cryptospore / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-target-i386-do-not-set-unsupported-VMX-secondary-exe.patch

902636
From 77cdcccc49ba988e3b5bcb66decdee2e99fdcd72 Mon Sep 17 00:00:00 2001
902636
From: Vitaly Kuznetsov <vkuznets@redhat.com>
902636
Date: Tue, 14 Apr 2020 15:00:36 +0100
902636
Subject: [PATCH] target/i386: do not set unsupported VMX secondary execution
902636
 controls
902636
902636
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
902636
Message-id: <20200414150036.625732-2-vkuznets@redhat.com>
902636
Patchwork-id: 94674
902636
O-Subject: [RHEL-AV-8.2.0 qemu-kvm PATCH 1/1] target/i386: do not set unsupported VMX secondary execution controls
902636
Bugzilla: 1822682
902636
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
902636
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
902636
902636
Commit 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for
902636
secondary execution controls") added a workaround for KVM pre-dating
902636
commit 6defc591846d ("KVM: nVMX: include conditional controls in /dev/kvm
902636
KVM_GET_MSRS") which wasn't setting certain available controls. The
902636
workaround uses generic CPUID feature bits to set missing VMX controls.
902636
902636
It was found that in some cases it is possible to observe hosts which
902636
have certain CPUID features but lack the corresponding VMX control.
902636
902636
In particular, it was reported that Azure VMs have RDSEED but lack
902636
VMX_SECONDARY_EXEC_RDSEED_EXITING; attempts to enable this feature
902636
bit result in QEMU abort.
902636
902636
Resolve the issue but not applying the workaround when we don't have
902636
to. As there is no good way to find out if KVM has the fix itself, use
902636
95c5c7c77c ("KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST") instead
902636
as these [are supposed to] come together.
902636
902636
Fixes: 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for secondary execution controls")
902636
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
902636
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
902636
Message-Id: <20200331162752.1209928-1-vkuznets@redhat.com>
902636
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
902636
(cherry picked from commit 4a910e1f6ab4155ec8b24c49b2585cc486916985)
902636
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
902636
---
902636
 target/i386/kvm.c | 41 ++++++++++++++++++++++++++---------------
902636
 1 file changed, 26 insertions(+), 15 deletions(-)
902636
902636
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
902636
index 99840ca..fcc8f7d 100644
902636
--- a/target/i386/kvm.c
902636
+++ b/target/i386/kvm.c
902636
@@ -106,6 +106,7 @@ static bool has_msr_arch_capabs;
902636
 static bool has_msr_core_capabs;
902636
 static bool has_msr_vmx_vmfunc;
902636
 static bool has_msr_ucode_rev;
902636
+static bool has_msr_vmx_procbased_ctls2;
902636
 
902636
 static uint32_t has_architectural_pmu_version;
902636
 static uint32_t num_architectural_pmu_gp_counters;
902636
@@ -490,21 +491,28 @@ uint64_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
902636
     value = msr_data.entries[0].data;
902636
     switch (index) {
902636
     case MSR_IA32_VMX_PROCBASED_CTLS2:
902636
-        /* KVM forgot to add these bits for some time, do this ourselves.  */
902636
-        if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & CPUID_XSAVE_XSAVES) {
902636
-            value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;
902636
-        }
902636
-        if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & CPUID_EXT_RDRAND) {
902636
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;
902636
-        }
902636
-        if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_INVPCID) {
902636
-            value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;
902636
-        }
902636
-        if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_RDSEED) {
902636
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;
902636
-        }
902636
-        if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & CPUID_EXT2_RDTSCP) {
902636
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;
902636
+        if (!has_msr_vmx_procbased_ctls2) {
902636
+            /* KVM forgot to add these bits for some time, do this ourselves. */
902636
+            if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) &
902636
+                CPUID_XSAVE_XSAVES) {
902636
+                value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;
902636
+            }
902636
+            if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) &
902636
+                CPUID_EXT_RDRAND) {
902636
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;
902636
+            }
902636
+            if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &
902636
+                CPUID_7_0_EBX_INVPCID) {
902636
+                value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;
902636
+            }
902636
+            if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &
902636
+                CPUID_7_0_EBX_RDSEED) {
902636
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;
902636
+            }
902636
+            if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) &
902636
+                CPUID_EXT2_RDTSCP) {
902636
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;
902636
+            }
902636
         }
902636
         /* fall through */
902636
     case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
902636
@@ -2060,6 +2068,9 @@ static int kvm_get_supported_msrs(KVMState *s)
902636
             case MSR_IA32_UCODE_REV:
902636
                 has_msr_ucode_rev = true;
902636
                 break;
902636
+            case MSR_IA32_VMX_PROCBASED_CTLS2:
902636
+                has_msr_vmx_procbased_ctls2 = true;
902636
+                break;
902636
             }
902636
         }
902636
     }
902636
-- 
902636
1.8.3.1
902636