From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: kvm@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
Paolo Bonzini <pbonzini@redhat.com>,
Ingo Molnar <mingo@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
linux-kernel@vger.kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>
Subject: Re: [PATCH v4 0/4] Relax canonical checks on some arch msrs
Date: Wed, 30 Oct 2024 14:22:43 -0700 [thread overview]
Message-ID: <ZyKjo-XpaNjIkMdA@google.com> (raw)
In-Reply-To: <c6594c5f040eedc7e5b3cb001aac1bcfcb6782cd.camel@redhat.com>
On Wed, Oct 30, 2024, Maxim Levitsky wrote:
> On Fri, 2024-09-06 at 18:18 -0400, Maxim Levitsky wrote:
> > Recently we came up upon a failure where likely the guest writes
> > 0xff4547ceb1600000 to MSR_KERNEL_GS_BASE and later on, qemu
> > sets this value via KVM_PUT_MSRS, and is rejected by the
> > kernel, likely due to not being canonical in 4 level paging.
> >
> > One of the way to trigger this is to make the guest enter SMM,
> > which causes paging to be disabled, which SMM bios re-enables
> > but not the whole 5 level. MSR_KERNEL_GS_BASE on the other
> > hand continues to contain old value.
> >
> > I did some reverse engineering and to my surprise I found out
> > that both Intel and AMD indeed ignore CR4.LA57 when doing
> > canonical checks on this and other msrs and/or other arch
> > registers (like GDT base) which contain linear addresses.
> >
> > V2: addressed a very good feedback from Chao Gao. Thanks!
> >
> > V3: also fix the nested VMX, and also fix the
> > MSR_IA32_SYSENTER_EIP / MSR_IA32_SYSENTER_ESP
> >
> > V4:
> > - added PT and PEBS msrs
> > - corrected emulation of SGDT/SIDT/STR/SLDT instructions
> > - corrected canonical checks for TLB invalidation instructions
> >
> > Best regards,
> > Maxim Levitsky
> >
> > Maxim Levitsky (4):
> > KVM: x86: drop x86.h include from cpuid.h
> > KVM: x86: implement emul_is_noncanonical_address using
> > is_noncanonical_address
> > KVM: x86: model canonical checks more precisely
> > KVM: nVMX: fix canonical check of vmcs12 HOST_RIP
> >
> > arch/x86/kvm/cpuid.h | 1 -
> > arch/x86/kvm/emulate.c | 15 ++++++-----
> > arch/x86/kvm/kvm_emulate.h | 5 ++++
> > arch/x86/kvm/mmu.h | 1 +
> > arch/x86/kvm/mmu/mmu.c | 2 +-
> > arch/x86/kvm/vmx/hyperv.c | 1 +
> > arch/x86/kvm/vmx/nested.c | 35 +++++++++++++++++---------
> > arch/x86/kvm/vmx/pmu_intel.c | 2 +-
> > arch/x86/kvm/vmx/sgx.c | 5 ++--
> > arch/x86/kvm/vmx/vmx.c | 4 +--
> > arch/x86/kvm/x86.c | 13 +++++++---
> > arch/x86/kvm/x86.h | 49 ++++++++++++++++++++++++++++++++++--
> > 12 files changed, 102 insertions(+), 31 deletions(-)
> >
> > --
> > 2.26.3
> >
> >
>
> Hi,
> A very gentle ping on this patch series.
Heh, good timing, I literally (like, 2 seconds ago) applied this (still need to
test before you'll see a "thank you" email).
next prev parent reply other threads:[~2024-10-30 21:22 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-06 22:18 [PATCH v4 0/4] Relax canonical checks on some arch msrs Maxim Levitsky
2024-09-06 22:18 ` [PATCH v4 1/4] KVM: x86: drop x86.h include from cpuid.h Maxim Levitsky
2024-10-31 0:43 ` Sean Christopherson
2024-09-06 22:18 ` [PATCH v4 2/4] KVM: x86: implement emul_is_noncanonical_address using is_noncanonical_address Maxim Levitsky
2024-10-31 0:44 ` Sean Christopherson
2024-09-06 22:18 ` [PATCH v4 3/4] KVM: x86: model canonical checks more precisely Maxim Levitsky
2024-10-31 0:45 ` Sean Christopherson
2024-09-06 22:18 ` [PATCH v4 4/4] KVM: nVMX: fix canonical check of vmcs12 HOST_RIP Maxim Levitsky
2024-10-30 21:20 ` [PATCH v4 0/4] Relax canonical checks on some arch msrs Maxim Levitsky
2024-10-30 21:22 ` Sean Christopherson [this message]
2024-10-30 21:25 ` Maxim Levitsky
2024-10-31 19:51 ` Sean Christopherson
2024-11-01 19:25 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZyKjo-XpaNjIkMdA@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.