From patchwork Sat Jul 29 01:16:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 128018
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp882663vqg;
        Fri, 28 Jul 2023 23:46:22 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlH2/itbV3S97rr/uPmKjRgzr2sZa7NSUu1pS5ipUHZ8VFXKZ1OXxksmtj4rEwQx8PBIm56F
X-Received: by 2002:a05:6a00:16c1:b0:67e:e019:3a28 with SMTP id
 l1-20020a056a0016c100b0067ee0193a28mr4527213pfc.16.1690613182603;
        Fri, 28 Jul 2023 23:46:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690613182; cv=none;
        d=google.com; s=arc-20160816;
        b=skPExEnyDvB0/bXqznL05ncGLS6BM0ilhTG6k/wBpLlRGfu7ZTWEQCcDlIbx8ILsIh
         P8r00TrPd81NA8hYbybKdCV0g8VigK1WH2TkiyW8WUdAoFEFkMKHoae0cGFvA4u7BuKr
         cFKLZxUcVgKtxwqC4F6WWXKo4HFo9/g3857OhNDXUgqFR8aatai0jMAc9QyyA9BGjlQO
         7Kqi3t9uMwTgwxPb83gwQj4QaUDhQ+NVbd3H7tNck9p4V44nR0Qcdm82CPwKS6z2Ka9y
         GpKaElqoRnVrYxu/tJfkvXrFrxUhm284ZuDEu5Fdx/0H99vV5kKGyFV2IXWRxkKWs3UQ
         EPuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:dkim-signature;
        bh=Td1GH9IlHvpXHIHUDo3By6hiD1XsWn1I7aZZNe6DB5w=;
        fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=;
        b=Fi8bxdNJMs0r8zMTblBMpQrAWjrYdNRz4v/hfWzuoNsq3OXYQj9XYRue9sBUFjK7D3
         Bk0gRfAxL1nJEFIMu95Aajfg4wh2Lun8RrhRXtRg4XmgRZcaXc6fEVgtjGI7gRRAD9Ln
         1phuafPyYl7AXkYy8fi1ntaHd5uHgCpb6M5kCDtyYMfnS+fXZVf9vdczR7LMim2YjRMB
         PtdrcU53wwju/ytrrwoSyKrLNQXgZBjxl+Vi5hag9m0G3I0O3NmO1OevIPneb6cdH5te
         6oJbD9TLxii6ImLOxWU8ooBlqdq3IBr53zIVqij0DxUQssB17UhmC5sTIqPSPEhBD6FW
         c+CA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=4Af6FshV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 fi37-20020a056a0039a500b006826c8d5a31si2263199pfb.21.2023.07.28.23.46.08;
        Fri, 28 Jul 2023 23:46:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=4Af6FshV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236963AbjG2BSx (ORCPT <rfc822;hanasaki@gmail.com> + 99 others);
        Fri, 28 Jul 2023 21:18:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35974 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231725AbjG2BRu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Jul 2023 21:17:50 -0400
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com
 [IPv6:2607:f8b0:4864:20::b49])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77E444EEA
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Jul 2023 18:17:23 -0700 (PDT)
Received: by mail-yb1-xb49.google.com with SMTP id
 3f1490d57ef6-d1c693a29a0so2526820276.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Jul 2023 18:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1690593414; x=1691198214;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=Td1GH9IlHvpXHIHUDo3By6hiD1XsWn1I7aZZNe6DB5w=;
        b=4Af6FshVFsrgrFsPJc4IthqUvttt1ICUmFLNLWtLZE5xK3kzxiG/xG13Xua1xOPAG/
         qsi+BpFoCzlp0VqIdOlZQTdc+VAwJpYpajeNm0aL+x2sNusxHJ/vlU7DAgRyh5rmbLaZ
         WiAqQcKmtSK4GPhYMEy5RsN9vB29UAhXPElyy3PHh1U4dOm6r1eZgY8xnD3/RvIcv/bn
         lxqE7kbzbGxs9WqU0pdeayYujblF5h2ScPpYWgTeS5EU3IHTWmT+NIX0KnUD0CHtrTJV
         kLsfo4Pxhv3CCog7OEi23/z3x7p5Ec3EYwTHO7qsM2gZaKo6owxQ+L33ziSVxQGlz6qK
         zKxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690593414; x=1691198214;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Td1GH9IlHvpXHIHUDo3By6hiD1XsWn1I7aZZNe6DB5w=;
        b=c0goQAeB0xlgoLvcUHS0MxZ+8mjHmOgO87aH1CdPVl/us2ndgNUcxjg2zf9LMO9qjB
         JTJkONMqD5D0UiE6Nkyqpy7lKhcQqO9sUi1xSZfjjEpMOshhZnVOCJSfOXlupzCOtGP9
         +opqrYCs19R8vdemkAZlxlL9i3F1P3OrGDFs2piqzEcU3EexuX+rfMtZfdWkmsVfRlBc
         Py9L4j1n++d8/fuqCymR1GEbuJSOPP88ah7vG6/t1FYsFe4bLsPtbfnAgYb+9Ag/FtTd
         M+htVk3lYvd7bSm+RTl8bgvtWI92QviYdoscYrqXl0E9gapOq5atcx+t5M6XhvI1Wkaj
         1ggA==
X-Gm-Message-State: ABy/qLbtSnsp8euTTJfe3H/EjTEUddQNtr+9HcaitOa2a0EEkqJjoE3r
        PN9aaqoCqpaWr+wVcXwPWslHTua7Dz0=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a25:69c7:0:b0:d07:f1ed:521a with SMTP id
 e190-20020a2569c7000000b00d07f1ed521amr17972ybc.4.1690593414398; Fri, 28 Jul
 2023 18:16:54 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 28 Jul 2023 18:16:08 -0700
In-Reply-To: <20230729011608.1065019-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230729011608.1065019-1-seanjc@google.com>
X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog
Message-ID: <20230729011608.1065019-22-seanjc@google.com>
Subject: [PATCH v2 21/21] KVM: x86: Disallow guest CPUID lookups when IRQs are
 disabled
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Maxim Levitsky <mlevitsk@redhat.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1772736408821174390
X-GMAIL-MSGID: 1772736408821174390

Now that KVM has a framework for caching guest CPUID feature flags, add
a "rule" that IRQs must be enabled when doing guest CPUID lookups, and
enforce the rule via a lockdep assertion.  CPUID lookups are slow, and
within KVM, IRQs are only ever disabled in hot paths, e.g. the core run
loop, fast page fault handling, etc.  I.e. querying guest CPUID with IRQs
disabled, especially in the run loop, should be avoided.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/cpuid.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index f74d6c404551..4b14bd9c5637 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -11,6 +11,7 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
 #include <linux/kvm_host.h>
+#include "linux/lockdep.h"
 #include <linux/export.h>
 #include <linux/vmalloc.h>
 #include <linux/uaccess.h>
@@ -84,6 +85,18 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_find(
 	struct kvm_cpuid_entry2 *e;
 	int i;
 
+	/*
+	 * KVM has a semi-arbitrary rule that querying the guest's CPUID model
+	 * with IRQs disabled is disallowed.  The CPUID model can legitimately
+	 * have over one hundred entries, i.e. the lookup is slow, and IRQs are
+	 * typically disabled in KVM only when KVM is in a performance critical
+	 * path, e.g. the core VM-Enter/VM-Exit run loop.  Nothing will break
+	 * if this rule is violated, this assertion is purely to flag potential
+	 * performance issues.  If this fires, consider moving the lookup out
+	 * of the hotpath, e.g. by caching information during CPUID updates.
+	 */
+	lockdep_assert_irqs_enabled();
+
 	for (i = 0; i < nent; i++) {
 		e = &entries[i];