From: Siddharth Chandrasekaran <sidcha@amazon.de>
To: Paolo Bonzini <pbonzini@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>
Cc: Siddharth Chandrasekaran <sidcha@amazon.de>,
Siddharth Chandrasekaran <sidcha.dev@gmail.com>,
Alexander Graf <graf@amazon.com>,
Evgeny Iakovlev <eyakovl@amazon.de>,
Liran Alon <liran@amazon.com>,
Ioannis Aslanidis <iaslan@amazon.de>, <qemu-devel@nongnu.org>,
<kvm@vger.kernel.org>
Subject: [PATCH v2 5/6] kvm/i386: Add support for user space MSR filtering
Date: Fri, 25 Jun 2021 12:23:30 +0200 [thread overview]
Message-ID: <678fba871629cc645cfe5b95292327cd8ae3e61f.1624615713.git.sidcha@amazon.de> (raw)
In-Reply-To: <cover.1624615713.git.sidcha@amazon.de>
Check and enable user space MSR filtering capability and handle new exit
reason KVM_EXIT_X86_WRMSR. This will be used in a follow up patch to
implement hyper-v overlay pages.
Signed-off-by: Siddharth Chandrasekaran <sidcha@amazon.de>
---
target/i386/kvm/kvm.c | 67 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 67 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index bcf1b4f2d0..b89b343acc 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -117,6 +117,8 @@ static bool has_msr_ucode_rev;
static bool has_msr_vmx_procbased_ctls2;
static bool has_msr_perf_capabs;
static bool has_msr_pkrs;
+static bool has_msr_filtering;
+static bool msr_filters_active;
static uint32_t has_architectural_pmu_version;
static uint32_t num_architectural_pmu_gp_counters;
@@ -2183,6 +2185,42 @@ static void register_smram_listener(Notifier *n, void *unused)
&smram_address_space, 1);
}
+static void kvm_set_msr_filter_range(struct kvm_msr_filter_range *range, uint32_t flags,
+ uint32_t base, uint32_t nmsrs, ...)
+{
+ int i, filter_to_userspace;
+ va_list ap;
+
+ range->flags = flags;
+ range->nmsrs = nmsrs;
+ range->base = base;
+
+ va_start(ap, nmsrs);
+ for (i = 0; i < nmsrs; i++) {
+ filter_to_userspace = va_arg(ap, int);
+ if (!filter_to_userspace) {
+ range->bitmap[i / 8] = 1 << (i % 8);
+ }
+ }
+ va_end(ap);
+}
+
+static int kvm_set_msr_filters(KVMState *s)
+{
+ int r;
+ struct kvm_msr_filter filter = { };
+
+ filter.flags = KVM_MSR_FILTER_DEFAULT_ALLOW;
+
+ r = kvm_vm_ioctl(s, KVM_X86_SET_MSR_FILTER, &filter);
+ if (r != 0) {
+ error_report("kvm: failed to set MSR filters");
+ return -1;
+ }
+
+ return 0;
+}
+
int kvm_arch_init(MachineState *ms, KVMState *s)
{
uint64_t identity_base = 0xfffbc000;
@@ -2314,6 +2352,17 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
}
}
+ has_msr_filtering = kvm_check_extension(s, KVM_CAP_X86_USER_SPACE_MSR) &&
+ kvm_check_extension(s, KVM_CAP_X86_MSR_FILTER);
+ if (has_msr_filtering) {
+ ret = kvm_vm_enable_cap(s, KVM_CAP_X86_USER_SPACE_MSR, 0,
+ KVM_MSR_EXIT_REASON_FILTER);
+ if (ret == 0) {
+ ret = kvm_set_msr_filters(s);
+ msr_filters_active = (ret == 0);
+ }
+ }
+
return 0;
}
@@ -4587,6 +4636,18 @@ static bool host_supports_vmx(void)
return ecx & CPUID_EXT_VMX;
}
+static int kvm_handle_rdmsr(X86CPU *cpu, struct kvm_run *run)
+{
+ run->msr.error = 1;
+ return 0;
+}
+
+static int kvm_handle_wrmsr(X86CPU *cpu, struct kvm_run *run)
+{
+ run->msr.error = 1;
+ return 0;
+}
+
#define VMX_INVALID_GUEST_STATE 0x80000021
int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
@@ -4645,6 +4706,12 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
ioapic_eoi_broadcast(run->eoi.vector);
ret = 0;
break;
+ case KVM_EXIT_X86_RDMSR:
+ ret = kvm_handle_rdmsr(cpu, run);
+ break;
+ case KVM_EXIT_X86_WRMSR:
+ ret = kvm_handle_wrmsr(cpu, run);
+ break;
default:
fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason);
ret = -1;
--
2.17.1
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
next prev parent reply other threads:[~2021-06-25 10:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-25 10:14 [PATCH v2 0/6] Handle hypercall code overlay page in userspace Siddharth Chandrasekaran
2021-06-25 10:14 ` [PATCH v2 1/6] hyper-v: Overlay abstraction for synic event and msg pages Siddharth Chandrasekaran
2021-06-25 10:14 ` [PATCH v2 2/6] hyper-v: Use -1 as invalid overlay address Siddharth Chandrasekaran
2021-06-25 10:14 ` [PATCH v2 3/6] kvm/i386: Stop using cpu->kvm_msr_buf in kvm_put_one_msr() Siddharth Chandrasekaran
2021-06-25 10:23 ` [PATCH v2 4/6] kvm/i386: Avoid multiple calls to check_extension(KVM_CAP_HYPERV) Siddharth Chandrasekaran
2021-06-25 10:23 ` Siddharth Chandrasekaran [this message]
2021-06-25 10:23 ` [PATCH v2 6/6] hyper-v: Handle hypercall code page as an overlay page Siddharth Chandrasekaran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=678fba871629cc645cfe5b95292327cd8ae3e61f.1624615713.git.sidcha@amazon.de \
--to=sidcha@amazon.de \
--cc=eyakovl@amazon.de \
--cc=graf@amazon.com \
--cc=iaslan@amazon.de \
--cc=kvm@vger.kernel.org \
--cc=liran@amazon.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sidcha.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).