Re: [RFC PATCH v6 095/104] KVM: TDX: Handle TDX PV rdmsr/wrmsr hypercall

Sagi Shahar <sagis@xxxxxxxxxx> · Fri, 10 Jun 2022 14:04:49 -0700

On Thu, May 5, 2022 at 11:16 AM <isaku.yamahata@xxxxxxxxx> wrote:
>
> From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
>
> Wire up TDX PV rdmsr/wrmsr hypercall to the KVM backend function.
>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
>  arch/x86/kvm/vmx/tdx.c | 37 +++++++++++++++++++++++++++++++++++++
>  1 file changed, 37 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index f46825843a8b..1518a8c310d6 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -1169,6 +1169,39 @@ static int tdx_emulate_mmio(struct kvm_vcpu *vcpu)
>         return 1;
>  }
>
> +static int tdx_emulate_rdmsr(struct kvm_vcpu *vcpu)
> +{
> +       u32 index = tdvmcall_a0_read(vcpu);
> +       u64 data;
> +
> +       if (kvm_get_msr(vcpu, index, &data)) {

kvm_get_msr and kvm_set_msr used to check the MSR permissions using
kvm_msr_allowed but that behaviour changed in "KVM: x86: Only do MSR
filtering when access MSR by rdmsr/wrmsr".

Now kvm_get_msr and kvm_set_msr skip these checks and will allow
access regardless of the permissions in the msr_filter.

These should be changed to kvm_get_msr_with_filter and
kvm_set_msr_with_filter or something similar that checks permissions
for MSR access.

> +               trace_kvm_msr_read_ex(index);
> +               tdvmcall_set_return_code(vcpu, TDG_VP_VMCALL_INVALID_OPERAND);
> +               return 1;
> +       }
> +       trace_kvm_msr_read(index, data);
> +
> +       tdvmcall_set_return_code(vcpu, TDG_VP_VMCALL_SUCCESS);
> +       tdvmcall_set_return_val(vcpu, data);
> +       return 1;
> +}
> +
> +static int tdx_emulate_wrmsr(struct kvm_vcpu *vcpu)
> +{
> +       u32 index = tdvmcall_a0_read(vcpu);
> +       u64 data = tdvmcall_a1_read(vcpu);
> +
> +       if (kvm_set_msr(vcpu, index, data)) {
> +               trace_kvm_msr_write_ex(index, data);
> +               tdvmcall_set_return_code(vcpu, TDG_VP_VMCALL_INVALID_OPERAND);
> +               return 1;
> +       }
> +
> +       trace_kvm_msr_write(index, data);
> +       tdvmcall_set_return_code(vcpu, TDG_VP_VMCALL_SUCCESS);
> +       return 1;
> +}
> +
>  static int handle_tdvmcall(struct kvm_vcpu *vcpu)
>  {
>         if (tdvmcall_exit_type(vcpu))
> @@ -1183,6 +1216,10 @@ static int handle_tdvmcall(struct kvm_vcpu *vcpu)
>                 return tdx_emulate_io(vcpu);
>         case EXIT_REASON_EPT_VIOLATION:
>                 return tdx_emulate_mmio(vcpu);
> +       case EXIT_REASON_MSR_READ:
> +               return tdx_emulate_rdmsr(vcpu);
> +       case EXIT_REASON_MSR_WRITE:
> +               return tdx_emulate_wrmsr(vcpu);
>         default:
>                 break;
>         }
> --
> 2.25.1
>

Sagi