From patchwork Wed Jan 24 02:41:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yang, Weijiang" X-Patchwork-Id: 191321 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2553:b0:103:945f:af90 with SMTP id p19csp743764dyi; Tue, 23 Jan 2024 19:01:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IHXyoH1yxjrkMkTIb1xxMQ8rrb1sCPvypJHh6GbGjSh6dlNh9T2Lvh+kvbf4T69LOH5I252 X-Received: by 2002:a05:6402:1742:b0:55c:3668:c3c6 with SMTP id v2-20020a056402174200b0055c3668c3c6mr1231909edx.34.1706065314424; Tue, 23 Jan 2024 19:01:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706065314; cv=pass; d=google.com; s=arc-20160816; b=D8hbHpU6PrGnvhEKo+57LhQWqfEOLC6z0LIuqxHZUN6/eUmo9G0OSoQsM8Ip+gAEKA KuKEe8v1iIgTUQcXkMuF1D+Ch+9AjIxgD5qnRJpKxb7kCFpoqYxo6Ww7iLDWkEvREjLv l0Wyi6RgGmd4gwG1uktbbFXkOu16syQP9131dCrxblouhqSDO+Os0vcz7lxitvwEz0if lwaqqzOKAFxmovBssUFRnRG7d8/AErQfnTIbxCO+ZQKrvwtpUIbFbHcyoTZVjRq8WGVS jtbRRGpXLZ3dSiAlKFCCyZp9mH5wF2xpLHV71wrtGWeX3xeRSzULdY8QV5zSKz/wgw7+ ICXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=oJamj3KEbxdUqiy4zxZ2trB3vun34ynFsZH00sBmsv0=; fh=D+u40KSnYgjUYLGDRdXdD62xsMHg3nFDmpf3sEnyojA=; b=KO46ZkqLYVgxcVCRPrvbCaInFn/BwAapq/XOyoktG0YmBITywK+8YSuGv4DrVSHRy5 rlpOsAWYQVHTVNYhPUulY58lKDnd0MejOX5nscrjEd744HX+YB3WAw90UjAj+Cq46Dub 9SK2hd1EfTayI2cbDZVQnGNXwfprCBbkYzt7Wi9OpcTpjOeygqT8O84N+xbtJIz4PDaS iL8zvaelYQiCEdo6tKxCwVlcNJkHzfFmCCSS9s5kcvsSGXsNLiXUFs3FQftx5qTh7bT0 mqeuAnTsbh3PWKLmqLswFR7+XsotU1e4mpfrmFEeMUYitKSSwXyytDiEQvECw4S3wVP2 U93w== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UxLr68fV; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-36346-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36346-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id g40-20020a056402322800b0055a39d64302si6179010eda.523.2024.01.23.19.01.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 19:01:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-36346-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UxLr68fV; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-36346-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36346-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 73C231F2CED7 for ; Wed, 24 Jan 2024 02:52:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A0DE454FBF; Wed, 24 Jan 2024 02:42:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="UxLr68fV" Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E747028389; Wed, 24 Jan 2024 02:42:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.55.52.120 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706064172; cv=none; b=QIvtOYp0Uwtet5CIdY10vBSIN69fYgnCdZ7Se8z8yl4Q0K1gC7WZURCiPGHgpyLklev5GBtp2FmJRW8s4IGel6O83cRwvkkhyo2Gh+Ysc9HwE4+KDx11M5x0xTgFYQSHnn2DLbQS3QMz0x8tGZRAOq8M32Voz+slrdYO/bIHWPE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706064172; c=relaxed/simple; bh=VzRTyBG95NMIc7bDJOln3dLMG8SRjMb/e4tnQdiKqPY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=NdnL99xVuNWjIT8cN8W7/6DsVt0jIjOYCtPM8r2tYJCST+PkcgrAuchYkf3q3nqNpLsOixaog9mdoo6bTbVTslfD7Wqg6ieJ4NjMwfhQuurmiXUQUVK9jtCJExziWf1AHwT+pTpFaeFugZ9AS2GIUOO4w71qqKdDwIFOSyJLaXk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=UxLr68fV; arc=none smtp.client-ip=192.55.52.120 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706064169; x=1737600169; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=VzRTyBG95NMIc7bDJOln3dLMG8SRjMb/e4tnQdiKqPY=; b=UxLr68fVgWd7ARNLV1Xi16Nrqtj93xxsABiCNcWyqTB49wJYdzfrjxU0 qpAWW7TajgWbgfZXvERv+HdCfBivREAIlyeBHfbw6Hjcbq/09mCoS5PvC Y3W+gcKMYr51yh1impw4wETWgsiXKdLYeQ5GHenOe53YGHdRtDniwpxsr c4MSBhG7mQ4K11gng4RXZIe/RvKwcH8UkQWqgcrqMNKOssXOpyf3tPyNU ntUtBCj+QQcqj7zMlHsdwtK7kkR7U38BHy/G0MNKOgoP2Kwo3gu6BnS/q 8fq10TdLOTy7bafFrYjNEPzRFKBfOtKkB+Pxfa0o0n3Ey6FazdCKfrqCz w==; X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="400586588" X-IronPort-AV: E=Sophos;i="6.05,215,1701158400"; d="scan'208";a="400586588" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 18:42:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,215,1701158400"; d="scan'208";a="1825929" Received: from 984fee00a5ca.jf.intel.com ([10.165.9.183]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 18:42:44 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, yuan.yao@linux.intel.com Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v9 25/27] KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery to L1 Date: Tue, 23 Jan 2024 18:41:58 -0800 Message-Id: <20240124024200.102792-26-weijiang.yang@intel.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240124024200.102792-1-weijiang.yang@intel.com> References: <20240124024200.102792-1-weijiang.yang@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788939143097996557 X-GMAIL-MSGID: 1788939143097996557 Per SDM description(Vol.3D, Appendix A.1): "If bit 56 is read as 1, software can use VM entry to deliver a hardware exception with or without an error code, regardless of vector" Modify has_error_code check before inject events to nested guest. Only enforce the check when guest is in real mode, the exception is not hard exception and the platform doesn't enumerate bit56 in VMX_BASIC, in all other case ignore the check to make the logic consistent with SDM. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky Reviewed-by: Chao Gao --- arch/x86/kvm/vmx/nested.c | 27 ++++++++++++++++++--------- arch/x86/kvm/vmx/nested.h | 5 +++++ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index b2e9853584b8..468a7cf75035 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1230,9 +1230,9 @@ static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { const u64 feature_and_reserved = /* feature (except bit 48; see below) */ - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | + BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | BIT_ULL(56) | /* reserved */ - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56); + BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 57); u64 vmx_basic = vmcs_config.nested.basic; if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved)) @@ -2865,7 +2865,6 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, u8 vector = intr_info & INTR_INFO_VECTOR_MASK; u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK; bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK; - bool should_have_error_code; bool urg = nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST); bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE; @@ -2882,12 +2881,20 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) return -EINVAL; - /* VM-entry interruption-info field: deliver error code */ - should_have_error_code = - intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode && - x86_exception_has_error_code(vector); - if (CC(has_error_code != should_have_error_code)) - return -EINVAL; + /* + * Cannot deliver error code in real mode or if the interrupt + * type is not hardware exception. For other cases, do the + * consistency check only if the vCPU doesn't enumerate + * VMX_BASIC_NO_HW_ERROR_CODE_CC. + */ + if (!prot_mode || intr_type != INTR_TYPE_HARD_EXCEPTION) { + if (CC(has_error_code)) + return -EINVAL; + } else if (!nested_cpu_has_no_hw_errcode_cc(vcpu)) { + if (CC(has_error_code != + x86_exception_has_error_code(vector))) + return -EINVAL; + } /* VM-entry exception error code */ if (CC(has_error_code && @@ -7011,6 +7018,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; + if (cpu_has_vmx_basic_no_hw_errcode()) + msrs->basic |= VMX_BASIC_NO_HW_ERROR_CODE_CC; } static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index cce4e2aa30fb..747061c2aeb9 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -285,6 +285,11 @@ static inline bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val) __kvm_is_valid_cr4(vcpu, val); } +static inline bool nested_cpu_has_no_hw_errcode_cc(struct kvm_vcpu *vcpu) +{ + return to_vmx(vcpu)->nested.msrs.basic & VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + /* No difference in the restrictions on guest and host CR4 in VMX operation. */ #define nested_guest_cr4_valid nested_cr4_valid #define nested_host_cr4_valid nested_cr4_valid