• Sean Christopherson's avatar
    x86/entry/64: Do not use RDPID in paranoid entry to accomodate KVM · 6a3ea3e6
    Sean Christopherson authored
    KVM has an optmization to avoid expensive MRS read/writes on
    VMENTER/EXIT. It caches the MSR values and restores them either when
    leaving the run loop, on preemption or when going out to user space.
    
    The affected MSRs are not required for kernel context operations. This
    changed with the recently introduced mechanism to handle FSGSBASE in the
    paranoid entry code which has to retrieve the kernel GSBASE value by
    accessing per CPU memory. The mechanism needs to retrieve the CPU number
    and uses either LSL or RDPID if the processor supports it.
    
    Unfortunately RDPID uses MSR_TSC_AUX which is in the list of cached and
    lazily restored MSRs, which means between the point where the guest value
    is written and the point of restore, MSR_TSC_AUX contains a random number.
    
    If an NMI or any other exception which uses the paranoid entry path happens
    in such a context, then RDPID returns the random guest MSR_TSC_AUX value.
    
    As a consequence this reads from the wrong memory location to retrieve the
    kernel GSBASE value. Kernel GS is used to for all regular this_cpu_*()
    operations. If the GSBASE in the exception handler points to the per CPU
    memory of a different CPU then this has the obvious consequences of data
    corruption and crashes.
    
    As the paranoid entry path is the only place which accesses MSR_TSX_AUX
    (via RDPID) and the fallback via LSL is not significantly slower, remove
    the RDPID alternative from the entry path and always use LSL.
    
    The alternative would be to write MSR_TSC_AUX on every VMENTER and VMEXIT
    which would be inflicting massive overhead on that code path.
    
    [ tglx: Rewrote changelog ]
    
    Fixes: eaad9812 ("x86/entry/64: Introduce the FIND_PERCPU_BASE macro")
    Reported-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
    Debugged-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
    Suggested-by: default avatarAndy Lutomirski <luto@kernel.org>
    Suggested-by: default avatarPeter Zijlstra <peterz@infradead.org>
    Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Link: https://lore.kernel.org/r/20200821105229.18938-1-pbonzini@redhat.com
    6a3ea3e6
calling.h 10.8 KB