From patchwork Sat Jul 29 01:16:07 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 127953
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp794152vqg;
        Fri, 28 Jul 2023 18:46:51 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlGkeRLscu5LMvm7Y6cWIP5uvFHou3H58vVGKjy2xE0y3510fO1vbmibo040GVgWlX+cQw1a
X-Received: by 2002:a17:902:8301:b0:1bb:7996:b269 with SMTP id
 bd1-20020a170902830100b001bb7996b269mr3420864plb.19.1690595211527;
        Fri, 28 Jul 2023 18:46:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690595211; cv=none;
        d=google.com; s=arc-20160816;
        b=boYNnkyVIfZX8jIG8L//uKoXqJgcnOWBoa5GVkMUWKzzUoN7k7/Hl3VkyOzk0QQL2E
         Tkqlr06jeVSlGFotwXdxfdttvV8JM9L74VrFSSUwq7xZaqapAG5xCeT4VkB9AGNqn5jg
         f0DbI7H2Q9mSRlQYoupXbMydKAl7tHBl5aDp+ACtDWp0oQsL5yCm1yEnDQ5tud7Mu6tF
         4q8tdPefQ+W3ELVUVaeB0tWy+zCL6xX84xZchD6A+0aJcdN4C3yc9nkh574DkUnWE39f
         yKLu6QaesKmZdGJJAKIu5BQK1NqR1sZGYe5NaVC+ZUSfyRSDw6m8WoMXSYC9uIi0ejE0
         oGVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:dkim-signature;
        bh=VgunzukDjbHa3GZgUyAC0qt2xyD/roymvALt+6M5c/I=;
        fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=;
        b=L+5ESRwrZvoNHREJoP7Z0mrUVhDefv3XaAVyEKMl2N+Wge7zWSSnRRuOgpIdamVnEd
         lP2I5S0ZFlvXQQ0csoQ6hbthCJvhvs1pu9gDkFe0/rDDRD39y/oQQ4bXCKq/1dLZyInI
         Ts95dWBNEoSpzoK5Dy05E5VXS0jCrpkrX0D8wZ9+TwDeyjYuf4JKgVENB4PASEppj96Y
         BVa5yIzZrvHDQgTM+2xXmP/JS9Q/zJMnazSMikeVpVj6IrfBpi8JaICiZA0/LMA1DEmP
         +1X/bytEidH2C9goaK8R3IdtHZW3bS8STKmAzS+yrK7EQsBTrrFeDRR+OsUHF2NSX/WL
         m0fA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=oaLMtNoa;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 kb13-20020a170903338d00b001bb3bcd05bbsi1113100plb.471.2023.07.28.18.46.38;
        Fri, 28 Jul 2023 18:46:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=oaLMtNoa;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237522AbjG2BSg (ORCPT <rfc822;hanasaki@gmail.com> + 99 others);
        Fri, 28 Jul 2023 21:18:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36618 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235248AbjG2BRt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Jul 2023 21:17:49 -0400
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 048F54EEC
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Jul 2023 18:17:22 -0700 (PDT)
Received: by mail-yb1-xb4a.google.com with SMTP id
 3f1490d57ef6-c8f360a07a2so2440386276.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Jul 2023 18:17:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1690593412; x=1691198212;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=VgunzukDjbHa3GZgUyAC0qt2xyD/roymvALt+6M5c/I=;
        b=oaLMtNoaDWLDjp7EXIcXnG7Ta8UVIB2jBzIDDVrwenl3iwfmCnZ/cJ2/73VgIR/qyc
         osC30NnMKZIrDgCTIPJKM8UJ5BR4tu4pKbB3e8aLCi7PR1j0Kt0QEOkmTEGzlhU9pFrj
         nQrc3ad1YG2CBMJjxUAcbD0q1GMSefgfF+hTdEB7ae0p8nm/CjL1fLIEf3gj/xHG9tX+
         AEzIDs5tvNgA6AStrqBdBFfdqIUWrBnPRCSYH0KcfGxNlJ2buNJ5msJYAfE1DssmAgos
         EsoxekFuAQsCcWvNz5MZAx6kJpa5nrJOfanbYJfn8dmO0WM3+5daH4FKNVxgd9a3bSpw
         AuIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690593412; x=1691198212;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VgunzukDjbHa3GZgUyAC0qt2xyD/roymvALt+6M5c/I=;
        b=DfvYBivqRJBpOH4IIKRlzgTPvU1IykXs8UGPFT3f4i1usDeNxLMGPcen3+H8h6k5cR
         laene63/qjBBPQTErixxTXMK4QtKPn0uJCv2ozdrtatobbqdhDOoaT3BGiP3V8NvrUyP
         bZLJDQV+Vbw267NXwHek24h1s48TUlOBrmchysOG6z90Rwsj4Ys4adwY9N9H6CmMz3qO
         JcHL8w1M95joMjZyla2OwtqWoVVkhTbGUMaw25Axki3wX8i0rNJUQuCAV8anPX9A4E5t
         w89n3mUmbTg6Sft0Nefs0qE6PI3hDz2bKwyHQLtAIFBhOK38+eOEa+VAvYd6ELTi42T3
         n8+g==
X-Gm-Message-State: ABy/qLbirdF+spuZP8qSYvA+unD8rtN35zrm1mo2JPSYGAhaY2xhsR7v
        I79pjit9U9OlgsxXF+by2/m386K2Jj4=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a25:2c5:0:b0:d09:3919:35c with SMTP id
 188-20020a2502c5000000b00d093919035cmr17449ybc.11.1690593412338; Fri, 28 Jul
 2023 18:16:52 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 28 Jul 2023 18:16:07 -0700
In-Reply-To: <20230729011608.1065019-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230729011608.1065019-1-seanjc@google.com>
X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog
Message-ID: <20230729011608.1065019-21-seanjc@google.com>
Subject: [PATCH v2 20/21] KVM: nSVM: Use KVM-governed feature framework to
 track "vNMI enabled"
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Maxim Levitsky <mlevitsk@redhat.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1772717564665282830
X-GMAIL-MSGID: 1772717564665282830

Track "virtual NMI exposed to L1" via a governed feature flag instead of
using a dedicated bit/flag in vcpu_svm.

Note, checking KVM's capabilities instead of the "vnmi" param means that
the code isn't strictly equivalent, as vnmi_enabled could have been set
if nested=false where as that the governed feature cannot.  But that's a
glorified nop as the feature/flag is consumed only by paths that are
gated by nSVM being enabled.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/governed_features.h | 1 +
 arch/x86/kvm/svm/svm.c           | 3 +--
 arch/x86/kvm/svm/svm.h           | 5 +----
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h
index 368696c2e96b..423a73395c10 100644
--- a/arch/x86/kvm/governed_features.h
+++ b/arch/x86/kvm/governed_features.h
@@ -15,6 +15,7 @@ KVM_GOVERNED_X86_FEATURE(LBRV)
 KVM_GOVERNED_X86_FEATURE(PAUSEFILTER)
 KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD)
 KVM_GOVERNED_X86_FEATURE(VGIF)
+KVM_GOVERNED_X86_FEATURE(VNMI)
 
 #undef KVM_GOVERNED_X86_FEATURE
 #undef KVM_GOVERNED_FEATURE
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 6d9bb4453f2d..89cc9f4f3ddc 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4236,8 +4236,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
 	kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PAUSEFILTER);
 	kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD);
 	kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF);
-
-	svm->vnmi_enabled = vnmi && guest_cpuid_has(vcpu, X86_FEATURE_VNMI);
+	kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VNMI);
 
 	svm_recalc_instruction_intercepts(vcpu, svm);
 
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 6eb5877cc6c3..06400cfe2244 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -259,9 +259,6 @@ struct vcpu_svm {
 	unsigned long soft_int_next_rip;
 	bool soft_int_injected;
 
-	/* optional nested SVM features that are enabled for this guest  */
-	bool vnmi_enabled                 : 1;
-
 	u32 ldr_reg;
 	u32 dfr_reg;
 	struct page *avic_backing_page;
@@ -537,7 +534,7 @@ static inline bool nested_npt_enabled(struct vcpu_svm *svm)
 
 static inline bool nested_vnmi_enabled(struct vcpu_svm *svm)
 {
-	return svm->vnmi_enabled &&
+	return guest_can_use(&svm->vcpu, X86_FEATURE_VNMI) &&
 	       (svm->nested.ctl.int_ctl & V_NMI_ENABLE_MASK);
 }