| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231108183003.5981-11-xin3.li@intel.com>
Date: Wed, 8 Nov 2023 10:29:50 -0800
From: Xin Li <xin3.li@...el.com>
To: kvm@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-hyperv@...r.kernel.org,
linux-kselftest@...r.kernel.org
Cc: seanjc@...gle.com, pbonzini@...hat.com, corbet@....net,
kys@...rosoft.com, haiyangz@...rosoft.com, wei.liu@...nel.org,
decui@...rosoft.com, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
hpa@...or.com, vkuznets@...hat.com, peterz@...radead.org,
ravi.v.shankar@...el.com
Subject: [PATCH v1 10/23] KVM: VMX: Add support for FRED context save/restore
Handle host initiated FRED MSR access requests to allow FRED context
to be set/get from user level.
During VM save/restore and live migration, FRED context needs to be
saved/restored, which requires FRED MSRs to be accessed from a user
level application, e.g., Qemu.
Note, handling of MSR_IA32_FRED_SSP0, i.e., MSR_IA32_PL0_SSP, is not
added yet, which needs to be aligned with KVM CET patch set.
Tested-by: Shan Kang <shan.kang@...el.com>
Signed-off-by: Xin Li <xin3.li@...el.com>
---
arch/x86/kvm/vmx/vmx.c | 72 ++++++++++++++++++++++++++++++++++++++++++
arch/x86/kvm/x86.c | 23 ++++++++++++++
2 files changed, 95 insertions(+)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index d00ab9d4c93e..58d01e845804 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1429,6 +1429,24 @@ static void vmx_write_guest_kernel_gs_base(struct vcpu_vmx *vmx, u64 data)
preempt_enable();
vmx->msr_guest_kernel_gs_base = data;
}
+
+static u64 vmx_read_guest_fred_rsp0(struct vcpu_vmx *vmx)
+{
+ preempt_disable();
+ if (vmx->guest_state_loaded)
+ vmx->msr_guest_fred_rsp0 = read_msr(MSR_IA32_FRED_RSP0);
+ preempt_enable();
+ return vmx->msr_guest_fred_rsp0;
+}
+
+static void vmx_write_guest_fred_rsp0(struct vcpu_vmx *vmx, u64 data)
+{
+ preempt_disable();
+ if (vmx->guest_state_loaded)
+ wrmsrl(MSR_IA32_FRED_RSP0, data);
+ preempt_enable();
+ vmx->msr_guest_fred_rsp0 = data;
+}
#endif
void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu,
@@ -2028,6 +2046,33 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
case MSR_KERNEL_GS_BASE:
msr_info->data = vmx_read_guest_kernel_gs_base(vmx);
break;
+ case MSR_IA32_FRED_RSP0:
+ msr_info->data = vmx_read_guest_fred_rsp0(vmx);
+ break;
+ case MSR_IA32_FRED_RSP1:
+ msr_info->data = vmcs_read64(GUEST_IA32_FRED_RSP1);
+ break;
+ case MSR_IA32_FRED_RSP2:
+ msr_info->data = vmcs_read64(GUEST_IA32_FRED_RSP2);
+ break;
+ case MSR_IA32_FRED_RSP3:
+ msr_info->data = vmcs_read64(GUEST_IA32_FRED_RSP3);
+ break;
+ case MSR_IA32_FRED_STKLVLS:
+ msr_info->data = vmcs_read64(GUEST_IA32_FRED_STKLVLS);
+ break;
+ case MSR_IA32_FRED_SSP1:
+ msr_info->data = vmcs_read64(GUEST_IA32_FRED_SSP1);
+ break;
+ case MSR_IA32_FRED_SSP2:
+ msr_info->data = vmcs_read64(GUEST_IA32_FRED_SSP2);
+ break;
+ case MSR_IA32_FRED_SSP3:
+ msr_info->data = vmcs_read64(GUEST_IA32_FRED_SSP3);
+ break;
+ case MSR_IA32_FRED_CONFIG:
+ msr_info->data = vmcs_read64(GUEST_IA32_FRED_CONFIG);
+ break;
#endif
case MSR_EFER:
return kvm_get_msr_common(vcpu, msr_info);
@@ -2233,6 +2278,33 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
vmx_update_exception_bitmap(vcpu);
}
break;
+ case MSR_IA32_FRED_RSP0:
+ vmx_write_guest_fred_rsp0(vmx, data);
+ break;
+ case MSR_IA32_FRED_RSP1:
+ vmcs_write64(GUEST_IA32_FRED_RSP1, data);
+ break;
+ case MSR_IA32_FRED_RSP2:
+ vmcs_write64(GUEST_IA32_FRED_RSP2, data);
+ break;
+ case MSR_IA32_FRED_RSP3:
+ vmcs_write64(GUEST_IA32_FRED_RSP3, data);
+ break;
+ case MSR_IA32_FRED_STKLVLS:
+ vmcs_write64(GUEST_IA32_FRED_STKLVLS, data);
+ break;
+ case MSR_IA32_FRED_SSP1:
+ vmcs_write64(GUEST_IA32_FRED_SSP1, data);
+ break;
+ case MSR_IA32_FRED_SSP2:
+ vmcs_write64(GUEST_IA32_FRED_SSP2, data);
+ break;
+ case MSR_IA32_FRED_SSP3:
+ vmcs_write64(GUEST_IA32_FRED_SSP3, data);
+ break;
+ case MSR_IA32_FRED_CONFIG:
+ vmcs_write64(GUEST_IA32_FRED_CONFIG, data);
+ break;
#endif
case MSR_IA32_SYSENTER_CS:
if (is_guest_mode(vcpu))
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 2c924075f6f1..c5a55810647f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1451,6 +1451,9 @@ static const u32 msrs_to_save_base[] = {
MSR_STAR,
#ifdef CONFIG_X86_64
MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
+ MSR_IA32_FRED_RSP0, MSR_IA32_FRED_RSP1, MSR_IA32_FRED_RSP2,
+ MSR_IA32_FRED_RSP3, MSR_IA32_FRED_STKLVLS, MSR_IA32_FRED_SSP1,
+ MSR_IA32_FRED_SSP2, MSR_IA32_FRED_SSP3, MSR_IA32_FRED_CONFIG,
#endif
MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA,
MSR_IA32_FEAT_CTL, MSR_IA32_BNDCFGS, MSR_TSC_AUX,
@@ -1890,6 +1893,16 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data,
data = (u32)data;
break;
+ case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG:
+ if (host_initiated || guest_cpuid_has(vcpu, X86_FEATURE_FRED))
+ break;
+
+ /*
+ * Inject #GP upon FRED MSRs accesses from a non-FRED guest to
+ * make sure no malicious guest can write to FRED MSRs thus to
+ * corrupt host FRED MSRs.
+ */
+ return 1;
}
msr.data = data;
@@ -1933,6 +1946,16 @@ int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data,
!guest_cpuid_has(vcpu, X86_FEATURE_RDPID))
return 1;
break;
+ case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG:
+ if (host_initiated || guest_cpuid_has(vcpu, X86_FEATURE_FRED))
+ break;
+
+ /*
+ * Inject #GP upon FRED MSRs accesses from a non-FRED guest to
+ * make sure no malicious guest can write to FRED MSRs thus to
+ * corrupt host FRED MSRs.
+ */
+ return 1;
}
msr.index = index;
--
2.42.0
Powered by blists - more mailing lists