tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'kvm-x86-lam-6.8' of https://github.com/kvm-x86/linux into HEAD

KVM x86 support for virtualizing Linear Address Masking (LAM)

Add KVM support for Linear Address Masking (LAM). LAM tweaks the canonicality
checks for most virtual address usage in 64-bit mode, such that only the most
significant bit of the untranslated address bits must match the polarity of the
last translated address bit. This allows software to use ignored, untranslated
address bits for metadata, e.g. to efficiently tag pointers for address
sanitization.

LAM can be enabled separately for user pointers and supervisor pointers, and
for userspace LAM can be select between 48-bit and 57-bit masking

- 48-bit LAM: metadata bits 62:48, i.e. LAM width of 15.
- 57-bit LAM: metadata bits 62:57, i.e. LAM width of 6.

For user pointers, LAM enabling utilizes two previously-reserved high bits from
CR3 (similar to how PCID_NOFLUSH uses bit 63): LAM_U48 and LAM_U57, bits 62 and
61 respectively. Note, if LAM_57 is set, LAM_U48 is ignored, i.e.:

- CR3.LAM_U48=0 && CR3.LAM_U57=0 == LAM disabled for user pointers
- CR3.LAM_U48=1 && CR3.LAM_U57=0 == LAM-48 enabled for user pointers
- CR3.LAM_U48=x && CR3.LAM_U57=1 == LAM-57 enabled for user pointers

For supervisor pointers, LAM is controlled by a single bit, CR4.LAM_SUP, with
the 48-bit versus 57-bit LAM behavior following the current paging mode, i.e.:

- CR4.LAM_SUP=0 && CR4.LA57=x == LAM disabled for supervisor pointers
- CR4.LAM_SUP=1 && CR4.LA57=0 == LAM-48 enabled for supervisor pointers
- CR4.LAM_SUP=1 && CR4.LA57=1 == LAM-57 enabled for supervisor pointers

The modified LAM canonicality checks:
- LAM_S48 : [ 1 ][ metadata ][ 1 ]
63 47
- LAM_U48 : [ 0 ][ metadata ][ 0 ]
63 47
- LAM_S57 : [ 1 ][ metadata ][ 1 ]
63 56
- LAM_U57 + 5-lvl paging : [ 0 ][ metadata ][ 0 ]
63 56
- LAM_U57 + 4-lvl paging : [ 0 ][ metadata ][ 0...0 ]
63 56..47

The bulk of KVM support for LAM is to emulate LAM's modified canonicality
checks. The approach taken by KVM is to "fill" the metadata bits using the
highest bit of the translated address, e.g. for LAM-48, bit 47 is sign-extended
to bits 62:48. The most significant bit, 63, is *not* modified, i.e. its value
from the raw, untagged virtual address is kept for the canonicality check. This
untagging allows

Aside from emulating LAM's canonical checks behavior, LAM has the usual KVM
touchpoints for selectable features: enumeration (CPUID.7.1:EAX.LAM[bit 26],
enabling via CR3 and CR4 bits, etc.

Paolo Bonzini 8ecb10bc 01edb1cf

+134 -30
+1
arch/x86/include/asm/kvm-x86-ops.h
··· 137 137 KVM_X86_OP(complete_emulated_msr) 138 138 KVM_X86_OP(vcpu_deliver_sipi_vector) 139 139 KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons); 140 + KVM_X86_OP_OPTIONAL(get_untagged_addr) 140 141 141 142 #undef KVM_X86_OP 142 143 #undef KVM_X86_OP_OPTIONAL
+4 -1
arch/x86/include/asm/kvm_host.h
··· 133 133 | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \ 134 134 | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ 135 135 | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ 136 - | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP)) 136 + | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP \ 137 + | X86_CR4_LAM_SUP)) 137 138 138 139 #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) 139 140 ··· 1791 1790 * Returns vCPU specific APICv inhibit reasons 1792 1791 */ 1793 1792 unsigned long (*vcpu_get_apicv_inhibit_reasons)(struct kvm_vcpu *vcpu); 1793 + 1794 + gva_t (*get_untagged_addr)(struct kvm_vcpu *vcpu, gva_t gva, unsigned int flags); 1794 1795 }; 1795 1796 1796 1797 struct kvm_x86_nested_ops {
+1 -1
arch/x86/kvm/cpuid.c
··· 677 677 kvm_cpu_cap_mask(CPUID_7_1_EAX, 678 678 F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | 679 679 F(FZRM) | F(FSRS) | F(FSRC) | 680 - F(AMX_FP16) | F(AVX_IFMA) 680 + F(AMX_FP16) | F(AVX_IFMA) | F(LAM) 681 681 ); 682 682 683 683 kvm_cpu_cap_init_kvm_defined(CPUID_7_1_EDX,
+8 -5
arch/x86/kvm/cpuid.h
··· 47 47 return !(gpa & vcpu->arch.reserved_gpa_bits); 48 48 } 49 49 50 - static inline bool kvm_vcpu_is_illegal_gpa(struct kvm_vcpu *vcpu, gpa_t gpa) 51 - { 52 - return !kvm_vcpu_is_legal_gpa(vcpu, gpa); 53 - } 54 - 55 50 static inline bool kvm_vcpu_is_legal_aligned_gpa(struct kvm_vcpu *vcpu, 56 51 gpa_t gpa, gpa_t alignment) 57 52 { ··· 272 277 273 278 return test_bit(kvm_governed_feature_index(x86_feature), 274 279 vcpu->arch.governed_features.enabled); 280 + } 281 + 282 + static inline bool kvm_vcpu_is_legal_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) 283 + { 284 + if (guest_can_use(vcpu, X86_FEATURE_LAM)) 285 + cr3 &= ~(X86_CR3_LAM_U48 | X86_CR3_LAM_U57); 286 + 287 + return kvm_vcpu_is_legal_gpa(vcpu, cr3); 275 288 } 276 289 277 290 #endif
+15 -12
arch/x86/kvm/emulate.c
··· 687 687 static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, 688 688 struct segmented_address addr, 689 689 unsigned *max_size, unsigned size, 690 - bool write, bool fetch, 691 - enum x86emul_mode mode, ulong *linear) 690 + enum x86emul_mode mode, ulong *linear, 691 + unsigned int flags) 692 692 { 693 693 struct desc_struct desc; 694 694 bool usable; ··· 701 701 *max_size = 0; 702 702 switch (mode) { 703 703 case X86EMUL_MODE_PROT64: 704 - *linear = la; 704 + *linear = la = ctxt->ops->get_untagged_addr(ctxt, la, flags); 705 705 va_bits = ctxt_virt_addr_bits(ctxt); 706 706 if (!__is_canonical_address(la, va_bits)) 707 707 goto bad; ··· 717 717 if (!usable) 718 718 goto bad; 719 719 /* code segment in protected mode or read-only data segment */ 720 - if ((((ctxt->mode != X86EMUL_MODE_REAL) && (desc.type & 8)) 721 - || !(desc.type & 2)) && write) 720 + if ((((ctxt->mode != X86EMUL_MODE_REAL) && (desc.type & 8)) || !(desc.type & 2)) && 721 + (flags & X86EMUL_F_WRITE)) 722 722 goto bad; 723 723 /* unreadable code segment */ 724 - if (!fetch && (desc.type & 8) && !(desc.type & 2)) 724 + if (!(flags & X86EMUL_F_FETCH) && (desc.type & 8) && !(desc.type & 2)) 725 725 goto bad; 726 726 lim = desc_limit_scaled(&desc); 727 727 if (!(desc.type & 8) && (desc.type & 4)) { ··· 757 757 ulong *linear) 758 758 { 759 759 unsigned max_size; 760 - return __linearize(ctxt, addr, &max_size, size, write, false, 761 - ctxt->mode, linear); 760 + return __linearize(ctxt, addr, &max_size, size, ctxt->mode, linear, 761 + write ? X86EMUL_F_WRITE : 0); 762 762 } 763 763 764 764 static inline int assign_eip(struct x86_emulate_ctxt *ctxt, ulong dst) ··· 771 771 772 772 if (ctxt->op_bytes != sizeof(unsigned long)) 773 773 addr.ea = dst & ((1UL << (ctxt->op_bytes << 3)) - 1); 774 - rc = __linearize(ctxt, addr, &max_size, 1, false, true, ctxt->mode, &linear); 774 + rc = __linearize(ctxt, addr, &max_size, 1, ctxt->mode, &linear, 775 + X86EMUL_F_FETCH); 775 776 if (rc == X86EMUL_CONTINUE) 776 777 ctxt->_eip = addr.ea; 777 778 return rc; ··· 908 907 * boundary check itself. Instead, we use max_size to check 909 908 * against op_size. 910 909 */ 911 - rc = __linearize(ctxt, addr, &max_size, 0, false, true, ctxt->mode, 912 - &linear); 910 + rc = __linearize(ctxt, addr, &max_size, 0, ctxt->mode, &linear, 911 + X86EMUL_F_FETCH); 913 912 if (unlikely(rc != X86EMUL_CONTINUE)) 914 913 return rc; 915 914 ··· 3440 3439 { 3441 3440 int rc; 3442 3441 ulong linear; 3442 + unsigned int max_size; 3443 3443 3444 - rc = linearize(ctxt, ctxt->src.addr.mem, 1, false, &linear); 3444 + rc = __linearize(ctxt, ctxt->src.addr.mem, &max_size, 1, ctxt->mode, 3445 + &linear, X86EMUL_F_INVLPG); 3445 3446 if (rc == X86EMUL_CONTINUE) 3446 3447 ctxt->ops->invlpg(ctxt, linear); 3447 3448 /* Disable writeback. */
+1
arch/x86/kvm/governed_features.h
··· 16 16 KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) 17 17 KVM_GOVERNED_X86_FEATURE(VGIF) 18 18 KVM_GOVERNED_X86_FEATURE(VNMI) 19 + KVM_GOVERNED_X86_FEATURE(LAM) 19 20 20 21 #undef KVM_GOVERNED_X86_FEATURE 21 22 #undef KVM_GOVERNED_FEATURE
+9
arch/x86/kvm/kvm_emulate.h
··· 88 88 #define X86EMUL_IO_NEEDED 5 /* IO is needed to complete emulation */ 89 89 #define X86EMUL_INTERCEPTED 6 /* Intercepted by nested VMCB/VMCS */ 90 90 91 + /* x86-specific emulation flags */ 92 + #define X86EMUL_F_WRITE BIT(0) 93 + #define X86EMUL_F_FETCH BIT(1) 94 + #define X86EMUL_F_IMPLICIT BIT(2) 95 + #define X86EMUL_F_INVLPG BIT(3) 96 + 91 97 struct x86_emulate_ops { 92 98 void (*vm_bugged)(struct x86_emulate_ctxt *ctxt); 93 99 /* ··· 230 224 int (*leave_smm)(struct x86_emulate_ctxt *ctxt); 231 225 void (*triple_fault)(struct x86_emulate_ctxt *ctxt); 232 226 int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr); 227 + 228 + gva_t (*get_untagged_addr)(struct x86_emulate_ctxt *ctxt, gva_t addr, 229 + unsigned int flags); 233 230 }; 234 231 235 232 /* Type, address-of, and value of an instruction's operand. */
+8
arch/x86/kvm/mmu.h
··· 146 146 return kvm_get_pcid(vcpu, kvm_read_cr3(vcpu)); 147 147 } 148 148 149 + static inline unsigned long kvm_get_active_cr3_lam_bits(struct kvm_vcpu *vcpu) 150 + { 151 + if (!guest_can_use(vcpu, X86_FEATURE_LAM)) 152 + return 0; 153 + 154 + return kvm_read_cr3(vcpu) & (X86_CR3_LAM_U48 | X86_CR3_LAM_U57); 155 + } 156 + 149 157 static inline void kvm_mmu_load_pgd(struct kvm_vcpu *vcpu) 150 158 { 151 159 u64 root_hpa = vcpu->arch.mmu->root.hpa;
+1 -1
arch/x86/kvm/mmu/mmu.c
··· 3802 3802 hpa_t root; 3803 3803 3804 3804 root_pgd = kvm_mmu_get_guest_pgd(vcpu, mmu); 3805 - root_gfn = root_pgd >> PAGE_SHIFT; 3805 + root_gfn = (root_pgd & __PT_BASE_ADDR_MASK) >> PAGE_SHIFT; 3806 3806 3807 3807 if (!kvm_vcpu_is_visible_gfn(vcpu, root_gfn)) { 3808 3808 mmu->root.hpa = kvm_mmu_get_dummy_root();
+1
arch/x86/kvm/mmu/mmu_internal.h
··· 13 13 #endif 14 14 15 15 /* Page table builder macros common to shadow (host) PTEs and guest PTEs. */ 16 + #define __PT_BASE_ADDR_MASK GENMASK_ULL(51, 12) 16 17 #define __PT_LEVEL_SHIFT(level, bits_per_level) \ 17 18 (PAGE_SHIFT + ((level) - 1) * (bits_per_level)) 18 19 #define __PT_INDEX(address, level, bits_per_level) \
+1 -1
arch/x86/kvm/mmu/paging_tmpl.h
··· 62 62 #endif 63 63 64 64 /* Common logic, but per-type values. These also need to be undefined. */ 65 - #define PT_BASE_ADDR_MASK ((pt_element_t)(((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))) 65 + #define PT_BASE_ADDR_MASK ((pt_element_t)__PT_BASE_ADDR_MASK) 66 66 #define PT_LVL_ADDR_MASK(lvl) __PT_LVL_ADDR_MASK(PT_BASE_ADDR_MASK, lvl, PT_LEVEL_BITS) 67 67 #define PT_LVL_OFFSET_MASK(lvl) __PT_LVL_OFFSET_MASK(PT_BASE_ADDR_MASK, lvl, PT_LEVEL_BITS) 68 68 #define PT_INDEX(addr, lvl) __PT_INDEX(addr, lvl, PT_LEVEL_BITS)
+2 -2
arch/x86/kvm/svm/nested.c
··· 317 317 if ((save->efer & EFER_LME) && (save->cr0 & X86_CR0_PG)) { 318 318 if (CC(!(save->cr4 & X86_CR4_PAE)) || 319 319 CC(!(save->cr0 & X86_CR0_PE)) || 320 - CC(kvm_vcpu_is_illegal_gpa(vcpu, save->cr3))) 320 + CC(!kvm_vcpu_is_legal_cr3(vcpu, save->cr3))) 321 321 return false; 322 322 } 323 323 ··· 522 522 static int nested_svm_load_cr3(struct kvm_vcpu *vcpu, unsigned long cr3, 523 523 bool nested_npt, bool reload_pdptrs) 524 524 { 525 - if (CC(kvm_vcpu_is_illegal_gpa(vcpu, cr3))) 525 + if (CC(!kvm_vcpu_is_legal_cr3(vcpu, cr3))) 526 526 return -EINVAL; 527 527 528 528 if (reload_pdptrs && !nested_npt && is_pae_paging(vcpu) &&
+8 -3
arch/x86/kvm/vmx/nested.c
··· 1116 1116 bool nested_ept, bool reload_pdptrs, 1117 1117 enum vm_entry_failure_code *entry_failure_code) 1118 1118 { 1119 - if (CC(kvm_vcpu_is_illegal_gpa(vcpu, cr3))) { 1119 + if (CC(!kvm_vcpu_is_legal_cr3(vcpu, cr3))) { 1120 1120 *entry_failure_code = ENTRY_FAIL_DEFAULT; 1121 1121 return -EINVAL; 1122 1122 } ··· 2753 2753 } 2754 2754 2755 2755 /* Reserved bits should not be set */ 2756 - if (CC(kvm_vcpu_is_illegal_gpa(vcpu, new_eptp) || ((new_eptp >> 7) & 0x1f))) 2756 + if (CC(!kvm_vcpu_is_legal_gpa(vcpu, new_eptp) || ((new_eptp >> 7) & 0x1f))) 2757 2757 return false; 2758 2758 2759 2759 /* AD, if set, should be supported */ ··· 2950 2950 2951 2951 if (CC(!nested_host_cr0_valid(vcpu, vmcs12->host_cr0)) || 2952 2952 CC(!nested_host_cr4_valid(vcpu, vmcs12->host_cr4)) || 2953 - CC(kvm_vcpu_is_illegal_gpa(vcpu, vmcs12->host_cr3))) 2953 + CC(!kvm_vcpu_is_legal_cr3(vcpu, vmcs12->host_cr3))) 2954 2954 return -EINVAL; 2955 2955 2956 2956 if (CC(is_noncanonical_address(vmcs12->host_ia32_sysenter_esp, vcpu)) || ··· 5026 5026 else 5027 5027 *ret = off; 5028 5028 5029 + *ret = vmx_get_untagged_addr(vcpu, *ret, 0); 5029 5030 /* Long mode: #GP(0)/#SS(0) if the memory address is in a 5030 5031 * non-canonical form. This is the only check on the memory 5031 5032 * destination for long mode! ··· 5831 5830 vpid02 = nested_get_vpid02(vcpu); 5832 5831 switch (type) { 5833 5832 case VMX_VPID_EXTENT_INDIVIDUAL_ADDR: 5833 + /* 5834 + * LAM doesn't apply to addresses that are inputs to TLB 5835 + * invalidation. 5836 + */ 5834 5837 if (!operand.vpid || 5835 5838 is_noncanonical_address(operand.gla, vcpu)) 5836 5839 return nested_vmx_fail(vcpu,
+1
arch/x86/kvm/vmx/sgx.c
··· 37 37 if (!IS_ALIGNED(*gva, alignment)) { 38 38 fault = true; 39 39 } else if (likely(is_64_bit_mode(vcpu))) { 40 + *gva = vmx_get_untagged_addr(vcpu, *gva, 0); 40 41 fault = is_noncanonical_address(*gva, vcpu); 41 42 } else { 42 43 *gva &= 0xffffffff;
+53 -2
arch/x86/kvm/vmx/vmx.c
··· 3395 3395 update_guest_cr3 = false; 3396 3396 vmx_ept_load_pdptrs(vcpu); 3397 3397 } else { 3398 - guest_cr3 = root_hpa | kvm_get_active_pcid(vcpu); 3398 + guest_cr3 = root_hpa | kvm_get_active_pcid(vcpu) | 3399 + kvm_get_active_cr3_lam_bits(vcpu); 3399 3400 } 3400 3401 3401 3402 if (update_guest_cr3) ··· 5781 5780 * would also use advanced VM-exit information for EPT violations to 5782 5781 * reconstruct the page fault error code. 5783 5782 */ 5784 - if (unlikely(allow_smaller_maxphyaddr && kvm_vcpu_is_illegal_gpa(vcpu, gpa))) 5783 + if (unlikely(allow_smaller_maxphyaddr && !kvm_vcpu_is_legal_gpa(vcpu, gpa))) 5785 5784 return kvm_emulate_instruction(vcpu, 0); 5786 5785 5787 5786 return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, 0); ··· 7672 7671 cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP)); 7673 7672 cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57)); 7674 7673 7674 + entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 1); 7675 + cr4_fixed1_update(X86_CR4_LAM_SUP, eax, feature_bit(LAM)); 7676 + 7675 7677 #undef cr4_fixed1_update 7676 7678 } 7677 7679 ··· 7761 7757 kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); 7762 7758 7763 7759 kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX); 7760 + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_LAM); 7764 7761 7765 7762 vmx_setup_uret_msrs(vmx); 7766 7763 ··· 8208 8203 free_pages((unsigned long)kvm_vmx->pid_table, vmx_get_pid_table_order(kvm)); 8209 8204 } 8210 8205 8206 + /* 8207 + * Note, the SDM states that the linear address is masked *after* the modified 8208 + * canonicality check, whereas KVM masks (untags) the address and then performs 8209 + * a "normal" canonicality check. Functionally, the two methods are identical, 8210 + * and when the masking occurs relative to the canonicality check isn't visible 8211 + * to software, i.e. KVM's behavior doesn't violate the SDM. 8212 + */ 8213 + gva_t vmx_get_untagged_addr(struct kvm_vcpu *vcpu, gva_t gva, unsigned int flags) 8214 + { 8215 + int lam_bit; 8216 + unsigned long cr3_bits; 8217 + 8218 + if (flags & (X86EMUL_F_FETCH | X86EMUL_F_IMPLICIT | X86EMUL_F_INVLPG)) 8219 + return gva; 8220 + 8221 + if (!is_64_bit_mode(vcpu)) 8222 + return gva; 8223 + 8224 + /* 8225 + * Bit 63 determines if the address should be treated as user address 8226 + * or a supervisor address. 8227 + */ 8228 + if (!(gva & BIT_ULL(63))) { 8229 + cr3_bits = kvm_get_active_cr3_lam_bits(vcpu); 8230 + if (!(cr3_bits & (X86_CR3_LAM_U57 | X86_CR3_LAM_U48))) 8231 + return gva; 8232 + 8233 + /* LAM_U48 is ignored if LAM_U57 is set. */ 8234 + lam_bit = cr3_bits & X86_CR3_LAM_U57 ? 56 : 47; 8235 + } else { 8236 + if (!kvm_is_cr4_bit_set(vcpu, X86_CR4_LAM_SUP)) 8237 + return gva; 8238 + 8239 + lam_bit = kvm_is_cr4_bit_set(vcpu, X86_CR4_LA57) ? 56 : 47; 8240 + } 8241 + 8242 + /* 8243 + * Untag the address by sign-extending the lam_bit, but NOT to bit 63. 8244 + * Bit 63 is retained from the raw virtual address so that untagging 8245 + * doesn't change a user access to a supervisor access, and vice versa. 8246 + */ 8247 + return (sign_extend64(gva, lam_bit) & ~BIT_ULL(63)) | (gva & BIT_ULL(63)); 8248 + } 8249 + 8211 8250 static struct kvm_x86_ops vmx_x86_ops __initdata = { 8212 8251 .name = KBUILD_MODNAME, 8213 8252 ··· 8392 8343 .complete_emulated_msr = kvm_complete_insn_gp, 8393 8344 8394 8345 .vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector, 8346 + 8347 + .get_untagged_addr = vmx_get_untagged_addr, 8395 8348 }; 8396 8349 8397 8350 static unsigned int vmx_handle_intel_pt_intr(void)
+2
arch/x86/kvm/vmx/vmx.h
··· 422 422 u64 vmx_get_l2_tsc_offset(struct kvm_vcpu *vcpu); 423 423 u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu); 424 424 425 + gva_t vmx_get_untagged_addr(struct kvm_vcpu *vcpu, gva_t gva, unsigned int flags); 426 + 425 427 static inline void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu, u32 msr, 426 428 int type, bool value) 427 429 {
+16 -2
arch/x86/kvm/x86.c
··· 1284 1284 * stuff CR3, e.g. for RSM emulation, and there is no guarantee that 1285 1285 * the current vCPU mode is accurate. 1286 1286 */ 1287 - if (kvm_vcpu_is_illegal_gpa(vcpu, cr3)) 1287 + if (!kvm_vcpu_is_legal_cr3(vcpu, cr3)) 1288 1288 return 1; 1289 1289 1290 1290 if (is_pae_paging(vcpu) && !load_pdptrs(vcpu, cr3)) ··· 8471 8471 kvm_vm_bugged(kvm); 8472 8472 } 8473 8473 8474 + static gva_t emulator_get_untagged_addr(struct x86_emulate_ctxt *ctxt, 8475 + gva_t addr, unsigned int flags) 8476 + { 8477 + if (!kvm_x86_ops.get_untagged_addr) 8478 + return addr; 8479 + 8480 + return static_call(kvm_x86_get_untagged_addr)(emul_to_vcpu(ctxt), addr, flags); 8481 + } 8482 + 8474 8483 static const struct x86_emulate_ops emulate_ops = { 8475 8484 .vm_bugged = emulator_vm_bugged, 8476 8485 .read_gpr = emulator_read_gpr, ··· 8524 8515 .leave_smm = emulator_leave_smm, 8525 8516 .triple_fault = emulator_triple_fault, 8526 8517 .set_xcr = emulator_set_xcr, 8518 + .get_untagged_addr = emulator_get_untagged_addr, 8527 8519 }; 8528 8520 8529 8521 static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask) ··· 11653 11643 */ 11654 11644 if (!(sregs->cr4 & X86_CR4_PAE) || !(sregs->efer & EFER_LMA)) 11655 11645 return false; 11656 - if (kvm_vcpu_is_illegal_gpa(vcpu, sregs->cr3)) 11646 + if (!kvm_vcpu_is_legal_cr3(vcpu, sregs->cr3)) 11657 11647 return false; 11658 11648 } else { 11659 11649 /* ··· 13598 13588 13599 13589 switch (type) { 13600 13590 case INVPCID_TYPE_INDIV_ADDR: 13591 + /* 13592 + * LAM doesn't apply to addresses that are inputs to TLB 13593 + * invalidation. 13594 + */ 13601 13595 if ((!pcid_enabled && (operand.pcid != 0)) || 13602 13596 is_noncanonical_address(operand.gla, vcpu)) { 13603 13597 kvm_inject_gp(vcpu, 0);
+2
arch/x86/kvm/x86.h
··· 530 530 __reserved_bits |= X86_CR4_VMXE; \ 531 531 if (!__cpu_has(__c, X86_FEATURE_PCID)) \ 532 532 __reserved_bits |= X86_CR4_PCIDE; \ 533 + if (!__cpu_has(__c, X86_FEATURE_LAM)) \ 534 + __reserved_bits |= X86_CR4_LAM_SUP; \ 533 535 __reserved_bits; \ 534 536 }) 535 537