  
> +	if (kvm_msr_filtering_disallowed(index))
> +		return 0;
> +
>  	vcpu->run->exit_reason = exit_reason;
>  	vcpu->run->msr.error = 0;
>  	memset(vcpu->run->msr.pad, 0, sizeof(vcpu->run->msr.pad));
> -- 
> 2.37.0.rc0.161.g10f37bed90-goog
>

next prev parent reply	other threads:[~2022-07-07 19:21 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-03 19:16 [PATCH 0/3] MSR Filtering updates Aaron Lewis
2022-07-03 19:16 ` [PATCH 1/3] KVM: x86: fix documentation for KVM_X86_SET_MSR_FILTER Aaron Lewis
2022-07-03 19:16 ` [PATCH 2/3] KVM: x86: update documentation for MSR filtering Aaron Lewis
2022-07-03 19:16 ` [PATCH 3/3] KVM: x86: Don't deflect MSRs to userspace that can't be filtered Aaron Lewis
2022-07-03 20:34   ` kernel test robot
2022-07-03 21:05   ` kernel test robot
2022-07-04  0:09   ` kernel test robot
2022-07-07 19:21   ` Sean Christopherson [this message]
2022-07-09  2:05     ` Aaron Lewis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YscyJf3pzsSVZonS@google.com \
    --to=seanjc@google.com \
    --cc=aaronlewis@google.com \
    --cc=jmattson@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.