From patchwork Tue Nov 29 19:37:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27476 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp537277wrr; Tue, 29 Nov 2022 11:53:25 -0800 (PST) X-Google-Smtp-Source: AA0mqf7PhdAw0hPRFWPYYq6aePk2tgGrCNR1t8ZcuiTGFF2kM7KCgLRo7HePpBXYtIqfEvJx/sJa X-Received: by 2002:a05:6402:f10:b0:467:9976:2e37 with SMTP id i16-20020a0564020f1000b0046799762e37mr53896069eda.267.1669751605666; Tue, 29 Nov 2022 11:53:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751605; cv=none; d=google.com; s=arc-20160816; b=yTEomU81AsfnLC7ZwVZJ3Zj2NYNbkGolFKMB11ruoF8QL+PN2s32V+S4sloTBDIwXI NQfItryV35627B9PuGDoeL+/XbJkgwbhLBOipVjWb8FkhD7EEDjVCx6g7Sr7hBWsRa2T HMcE5baTf6V8QZOAd335+E2W5gxDmtWg8kOmWHjsSR13AnCPrXVotQYwwNPig0HCYnHq UkR+ib39ywyu5NtLBYQHKXjdwbZCevO9arqt/2GJbAv7RCednEO2lE6j9p/WH+6kNovp wU50/FZWNRoVl+ZPgJUfe42ip8Cp1K1JczwIaTmP0/hxsJ13cdcxuzkObHrVGoL6i3YN w7iA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=nYEa1XgfnHAIZ7cB2VYzoZKokkGbb+MsQs52pSYGTFU=; b=tXrnaeXiYwSfz28QREZIQLOHxoAzUe6xOS9hV1jFR1N/UXNrNS7nst8HL4AW+USQ89 nxGajEV24cf1thu0orCo3NPYBgvF9QmMAJCdELh2E4/fusclLxtpiDZKJ46/18ABbl6X LCvFjU5IFzLOyec1+9Mb3fzgPSZEEB6MU+V6k21Gc2ZB3GorMT5xxx6zC7cgPd64lwFc C8IlySqhxGl9yBBJIpGGUToEvy7UXOwOGa11WKzrXshF0ROTcQlcirMrJdBwAJjAznOd SkF2ANcOvqZR55rSyjUWk2NRIP+qWBVqrVHwKEr6FOGArSOLT5YFx6nZHd8nPeqLPDPS uSOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PuXo4pnE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y17-20020aa7c251000000b0046b1c26d81dsi1954448edo.80.2022.11.29.11.53.01; Tue, 29 Nov 2022 11:53:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PuXo4pnE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236935AbiK2ToD (ORCPT + 99 others); Tue, 29 Nov 2022 14:44:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56376 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237147AbiK2Tno (ORCPT ); Tue, 29 Nov 2022 14:43:44 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99FB973435 for ; Tue, 29 Nov 2022 11:39:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nYEa1XgfnHAIZ7cB2VYzoZKokkGbb+MsQs52pSYGTFU=; b=PuXo4pnEP8SmXEMXTV19etOg8unyDUUMZsSVIxOIb4pS4h1GpKHoPOGM/H3+nIGSwS+5Ik HXZEXhq9RXXNCrw9SVmYXe1iO/X68RK3b7tZG8t0NDrzqCtf5hzHFUFddJdZ0eJz+P3D4B fiNWWICQ+wffSOk8g+9IfNNgLYG/a9I= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-249-i3rAk3gQPo6OLUDKYDUTwg-1; Tue, 29 Nov 2022 14:37:28 -0500 X-MC-Unique: i3rAk3gQPo6OLUDKYDUTwg-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E71D8857F90; Tue, 29 Nov 2022 19:37:26 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id CAC9C2027064; Tue, 29 Nov 2022 19:37:22 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky Subject: [PATCH v2 01/11] KVM: nSVM: don't sync back tlb_ctl on nested VM exit Date: Tue, 29 Nov 2022 21:37:07 +0200 Message-Id: <20221129193717.513824-2-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861459682585438?= X-GMAIL-MSGID: =?utf-8?q?1750861459682585438?= The CPU doesn't change TLB_CTL value as stated in the PRM (15.16.2): "The VMRUN instruction reads, but does not change, the value of the TLB_CONTROL field" Therefore the KVM shouldn't do that either. Signed-off-by: Maxim Levitsky --- arch/x86/kvm/svm/nested.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index bc9cd7086fa972..37af0338da7c32 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1010,7 +1010,6 @@ int nested_svm_vmexit(struct vcpu_svm *svm) vmcb12->control.next_rip = vmcb02->control.next_rip; vmcb12->control.int_ctl = svm->nested.ctl.int_ctl; - vmcb12->control.tlb_ctl = svm->nested.ctl.tlb_ctl; vmcb12->control.event_inj = svm->nested.ctl.event_inj; vmcb12->control.event_inj_err = svm->nested.ctl.event_inj_err; From patchwork Tue Nov 29 19:37:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27469 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp535781wrr; Tue, 29 Nov 2022 11:49:27 -0800 (PST) X-Google-Smtp-Source: AA0mqf5qjqbHjeRWL4Cd1WEH16XU/n5KPC9bonWOUQL3rUPNpX/oDjiPmHmPOWIF7JPtwXRC+ikl X-Received: by 2002:a17:906:1585:b0:7ad:84c7:502d with SMTP id k5-20020a170906158500b007ad84c7502dmr35365298ejd.177.1669751367650; Tue, 29 Nov 2022 11:49:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751367; cv=none; d=google.com; s=arc-20160816; b=EQaPCu4nfLiwQs9IC1rowocl2hsBVGAUWkuSpUvz551tbfjCeQc+6Zxnvh6ZUe2Gu/ ytVl0TlcDD9rGb2hr/t0f1c2Pvr0xuIxj7VYS1A1NFqQzp3W+6/OxTLnuOQcVO9odm41 K667A3m/v6aH5OZ9boXjn4yR6ESOth40et4eEWWzuEogNmShSsKR1+E7rR99zUfQ6ROY WP0gz1KBT6SsgMHeuM4QgrVwl83aQ0jePkIh2tX5mGmqKK67fXknl+WA9/Q3GMRfVRdJ 1prIp0VyAKrHCzfvww9egH3pIi8pmz2tTbvac0xkCHjwvNJRimiP4Zg35Hd0p16ZNkRD s2Cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IsK6SeDRcKB0ngx9XBGmKXR4JOxNBat2MjmDlSq9EM0=; b=TyB1O9Bmb1oNb1f03eJpwvbst6TyIVX9u08LexwuBkPZ8tJ6qqt/sHTyLhjCgCbOW9 RMT2S8avyIN0fB67OGjbzEOFQkz7Ao1RcdkwXA3cV+ndwQInDbOl7HHy4HcIPZkP82Ci 3l++2jZ+COyFKgGDl4DsGB9lYEqZyxuccXSQK3fiZC0ZKG7cayg1imyhO5hS6JzGi2N6 IUE+Xv2dy9WZx3x3rpBhyCClGXQjZjUVey10t5KGlGQEZwCSyCf/XQB/XIbwwDNsBhFf fFnc+13pCPNcSBnR7KRvhUaWmVamwfFVJnLam33j/2gz27SrZ+ebrj45aCF/47MSeuxJ DLRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=d7CfkZ02; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b6-20020a056402138600b00469b3fcafe8si11708341edv.432.2022.11.29.11.49.03; Tue, 29 Nov 2022 11:49:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=d7CfkZ02; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237121AbiK2Tkp (ORCPT + 99 others); Tue, 29 Nov 2022 14:40:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49272 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236072AbiK2TkU (ORCPT ); Tue, 29 Nov 2022 14:40:20 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 020CFE75 for ; Tue, 29 Nov 2022 11:37:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750655; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IsK6SeDRcKB0ngx9XBGmKXR4JOxNBat2MjmDlSq9EM0=; b=d7CfkZ02PyamPHn618NQc3H0ZxH0am2qPWhPquEKJ+R9Cf9h2IzG7akOnevRl5uc4bv8xK MQK296EWd9PCCJGHECxIHu94VBZXxwR0aTxkUnXW+vLIdXt8F4DMN3n+dZFN0E9MXs5poF pj/6AxTnjpV30bDfgN0KTWQxQF0v7W8= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-57-m87UuQubOz2LL_yd13l6nA-1; Tue, 29 Nov 2022 14:37:32 -0500 X-MC-Unique: m87UuQubOz2LL_yd13l6nA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 03F3D86EB22; Tue, 29 Nov 2022 19:37:31 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 43C6A2027061; Tue, 29 Nov 2022 19:37:27 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky Subject: [PATCH v2 02/11] KVM: nSVM: clean up the copying of V_INTR bits from vmcb02 to vmcb12 Date: Tue, 29 Nov 2022 21:37:08 +0200 Message-Id: <20221129193717.513824-3-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861209642825487?= X-GMAIL-MSGID: =?utf-8?q?1750861209642825487?= the V_IRQ and v_TPR bits don't exist when virtual interrupt masking is not enabled, therefore the KVM should not copy these bits regardless of V_IRQ intercept. Signed-off-by: Maxim Levitsky --- arch/x86/kvm/svm/nested.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 37af0338da7c32..aad3145b2f62fe 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -412,24 +412,17 @@ void nested_copy_vmcb_save_to_cache(struct vcpu_svm *svm, */ void nested_sync_control_from_vmcb02(struct vcpu_svm *svm) { - u32 mask; + u32 mask = 0; svm->nested.ctl.event_inj = svm->vmcb->control.event_inj; svm->nested.ctl.event_inj_err = svm->vmcb->control.event_inj_err; - /* Only a few fields of int_ctl are written by the processor. */ - mask = V_IRQ_MASK | V_TPR_MASK; - if (!(svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK) && - svm_is_intercept(svm, INTERCEPT_VINTR)) { - /* - * In order to request an interrupt window, L0 is usurping - * svm->vmcb->control.int_ctl and possibly setting V_IRQ - * even if it was clear in L1's VMCB. Restoring it would be - * wrong. However, in this case V_IRQ will remain true until - * interrupt_window_interception calls svm_clear_vintr and - * restores int_ctl. We can just leave it aside. - */ - mask &= ~V_IRQ_MASK; - } + /* + * Only a few fields of int_ctl are written by the processor. + * Copy back only the bits that are passed through to the L2. + */ + + if (svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK) + mask = V_IRQ_MASK | V_TPR_MASK; if (nested_vgif_enabled(svm)) mask |= V_GIF_MASK; From patchwork Tue Nov 29 19:37:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27474 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp536678wrr; Tue, 29 Nov 2022 11:51:50 -0800 (PST) X-Google-Smtp-Source: AA0mqf6q3c6OiSzlUc/X1eYvMX01KKo/iNBGnQBd5SxV1OezFvFS4vjQXFEVGk63ePGdx5LWnTZ1 X-Received: by 2002:a17:906:1b46:b0:7be:e794:a406 with SMTP id p6-20020a1709061b4600b007bee794a406mr12194837ejg.503.1669751509888; Tue, 29 Nov 2022 11:51:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751509; cv=none; d=google.com; s=arc-20160816; b=nTx3Rcb0zMi9ZrTvIVMav0MAT5xxlh+RaYZXY2EbYB4QHZBmv4Z9WSCbQRw3YZTyrW qVJ5G8AyB7bV1bNgjI0whfmgGxmk/EhbA/U0muShnXR5hpRMCaxCNIGoL6CzG5XpaeZc YIuZDOtyn5Xl5M+lxH1ovfijsADB58fWw4ge+vvJfm41qmmWsHd+wvoj21N9UsdXtcwA /H5VX9e+5PaWuunp7h/9t47snXpQRi0chaLN4d6heD+HGv5FCptTEJbv11ec3x3Kul1C EQlXx5qDmeQLWP1pgCyAJatCK12fmhFjcgiYoRJZZRk8ucmc8D+sRwVPiUeXh61AGiIX m2ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ax33lO2rYC4qdqXK9hN6118xGd7ZlQSFY6CuNF4UBj0=; b=tooDWexm9z7ohWI/aMSjTgUNhek0yLKlip31umydpUiXMR/YueaQEdYVjfS2SZpguN yoYM/AVnSXQGwsdUeCHZKGG+K5Hz2hPmOavjgHzlGBY7xgOMUBDAly9stzwtdvUtt9y7 ybpbRUJHdPoK8VoRUC8Kmz0wepFONK0GxfpRDS0eJWkKJKWZT6VbDodnQxkYUmcoJ6oT kqNPx8dgjuC/YMt6IQh2cCoQUznHPtqGilLnZTaXitmvSRSZ38I+0EY6oTxE7B/oLE1Y hh6BILi3wmZwwZEOqRy5Mo0C2FG3Pvt1FBla6eVXTk3NI0csk5teHHpiI6CenpXY1A4t o5vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="D/XCJxQk"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id be4-20020a1709070a4400b0078e27f2fbe4si14436217ejc.293.2022.11.29.11.51.24; Tue, 29 Nov 2022 11:51:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="D/XCJxQk"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236207AbiK2Tks (ORCPT + 99 others); Tue, 29 Nov 2022 14:40:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235990AbiK2TkY (ORCPT ); Tue, 29 Nov 2022 14:40:24 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACB2E262B for ; Tue, 29 Nov 2022 11:37:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750659; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ax33lO2rYC4qdqXK9hN6118xGd7ZlQSFY6CuNF4UBj0=; b=D/XCJxQkCiCal9eFqeLX2zrMXejXyn1/QuVuU4Kw5waYNDYiZ+3lacAD4szuNGEgMnXuKN 3yhkbkLdJPqK3TT+yOXGoPo4sDryssu42As4WK9RHsFRvNO724eYQds/S6tayqMzUMT6ro 7rCbsiEO7aRKbvd5zO6qHMZxtlqXsuA= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-153-KxT3T5GlMzGGlJO3dCad6A-1; Tue, 29 Nov 2022 14:37:36 -0500 X-MC-Unique: KxT3T5GlMzGGlJO3dCad6A-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 00FB81C06EDF; Tue, 29 Nov 2022 19:37:35 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D0B82024CB7; Tue, 29 Nov 2022 19:37:31 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky Subject: [PATCH v2 03/11] KVM: nSVM: explicitly raise KVM_REQ_EVENT on nested VM exit if L1 doesn't intercept interrupts Date: Tue, 29 Nov 2022 21:37:09 +0200 Message-Id: <20221129193717.513824-4-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861358840887804?= X-GMAIL-MSGID: =?utf-8?q?1750861358840887804?= If the L2 doesn't intercept interrupts, then the KVM will use vmcb02's V_IRQ for L1 (to detect the interrupt window) In this case on the nested VM exit KVM might need to copy the V_IRQ bit from the vmcb02 to the vmcb01, to continue waiting for the interrupt window. To make it simple, just raise the KVM_REQ_EVENT request, which execution will lead to the reenabling of the interrupt window if needed. Note that this is a theoretical bug because the KVM already does raise the KVM_REQ_EVENT request one each nested VM exit because the nested VM exit resets RFLAGS and the kvm_set_rflags() raises the KVM_REQ_EVENT request in the response. However raising this request explicitly, together with documenting why this is needed, is still preferred. Signed-off-by: Maxim Levitsky --- arch/x86/kvm/svm/nested.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index aad3145b2f62fe..e891318595113e 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1016,6 +1016,31 @@ int nested_svm_vmexit(struct vcpu_svm *svm) svm_switch_vmcb(svm, &svm->vmcb01); + /* Note about synchronizing some of int_ctl bits from vmcb02 to vmcb01: + * + * - V_IRQ, V_IRQ_VECTOR, V_INTR_PRIO_MASK, V_IGN_TPR: + * If the L2 doesn't intercept interrupts, then + * (even if the L2 does use virtual interrupt masking), + * KVM will use the vmcb02's V_INTR to detect interrupt window. + * + * In this case, the KVM raises the KVM_REQ_EVENT to ensure that interrupt window + * is not lost and this implicitly copies these bits from vmcb02 to vmcb01 + * + * V_TPR: + * If the L2 doesn't use virtual interrupt masking, then the L1's vTPR + * is stored in the vmcb02 but its value doesn't need to be copied from/to + * vmcb01 because it is copied from/to the TPR APIC's register on + * each VM entry/exit. + * + * V_GIF: + * - If the nested vGIF is not used, KVM uses vmcb02's V_GIF for L1's V_GIF, + * however, the L1 vGIF is reset to false on each VM exit, thus + * there is no need to copy it from vmcb02 to vmcb01. + */ + + if (!nested_exit_on_intr(svm)) + kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); + if (unlikely(svm->lbrv_enabled && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { svm_copy_lbrs(vmcb12, vmcb02); svm_update_lbrv(vcpu); From patchwork Tue Nov 29 19:37:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27470 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp536113wrr; Tue, 29 Nov 2022 11:50:22 -0800 (PST) X-Google-Smtp-Source: AA0mqf5zI11K4kk3HOeddfyO13oDJFSoHgv4QwswiL9rF+VYSG4qRf5OW95mZ7ol11nQhn5CVxqR X-Received: by 2002:aa7:db90:0:b0:459:aa70:d4fd with SMTP id u16-20020aa7db90000000b00459aa70d4fdmr51251226edt.162.1669751422500; Tue, 29 Nov 2022 11:50:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751422; cv=none; d=google.com; s=arc-20160816; b=Y6Ts2vY5SumWS0bXKiuYD5bzXNSY82LHMoJnq/w1uHM7Qj6/ofgpn1ry+dhJkqtO97 Qy7QtL7UPjmGq+QOCAcY1TN+peUZBZb7uXBGlyBWoNfxTxJX8j6/O0L8kbqSdlnsdQuU MWc2Ty6YfGY0/h2iWm50DCshKS6HIoRdrh1VMCFH2N4qbhvOEBWgLqc5OfJD9SC7OPAo SwKn9BBHLQtHulKYYiEseTkZrBUfWSdHMz+UHASdXG3rO0yKTZncDa6+n/OTsjzpgWQW XGCfMvrfxdple1hk49ie+u0w7BrLjbK0lHCwuvswq3huT81RhOs7UOdqdDw5wViEp/95 PVTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=9dwVem96795eE3qcgmMV9GIrD+Dv4vNEuuuNJ0HxdFU=; b=esQS4fh7PMOhOXdIwjGHT8LBbBurv0OWnB5FAEmjBt86BaWnSZXnuEj5rLkQ7hwo/I HZxMmYCOTAIBOEZ2ivJjxJ5F/tYfeMSfWCZe8iNpIEbbSX74mJeSbS9hEWVdFclNLBBb osXfdGLKXIl0PPwm8ToJb4Hf4D9CftSqoUEC4aX19n8f0JVvMmXVayQfl38MbWxDwwES mB1vLeLJzysUBkNsICwZmfgpoG3Pwrp6mb1PsbOS6e3CEkccqiW+HiYPUL4mXsAxw2Ef jB4B2QpRWqswAYHrHVDHl+46gVZ3KqAjSElLL1Nj7DJ/cXz2VzYboD6w+/Y1USR5/9oq eVTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="Z6SIkez/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sh18-20020a1709076e9200b00774195db4e7si12950509ejc.117.2022.11.29.11.49.58; Tue, 29 Nov 2022 11:50:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="Z6SIkez/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237005AbiK2TlW (ORCPT + 99 others); Tue, 29 Nov 2022 14:41:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48432 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236993AbiK2Tkf (ORCPT ); Tue, 29 Nov 2022 14:40:35 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A74A62C8 for ; Tue, 29 Nov 2022 11:37:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750665; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9dwVem96795eE3qcgmMV9GIrD+Dv4vNEuuuNJ0HxdFU=; b=Z6SIkez/PvzD+N4sm4Biv07E2R0+5KG7WHXKh42O735qupOQZ0joSwBwGzDmRCVwnoGCJ4 JOoBenOXD50BUBCJLC0kWxiMUjnlO7T/8ZtaA03iN5Dqr0C9eX/cWj5yLANhLzLfyZ07pY 8JTIStDc7pxoqLrNti2iPpOi+rnjfS8= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-202-7GtzMlR6PnaHeX50cy6XPw-1; Tue, 29 Nov 2022 14:37:42 -0500 X-MC-Unique: 7GtzMlR6PnaHeX50cy6XPw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 418321C06EDC; Tue, 29 Nov 2022 19:37:39 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 500D32024CB7; Tue, 29 Nov 2022 19:37:35 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky Subject: [PATCH v2 04/11] KVM: SVM: drop the SVM specific H_FLAGS Date: Tue, 29 Nov 2022 21:37:10 +0200 Message-Id: <20221129193717.513824-5-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861267809095709?= X-GMAIL-MSGID: =?utf-8?q?1750861267809095709?= GIF and 'waiting for IRET' are used only for the SVM and thus should not be in H_FLAGS. NMI mask is not x86 specific but it is only used for SVM without vNMI. The VMX have similar concept of NMI mask (soft_vnmi_blocked), and it is used when its 'vNMI' feature is not enabled, but because the VMX can't intercept IRET, it is more of a hack, and thus should not use common host flags either. No functional change is intended. Suggested-by: Sean Christopherson Signed-off-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 3 --- arch/x86/kvm/svm/svm.c | 22 +++++++++++++--------- arch/x86/kvm/svm/svm.h | 25 ++++++++++++++++++++++--- 3 files changed, 35 insertions(+), 15 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 70af7240a1d5af..9208ad7a6bd004 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2052,9 +2052,6 @@ enum { TASK_SWITCH_GATE = 3, }; -#define HF_GIF_MASK (1 << 0) -#define HF_NMI_MASK (1 << 3) -#define HF_IRET_MASK (1 << 4) #define HF_GUEST_MASK (1 << 5) /* VCPU is in guest-mode */ #ifdef CONFIG_KVM_SMM diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 91352d69284524..512b2aa21137e2 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1326,6 +1326,9 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu) vcpu->arch.microcode_version = 0x01000065; svm->tsc_ratio_msr = kvm_caps.default_tsc_scaling_ratio; + svm->nmi_masked = false; + svm->awaiting_iret_completion = false; + if (sev_es_guest(vcpu->kvm)) sev_es_vcpu_reset(svm); } @@ -2470,7 +2473,7 @@ static int iret_interception(struct kvm_vcpu *vcpu) struct vcpu_svm *svm = to_svm(vcpu); ++vcpu->stat.nmi_window_exits; - vcpu->arch.hflags |= HF_IRET_MASK; + svm->awaiting_iret_completion = true; if (!sev_es_guest(vcpu->kvm)) { svm_clr_intercept(svm, INTERCEPT_IRET); svm->nmi_iret_rip = kvm_rip_read(vcpu); @@ -3466,7 +3469,7 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) if (svm->nmi_l1_to_l2) return; - vcpu->arch.hflags |= HF_NMI_MASK; + svm->nmi_masked = true; if (!sev_es_guest(vcpu->kvm)) svm_set_intercept(svm, INTERCEPT_IRET); ++vcpu->stat.nmi_injections; @@ -3580,7 +3583,7 @@ bool svm_nmi_blocked(struct kvm_vcpu *vcpu) return false; ret = (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) || - (vcpu->arch.hflags & HF_NMI_MASK); + (svm->nmi_masked); return ret; } @@ -3602,7 +3605,7 @@ static int svm_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection) static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu) { - return !!(vcpu->arch.hflags & HF_NMI_MASK); + return to_svm(vcpu)->nmi_masked; } static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) @@ -3610,11 +3613,11 @@ static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) struct vcpu_svm *svm = to_svm(vcpu); if (masked) { - vcpu->arch.hflags |= HF_NMI_MASK; + svm->nmi_masked = true; if (!sev_es_guest(vcpu->kvm)) svm_set_intercept(svm, INTERCEPT_IRET); } else { - vcpu->arch.hflags &= ~HF_NMI_MASK; + svm->nmi_masked = false; if (!sev_es_guest(vcpu->kvm)) svm_clr_intercept(svm, INTERCEPT_IRET); } @@ -3700,7 +3703,7 @@ static void svm_enable_nmi_window(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); - if ((vcpu->arch.hflags & (HF_NMI_MASK | HF_IRET_MASK)) == HF_NMI_MASK) + if (svm->nmi_masked && !svm->awaiting_iret_completion) return; /* IRET will cause a vm exit */ if (!gif_set(svm)) { @@ -3824,10 +3827,11 @@ static void svm_complete_interrupts(struct kvm_vcpu *vcpu) * If we've made progress since setting HF_IRET_MASK, we've * executed an IRET and can allow NMI injection. */ - if ((vcpu->arch.hflags & HF_IRET_MASK) && + if (svm->awaiting_iret_completion && (sev_es_guest(vcpu->kvm) || kvm_rip_read(vcpu) != svm->nmi_iret_rip)) { - vcpu->arch.hflags &= ~(HF_NMI_MASK | HF_IRET_MASK); + svm->awaiting_iret_completion = false; + svm->nmi_masked = false; kvm_make_request(KVM_REQ_EVENT, vcpu); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 4826e6cc611bf1..587ddc150f9f34 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -237,8 +237,24 @@ struct vcpu_svm { struct svm_nested_state nested; + /* NMI mask value, used when vNMI is not enabled */ + bool nmi_masked; + + /* + * True when the NMI still masked but guest IRET was just intercepted + * and KVM is waiting for RIP change which will signal that this IRET was + * retired and thus NMI can be unmasked. + */ + bool awaiting_iret_completion; + + /* + * Set when KVM waits for IRET completion and needs to + * inject NMIs as soon as it completes (e.g NMI is pending injection). + * The KVM takes over EFLAGS.TF for this. + */ bool nmi_singlestep; u64 nmi_singlestep_guest_rflags; + bool nmi_l1_to_l2; unsigned long soft_int_csbase; @@ -280,6 +296,9 @@ struct vcpu_svm { bool guest_state_loaded; bool x2avic_msrs_intercepted; + + /* Guest GIF value which is used when vGIF is not enabled */ + bool gif_value; }; struct svm_cpu_data { @@ -497,7 +516,7 @@ static inline void enable_gif(struct vcpu_svm *svm) if (vmcb) vmcb->control.int_ctl |= V_GIF_MASK; else - svm->vcpu.arch.hflags |= HF_GIF_MASK; + svm->gif_value = true; } static inline void disable_gif(struct vcpu_svm *svm) @@ -507,7 +526,7 @@ static inline void disable_gif(struct vcpu_svm *svm) if (vmcb) vmcb->control.int_ctl &= ~V_GIF_MASK; else - svm->vcpu.arch.hflags &= ~HF_GIF_MASK; + svm->gif_value = false; } static inline bool gif_set(struct vcpu_svm *svm) @@ -517,7 +536,7 @@ static inline bool gif_set(struct vcpu_svm *svm) if (vmcb) return !!(vmcb->control.int_ctl & V_GIF_MASK); else - return !!(svm->vcpu.arch.hflags & HF_GIF_MASK); + return svm->gif_value; } static inline bool nested_npt_enabled(struct vcpu_svm *svm) From patchwork Tue Nov 29 19:37:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27473 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp536282wrr; Tue, 29 Nov 2022 11:50:49 -0800 (PST) X-Google-Smtp-Source: AA0mqf4yQfEeRcrQfleoIpq6cyJwhsKD31YH4QoSWBCrzBP/Ohnwp7OoohnBtdWJ5uRUEPwOrXd6 X-Received: by 2002:aa7:dac9:0:b0:46a:be65:4906 with SMTP id x9-20020aa7dac9000000b0046abe654906mr20890173eds.207.1669751449408; Tue, 29 Nov 2022 11:50:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751449; cv=none; d=google.com; s=arc-20160816; b=CzDkxIL/NTZs9ZuzBKw0/PSgOH0Wn0ufppwx0GR0afcwVAs9rVKZgZz08temyk5Uy9 Y21bAwy7XZsg13yKC+xr0pGDg7lNQaOtLIEYy/2AKEIb9tWTstcfM7eVKEs+fzeqV+hR I6Bz6o7jRmPYpmqBCva7UwgMfEbxWIDvAUB8KR7Pwur/3a1s5aNW3149HJvZ10hfmYKq wfeeYiliCQ147jQ79ZuFL0p5t2C2YhBn5Xvj+mUN5tvCtti64zyK2aGvn8/qmmJSIWTc E73QVVOgE2QqBAHoq2tVOtm4z1U9fbZjib4lChImQUPrinGHnr9/FdhoG7nb2lvlHovS 5QQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ztV2NkJ9fzkBSStJHJoXJSpsO1jLyNUEDLKWsHdAan8=; b=BrF5znrgeYSdkRUBw3X7jZ4hxJ7i2kMJ99iVkv77TLV1lACzgNBlt8n1I7ULCpVWjx nMEfxVhb+arZYwl8fZcIShbegFjYMI99HqJ8qXYI3TNHw94VoF+v/OVomMACTLh2mYrF OPnmR/UBN7dKjMfBiF3Y88Uygyy5c9RJsevnpNQAQJY7kUIzw7URs5J9B9vcqkzYulvL NDhtTh0f1t+8vk48DhDdvmYm/BsnbsqqB4dOJYX57Xa+lR5VI/6DAfrLxMI6GvY6ztoT rLVV0MtidWl510rLtcX3maCuS4m80ELmnXCa+OCCnaiifGsgOJhG0p2RmQ4G1siuoL0i pH/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=X0hqoh8y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qk17-20020a1709077f9100b007ae86742c37si14347314ejc.60.2022.11.29.11.50.26; Tue, 29 Nov 2022 11:50:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=X0hqoh8y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237104AbiK2Tle (ORCPT + 99 others); Tue, 29 Nov 2022 14:41:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237089AbiK2Tko (ORCPT ); Tue, 29 Nov 2022 14:40:44 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82C7D26E3 for ; Tue, 29 Nov 2022 11:37:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ztV2NkJ9fzkBSStJHJoXJSpsO1jLyNUEDLKWsHdAan8=; b=X0hqoh8yH5zZSb5DNwVcKHiVRDrQb/UYtCCRNzfFwud0dpK8sedZjZmTIpA5VGhVJUnGiG jOSpyLSrunAqIbuDZkyUH57/sW/BWujuFgLnkBS4qAdnf4Bvi/yYpQPkmCGqEofGZSl4Oc b5AxX+h5LRFeMcT71rToyARJmbJe+SQ= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-608-b3cAepYqMuyaQIwk2L2AsQ-1; Tue, 29 Nov 2022 14:37:44 -0500 X-MC-Unique: b3cAepYqMuyaQIwk2L2AsQ-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6A7511C06ED8; Tue, 29 Nov 2022 19:37:43 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8F6A82028DC1; Tue, 29 Nov 2022 19:37:39 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky Subject: [PATCH v2 05/11] KVM: x86: emulator: stop using raw host flags Date: Tue, 29 Nov 2022 21:37:11 +0200 Message-Id: <20221129193717.513824-6-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861295713538173?= X-GMAIL-MSGID: =?utf-8?q?1750861295713538173?= Instead of re-defining the H_FLAGS bits, just expose the 'in_smm' and the 'in_guest_mode' host flags using emulator callbacks. Also while at it, garbage collect the recently removed host flags. No functional change is intended. Signed-off-by: Maxim Levitsky --- arch/x86/include/asm/kvm_host.h | 6 +++--- arch/x86/kvm/emulate.c | 11 +++++------ arch/x86/kvm/kvm_emulate.h | 7 ++----- arch/x86/kvm/smm.c | 2 -- arch/x86/kvm/x86.c | 14 +++++++++----- 5 files changed, 19 insertions(+), 21 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 9208ad7a6bd004..684a5519812fb2 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2052,11 +2052,11 @@ enum { TASK_SWITCH_GATE = 3, }; -#define HF_GUEST_MASK (1 << 5) /* VCPU is in guest-mode */ +#define HF_GUEST_MASK (1 << 0) /* VCPU is in guest-mode */ #ifdef CONFIG_KVM_SMM -#define HF_SMM_MASK (1 << 6) -#define HF_SMM_INSIDE_NMI_MASK (1 << 7) +#define HF_SMM_MASK (1 << 1) +#define HF_SMM_INSIDE_NMI_MASK (1 << 2) # define __KVM_VCPU_MULTIPLE_ADDRESS_SPACE # define KVM_ADDRESS_SPACE_NUM 2 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 5cc3efa0e21c17..d869131f84ffb3 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2309,7 +2309,7 @@ static int em_lseg(struct x86_emulate_ctxt *ctxt) static int em_rsm(struct x86_emulate_ctxt *ctxt) { - if ((ctxt->ops->get_hflags(ctxt) & X86EMUL_SMM_MASK) == 0) + if (!ctxt->ops->in_smm(ctxt)) return emulate_ud(ctxt); if (ctxt->ops->leave_smm(ctxt)) @@ -5132,7 +5132,7 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt) const struct x86_emulate_ops *ops = ctxt->ops; int rc = X86EMUL_CONTINUE; int saved_dst_type = ctxt->dst.type; - unsigned emul_flags; + bool in_guest_mode = ctxt->ops->in_guest_mode(ctxt); ctxt->mem_read.pos = 0; @@ -5147,7 +5147,6 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt) goto done; } - emul_flags = ctxt->ops->get_hflags(ctxt); if (unlikely(ctxt->d & (No64|Undefined|Sse|Mmx|Intercept|CheckPerm|Priv|Prot|String))) { if ((ctxt->mode == X86EMUL_MODE_PROT64 && (ctxt->d & No64)) || @@ -5181,7 +5180,7 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt) fetch_possible_mmx_operand(&ctxt->dst); } - if (unlikely(emul_flags & X86EMUL_GUEST_MASK) && ctxt->intercept) { + if (unlikely(in_guest_mode) && ctxt->intercept) { rc = emulator_check_intercept(ctxt, ctxt->intercept, X86_ICPT_PRE_EXCEPT); if (rc != X86EMUL_CONTINUE) @@ -5210,7 +5209,7 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt) goto done; } - if (unlikely(emul_flags & X86EMUL_GUEST_MASK) && (ctxt->d & Intercept)) { + if (unlikely(in_guest_mode) && (ctxt->d & Intercept)) { rc = emulator_check_intercept(ctxt, ctxt->intercept, X86_ICPT_POST_EXCEPT); if (rc != X86EMUL_CONTINUE) @@ -5264,7 +5263,7 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt) special_insn: - if (unlikely(emul_flags & X86EMUL_GUEST_MASK) && (ctxt->d & Intercept)) { + if (unlikely(in_guest_mode) && (ctxt->d & Intercept)) { rc = emulator_check_intercept(ctxt, ctxt->intercept, X86_ICPT_POST_MEMACCESS); if (rc != X86EMUL_CONTINUE) diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 2d9662be833378..dd0203fbb27543 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -220,7 +220,8 @@ struct x86_emulate_ops { void (*set_nmi_mask)(struct x86_emulate_ctxt *ctxt, bool masked); - unsigned (*get_hflags)(struct x86_emulate_ctxt *ctxt); + bool (*in_smm)(struct x86_emulate_ctxt *ctxt); + bool (*in_guest_mode)(struct x86_emulate_ctxt *ctxt); int (*leave_smm)(struct x86_emulate_ctxt *ctxt); void (*triple_fault)(struct x86_emulate_ctxt *ctxt); int (*set_xcr)(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr); @@ -275,10 +276,6 @@ enum x86emul_mode { X86EMUL_MODE_PROT64, /* 64-bit (long) mode. */ }; -/* These match some of the HF_* flags defined in kvm_host.h */ -#define X86EMUL_GUEST_MASK (1 << 5) /* VCPU is in guest-mode */ -#define X86EMUL_SMM_MASK (1 << 6) - /* * fastop functions are declared as taking a never-defined fastop parameter, * so they can't be called from C directly. diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index a9c1c2af8d94c2..a3a94edd2f0bc9 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -110,8 +110,6 @@ static void check_smram_offsets(void) void kvm_smm_changed(struct kvm_vcpu *vcpu, bool entering_smm) { - BUILD_BUG_ON(HF_SMM_MASK != X86EMUL_SMM_MASK); - trace_kvm_smm_transition(vcpu->vcpu_id, vcpu->arch.smbase, entering_smm); if (entering_smm) { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index f18f579ebde81c..85d2a12c214dda 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8138,9 +8138,14 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked) static_call(kvm_x86_set_nmi_mask)(emul_to_vcpu(ctxt), masked); } -static unsigned emulator_get_hflags(struct x86_emulate_ctxt *ctxt) +static bool emulator_in_smm(struct x86_emulate_ctxt *ctxt) { - return emul_to_vcpu(ctxt)->arch.hflags; + return emul_to_vcpu(ctxt)->arch.hflags & HF_SMM_MASK; +} + +static bool emulator_in_guest_mode(struct x86_emulate_ctxt *ctxt) +{ + return emul_to_vcpu(ctxt)->arch.hflags & HF_GUEST_MASK; } #ifndef CONFIG_KVM_SMM @@ -8209,7 +8214,8 @@ static const struct x86_emulate_ops emulate_ops = { .guest_has_fxsr = emulator_guest_has_fxsr, .guest_has_rdpid = emulator_guest_has_rdpid, .set_nmi_mask = emulator_set_nmi_mask, - .get_hflags = emulator_get_hflags, + .in_smm = emulator_in_smm, + .in_guest_mode = emulator_in_guest_mode, .leave_smm = emulator_leave_smm, .triple_fault = emulator_triple_fault, .set_xcr = emulator_set_xcr, @@ -8281,8 +8287,6 @@ static void init_emulate_ctxt(struct kvm_vcpu *vcpu) (cs_l && is_long_mode(vcpu)) ? X86EMUL_MODE_PROT64 : cs_db ? X86EMUL_MODE_PROT32 : X86EMUL_MODE_PROT16; - BUILD_BUG_ON(HF_GUEST_MASK != X86EMUL_GUEST_MASK); - ctxt->interruptibility = 0; ctxt->have_exception = false; ctxt->exception.vector = -1; From patchwork Tue Nov 29 19:37:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27477 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp537317wrr; Tue, 29 Nov 2022 11:53:33 -0800 (PST) X-Google-Smtp-Source: AA0mqf7M3Gn7so284e1wXRyHRwJCJAqR/jSnU+2F9EcDG/80fB77ShUzLFXOPP2ZDmWkM1kRUlCB X-Received: by 2002:a17:906:2552:b0:7ad:917b:61ec with SMTP id j18-20020a170906255200b007ad917b61ecmr35680537ejb.513.1669751612877; Tue, 29 Nov 2022 11:53:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751612; cv=none; d=google.com; s=arc-20160816; b=icmPbXO4OSGIIsDnvdCVAJdBusUTDJJDKqtevRwaoV1sL0KZPBXTHRBdH3I5USMcO+ n1mrtNrvH7a1kw5PiX4MMhYF3sAs9h9L/Kxo3+QfB9KBMa6qR7emQz2v7NgHSbUcw8KS 344skuWiMoQvJA/YXjKuRlXEB9C86aFy2DhyLCJQIC3tm9jHRDejuQY29/dIL/uxDJqN mCxRXB5y3d/WbN1xahIlwYDyOhoCscg4EIwfciX9J22en8g3skmFPc7b9pSbT1u4JVXW /BY+jOP0Vg/EK33y1qEGRGtxboowR6opFf0NtSYNmZuLf6JeDzHrFBYG3kco/Iv8NZsn HjEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=twqdjhN58Mc4yzZpBl1NNFSCL0kf8bUxY7h7dFC7RKY=; b=PbCurzeVaNQrNPAHWDZeKxJLGmSN6r2yJK2yiK2LayCvWBA9oRIkflPBnqsn+x3sS8 gyzmnpdNzvpy1R4o4WJvHTSOfsydySow1ml1hKHl6bQLa1KtkNXuqU92jCt4CjhLSoET M0RbzH6BjN549/0js4aXWrVNk6kE+fC6V7m3uMg7lqHN6T3YfCt3MnI7LwDPZdV59g6S 8yc3jhkCw09pbUvNWMzW9DQb/7JteyPbnOEL2WtLp1CD/g5qJnno2dwlpmjjuXm3ENJd KqbDAcyKmgv1WN1bVBe09bw42y2EgHJ4RDOek5R5GyxQ4oMqtjGrBVMLbFbpwNy+vpJ/ QQ3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=cg9Rrxj3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dt17-20020a170907729100b007317ad1f9a4si11431784ejc.310.2022.11.29.11.53.09; Tue, 29 Nov 2022 11:53:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=cg9Rrxj3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236913AbiK2TpI (ORCPT + 99 others); Tue, 29 Nov 2022 14:45:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56370 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237000AbiK2Toh (ORCPT ); Tue, 29 Nov 2022 14:44:37 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 494F5317DA for ; Tue, 29 Nov 2022 11:40:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750825; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=twqdjhN58Mc4yzZpBl1NNFSCL0kf8bUxY7h7dFC7RKY=; b=cg9Rrxj3daVfhP1HtUMfDWPsXyN4QG6HTt2OeOWEBFLC5N4APCyhWnsrAkAYjro49IgJ/1 aw+hGqlW8hIQfgH2CqlrRysRT+wa5Q4A/FTqrEN6lz4/kJGIxjE5Jy7nXOgyTGFm3QiNTh Wt7vVyjOChoQagvrfqLCPpswgHSb0kA= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-8-e2k6pOH2OU-WXS70I9SEuw-1; Tue, 29 Nov 2022 14:37:48 -0500 X-MC-Unique: e2k6pOH2OU-WXS70I9SEuw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7E41F3817A6D; Tue, 29 Nov 2022 19:37:47 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id BBA682028DC1; Tue, 29 Nov 2022 19:37:43 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky Subject: [PATCH v2 06/11] KVM: SVM: add wrappers to enable/disable IRET interception Date: Tue, 29 Nov 2022 21:37:12 +0200 Message-Id: <20221129193717.513824-7-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861467238693693?= X-GMAIL-MSGID: =?utf-8?q?1750861467238693693?= SEV-ES guests don't use IRET interception for the detection of an end of a NMI. Therefore it makes sense to create a wrapper to avoid repeating the check for the SEV-ES. No functional change is intended. Suggested-by: Sean Christopherson Signed-off-by: Maxim Levitsky --- arch/x86/kvm/svm/svm.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 512b2aa21137e2..cfed6ab29c839a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2468,16 +2468,29 @@ static int task_switch_interception(struct kvm_vcpu *vcpu) has_error_code, error_code); } +static void svm_disable_iret_interception(struct vcpu_svm *svm) +{ + if (!sev_es_guest(svm->vcpu.kvm)) + svm_clr_intercept(svm, INTERCEPT_IRET); +} + +static void svm_enable_iret_interception(struct vcpu_svm *svm) +{ + if (!sev_es_guest(svm->vcpu.kvm)) + svm_set_intercept(svm, INTERCEPT_IRET); +} + static int iret_interception(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); ++vcpu->stat.nmi_window_exits; svm->awaiting_iret_completion = true; - if (!sev_es_guest(vcpu->kvm)) { - svm_clr_intercept(svm, INTERCEPT_IRET); + + svm_disable_iret_interception(svm); + if (!sev_es_guest(vcpu->kvm)) svm->nmi_iret_rip = kvm_rip_read(vcpu); - } + kvm_make_request(KVM_REQ_EVENT, vcpu); return 1; } @@ -3470,8 +3483,7 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) return; svm->nmi_masked = true; - if (!sev_es_guest(vcpu->kvm)) - svm_set_intercept(svm, INTERCEPT_IRET); + svm_enable_iret_interception(svm); ++vcpu->stat.nmi_injections; } @@ -3614,12 +3626,10 @@ static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) if (masked) { svm->nmi_masked = true; - if (!sev_es_guest(vcpu->kvm)) - svm_set_intercept(svm, INTERCEPT_IRET); + svm_enable_iret_interception(svm); } else { svm->nmi_masked = false; - if (!sev_es_guest(vcpu->kvm)) - svm_clr_intercept(svm, INTERCEPT_IRET); + svm_disable_iret_interception(svm); } } From patchwork Tue Nov 29 19:37:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27471 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp536134wrr; Tue, 29 Nov 2022 11:50:25 -0800 (PST) X-Google-Smtp-Source: AA0mqf5YrMK4ehczoEuAexATmWt8cWFybR9j5uRNbAV1QBYiHRtSi7Tk8F/+3cXhos7C+1aDwYBP X-Received: by 2002:a17:907:d40c:b0:7bb:c496:ca45 with SMTP id vi12-20020a170907d40c00b007bbc496ca45mr22848749ejc.464.1669751425569; Tue, 29 Nov 2022 11:50:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751425; cv=none; d=google.com; s=arc-20160816; b=1HgdrSIMrr2Z9VfxZuW3vE60Si4kaDe2ytWGdB1RJPTjhmOawqnvdnOUHhHAGVtySe /Ll9mgAAezaVLa99q7e4jbrJWrqmYJbx0OAKDwHN1OGjIKn6Nf/xKoeehyuLQjh6I9Jp 9e3ZwFfdB/mpFTh1tw+xQkL8ZogKiW03WRgn5KidtnO68ooKoY1zDjlZ0JUXScjWSCAb ZmnkZCgPRly8t0yZjpmq7+iDd0X0RAvO6hJhemxYTepe31RqMDnciXPR/Uj14FietTvU Kw7c1uFkeZguDThAxOIMlJ3TccF84ox1/2mHxYVgIrMYU79yvZjuGwgQXJNDCAOMGZT8 akuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=OPg8L3jKUTetjU9lk920ZBLtdtJuDxmt2DbZj0atMtY=; b=Wrhis/GdmC00J1cebqlJjbqzwxQPSqDLsFKJgyACzmZ6S4kngkKDFe6NHkug9ZxrDj 1QhPkX+VS7HdnjGbxokICiJyK4/FDoA7oSu7HQde9IzFWRgV7Pb/9zXRl34vN2vt9cFT bRwvIuqsbOz6m36c/0loSQmf/lZidnYn/KsJScZ5S0J+5sBbBpp2HcH9zoRPrJLSmgTj 0XIj01Qw602MUTQgjUoq11ozfcX5TrQaR8eSEevPxnrxu1W9WOREmyYpmSzqCXXiIv3B yMagf6Z2cZCinH1p+U7cDT8cBwICJOAsonG3Wuql5GdUcCuFEK1yjicEevqKxd0Ktl1P iJgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KlihBtPy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id he44-20020a1709073dac00b0078dcf11ccf7si11050632ejc.802.2022.11.29.11.50.01; Tue, 29 Nov 2022 11:50:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KlihBtPy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236457AbiK2Tll (ORCPT + 99 others); Tue, 29 Nov 2022 14:41:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237119AbiK2Tkp (ORCPT ); Tue, 29 Nov 2022 14:40:45 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F3979FE0 for ; Tue, 29 Nov 2022 11:37:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750674; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OPg8L3jKUTetjU9lk920ZBLtdtJuDxmt2DbZj0atMtY=; b=KlihBtPydiHgF6pfaw70DrmeKs8gxSPe13GReK633VxiioNOS5nLofMftO8TSeVVfF66rJ HRxcKkd30d6ZrrE2Wi8uPDb+WWm83h3zmAkjAfi2r+Q0eE3Azi+YQQxek+94bARcge4BuA ENmpv0IY5G5HtQwLpdUHgonu2iXGBTs= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-637-qVt9wRf9OFS2X7LYDsPYVA-1; Tue, 29 Nov 2022 14:37:52 -0500 X-MC-Unique: qVt9wRf9OFS2X7LYDsPYVA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A34A2800B23; Tue, 29 Nov 2022 19:37:51 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id CC7942027061; Tue, 29 Nov 2022 19:37:47 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky Subject: [PATCH v2 07/11] KVM: x86: add a delayed hardware NMI injection interface Date: Tue, 29 Nov 2022 21:37:13 +0200 Message-Id: <20221129193717.513824-8-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861271003283307?= X-GMAIL-MSGID: =?utf-8?q?1750861271003283307?= This patch adds two new vendor callbacks: - kvm_x86_get_hw_nmi_pending() - kvm_x86_set_hw_nmi_pending() Using those callbacks the KVM can take advantage of the hardware's accelerated delayed NMI delivery (currently vNMI on SVM). Once NMI is set to pending via this interface, it is assumed that the hardware will deliver the NMI on its own to the guest once all the x86 conditions for the NMI delivery are met. Note that the 'kvm_x86_set_hw_nmi_pending()' callback is allowed to fail, in which case a normal NMI injection will be attempted when NMI can be delivered (possibly by using a NMI window). With vNMI that can happen either if vNMI is already pending or if a nested guest is running. When the vNMI injection fails due to the 'vNMI is already pending' condition, the new NMI will be dropped unless the new NMI can be injected immediately, so no NMI window will be requested. Signed-off-by: Maxim Levitsky Signed-off-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm-x86-ops.h | 2 ++ arch/x86/include/asm/kvm_host.h | 15 ++++++++++++- arch/x86/kvm/x86.c | 36 ++++++++++++++++++++++++++---- 3 files changed, 48 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index abccd51dcfca1b..9e2db6cf7cc041 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -67,6 +67,8 @@ KVM_X86_OP(get_interrupt_shadow) KVM_X86_OP(patch_hypercall) KVM_X86_OP(inject_irq) KVM_X86_OP(inject_nmi) +KVM_X86_OP_OPTIONAL_RET0(get_hw_nmi_pending) +KVM_X86_OP_OPTIONAL_RET0(set_hw_nmi_pending) KVM_X86_OP(inject_exception) KVM_X86_OP(cancel_injection) KVM_X86_OP(interrupt_allowed) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 684a5519812fb2..46993ce61c92db 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -871,8 +871,13 @@ struct kvm_vcpu_arch { u64 tsc_scaling_ratio; /* current scaling ratio */ atomic_t nmi_queued; /* unprocessed asynchronous NMIs */ - unsigned nmi_pending; /* NMI queued after currently running handler */ + + unsigned int nmi_pending; /* + * NMI queued after currently running handler + * (not including a hardware pending NMI (e.g vNMI)) + */ bool nmi_injected; /* Trying to inject an NMI this entry */ + bool smi_pending; /* SMI queued after currently running handler */ u8 handling_intr_from_guest; @@ -1602,6 +1607,13 @@ struct kvm_x86_ops { int (*nmi_allowed)(struct kvm_vcpu *vcpu, bool for_injection); bool (*get_nmi_mask)(struct kvm_vcpu *vcpu); void (*set_nmi_mask)(struct kvm_vcpu *vcpu, bool masked); + + /* returns true, if a NMI is pending injection on hardware level (e.g vNMI) */ + bool (*get_hw_nmi_pending)(struct kvm_vcpu *vcpu); + + /* attempts make a NMI pending via hardware interface (e.g vNMI) */ + bool (*set_hw_nmi_pending)(struct kvm_vcpu *vcpu); + void (*enable_nmi_window)(struct kvm_vcpu *vcpu); void (*enable_irq_window)(struct kvm_vcpu *vcpu); void (*update_cr8_intercept)(struct kvm_vcpu *vcpu, int tpr, int irr); @@ -1964,6 +1976,7 @@ int kvm_pic_set_irq(struct kvm_pic *pic, int irq, int irq_source_id, int level); void kvm_pic_clear_all(struct kvm_pic *pic, int irq_source_id); void kvm_inject_nmi(struct kvm_vcpu *vcpu); +int kvm_get_total_nmi_pending(struct kvm_vcpu *vcpu); void kvm_update_dr7(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 85d2a12c214dda..3c30e3f1106f79 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5103,7 +5103,7 @@ static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu, events->interrupt.shadow = static_call(kvm_x86_get_interrupt_shadow)(vcpu); events->nmi.injected = vcpu->arch.nmi_injected; - events->nmi.pending = vcpu->arch.nmi_pending != 0; + events->nmi.pending = kvm_get_total_nmi_pending(vcpu) != 0; events->nmi.masked = static_call(kvm_x86_get_nmi_mask)(vcpu); /* events->sipi_vector is never valid when reporting to user space */ @@ -5191,9 +5191,12 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu, vcpu->arch.nmi_injected = events->nmi.injected; if (events->flags & KVM_VCPUEVENT_VALID_NMI_PENDING) - vcpu->arch.nmi_pending = events->nmi.pending; + atomic_add(events->nmi.pending, &vcpu->arch.nmi_queued); + static_call(kvm_x86_set_nmi_mask)(vcpu, events->nmi.masked); + process_nmi(vcpu); + if (events->flags & KVM_VCPUEVENT_VALID_SIPI_VECTOR && lapic_in_kernel(vcpu)) vcpu->arch.apic->sipi_vector = events->sipi_vector; @@ -10008,6 +10011,10 @@ static int kvm_check_and_inject_events(struct kvm_vcpu *vcpu, static void process_nmi(struct kvm_vcpu *vcpu) { unsigned limit = 2; + int nmi_to_queue = atomic_xchg(&vcpu->arch.nmi_queued, 0); + + if (!nmi_to_queue) + return; /* * x86 is limited to one NMI running, and one NMI pending after it. @@ -10015,13 +10022,34 @@ static void process_nmi(struct kvm_vcpu *vcpu) * Otherwise, allow two (and we'll inject the first one immediately). */ if (static_call(kvm_x86_get_nmi_mask)(vcpu) || vcpu->arch.nmi_injected) - limit = 1; + limit--; + + /* Also if there is already a NMI hardware queued to be injected, + * decrease the limit again + */ + if (static_call(kvm_x86_get_hw_nmi_pending)(vcpu)) + limit--; - vcpu->arch.nmi_pending += atomic_xchg(&vcpu->arch.nmi_queued, 0); + if (limit <= 0) + return; + + /* Attempt to use hardware NMI queueing */ + if (static_call(kvm_x86_set_hw_nmi_pending)(vcpu)) { + limit--; + nmi_to_queue--; + } + + vcpu->arch.nmi_pending += nmi_to_queue; vcpu->arch.nmi_pending = min(vcpu->arch.nmi_pending, limit); kvm_make_request(KVM_REQ_EVENT, vcpu); } +/* Return total number of NMIs pending injection to the VM */ +int kvm_get_total_nmi_pending(struct kvm_vcpu *vcpu) +{ + return vcpu->arch.nmi_pending + static_call(kvm_x86_get_hw_nmi_pending)(vcpu); +} + void kvm_make_scan_ioapic_request_mask(struct kvm *kvm, unsigned long *vcpu_bitmap) { From patchwork Tue Nov 29 19:37:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27472 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp536269wrr; Tue, 29 Nov 2022 11:50:48 -0800 (PST) X-Google-Smtp-Source: AA0mqf5WwXK6gJC16aWIE2S5C2TJszSi8UsIdmHXpBYuQvDFzUwWJRqNtApGAvJG5T+2KeMY0DqD X-Received: by 2002:a17:906:c40b:b0:7ae:1e53:95b2 with SMTP id u11-20020a170906c40b00b007ae1e5395b2mr48466163ejz.333.1669751447797; Tue, 29 Nov 2022 11:50:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751447; cv=none; d=google.com; s=arc-20160816; b=jeYP8sj3j2JY5rlk2BVuzIsPuSKex2atuh8SAzD8fQ+BHDLgYjm3PE4ATjrp9jLRQK 0BkIcORehN9hY4tEEb7O+Ilr025uSRNvSdCowADGtmHRjBw4/XwlnSfid126/p0JFo/j KbWwWHKnvDJ3+/KOS2oLrCUnyMLrMgtEIabTlWvNM+DF3ZZVN8YDZ53dz9pUBIYNWICJ /E1aqVVR2US5OYiKgekNtMnHTVqtIbrwmk8CHBniH61s8IIyFzLgUsloq9hWylTWVj+L 1IklOHe8kJyZ6Tf5+QPYetPiP4uxbLKWMRdcu+bniAPEHe3HlZAqgA32f6d1Gj+puceJ eCRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=W3C0J4b/Iq2TqSFgmT2zDR52z47EVntTEYZ6+rgtU/8=; b=c2vKdw8RdSK22QhiqiVMcYtmaQzwvs+rfmCXk08zJZakHHPKpWKujxZiGfcqQ4tT+t BX2Vc+QGKjDLmAKhYW7V+WBgdubgWzLcZQIrG5EgQTnMJFcfBd2wo7VpBHCvsoYoCsAV ByCwPowviDulWdOPcsHzhSgz/BYYOnZ32sWmuu58ZIyApKwkWIcePRbL3wcYyCkYkJ6M ECMX78tIK6nPC2FQY1Z8ICFaI6qk/5XrJiuYpAdkOFdmwHElha38oW9jtbQSF3RF952g Q7l7cwD0ugUZh1XxD5oRnS1LKNgU0f+CijHwJE9LVG2Way70rcHhUePj66al+Ot8VEkY YL5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="aG2l1cO/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gs41-20020a1709072d2900b007b273d1f664si13811107ejc.128.2022.11.29.11.50.24; Tue, 29 Nov 2022 11:50:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="aG2l1cO/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237163AbiK2Tlv (ORCPT + 99 others); Tue, 29 Nov 2022 14:41:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235990AbiK2Tk4 (ORCPT ); Tue, 29 Nov 2022 14:40:56 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44FEF175A8 for ; Tue, 29 Nov 2022 11:38:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750682; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=W3C0J4b/Iq2TqSFgmT2zDR52z47EVntTEYZ6+rgtU/8=; b=aG2l1cO/IgswxACI3gVfOgBUtg7an+dgwgHn7/XK4Il7kaHAWUCgBdAWfQBs5VGOk7IE2P vU/aZ9dhR2aS0cH8u/dQl8aeQD6izDmG3AbFEQlyCoXywrJpgUcDgnog8+uJyzqSC69032 ls0k0gfJRPoP1yi8lge6U4KPRGffkBU= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-247-s4zjxzx_Nja3jk2eWklLvQ-1; Tue, 29 Nov 2022 14:37:57 -0500 X-MC-Unique: s4zjxzx_Nja3jk2eWklLvQ-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F25E73817A62; Tue, 29 Nov 2022 19:37:55 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 00B312028CE4; Tue, 29 Nov 2022 19:37:51 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky , Santosh Shukla Subject: [PATCH v2 08/11] x86/cpu: Add CPUID feature bit for VNMI Date: Tue, 29 Nov 2022 21:37:14 +0200 Message-Id: <20221129193717.513824-9-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861294389501363?= X-GMAIL-MSGID: =?utf-8?q?1750861294389501363?= From: Santosh Shukla VNMI feature allows the hypervisor to inject NMI into the guest w/o using Event injection mechanism, The benefit of using VNMI over the event Injection that does not require tracking the Guest's NMI state and intercepting the IRET for the NMI completion. VNMI achieves that by exposing 3 capability bits in VMCB intr_cntrl which helps with virtualizing NMI injection and NMI_Masking. The presence of this feature is indicated via the CPUID function 0x8000000A_EDX[25]. Reviewed-by: Maxim Levitsky Signed-off-by: Santosh Shukla --- arch/x86/include/asm/cpufeatures.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 1419c4e04d45f3..ed50f28bdf235b 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -359,6 +359,7 @@ #define X86_FEATURE_VGIF (15*32+16) /* Virtual GIF */ #define X86_FEATURE_X2AVIC (15*32+18) /* Virtual x2apic */ #define X86_FEATURE_V_SPEC_CTRL (15*32+20) /* Virtual SPEC_CTRL */ +#define X86_FEATURE_AMD_VNMI (15*32+25) /* Virtual NMI */ #define X86_FEATURE_SVME_ADDR_CHK (15*32+28) /* "" SVME addr check */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (ECX), word 16 */ From patchwork Tue Nov 29 19:37:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27478 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp537460wrr; Tue, 29 Nov 2022 11:54:01 -0800 (PST) X-Google-Smtp-Source: AA0mqf6u0x6YYwOQUYADjQHUuVoB+YBbt1KYRcYeiXZLzzmPvaYqd9TnTnpGJbQ738VD68aAs5zV X-Received: by 2002:a63:d356:0:b0:477:1a2:390e with SMTP id u22-20020a63d356000000b0047701a2390emr51814231pgi.83.1669751641259; Tue, 29 Nov 2022 11:54:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751641; cv=none; d=google.com; s=arc-20160816; b=hVKELovYpsfP9i5InSfnj0yLc+Lt6Av4tiNIWndoENNRK8ptRt09INxc5cqL2BtcN2 nO66Wt3LQUfK7tILFPmDW4DMaHGdd93ERHhXRVxhgamZ4mVRzpTCdAzMH17dEdLU/Kfu tO2eQOlFwusGnpVlOiadDbqcxL92bU4ZRPJWFbQh/El/zimrWMfpHBpmx3mleXYUGTqA He7ygYFPh2Zxyx9FNACiew6ylBRIjP+mbQi0Y0/ySGemsQiyMQ3cBQ8omWFyHr7/6mmd K+33YZqXOF9xJ07H9PEkOmHbQ9Nc4hCL0vMB0bxPxMKNpNVmgU/SmeOL0uFplv+loyoG 8sPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8DWsatb5cdHreCXzHDkIF/f3CHfD6y+ENtUisNkNx+I=; b=A/cTln+uvtx0SWhHY+tYAcfY++BDAONMQBRYeeUvLSTlSMe/7K0OocN6BWRVXBPLdg tlWt2Zw6o6rRNbUMWNeUOZSJL/bv7RhPQ8qJhSbhFsI5VEysQzyCer6byMDfSZ9EmHj4 rZx+rTNycTZB463ujImpervPMoans5ExO/m+b/0BwkHW/6c6OSEpGOC/oedP9ohoBGIG wGOROeANYSYJUtHR1F9eAF9eJzl3Y84oP0VWD6GWUpCXS+t4lRxsZq+qFXsHb+QlTOFD TcXM8SROug0r3UbwjcqvKH5J2ieTWMA8ILz15fWfx2EsAuxg17ijnTHcaoTN/Nvycgd9 YsDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Ep4aeZYx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f17-20020a63f111000000b00477e302ee63si12971872pgi.552.2022.11.29.11.53.48; Tue, 29 Nov 2022 11:54:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Ep4aeZYx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236388AbiK2Tly (ORCPT + 99 others); Tue, 29 Nov 2022 14:41:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236379AbiK2TlC (ORCPT ); Tue, 29 Nov 2022 14:41:02 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7ABCF48413 for ; Tue, 29 Nov 2022 11:38:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750688; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8DWsatb5cdHreCXzHDkIF/f3CHfD6y+ENtUisNkNx+I=; b=Ep4aeZYxqLQbSqndVqAWdk/FErvY+K+6ihktH0wp6zp8oaf4RBs4n8BhzlfCCY0uyOZ/S2 bpCizXtpq0irtzVz/l8bvjHb7Hq9/V+QYNMP/4aoA3sxoK76RtB3YL5LJcuwb7mKhyDle5 kO7rNLC4m+SCecQVx0DMV6927sWQCUE= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-76-r4lRUZj7OwCnv_6ASj17GA-1; Tue, 29 Nov 2022 14:38:01 -0500 X-MC-Unique: r4lRUZj7OwCnv_6ASj17GA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9F84C1C06ED8; Tue, 29 Nov 2022 19:38:00 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D7AE2028CE4; Tue, 29 Nov 2022 19:37:56 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky , Santosh Shukla Subject: [PATCH v2 09/11] KVM: SVM: Add VNMI bit definition Date: Tue, 29 Nov 2022 21:37:15 +0200 Message-Id: <20221129193717.513824-10-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861497091650831?= X-GMAIL-MSGID: =?utf-8?q?1750861497091650831?= From: Santosh Shukla VNMI exposes 3 capability bits (V_NMI, V_NMI_MASK, and V_NMI_ENABLE) to virtualize NMI and NMI_MASK, Those capability bits are part of VMCB::intr_ctrl - V_NMI(11) - Indicates whether a virtual NMI is pending in the guest. V_NMI_MASK(12) - Indicates whether virtual NMI is masked in the guest. V_NMI_ENABLE(26) - Enables the NMI virtualization feature for the guest. When Hypervisor wants to inject NMI, it will set V_NMI bit, Processor will clear the V_NMI bit and Set the V_NMI_MASK which means the Guest is handling NMI, After the guest handled the NMI, The processor will clear the V_NMI_MASK on the successful completion of IRET instruction Or if VMEXIT occurs while delivering the virtual NMI. To enable the VNMI capability, Hypervisor need to program V_NMI_ENABLE bit 1. Reviewed-by: Maxim Levitsky Signed-off-by: Santosh Shukla --- arch/x86/include/asm/svm.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index cb1ee53ad3b189..26d6f549ce2b46 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -203,6 +203,13 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define X2APIC_MODE_SHIFT 30 #define X2APIC_MODE_MASK (1 << X2APIC_MODE_SHIFT) +#define V_NMI_PENDING_SHIFT 11 +#define V_NMI_PENDING (1 << V_NMI_PENDING_SHIFT) +#define V_NMI_MASK_SHIFT 12 +#define V_NMI_MASK (1 << V_NMI_MASK_SHIFT) +#define V_NMI_ENABLE_SHIFT 26 +#define V_NMI_ENABLE (1 << V_NMI_ENABLE_SHIFT) + #define LBR_CTL_ENABLE_MASK BIT_ULL(0) #define VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK BIT_ULL(1) From patchwork Tue Nov 29 19:37:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27479 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp537586wrr; Tue, 29 Nov 2022 11:54:20 -0800 (PST) X-Google-Smtp-Source: AA0mqf53/WqN9KImI8LOLsh3HMAGGOIGnuf2dqhmJkEgohIIE4N3vGg2Gq4h61gPa3zmfuNtkThk X-Received: by 2002:a17:902:a514:b0:189:97c3:6382 with SMTP id s20-20020a170902a51400b0018997c36382mr6824051plq.168.1669751660316; Tue, 29 Nov 2022 11:54:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751660; cv=none; d=google.com; s=arc-20160816; b=ELp7e/HvMhIGRqPtOR68HNNnFm3u54i9TzsLeAPKh4UE5WJlTphcNodWOoeQ04Uc20 +/OFWBaCLxFVif/Bs2O7viME6p5QVNAH9vIaj7I8rMVMDDrRzwGWsJssHevoMLiLz0sA oInpz+AwjtCJcZtuufxDmuzEEHsJsGN9ouJIkYkBpALrhQEturt4F4Wb75N70Co1eHSI quMeK31Uui77U+lb96Q+Lg/c8JpdDx/2Q6/7F5TOmt0Ovn4JKf0HuDe43VFZ312k2vvd nXv9KkQpLpSiSKz4Xg/tm0z7t30FgeVXcEBrzvEyvpAKI1PNhB7YXWVwRtGUDu9Eq6y8 Fe6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rGwAkLQUJjI6/SajL0tjhWVIBhdO0EXs4usgx0YdcWo=; b=bxVwncRVGa3LGIor9JI9wED9Lj84colP1UJHLfREJVQE13xAftlgbaHwB9QKbdKvse gvUL074haIJv/AlAINiijeT11dyPoo90yoeW4mN6SKL0nIHb3vh/wkiox91WhMCpBnm2 c2Hbxv/akWXDm7y0XC5YOVcyhaGW1knBbizp7ZaCHLQvddmLdHnTDTGYbJsShBQ/vsPo yvYaWQTMCpeuDvDJptu/+6nwWmMuK1EVckImk6Pzbl3K3IkKod9zU0caCE7oZJCmu2ES BejpiAjpe1vv2rXcp1/TiORw+hH/tLmxowrBohCHsnsR47RykdU2zPF6sWBbj18txWoX gEUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="OOdRLho/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id me5-20020a17090b17c500b00217ec4647afsi2694967pjb.14.2022.11.29.11.54.07; Tue, 29 Nov 2022 11:54:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="OOdRLho/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237176AbiK2Tl6 (ORCPT + 99 others); Tue, 29 Nov 2022 14:41:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48470 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236531AbiK2TlD (ORCPT ); Tue, 29 Nov 2022 14:41:03 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B34A52171 for ; Tue, 29 Nov 2022 11:38:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rGwAkLQUJjI6/SajL0tjhWVIBhdO0EXs4usgx0YdcWo=; b=OOdRLho/MXWON7WUlGEacbWsWJ7p4ixccnij+9yFQOwwcCZ3RosLWvITxkZ7IXTCVoQowE jFFUIePZX9rjlmZGzOkK0WKRnzHZUq942w4HhtfZ1ftDNFKid9mll1gXdVTY77vqZKMoKS Pr1f2ZcXA+BCclL9fnj7s0OWQcigVh4= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-385-I7THsf4vNf6hAU3FMB9_Jg-1; Tue, 29 Nov 2022 14:38:06 -0500 X-MC-Unique: I7THsf4vNf6hAU3FMB9_Jg-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2FC5086C141; Tue, 29 Nov 2022 19:38:05 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id EDDF42028DC1; Tue, 29 Nov 2022 19:38:00 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky , Santosh Shukla Subject: [PATCH v2 10/11] KVM: SVM: implement support for vNMI Date: Tue, 29 Nov 2022 21:37:16 +0200 Message-Id: <20221129193717.513824-11-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861517145662349?= X-GMAIL-MSGID: =?utf-8?q?1750861517145662349?= This patch implements support for injecting pending NMIs via the .kvm_x86_set_hw_nmi_pending using new AMD's vNMI feature. Note that the vNMI can't cause a VM exit, which is needed when a nested guest intercepts NMIs. Therefore to avoid breaking nesting, the vNMI is inhibited while a nested guest is running and instead, the legacy NMI window detection and delivery method is used. While it is possible to passthrough the vNMI if a nested guest doesn't intercept NMIs, such usage is very uncommon, and it's not worth to optimize for. Signed-off-by: Santosh Shukla Signed-off-by: Maxim Levitsky --- arch/x86/kvm/svm/nested.c | 42 +++++++++++++++ arch/x86/kvm/svm/svm.c | 111 ++++++++++++++++++++++++++++++-------- arch/x86/kvm/svm/svm.h | 10 ++++ 3 files changed, 140 insertions(+), 23 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index e891318595113e..5bea672bf8b12d 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -623,6 +623,42 @@ static bool is_evtinj_nmi(u32 evtinj) return type == SVM_EVTINJ_TYPE_NMI; } +static void nested_svm_save_vnmi(struct vcpu_svm *svm) +{ + struct vmcb *vmcb01 = svm->vmcb01.ptr; + + /* + * Copy the vNMI state back to software NMI tracking state + * for the duration of the nested run + */ + + svm->nmi_masked = vmcb01->control.int_ctl & V_NMI_MASK; + svm->vcpu.arch.nmi_pending += vmcb01->control.int_ctl & V_NMI_PENDING; +} + +static void nested_svm_restore_vnmi(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu = &svm->vcpu; + struct vmcb *vmcb01 = svm->vmcb01.ptr; + + /* + * Restore the vNMI state from the software NMI tracking state + * after a nested run + */ + + if (svm->nmi_masked) + vmcb01->control.int_ctl |= V_NMI_MASK; + else + vmcb01->control.int_ctl &= ~V_NMI_MASK; + + if (vcpu->arch.nmi_pending) { + vcpu->arch.nmi_pending--; + vmcb01->control.int_ctl |= V_NMI_PENDING; + } else + vmcb01->control.int_ctl &= ~V_NMI_PENDING; +} + + static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, unsigned long vmcb12_rip, unsigned long vmcb12_csbase) @@ -646,6 +682,9 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, else int_ctl_vmcb01_bits |= (V_GIF_MASK | V_GIF_ENABLE_MASK); + if (vnmi) + nested_svm_save_vnmi(svm); + /* Copied from vmcb01. msrpm_base can be overwritten later. */ vmcb02->control.nested_ctl = vmcb01->control.nested_ctl; vmcb02->control.iopm_base_pa = vmcb01->control.iopm_base_pa; @@ -1049,6 +1088,9 @@ int nested_svm_vmexit(struct vcpu_svm *svm) svm_update_lbrv(vcpu); } + if (vnmi) + nested_svm_restore_vnmi(svm); + /* * On vmexit the GIF is set to false and * no event can be injected in L1. diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index cfed6ab29c839a..bf10adcf3170a8 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -230,6 +230,8 @@ module_param(dump_invalid_vmcb, bool, 0644); bool intercept_smi = true; module_param(intercept_smi, bool, 0444); +bool vnmi = true; +module_param(vnmi, bool, 0444); static bool svm_gp_erratum_intercept = true; @@ -1299,6 +1301,9 @@ static void init_vmcb(struct kvm_vcpu *vcpu) if (kvm_vcpu_apicv_active(vcpu)) avic_init_vmcb(svm, vmcb); + if (vnmi) + svm->vmcb->control.int_ctl |= V_NMI_ENABLE; + if (vgif) { svm_clr_intercept(svm, INTERCEPT_STGI); svm_clr_intercept(svm, INTERCEPT_CLGI); @@ -3487,6 +3492,39 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) ++vcpu->stat.nmi_injections; } + +static bool svm_get_hw_nmi_pending(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + if (!is_vnmi_enabled(svm)) + return false; + + return !!(svm->vmcb->control.int_ctl & V_NMI_MASK); +} + +static bool svm_set_hw_nmi_pending(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + if (!is_vnmi_enabled(svm)) + return false; + + if (svm->vmcb->control.int_ctl & V_NMI_PENDING) + return false; + + svm->vmcb->control.int_ctl |= V_NMI_PENDING; + vmcb_mark_dirty(svm->vmcb, VMCB_INTR); + + /* + * NMI isn't yet technically injected but + * this rough estimation should be good enough + */ + ++vcpu->stat.nmi_injections; + + return true; +} + static void svm_inject_irq(struct kvm_vcpu *vcpu, bool reinjected) { struct vcpu_svm *svm = to_svm(vcpu); @@ -3582,11 +3620,38 @@ static void svm_update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr) svm_set_intercept(svm, INTERCEPT_CR8_WRITE); } +static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + if (is_vnmi_enabled(svm)) + return svm->vmcb->control.int_ctl & V_NMI_MASK; + else + return svm->nmi_masked; +} + +static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + if (is_vnmi_enabled(svm)) { + if (masked) + svm->vmcb->control.int_ctl |= V_NMI_MASK; + else + svm->vmcb->control.int_ctl &= ~V_NMI_MASK; + } else { + svm->nmi_masked = masked; + if (masked) + svm_enable_iret_interception(svm); + else + svm_disable_iret_interception(svm); + } +} + bool svm_nmi_blocked(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); struct vmcb *vmcb = svm->vmcb; - bool ret; if (!gif_set(svm)) return true; @@ -3594,10 +3659,10 @@ bool svm_nmi_blocked(struct kvm_vcpu *vcpu) if (is_guest_mode(vcpu) && nested_exit_on_nmi(svm)) return false; - ret = (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) || - (svm->nmi_masked); + if (svm_get_nmi_mask(vcpu)) + return true; - return ret; + return vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK; } static int svm_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection) @@ -3615,24 +3680,6 @@ static int svm_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection) return 1; } -static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu) -{ - return to_svm(vcpu)->nmi_masked; -} - -static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) -{ - struct vcpu_svm *svm = to_svm(vcpu); - - if (masked) { - svm->nmi_masked = true; - svm_enable_iret_interception(svm); - } else { - svm->nmi_masked = false; - svm_disable_iret_interception(svm); - } -} - bool svm_interrupt_blocked(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); @@ -3725,10 +3772,16 @@ static void svm_enable_nmi_window(struct kvm_vcpu *vcpu) /* * Something prevents NMI from been injected. Single step over possible * problem (IRET or exception injection or interrupt shadow) + * + * With vNMI we should never need an NMI window + * (we can always inject vNMI either by setting VNMI_PENDING or by EVENTINJ) */ + if (WARN_ON_ONCE(is_vnmi_enabled(svm))) + return; + svm->nmi_singlestep_guest_rflags = svm_get_rflags(vcpu); - svm->nmi_singlestep = true; svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF); + svm->nmi_singlestep = true; } static void svm_flush_tlb_current(struct kvm_vcpu *vcpu) @@ -4770,6 +4823,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .patch_hypercall = svm_patch_hypercall, .inject_irq = svm_inject_irq, .inject_nmi = svm_inject_nmi, + .get_hw_nmi_pending = svm_get_hw_nmi_pending, + .set_hw_nmi_pending = svm_set_hw_nmi_pending, .inject_exception = svm_inject_exception, .cancel_injection = svm_cancel_injection, .interrupt_allowed = svm_interrupt_allowed, @@ -5058,6 +5113,16 @@ static __init int svm_hardware_setup(void) pr_info("Virtual GIF supported\n"); } + + vnmi = vgif && vnmi && boot_cpu_has(X86_FEATURE_AMD_VNMI); + if (vnmi) + pr_info("Virtual NMI enabled\n"); + + if (!vnmi) { + svm_x86_ops.get_hw_nmi_pending = NULL; + svm_x86_ops.set_hw_nmi_pending = NULL; + } + if (lbrv) { if (!boot_cpu_has(X86_FEATURE_LBRV)) lbrv = false; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 587ddc150f9f34..0b7e1790fadde1 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -35,6 +35,7 @@ extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; extern int vgif; extern bool intercept_smi; +extern bool vnmi; enum avic_modes { AVIC_MODE_NONE = 0, @@ -553,6 +554,15 @@ static inline bool is_x2apic_msrpm_offset(u32 offset) (msr < (APIC_BASE_MSR + 0x100)); } +static inline bool is_vnmi_enabled(struct vcpu_svm *svm) +{ + /* L1's vNMI is inhibited while nested guest is running */ + if (is_guest_mode(&svm->vcpu)) + return false; + + return !!(svm->vmcb01.ptr->control.int_ctl & V_NMI_ENABLE); +} + /* svm.c */ #define MSR_INVALID 0xffffffffU From patchwork Tue Nov 29 19:37:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 27475 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp537272wrr; Tue, 29 Nov 2022 11:53:25 -0800 (PST) X-Google-Smtp-Source: AA0mqf794FQBR3U7Lwh3BhCAqrgQJzoBa8GdrE2srQ/A38oClW/cvaswIUJ4B8M7/28yRV2Pfc8N X-Received: by 2002:aa7:d558:0:b0:461:eea0:514c with SMTP id u24-20020aa7d558000000b00461eea0514cmr43537804edr.296.1669751605114; Tue, 29 Nov 2022 11:53:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669751605; cv=none; d=google.com; s=arc-20160816; b=uuNoJIFeecFxcU/kkHQdbhcHvpHViuPFpCIsh3W6qRJQtCxiJ6WUDe13N+k14ptolh iQRDprFERzyoLh9eoCO1eDYAXKeKJFKXGjBym0wHmT4pKbb1fTaszefYFufmAXZgGdC/ hxZ3JvZGFhTR1EtVMHthA48H+sLaGKmdNTf742IWC0KT1WACddblj+tdAHCYG+Xctqkf 26LhTQ/yGLwkScpG8DMVCgJst1Lx/PcXo3U54m5T0PCEgwrJ5NBUrWyvBRvr5M6j4C/4 W82vmYXPGmAvptMN1hc6Axeus3154jLygRwVlM8knuDYDiV8pTzeRLPwdrvPbJwpwoVj Mgjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zbNm6u7VwMLnnR5d0F1qjMdQ/5J2+Ysx2Y9gYe/zZwQ=; b=FoenIj4i45VW3OD1v3y5plUexVv/t08N642WptelXI7eQvloWxxnVzcJOZzbUDKbEq IniPG5jhuYPvbUCeiMDNJWqIpxguMjvRWLQFM2Ri4GnrTF1KkXTs+Od3B23dv1ItbTYi hFFmAD7jVyZ7JseHTvgxDZ4ZfM/lydsOsw5506/7T6VeW/UKOd1/tq/SItLVWzWBM3/L UPZWIzLXhucmitY1PGe6PO+TIEKoVZcV/IkNP2JeGqZzSMxhn5fq2MNv4tYMbZPtzgWm 0ArZvSns0we/hEBSbVef3LLydfVA2crAoHFomuHWLXC6KhooObhv/6yQwtiv3NZL2OWT x9RA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=X0JnGBW7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hc33-20020a17090716a100b007ae9f42f878si13763290ejc.354.2022.11.29.11.52.59; Tue, 29 Nov 2022 11:53:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=X0JnGBW7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236375AbiK2TmV (ORCPT + 99 others); Tue, 29 Nov 2022 14:42:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55110 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236944AbiK2TlS (ORCPT ); Tue, 29 Nov 2022 14:41:18 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A4B761760 for ; Tue, 29 Nov 2022 11:38:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669750699; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zbNm6u7VwMLnnR5d0F1qjMdQ/5J2+Ysx2Y9gYe/zZwQ=; b=X0JnGBW7aYkVjciKNKX1OlDqKuO+9sn3mygQypANNhSkdvb/nwZs3XC6dH4qLxEk00U3oa v67MQnbvBnXis/gy9xtMFBdR4JIBgjD7TcT6EempLooYMDKvmtg9H/wit7IfOjYfJf6b7h 9xs+jJXwSFnIuAgpp5SxgC0rbTKiQrY= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-275-UxmNabJBMqKYQKTIqYI29A-1; Tue, 29 Nov 2022 14:38:10 -0500 X-MC-Unique: UxmNabJBMqKYQKTIqYI29A-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CF1CB3C0F22F; Tue, 29 Nov 2022 19:38:09 +0000 (UTC) Received: from localhost.localdomain (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 80E782027061; Tue, 29 Nov 2022 19:38:05 +0000 (UTC) From: Maxim Levitsky To: kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Maxim Levitsky , Santosh Shukla Subject: [PATCH v2 11/11] KVM: nSVM: implement support for nested VNMI Date: Tue, 29 Nov 2022 21:37:17 +0200 Message-Id: <20221129193717.513824-12-mlevitsk@redhat.com> In-Reply-To: <20221129193717.513824-1-mlevitsk@redhat.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750861458831431672?= X-GMAIL-MSGID: =?utf-8?q?1750861458831431672?= This patch allows L1 to use vNMI to accelerate its injection of NMIs to L2 by passing through vNMI int_ctl bits from vmcb12 to/from vmcb02. While L2 runs, L1's vNMI is inhibited, and L1's NMIs are injected normally. In order to support nested VNMI requires saving and restoring the VNMI bits during nested entry and exit. In case of L1 and L2 both using VNMI- Copy VNMI bits from vmcb12 to vmcb02 during entry and vice-versa during exit. And in case of L1 uses VNMI and L2 doesn't- Copy VNMI bits from vmcb01 to vmcb02 during entry and vice-versa during exit. Tested with the KVM-unit-test and Nested Guest scenario. Signed-off-by: Santosh Shukla Signed-off-by: Maxim Levitsky --- arch/x86/kvm/svm/nested.c | 13 ++++++++++++- arch/x86/kvm/svm/svm.c | 5 +++++ arch/x86/kvm/svm/svm.h | 6 ++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 5bea672bf8b12d..81346665058e26 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -278,6 +278,11 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu, if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl))) return false; + if (CC((control->int_ctl & V_NMI_ENABLE) && + !vmcb12_is_intercept(control, INTERCEPT_NMI))) { + return false; + } + return true; } @@ -427,6 +432,9 @@ void nested_sync_control_from_vmcb02(struct vcpu_svm *svm) if (nested_vgif_enabled(svm)) mask |= V_GIF_MASK; + if (nested_vnmi_enabled(svm)) + mask |= V_NMI_MASK | V_NMI_PENDING; + svm->nested.ctl.int_ctl &= ~mask; svm->nested.ctl.int_ctl |= svm->vmcb->control.int_ctl & mask; } @@ -682,8 +690,11 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, else int_ctl_vmcb01_bits |= (V_GIF_MASK | V_GIF_ENABLE_MASK); - if (vnmi) + if (vnmi) { nested_svm_save_vnmi(svm); + if (nested_vnmi_enabled(svm)) + int_ctl_vmcb12_bits |= (V_NMI_PENDING | V_NMI_ENABLE | V_NMI_MASK); + } /* Copied from vmcb01. msrpm_base can be overwritten later. */ vmcb02->control.nested_ctl = vmcb01->control.nested_ctl; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bf10adcf3170a8..fb203f536d2f9b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4214,6 +4214,8 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) svm->vgif_enabled = vgif && guest_cpuid_has(vcpu, X86_FEATURE_VGIF); + svm->vnmi_enabled = vnmi && guest_cpuid_has(vcpu, X86_FEATURE_AMD_VNMI); + svm_recalc_instruction_intercepts(vcpu, svm); /* For sev guests, the memory encryption bit is not reserved in CR3. */ @@ -4967,6 +4969,9 @@ static __init void svm_set_cpu_caps(void) if (vgif) kvm_cpu_cap_set(X86_FEATURE_VGIF); + if (vnmi) + kvm_cpu_cap_set(X86_FEATURE_AMD_VNMI); + /* Nested VM can receive #VMEXIT instead of triggering #GP */ kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0b7e1790fadde1..8fb2085188c5ac 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -271,6 +271,7 @@ struct vcpu_svm { bool pause_filter_enabled : 1; bool pause_threshold_enabled : 1; bool vgif_enabled : 1; + bool vnmi_enabled : 1; u32 ldr_reg; u32 dfr_reg; @@ -545,6 +546,11 @@ static inline bool nested_npt_enabled(struct vcpu_svm *svm) return svm->nested.ctl.nested_ctl & SVM_NESTED_CTL_NP_ENABLE; } +static inline bool nested_vnmi_enabled(struct vcpu_svm *svm) +{ + return svm->vnmi_enabled && (svm->nested.ctl.int_ctl & V_NMI_ENABLE); +} + static inline bool is_x2apic_msrpm_offset(u32 offset) { /* 4 msrs per u8, and 4 u8 in u32 */