| Message ID | 20221228192438.2835203-5-vannapurve@google.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2051074wrt;
Wed, 28 Dec 2022 11:26:49 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXtYtr59URdhmiOwCSEMe8lO5bC6MEkzanJdAsFzORpQ0/H63EIUkvzJOKAoUB5vLEe/AurO
X-Received: by 2002:a05:6a00:d1:b0:580:eb71:40f0 with SMTP id
e17-20020a056a0000d100b00580eb7140f0mr17541627pfj.23.1672255609011;
Wed, 28 Dec 2022 11:26:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672255608; cv=none;
d=google.com; s=arc-20160816;
b=ugYXs0j4Xqsa0LxCCBAzbu4VOclTYA+5Fo27Y4svz9JaDAMVncs/4UMEIW3XvnmrKA
wxGN5v1WObKlod+k1h2VbuShw4JhXUJTiF36E5l5Yq7klo6uS7DDjZmowXaPJ3lD9BSK
zkblkFp8CAbdJP2q3L0P4q/JXskD7UxwBsyRQF5nEF7godmHxtl7F8Oh/U/+qpMglA4d
z8TRaJDp+Wn/EGtZyxYM4xjl7o7jeyafsK2XOs8cMJ1ZivM9GkCvTl3ITU7Fv7mUE60f
6Y8abYbCQGjY5p6GtKWryLQQ+qrKv9gUj9Pji5a9976HVmXwIMXjS5G97s6pKiWziJkx
3ATw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:references
:mime-version:in-reply-to:date:dkim-signature;
bh=sIyfuO6L8HnU8CmCldKrIpDi7aTZJyxJfn1wljTzIeI=;
b=CNjqO9UfkUnY8IDaH7VC0cvd1V/YfLLt4gQf8lUehnvfds7tT7vu5B96G6DvIj6xK8
WQSpLjf6UGxbQK4W2mNMJ3DhA26AK7pViw2QiaKyx3oWTt8m1YNRf60MM/LHJ2di9GXU
fmkFPhoCP9w+My3WSLshfhDdJ6RLJSF5+DK6DjDDGaYw7WTZmqDwt3nIFG9mrWleWjqn
YaAciHGUMMiCDZVIKbboMImEv+qmXuMh9MwFXw3IcT+zj+PO1qWox8qDivFXh5digq6p
i3tjZxHcGY7/wv4n8/aR2hLFYUY+GWsSSX+j1szLyCzIY9EyROnil8q6COUrF7ZakK2t
9z5g==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=HbphtqtI;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
h4-20020a056a00170400b00563960fdb21si17102948pfc.260.2022.12.28.11.26.37;
Wed, 28 Dec 2022 11:26:48 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=HbphtqtI;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233191AbiL1TZZ (ORCPT <rfc822;eddaouddi.ayoub@gmail.com>
+ 99 others); Wed, 28 Dec 2022 14:25:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46530 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233350AbiL1TZF (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 28 Dec 2022 14:25:05 -0500
Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com
[IPv6:2607:f8b0:4864:20::1049])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E32AB183AE
for <linux-kernel@vger.kernel.org>;
Wed, 28 Dec 2022 11:24:56 -0800 (PST)
Received: by mail-pj1-x1049.google.com with SMTP id
v16-20020a17090a899000b00219b1f0ddebso12926757pjn.5
for <linux-kernel@vger.kernel.org>;
Wed, 28 Dec 2022 11:24:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:from:to:cc:subject:date:message-id:reply-to;
bh=sIyfuO6L8HnU8CmCldKrIpDi7aTZJyxJfn1wljTzIeI=;
b=HbphtqtIjGcu1bCKK6wFWu4E/GlYZGDlsYger0IgbCeUkoHRrvjgvwYnY/vOQNJS3v
FyjI7bdMglfCpRTTsNvK49p8IyLNoVRBVdcnldRVB+HUTo08LKiSrhC5Q/0Uc+QQdp+X
IHJ89MTp65CrwucYaVMtjMiROhNdBnnGYlBREUmDHiQkTkehUA4DlpRUBvud1+SVqpMC
6jKDiAXw31yGNOiO07z1YlMzIXbFVC8qVLvnQMkUpOleAVc5L3CryHcplcqTmY4Pt+Gf
tXjGKaI88IH6T+SOZw737PpHr745DcyWzXyYFxhUqfzzIygXPYuztcWMdNooU6ZBsvBQ
U5Yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=sIyfuO6L8HnU8CmCldKrIpDi7aTZJyxJfn1wljTzIeI=;
b=ijMKKStsaTT14hNkFE01kEl5JP/h2MWruEIyM6BTf+AxRM+IVyORAZrsPha63LnCIX
qiDB88VHs/xP/iUddCEECIHmr1CSvT/HHCd++2T7u/0DqIkixT+H4fCUOEAYddtg2FeK
V609AF7q4hb4wSDsyEms1WSkocZ81isCUieE/OWcDCP8WRFyOvyux2zb3knmbHjhMhQ+
Pv7WZtutlRvyt9idQa9Ozejq+fAjCIphFRnpbipOmetoQSB6fBmTDcSIBxT26I90nJKA
8u0Xb4Ocbjf4buQWf3gakdsmcxY1bOqa29606hCZETfGeofo4HhTWelePS58DJxq2Jio
c6/A==
X-Gm-Message-State: AFqh2kqu03RUUl5/y986hBc84477lok6BB31BTse57cXrxaud8WaKId7
FjMdtLjJUheFka6W7UWM5d/y4CUhvJCXNDXu
X-Received: from vannapurve2.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:41f8])
(user=vannapurve job=sendgmr) by 2002:a17:90a:7c48:b0:225:ff38:5494 with SMTP
id e8-20020a17090a7c4800b00225ff385494mr796035pjl.151.1672255496443; Wed, 28
Dec 2022 11:24:56 -0800 (PST)
Date: Wed, 28 Dec 2022 19:24:38 +0000
In-Reply-To: <20221228192438.2835203-1-vannapurve@google.com>
Mime-Version: 1.0
References: <20221228192438.2835203-1-vannapurve@google.com>
X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog
Message-ID: <20221228192438.2835203-5-vannapurve@google.com>
Subject: [V4 PATCH 4/4] KVM: selftests: x86: Invoke kvm hypercall as per host
cpu
From: Vishal Annapurve <vannapurve@google.com>
To: x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Cc: pbonzini@redhat.com, shuah@kernel.org, bgardon@google.com,
seanjc@google.com, oupton@google.com, peterx@redhat.com,
vkuznets@redhat.com, dmatlack@google.com,
Vishal Annapurve <vannapurve@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1753487097468070563?=
X-GMAIL-MSGID: =?utf-8?q?1753487097468070563?=
|
| Series |
Execute hypercalls according to host cpu
|
|
Commit Message
Vishal Annapurve
Dec. 28, 2022, 7:24 p.m. UTC
Invoke vmcall/vmmcall instructions from kvm_hypercall as per host CPU
type. CVMs and current kvm_hyerpcall callers need to execute hypercall
as per the cpu type to avoid KVM having to emulate the instruction
anyways.
CVMs need to avoid KVM emulation as the guest code is not updatable
from KVM. Guest code region can be marked un-mondifiable from KVM
without CVMs as well, so in general it's safer to avoid KVM emulation
for vmcall/vmmcall instructions.
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Vishal Annapurve <vannapurve@google.com>
---
tools/testing/selftests/kvm/lib/x86_64/processor.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Comments
KVM: selftests: Use host's native hypercall instruction in kvm_hypercall() On Wed, Dec 28, 2022, Vishal Annapurve wrote: > Invoke vmcall/vmmcall instructions from kvm_hypercall as per host CPU () for functions, i.e. kvm_hypercall(). > type. s/type/vendor, "type" is too generic. > CVMs and current kvm_hyerpcall callers need to execute hypercall CVM isn't a not ubiquitous acronym. I would avoid it entirely because "CVM" doesn't strictly imply memory encryption, e.g. KVM could still patch the guest in a pKVM-like implementation. Use the host CPU's native hypercall instruction, i.e. VMCALL vs. VMMCALL, in kvm_hypercall(), as relying on KVM to patch in the native hypercall on a #UD for the "wrong" hypercall requires KVM_X86_QUIRK_FIX_HYPERCALL_INSN to be enabled and flat out doesn't work if guest memory is encrypted with a private key, e.g. for SEV VMs.
On Mon, Jan 9, 2023 at 10:21 AM Sean Christopherson <seanjc@google.com> wrote: > > KVM: selftests: Use host's native hypercall instruction in kvm_hypercall() > > On Wed, Dec 28, 2022, Vishal Annapurve wrote: > > Invoke vmcall/vmmcall instructions from kvm_hypercall as per host CPU > > () for functions, i.e. kvm_hypercall(). > > > type. > > s/type/vendor, "type" is too generic. > > > CVMs and current kvm_hyerpcall callers need to execute hypercall > > CVM isn't a not ubiquitous acronym. I would avoid it entirely because "CVM" > doesn't strictly imply memory encryption, e.g. KVM could still patch the guest in > a pKVM-like implementation. > > Use the host CPU's native hypercall instruction, i.e. VMCALL vs. VMMCALL, > in kvm_hypercall(), as relying on KVM to patch in the native hypercall on > a #UD for the "wrong" hypercall requires KVM_X86_QUIRK_FIX_HYPERCALL_INSN > to be enabled and flat out doesn't work if guest memory is encrypted with > a private key, e.g. for SEV VMs. Ack, this makes sense.
diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index 18f0608743d1..cc0b9c17fa91 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -1154,9 +1154,15 @@ uint64_t kvm_hypercall(uint64_t nr, uint64_t a0, uint64_t a1, uint64_t a2, { uint64_t r; - asm volatile("vmcall" + asm volatile("test %[use_vmmcall], %[use_vmmcall]\n\t" + "jnz 1f\n\t" + "vmcall\n\t" + "jmp 2f\n\t" + "1: vmmcall\n\t" + "2:" : "=a"(r) - : "a"(nr), "b"(a0), "c"(a1), "d"(a2), "S"(a3)); + : "a"(nr), "b"(a0), "c"(a1), "d"(a2), "S"(a3), + [use_vmmcall] "r" (is_host_cpu_amd())); return r; }