qemu/target-i386-do-not-set-unsupported-VMX-s.patch

From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Tue, 31 Mar 2020 18:27:52 +0200
Subject: target/i386: do not set unsupported VMX secondary execution controls

Git-commit: 4a910e1f6ab4155ec8b24c49b2585cc486916985

Commit 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for
secondary execution controls") added a workaround for KVM pre-dating
commit 6defc591846d ("KVM: nVMX: include conditional controls in /dev/kvm
KVM_GET_MSRS") which wasn't setting certain available controls. The
workaround uses generic CPUID feature bits to set missing VMX controls.

It was found that in some cases it is possible to observe hosts which
have certain CPUID features but lack the corresponding VMX control.

In particular, it was reported that Azure VMs have RDSEED but lack
VMX_SECONDARY_EXEC_RDSEED_EXITING; attempts to enable this feature
bit result in QEMU abort.

Resolve the issue but not applying the workaround when we don't have
to. As there is no good way to find out if KVM has the fix itself, use
95c5c7c77c ("KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST") instead
as these [are supposed to] come together.

Fixes: 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for secondary execution controls")
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20200331162752.1209928-1-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 target/i386/kvm.c | 41 ++++++++++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index b8ea67a644c802358826a840bdf1..91cd4976e262ad6bbb83206114b3 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -105,6 +105,7 @@ static bool has_msr_smi_count;
 static bool has_msr_arch_capabs;
 static bool has_msr_core_capabs;
 static bool has_msr_vmx_vmfunc;
+static bool has_msr_vmx_procbased_ctls2;
 
 static uint32_t has_architectural_pmu_version;
 static uint32_t num_architectural_pmu_gp_counters;
@@ -489,21 +490,28 @@ uint64_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
     value = msr_data.entries[0].data;
     switch (index) {
     case MSR_IA32_VMX_PROCBASED_CTLS2:
-        /* KVM forgot to add these bits for some time, do this ourselves.  */
-        if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & CPUID_XSAVE_XSAVES) {
-            value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;
-        }
-        if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & CPUID_EXT_RDRAND) {
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;
-        }
-        if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_INVPCID) {
-            value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;
-        }
-        if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_RDSEED) {
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;
-        }
-        if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & CPUID_EXT2_RDTSCP) {
-            value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;
+        if (!has_msr_vmx_procbased_ctls2) {
+            /* KVM forgot to add these bits for some time, do this ourselves. */
+            if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) &
+                CPUID_XSAVE_XSAVES) {
+                value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;
+            }
+            if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) &
+                CPUID_EXT_RDRAND) {
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;
+            }
+            if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &
+                CPUID_7_0_EBX_INVPCID) {
+                value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;
+            }
+            if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &
+                CPUID_7_0_EBX_RDSEED) {
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;
+            }
+            if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) &
+                CPUID_EXT2_RDTSCP) {
+                value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;
+            }
         }
         /* fall through */
     case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
@@ -2056,6 +2064,9 @@ static int kvm_get_supported_msrs(KVMState *s)
             case MSR_IA32_VMX_VMFUNC:
                 has_msr_vmx_vmfunc = true;
                 break;
+            case MSR_IA32_VMX_PROCBASED_CTLS2:
+                has_msr_vmx_procbased_ctls2 = true;
+                break;
             }
         }
     }
Accepting request 795118 from home:bfrogers:branches:Virtualization - Include upstream patches targeted for the next stable release (bug fixes only) spapr-Fix-failure-path-for-attempting-to.patch target-i386-do-not-set-unsupported-VMX-s.patch target-xtensa-fix-pasto-in-pfwait.r-opco.patch tcg-i386-Fix-INDEX_op_dup2_vec.patch tcg-mips-mips-sync-encode-error.patch vhost-user-gpu-Release-memory-returned-b.patch vpc-Don-t-round-up-already-aligned-BAT-s.patch xen-block-Fix-double-qlist-remove-and-re.patch - Fix bug causing weak encryption in PAuth for ARM (CVE-2020-10702 bsc#1168681) target-arm-Fix-PAuth-sbox-functions.patch - Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713 net-tulip-check-frame-size-and-r-w-data-.patch - Note that previously included patch addresses CVE-2020-1711 and bsc#1166240 iscsi-Cap-block-count-from-GET-LBA-STATU.patch - Include performance improvement (and related?) patch aio-wait-delegate-polling-of-main-AioCon.patch async-use-explicit-memory-barriers.patch - Rework previous patch at Olaf H.'s direction hw-i386-disable-smbus-migration-for-xenf.patch - Eliminate is_opensuse usage in producing seabios version string what we are doing here is just replacing the upstream string with one indicating that the openSUSE build service built it, and so just leave it as "-rebuilt.opensuse.org" - Alter algorithm used to produce "unique" symbol for coordinating qemu with the optional modules it may load. This is a reasonable relaxation for broader compatibility configure-remove-pkgversion-from-CONFIG_.patch - Tweak supported.*.txt for latest deprecations, and other fixes - Tweak update_git.sh, config.sh - One more fix is needed for: s390x Protected Virtualization support - start and control guest in secure mode (bsc#1167075 jsc#SLE-7407) s390x-s390-virtio-ccw-Fix-build-on-syste.patch OBS-URL: https://build.opensuse.org/request/show/795118 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=542 2020-04-17 22:48:15 +02:00			`From: Vitaly Kuznetsov <vkuznets@redhat.com>`
			`Date: Tue, 31 Mar 2020 18:27:52 +0200`
			`Subject: target/i386: do not set unsupported VMX secondary execution controls`

			`Git-commit: 4a910e1f6ab4155ec8b24c49b2585cc486916985`

			`Commit 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for`
			`secondary execution controls") added a workaround for KVM pre-dating`
			`commit 6defc591846d ("KVM: nVMX: include conditional controls in /dev/kvm`
			`KVM_GET_MSRS") which wasn't setting certain available controls. The`
			`workaround uses generic CPUID feature bits to set missing VMX controls.`

			`It was found that in some cases it is possible to observe hosts which`
			`have certain CPUID features but lack the corresponding VMX control.`

			`In particular, it was reported that Azure VMs have RDSEED but lack`
			`VMX_SECONDARY_EXEC_RDSEED_EXITING; attempts to enable this feature`
			`bit result in QEMU abort.`

			`Resolve the issue but not applying the workaround when we don't have`
			`to. As there is no good way to find out if KVM has the fix itself, use`
			`95c5c7c77c ("KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST") instead`
			`as these [are supposed to] come together.`

			`Fixes: 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for secondary execution controls")`
			`Suggested-by: Paolo Bonzini <pbonzini@redhat.com>`
			`Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>`
			`Message-Id: <20200331162752.1209928-1-vkuznets@redhat.com>`
			`Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>`
			`Signed-off-by: Bruce Rogers <brogers@suse.com>`
			`---`
			`target/i386/kvm.c \| 41 ++++++++++++++++++++++++++---------------`
			`1 file changed, 26 insertions(+), 15 deletions(-)`

			`diff --git a/target/i386/kvm.c b/target/i386/kvm.c`
			`index b8ea67a644c802358826a840bdf1..91cd4976e262ad6bbb83206114b3 100644`
			`--- a/target/i386/kvm.c`
			`+++ b/target/i386/kvm.c`
			`@@ -105,6 +105,7 @@ static bool has_msr_smi_count;`
			`static bool has_msr_arch_capabs;`
			`static bool has_msr_core_capabs;`
			`static bool has_msr_vmx_vmfunc;`
			`+static bool has_msr_vmx_procbased_ctls2;`

			`static uint32_t has_architectural_pmu_version;`
			`static uint32_t num_architectural_pmu_gp_counters;`
			`@@ -489,21 +490,28 @@ uint64_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)`
			`value = msr_data.entries[0].data;`
			`switch (index) {`
			`case MSR_IA32_VMX_PROCBASED_CTLS2:`
			`- /* KVM forgot to add these bits for some time, do this ourselves. */`
			`- if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & CPUID_XSAVE_XSAVES) {`
			`- value \|= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;`
			`- }`
			`- if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & CPUID_EXT_RDRAND) {`
			`- value \|= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;`
			`- }`
			`- if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_INVPCID) {`
			`- value \|= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;`
			`- }`
			`- if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_RDSEED) {`
			`- value \|= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;`
			`- }`
			`- if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & CPUID_EXT2_RDTSCP) {`
			`- value \|= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;`
			`+ if (!has_msr_vmx_procbased_ctls2) {`
			`+ /* KVM forgot to add these bits for some time, do this ourselves. */`
			`+ if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) &`
			`+ CPUID_XSAVE_XSAVES) {`
			`+ value \|= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;`
			`+ }`
			`+ if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) &`
			`+ CPUID_EXT_RDRAND) {`
			`+ value \|= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;`
			`+ }`
			`+ if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &`
			`+ CPUID_7_0_EBX_INVPCID) {`
			`+ value \|= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;`
			`+ }`
			`+ if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &`
			`+ CPUID_7_0_EBX_RDSEED) {`
			`+ value \|= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;`
			`+ }`
			`+ if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) &`
			`+ CPUID_EXT2_RDTSCP) {`
			`+ value \|= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;`
			`+ }`
			`}`
			`/* fall through */`
			`case MSR_IA32_VMX_TRUE_PINBASED_CTLS:`
			`@@ -2056,6 +2064,9 @@ static int kvm_get_supported_msrs(KVMState *s)`
			`case MSR_IA32_VMX_VMFUNC:`
			`has_msr_vmx_vmfunc = true;`
			`break;`
			`+ case MSR_IA32_VMX_PROCBASED_CTLS2:`
			`+ has_msr_vmx_procbased_ctls2 = true;`
			`+ break;`
			`}`
			`}`
			`}`