Re: [PATCH v3 7/7] KVM: x86: Add support for VMware backdoor Pseudo-PMCs

Liran Alon <liran.alon@xxxxxxxxxx> · Fri, 16 Mar 2018 08:59:46 -0700 (PDT)

----- rkrcmar@xxxxxxxxxx wrote:

> 2018-03-12 13:12+0200, Liran Alon:
> > From: Arbel Moshe <arbel.moshe@xxxxxxxxxx>
> > 
> > VMware exposes the following Pseudo PMCs:
> > 0x10000: Physical host TSC
> > 0x10001: Elapsed real time in ns
> > 0x10002: Elapsed apparent time in ns
> > 
> > For more info refer to:
> >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.vmware.com_files_pdf_techpaper_Timekeeping-2DIn-2DVirtualMachines.pdf&d=DwIBAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=JGiG7N6cqwzFQ5uYvNfXWMhmynIiK7wClCTlzdwkku4&s=sEr7pX0RUsxaqB4iW3f8t71tbJdBdce4lq24DJJWvAs&e=
> > 
> > VMware allows access to these Pseduo-PMCs even when read via RDPMC
> > in Ring3 and CR4.PCE=0. Therefore, commit modifies x86 emulator
> > to allow access to these PMCs in this situation. In addition,
> > emulation of these PMCs were added to kvm_pmu_rdpmc().
> > 
> > Signed-off-by: Arbel Moshe <arbel.moshe@xxxxxxxxxx>
> > Reviewed-by: Liran Alon <liran.alon@xxxxxxxxxx>
> > Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> > Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> > ---
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > @@ -5887,23 +5887,28 @@ static bool kvm_vcpu_check_breakpoint(struct
> kvm_vcpu *vcpu, int *r)
> >  
> >  static bool is_vmware_backdoor_opcode(struct x86_emulate_ctxt
> *ctxt)
> >  {
> > -	if (ctxt->opcode_len != 1)
> > -		return false;
> > -
> > -	switch (ctxt->b) {
> > -	case 0xe4:	/* IN */
> > -	case 0xe5:
> > -	case 0xec:
> > -	case 0xed:
> > -	case 0xe6:	/* OUT */
> > -	case 0xe7:
> > -	case 0xee:
> > -	case 0xef:
> > -	case 0x6c:	/* INS */
> > -	case 0x6d:
> > -	case 0x6e:	/* OUTS */
> > -	case 0x6f:
> > -		return true;
> > +	switch (ctxt->opcode_len) {
> > +	case 1:
> > +		switch (ctxt->b) {
> > +		case 0xe4:	/* IN */
> > +		case 0xe5:
> > +		case 0xec:
> > +		case 0xed:
> > +		case 0xe6:	/* OUT */
> > +		case 0xe7:
> > +		case 0xee:
> > +		case 0xef:
> > +		case 0x6c:	/* INS */
> > +		case 0x6d:
> > +		case 0x6e:	/* OUTS */
> > +		case 0x6f:
> > +			return true;
> > +		}
> 
> We fall through and return true for 0x33 with opcode_len == 1,
> plase add a break.

Oops. Nice catch. Will add missing break instruction of course.
Do you want to add it on apply or should I re-submit the series with this fix?

> 
> > +	case 2:
> > +		switch (ctxt->b) {
> > +		case 0x33:	/* RDPMC */
> > +			return true;
> > +		}
> >  	}
> >  
> >  	return false;
> > -- 
> > 1.9.1
> >