lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 1 Apr 2020 14:11:41 +0800
From:   kbuild test robot <lkp@...el.com>
To:     Yang Weijiang <weijiang.yang@...el.com>
Cc:     kbuild-all@...ts.01.org, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, pbonzini@...hat.com,
        sean.j.christopherson@...el.com, jmattson@...gle.com
Subject: Re: [PATCH v11 8/9] KVM: VMX: Enable CET support for nested VM

Hi Yang,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on kvm/linux-next]
[also build test ERROR on next-20200331]
[cannot apply to vhost/linux-next tip/auto-latest linus/master linux/master v5.6]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]

url:    https://github.com/0day-ci/linux/commits/Yang-Weijiang/Introduce-support-for-guest-CET-feature/20200327-040801
base:   https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next
config: i386-allyesconfig (attached as .config)
compiler: gcc-7 (Debian 7.4.0-6) 7.4.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=i386 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@...el.com>

All errors (new ones prefixed by >>):

   arch/x86/kvm/vmx/nested.c: In function 'nested_vmx_prepare_msr_bitmap':
>> arch/x86/kvm/vmx/nested.c:630:39: error: 'MSR_IA32_U_CET' undeclared (first use in this function); did you mean 'MSR_IA32_TSC'?
     if (!msr_write_intercepted_l01(vcpu, MSR_IA32_U_CET))
                                          ^~~~~~~~~~~~~~
                                          MSR_IA32_TSC
   arch/x86/kvm/vmx/nested.c:630:39: note: each undeclared identifier is reported only once for each function it appears in
>> arch/x86/kvm/vmx/nested.c:635:39: error: 'MSR_IA32_PL3_SSP' undeclared (first use in this function); did you mean 'MSR_IA32_MCG_ESP'?
     if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL3_SSP))
                                          ^~~~~~~~~~~~~~~~
                                          MSR_IA32_MCG_ESP
>> arch/x86/kvm/vmx/nested.c:640:39: error: 'MSR_IA32_S_CET' undeclared (first use in this function); did you mean 'MSR_IA32_U_CET'?
     if (!msr_write_intercepted_l01(vcpu, MSR_IA32_S_CET))
                                          ^~~~~~~~~~~~~~
                                          MSR_IA32_U_CET
>> arch/x86/kvm/vmx/nested.c:645:39: error: 'MSR_IA32_PL0_SSP' undeclared (first use in this function); did you mean 'MSR_IA32_PL3_SSP'?
     if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL0_SSP))
                                          ^~~~~~~~~~~~~~~~
                                          MSR_IA32_PL3_SSP
>> arch/x86/kvm/vmx/nested.c:650:39: error: 'MSR_IA32_PL1_SSP' undeclared (first use in this function); did you mean 'MSR_IA32_PL0_SSP'?
     if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL1_SSP))
                                          ^~~~~~~~~~~~~~~~
                                          MSR_IA32_PL0_SSP
>> arch/x86/kvm/vmx/nested.c:655:39: error: 'MSR_IA32_PL2_SSP' undeclared (first use in this function); did you mean 'MSR_IA32_PL1_SSP'?
     if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL2_SSP))
                                          ^~~~~~~~~~~~~~~~
                                          MSR_IA32_PL1_SSP
>> arch/x86/kvm/vmx/nested.c:660:39: error: 'MSR_IA32_INT_SSP_TAB' undeclared (first use in this function); did you mean 'MSR_IA32_PL2_SSP'?
     if (!msr_write_intercepted_l01(vcpu, MSR_IA32_INT_SSP_TAB))
                                          ^~~~~~~~~~~~~~~~~~~~
                                          MSR_IA32_PL2_SSP

vim +630 arch/x86/kvm/vmx/nested.c

   557	
   558	/*
   559	 * Merge L0's and L1's MSR bitmap, return false to indicate that
   560	 * we do not use the hardware.
   561	 */
   562	static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu,
   563							 struct vmcs12 *vmcs12)
   564	{
   565		int msr;
   566		unsigned long *msr_bitmap_l1;
   567		unsigned long *msr_bitmap_l0 = to_vmx(vcpu)->nested.vmcs02.msr_bitmap;
   568		struct kvm_host_map *map = &to_vmx(vcpu)->nested.msr_bitmap_map;
   569	
   570		/* Nothing to do if the MSR bitmap is not in use.  */
   571		if (!cpu_has_vmx_msr_bitmap() ||
   572		    !nested_cpu_has(vmcs12, CPU_BASED_USE_MSR_BITMAPS))
   573			return false;
   574	
   575		if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->msr_bitmap), map))
   576			return false;
   577	
   578		msr_bitmap_l1 = (unsigned long *)map->hva;
   579	
   580		/*
   581		 * To keep the control flow simple, pay eight 8-byte writes (sixteen
   582		 * 4-byte writes on 32-bit systems) up front to enable intercepts for
   583		 * the x2APIC MSR range and selectively disable them below.
   584		 */
   585		enable_x2apic_msr_intercepts(msr_bitmap_l0);
   586	
   587		if (nested_cpu_has_virt_x2apic_mode(vmcs12)) {
   588			if (nested_cpu_has_apic_reg_virt(vmcs12)) {
   589				/*
   590				 * L0 need not intercept reads for MSRs between 0x800
   591				 * and 0x8ff, it just lets the processor take the value
   592				 * from the virtual-APIC page; take those 256 bits
   593				 * directly from the L1 bitmap.
   594				 */
   595				for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) {
   596					unsigned word = msr / BITS_PER_LONG;
   597	
   598					msr_bitmap_l0[word] = msr_bitmap_l1[word];
   599				}
   600			}
   601	
   602			nested_vmx_disable_intercept_for_msr(
   603				msr_bitmap_l1, msr_bitmap_l0,
   604				X2APIC_MSR(APIC_TASKPRI),
   605				MSR_TYPE_R | MSR_TYPE_W);
   606	
   607			if (nested_cpu_has_vid(vmcs12)) {
   608				nested_vmx_disable_intercept_for_msr(
   609					msr_bitmap_l1, msr_bitmap_l0,
   610					X2APIC_MSR(APIC_EOI),
   611					MSR_TYPE_W);
   612				nested_vmx_disable_intercept_for_msr(
   613					msr_bitmap_l1, msr_bitmap_l0,
   614					X2APIC_MSR(APIC_SELF_IPI),
   615					MSR_TYPE_W);
   616			}
   617		}
   618	
   619		/* KVM unconditionally exposes the FS/GS base MSRs to L1. */
   620		nested_vmx_disable_intercept_for_msr(msr_bitmap_l1, msr_bitmap_l0,
   621						     MSR_FS_BASE, MSR_TYPE_RW);
   622	
   623		nested_vmx_disable_intercept_for_msr(msr_bitmap_l1, msr_bitmap_l0,
   624						     MSR_GS_BASE, MSR_TYPE_RW);
   625	
   626		nested_vmx_disable_intercept_for_msr(msr_bitmap_l1, msr_bitmap_l0,
   627						     MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
   628	
   629		/* Pass CET MSRs to nested VM if L0 and L1 are set to pass-through. */
 > 630		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_U_CET))
   631			nested_vmx_disable_intercept_for_msr(
   632						msr_bitmap_l1, msr_bitmap_l0,
   633						MSR_IA32_U_CET, MSR_TYPE_RW);
   634	
 > 635		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL3_SSP))
   636			nested_vmx_disable_intercept_for_msr(
   637						msr_bitmap_l1, msr_bitmap_l0,
   638						MSR_IA32_PL3_SSP, MSR_TYPE_RW);
   639	
 > 640		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_S_CET))
   641			nested_vmx_disable_intercept_for_msr(
   642						msr_bitmap_l1, msr_bitmap_l0,
   643						MSR_IA32_S_CET, MSR_TYPE_RW);
   644	
 > 645		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL0_SSP))
   646			nested_vmx_disable_intercept_for_msr(
   647						msr_bitmap_l1, msr_bitmap_l0,
   648						MSR_IA32_PL0_SSP, MSR_TYPE_RW);
   649	
 > 650		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL1_SSP))
   651			nested_vmx_disable_intercept_for_msr(
   652						msr_bitmap_l1, msr_bitmap_l0,
   653						MSR_IA32_PL1_SSP, MSR_TYPE_RW);
   654	
 > 655		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL2_SSP))
   656			nested_vmx_disable_intercept_for_msr(
   657						msr_bitmap_l1, msr_bitmap_l0,
   658						MSR_IA32_PL2_SSP, MSR_TYPE_RW);
   659	
 > 660		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_INT_SSP_TAB))
   661			nested_vmx_disable_intercept_for_msr(
   662						msr_bitmap_l1, msr_bitmap_l0,
   663						MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW);
   664		/*
   665		 * Checking the L0->L1 bitmap is trying to verify two things:
   666		 *
   667		 * 1. L0 gave a permission to L1 to actually passthrough the MSR. This
   668		 *    ensures that we do not accidentally generate an L02 MSR bitmap
   669		 *    from the L12 MSR bitmap that is too permissive.
   670		 * 2. That L1 or L2s have actually used the MSR. This avoids
   671		 *    unnecessarily merging of the bitmap if the MSR is unused. This
   672		 *    works properly because we only update the L01 MSR bitmap lazily.
   673		 *    So even if L0 should pass L1 these MSRs, the L01 bitmap is only
   674		 *    updated to reflect this when L1 (or its L2s) actually write to
   675		 *    the MSR.
   676		 */
   677		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_SPEC_CTRL))
   678			nested_vmx_disable_intercept_for_msr(
   679						msr_bitmap_l1, msr_bitmap_l0,
   680						MSR_IA32_SPEC_CTRL,
   681						MSR_TYPE_R | MSR_TYPE_W);
   682	
   683		if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PRED_CMD))
   684			nested_vmx_disable_intercept_for_msr(
   685						msr_bitmap_l1, msr_bitmap_l0,
   686						MSR_IA32_PRED_CMD,
   687						MSR_TYPE_W);
   688	
   689		kvm_vcpu_unmap(vcpu, &to_vmx(vcpu)->nested.msr_bitmap_map, false);
   690	
   691		return true;
   692	}
   693	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (71686 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ