Commit 338543cb authored by Chao Gao's avatar Chao Gao Committed by Sean Christopherson
Browse files

KVM: x86: Check XSS validity against guest CPUIDs 



Maintain per-guest valid XSS bits and check XSS validity against them
rather than against KVM capabilities. This is to prevent bits that are
supported by KVM but not supported for a guest from being set.

Opportunistically return KVM_MSR_RET_UNSUPPORTED on IA32_XSS MSR accesses
if guest CPUID doesn't enumerate X86_FEATURE_XSAVES. Since
KVM_MSR_RET_UNSUPPORTED takes care of host_initiated cases, drop the
host_initiated check.

Signed-off-by: default avatarChao Gao <chao.gao@intel.com>
Reviewed-by: default avatarXiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: default avatarBinbin Wu <binbin.wu@linux.intel.com>
Link: https://lore.kernel.org/r/20250919223258.1604852-7-seanjc@google.com


Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
parent c0a5f298

arch/x86/include/asm/kvm_host.h

+2 −1
Original line number Diff line number Diff line
@@ -815,7 +815,6 @@ struct kvm_vcpu_arch { 
	bool at_instruction_boundary;

	bool tpr_access_reporting;

	bool xfd_no_write_intercept;

	u64 ia32_xss;

	u64 microcode_version;

	u64 arch_capabilities;

	u64 perf_capabilities;
@@ -876,6 +875,8 @@ struct kvm_vcpu_arch { 


	u64 xcr0;

	u64 guest_supported_xcr0;

	u64 ia32_xss;

	u64 guest_supported_xss;



	struct kvm_pio_request pio;

	void *pio_data;

arch/x86/kvm/cpuid.c

+12 −0
Original line number Diff line number Diff line
@@ -263,6 +263,17 @@ static u64 cpuid_get_supported_xcr0(struct kvm_vcpu *vcpu) 
	return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0;

}



static u64 cpuid_get_supported_xss(struct kvm_vcpu *vcpu)

{

	struct kvm_cpuid_entry2 *best;



	best = kvm_find_cpuid_entry_index(vcpu, 0xd, 1);

	if (!best)

		return 0;



	return (best->ecx | ((u64)best->edx << 32)) & kvm_caps.supported_xss;

}



static __always_inline void kvm_update_feature_runtime(struct kvm_vcpu *vcpu,

						       struct kvm_cpuid_entry2 *entry,

						       unsigned int x86_feature,
@@ -424,6 +435,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) 
	}



	vcpu->arch.guest_supported_xcr0 = cpuid_get_supported_xcr0(vcpu);

	vcpu->arch.guest_supported_xss = cpuid_get_supported_xss(vcpu);



	vcpu->arch.pv_cpuid.features = kvm_apply_cpuid_pv_features_quirk(vcpu);

arch/x86/kvm/x86.c

+3 −4
Original line number Diff line number Diff line
@@ -3984,15 +3984,14 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) 
		}

		break;

	case MSR_IA32_XSS:

		if (!msr_info->host_initiated &&

		    !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))

			return 1;

		if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))

			return KVM_MSR_RET_UNSUPPORTED;

		/*

		 * KVM supports exposing PT to the guest, but does not support

		 * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than

		 * XSAVES/XRSTORS to save/restore PT MSRs.

		 */

		if (data & ~kvm_caps.supported_xss)

		if (data & ~vcpu->arch.guest_supported_xss)

			return 1;

		vcpu->arch.ia32_xss = data;

		vcpu->arch.cpuid_dynamic_bits_dirty = true;