From patchwork Thu Aug 29 17:06:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Rafael David Tinoco X-Patchwork-Id: 1155425 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ubuntu.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46K8G74mXPz9sMr; Fri, 30 Aug 2019 03:08:47 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1i3Nua-0003Oo-8M; Thu, 29 Aug 2019 17:08:40 +0000 Received: from mail-qk1-f194.google.com ([209.85.222.194]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1i3NuX-0003Oc-Nc for kernel-team@lists.ubuntu.com; Thu, 29 Aug 2019 17:08:37 +0000 Received: by mail-qk1-f194.google.com with SMTP id g17so3599957qkk.8 for ; Thu, 29 Aug 2019 10:08:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=+ye8W7grs9iB7b0wexFcQuHvtntuljF73wUp/4eYKhE=; b=VAk/0IH1GUr85nDbI62q3EGIu8QY5Jfz5iF6P+fjopqcqMJTovzJCnrB/3OKhp7czY sVwpuXyUmM0EN4PN36D/Xp06+IIv/nWvud1lR3hyQKnBnZ0zH/cm8xy0HRSDvYSO8rfp bgtUImcl3BrjY/3DHNbceuei2k4EwpUEyuFORXpc7iM06ieFqoECEMoqYobelEJnQoCl T5Cks4P3Mfb0GixjRFFSZREM7whyv2NQ99xrw8aarc/tdzmOTYCu6D6aylY39qeX0LOO on/UaEsV1f4BBfaPecC5HDUvD9m1GBhFiaJR9n0XpDZFFW/pEme5sBPUaVhdXZLhd7jq Nzcw== X-Gm-Message-State: APjAAAXkuKPNbFvyIDEYLLObb634e5UEeRXKyK4oRXq4mjdYc9B4LgHD KvQer4YRONKw82Z0OyvpZVrtoh+EqMQ= X-Google-Smtp-Source: APXvYqz+ezJMWdyzLZO2KGma06udPpIV5yQ2xICKGJZgeDUHQuqhpB3lpI4CyB6o4V6hWrKhcr/DXw== X-Received: by 2002:a37:445:: with SMTP id 66mr10375430qke.156.1567098516609; Thu, 29 Aug 2019 10:08:36 -0700 (PDT) Received: from localhost.localdomain ([177.220.172.142]) by smtp.gmail.com with ESMTPSA id a4sm2366226qtb.17.2019.08.29.10.08.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Aug 2019 10:08:36 -0700 (PDT) From: Rafael David Tinoco To: kernel-team@lists.ubuntu.com Subject: [PATCH 1/2][Bionic] KVM: SVM: install RSM intercept Date: Thu, 29 Aug 2019 14:06:57 -0300 Message-Id: <20190829170658.16739-1-rafaeldtinoco@ubuntu.com> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Brijesh Singh BugLink: https://bugs.launchpad.net/bugs/1834522 RSM instruction is used by the SMM handler to return from SMM mode. Currently, rsm causes a #UD - which results in instruction fetch, decode, and emulate. By installing the RSM intercept we can avoid the instruction fetch since we know that #VMEXIT was due to rsm. The patch is required for the SEV guest, because in case of SEV guest memory is encrypted with guest-specific key and hypervisor will not able to fetch the instruction bytes from the guest memory. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Signed-off-by: Brijesh Singh Signed-off-by: Paolo Bonzini (cherry-picked from commit 7607b7174405aec7441ff6c970833c463114040a) Signed-off-by: Rafael David Tinoco Acked-by: Thadeu Lima de Souza Cascardo Acked-by: Kleber Sacilotto de Souza --- arch/x86/kvm/svm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 72765bbac9f1..538ca5446cfd 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -298,6 +298,8 @@ module_param(vls, int, 0444); static int vgif = true; module_param(vgif, int, 0444); +static u8 rsm_ins_bytes[] = "\x0f\xaa"; + static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); static void svm_flush_tlb(struct kvm_vcpu *vcpu); static void svm_complete_interrupts(struct vcpu_svm *svm); @@ -1292,6 +1294,7 @@ static void init_vmcb(struct vcpu_svm *svm) set_intercept(svm, INTERCEPT_SKINIT); set_intercept(svm, INTERCEPT_WBINVD); set_intercept(svm, INTERCEPT_XSETBV); + set_intercept(svm, INTERCEPT_RSM); if (!kvm_mwait_in_guest()) { set_intercept(svm, INTERCEPT_MONITOR); @@ -3441,6 +3444,12 @@ static int emulate_on_interception(struct vcpu_svm *svm) return emulate_instruction(&svm->vcpu, 0) == EMULATE_DONE; } +static int rsm_interception(struct vcpu_svm *svm) +{ + return x86_emulate_instruction(&svm->vcpu, 0, 0, + rsm_ins_bytes, 2) == EMULATE_DONE; +} + static int rdpmc_interception(struct vcpu_svm *svm) { int err; @@ -4327,7 +4336,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { [SVM_EXIT_MWAIT] = mwait_interception, [SVM_EXIT_XSETBV] = xsetbv_interception, [SVM_EXIT_NPF] = npf_interception, - [SVM_EXIT_RSM] = emulate_on_interception, + [SVM_EXIT_RSM] = rsm_interception, [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception, [SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception, };