From patchwork Thu Dec 21 14:02:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 182085 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp285751dyi; Thu, 21 Dec 2023 01:19:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IFBjU2is50ouIh355gpFjG9gdhHvkkMRAxszo+ncrUYVQcABlcxtPEkSuxjJC5DKLRaZYre X-Received: by 2002:a05:6122:4d1a:b0:4b6:e1de:16b4 with SMTP id fi26-20020a0561224d1a00b004b6e1de16b4mr662440vkb.25.1703150358412; Thu, 21 Dec 2023 01:19:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703150358; cv=none; d=google.com; s=arc-20160816; b=ixSx0pifaNaKtVuA2EhgMB0wolVXn6uz/FfI9aMP1XhRBd5vNEC8g7FMNktQ+YRsst d/KbPpXdeqzx0vy7vqkzGZqW72s2vm84L+J1fXoAgBvi7REyK1gCK7pO4XmVOc+zIyJC ykkKTxYeUUMevkFHjnljJRZHfAKeboXC6OvMD+vWwjoTrKcNFxnAV/dY0nSlYBPcDmK9 gzwQhS5VjTNEPsNVO1Ef2H1btMbA+o1wxibXAuCKWRRhPPxaMFKVZGevNOrRxdU6CTeE 31Bms+eUgTRKx3cERKhOAp4k2QnHb4og2sdPqGcXbEUzHxOGa0zeB80gCjyFUW5VxHy5 RL7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=oJamj3KEbxdUqiy4zxZ2trB3vun34ynFsZH00sBmsv0=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=XYgrbByvnDCbT8KOE7wJrPSkLh5JhX8AmKY/oTxMFIZGn+L6q0FRaTXbF+YKZ4GZVe KCaFKPoDDIoNxIzvs89DCiLKFVt7b/pgxTZYR8eS9MfOeM0+yyFkPn81bmt5kDCSMEIp m81Xvf7J8Q8FYlJL/rIDwIVqNa59Cbvo6T8U+T1fr8IDc4oabA7XaTsiv+uonURtNEeB hQfNNOdlMpJYERUelDVTHp7Xa664BFbqRZPafHJMm1kylyA2OIoOCYBW/1ik8+uhVD4A fSTZBPsWjQHXEaS0g7K59sECYUM9G3nIqSRj5K1JnVTiLxRapL86wfBy4/l5dMFmLPbt it9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DjCL77ti; spf=pass (google.com: domain of linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id t15-20020a05620a450f00b0077dc688e20asi1881963qkp.259.2023.12.21.01.19.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 01:19:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DjCL77ti; spf=pass (google.com: domain of linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8078-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 262EF1C22226 for ; Thu, 21 Dec 2023 09:19:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E20F55954A; Thu, 21 Dec 2023 09:03:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DjCL77ti" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 688F856744; Thu, 21 Dec 2023 09:03:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1703149434; x=1734685434; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=VzRTyBG95NMIc7bDJOln3dLMG8SRjMb/e4tnQdiKqPY=; b=DjCL77tigAO3KL7UkEEvTOTsqQ2OO3vGEUgJSmMMBhLrk3UaCgoO+zJq fe7amsh92yvZD9nH2TyrhEQEhEzo9zoBFEiW0hBHtxlJZncZQ2VWSzLKn xy9ARcdfWN/dyLnXG3qjU4i9jKesNaDj2RuzYezL4YEtHqyrfDaWgFhpW fd2QyVFFHXJUau5ASn+lfoleXB/Km/0vV8Fse1bBWJbhFNiPImPzD6U9b ecUXlfmOpvJDGPB/UZHy+/jDmBeJP9wRDoU7wgedH39+LfXFTOMnI1Tje K3Ho4JYKZepp0cDFr6uSoaEpcZ9lxqdYZp+zAjatdDTv6sF3M/AvnAxjd A==; X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="398729700" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="398729700" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10930"; a="900028646" X-IronPort-AV: E=Sophos;i="6.04,293,1695711600"; d="scan'208";a="900028646" Received: from 984fee00a5ca.jf.intel.com (HELO embargo.jf.intel.com) ([10.165.9.183]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2023 01:03:12 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v8 25/26] KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery to L1 Date: Thu, 21 Dec 2023 09:02:38 -0500 Message-Id: <20231221140239.4349-26-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231221140239.4349-1-weijiang.yang@intel.com> References: <20231221140239.4349-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785882590025416041 X-GMAIL-MSGID: 1785882590025416041 Per SDM description(Vol.3D, Appendix A.1): "If bit 56 is read as 1, software can use VM entry to deliver a hardware exception with or without an error code, regardless of vector" Modify has_error_code check before inject events to nested guest. Only enforce the check when guest is in real mode, the exception is not hard exception and the platform doesn't enumerate bit56 in VMX_BASIC, in all other case ignore the check to make the logic consistent with SDM. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/nested.c | 27 ++++++++++++++++++--------- arch/x86/kvm/vmx/nested.h | 5 +++++ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index b2e9853584b8..468a7cf75035 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1230,9 +1230,9 @@ static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { const u64 feature_and_reserved = /* feature (except bit 48; see below) */ - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | + BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | BIT_ULL(56) | /* reserved */ - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56); + BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 57); u64 vmx_basic = vmcs_config.nested.basic; if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved)) @@ -2865,7 +2865,6 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, u8 vector = intr_info & INTR_INFO_VECTOR_MASK; u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK; bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK; - bool should_have_error_code; bool urg = nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST); bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE; @@ -2882,12 +2881,20 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) return -EINVAL; - /* VM-entry interruption-info field: deliver error code */ - should_have_error_code = - intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode && - x86_exception_has_error_code(vector); - if (CC(has_error_code != should_have_error_code)) - return -EINVAL; + /* + * Cannot deliver error code in real mode or if the interrupt + * type is not hardware exception. For other cases, do the + * consistency check only if the vCPU doesn't enumerate + * VMX_BASIC_NO_HW_ERROR_CODE_CC. + */ + if (!prot_mode || intr_type != INTR_TYPE_HARD_EXCEPTION) { + if (CC(has_error_code)) + return -EINVAL; + } else if (!nested_cpu_has_no_hw_errcode_cc(vcpu)) { + if (CC(has_error_code != + x86_exception_has_error_code(vector))) + return -EINVAL; + } /* VM-entry exception error code */ if (CC(has_error_code && @@ -7011,6 +7018,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; + if (cpu_has_vmx_basic_no_hw_errcode()) + msrs->basic |= VMX_BASIC_NO_HW_ERROR_CODE_CC; } static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index cce4e2aa30fb..747061c2aeb9 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -285,6 +285,11 @@ static inline bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val) __kvm_is_valid_cr4(vcpu, val); } +static inline bool nested_cpu_has_no_hw_errcode_cc(struct kvm_vcpu *vcpu) +{ + return to_vmx(vcpu)->nested.msrs.basic & VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + /* No difference in the restrictions on guest and host CR4 in VMX operation. */ #define nested_guest_cr4_valid nested_cr4_valid #define nested_host_cr4_valid nested_cr4_valid