[PATCH v3 05/22] kvm: x86: Check permitted dynamic xfeatures at KVM_SET_CPUID2

From: Jing Liu
Date: Wed Dec 22 2021 - 07:41:08 EST

Next message: Jing Liu: "[PATCH v3 04/22] kvm: x86: Exclude unpermitted xfeatures at KVM_GET_SUPPORTED_CPUID"
Previous message: Jing Liu: "[PATCH v3 03/22] kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule"
In reply to: Jing Liu: "[PATCH v3 03/22] kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule"
Next in thread: Jing Liu: "[PATCH v3 04/22] kvm: x86: Exclude unpermitted xfeatures at KVM_GET_SUPPORTED_CPUID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Guest xstate permissions should be set by userspace VMM before vcpu
creation. Extend KVM_SET_CPUID2 to verify that every feature reported
in CPUID[0xD] has proper permission set.

Signed-off-by: Jing Liu <jing2.liu@xxxxxxxxx>
---
arch/x86/kvm/cpuid.c | 36 ++++++++++++++++++++++++------------
1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 4855344091b8..a068373a7fbd 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -81,7 +81,9 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_find(
return NULL;
}

-static int kvm_check_cpuid(struct kvm_cpuid_entry2 *entries, int nent)
+static int kvm_check_cpuid(struct kvm_vcpu *vcpu,
+ struct kvm_cpuid_entry2 *entries,
+ int nent)
{
struct kvm_cpuid_entry2 *best;

@@ -97,6 +99,16 @@ static int kvm_check_cpuid(struct kvm_cpuid_entry2 *entries, int nent)
return -EINVAL;
}

+ /* Check guest permissions for dynamically-enabled xfeatures */
+ best = cpuid_entry2_find(entries, nent, 0xd, 0);
+ if (best) {
+ u64 xfeatures;
+
+ xfeatures = best->eax | ((u64)best->edx << 32);
+ if (xfeatures & ~vcpu->arch.guest_fpu.perm)
+ return -ENXIO;
+ }
+
return 0;
}

@@ -277,21 +289,21 @@ u64 kvm_vcpu_reserved_gpa_bits_raw(struct kvm_vcpu *vcpu)
static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e2,
int nent)
{
- int r;
+ int r;

- r = kvm_check_cpuid(e2, nent);
- if (r)
- return r;
+ r = kvm_check_cpuid(vcpu, e2, nent);
+ if (r)
+ return r;

- kvfree(vcpu->arch.cpuid_entries);
- vcpu->arch.cpuid_entries = e2;
- vcpu->arch.cpuid_nent = nent;
+ kvfree(vcpu->arch.cpuid_entries);
+ vcpu->arch.cpuid_entries = e2;
+ vcpu->arch.cpuid_nent = nent;

- kvm_update_kvm_cpuid_base(vcpu);
- kvm_update_cpuid_runtime(vcpu);
- kvm_vcpu_after_set_cpuid(vcpu);
+ kvm_update_kvm_cpuid_base(vcpu);
+ kvm_update_cpuid_runtime(vcpu);
+ kvm_vcpu_after_set_cpuid(vcpu);

- return 0;
+ return 0;
}

/* when an old userspace process fills a new kernel module */
--
2.27.0

Next message: Jing Liu: "[PATCH v3 04/22] kvm: x86: Exclude unpermitted xfeatures at KVM_GET_SUPPORTED_CPUID"
Previous message: Jing Liu: "[PATCH v3 03/22] kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule"
In reply to: Jing Liu: "[PATCH v3 03/22] kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule"
Next in thread: Jing Liu: "[PATCH v3 04/22] kvm: x86: Exclude unpermitted xfeatures at KVM_GET_SUPPORTED_CPUID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]