On 12/31/2022 12:24 AM, Aaron Lewis wrote:
Be a good citizen and don't allow any of the supported MPX xfeatures[1]
to be set if they can't all be set. That way userspace or a guest
doesn't fail if it attempts to set them in XCR0.
[1] CPUID.(EAX=0DH,ECX=0):EAX.BNDREGS[bit-3]
CPUID.(EAX=0DH,ECX=0):EAX.BNDCSR[bit-4]
Suggested-by: Jim Mattson <jmattson@xxxxxxxxxx>
Signed-off-by: Aaron Lewis <aaronlewis@xxxxxxxxxx>
---
arch/x86/kvm/cpuid.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index c4e8257629165..2431c46d456b4 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -855,6 +855,16 @@ static int __do_cpuid_func_emulated(struct kvm_cpuid_array *array, u32 func)
return 0;
}
+static u64 sanitize_xcr0(u64 xcr0)
+{
+ u64 mask;
+
+ mask = XFEATURE_MASK_BNDREGS | XFEATURE_MASK_BNDCSR;
+ if ((xcr0 & mask) != mask)
+ xcr0 &= ~mask;
Maybe it can WARN_ON_ONCE() here.
It implies either a kernel bug that permitted_xcr0 is invalid or a
broken HW.
+ return xcr0;
+}
+
static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
{
struct kvm_cpuid_entry2 *entry;
@@ -982,6 +992,8 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
u64 permitted_xcr0 = kvm_caps.supported_xcr0 & xstate_get_guest_group_perm();
u64 permitted_xss = kvm_caps.supported_xss;
+ permitted_xcr0 = sanitize_xcr0(permitted_xcr0);
+
entry->eax &= permitted_xcr0;
entry->ebx = xstate_required_size(permitted_xcr0, false);
entry->ecx = entry->ebx;
