From: Oliver Upton <oupton@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>
Subject: Re: [PATCH v2 1/7] KVM: nVMX: Keep KVM updates to BNDCFGS ctrl bits across MSR write
Date: Mon, 7 Feb 2022 18:22:33 +0000 [thread overview]
Message-ID: <YgFjaY18suUJjkLL@google.com> (raw)
In-Reply-To: <ce6e9ae4-2e5b-7078-5322-05b7a61079b4@redhat.com>
Hi Paolo,
On Mon, Feb 07, 2022 at 06:21:30PM +0100, Paolo Bonzini wrote:
> On 2/4/22 21:46, Oliver Upton wrote:
> > Since commit 5f76f6f5ff96 ("KVM: nVMX: Do not expose MPX VMX controls
> > when guest MPX disabled"), KVM has taken ownership of the "load
> > IA32_BNDCFGS" and "clear IA32_BNDCFGS" VMX entry/exit controls. The ABI
> > is that these bits must be set in the IA32_VMX_TRUE_{ENTRY,EXIT}_CTLS
> > MSRs if the guest's CPUID supports MPX, and clear otherwise.
> >
> > However, KVM will only do so if userspace sets the CPUID before writing
> > to the corresponding MSRs. Of course, there are no ordering requirements
> > between these ioctls. Uphold the ABI regardless of ordering by
> > reapplying KVMs tweaks to the VMX control MSRs after userspace has
> > written to them.
>
> I don't understand this patch. If you first write the CPUID and then the
> MSR, the consistency is upheld by these checks:
>
> if (!is_bitwise_subset(data, supported, GENMASK_ULL(31, 0)))
> return -EINVAL;
>
> if (!is_bitwise_subset(supported, data, GENMASK_ULL(63, 32)))
> return -EINVAL;
Right, this works if KVM chose to clear the bit, but userspace is trying
to set it. If KVM chose to set the bit, and userspace attempts to clear
it, these checks would pass.
> If you're fixing a case where userspace first writes the MSR and then sets
> CPUID, then I would expect that KVM_SET_CPUID2 redoes those checks and, if
> they fail, it adjusts the MSRs.
I am fixing the case where userspace issues KVM_SET_CPUID2 then writes
to the corresponding MSRs.
Until recently, this all sort of 'worked'. Since we called
kvm_update_cpuid() all the time it was possible for KVM to overwrite the
bits after the MSR write, just not immediately so. After the whole CPUID
rework, we only update the VMX control MSRs immediately after a
KVM_SET_CPUID2, meaning we've missed the case of MSR write after CPUID.
The entire spirit of this series is to back KVM out of touching these
bits, but it seemingly requires a quirk to do so given the userspace
expectations around these bits. Given that, these first two patches fix
the ordering issue between KVM_SET_CPUID2 and an MSR write and enforce
KVM ownership unconditionally.
--
Thanks,
Oliver
next prev parent reply other threads:[~2022-02-07 18:31 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-04 20:46 [PATCH v2 0/7] VMX: nVMX: VMX control MSR fixes Oliver Upton
2022-02-04 20:46 ` [PATCH v2 1/7] KVM: nVMX: Keep KVM updates to BNDCFGS ctrl bits across MSR write Oliver Upton
2022-02-07 17:21 ` Paolo Bonzini
2022-02-07 18:13 ` Sean Christopherson
2022-02-07 18:22 ` Oliver Upton [this message]
2022-02-07 18:27 ` Paolo Bonzini
2022-02-07 18:34 ` Sean Christopherson
2022-02-07 18:52 ` Oliver Upton
2022-02-04 20:47 ` [PATCH v2 2/7] KVM: nVMX: Keep KVM updates to PERF_GLOBAL_CTRL " Oliver Upton
2022-02-07 16:33 ` Paolo Bonzini
2022-02-04 20:47 ` [PATCH v2 3/7] KVM: nVMX: Roll all entry/exit ctl updates into a single helper Oliver Upton
2022-02-05 7:43 ` kernel test robot
2022-02-05 19:41 ` Oliver Upton
2022-02-07 17:56 ` Sean Christopherson
2022-02-04 20:47 ` [PATCH v2 4/7] KVM: nVMX: Add a quirk for KVM tweaks to VMX control MSRs Oliver Upton
2022-02-07 18:06 ` Sean Christopherson
2022-02-09 1:50 ` Oliver Upton
2022-02-09 20:23 ` Sean Christopherson
2022-02-04 20:47 ` [PATCH v2 5/7] selftests: KVM: Add test for PERF_GLOBAL_CTRL VMX control MSR bits Oliver Upton
2022-02-04 20:47 ` [PATCH v2 6/7] selftests: KVM: Add test for BNDCFGS " Oliver Upton
2022-02-07 16:42 ` Paolo Bonzini
2022-02-04 20:47 ` [PATCH v2 7/7] KVM: VMX: Use local pointer to vcpu_vmx in vmx_vcpu_after_set_cpuid() Oliver Upton
2022-02-07 16:42 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YgFjaY18suUJjkLL@google.com \
--to=oupton@google.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox