Re: [PATCH v5 16/17] KVM: x86: nSVM: always intercept x2apic msrs

From: Maxim Levitsky
Date: Wed May 18 2022 - 13:27:54 EST

Next message: Kirill A. Shutemov: "Re: [RFCv2 08/10] x86/mm: Make LAM_U48 and mappings above 47-bits mutually exclusive"
Previous message: Stephen Boyd: "[PATCH] arm64: dts: qcom: sc7180-trogdor: Split out keyboard node and describe detachables"
In reply to: Maxim Levitsky: "Re: [PATCH v5 16/17] KVM: x86: nSVM: always intercept x2apic msrs"
Next in thread: Suravee Suthikulpanit: "Re: [PATCH v5 16/17] KVM: x86: nSVM: always intercept x2apic msrs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2022-05-18 at 20:18 +0300, Maxim Levitsky wrote:
> On Wed, 2022-05-18 at 11:26 -0500, Suravee Suthikulpanit wrote:
> > From: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
> >
> > As a preparation for x2avic, this patch ensures that x2apic msrs
> > are always intercepted for the nested guest.
> >
> > Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
> > Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
> > Signed-off-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
> > ---
> > arch/x86/kvm/svm/nested.c | 5 +++++
> > arch/x86/kvm/svm/svm.h | 9 +++++++++
> > 2 files changed, 14 insertions(+)
> >
> > diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> > index f209c1ca540c..b61f8939c210 100644
> > --- a/arch/x86/kvm/svm/nested.c
> > +++ b/arch/x86/kvm/svm/nested.c
> > @@ -230,6 +230,11 @@ static bool nested_svm_vmrun_msrpm(struct vcpu_svm *svm)
> > break;
> >
> > p = msrpm_offsets[i];
> > +
> > + /* x2apic msrs are intercepted always for the nested guest */
> > + if (is_x2apic_msrpm_offset(p))
> > + continue;
> > +
> > offset = svm->nested.ctl.msrpm_base_pa + (p * 4);
> >
> > if (kvm_vcpu_read_guest(&svm->vcpu, offset, &value, 4))
> > diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> > index 818817b11f53..309445619756 100644
> > --- a/arch/x86/kvm/svm/svm.h
> > +++ b/arch/x86/kvm/svm/svm.h
> > @@ -517,6 +517,15 @@ static inline bool nested_npt_enabled(struct vcpu_svm *svm)
> > return svm->nested.ctl.nested_ctl & SVM_NESTED_CTL_NP_ENABLE;
> > }
> >
> > +static inline bool is_x2apic_msrpm_offset(u32 offset)
> > +{
> > + /* 4 msrs per u8, and 4 u8 in u32 */
> > + u32 msr = offset * 16;
> > +
> > + return (msr >= APIC_BASE_MSR) &&
> > + (msr < (APIC_BASE_MSR + 0x100));
> > +}
> > +
> > /* svm.c */
> > #define MSR_INVALID 0xffffffffU
> >
>
> Just one thing, this patch should be earlier in the series (or even first one),
> to avoid having a commit window where the problem exists, where malicious
> L1 can get access to L0's apic msrs this way.
>
> Best regards,
> Maxim Levitsky

Besides this, I guess I currently don't see anything else seriously wrong with this patch
series.

Hopefully I didn't miss anything serious.

Best regards,
Maxim Levitsky

Next message: Kirill A. Shutemov: "Re: [RFCv2 08/10] x86/mm: Make LAM_U48 and mappings above 47-bits mutually exclusive"
Previous message: Stephen Boyd: "[PATCH] arm64: dts: qcom: sc7180-trogdor: Split out keyboard node and describe detachables"
In reply to: Maxim Levitsky: "Re: [PATCH v5 16/17] KVM: x86: nSVM: always intercept x2apic msrs"
Next in thread: Suravee Suthikulpanit: "Re: [PATCH v5 16/17] KVM: x86: nSVM: always intercept x2apic msrs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]