| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <66b51c39db37c5e5b9d922ecb8275f8cda369d3e.camel@redhat.com>
Date: Fri, 25 Feb 2022 16:09:57 +0200
From: Maxim Levitsky <mlevitsk@...hat.com>
To: Zeng Guang <guang.zeng@...el.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
Dave Hansen <dave.hansen@...ux.intel.com>,
Tony Luck <tony.luck@...el.com>,
Kan Liang <kan.liang@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Kim Phillips <kim.phillips@....com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Jethro Beekman <jethro@...tanix.com>,
Kai Huang <kai.huang@...el.com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
Robert Hu <robert.hu@...el.com>, Gao Chao <chao.gao@...el.com>,
Robert Hoo <robert.hu@...ux.intel.com>
Subject: Re: [PATCH v6 1/9] x86/cpu: Add new VMX feature, Tertiary
VM-Execution control
On Fri, 2022-02-25 at 16:22 +0800, Zeng Guang wrote:
> From: Robert Hoo <robert.hu@...ux.intel.com>
>
> A new 64-bit control field "tertiary processor-based VM-execution
> controls", is defined [1]. It's controlled by bit 17 of the primary
> processor-based VM-execution controls.
>
> Different from its brother VM-execution fields, this tertiary VM-
> execution controls field is 64 bit. So it occupies 2 vmx_feature_leafs,
> TERTIARY_CTLS_LOW and TERTIARY_CTLS_HIGH.
>
> Its companion VMX capability reporting MSR,MSR_IA32_VMX_PROCBASED_CTLS3
> (0x492), is also semantically different from its brothers, whose 64 bits
> consist of all allow-1, rather than 32-bit allow-0 and 32-bit allow-1 [1][2].
> Therefore, its init_vmx_capabilities() is a little different from others.
>
> [1] ISE 6.2 "VMCS Changes"
> https://www.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html
>
> [2] SDM Vol3. Appendix A.3
>
> Signed-off-by: Robert Hoo <robert.hu@...ux.intel.com>
> Signed-off-by: Zeng Guang <guang.zeng@...el.com>
> Reviewed-by: Sean Christopherson <seanjc@...gle.com>
> ---
> arch/x86/include/asm/msr-index.h | 1 +
> arch/x86/include/asm/vmxfeatures.h | 3 ++-
> arch/x86/kernel/cpu/feat_ctl.c | 9 ++++++++-
> 3 files changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
> index 3faf0f97edb1..1d180f883c32 100644
> --- a/arch/x86/include/asm/msr-index.h
> +++ b/arch/x86/include/asm/msr-index.h
> @@ -938,6 +938,7 @@
> #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x0000048f
> #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x00000490
> #define MSR_IA32_VMX_VMFUNC 0x00000491
> +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x00000492
>
> /* VMX_BASIC bits and bitmasks */
> #define VMX_BASIC_VMCS_SIZE_SHIFT 32
> diff --git a/arch/x86/include/asm/vmxfeatures.h b/arch/x86/include/asm/vmxfeatures.h
> index d9a74681a77d..ff20776dc83b 100644
> --- a/arch/x86/include/asm/vmxfeatures.h
> +++ b/arch/x86/include/asm/vmxfeatures.h
> @@ -5,7 +5,7 @@
> /*
> * Defines VMX CPU feature bits
> */
> -#define NVMXINTS 3 /* N 32-bit words worth of info */
> +#define NVMXINTS 5 /* N 32-bit words worth of info */
>
> /*
> * Note: If the comment begins with a quoted string, that string is used
> @@ -43,6 +43,7 @@
> #define VMX_FEATURE_RDTSC_EXITING ( 1*32+ 12) /* "" VM-Exit on RDTSC */
> #define VMX_FEATURE_CR3_LOAD_EXITING ( 1*32+ 15) /* "" VM-Exit on writes to CR3 */
> #define VMX_FEATURE_CR3_STORE_EXITING ( 1*32+ 16) /* "" VM-Exit on reads from CR3 */
> +#define VMX_FEATURE_TERTIARY_CONTROLS ( 1*32+ 17) /* "" Enable Tertiary VM-Execution Controls */
> #define VMX_FEATURE_CR8_LOAD_EXITING ( 1*32+ 19) /* "" VM-Exit on writes to CR8 */
> #define VMX_FEATURE_CR8_STORE_EXITING ( 1*32+ 20) /* "" VM-Exit on reads from CR8 */
> #define VMX_FEATURE_VIRTUAL_TPR ( 1*32+ 21) /* "vtpr" TPR virtualization, a.k.a. TPR shadow */
> diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
> index da696eb4821a..993697e71854 100644
> --- a/arch/x86/kernel/cpu/feat_ctl.c
> +++ b/arch/x86/kernel/cpu/feat_ctl.c
> @@ -15,6 +15,8 @@ enum vmx_feature_leafs {
> MISC_FEATURES = 0,
> PRIMARY_CTLS,
> SECONDARY_CTLS,
> + TERTIARY_CTLS_LOW,
> + TERTIARY_CTLS_HIGH,
> NR_VMX_FEATURE_WORDS,
> };
>
> @@ -22,7 +24,7 @@ enum vmx_feature_leafs {
>
> static void init_vmx_capabilities(struct cpuinfo_x86 *c)
> {
> - u32 supported, funcs, ept, vpid, ign;
> + u32 supported, funcs, ept, vpid, ign, low, high;
>
> BUILD_BUG_ON(NVMXINTS != NR_VMX_FEATURE_WORDS);
>
> @@ -42,6 +44,11 @@ static void init_vmx_capabilities(struct cpuinfo_x86 *c)
> rdmsr_safe(MSR_IA32_VMX_PROCBASED_CTLS2, &ign, &supported);
> c->vmx_capability[SECONDARY_CTLS] = supported;
>
> + /* All 64 bits of tertiary controls MSR are allowed-1 settings. */
> + rdmsr_safe(MSR_IA32_VMX_PROCBASED_CTLS3, &low, &high);
> + c->vmx_capability[TERTIARY_CTLS_LOW] = low;
> + c->vmx_capability[TERTIARY_CTLS_HIGH] = high;
> +
> rdmsr(MSR_IA32_VMX_PINBASED_CTLS, ign, supported);
> rdmsr_safe(MSR_IA32_VMX_VMFUNC, &ign, &funcs);
>
Reviewed-by: Maxim Levitsky <mlevitsk@...hat.com>
Best regards,
Maxim Levitsky
Powered by blists - more mailing lists