| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Oct 2023 10:59:05 -0700
From: Xin Li <xin@...or.com>
To: "Huang, Kai" <kai.huang@...el.com>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Cc: "Yang, Weijiang" <weijiang.yang@...el.com>,
"Christopherson,, Sean" <seanjc@...gle.com>,
"x86@...nel.org" <x86@...nel.org>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"hpa@...or.com" <hpa@...or.com>,
"mingo@...hat.com" <mingo@...hat.com>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"bp@...en8.de" <bp@...en8.de>,
"pbonzini@...hat.com" <pbonzini@...hat.com>
Subject: Re: [PATCH v2 1/2] KVM: VMX: Cleanup VMX basic information defines
and usages
On 10/27/2023 2:29 AM, Huang, Kai wrote:
>
>>
>> +/* VMX_BASIC bits and bitmasks */
>> +#define VMX_BASIC_32BIT_PHYS_ADDR_ONLY BIT_ULL(48)
>> +#define VMX_BASIC_MEM_TYPE_WB 6LLU
>
> Strictly speaking, VMX_BASIC_MEM_TYPE_MB isn't any bit definition or bitmasks of
> VMX_BASIC MSR. So perhaps better to put it somewhere under separately.
Actually you reminded me that the memory type WB is architectural on
x86, but I can't find it defined in a common x86 header.
We also have:
#define VMX_EPTP_MT_WB 0x6ull
which is simply redundant if we have a common definition MEMTYPE_WB.
>
>> +#define VMX_BASIC_INOUT BIT_ULL(54)
>> +
>> +/* VMX_MISC bits and bitmasks */
>
> Your next patch is to "Cleanup VMX misc information defines and usages", so I
> guess it's better to move any VMX_MISC related change to that patch.
ah, you're right.
>
>> #define VMX_MISC_PREEMPTION_TIMER_RATE_MASK 0x0000001f
>> #define VMX_MISC_SAVE_EFER_LMA 0x00000020
>> #define VMX_MISC_ACTIVITY_HLT 0x00000040
>> @@ -143,6 +149,16 @@ static inline u32 vmx_basic_vmcs_size(u64 vmx_basic)
>> return (vmx_basic & GENMASK_ULL(44, 32)) >> 32;
>> }
>>
>> +static inline u32 vmx_basic_vmcs_basic_cap(u64 vmx_basic)
>> +{
>> + return (vmx_basic & GENMASK_ULL(63, 45)) >> 32;
>> +}
>> +
>> +static inline u32 vmx_basic_vmcs_mem_type(u64 vmx_basic)
>> +{
>> + return (vmx_basic & GENMASK_ULL(53, 50)) >> 50;
>> +}
>> +
>> static inline int vmx_misc_preemption_timer_rate(u64 vmx_misc)
>> {
>> return vmx_misc & VMX_MISC_PREEMPTION_TIMER_RATE_MASK;
>> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
>> index 4ba46e1b29d2..274d480d9071 100644
>> --- a/arch/x86/kvm/vmx/nested.c
>> +++ b/arch/x86/kvm/vmx/nested.c
>> @@ -1201,23 +1201,34 @@ static bool is_bitwise_subset(u64 superset, u64 subset, u64 mask)
>> return (superset | subset) == superset;
>> }
>>
>> +#define VMX_BASIC_VMCS_SIZE_SHIFT 32
>> +#define VMX_BASIC_DUAL_MONITOR_TREATMENT BIT_ULL(49)
>> +#define VMX_BASIC_MEM_TYPE_SHIFT 50
>> +#define VMX_BASIC_TRUE_CTLS BIT_ULL(55)
>
> If I am reading correctly, the two "*_SHIFT" above are not used? The above
> vmx_basic_vmcs_mem_type() and vmx_basic_vmcs_basic_cap() use hard-coded values
> directly.
The 2 shift macros are needed in arch/x86/kvm/vmx/nested.c.
>
> And How about moving all these bit/mask definitions to <asm/vmx.h> above?
>
> It's better they stay together for better readability.
Sean kind of prefers to keep the macros close to code that uses it,
unless they are used somewhere else.
>
>> +
>> +#define VMX_BASIC_FEATURES_MASK \
>> + (VMX_BASIC_DUAL_MONITOR_TREATMENT | \
>> + VMX_BASIC_INOUT | \
>> + VMX_BASIC_TRUE_CTLS)
>> +
>> +#define VMX_BASIC_RESERVED_BITS \
>> + (GENMASK_ULL(63, 56) | GENMASK_ULL(47, 45) | BIT_ULL(31))
>> +
>
> Also move these to <asm/vmx.h>?
>
>> static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data)
>> {
>> - const u64 feature_and_reserved =
>> - /* feature (except bit 48; see below) */
>> - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) |
>> - /* reserved */
>> - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56);
>> u64 vmx_basic = vmcs_config.nested.basic;
>>
>> - if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved))
>> + static_assert(!(VMX_BASIC_FEATURES_MASK & VMX_BASIC_RESERVED_BITS));
>> +
>> + if (!is_bitwise_subset(vmx_basic, data,
>> + VMX_BASIC_FEATURES_MASK | VMX_BASIC_RESERVED_BITS))
>> return -EINVAL;
>>
>> /*
>> * KVM does not emulate a version of VMX that constrains physical
>> * addresses of VMX structures (e.g. VMCS) to 32-bits.
>> */
>> - if (data & BIT_ULL(48))
>> + if (data & VMX_BASIC_32BIT_PHYS_ADDR_ONLY)
>> return -EINVAL;
>>
>> if (vmx_basic_vmcs_revision_id(vmx_basic) !=
>> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
>> index 4c3a70f26b42..b68d54f6e9f8 100644
>> --- a/arch/x86/kvm/vmx/vmx.c
>> +++ b/arch/x86/kvm/vmx/vmx.c
>> @@ -2568,14 +2568,13 @@ static u64 adjust_vmx_controls64(u64 ctl_opt, u32 msr)
>> static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
>> struct vmx_capability *vmx_cap)
>> {
>> - u32 vmx_msr_low, vmx_msr_high;
>> u32 _pin_based_exec_control = 0;
>> u32 _cpu_based_exec_control = 0;
>> u32 _cpu_based_2nd_exec_control = 0;
>> u64 _cpu_based_3rd_exec_control = 0;
>> u32 _vmexit_control = 0;
>> u32 _vmentry_control = 0;
>> - u64 misc_msr;
>> + u64 vmx_basic;
>> int i;
>>
>> /*
>> @@ -2693,28 +2692,26 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
>> _vmexit_control &= ~x_ctrl;
>> }
>>
>> - rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high);
>> + rdmsrl(MSR_IA32_VMX_BASIC, vmx_basic);
>>
>> /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */
>> - if ((vmx_msr_high & 0x1fff) > PAGE_SIZE)
>> + if ((vmx_basic_vmcs_size(vmx_basic) > PAGE_SIZE))
>> return -EIO;
>>
>> #ifdef CONFIG_X86_64
>> /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */
>> - if (vmx_msr_high & (1u<<16))
>> + if (vmx_basic & VMX_BASIC_32BIT_PHYS_ADDR_ONLY)
>> return -EIO;
>> #endif
>>
>> /* Require Write-Back (WB) memory type for VMCS accesses. */
>> - if (((vmx_msr_high >> 18) & 15) != 6)
>> + if (vmx_basic_vmcs_mem_type(vmx_basic) != VMX_BASIC_MEM_TYPE_WB)
>> return -EIO;
>>
>> - rdmsrl(MSR_IA32_VMX_MISC, misc_msr);
>> -
>> - vmcs_conf->size = vmx_msr_high & 0x1fff;
>> - vmcs_conf->basic_cap = vmx_msr_high & ~0x1fff;
>> + vmcs_conf->size = vmx_basic_vmcs_size(vmx_basic);
>> + vmcs_conf->basic_cap = vmx_basic_vmcs_basic_cap(vmx_basic);
>>
>> - vmcs_conf->revision_id = vmx_msr_low;
>> + vmcs_conf->revision_id = vmx_basic_vmcs_revision_id(vmx_basic);
>
> I actually tried to do similar thing before, and Sean gave me below advice:
>
> Rather than do all of these weird dances, what about saving the
> full/raw
> MSR in the config, and then using the helpers to extract info as
> needed?
>
> https://lkml.kernel.org/kvm/20230330092149.101047-1-kai.huang@intel.com/T/#m4879a3c7e66ede7bfa568a25aea4f6e3778e6e34
>
> I agreed, but I has been too lazy to do this, sorry :-)
>
> So maybe we should still go with this approach?
Yes, this looks more consistent.
>
>>
>> vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control;
>> vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control;
>> @@ -2722,7 +2719,8 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
>> vmcs_conf->cpu_based_3rd_exec_ctrl = _cpu_based_3rd_exec_control;
>> vmcs_conf->vmexit_ctrl = _vmexit_control;
>> vmcs_conf->vmentry_ctrl = _vmentry_control;
>> - vmcs_conf->misc = misc_msr;
>> +
>> + rdmsrl(MSR_IA32_VMX_MISC, vmcs_conf->misc);
>
> Better to move VMX_MISC code to next patch I suppose.
I view it a bit different, but maybe your suggestion is better.
>
Thanks!
Xin
Powered by blists - more mailing lists