[PATCH v2 00/21] KVM: x86: Disallow writes to feature MSRs post-KVM_RUN
From: Sean Christopherson
Date: Thu Feb 09 2023 - 19:31:59 EST
Give feature MSRs that same treatment as CPUID and disallow changing said
MSRs after KVM_RUN. Fix a tangentially related bug in the vPMU where KVM
leaves the vLBRs enabled after userspace disables the guest's entire vPMU.
The bulk of this series is a rework of the vmx_pmu_caps_test, a.k.a.
the PERF_CAPABILITIES selftests, to expand its coverage. In addition to
verifying that KVM rejects changes after KVM_RUN, verify other bits beyond
full-width writes and the LBR format.
Note! There is a sneaky, small, but massive change buried halfway through
this series that will affect all x86 selftests. Patch
Verify KVM preserves userspace writes to "durable" MSRs
adds a KVM_GET_MSRS after every KVM_SET_MSRS that writes a single MSR and
expects to succeeded. The intent is to opportunistically verify that KVM
provides "read what you wrote" for all "durable" MSRs. The PERF_CAPS test
was manually verifying this behavior, and while it seems kinda gratuitous,
the coverage is quite cheap from both a performance and maintenance cost,
i.e. I can't think of a reason _not_ to do it.
Applies on https://github.com/kvm-x86/linux/tree/next.
Sean Christopherson (21):
KVM: x86: Rename kvm_init_msr_list() to clarify it inits multiple
lists
KVM: x86: Add a helper to query whether or not a vCPU has ever run
KVM: x86: Add macros to track first...last VMX feature MSRs
KVM: x86: Generate set of VMX feature MSRs using first/last
definitions
KVM: x86: Disallow writes to immutable feature MSRs after KVM_RUN
KVM: x86/pmu: WARN and bug the VM if PMU is refreshed after vCPU has
run
KVM: x86/pmu: Zero out LBR capabilities during PMU refresh
KVM: selftests: Split PMU caps sub-tests to avoid writing MSR after
KVM_RUN
KVM: selftests: Move 0/initial value PERF_CAPS checks to dedicated
sub-test
KVM: selftests: Assert that full-width PMC writes are supported if
PDCM=1
KVM: selftests: Print out failing MSR and value in vcpu_set_msr()
KVM: selftests: Verify KVM preserves userspace writes to "durable"
MSRs
KVM: selftests: Drop now-redundant checks on PERF_CAPABILITIES writes
KVM: selftests: Test all fungible features in PERF_CAPABILITIES
KVM: selftests: Test all immutable non-format bits in
PERF_CAPABILITIES
KVM: selftests: Expand negative testing of guest writes to
PERF_CAPABILITIES
KVM: selftests: Test post-KVM_RUN writes to PERF_CAPABILITIES
KVM: selftests: Drop "all done!" printf() from PERF_CAPABILITIES test
KVM: selftests: Refactor LBR_FMT test to avoid use of separate macro
KVM: selftests: Add negative testcase for PEBS format in
PERF_CAPABILITIES
KVM: selftests: Verify LBRs are disabled if vPMU is disabled
arch/x86/kvm/cpuid.c | 2 +-
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/kvm/pmu.c | 3 +
arch/x86/kvm/svm/svm.c | 2 +-
arch/x86/kvm/vmx/pmu_intel.c | 10 +
arch/x86/kvm/vmx/vmx.c | 8 +-
arch/x86/kvm/x86.c | 103 +++++---
arch/x86/kvm/x86.h | 13 +
.../selftests/kvm/include/x86_64/processor.h | 41 ++-
.../selftests/kvm/x86_64/vmx_pmu_caps_test.c | 248 ++++++++++++++----
10 files changed, 342 insertions(+), 90 deletions(-)
base-commit: 62ef199250cd46fb66fe98267137b7f64e0b41b4
--
2.39.1.581.gbfd45094c4-goog