From: Zeng Guang <guang.zeng@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
H Peter Anvin <hpa@zytor.com>,
kvm@vger.kernel.org
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
Zeng Guang <guang.zeng@intel.com>
Subject: [PATCH v2 6/8] KVM: VMX: Implement and apply vmx_is_lass_violation() for LASS protection
Date: Wed, 19 Jul 2023 10:45:56 +0800 [thread overview]
Message-ID: <20230719024558.8539-7-guang.zeng@intel.com> (raw)
In-Reply-To: <20230719024558.8539-1-guang.zeng@intel.com>
Implement and wire up vmx_is_lass_violation() in kvm_x86_ops for VMX.
LASS violation check takes effect in KVM emulation of instruction fetch
and data access including implicit access when vCPU is running in long
mode, and also involved in emulation of VMX instruction and SGX ENCLS
instruction to enforce the mode-based protections before paging.
But the target memory address of emulation of TLB invalidation and branch
instructions aren't subject to LASS as exceptions.
Signed-off-by: Zeng Guang <guang.zeng@intel.com>
Tested-by: Xuelian Guo <xuelian.guo@intel.com>
---
arch/x86/kvm/vmx/nested.c | 3 ++-
arch/x86/kvm/vmx/sgx.c | 4 ++++
arch/x86/kvm/vmx/vmx.c | 35 +++++++++++++++++++++++++++++++++++
arch/x86/kvm/vmx/vmx.h | 3 +++
4 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index e35cf0bd0df9..72e78566a3b6 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4985,7 +4985,8 @@ int get_vmx_mem_address(struct kvm_vcpu *vcpu, unsigned long exit_qualification,
* non-canonical form. This is the only check on the memory
* destination for long mode!
*/
- exn = is_noncanonical_address(*ret, vcpu);
+ exn = is_noncanonical_address(*ret, vcpu) ||
+ vmx_is_lass_violation(vcpu, *ret, len, 0);
} else {
/*
* When not in long mode, the virtual/linear address is
diff --git a/arch/x86/kvm/vmx/sgx.c b/arch/x86/kvm/vmx/sgx.c
index 2261b684a7d4..f8de637ce634 100644
--- a/arch/x86/kvm/vmx/sgx.c
+++ b/arch/x86/kvm/vmx/sgx.c
@@ -46,6 +46,10 @@ static int sgx_get_encls_gva(struct kvm_vcpu *vcpu, unsigned long offset,
((s.base != 0 || s.limit != 0xffffffff) &&
(((u64)*gva + size - 1) > s.limit + 1));
}
+
+ if (!fault)
+ fault = vmx_is_lass_violation(vcpu, *gva, size, 0);
+
if (fault)
kvm_inject_gp(vcpu, 0);
return fault ? -EINVAL : 0;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 44fb619803b8..15a7c6e7a25d 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -8127,6 +8127,40 @@ static void vmx_vm_destroy(struct kvm *kvm)
free_pages((unsigned long)kvm_vmx->pid_table, vmx_get_pid_table_order(kvm));
}
+bool vmx_is_lass_violation(struct kvm_vcpu *vcpu, unsigned long addr,
+ unsigned int size, unsigned int flags)
+{
+ const bool is_supervisor_address = !!(addr & BIT_ULL(63));
+ const bool implicit = !!(flags & X86EMUL_F_IMPLICIT);
+ const bool fetch = !!(flags & X86EMUL_F_FETCH);
+ const bool is_wraparound_access = size ? (addr + size - 1) < addr : false;
+
+ if (!kvm_is_cr4_bit_set(vcpu, X86_CR4_LASS) || !is_long_mode(vcpu))
+ return false;
+
+ /*
+ * INVTLB isn't subject to LASS, e.g. to allow invalidating userspace
+ * addresses without toggling RFLAGS.AC. Branch targets aren't subject
+ * to LASS in order to simplifiy far control transfers (the subsequent
+ * fetch will enforce LASS as appropriate).
+ */
+ if (flags & (X86EMUL_F_BRANCH | X86EMUL_F_INVTLB))
+ return false;
+
+ if (!implicit && vmx_get_cpl(vcpu) == 3)
+ return is_supervisor_address;
+
+ /* LASS is enforced for supervisor-mode access iff SMAP is enabled. */
+ if (!fetch && !kvm_is_cr4_bit_set(vcpu, X86_CR4_SMAP))
+ return false;
+
+ /* Like SMAP, RFLAGS.AC disables LASS checks in supervisor mode. */
+ if (!fetch && !implicit && (kvm_get_rflags(vcpu) & X86_EFLAGS_AC))
+ return false;
+
+ return is_wraparound_access ? true : !is_supervisor_address;
+}
+
static struct kvm_x86_ops vmx_x86_ops __initdata = {
.name = KBUILD_MODNAME,
@@ -8266,6 +8300,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = {
.complete_emulated_msr = kvm_complete_insn_gp,
.vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector,
+ .is_lass_violation = vmx_is_lass_violation,
};
static unsigned int vmx_handle_intel_pt_intr(void)
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 9e66531861cf..c1e541a790bb 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -433,6 +433,9 @@ void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, int type);
u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu);
u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu);
+bool vmx_is_lass_violation(struct kvm_vcpu *vcpu, unsigned long addr,
+ unsigned int size, unsigned int flags);
+
static inline void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr,
int type, bool value)
{
--
2.27.0
next prev parent reply other threads:[~2023-07-19 3:26 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-19 2:45 [PATCH v2 0/8] LASS KVM virtualization support Zeng Guang
2023-07-19 2:45 ` [PATCH v2 1/8] KVM: x86: Consolidate flags for __linearize() Zeng Guang
2023-07-19 2:45 ` [PATCH v2 2/8] KVM: x86: Use a new flag for branch instructions Zeng Guang
2023-08-15 22:51 ` Sean Christopherson
2023-08-16 7:34 ` Binbin Wu
2023-08-16 14:38 ` Sean Christopherson
2023-08-17 1:38 ` Binbin Wu
2023-08-17 14:45 ` Sean Christopherson
2023-07-19 2:45 ` [PATCH v2 3/8] KVM: x86: Add an emulation flag for implicit system access Zeng Guang
2023-07-19 2:45 ` [PATCH v2 4/8] KVM: x86: Add X86EMUL_F_INVTLB and pass it in em_invlpg() Zeng Guang
2023-08-15 23:11 ` Sean Christopherson
2023-08-16 7:55 ` Binbin Wu
2023-08-16 14:27 ` Sean Christopherson
2023-07-19 2:45 ` [PATCH v2 5/8] KVM: emulator: Add emulation of LASS violation checks on linear address Zeng Guang
2023-07-19 2:45 ` Zeng Guang [this message]
2023-08-07 7:03 ` [PATCH v2 6/8] KVM: VMX: Implement and apply vmx_is_lass_violation() for LASS protection Binbin Wu
2023-08-15 23:46 ` Sean Christopherson
2023-08-17 16:15 ` Zeng Guang
2023-07-19 2:45 ` [PATCH v2 7/8] KVM: x86: Virtualize CR4.LASS Zeng Guang
2023-07-19 2:45 ` [PATCH v2 8/8] KVM: x86: Advertise LASS CPUID to user space Zeng Guang
-- strict thread matches above, loose matches on Subject: below --
2023-07-18 13:18 [PATCH v2 0/8] LASS KVM virtualization support Zeng Guang
2023-07-18 13:18 ` [PATCH v2 6/8] KVM: VMX: Implement and apply vmx_is_lass_violation() for LASS protection Zeng Guang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230719024558.8539-7-guang.zeng@intel.com \
--to=guang.zeng@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox