| Message ID | 20221213060912.654668-1-seanjc@google.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2657383wrr;
Mon, 12 Dec 2022 22:10:30 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf6NI47zpxvlygTPegYaffnnV3OVh7TRfHdv7JJuIdd3RgFwO54tFnT+S8txD/bMI8+8kBEC
X-Received: by 2002:a17:906:194b:b0:7c0:cfb2:40bc with SMTP id
b11-20020a170906194b00b007c0cfb240bcmr17620452eje.15.1670911830093;
Mon, 12 Dec 2022 22:10:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1670911830; cv=none;
d=google.com; s=arc-20160816;
b=JWP4uY/sas6COjfl3DJQLVrjIdvsGFwu0sCVq1m5VlPevWfT8/sAwaNrZUq3OqPoJO
ro49fXZ+hn6APd3M+chToyu+3Rzx1YJ0ClEtR4SkttYtEQc2TRCqW4EF76Rds2IDnhlS
8jJ54D4uoTrOKpaPXvSECR/AyDomF7cyEy3hUXigQtZz0kplBnh4Di4IF0yR0M7UnaDS
vNbAQaSigJ4rXOLwb6O/xudo07OQ3w2dM5QPmTyLwUtPww8L3uNlcTnmu1gDP+ypVpls
O3rOqpBA8cEXbYsYTSs1kQ4ZcshsqJGTpIVqO9j/2lCWS7088/Ofqec/VEcWcSNNrZmh
t3BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:reply-to:dkim-signature;
bh=00eaw7kjaxrGW1SYs5Ps4MIsZuAaNvLwF151/5eMIQ0=;
b=badVZKD42KD2moEfMd9pDifdyETTBGAXt05xERoET7tl6Ra0xbv6kc3XCBwCBRVXk2
0PLl8sDjHpj7Subm/lVn7GV5qeHbzB5OnQcB/tSX+l7QtLNLeUk95ittHBr9hI/4VyUP
CfsgQAfK3SfPtH2OsZzYtZDJLe01mPAGe8ENy2NofoOFK7DlIKVYIrr6JeltHgHVIj21
UJOMWt7It/SLUcq3/xmWdnGZAkKo7011zODA3Z4+sZFcm8DXQd/alg928rnfxOuZjrRU
EHsInGF2CeubzUlr5M6T/UuvD5M0aPpUK1KbBmlFtdYsWbWZKTJdL/ZSWQBzeQPEPYDE
iQLw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=ZiDwtQdu;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
gs13-20020a1709072d0d00b007c10ac9ca41si9682752ejc.95.2022.12.12.22.10.07;
Mon, 12 Dec 2022 22:10:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=ZiDwtQdu;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S234357AbiLMGJV (ORCPT <rfc822;jeantsuru.cumc.mandola@gmail.com>
+ 99 others); Tue, 13 Dec 2022 01:09:21 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46182 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233998AbiLMGJS (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 13 Dec 2022 01:09:18 -0500
Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com
[IPv6:2607:f8b0:4864:20::104a])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 774EC1A3A0
for <linux-kernel@vger.kernel.org>;
Mon, 12 Dec 2022 22:09:17 -0800 (PST)
Received: by mail-pj1-x104a.google.com with SMTP id
b6-20020a17090acc0600b0021a1a90a3e0so1358922pju.0
for <linux-kernel@vger.kernel.org>;
Mon, 12 Dec 2022 22:09:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112;
h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc
:subject:date:message-id:reply-to;
bh=00eaw7kjaxrGW1SYs5Ps4MIsZuAaNvLwF151/5eMIQ0=;
b=ZiDwtQduj6UUgneRNrcM2q4j5Rp8B7OEOpXLD8GMpb8pIJEX/XAi9SMo2TYub345DW
EbeUkka48R8J9ziaRCV5GAJWNfzM8FlId8NpQhRKtNjKur9X6xkKjiGm4PmLQcqztGg8
rAqNrgOqEmIFy+LQKqNqLzal1HIx3PgINz1ARCBOHbJRreasrZZDqm4SR2ltzSqfLZ01
bM0+juSyLOsF9jU1ZRpZxsQmpud770K0vDljEu/QJHKEJBeeV2uXh+oKPqYwcc1sbrTI
XRTJ0wZN+z6HGSGSzVi7ueYdoACrEhAhBfPBUzvzur6HUhN1ycPY45dAD0VCc92EK2/D
wZFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:from:subject:message-id:mime-version:date:reply-to
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=00eaw7kjaxrGW1SYs5Ps4MIsZuAaNvLwF151/5eMIQ0=;
b=i1Lmk2iCFWsb6PwZb6E3WTQ1FoOO+2CbH+jdJrURXEiI4dpp6N6jTf/Mwqi+U0uvUY
1kz9JG1yLc2HyK1epDSeYp4OW8UJR1jaeF3nDqsjAr5yhM5DBsyk81l2puvWv0811/MC
ScpPvfQq4mJvk42r+Qp7puVT1RJBIPV5sCzun6vq/SM1sSQAKeUTQem7QscRcPMW6je4
21kLA19gkdKgDGRsM+Vonv05nwctYU0QzvF5ogwX/3rgTG55qIBj0TeWG9kDTGRv5lbS
itoX88EufXmmmIIXxksOdWMf5CRcXZjNXubUuvaWxuwUUOKbdW010rBsczfKihR6l7Gv
u6JQ==
X-Gm-Message-State: ANoB5pmbNz1khqb9FrS1I1ye+znnOF6pMPRELOLYZzjtqblMnsme9wH5
2Z9ikq/tOUUrqudhkuktMadn6iYCM4Y=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a17:90b:1010:b0:219:1d0a:34a6 with SMTP id
gm16-20020a17090b101000b002191d0a34a6mr22501pjb.1.1670911756751; Mon, 12 Dec
2022 22:09:16 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 13 Dec 2022 06:09:05 +0000
Mime-Version: 1.0
X-Mailer: git-send-email 2.39.0.rc1.256.g54fd8350bd-goog
Message-ID: <20221213060912.654668-1-seanjc@google.com>
Subject: [PATCH 0/7] KVM: VMX: Handle NMI VM-Exits in noinstr section
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752078043311139408?=
X-GMAIL-MSGID: =?utf-8?q?1752078043311139408?=
|
| Series |
KVM: VMX: Handle NMI VM-Exits in noinstr section
|
|
Message
Sean Christopherson
Dec. 13, 2022, 6:09 a.m. UTC
Move NMI VM-Exit handling into vmx_vcpu_enter_exit() to fix a (mostly
benign?) bug where NMIs can be unblocked prior to servicing the NMI that
triggered the VM-Exit, e.g. if instrumentation triggers a fault and thus
an IRET. I deliberately didn't tag any of these for stable@ as the odds
of me screwing something up or of a backport going sideways seems higher
than out-of-order NMIs causing major problems.
The bulk of this series is just getting various helpers/paths ready for
noinstr usage.
I kept the use of a direct call to a dedicated entry point for NMIs
(doubled down really). AFAICT, there are no issues with the direct call
in the current code, and I don't know enough about FRED to know if using
INT $2 would be better or worse, i.e. less churn seemed like the way to
go. And if reverting to INT $2 in the future is desirable, splitting NMI
and IRQ handling makes it quite easy to do so as all the relevant code
that needs to be ripped out is isolated.
Sean Christopherson (7):
KVM: x86: Make vmx_get_exit_qual() and vmx_get_intr_info()
noinstr-friendly
KVM: VMX: Allow VM-Fail path of VMREAD helper to be instrumented
KVM: VMX: Always inline eVMCS read/write helpers
KVM: VMX: Always inline to_vmx() and to_kvm_vmx()
x86/entry: KVM: Use dedicated VMX NMI entry for 32-bit kernels too
KVM: VMX: Provide separate subroutines for invoking NMI vs. IRQ
handlers
KVM: VMX: Handle NMI VM-Exits in noinstr region
arch/x86/include/asm/idtentry.h | 16 +++-----
arch/x86/kernel/nmi.c | 8 ++--
arch/x86/kvm/kvm_cache_regs.h | 12 ++++++
arch/x86/kvm/vmx/hyperv.h | 20 ++++-----
arch/x86/kvm/vmx/vmcs.h | 4 +-
arch/x86/kvm/vmx/vmenter.S | 72 ++++++++++++++++++---------------
arch/x86/kvm/vmx/vmx.c | 55 +++++++++++++------------
arch/x86/kvm/vmx/vmx.h | 18 ++++-----
arch/x86/kvm/vmx/vmx_ops.h | 2 +
arch/x86/kvm/x86.h | 6 +--
10 files changed, 117 insertions(+), 96 deletions(-)
base-commit: 208f1c64e255fe3a29083880818e010ebdf585c6
Comments
> I kept the use of a direct call to a dedicated entry point for NMIs > (doubled down really). AFAICT, there are no issues with the direct call > in the current code, and I don't know enough about FRED to know if using > INT $2 would be better or worse, i.e. less churn seemed like the way to > go. And if reverting to INT $2 in the future is desirable, splitting NMI > and IRQ handling makes it quite easy to do so as all the relevant code > that needs to be ripped out is isolated. Thanks for making this change. There is no big difference between "int $2" and calling the NMI handler explicitly. Xin
Sean,
Is this merged into x86 KVM tree?
Thanks!
Xin
> -----Original Message-----
> From: Sean Christopherson <seanjc@google.com>
> Sent: Monday, December 12, 2022 10:09 PM
> To: Christopherson,, Sean <seanjc@google.com>; Paolo Bonzini
> <pbonzini@redhat.com>
> Cc: kvm@vger.kernel.org; linux-kernel@vger.kernel.org; Peter Zijlstra
> <peterz@infradead.org>; Lutomirski, Andy <luto@kernel.org>; Thomas Gleixner
> <tglx@linutronix.de>
> Subject: [PATCH 0/7] KVM: VMX: Handle NMI VM-Exits in noinstr section
>
> Move NMI VM-Exit handling into vmx_vcpu_enter_exit() to fix a (mostly
> benign?) bug where NMIs can be unblocked prior to servicing the NMI that
> triggered the VM-Exit, e.g. if instrumentation triggers a fault and thus an IRET. I
> deliberately didn't tag any of these for stable@ as the odds of me screwing
> something up or of a backport going sideways seems higher than out-of-order
> NMIs causing major problems.
>
> The bulk of this series is just getting various helpers/paths ready for noinstr
> usage.
>
> I kept the use of a direct call to a dedicated entry point for NMIs (doubled down
> really). AFAICT, there are no issues with the direct call in the current code, and I
> don't know enough about FRED to know if using INT $2 would be better or worse,
> i.e. less churn seemed like the way to go. And if reverting to INT $2 in the future
> is desirable, splitting NMI and IRQ handling makes it quite easy to do so as all the
> relevant code that needs to be ripped out is isolated.
>
> Sean Christopherson (7):
> KVM: x86: Make vmx_get_exit_qual() and vmx_get_intr_info()
> noinstr-friendly
> KVM: VMX: Allow VM-Fail path of VMREAD helper to be instrumented
> KVM: VMX: Always inline eVMCS read/write helpers
> KVM: VMX: Always inline to_vmx() and to_kvm_vmx()
> x86/entry: KVM: Use dedicated VMX NMI entry for 32-bit kernels too
> KVM: VMX: Provide separate subroutines for invoking NMI vs. IRQ
> handlers
> KVM: VMX: Handle NMI VM-Exits in noinstr region
>
> arch/x86/include/asm/idtentry.h | 16 +++-----
> arch/x86/kernel/nmi.c | 8 ++--
> arch/x86/kvm/kvm_cache_regs.h | 12 ++++++
> arch/x86/kvm/vmx/hyperv.h | 20 ++++-----
> arch/x86/kvm/vmx/vmcs.h | 4 +-
> arch/x86/kvm/vmx/vmenter.S | 72 ++++++++++++++++++---------------
> arch/x86/kvm/vmx/vmx.c | 55 +++++++++++++------------
> arch/x86/kvm/vmx/vmx.h | 18 ++++-----
> arch/x86/kvm/vmx/vmx_ops.h | 2 +
> arch/x86/kvm/x86.h | 6 +--
> 10 files changed, 117 insertions(+), 96 deletions(-)
>
>
> base-commit: 208f1c64e255fe3a29083880818e010ebdf585c6
> --
> 2.39.0.rc1.256.g54fd8350bd-goog
On Wed, Jan 18, 2023, Li, Xin3 wrote: > Sean, > > Is this merged into x86 KVM tree? No, I want reviews for the KVM patches before merging, and need acks for the non-KVM changes.
> > Is this merged into x86 KVM tree? > > No, I want reviews for the KVM patches before merging, and need acks for the > non-KVM changes. I guess you want Peter Zijlstra, or some other x86 maintainers, to ack it.
On Tue, Dec 13, 2022 at 06:09:05AM +0000, Sean Christopherson wrote: > Sean Christopherson (7): > KVM: x86: Make vmx_get_exit_qual() and vmx_get_intr_info() > noinstr-friendly > KVM: VMX: Allow VM-Fail path of VMREAD helper to be instrumented > KVM: VMX: Always inline eVMCS read/write helpers > KVM: VMX: Always inline to_vmx() and to_kvm_vmx() > x86/entry: KVM: Use dedicated VMX NMI entry for 32-bit kernels too > KVM: VMX: Provide separate subroutines for invoking NMI vs. IRQ > handlers > KVM: VMX: Handle NMI VM-Exits in noinstr region Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
On Tue, 13 Dec 2022 06:09:05 +0000, Sean Christopherson wrote: > Move NMI VM-Exit handling into vmx_vcpu_enter_exit() to fix a (mostly > benign?) bug where NMIs can be unblocked prior to servicing the NMI that > triggered the VM-Exit, e.g. if instrumentation triggers a fault and thus > an IRET. I deliberately didn't tag any of these for stable@ as the odds > of me screwing something up or of a backport going sideways seems higher > than out-of-order NMIs causing major problems. > > [...] Applied to kvm-x86 vmx, thanks! [1/7] KVM: x86: Make vmx_get_exit_qual() and vmx_get_intr_info() noinstr-friendly https://github.com/kvm-x86/linux/commit/fc9465be8aad [2/7] KVM: VMX: Allow VM-Fail path of VMREAD helper to be instrumented https://github.com/kvm-x86/linux/commit/8578f59657c5 [3/7] KVM: VMX: Always inline eVMCS read/write helpers https://github.com/kvm-x86/linux/commit/11633f69506d [4/7] KVM: VMX: Always inline to_vmx() and to_kvm_vmx() https://github.com/kvm-x86/linux/commit/432727f1cb6e [5/7] x86/entry: KVM: Use dedicated VMX NMI entry for 32-bit kernels too https://github.com/kvm-x86/linux/commit/54a3b70a75dc [6/7] KVM: VMX: Provide separate subroutines for invoking NMI vs. IRQ handlers https://github.com/kvm-x86/linux/commit/4f76e86f7e0d [7/7] KVM: VMX: Handle NMI VM-Exits in noinstr region https://github.com/kvm-x86/linux/commit/11df586d774f -- https://github.com/kvm-x86/linux/tree/next https://github.com/kvm-x86/linux/tree/fixes