Commit bb4409a9 authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

Merge tag 'kvm-x86-misc-6.13' of https://github.com/kvm-x86/linux into HEAD 

KVM x86 misc changes for 6.13

 - Clean up and optimize KVM's handling of writes to MSR_IA32_APICBASE.

 - Quirk KVM's misguided behavior of initialized certain feature MSRs to
   their maximum supported feature set, which can result in KVM creating
   invalid vCPU state.  E.g. initializing PERF_CAPABILITIES to a non-zero
   value results in the vCPU having invalid state if userspace hides PDCM
   from the guest, which can lead to save/restore failures.

 - Fix KVM's handling of non-canonical checks for vCPUs that support LA57
   to better follow the "architecture", in quotes because the actual
   behavior is poorly documented.  E.g. most MSR writes and descriptor
   table loads ignore CR4.LA57 and operate purely on whether the CPU
   supports LA57.

 - Bypass the register cache when querying CPL from kvm_sched_out(), as
   filling the cache from IRQ context is generally unsafe, and harden the
   cache accessors to try to prevent similar issues from occuring in the
   future.

 - Advertise AMD_IBPB_RET to userspace, and fix a related bug where KVM
   over-advertises SPEC_CTRL when trying to support cross-vendor VMs.

 - Minor cleanups
parents ef6fdc0e a75b7bb4

Documentation/virt/kvm/api.rst

+22 −0
Original line number Diff line number Diff line
@@ -8107,6 +8107,28 @@ KVM_X86_QUIRK_SLOT_ZAP_ALL By default, for KVM_X86_DEFAULT_VM VMs, KVM 
                                    or moved memslot isn't reachable, i.e KVM

                                    _may_ invalidate only SPTEs related to the

                                    memslot.



KVM_X86_QUIRK_STUFF_FEATURE_MSRS    By default, at vCPU creation, KVM sets the

                                    vCPU's MSR_IA32_PERF_CAPABILITIES (0x345),

                                    MSR_IA32_ARCH_CAPABILITIES (0x10a),

                                    MSR_PLATFORM_INFO (0xce), and all VMX MSRs

                                    (0x480..0x492) to the maximal capabilities

                                    supported by KVM.  KVM also sets

                                    MSR_IA32_UCODE_REV (0x8b) to an arbitrary

                                    value (which is different for Intel vs.

                                    AMD).  Lastly, when guest CPUID is set (by

                                    userspace), KVM modifies select VMX MSR

                                    fields to force consistency between guest

                                    CPUID and L2's effective ISA.  When this

                                    quirk is disabled, KVM zeroes the vCPU's MSR

                                    values (with two exceptions, see below),

                                    i.e. treats the feature MSRs like CPUID

                                    leaves and gives userspace full control of

                                    the vCPU model definition.  This quirk does

                                    not affect VMX MSRs CR0/CR4_FIXED1 (0x487

                                    and 0x489), as KVM does now allow them to

                                    be set by userspace (KVM sets them based on

                                    guest CPUID, for safety purposes).

=================================== ============================================



7.32 KVM_CAP_MAX_VCPU_ID

Documentation/virt/kvm/x86/errata.rst

+12 −0
Original line number Diff line number Diff line
@@ -33,6 +33,18 @@ Note however that any software (e.g ``WIN87EM.DLL``) expecting these features 
to be present likely predates these CPUID feature bits, and therefore

doesn't know to check for them anyway.



``KVM_SET_VCPU_EVENTS`` issue

-----------------------------



Invalid KVM_SET_VCPU_EVENTS input with respect to error codes *may* result in

failed VM-Entry on Intel CPUs.  Pre-CET Intel CPUs require that exception

injection through the VMCS correctly set the "error code valid" flag, e.g.

require the flag be set when injecting a #GP, clear when injecting a #UD,

clear when injecting a soft exception, etc.  Intel CPUs that enumerate

IA32_VMX_BASIC[56] as '1' relax VMX's consistency checks, and AMD CPUs have no

restrictions whatsoever.  KVM_SET_VCPU_EVENTS doesn't sanity check the vector

versus "has_error_code", i.e. KVM's ABI follows AMD behavior.



Nested virtualization features

------------------------------

arch/x86/include/asm/kvm-x86-ops.h

+1 −0
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ KVM_X86_OP(set_msr) 
KVM_X86_OP(get_segment_base)

KVM_X86_OP(get_segment)

KVM_X86_OP(get_cpl)

KVM_X86_OP(get_cpl_no_cache)

KVM_X86_OP(set_segment)

KVM_X86_OP(get_cs_db_l_bits)

KVM_X86_OP(is_valid_cr0)

arch/x86/include/asm/kvm_host.h

+3 −1
Original line number Diff line number Diff line
@@ -1655,6 +1655,7 @@ struct kvm_x86_ops { 
	void (*get_segment)(struct kvm_vcpu *vcpu,

			    struct kvm_segment *var, int seg);

	int (*get_cpl)(struct kvm_vcpu *vcpu);

	int (*get_cpl_no_cache)(struct kvm_vcpu *vcpu);

	void (*set_segment)(struct kvm_vcpu *vcpu,

			    struct kvm_segment *var, int seg);

	void (*get_cs_db_l_bits)(struct kvm_vcpu *vcpu, int *db, int *l);
@@ -2358,7 +2359,8 @@ int memslot_rmap_alloc(struct kvm_memory_slot *slot, unsigned long npages); 
	 KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT |	\

	 KVM_X86_QUIRK_FIX_HYPERCALL_INSN |	\

	 KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS |	\

	 KVM_X86_QUIRK_SLOT_ZAP_ALL)

	 KVM_X86_QUIRK_SLOT_ZAP_ALL |		\

	 KVM_X86_QUIRK_STUFF_FEATURE_MSRS)



/*

 * KVM previously used a u32 field in kvm_run to indicate the hypercall was

arch/x86/include/uapi/asm/kvm.h

+1 −0
Original line number Diff line number Diff line
@@ -440,6 +440,7 @@ struct kvm_sync_regs { 
#define KVM_X86_QUIRK_FIX_HYPERCALL_INSN	(1 << 5)

#define KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS	(1 << 6)

#define KVM_X86_QUIRK_SLOT_ZAP_ALL		(1 << 7)

#define KVM_X86_QUIRK_STUFF_FEATURE_MSRS	(1 << 8)



#define KVM_STATE_NESTED_FORMAT_VMX	0

#define KVM_STATE_NESTED_FORMAT_SVM	1