KVM: x86: Use kernel's x86_phys_bits to handle reduced MAXPHYADDR

Use boot_cpu_data.x86_phys_bits instead of the raw CPUID information to
enumerate the MAXPHYADDR for KVM guests when TDP is disabled (the guest
version is only relevant to NPT/TDP).

When using shadow paging, any reductions to the host's MAXPHYADDR apply
to KVM and its guests as well, i.e. using the raw CPUID info will cause
KVM to misreport the number of PA bits available to the guest.

Unconditionally zero out the "Physical Address bit reduction" entry.
For !TDP, the adjustment is already done, and for TDP enumerating the
host's reduction is wrong as the reduction does not apply to GPAs.

Fixes: 9af9b94068fb ("x86/cpu/AMD: Handle SME reduction in physical address size")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210623230552.4027702-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 1a4217b3e185510408afbedeff24d1fa9181be9c..ca7866d63e982db38bea98aeab86d5008d72d92c 100644 (file)
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -941,11 +941,18 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
                unsigned phys_as = entry->eax & 0xff;
 
                /*
-                * Use bare metal's MAXPHADDR if the CPU doesn't report guest
-                * MAXPHYADDR separately, or if TDP (NPT) is disabled, as the
-                * guest version "applies only to guests using nested paging".
+                * If TDP (NPT) is disabled use the adjusted host MAXPHYADDR as
+                * the guest operates in the same PA space as the host, i.e.
+                * reductions in MAXPHYADDR for memory encryption affect shadow
+                * paging, too.
+                *
+                * If TDP is enabled but an explicit guest MAXPHYADDR is not
+                * provided, use the raw bare metal MAXPHYADDR as reductions to
+                * the HPAs do not affect GPAs.
                 */
-               if (!g_phys_as || !tdp_enabled)
+               if (!tdp_enabled)
+                       g_phys_as = boot_cpu_data.x86_phys_bits;
+               else if (!g_phys_as)
                        g_phys_as = phys_as;
 
                entry->eax = g_phys_as | (virt_as << 8);
@@ -970,12 +977,18 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
        case 0x8000001a:
        case 0x8000001e:
                break;
-       /* Support memory encryption cpuid if host supports it */
        case 0x8000001F:
-               if (!kvm_cpu_cap_has(X86_FEATURE_SEV))
+               if (!kvm_cpu_cap_has(X86_FEATURE_SEV)) {
                        entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
-               else
+               } else {
                        cpuid_entry_override(entry, CPUID_8000_001F_EAX);
+
+                       /*
+                        * Enumerate '0' for "PA bits reduction", the adjusted
+                        * MAXPHYADDR is enumerated directly (see 0x80000008).
+                        */
+                       entry->ebx &= ~GENMASK(11, 6);
+               }
                break;
        /*Add support for Centaur's CPUID instruction*/
        case 0xC0000000: