yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-target-i386-do-not-set-unsupported-VMX-secondary-exe.patch

ddf19c
From 77cdcccc49ba988e3b5bcb66decdee2e99fdcd72 Mon Sep 17 00:00:00 2001
ddf19c
From: Vitaly Kuznetsov <vkuznets@redhat.com>
ddf19c
Date: Tue, 14 Apr 2020 15:00:36 +0100
ddf19c
Subject: [PATCH] target/i386: do not set unsupported VMX secondary execution
ddf19c
 controls
ddf19c
ddf19c
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
ddf19c
Message-id: <20200414150036.625732-2-vkuznets@redhat.com>
ddf19c
Patchwork-id: 94674
ddf19c
O-Subject: [RHEL-AV-8.2.0 qemu-kvm PATCH 1/1] target/i386: do not set unsupported VMX secondary execution controls
ddf19c
Bugzilla: 1822682
ddf19c
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
ddf19c
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
ddf19c
ddf19c
Commit 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for
ddf19c
secondary execution controls") added a workaround for KVM pre-dating
ddf19c
commit 6defc591846d ("KVM: nVMX: include conditional controls in /dev/kvm
ddf19c
KVM_GET_MSRS") which wasn't setting certain available controls. The
ddf19c
workaround uses generic CPUID feature bits to set missing VMX controls.
ddf19c
ddf19c
It was found that in some cases it is possible to observe hosts which
ddf19c
have certain CPUID features but lack the corresponding VMX control.
ddf19c
ddf19c
In particular, it was reported that Azure VMs have RDSEED but lack
ddf19c
VMX_SECONDARY_EXEC_RDSEED_EXITING; attempts to enable this feature
ddf19c
bit result in QEMU abort.
ddf19c
ddf19c
Resolve the issue but not applying the workaround when we don't have
ddf19c
to. As there is no good way to find out if KVM has the fix itself, use
ddf19c
95c5c7c77c ("KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST") instead
ddf19c
as these [are supposed to] come together.
ddf19c
ddf19c
Fixes: 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for secondary execution controls")
ddf19c
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
ddf19c
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
ddf19c
Message-Id: <20200331162752.1209928-1-vkuznets@redhat.com>
ddf19c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ddf19c
(cherry picked from commit 4a910e1f6ab4155ec8b24c49b2585cc486916985)
ddf19c
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
ddf19c
---
ddf19c
 target/i386/kvm.c | 41 ++++++++++++++++++++++++++---------------
ddf19c
 1 file changed, 26 insertions(+), 15 deletions(-)
ddf19c
ddf19c
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
ddf19c
index 99840ca..fcc8f7d 100644
ddf19c
--- a/target/i386/kvm.c
ddf19c
+++ b/target/i386/kvm.c
ddf19c
@@ -106,6 +106,7 @@ static bool has_msr_arch_capabs;
ddf19c
 static bool has_msr_core_capabs;
ddf19c
 static bool has_msr_vmx_vmfunc;
ddf19c
 static bool has_msr_ucode_rev;
ddf19c
+static bool has_msr_vmx_procbased_ctls2;
ddf19c
 
ddf19c
 static uint32_t has_architectural_pmu_version;
ddf19c
 static uint32_t num_architectural_pmu_gp_counters;
ddf19c
@@ -490,21 +491,28 @@ uint64_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
ddf19c
     value = msr_data.entries[0].data;
ddf19c
     switch (index) {
ddf19c
     case MSR_IA32_VMX_PROCBASED_CTLS2:
ddf19c
-        /* KVM forgot to add these bits for some time, do this ourselves.  */
ddf19c
-        if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & CPUID_XSAVE_XSAVES) {
ddf19c
-            value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;
ddf19c
-        }
ddf19c
-        if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & CPUID_EXT_RDRAND) {
ddf19c
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;
ddf19c
-        }
ddf19c
-        if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_INVPCID) {
ddf19c
-            value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;
ddf19c
-        }
ddf19c
-        if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_RDSEED) {
ddf19c
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;
ddf19c
-        }
ddf19c
-        if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & CPUID_EXT2_RDTSCP) {
ddf19c
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;
ddf19c
+        if (!has_msr_vmx_procbased_ctls2) {
ddf19c
+            /* KVM forgot to add these bits for some time, do this ourselves. */
ddf19c
+            if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) &
ddf19c
+                CPUID_XSAVE_XSAVES) {
ddf19c
+                value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;
ddf19c
+            }
ddf19c
+            if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) &
ddf19c
+                CPUID_EXT_RDRAND) {
ddf19c
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;
ddf19c
+            }
ddf19c
+            if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &
ddf19c
+                CPUID_7_0_EBX_INVPCID) {
ddf19c
+                value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;
ddf19c
+            }
ddf19c
+            if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &
ddf19c
+                CPUID_7_0_EBX_RDSEED) {
ddf19c
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;
ddf19c
+            }
ddf19c
+            if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) &
ddf19c
+                CPUID_EXT2_RDTSCP) {
ddf19c
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;
ddf19c
+            }
ddf19c
         }
ddf19c
         /* fall through */
ddf19c
     case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
ddf19c
@@ -2060,6 +2068,9 @@ static int kvm_get_supported_msrs(KVMState *s)
ddf19c
             case MSR_IA32_UCODE_REV:
ddf19c
                 has_msr_ucode_rev = true;
ddf19c
                 break;
ddf19c
+            case MSR_IA32_VMX_PROCBASED_CTLS2:
ddf19c
+                has_msr_vmx_procbased_ctls2 = true;
ddf19c
+                break;
ddf19c
             }
ddf19c
         }
ddf19c
     }
ddf19c
-- 
ddf19c
1.8.3.1
ddf19c