From patchwork Sat Jul 29 01:15:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127991 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp822666vqg; Fri, 28 Jul 2023 20:23:27 -0700 (PDT) X-Google-Smtp-Source: APBJJlGEZqX9VPTZ8GDeSd4d+wfQgFcBElegks8bvKy5m1cT8hw3CqOsibM9ztG6m+nD5lPOUroF X-Received: by 2002:a17:906:9bf0:b0:99b:d440:bf0c with SMTP id de48-20020a1709069bf000b0099bd440bf0cmr944027ejc.57.1690601007156; Fri, 28 Jul 2023 20:23:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690601007; cv=none; d=google.com; s=arc-20160816; b=jDas8jwd5M2Y1PSevAZu6PWuCgB8yjWqf4turDhe4AmHfIQ5b8pfwrxozJ4rgmOd8g 0YByuvrpBoPt+4O7Rkk7QYyGgye1xnauuzTqBBFMFg+luIgnKbJMUL/wVD1PTtwYr0jR r2h5n3gvhWZ69et3cS0EuaycLKIVd6jYde3ujddKseekhrxi0c2wY8UH7Lst9pre5yxD TT7rgwm6iZvtED35l67UDrqHVyrlVZlBDlZe24epMhN8sjHNfdjDTrO9hm0oY016K0Ig eAwHnvWl7qXelsTSKfJJv61JH2t31Pfbj2Y4CNgQU9YNXtFJG6FTPMlhuQG21Wa7kynE x1Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=OXHhc2U25Tn9jZSaAqLCulQOLba1UW3VXuih6bIvn0s=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=aaqTQMo98uiK8JLPdDTZHALsd8qzHL//pNdxJe4Ant9zhjkEW0ZUqBwnsucA7P3TmO 81BlHgbqQWeV7cful9AwJ3txVHC4goE2iF1IYu4I6YMWNqsG2rdreb7SKCgGiuecJ8Qb SiLnOZyLBP+gD8/+MzAebjxHVG4e74pyKrz0yPYUoxWte3os39ynIAiBQ5X8mJoOw88k MUPnuy+H7v2Hlyq8y/RA2zoTSWkYnwWZCr31UooYeUvmL0rzvdScazHTEn25AOmp0XcK YLDG52/5PhQ3/pn112kUMU+XIgL88+PeGOXRg+7+TyuY92r4IH8WQogzAAQ1tN/YxXIf WTQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Tod3zMqU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x23-20020a1709065ad700b00984f07f9bc1si3806466ejs.395.2023.07.28.20.23.03; Fri, 28 Jul 2023 20:23:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Tod3zMqU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237189AbjG2BQR (ORCPT + 99 others); Fri, 28 Jul 2023 21:16:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233297AbjG2BQP (ORCPT ); Fri, 28 Jul 2023 21:16:15 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E116D3AA8 for ; Fri, 28 Jul 2023 18:16:14 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1bb982d2572so17448605ad.0 for ; Fri, 28 Jul 2023 18:16:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593374; x=1691198174; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=OXHhc2U25Tn9jZSaAqLCulQOLba1UW3VXuih6bIvn0s=; b=Tod3zMqUpSYaMSjMntQET7ADtNMiYMgbBq1at6tAEQOFQg+AzH1AB/EPsntvDm5vNj EIG9W/6ReBz3I+JF0tX8SPTOlSXnEzx9ES1GjZQ1n/MoCOi0fTE2yochXFZoYOjwC6mc U3t5LNtMvj5DqqX4aJ80m3rhTwam3UPQTo2VgxfpkXQkLR7j/mmDbfm7nz5BPfC0DIRw ipi5tkLT3PhkVV1UrAy//YPPYzAiTfYSNf2NW4oExuekrUxEKRzNGrgzOAYZyTstIeTY SHF0J2p3TR7x0+vKZfwMp/3jlFMAB27g/khgrIS61KbP9aelsIKxNogzIgGACNWWhEod n7PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593374; x=1691198174; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OXHhc2U25Tn9jZSaAqLCulQOLba1UW3VXuih6bIvn0s=; b=MdSZurcqWqPKUmhl2gRiJSDWFWjldXNj1mj9LGbqQ7BRa3kIDyssRrDrATY1UqI8hF EkIcvXdCCooHyNh0cYdyGPzUI9oOEZw/l4D0JXA46h91B9yrwOTKyzpwJgktKEi09UZA Ms5RPJRaULrbXPiHRxaaXyA+PNLmEBNaD4GEBGwQsO4IjowRukFGBS29AVfDExq3e2Wc Y9W8Ma/Yl2LPen+XRre3mbUsk3wB7KnFt1No5cmdybFd8a1SIH023v1cl+kt7DS/hwxM gEfw8YezfuKByIF1JSVkjv/bvDxy3GXyr9/QHlDNPgIlrE/gUsPfSLLczgmCVxCad4Fx viKw== X-Gm-Message-State: ABy/qLZ5JZLfvWIzTKd2MCJcwddXTcRavSWODfBaHGeNPRnnS/bpG4QG RrF123MZ3UZ+u1lkchDqT8bNghfkDz8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:e74b:b0:1b8:a56e:1dcc with SMTP id p11-20020a170902e74b00b001b8a56e1dccmr11826plf.13.1690593374418; Fri, 28 Jul 2023 18:16:14 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:48 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-2-seanjc@google.com> Subject: [PATCH v2 01/21] KVM: nSVM: Check instead of asserting on nested TSC scaling support From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772723641860870502 X-GMAIL-MSGID: 1772723641860870502 Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1's MSR_AMD64_TSC_RATIO has diverged from KVM's default. Userspace can trigger the WARN at will by writing the MSR and then updating guest CPUID to hide the feature (modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking KVM's state_test selftest to do vcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0); vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR); after restoring state in a new VM+vCPU yields an endless supply of: ------------[ cut here ]------------ WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699 nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd] Call Trace: enter_svm_guest_mode+0x114/0x560 [kvm_amd] nested_svm_vmrun+0x260/0x330 [kvm_amd] vmrun_interception+0x29/0x30 [kvm_amd] svm_invoke_exit_handler+0x35/0x100 [kvm_amd] svm_handle_exit+0xe7/0x180 [kvm_amd] kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm] kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm] __se_sys_ioctl+0x7a/0xc0 __x64_sys_ioctl+0x21/0x30 do_syscall_64+0x41/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x45ca1b Note, the nested #VMEXIT path has the same flaw, but needs a different fix and will be handled separately. Fixes: 5228eb96a487 ("KVM: x86: nSVM: implement nested TSC scaling") Cc: Maxim Levitsky Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 96936ddf1b3c..0b90f5cf9df3 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -695,10 +695,9 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, vmcb02->control.tsc_offset = vcpu->arch.tsc_offset; - if (svm->tsc_ratio_msr != kvm_caps.default_tsc_scaling_ratio) { - WARN_ON(!svm->tsc_scaling_enabled); + if (svm->tsc_scaling_enabled && + svm->tsc_ratio_msr != kvm_caps.default_tsc_scaling_ratio) nested_svm_update_tsc_ratio_msr(vcpu); - } vmcb02->control.int_ctl = (svm->nested.ctl.int_ctl & int_ctl_vmcb12_bits) | From patchwork Sat Jul 29 01:15:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127999 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp837902vqg; Fri, 28 Jul 2023 21:18:43 -0700 (PDT) X-Google-Smtp-Source: APBJJlG4kyS5g0kzsfx+WZtVHNyqWd6JRaYXNCNWIMzTlwzG/0hhrSHJUD8H79Pg9ERMST7xgRHf X-Received: by 2002:a17:902:d487:b0:1bb:f1d9:432e with SMTP id c7-20020a170902d48700b001bbf1d9432emr2943340plg.37.1690604323300; Fri, 28 Jul 2023 21:18:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690604323; cv=none; d=google.com; s=arc-20160816; b=s/i2ZBjb8wOn6SonsrADAZDFatR/FlcRH/WvEDnubXOuPExmkPC5HDNQExFXeLw9PI OpbKn1FrffRrgGp3xwtMFHiMIYKyWAQ/VUlUHvEGMvJSHpWPc7wjBMW1+CBZBWPx8mMm DC3ZZsDhugJdQcO68u/6oN8CXL1vKx3q0b3LpTBL3+KdKoquHp0n+LebCsj/JLcjdQu6 a2swWiYtjGmlSe9UFDHafAJZQeKHYre9qRvEyvBa6GfokWFuwRR6faE0kqQgHOlfoH+9 KokQdIRz3BVOZoX+t1lGuoLTH+8gXFOBkCwUieRdI0xP75+HAhRUAHWfIj+U/ibfLPeL rpBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=cVoVow+zuN1SKsgICwhs7CtUzu9pX/xAq3Gg5W6CKlA=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=ksLwLALNEgOH9/mx2mypdugjCYrvmjI120gvzxnzEjX6645cOqA8nE6ws4qoInvAU4 Pgj/lHrC/DCyXC2A7g1/j3JlsqqaGKpCNJ79SjuOnM+TzAam/1a5ICQT7g62bHqr0CXN GnWuxXFVJa57ns5vqEa9GEWiDmnjXQB1TeZmb/uYtZN74YFn3S+mfa3oAW/i2BHVt8Ih OZkBHBXGDfqd1oocnzHKH8EKGNWcT4Gc7KG3gx8oWrcuzlwEkPUbuQbETG8Jsa+3mpI6 Ag3FqS3CLKyvjJIXPhMUCa6tZqGg45kItiXGhqO0M9ZmV6kQt7u16JyelR0TNjAtN4Q4 /gwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=YegBHX6e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 3-20020a630903000000b00563e82a67a6si3823270pgj.358.2023.07.28.21.18.16; Fri, 28 Jul 2023 21:18:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=YegBHX6e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237325AbjG2BQZ (ORCPT + 99 others); Fri, 28 Jul 2023 21:16:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237203AbjG2BQS (ORCPT ); Fri, 28 Jul 2023 21:16:18 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DAEF1739 for ; Fri, 28 Jul 2023 18:16:17 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d0fff3cf2d7so2590904276.2 for ; Fri, 28 Jul 2023 18:16:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593376; x=1691198176; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=cVoVow+zuN1SKsgICwhs7CtUzu9pX/xAq3Gg5W6CKlA=; b=YegBHX6eDw1uj+xgCXD6YD39fb70h+W0KWhVQvpOym2+owNKwn7bsXsD7brfQlaUlf nRiXpfAJYv5tM2P5/LI8rEIIKE74oKUaMlxpjLkLbXER2QNSuON95aBZaC3p7+A0+c1M KDEVVdJ/DMoEy0OxipsHd0LzTQy1HfKDjpTDZlfJL7IycKCUN4TiYjmAvw7EqOVAxW2Y CfUFO9DxC+8zR88DMhZAb/dnigzi3xGo+v3rVtUc7OwKKF7Ukco8DWb6aBM/2P2esD0X sjqb1dFWw31Zz1Z+UhInJmfA/Ptn4X0BgSzE+utq/SBa9GhLjL0UghrF8bbcB2IClu3Z zZbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593376; x=1691198176; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cVoVow+zuN1SKsgICwhs7CtUzu9pX/xAq3Gg5W6CKlA=; b=DhCa8tRZe75l1aYitVmmWTjcK6a1gc3K1zIYuozBeSMxi41TyAVqnIgdAmhwX5FWS8 AsWblpAABubfjhk6Xr1tGembj83mAFbw2St5ucT5fRY9x9vx5LGURc3yLZJgitGrt5zQ 9xXTV7CrMa3cOVrV28pEa6lD2OaKraySUGboOcEnZIcjqoyEgEHCMlF0COcwa4o/4nBd 383wJzEzcDjt9ANpHwqYl3DGydDWnvzA3PgFcT2VJV+6ZGgZUhPPMxQhBoS4i5hDdPiY 4E6AET9byPmQnumZ4VBkxjg5P9Qxpq9Bk5JqpnFsVkzw/6Mkq8fr0XTe49VBZ/IN/Gl2 CNuw== X-Gm-Message-State: ABy/qLawvg1pbT6yO0e3VekFGlpf0pmioK7nu2i2Nj+ko8orV0l59PFN gNsieUSmmd+TXCxc5TQVTbx706Dn29k= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:d2c9:0:b0:d05:7ba4:67f9 with SMTP id j192-20020a25d2c9000000b00d057ba467f9mr17210ybg.3.1690593376432; Fri, 28 Jul 2023 18:16:16 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:49 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-3-seanjc@google.com> Subject: [PATCH v2 02/21] KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772727118815269026 X-GMAIL-MSGID: 1772727118815269026 When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from the default. Functionally, the end result is the same as KVM will run L2 with L1's multiplier if L2's multiplier is the default, i.e. checking that L1's multiplier is loaded is equivalent to checking if L2 has a non-default multiplier. However, the assertion that TSC scaling is exposed to L1 is flawed, as userspace can trigger the WARN at will by writing the MSR and then updating guest CPUID to hide the feature (modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking KVM's state_test selftest to do vcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0); vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR); after restoring state in a new VM+vCPU yields an endless supply of: ------------[ cut here ]------------ WARNING: CPU: 10 PID: 206939 at arch/x86/kvm/svm/nested.c:1105 nested_svm_vmexit+0x6af/0x720 [kvm_amd] Call Trace: nested_svm_exit_handled+0x102/0x1f0 [kvm_amd] svm_handle_exit+0xb9/0x180 [kvm_amd] kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm] kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm] ? trace_hardirqs_off+0x4d/0xa0 __se_sys_ioctl+0x7a/0xc0 __x64_sys_ioctl+0x21/0x30 do_syscall_64+0x41/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Unlike the nested VMRUN path, hoisting the svm->tsc_scaling_enabled check into the if-statement is wrong as KVM needs to ensure L1's multiplier is loaded in the above scenario. Alternatively, the WARN_ON() could simply be deleted, but that would make KVM's behavior even more subtle, e.g. it's not immediately obvious why it's safe to write MSR_AMD64_TSC_RATIO when checking only tsc_ratio_msr. Fixes: 5228eb96a487 ("KVM: x86: nSVM: implement nested TSC scaling") Cc: Maxim Levitsky Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 0b90f5cf9df3..c66c823ae222 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1100,8 +1100,8 @@ int nested_svm_vmexit(struct vcpu_svm *svm) vmcb_mark_dirty(vmcb01, VMCB_INTERCEPTS); } - if (svm->tsc_ratio_msr != kvm_caps.default_tsc_scaling_ratio) { - WARN_ON(!svm->tsc_scaling_enabled); + if (kvm_caps.has_tsc_control && + vcpu->arch.tsc_scaling_ratio != vcpu->arch.l1_tsc_scaling_ratio) { vcpu->arch.tsc_scaling_ratio = vcpu->arch.l1_tsc_scaling_ratio; __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio); } From patchwork Sat Jul 29 01:15:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128032 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp900895vqg; Sat, 29 Jul 2023 00:41:50 -0700 (PDT) X-Google-Smtp-Source: APBJJlGwiuR7NAkEdExY1/xyT7dlGG0S7WYj3rYqSYp1XXyqIQpHnDN8aukPDsPgIdveR/kIbC5w X-Received: by 2002:a17:902:efc7:b0:1bb:8064:91d2 with SMTP id ja7-20020a170902efc700b001bb806491d2mr3559618plb.69.1690616510166; Sat, 29 Jul 2023 00:41:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690616510; cv=none; d=google.com; s=arc-20160816; b=PBOm0+MIvKcKqwEnSznF2eX2r7vX/hu3STI3Ylepnpf7Gl8WBIiP0V6TG4YZ6guE8O E0kTzgfjuAV/yK2vyC0unrOpzWy66i3CteB/hUcL0c9IkEEgPLwwoWIQ0WGOeh4vKGT3 m643nCJo+eVsfFZwBWR+5r9MIdM6RvEZAOLI3Y94sFrzo3v8cGUf2aYhkv10Hryqt8NR apkcU05K3AUQyUdFe5RlZF+SZGNYuhCGLtLNRykEbuh0LsTDIwvyxSyEry30NUoHjRLI NeUrvFr1SWLKyFHxhQB15raD9Qb+xK9jl2xrVI53uHorxD/1D7klgGfb1fQigh38p0QD LQxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=ZuWZLM3TsGRT4+GSq26rjSsckFQ3rCb0+5vjCs2V2s0=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=yS7Buj7FUXjO/vuS0JcivwCL6QCbdXxpJGJNsCF3GnJN9sZpqeVYogVbaUouwSkF+l GfjQNPZrAt2iym57BfrtJGjTpPofXzCjrY2azaHVmOBzlwEsoi+Rh+2aYBEdfgklCkxC utQEkzFpRXBpnHqwayr5S6cnADzZ6R4qJf4lJyOSWrdNm4NeAOOa61EalSdQpQH+wmbt sEeR4XxyoyBwWBdu3AMTyuWYgL+T73sQnWG1VlpMYCghEatuRigMPlLxJbKB18cc7I7P /IugTeApMBo4KO/ATpT/ZmElSjVEtRVuFubAyZHr9T6jDA83OFFkzUKNyOkPmkVq/Bpe 7vgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=7e0xigtH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y22-20020a17090264d600b001bbd452d974si4233979pli.554.2023.07.29.00.41.37; Sat, 29 Jul 2023 00:41:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=7e0xigtH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237282AbjG2BQ2 (ORCPT + 99 others); Fri, 28 Jul 2023 21:16:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35828 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233297AbjG2BQT (ORCPT ); Fri, 28 Jul 2023 21:16:19 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0E4B3AB4 for ; Fri, 28 Jul 2023 18:16:18 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id d9443c01a7336-1bbb34b091dso18454445ad.0 for ; Fri, 28 Jul 2023 18:16:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593378; x=1691198178; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ZuWZLM3TsGRT4+GSq26rjSsckFQ3rCb0+5vjCs2V2s0=; b=7e0xigtHAglSpXpflBYGihw2dTRSRuft1mPV4wW8wW0ghLKMtLjC0R9ZHyxDhwvGE4 J2NwAQd/ce9HycT7MO9KVtjDyHWxeXF+a3ewQbDDS8EUlq9JC6JpnA25xFBrap2axg0u NLxe6+4MYhXGS121VtYa/OJLo809sN/3FplntG7TNrxWb+ve2btyLP/qgu/wvzufkrZc JIZzuVhAFnBHEyHdmioU8znfRXzwIjOgUqdPcJOPGmU4t2DYFBMzj+oj/mDU+GvCN6H4 0ntkCLS7KSx2VtFtwI11x7otgtFbDftSCYJ1Cjz5WGxH9DxsMhkI4uTnxGDGNAypG0ro OwAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593378; x=1691198178; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZuWZLM3TsGRT4+GSq26rjSsckFQ3rCb0+5vjCs2V2s0=; b=T4GOvtlHg5RGE/ehANy56Lmh41pn2G9ZrLKP0GufwCrXvKkoHTIkTVeG8MKx6HkZRe NSKqp0p571k/WuWNs4hXX9JjQy+UfdTq42+RvxEn37rXAXhU0qq1pKP7gTAtdH1mVV3e B7AbXrnKuTqH/xB4UfRiQHTBKPWb7tO8csMtOzitHrFbYr4daupGBawrMzFR5pUKn7Tt cTbz6hPXCN/X0Na1/NrNj54wEvNjdAq4wQgxe0rXwlV2S0LXqxQHnBaHxUzY5UU+92O5 tIMk3Jy78fCAcyJVOKWTVROb6z5pElI2CEaGcAjE1LgBl8fiNX4SOms3rlimXvA027h0 jkzg== X-Gm-Message-State: ABy/qLakKWPQCOsu4GN/Qup0PixGGIvLNoJcCY1w2XzQSKHFboWyvwIF R8rGbeifDDmOsLZKeWF1c4AtaCyC0Ks= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:da83:b0:1b3:c62d:71b5 with SMTP id j3-20020a170902da8300b001b3c62d71b5mr12310plx.0.1690593378396; Fri, 28 Jul 2023 18:16:18 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:50 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-4-seanjc@google.com> Subject: [PATCH v2 03/21] KVM: nSVM: Use the "outer" helper for writing multiplier to MSR_AMD64_TSC_RATIO From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772739897958937162 X-GMAIL-MSGID: 1772739897958937162 When emulating nested SVM transitions, use the outer helper for writing the TSC multiplier for L2. Using the inner helper only for one-off cases, i.e. for paths where KVM is NOT emulating or modifying vCPU state, will allow for multiple cleanups: - Explicitly disabling preemption only in the outer helper - Getting the multiplier from the vCPU field in the outer helper - Skipping the WRMSR in the outer helper if guest state isn't loaded Opportunistically delete an extra newline. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 4 ++-- arch/x86/kvm/svm/svm.c | 5 ++--- arch/x86/kvm/svm/svm.h | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index c66c823ae222..5d5a1d7832fb 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1103,7 +1103,7 @@ int nested_svm_vmexit(struct vcpu_svm *svm) if (kvm_caps.has_tsc_control && vcpu->arch.tsc_scaling_ratio != vcpu->arch.l1_tsc_scaling_ratio) { vcpu->arch.tsc_scaling_ratio = vcpu->arch.l1_tsc_scaling_ratio; - __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio); + svm_write_tsc_multiplier(vcpu, vcpu->arch.tsc_scaling_ratio); } svm->nested.ctl.nested_cr3 = 0; @@ -1536,7 +1536,7 @@ void nested_svm_update_tsc_ratio_msr(struct kvm_vcpu *vcpu) vcpu->arch.tsc_scaling_ratio = kvm_calc_nested_tsc_multiplier(vcpu->arch.l1_tsc_scaling_ratio, svm->tsc_ratio_msr); - __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio); + svm_write_tsc_multiplier(vcpu, vcpu->arch.tsc_scaling_ratio); } /* Inverse operation of nested_copy_vmcb_control_to_cache(). asid is copied too. */ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d381ad424554..13f316375b14 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -550,7 +550,7 @@ static int svm_check_processor_compat(void) return 0; } -void __svm_write_tsc_multiplier(u64 multiplier) +static void __svm_write_tsc_multiplier(u64 multiplier) { preempt_disable(); @@ -1110,12 +1110,11 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS); } -static void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier) +void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier) { __svm_write_tsc_multiplier(multiplier); } - /* Evaluate instruction intercepts that depend on guest CPUID features. */ static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu, struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 18af7e712a5a..7132c0a04817 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -658,7 +658,7 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, bool has_error_code, u32 error_code); int nested_svm_exit_special(struct vcpu_svm *svm); void nested_svm_update_tsc_ratio_msr(struct kvm_vcpu *vcpu); -void __svm_write_tsc_multiplier(u64 multiplier); +void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier); void nested_copy_vmcb_control_to_cache(struct vcpu_svm *svm, struct vmcb_control_area *control); void nested_copy_vmcb_save_to_cache(struct vcpu_svm *svm, From patchwork Sat Jul 29 01:15:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127971 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp810874vqg; Fri, 28 Jul 2023 19:43:03 -0700 (PDT) X-Google-Smtp-Source: APBJJlFigrAUB/aK3RM01LpgI96gt3ncPSeXQ81CGPeBYm7VjxwbqrYwEB/MghXhJglijwIN1eoS X-Received: by 2002:a17:902:7406:b0:1b8:ae24:c207 with SMTP id g6-20020a170902740600b001b8ae24c207mr2839654pll.68.1690598582677; Fri, 28 Jul 2023 19:43:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690598582; cv=none; d=google.com; s=arc-20160816; b=T9r4oHgpNzf4b6N+FSUebJZ2ct4nrQkhfQi4pPm7FvMXoBiYyFFohuN74HPzh3ZmS7 3suVsWbcF6OnmUM0DP2Tkx2GmFK2rBrlxglYFpoiySijhQr98ZGph19gaELpbBe1+DVh TNG8XK/umqC2BhtNU9XFr9bx4KjdjrrYE852dFE4MNw+/W3ULH4DLSBHBj0SedcexZ3b Xlr+x9Wg9gJTyH82uWZ7LKa9uswC1c3W5ahzLDIG+xpT1MIvVkgbyuntTYzqpWKANeOX S9VwDZqxra6BYmK1LG4R8HhVtJ60aOzmUIEAVqPpz/oBQOkzWuyuLcurzrTi7iZu7+Im abRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=yjRclKPY/9S+JAFpnnezgnJAMv3d4o18PbOAl4Gq6ok=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=GIzNMCKOiSEIhDXD6h37RZYr9oNyzpOAyEjFL3lcJ8vbXGi4EljM/FGSdkNNg/glDs yarDtIRT4UELnrZh7R1KsN3WFsHe/J9/KCsk1r74qGLUqZ1s1FlbYoUZ55vApbpe5SOv YlU6djJ0RXzXKCbQeEC2oyu0P6bIPqPYT56mkn5JYRW5BLXPnyNeigfuPbFk9Yw6xutv qYs148W6NmT5X+1wE4+px6cd0Z5Q8CzvnABePK1H1D7YOUZlzfJTJCnczhFooqCZ7uB2 IqHpTWa1lY6EiqP2oI0GmAdCs0CdieVZJcZXjarqPJTsEKiMm/49QCFXXxx5CnsZzPbn gi2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=caCnBKLK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w5-20020a1709029a8500b001b876d46162si528336plp.38.2023.07.28.19.42.49; Fri, 28 Jul 2023 19:43:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=caCnBKLK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237363AbjG2BQb (ORCPT + 99 others); Fri, 28 Jul 2023 21:16:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237213AbjG2BQX (ORCPT ); Fri, 28 Jul 2023 21:16:23 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E5413C34 for ; Fri, 28 Jul 2023 18:16:21 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d1ebc896bd7so2518275276.2 for ; Fri, 28 Jul 2023 18:16:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593380; x=1691198180; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=yjRclKPY/9S+JAFpnnezgnJAMv3d4o18PbOAl4Gq6ok=; b=caCnBKLK7IeUNp+Z+raLFiokOC/PMzHYkMmLwjuwc30UhDYMyfbhEyZ5nbkAN7xkug KKEqQjN9iHGmf2ROn0mMx3MXFk+YuOxc8W5HM0Gs4i/dieGRnzIvxSz0qTiN9Odhjyab seK5w16gJ9mug5/WoV1dYB+JqSU4GkUKZuEOGiyzUF8SpjKRgXR1FrDI+0JENrWJtLKT 2GG1xPNuSYMeHfd3SL6QK/G/DsfLaMWwAuExeV/ZmopcHhdtiUrB6+SH9EIoA0GYXJA2 KkguPnmbdOsuwC+YTNWiz362JDyAEftoOG+Gtq8k02+XNdOvh3/R0RtWkr+0nNq2QegI I8/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593380; x=1691198180; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yjRclKPY/9S+JAFpnnezgnJAMv3d4o18PbOAl4Gq6ok=; b=FE4qrH0koDxVKFoagwlxGSc4N20a3sv+2Iako/5OaZDmuBmU7p4eibrLu0ZcRgIAz4 kg7MKgMg7pV9U2yjOdpbkc2mPGwXuN1NqVthty/LSfutPhZVASLlUCFmrOCUC1dVnPC1 KlojGD8dcEYm0iKwjEmLH1EQDAm6iMAPN+FlCcY+RvYfAu0SJNE0iRmnTTCRppDygBPK N6t16UKyrov13RSYvZrded2hnqEh9one0E3lznkw0327IM9JtxUgUwT21lmqPh2aFliq asARD43kWS1zr8t2UaCPSbkT1T73SAR6GYo8L3pB7Bng/gQFRlU0ebmJO9oRiqScU4X8 cO/A== X-Gm-Message-State: ABy/qLbPuewHJnNc8x4XZRMN/maX/ou389sBE4uAE1bBLMlih8EvDSyB qeoSK9y2Y/mV+LZZFMfKmV5unzAf5xM= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:ac48:0:b0:d15:d6da:7e97 with SMTP id r8-20020a25ac48000000b00d15d6da7e97mr17043ybd.3.1690593380274; Fri, 28 Jul 2023 18:16:20 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:51 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-5-seanjc@google.com> Subject: [PATCH v2 04/21] KVM: SVM: Clean up preemption toggling related to MSR_AMD64_TSC_RATIO From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772721099233230746 X-GMAIL-MSGID: 1772721099233230746 Explicitly disable preemption when writing MSR_AMD64_TSC_RATIO only in the "outer" helper, as all direct callers of the "inner" helper now run with preemption already disabled. And that isn't a coincidence, as the outer helper requires a vCPU and is intended to be used when modifying guest state and/or emulating guest instructions, which are typically done with preemption enabled. Direct use of the inner helper should be extremely limited, as the only time KVM should modify MSR_AMD64_TSC_RATIO without a vCPU is when sanitizing the MSR for a specific pCPU (currently done when {en,dis}abling disabling SVM). The other direct caller is svm_prepare_switch_to_guest(), which does have a vCPU, but is a one-off special case: KVM is about to enter the guest on a specific pCPU and thus must have preemption disabled. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 13f316375b14..9fc5e402636a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -552,15 +552,11 @@ static int svm_check_processor_compat(void) static void __svm_write_tsc_multiplier(u64 multiplier) { - preempt_disable(); - if (multiplier == __this_cpu_read(current_tsc_ratio)) - goto out; + return; wrmsrl(MSR_AMD64_TSC_RATIO, multiplier); __this_cpu_write(current_tsc_ratio, multiplier); -out: - preempt_enable(); } static void svm_hardware_disable(void) @@ -1112,7 +1108,9 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier) { + preempt_disable(); __svm_write_tsc_multiplier(multiplier); + preempt_enable(); } /* Evaluate instruction intercepts that depend on guest CPUID features. */ From patchwork Sat Jul 29 01:15:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127989 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp821015vqg; Fri, 28 Jul 2023 20:17:48 -0700 (PDT) X-Google-Smtp-Source: APBJJlGMne36CG5g8hTlpU2/qiAuzIVuwpP6adhv7TmPrP74V0EdOkk7NwePAecJkLG9NqVoF1tD X-Received: by 2002:a17:906:3008:b0:993:d53b:9805 with SMTP id 8-20020a170906300800b00993d53b9805mr856684ejz.11.1690600667837; Fri, 28 Jul 2023 20:17:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690600667; cv=none; d=google.com; s=arc-20160816; b=Zs/hiUgDeovA3g0FMhRaY7WRUNNKvefqHQqxhy4584enxQdogyXO2awtipbV8+Ewet X4K1cKqX/06+O802Z8LUeLeCF4AAu+ACG2Vbp/JLSzIVOIXk7VzteGJMMShQAjNki8ym qw8VtMvCi/0MzaKNi2rTxxNk0AFH5jPYtEO/8nVCdohD8B8gfvwEpU9x0IDRHJ+QE55P Y6jlhoQ4nctcsqSx5wA6QLL5z7k/Jqgov/1zqlMfKNRFbvdGXm3Yc7/Uy9/VeReqxZ4P LrijKh+ejhOP8SbrL1fJpIJWvF42mxtrAsTn7c+jy05qL5y9044Dzerxm+yr+AKE/rqk AI8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=w0TB/9gZR8BYEaJuOAquuw9fLoM6MdZQTs9CMG8qcvs=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=j2pBupSsTCJJMUsML+tlZ5K2GAJtPoPI+kCbBVY+zEx7/SuhFQEm4ZRrCiwmG3ZqAs bNAH+9feXb95/5Q1NMQYaXpNtFJgaHJk1Dz7yYxN/1GErcFC22YENLNqOAnUxwYlp/1Q +jznOajgpVquhzyRHCYU+8yH+1hVh746S4gGXxSwDqGkYwDJvASR9/DM2NCXsx82Z/tp N1bU/B9hzPeIvDz/7TQijaNDW94u4QfkftXsNGev/cv/raSWOyOHWkwlXw7yPBEgDo+/ eASbGVNb1MqtEweq0e7NfLNZSKGnUiofgtn2qlXCMh04K6ZbaD+BZ2KqHMIp4iT5NG2H X2fA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=3wx3MWt2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s11-20020a170906a18b00b00997e1a43c28si3460378ejy.381.2023.07.28.20.17.24; Fri, 28 Jul 2023 20:17:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=3wx3MWt2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237400AbjG2BQk (ORCPT + 99 others); Fri, 28 Jul 2023 21:16:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237252AbjG2BQ0 (ORCPT ); Fri, 28 Jul 2023 21:16:26 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7682E3AB3 for ; Fri, 28 Jul 2023 18:16:23 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id 41be03b00d2f7-5635233876bso1898453a12.0 for ; Fri, 28 Jul 2023 18:16:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593382; x=1691198182; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=w0TB/9gZR8BYEaJuOAquuw9fLoM6MdZQTs9CMG8qcvs=; b=3wx3MWt26WL60Xj9bVeqIqNc/cA6K8uIJbOqM0p0ZsGKleZ9VkfwZZcYY37I5uGVNG Np8SxBmmoAe8KsDMX66c/MniGkfVg2h0nGEPrNQVBDURGQdlBReM9Hr//TngwzZgzuGt E3nFvZTeYp6S3aEMU+cinlpk47lU5hL/Sc+1SgOYkkzm4kSsDp1l+B8Ch1i0zMD3KIx1 dPTnowq2y6e91DvnbsS1BO4Ef+Ylm60pQmd/OVTFGxDKT/WJahH6rtuZZ+2hk9LbjI/j +SbsZieRKrTgkPNIrA9Rw7LOYrGONcI8HUI7T2nAoAQ5DUOL2kIzhXXOkuET13EmXizY fAUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593382; x=1691198182; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w0TB/9gZR8BYEaJuOAquuw9fLoM6MdZQTs9CMG8qcvs=; b=F39yZAn4OyyVQK3LF3bqk9Qa6JBb7hSdwWnEpvo6Q33aGN91tMm3D+q9XVv2eTmaYv dWsRCiaGmm8eMtikPCgFYSIsGOMIGMDyLL5vnuL+9ztrBs7hEo7VAAi19lonm8up0M/G GuFys/EtBVTn4ZLEvPT1zHZ9LlyfSaqwhUAalH9Ywl/FKoVOEPnPmxR6kRAMCg8Zt+ad Qq/unx9yd5W1X2iKHfGPBvThbXiEWojoED0Gmi+rddbTfpEDDd6JAcurNQa/krzl6HVg E0bwUWnfOPvdqQByT4XzZzTAbyN+2XxcuZvDTdwTNIGsHdXfQKC5sZ/rq2t+0oBnhqa9 w6Cg== X-Gm-Message-State: ABy/qLZqNWzyyte/kkIOimRcCebEaiaU8L4Ki9x6pThzunVwPwEdndx+ hec5qd/4XtIjFCJLH2VmryXYMfphaag= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:dac4:b0:1bb:91c9:d334 with SMTP id q4-20020a170902dac400b001bb91c9d334mr11559plx.0.1690593382395; Fri, 28 Jul 2023 18:16:22 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:52 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-6-seanjc@google.com> Subject: [PATCH v2 05/21] KVM: x86: Always write vCPU's current TSC offset/ratio in vendor hooks From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772723286193432347 X-GMAIL-MSGID: 1772723286193432347 Drop the @offset and @multiplier params from the kvm_x86_ops hooks for propagating TSC offsets/multipliers into hardware, and instead have the vendor implementations pull the information directly from the vCPU structure. The respective vCPU fields _must_ be written at the same time in order to maintain consistent state, i.e. it's not random luck that the value passed in by all callers is grabbed from the vCPU. Explicitly grabbing the value from the vCPU field in SVM's implementation in particular will allow for additional cleanup without introducing even more subtle dependencies. Specifically, SVM can skip the WRMSR if guest state isn't loaded, i.e. svm_prepare_switch_to_guest() will load the correct value for the vCPU prior to entering the guest. This also reconciles KVM's handling of related values that are stored in the vCPU, as svm_write_tsc_offset() already assumes/requires the caller to have updated l1_tsc_offset. Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm_host.h | 4 ++-- arch/x86/kvm/svm/nested.c | 4 ++-- arch/x86/kvm/svm/svm.c | 8 ++++---- arch/x86/kvm/svm/svm.h | 2 +- arch/x86/kvm/vmx/vmx.c | 8 ++++---- arch/x86/kvm/x86.c | 5 ++--- 6 files changed, 15 insertions(+), 16 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 28bd38303d70..dad9331c5270 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1654,8 +1654,8 @@ struct kvm_x86_ops { u64 (*get_l2_tsc_offset)(struct kvm_vcpu *vcpu); u64 (*get_l2_tsc_multiplier)(struct kvm_vcpu *vcpu); - void (*write_tsc_offset)(struct kvm_vcpu *vcpu, u64 offset); - void (*write_tsc_multiplier)(struct kvm_vcpu *vcpu, u64 multiplier); + void (*write_tsc_offset)(struct kvm_vcpu *vcpu); + void (*write_tsc_multiplier)(struct kvm_vcpu *vcpu); /* * Retrieve somewhat arbitrary exit information. Intended to diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 5d5a1d7832fb..3342cc4a5189 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1103,7 +1103,7 @@ int nested_svm_vmexit(struct vcpu_svm *svm) if (kvm_caps.has_tsc_control && vcpu->arch.tsc_scaling_ratio != vcpu->arch.l1_tsc_scaling_ratio) { vcpu->arch.tsc_scaling_ratio = vcpu->arch.l1_tsc_scaling_ratio; - svm_write_tsc_multiplier(vcpu, vcpu->arch.tsc_scaling_ratio); + svm_write_tsc_multiplier(vcpu); } svm->nested.ctl.nested_cr3 = 0; @@ -1536,7 +1536,7 @@ void nested_svm_update_tsc_ratio_msr(struct kvm_vcpu *vcpu) vcpu->arch.tsc_scaling_ratio = kvm_calc_nested_tsc_multiplier(vcpu->arch.l1_tsc_scaling_ratio, svm->tsc_ratio_msr); - svm_write_tsc_multiplier(vcpu, vcpu->arch.tsc_scaling_ratio); + svm_write_tsc_multiplier(vcpu); } /* Inverse operation of nested_copy_vmcb_control_to_cache(). asid is copied too. */ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 9fc5e402636a..c786c8e9108f 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1097,19 +1097,19 @@ static u64 svm_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu) return svm->tsc_ratio_msr; } -static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) +static void svm_write_tsc_offset(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); svm->vmcb01.ptr->control.tsc_offset = vcpu->arch.l1_tsc_offset; - svm->vmcb->control.tsc_offset = offset; + svm->vmcb->control.tsc_offset = vcpu->arch.tsc_offset; vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS); } -void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier) +void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu) { preempt_disable(); - __svm_write_tsc_multiplier(multiplier); + __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio); preempt_enable(); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 7132c0a04817..5829a1801862 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -658,7 +658,7 @@ int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, bool has_error_code, u32 error_code); int nested_svm_exit_special(struct vcpu_svm *svm); void nested_svm_update_tsc_ratio_msr(struct kvm_vcpu *vcpu); -void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier); +void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu); void nested_copy_vmcb_control_to_cache(struct vcpu_svm *svm, struct vmcb_control_area *control); void nested_copy_vmcb_save_to_cache(struct vcpu_svm *svm, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 0ecf4be2c6af..ca6194b0e35e 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1884,14 +1884,14 @@ u64 vmx_get_l2_tsc_multiplier(struct kvm_vcpu *vcpu) return kvm_caps.default_tsc_scaling_ratio; } -static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) +static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu) { - vmcs_write64(TSC_OFFSET, offset); + vmcs_write64(TSC_OFFSET, vcpu->arch.tsc_offset); } -static void vmx_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier) +static void vmx_write_tsc_multiplier(struct kvm_vcpu *vcpu) { - vmcs_write64(TSC_MULTIPLIER, multiplier); + vmcs_write64(TSC_MULTIPLIER, vcpu->arch.tsc_scaling_ratio); } /* diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a6b9bea62fb8..5a14378ed4e1 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -2615,7 +2615,7 @@ static void kvm_vcpu_write_tsc_offset(struct kvm_vcpu *vcpu, u64 l1_offset) else vcpu->arch.tsc_offset = l1_offset; - static_call(kvm_x86_write_tsc_offset)(vcpu, vcpu->arch.tsc_offset); + static_call(kvm_x86_write_tsc_offset)(vcpu); } static void kvm_vcpu_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 l1_multiplier) @@ -2631,8 +2631,7 @@ static void kvm_vcpu_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 l1_multipli vcpu->arch.tsc_scaling_ratio = l1_multiplier; if (kvm_caps.has_tsc_control) - static_call(kvm_x86_write_tsc_multiplier)( - vcpu, vcpu->arch.tsc_scaling_ratio); + static_call(kvm_x86_write_tsc_multiplier)(vcpu); } static inline bool kvm_check_tsc_unstable(void) From patchwork Sat Jul 29 01:15:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128055 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp914671vqg; Sat, 29 Jul 2023 01:24:19 -0700 (PDT) X-Google-Smtp-Source: APBJJlH87uR/Jij1wWEzWcgOyDtecyVv50kZyZdwItMMp8KIaEDInzNFKKvFoo3eN7RnfI3FojBt X-Received: by 2002:a17:90a:4a03:b0:264:a14:ce19 with SMTP id e3-20020a17090a4a0300b002640a14ce19mr3415473pjh.20.1690619058703; Sat, 29 Jul 2023 01:24:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690619058; cv=none; d=google.com; s=arc-20160816; b=ED0wbiliqKfcx98OxJ6IVL9Vj5y1DZRpOFrM4fyYBMpiwEIEAUTbEiqjDWjiJeTp6w HGp1P+VRx+T+XWZMKkISsXYtNqyNCh5JEdBtKPWOVx66ww9f0LEgvlh4yq0GZzRvGcWp Q7O8uB5fPvAPxwXpZ7RKdpcioZ3lghROPOuoUdGNwGzU1QCztIPk7AFueY7urQqszMqY pQEFB9wYVkcdjrd4L8+RUPZTc7w3gf7FTS7vov50/lIeA/FrVmtzwLVP7molEfi9xt2U FGbpgnGu3+qqp1l0MVSudiVAi0lRC7jY+8xfwMaeIXpKR5br3mgXimORS6F6n9jGjGEH ft0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=9PS6/kdsyjCNOIgCqCLtomsQfkSrRepMjSfHvyibg7s=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=ZipD6O+tZ4ejTqqPOQNyTaJ25cI77Oe1cj7rM/1B+OxmkG81L03vGjEJZPoFdF11MI QgDySFy8pUfGKo1CepE0UYldZUydkkExQXl1eORZ2OiCXHOG4K+SB9mbmmrdWO5qo1a7 Ron7bQPMAmxyfovRdivC/xYn+BKIuqPS9kkwBuS5pabnXv0iQVGSqocC9qwN/w9IpP+t gTk9ZPboabTVFEcHXezoYgbmpCOWNCzOETA3yap01YBSlYmCdabOC0DHfhRTGwXpWze5 XCBq1jENnIXuV3dtAv7lo+NS/qklHBGJQTe3H0lv5i06BLhxIVW4ZkidEIXXS1h9DJsS ATvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=c9HO1UvE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y16-20020a170902b49000b001bbe7fae392si2867950plr.335.2023.07.29.01.24.05; Sat, 29 Jul 2023 01:24:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=c9HO1UvE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237463AbjG2BQx (ORCPT + 99 others); Fri, 28 Jul 2023 21:16:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237224AbjG2BQj (ORCPT ); Fri, 28 Jul 2023 21:16:39 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95B9E3C3B for ; Fri, 28 Jul 2023 18:16:26 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-d2a392775c6so544688276.0 for ; Fri, 28 Jul 2023 18:16:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593384; x=1691198184; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=9PS6/kdsyjCNOIgCqCLtomsQfkSrRepMjSfHvyibg7s=; b=c9HO1UvEnLy9K57Umvf7Flw62OFFzkuP2T0gD0+H/F2Wrc2Z02KCFwh2+D53HbJtWH KhfBsskIdUPOI8Jkc4V34fiYowP+Rd6ZB5OzGU3ekI1UFMwHI77pr/q39J9d6KxXiq4B SlMKcGMdqFy2Co+J4cJU0bs8yXrxu/HsSZUSCMZV1tCItPwiplohOl3FrDi3Ln4VrLut nYtgYf4DMLSxjERbAjwrhlbXHShhmsuCE0McWqHXd0oKqVCy3cepOSYM8dgVtihTDp2V sgE0WaY+/6SsQrBYtbDGicJ/SThQ1OI7S5i//Zgy+AymK2OaCkbKQP2sR87WUwc9EGK6 7fzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593384; x=1691198184; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9PS6/kdsyjCNOIgCqCLtomsQfkSrRepMjSfHvyibg7s=; b=gOuzANCxXyjSQVqImNfGwTmOqKxC5O0HKYzFuHR5xARr8Z+nZgLz+MP+o40LfaUBgW pushUi9P0yTgAjaR4M7y1C3J9ro1/cZBQShLxRkfVpYkghptld2RRyRrpGzxpYnTeUwX vQ9u6dZc5b2JVBc+zBECQ2NsyWNd6covynr/h7Hq9PX/wk6hGrT9B3Q3RT6cSb+acuwV iKAj5TSbf6MUHoK2dYkw2xQ1tcbkroXaona/SZ8yZ8BKadrIWyDPTb3Nug1Qf/6LeYKg 62ShApwRRqzS/d01A3vwdSmu7+UoeM+4MZZs+K4Yqg2MYlZLwyF+QlVANv364oeX/GYE rJrg== X-Gm-Message-State: ABy/qLanMX1rm+E7kEvSIWNbn4gpszh4lkQweXEkbVae069IMif3Hutb BOlxxL7jCz95JkU5K5diAIIrQrEzid0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:2311:0:b0:d0c:e71d:fab with SMTP id j17-20020a252311000000b00d0ce71d0fabmr19536ybj.0.1690593384631; Fri, 28 Jul 2023 18:16:24 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:53 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-7-seanjc@google.com> Subject: [PATCH v2 06/21] KVM: nSVM: Skip writes to MSR_AMD64_TSC_RATIO if guest state isn't loaded From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772742570086335920 X-GMAIL-MSGID: 1772742570086335920 Skip writes to MSR_AMD64_TSC_RATIO that are done in the context of a vCPU if guest state isn't loaded, i.e. if KVM will update MSR_AMD64_TSC_RATIO during svm_prepare_switch_to_guest() before entering the guest. Checking guest_state_loaded may or may not be a net positive for performance as the current_tsc_ratio cache will optimize away duplicate WRMSRs in the vast majority of scenarios. However, the cost of the check is negligible, and the real motivation is to document that KVM needs to load the vCPU's value only when running the vCPU. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index c786c8e9108f..64092df06f94 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1109,7 +1109,8 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu) void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu) { preempt_disable(); - __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio); + if (to_svm(vcpu)->guest_state_loaded) + __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio); preempt_enable(); } From patchwork Sat Jul 29 01:15:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127964 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp806967vqg; Fri, 28 Jul 2023 19:29:55 -0700 (PDT) X-Google-Smtp-Source: APBJJlG6uDy4Cal9R/V/v4Qsab+95otmpA7sYrTSiPDiZBhRHnMYDatyvptDgLyMQ+Mehc48Kldm X-Received: by 2002:a17:90b:4f81:b0:267:6a1d:323c with SMTP id qe1-20020a17090b4f8100b002676a1d323cmr3496613pjb.43.1690597795391; Fri, 28 Jul 2023 19:29:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690597795; cv=none; d=google.com; s=arc-20160816; b=S888fu1g+5NtpbDmbikx+2CP7nSUuIJqI56erhDV+wkAHPZfVq5vtiTuYEbFCtkgvb Gi5zauaKmwdMjNccGNWJHhp8r382DykzIWBMFgXo+ugNtMy37qxv56VbW54aB8FifibU tTYCm3ypkdlE8gUB3LxPJ4XDU8Nr8Zr+KQlwX7XJljAAZXnQK1rHiPwmA5S9mJU5ThYW ovduart6PsxJr0UjSjkgmO0ckCicQx6Fbho15wx5aTK1aQFwwPdr2JzeOqwqC52IpiTX IL+gw1oUVhTcKeqbEiFLSUxsTqG0nTb4O7/OVR/ifUMTocqh/QZt2SpxccsmZE6cArnb WosQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=M16bFNHvkcRN+2tjzsNjLxHb/2/W6Tup2HBNR7k8XBw=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=aOIKryONKNr7POyJPfLN8deOEzUGjROeeg7VwOCzfdhsfV64+oskkr4h4Vjnb4qr5X gfsNm1Wnrhmd6boYMPxt+MFjvz3F/HGfR/d95cHedLbwzRkvenrQLpH9Kzcy5hu3VtVl f2VT/ME2M6CWvCqouaZ/JwLgstY+cAnKwi/JaNpp4V+bLvLXWglakUtkkseHTee24Y/d /SQWzEvBQk4aFDPEv3a7lrfInmHNvdfGMboKHEgda5WNc4nOQU1Po5xncLDqpoVLnHeS iuH0LNIWd89XkxJyos7cYpyDslrqyo8UY3H0fl+xu1xs/O7GCOT/8T/9Fhxg1dG2kWtI kfSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=49bhXtk1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w7-20020a17090a4f4700b0025eeb3cc4b2si3932813pjl.9.2023.07.28.19.29.42; Fri, 28 Jul 2023 19:29:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=49bhXtk1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237474AbjG2BQ4 (ORCPT + 99 others); Fri, 28 Jul 2023 21:16:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237303AbjG2BQl (ORCPT ); Fri, 28 Jul 2023 21:16:41 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF8E1421B for ; Fri, 28 Jul 2023 18:16:27 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1bbb34b091dso18455055ad.0 for ; Fri, 28 Jul 2023 18:16:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593386; x=1691198186; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=M16bFNHvkcRN+2tjzsNjLxHb/2/W6Tup2HBNR7k8XBw=; b=49bhXtk1TQndkdZicqvaWVKyYKrRCpE3oCrlFpmKUCTsnGZUIsKHCjwhwWRb08n9Qk a8gr0vD/KpN7Fa62d5JTSUM0dOOsaAzwHXFCxs/RdSjylNaP04n8sXCDwwjl8UUTVOGA izSx1Nrqt6//EO73u8NI8XIUb5y/4W8n0bl0ogxbBscbk6d1cV1/ofxHr2ijd/LbjPGF H4eR39j0Cp3ins3W4N2BtoYhu6gyvlIKHLMwaRIo1H2y+VJ7D10Q4ny+Hxc1HrTQne2Q Xa3ERJq72CcR5TwfES4F7mS5xvdKem9UCVvfWpxLvYyRPOXXKqNWd8e0TgoFGv7slb1+ Y74w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593386; x=1691198186; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=M16bFNHvkcRN+2tjzsNjLxHb/2/W6Tup2HBNR7k8XBw=; b=LvajNwCGqBUOUxQz9/K2o0xspcH576HFkCyAq9GQJsCbqEqLQ5zXtFZ/VTTnkqYKy/ 3s85hS/BL9rU25PkLW3B0GSxQYCTa/vUDj4i+8WyXwKgWjLnkoAVYga+hJLaWRypor2V +rKalOZkUXNmqMXbzeLuCIuRNGrOuvGRioOZjGanXM8qvPD1Zo59w7aHbETxYuTfTGZG YuLJqSr1/hpaNzV1ve4TdonMgR6ELdEeQ91ucYkn5Tf+V/kdCffqH8kB/9OhXOPIjG/g QpPvDeUCdScxRYZApQHVtDo9vA+izkITbylAq4Ww3e3u/OTEwImZlzMclHpXDdcHh58D Cu4A== X-Gm-Message-State: ABy/qLa/BRwFCC8rs8okEHeA8N8I+KW6CGWGnJT4nxozald7TrjdQUiv dma2rKK3Ho0F5lcBZMa1DUdeNtGxgRM= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:903:2445:b0:1bb:c7bc:ce9a with SMTP id l5-20020a170903244500b001bbc7bcce9amr13660pls.10.1690593386757; Fri, 28 Jul 2023 18:16:26 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:54 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-8-seanjc@google.com> Subject: [PATCH v2 07/21] KVM: x86: Add a framework for enabling KVM-governed x86 features From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772720273919689048 X-GMAIL-MSGID: 1772720273919689048 Introduce yet another X86_FEATURE flag framework to manage and cache KVM governed features (for lack of a better name). "Governed" in this case means that KVM has some level of involvement and/or vested interest in whether or not an X86_FEATURE can be used by the guest. The intent of the framework is twofold: to simplify caching of guest CPUID flags that KVM needs to frequently query, and to add clarity to such caching, e.g. it isn't immediately obvious that SVM's bundle of flags for "optional nested SVM features" track whether or not a flag is exposed to L1. Begrudgingly define KVM_MAX_NR_GOVERNED_FEATURES for the size of the bitmap to avoid exposing governed_features.h in arch/x86/include/asm/, but add a FIXME to call out that it can and should be cleaned up once "struct kvm_vcpu_arch" is no longer expose to the kernel at large. Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm_host.h | 19 +++++++++++++ arch/x86/kvm/cpuid.c | 4 +++ arch/x86/kvm/cpuid.h | 46 ++++++++++++++++++++++++++++++++ arch/x86/kvm/governed_features.h | 9 +++++++ 4 files changed, 78 insertions(+) create mode 100644 arch/x86/kvm/governed_features.h diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index dad9331c5270..007fa8bfd634 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -831,6 +831,25 @@ struct kvm_vcpu_arch { struct kvm_cpuid_entry2 *cpuid_entries; struct kvm_hypervisor_cpuid kvm_cpuid; + /* + * FIXME: Drop this macro and use KVM_NR_GOVERNED_FEATURES directly + * when "struct kvm_vcpu_arch" is no longer defined in an + * arch/x86/include/asm header. The max is mostly arbitrary, i.e. + * can be increased as necessary. + */ +#define KVM_MAX_NR_GOVERNED_FEATURES BITS_PER_LONG + + /* + * Track whether or not the guest is allowed to use features that are + * governed by KVM, where "governed" means KVM needs to manage state + * and/or explicitly enable the feature in hardware. Typically, but + * not always, governed features can be used by the guest if and only + * if both KVM and userspace want to expose the feature to the guest. + */ + struct { + DECLARE_BITMAP(enabled, KVM_MAX_NR_GOVERNED_FEATURES); + } governed_features; + u64 reserved_gpa_bits; int maxphyaddr; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 7f4d13383cf2..ef826568c222 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -313,6 +313,10 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) struct kvm_lapic *apic = vcpu->arch.apic; struct kvm_cpuid_entry2 *best; + BUILD_BUG_ON(KVM_NR_GOVERNED_FEATURES > KVM_MAX_NR_GOVERNED_FEATURES); + bitmap_zero(vcpu->arch.governed_features.enabled, + KVM_MAX_NR_GOVERNED_FEATURES); + best = kvm_find_cpuid_entry(vcpu, 1); if (best && apic) { if (cpuid_entry_has(best, X86_FEATURE_TSC_DEADLINE_TIMER)) diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index b1658c0de847..3000fbe97678 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -232,4 +232,50 @@ static __always_inline bool guest_pv_has(struct kvm_vcpu *vcpu, return vcpu->arch.pv_cpuid.features & (1u << kvm_feature); } +enum kvm_governed_features { +#define KVM_GOVERNED_FEATURE(x) KVM_GOVERNED_##x, +#include "governed_features.h" + KVM_NR_GOVERNED_FEATURES +}; + +static __always_inline int kvm_governed_feature_index(unsigned int x86_feature) +{ + switch (x86_feature) { +#define KVM_GOVERNED_FEATURE(x) case x: return KVM_GOVERNED_##x; +#include "governed_features.h" + default: + return -1; + } +} + +static __always_inline int kvm_is_governed_feature(unsigned int x86_feature) +{ + return kvm_governed_feature_index(x86_feature) >= 0; +} + +static __always_inline void kvm_governed_feature_set(struct kvm_vcpu *vcpu, + unsigned int x86_feature) +{ + BUILD_BUG_ON(!kvm_is_governed_feature(x86_feature)); + + __set_bit(kvm_governed_feature_index(x86_feature), + vcpu->arch.governed_features.enabled); +} + +static __always_inline void kvm_governed_feature_check_and_set(struct kvm_vcpu *vcpu, + unsigned int x86_feature) +{ + if (kvm_cpu_cap_has(x86_feature) && guest_cpuid_has(vcpu, x86_feature)) + kvm_governed_feature_set(vcpu, x86_feature); +} + +static __always_inline bool guest_can_use(struct kvm_vcpu *vcpu, + unsigned int x86_feature) +{ + BUILD_BUG_ON(!kvm_is_governed_feature(x86_feature)); + + return test_bit(kvm_governed_feature_index(x86_feature), + vcpu->arch.governed_features.enabled); +} + #endif diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h new file mode 100644 index 000000000000..40ce8e6608cd --- /dev/null +++ b/arch/x86/kvm/governed_features.h @@ -0,0 +1,9 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#if !defined(KVM_GOVERNED_FEATURE) || defined(KVM_GOVERNED_X86_FEATURE) +BUILD_BUG() +#endif + +#define KVM_GOVERNED_X86_FEATURE(x) KVM_GOVERNED_FEATURE(X86_FEATURE_##x) + +#undef KVM_GOVERNED_X86_FEATURE +#undef KVM_GOVERNED_FEATURE From patchwork Sat Jul 29 01:15:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128015 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp880242vqg; Fri, 28 Jul 2023 23:38:29 -0700 (PDT) X-Google-Smtp-Source: APBJJlFW96LJAVtxoVsjUyRCy0NNDUif//fN66CNyGZ4hey4nVjvJ0p3438Vp85vYevh5CPMQZTO X-Received: by 2002:a50:fe91:0:b0:522:1956:a291 with SMTP id d17-20020a50fe91000000b005221956a291mr3176831edt.8.1690612708807; Fri, 28 Jul 2023 23:38:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690612708; cv=none; d=google.com; s=arc-20160816; b=sM5Xd7jFnRcnszZPbpz+yyz6lBnDc2nRFohVClh1TYh7Y4c/TpIL09RuffWtNinH84 vhE25FM1JXr6DdNmAbUqMfRcGArbbPwRxIKa3BoxfpjeBQM57+kMJIw/y23HXt0qyO0f AhByAlRWWgQS39WO/vbDyUKjYNdGjRsIVsfCcoVaTErjtyDVsFyPN7rQ79RFN5NiZvOM KU7JuXFo78CvKGKPuegJ046K4ILhdPjJI2cQsiYGpJzcdLPw/j9qY41N6sqOEqfESZzV Z6ubO+LOeo+1ZBn/MxB6B0JgU+66cFDB3pruvbuz7Wai97AUyqRtlfVFike5M/POrkKT 5Afg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=OeX+CuubSaKKTeg9YUHiYCwLGztaZPXmiwSd5vwTnGo=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=GdCUg2GPu+jlJm67dcIyuA1QGMgc9yWn15xVxc1sMVuoUpZ2SCqMNEo2xAYlohJhSQ DsuGTbIb5ffxFw6KGBPyvRvPZrmD40OvYzf5bET/ee9kjtJhBJhBEljJuQPKo7xSwLwT P3ADctlCf8Uzg4dNv2DoWCCX+GrGuUYSyVY8xhp4AC53N30e6bpudLM0nfVHW73v2NdZ yWJeMfuF8ehgcF083CvHyoHO8aRscbXRpHWO09AlTHO1qaTmPRRC82XoZ2Vto0HkTcwH Ca3AvD1CNUcxP/0caoyBUCwhbcA6BDP6gCwPKaB6gmiaw4ywO531elfiMD0iRuR36ecW 6/7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=tczXnxVR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d19-20020a056402517300b005225a609054si19512ede.291.2023.07.28.23.38.05; Fri, 28 Jul 2023 23:38:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=tczXnxVR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237441AbjG2BRK (ORCPT + 99 others); Fri, 28 Jul 2023 21:17:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237219AbjG2BQq (ORCPT ); Fri, 28 Jul 2023 21:16:46 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3ED149EA for ; Fri, 28 Jul 2023 18:16:29 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5704995f964so29395747b3.2 for ; Fri, 28 Jul 2023 18:16:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593388; x=1691198188; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=OeX+CuubSaKKTeg9YUHiYCwLGztaZPXmiwSd5vwTnGo=; b=tczXnxVR/+BbWdcXZzl16Zjac9Ua038CcCQZlGqLyrjqqJA8FnbTg//UO8FJYiqmLY bTheeO1XRmDgq5B0p1UTPzDHqUoZePinMfEwTVlLSLupYGg3UtaMSrQDuZLMBmksB1kY /ZibaeRhEWniSleStOuqcs+QbMglMUexLC3HWcSWhg+imS8D1XTSRDYw4VIGfDXngXiF yA0MLBkGp6BTuyJco3d6fa58/C31vKQ9PpcZId1xL2u3XuuFJTkdwby9axhAZX5MSkMf On5p9uy1VV3x+9bGcxgT7AO/fPmQ/vrmqcVD70Oe05qaAKI7xSOLVWDn9TNpD53phozU DXTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593388; x=1691198188; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OeX+CuubSaKKTeg9YUHiYCwLGztaZPXmiwSd5vwTnGo=; b=eS+3od7w1DhAQVSv/aH0ulYzZxwlylvcRItfAfsZ3iz6SpFs9IcD+O45MLNLIVuQMl I8mCxSRYb9w71LfxRNlWJK0lN0yc7LKEhHHxDJmi/1WPP4Ngcei07/BA6SuomcmX3PgC Oa9kRxguSc6Q35acmipLl7hF72Mi5yD7/UBZDM9a4I9S0YIK0jcL7lnw2u6vJqHS2PXe 3xlrCp+g1LvQav7sLWQQlbT0mmdRl9E6g+PSP5d3Iwvz5L+MwP0pasZE8gisTfrmN9YM b3x+ep5JsHa0kv4u03u23Xo/516R3ORUeipvJ7FcwEYZ9wMfkT+n0n0m53Th+ybIFG1q G37Q== X-Gm-Message-State: ABy/qLbfKbDn7a6t+m91GWH0Bj3JQNJ7GjQVyPymbyxavg4gY1toUDAM kz/P7y7Jpi2S4TnwpyRx8G+xUEXfdq4= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:c094:0:b0:c6a:caf1:e601 with SMTP id c142-20020a25c094000000b00c6acaf1e601mr18754ybf.13.1690593388698; Fri, 28 Jul 2023 18:16:28 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:55 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-9-seanjc@google.com> Subject: [PATCH v2 08/21] KVM: x86/mmu: Use KVM-governed feature framework to track "GBPAGES enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772735911468548805 X-GMAIL-MSGID: 1772735911468548805 Use the governed feature framework to track whether or not the guest can use 1GiB pages, and drop the one-off helper that wraps the surprisingly non-trivial logic surrounding 1GiB page usage in the guest. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 17 +++++++++++++++++ arch/x86/kvm/governed_features.h | 2 ++ arch/x86/kvm/mmu/mmu.c | 20 +++----------------- 3 files changed, 22 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index ef826568c222..f74d6c404551 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -312,11 +312,28 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic = vcpu->arch.apic; struct kvm_cpuid_entry2 *best; + bool allow_gbpages; BUILD_BUG_ON(KVM_NR_GOVERNED_FEATURES > KVM_MAX_NR_GOVERNED_FEATURES); bitmap_zero(vcpu->arch.governed_features.enabled, KVM_MAX_NR_GOVERNED_FEATURES); + /* + * If TDP is enabled, let the guest use GBPAGES if they're supported in + * hardware. The hardware page walker doesn't let KVM disable GBPAGES, + * i.e. won't treat them as reserved, and KVM doesn't redo the GVA->GPA + * walk for performance and complexity reasons. Not to mention KVM + * _can't_ solve the problem because GVA->GPA walks aren't visible to + * KVM once a TDP translation is installed. Mimic hardware behavior so + * that KVM's is at least consistent, i.e. doesn't randomly inject #PF. + * If TDP is disabled, honor *only* guest CPUID as KVM has full control + * and can install smaller shadow pages if the host lacks 1GiB support. + */ + allow_gbpages = tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) : + guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES); + if (allow_gbpages) + kvm_governed_feature_set(vcpu, X86_FEATURE_GBPAGES); + best = kvm_find_cpuid_entry(vcpu, 1); if (best && apic) { if (cpuid_entry_has(best, X86_FEATURE_TSC_DEADLINE_TIMER)) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 40ce8e6608cd..b29c15d5e038 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -5,5 +5,7 @@ BUILD_BUG() #define KVM_GOVERNED_X86_FEATURE(x) KVM_GOVERNED_FEATURE(X86_FEATURE_##x) +KVM_GOVERNED_X86_FEATURE(GBPAGES) + #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index ec169f5c7dce..7b9104b054bc 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4808,28 +4808,13 @@ static void __reset_rsvds_bits_mask(struct rsvd_bits_validate *rsvd_check, } } -static bool guest_can_use_gbpages(struct kvm_vcpu *vcpu) -{ - /* - * If TDP is enabled, let the guest use GBPAGES if they're supported in - * hardware. The hardware page walker doesn't let KVM disable GBPAGES, - * i.e. won't treat them as reserved, and KVM doesn't redo the GVA->GPA - * walk for performance and complexity reasons. Not to mention KVM - * _can't_ solve the problem because GVA->GPA walks aren't visible to - * KVM once a TDP translation is installed. Mimic hardware behavior so - * that KVM's is at least consistent, i.e. doesn't randomly inject #PF. - */ - return tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) : - guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES); -} - static void reset_guest_rsvds_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context) { __reset_rsvds_bits_mask(&context->guest_rsvd_check, vcpu->arch.reserved_gpa_bits, context->cpu_role.base.level, is_efer_nx(context), - guest_can_use_gbpages(vcpu), + guest_can_use(vcpu, X86_FEATURE_GBPAGES), is_cr4_pse(context), guest_cpuid_is_amd_or_hygon(vcpu)); } @@ -4906,7 +4891,8 @@ static void reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, __reset_rsvds_bits_mask(shadow_zero_check, reserved_hpa_bits(), context->root_role.level, context->root_role.efer_nx, - guest_can_use_gbpages(vcpu), is_pse, is_amd); + guest_can_use(vcpu, X86_FEATURE_GBPAGES), + is_pse, is_amd); if (!shadow_me_mask) return; From patchwork Sat Jul 29 01:15:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128007 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp849611vqg; Fri, 28 Jul 2023 22:01:21 -0700 (PDT) X-Google-Smtp-Source: APBJJlEQ7yMUcTAGGBqSGQJYHU7XOZSmgftgIC4QRRIrM67EhCMbhwrxkN0GuhTMdoGTG89J16Dg X-Received: by 2002:a05:6a20:3956:b0:133:215e:746d with SMTP id r22-20020a056a20395600b00133215e746dmr4984289pzg.41.1690606880896; Fri, 28 Jul 2023 22:01:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690606880; cv=none; d=google.com; s=arc-20160816; b=ezTbfb9HpZAlL0LSMPd91JBSkIGN4qHzDO4WccM/cRO+Y6L5SksHeRBsDHoVR/tJd8 ZpshDKD3YQmQTIfoG11md5WlawPf4M0FGFBhoTByoWR1Rw/qTVy+224wls+daNDXptpz 07bjbm9/Oxg0MInJDIv5O3JYE2Rl/2xhIAecS2vYtofyCx+AGdYSMJYHMEixTTDNFD0G 1KJLDQuAxBUDDrtKG71Vxcj271tDZgaybognhjLD7uTGY8xdrh3ga7RDDQ1qTWQT1Evz bGwbnqbp1GNWjPs+PG1twywFpzP+XFivV/SjWxITVFALhhS2U7WXww41iIVE914q0Fb4 p2ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=dha0R9DASOGG7XsDxaLGGX3ibqnbBc/BGtiYIStTeKk=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=saIeUgEAVwklffrD0nkhXGEiEJU7TeNJpy3arT85nCzvG7laaDEjqsbnLecjLCq3Oy sc9NTXWUGQK5KrFONpDKrn/VcxbOedJ1s4zWAtFgQNVi3c5ro/ldNkrdzbaL6rLkNYCs 6Ox9mbLumfbPXOycs7+3gYyDPRWqwElK2Vlus2UMIeHeDYyvBQUZoNiw0+IkllHS3fHP CAwH/bWrKpuab8QyM9FNhXGYLNekW4jr3FrLvhjzF+k2GyhXgndomDoud5bmvn6fJl1j /Qdm7hohzlhL74CgzIyIbEv2XRsosKV6PYB6/RtjDbORT7qXZF/aQ4xuAe3vzEK9ckGD q3Qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=R3Co0mWi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eb22-20020a056a004c9600b00686efa5660bsi4157151pfb.86.2023.07.28.22.01.07; Fri, 28 Jul 2023 22:01:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=R3Co0mWi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237494AbjG2BQ7 (ORCPT + 99 others); Fri, 28 Jul 2023 21:16:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237341AbjG2BQm (ORCPT ); Fri, 28 Jul 2023 21:16:42 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5273F4EDA for ; Fri, 28 Jul 2023 18:16:31 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-583f048985bso29330407b3.2 for ; Fri, 28 Jul 2023 18:16:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593390; x=1691198190; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=dha0R9DASOGG7XsDxaLGGX3ibqnbBc/BGtiYIStTeKk=; b=R3Co0mWiKnMv23E+s2+bqRdZmHQ84c/0b2b0fBo6EJQu6wPbygTYbxo36RI0+IgysS XDCFUpUFfWR+ehZJdSP1sSsQQ9o3WOEV2VplPcfel3Ge0mrZ7/rRUgtg0mGGWpuk13bp xfpe9jYKGXATKIbGI1hcpa59d19+f3EeNTKaIxoidXs9dYUzDY55tDOFOu/O7QyxycyU grN9DnbNhrA+O05bNUzvKfg77yWa464N+cFEO0gvI7NSnuVmeOezegM5mUJyeYF6ioP/ yksWReHMBzO/z9PT19qKsWocLXdvMQ0NUXoNe7RDBZd6t5rF0HgB/41Nmvvda1pWzJEt 8aZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593390; x=1691198190; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dha0R9DASOGG7XsDxaLGGX3ibqnbBc/BGtiYIStTeKk=; b=iNvV4n1dyw4JqOZWOjFYNzWynuRGpzWyToclMzLJeZ68Vn1/XbarnpqupyaXqSaBxa huuNdIlaGbjgoM1krZynDIDJDkr26fBHU/psaWnDk9bJ0jTgenqHnj0ztQmUirNwahJA +Eo8GgrI02fopYTzBikJv8nqjNIVwSNU4Odl/Y8xsuJ575KBOaOYSiCOr7OlBRSOUpXD QgSjoxcgt9jM2kjbRcKPn7S3LfZeJ7PnyQIPFUnU3bRbLCGGIXir9y32Y7y1q8i6Hasa mPSQgeej/Lk38G1HMG0WQF3NllI+Jpd0E+RJd8HSrujAoK4htli5ZgDj4/gGvtkz3o+X DrbA== X-Gm-Message-State: ABy/qLZn4ylD0NazZm32ZjDCWa2Fp+gHU93/o08i0YsKAfnX4INz5s1O i9D6a6Rg7PLdmjibcN1IyNkpX2/hM88= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:a784:0:b0:577:d5b:7ce3 with SMTP id e126-20020a81a784000000b005770d5b7ce3mr27415ywh.9.1690593390450; Fri, 28 Jul 2023 18:16:30 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:56 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-10-seanjc@google.com> Subject: [PATCH v2 09/21] KVM: VMX: Recompute "XSAVES enabled" only after CPUID update From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772729800894221555 X-GMAIL-MSGID: 1772729800894221555 Recompute whether or not XSAVES is enabled for the guest only if the guest's CPUID model changes instead of redoing the computation every time KVM generates vmcs01's secondary execution controls. The boot_cpu_has() and cpu_has_vmx_xsaves() checks should never change after KVM is loaded, and if they do the kernel/KVM is hosed. Opportunistically add a comment explaining _why_ XSAVES is effectively exposed to the guest if and only if XSAVE is also exposed to the guest. Practically speaking, no functional change intended (KVM will do fewer computations, but should still get the see the same xsaves_enabled value whenever KVM looks at it). Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index ca6194b0e35e..307d73749185 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4587,19 +4587,10 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml || !atomic_read(&vcpu->kvm->nr_memslots_dirty_logging)) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; - if (cpu_has_vmx_xsaves()) { - /* Exposing XSAVES only when XSAVE is exposed */ - bool xsaves_enabled = - boot_cpu_has(X86_FEATURE_XSAVE) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); - - vcpu->arch.xsaves_enabled = xsaves_enabled; - + if (cpu_has_vmx_xsaves()) vmx_adjust_secondary_exec_control(vmx, &exec_control, SECONDARY_EXEC_XSAVES, - xsaves_enabled, false); - } + vcpu->arch.xsaves_enabled, false); /* * RDPID is also gated by ENABLE_RDTSCP, turn on the control if either @@ -7722,8 +7713,15 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); - /* xsaves_enabled is recomputed in vmx_compute_secondary_exec_control(). */ - vcpu->arch.xsaves_enabled = false; + /* + * XSAVES is effectively enabled if and only if XSAVE is also exposed + * to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be + * set if and only if XSAVE is supported. + */ + vcpu->arch.xsaves_enabled = cpu_has_vmx_xsaves() && + boot_cpu_has(X86_FEATURE_XSAVE) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); vmx_setup_uret_msrs(vmx); From patchwork Sat Jul 29 01:15:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128002 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp842917vqg; Fri, 28 Jul 2023 21:36:05 -0700 (PDT) X-Google-Smtp-Source: APBJJlG5SIPIozmWJHHFXo8MnQniR6Dt9VaF9UyMM9vhcvQ4/riYOhM1ShCecUjfwUQfFx+YoWo7 X-Received: by 2002:a05:6a20:7d8a:b0:135:6ef6:17f with SMTP id v10-20020a056a207d8a00b001356ef6017fmr4494807pzj.43.1690605365462; Fri, 28 Jul 2023 21:36:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690605365; cv=none; d=google.com; s=arc-20160816; b=p7at9ZDUzF0i6wL3hy3sBAEa1H5wYG9GelTgFElvznXdj47XHxatErwEFfpQQsnBtx 9Y3Vb//wTUF62s2NkRws2FOtYjfngjiiyfRv3/s2JNStkxNv5ik5AYSy37vYn6i4YO6S V8JHd5vwS0jZ2fH5Z/XJzPyK7MAJ9/GR57CMedDvARHcYBjsHa59qG5ML9z0hGz1SCmC 1B4IKIHTSHVEr4hxVax3KikQiYvVowKoYKGX/Ia7beNS7eQwsAuNDRqiFZfI/z69HQDw X65TRcyvfMtv/EokTJHA6CPrfzG3tsOLMjLpp0nIB+6l/0scSM+QjitoHXwks1WCSI0m aiOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=/Va/MWC5DRY46k94Uc8qLWdNEj91Xq1TuiBAGty68F8=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=u4YKlz73SZRBHBbAsPN0VcmAh9sA2UPvWif1WY/93QRkfQdmrge5FNHtNp+FGuyrzX 4zR4pWGnOlz14Ye3RmKB5ptirGztrupPGN07nY1SfMPeke7Qxn9F8KXSuDqGFXWFDDky ohA+GuhUP25TKUml2ILgostCKE3dL5socW9bSUN/Ck/N0zMHiBMY8hnDlAHuLvPhb/WK L33Ffoe5esJ5MQ1GbTybvlF7qU9IJUtz6FSbRA8qH2/fGHFL3yAaLT4nOXCP1+psL8ij tfCL9/G1G/1mgugQ7+qH3Zynvppjdb7Uubla6CG5uhoQ3R1WoUgDrRsB/ZxFfv3iavLR VydA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=yRqDe6hn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l65-20020a639144000000b005642019ea7csi1714102pge.864.2023.07.28.21.35.52; Fri, 28 Jul 2023 21:36:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=yRqDe6hn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237507AbjG2BRi (ORCPT + 99 others); Fri, 28 Jul 2023 21:17:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237394AbjG2BRN (ORCPT ); Fri, 28 Jul 2023 21:17:13 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5DC3C44B1 for ; Fri, 28 Jul 2023 18:16:48 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1bbd4f526caso20313835ad.3 for ; Fri, 28 Jul 2023 18:16:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593392; x=1691198192; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=/Va/MWC5DRY46k94Uc8qLWdNEj91Xq1TuiBAGty68F8=; b=yRqDe6hnQT3wYKRPtH+TorJeNAyO7rJdwfhdzAa8+zEHsyF8WvTsItjBPD+rKS0Bre AWLVyXBfQ54MW4JkJ0PV5hWRO1Fxd0rFnJdzJfj+6026Wy296jACG2ypQTWOPOTxnm58 hc2QwMRTYw5zBjGNrKdbTgeJQRTl0AXfMn7T05nG5aiuEMzUZmIZWtCkP+omOr++FrxB L7ENLl09CAGiAgDkJr/jQ27vcqMUjXRP0JP7gCAc28Rd7+WWeW9u2YkmTg8Sqqf2cTBy D4BXD3n8j8znlME2TL5r/kHdBzikHOsATdn4giB+mgOwpVwUEiQ07zQ9RlC8q4nywObi deTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593392; x=1691198192; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/Va/MWC5DRY46k94Uc8qLWdNEj91Xq1TuiBAGty68F8=; b=iw/avOnQfsE3oldf3I1QPI3gdaor0qYrJ4TLXfBmDHeF14/YylY/w/ju45HKdqHlCu Z1U542kKk9cvDo9AiCLl/TDIp/ZmiSfD8JFqAuPz48WyxZOBv6IAFki6nBrIt9MwLUuk xtfmWXkDNkMLADw6tTlO5Dz5SEYW0qgTMlsZLwXwH6CD4qQtcvgM7e9QUIpJjFxAMGdN E74aOK9G3VyNa2kPpuSLeO9nLv6nCuyC2oWtUVi3FAPKFW9luX+4Ak/Ytt/tvv3k22uB p1Lb2mnJclJGmbs3RJnLypsp2cr5K4HfoVReGqWV83CpO33S6ACtnfq8sQDVrOQiqmcF xUlA== X-Gm-Message-State: ABy/qLbFNYZSunySjFFYeJl7R4h3pMgLgJUojwcjwjNoYUDzx5NbJ8MX sALeDjI9m+lhTJNzpKrOf9Ppm719XkE= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:c409:b0:1b8:2055:fc1f with SMTP id k9-20020a170902c40900b001b82055fc1fmr12348plk.2.1690593392373; Fri, 28 Jul 2023 18:16:32 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:57 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-11-seanjc@google.com> Subject: [PATCH v2 10/21] KVM: VMX: Check KVM CPU caps, not just VMX MSR support, for XSAVE enabling From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772728211547503601 X-GMAIL-MSGID: 1772728211547503601 Check KVM CPU capabilities instead of raw VMX support for XSAVES when determining whether or not XSAVER can/should be exposed to the guest. Practically speaking, it's nonsensical/impossible for a CPU to support "enable XSAVES" without XSAVES being supported natively. The real motivation for checking to kvm_cpu_cap_has() is to allow using the governed feature's standard check-and-set logic. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 307d73749185..e358e3fa1ced 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7718,7 +7718,7 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) * to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be * set if and only if XSAVE is supported. */ - vcpu->arch.xsaves_enabled = cpu_has_vmx_xsaves() && + vcpu->arch.xsaves_enabled = kvm_cpu_cap_has(X86_FEATURE_XSAVES) && boot_cpu_has(X86_FEATURE_XSAVE) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); From patchwork Sat Jul 29 01:15:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128003 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp843590vqg; Fri, 28 Jul 2023 21:38:31 -0700 (PDT) X-Google-Smtp-Source: APBJJlFjh9nH33ao48JH/AlC+XVFVxDOacpTbsFVlDdm8PkqkVonLOsTO3zBW7EpGzg6FrCKX9Tz X-Received: by 2002:a50:ed8a:0:b0:51d:d30d:a037 with SMTP id h10-20020a50ed8a000000b0051dd30da037mr3591725edr.10.1690605511041; Fri, 28 Jul 2023 21:38:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690605511; cv=none; d=google.com; s=arc-20160816; b=Sp5v/rs4OJfYlBkQWtgZm8IrSu7qXmW9SWVfyr2Gzk1hHpyVdphlmYtZuERYcV3Rcx RO7x/jYCJFfITBi/RRN8DLod4AWSsz4swiBpr/0pndSU+Bs63wMxBk+u17TXmdJtovjy n7hPI5Q2d1qNJxme/qp6l5e3XuaR94mWBiw37cEQYf0SO0N84MKKnSHJ7FtBykMT2l9N EZ2G1ViEvEvx86M0ZMGRuuRPCA5M02SCDkG4egu61zRPhc28e9mYZiNTnJVdWvdSFzbK rxvLCiQL64OQy3kFz7VxG1JcJ09SqP9lAEF7ScYMSY9t16lF2/bSJ+KxuWHtkqX8GXRC P5vg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=txdsA1xtp9opNpvC2N9YIeErGNCur9/2M/6XZwnPohE=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=JVUGz+sXPyMG/T9Ds88ycq81l5rMroIYbuDb4S+/4jO1tiIijEtZ3u2AUJ6Icich+O fz+vWpi6dKh8zeNUa/KexLqAuKYsw8wggmMiGUlv2tP+Xx3IjOutjSZ5Zw4lpc3iIjDt ELgPBDU41pVWpFBQCyA4o+9nGHcWwa1eUhXWFjRfEY814CgywyDZKsmuAZCuXIT3ymhZ 4CV5VeDWJkslzYdrH5RXbdXEhzdLyhmY8CeDNDRS6DPqDYnpcYS0Lj6mHts8Shc9oMq5 6vfrrrz8UL7AI75eNa3i7oSYhUPlqrdUBv9pxBCgiD6U/T4QX9ZOsTrJMRXN1cD2fc+3 OxqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="X/UYeRCM"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u26-20020a05640207da00b005223ae98947si3574770edy.116.2023.07.28.21.38.07; Fri, 28 Jul 2023 21:38:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="X/UYeRCM"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237517AbjG2BRt (ORCPT + 99 others); Fri, 28 Jul 2023 21:17:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237486AbjG2BRY (ORCPT ); Fri, 28 Jul 2023 21:17:24 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6B0746A0 for ; Fri, 28 Jul 2023 18:16:56 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-c6db61f7f64so2604931276.0 for ; Fri, 28 Jul 2023 18:16:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593394; x=1691198194; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=txdsA1xtp9opNpvC2N9YIeErGNCur9/2M/6XZwnPohE=; b=X/UYeRCMQX8Eu9aWHhq75jQGUGL5bLyA71aOLK+Lx7A7sJ9r+Bx7QwhdNrIw4gJUdX /FVtta1v5YqwQaCJonKbTtCYFJCYboHzXK7DfnJRMUgleO5LJ6nIVVq/GFjTrjM68fCa 7vVF2JmEDsxFnWJiki9i003iyqtuYGt5WXx95tGx5s1Sw6aF1xEWNiGtVk76Pdrx1Fna 91SguJH+ATnTEShAEIWEgOjRn3Gv6MOhegfUJbXNWSup4GfS+BQEHtWfUkVE07RBpnP8 E9UyDiIVBjb8c5GIUuXDzPRoJlmN8LSBlH8Jec4Nh0YdePtBTWyuQcVh9j70+YAtNlfn YyEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593394; x=1691198194; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=txdsA1xtp9opNpvC2N9YIeErGNCur9/2M/6XZwnPohE=; b=HoeWxinUu1b8k7ZXhz9AQb4/s8fDUIKjtgMlEK7DXiZXXsEClhjqtYJhYsVT32Oq8T TifI/LYEKYt20iNlVOra/80oF+OzrEMNaP9eLpXwgbfGe8lFWeOq8OnE0zqyryJOE+fX kakh7eI4lac5zqc/sppkCs0ipK4gn7K/yv5THLR+053Sa4EGC4isBfhN5Zj4L/7wZ11q crGUhIJSHpFh/OCFuGAIKkwHdzJdbaQ4Ev30M977717Etf30O/cfyMgOlnEwpnvOYI60 a94pGbrwcSpt1gfCOd0gW5EF1GMwtSF1mijzefVfquvWpsp9HMF+Q6ZV9jfilsE6JcdZ frAg== X-Gm-Message-State: ABy/qLazonRYDrtu7H4sJHzyHUjX/iCK4t6NT7BJzY46G/58tFWz+0kq NCx2ZPh11+FWkCPxEPDxenDDQaLTdB0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:e6d3:0:b0:c72:2386:7d26 with SMTP id d202-20020a25e6d3000000b00c7223867d26mr18792ybh.0.1690593394398; Fri, 28 Jul 2023 18:16:34 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:58 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-12-seanjc@google.com> Subject: [PATCH v2 11/21] KVM: VMX: Rename XSAVES control to follow KVM's preferred "ENABLE_XYZ" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772728364156748954 X-GMAIL-MSGID: 1772728364156748954 Rename the XSAVES secondary execution control to follow KVM's preferred style so that XSAVES related logic can use common macros that depend on KVM's preferred style. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/include/asm/vmx.h | 2 +- arch/x86/kvm/vmx/capabilities.h | 2 +- arch/x86/kvm/vmx/hyperv.c | 2 +- arch/x86/kvm/vmx/nested.c | 6 +++--- arch/x86/kvm/vmx/nested.h | 2 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/vmx.h | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 0d02c4aafa6f..0e73616b82f3 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -71,7 +71,7 @@ #define SECONDARY_EXEC_RDSEED_EXITING VMCS_CONTROL_BIT(RDSEED_EXITING) #define SECONDARY_EXEC_ENABLE_PML VMCS_CONTROL_BIT(PAGE_MOD_LOGGING) #define SECONDARY_EXEC_PT_CONCEAL_VMX VMCS_CONTROL_BIT(PT_CONCEAL_VMX) -#define SECONDARY_EXEC_XSAVES VMCS_CONTROL_BIT(XSAVES) +#define SECONDARY_EXEC_ENABLE_XSAVES VMCS_CONTROL_BIT(XSAVES) #define SECONDARY_EXEC_MODE_BASED_EPT_EXEC VMCS_CONTROL_BIT(MODE_BASED_EPT_EXEC) #define SECONDARY_EXEC_PT_USE_GPA VMCS_CONTROL_BIT(PT_USE_GPA) #define SECONDARY_EXEC_TSC_SCALING VMCS_CONTROL_BIT(TSC_SCALING) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index d0abee35d7ba..41a4533f9989 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -252,7 +252,7 @@ static inline bool cpu_has_vmx_pml(void) static inline bool cpu_has_vmx_xsaves(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & - SECONDARY_EXEC_XSAVES; + SECONDARY_EXEC_ENABLE_XSAVES; } static inline bool cpu_has_vmx_waitpkg(void) diff --git a/arch/x86/kvm/vmx/hyperv.c b/arch/x86/kvm/vmx/hyperv.c index 79450e1ed7cf..313b8bb5b8a7 100644 --- a/arch/x86/kvm/vmx/hyperv.c +++ b/arch/x86/kvm/vmx/hyperv.c @@ -78,7 +78,7 @@ SECONDARY_EXEC_DESC | \ SECONDARY_EXEC_ENABLE_RDTSCP | \ SECONDARY_EXEC_ENABLE_INVPCID | \ - SECONDARY_EXEC_XSAVES | \ + SECONDARY_EXEC_ENABLE_XSAVES | \ SECONDARY_EXEC_RDSEED_EXITING | \ SECONDARY_EXEC_RDRAND_EXITING | \ SECONDARY_EXEC_TSC_SCALING | \ diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 516391cc0d64..22e08d30baef 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2307,7 +2307,7 @@ static void prepare_vmcs02_early(struct vcpu_vmx *vmx, struct loaded_vmcs *vmcs0 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_ENABLE_INVPCID | SECONDARY_EXEC_ENABLE_RDTSCP | - SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_ENABLE_XSAVES | SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_APIC_REGISTER_VIRT | @@ -6331,7 +6331,7 @@ static bool nested_vmx_l1_wants_exit(struct kvm_vcpu *vcpu, * If if it were, XSS would have to be checked against * the XSS exit bitmap in vmcs12. */ - return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES); + return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_XSAVES); case EXIT_REASON_UMWAIT: case EXIT_REASON_TPAUSE: return nested_cpu_has2(vmcs12, @@ -6874,7 +6874,7 @@ static void nested_vmx_setup_secondary_ctls(u32 ept_caps, SECONDARY_EXEC_ENABLE_INVPCID | SECONDARY_EXEC_ENABLE_VMFUNC | SECONDARY_EXEC_RDSEED_EXITING | - SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_ENABLE_XSAVES | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE; diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index 96952263b029..b4b9d51438c6 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -168,7 +168,7 @@ static inline int nested_cpu_has_ept(struct vmcs12 *vmcs12) static inline bool nested_cpu_has_xsaves(struct vmcs12 *vmcs12) { - return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES); + return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_XSAVES); } static inline bool nested_cpu_has_pml(struct vmcs12 *vmcs12) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index e358e3fa1ced..a0a47be2feed 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4589,7 +4589,7 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (cpu_has_vmx_xsaves()) vmx_adjust_secondary_exec_control(vmx, &exec_control, - SECONDARY_EXEC_XSAVES, + SECONDARY_EXEC_ENABLE_XSAVES, vcpu->arch.xsaves_enabled, false); /* diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 32384ba38499..cde902b44d97 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -562,7 +562,7 @@ static inline u8 vmx_get_rvi(void) SECONDARY_EXEC_APIC_REGISTER_VIRT | \ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | \ SECONDARY_EXEC_SHADOW_VMCS | \ - SECONDARY_EXEC_XSAVES | \ + SECONDARY_EXEC_ENABLE_XSAVES | \ SECONDARY_EXEC_RDSEED_EXITING | \ SECONDARY_EXEC_RDRAND_EXITING | \ SECONDARY_EXEC_ENABLE_PML | \ From patchwork Sat Jul 29 01:15:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127977 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp814533vqg; Fri, 28 Jul 2023 19:56:26 -0700 (PDT) X-Google-Smtp-Source: APBJJlG2IS+d7fbimILQbYWJBEtS/sngxpBMRVvYjWhNB0vlJUt1VqBh8TigRDAdvLQi4yb6jxzq X-Received: by 2002:a05:6a00:15d3:b0:680:d00c:b164 with SMTP id o19-20020a056a0015d300b00680d00cb164mr4993550pfu.34.1690599385992; Fri, 28 Jul 2023 19:56:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690599385; cv=none; d=google.com; s=arc-20160816; b=d144UDLlabOGiPiHApAtFdeKCUEykWxieRvlHgneM1H9prS+3gYr7XWjrL88EQCa4N jSNLZk0rtH2v4KguMK2QMP/j0bbl82lr9lgBQwRKyNKJDjRZEFVHYajvo9xw59/ipNUT C0bO6XOrCysp1jLcnJLHl+yorDpPMDCmdYD7q0HSvD8I2dRCnUlR6lSW9GA3lgowe3uF frkDhaWdJMnDRvtlhi6P7cRgzDSQdOKBJENDn+5updoFiENNunF1yPOo+zGWduGIz2xf CKd9hoaJb9un4Upe6S2XctyE1R5bh4KBUtDZtyOSqHTOZVhSgJC7pGrQMU9SeewJysPZ +kuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=Y5BOuAmsGu5bKSoLgi0ClRVcqN8jZYDkPjN1Ef5oXFc=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=wDT3qBEMfv4zjuD22WAmkG+7DKrIXNn6vykzX7q+bdOQK2YSt/p98toCXPrZHwR7zy fbjHqUElUrpQsw5InC59nD6/x+6BQ6g8e6T3ghrK5Z3Yi8HmkCPLKAPqwXyM8PF7Oeji QhjZmUxt8erADRbFHErtXZycdQC1JkW5ZpwK+wcFvcZe64vSw/AoyoWzbw7Muy/sk+ln H9qYBgsHyfMxh1Kv9z60TLCi8TNdNGYmRa14ORe5f5O+xfM0OWI8VJfg/ezmTi5iLqcS Rk6Zx4QQ7+lld7LVmmQmXzERThyg5f++j396i0ZIABT3hDABSdi/11tdGAEpKPpxsaEu +iQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=druYUWwg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o2-20020a63a802000000b0053fe93b2d33si3875764pgf.201.2023.07.28.19.56.13; Fri, 28 Jul 2023 19:56:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=druYUWwg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236844AbjG2BRy (ORCPT + 99 others); Fri, 28 Jul 2023 21:17:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237382AbjG2BRe (ORCPT ); Fri, 28 Jul 2023 21:17:34 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84CBD5597 for ; Fri, 28 Jul 2023 18:17:03 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-d114bc2057fso2488826276.3 for ; Fri, 28 Jul 2023 18:17:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593396; x=1691198196; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Y5BOuAmsGu5bKSoLgi0ClRVcqN8jZYDkPjN1Ef5oXFc=; b=druYUWwg+Cc+LP91WMNQ9dRoa7w6GYwh9GZqzIigWMkFkWk8Uj2z1giZell+k87Zn0 PFHW1nx+OjdSmtIXMvUq6mrlU8oB2wAeof8STbQvZWoMNx5gf8Lt5GvTkCThnHdv0Y9T /yX2rIr0Mn2tNKO4ALpLcsmIl6OZBZrXr2jTpRAv2xGZNeWVyxPcrsmnOuGl08UbY+PG MfgsDWIzS5xT5XQyiD5zK2CSnjjONty8UTFlbmujMRzDVveGUy0vsXRBUgQjHFYmmUH3 xrzZLdJPPEXJ04vuzw/WnBBvgfEs8hokIWiBtaH7Oo5volw8JS5CRBSvj1lzdZrSYM+T tdrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593396; x=1691198196; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Y5BOuAmsGu5bKSoLgi0ClRVcqN8jZYDkPjN1Ef5oXFc=; b=dIQ70DaIRST97IpZXWAvRLL2TPr545TBu3uB7qmwB811DiI5yLRtzinDYs85sihVZc +QcwDgC/4LNrIuZwvgvXskfL5D79quI87zsMcBBnL0f/GWuYT9eRonBdGKJVX2WUbDXL EG99kzr4CNAsMF88XCXVmIgrzChKq4Ci7UBzO8+hg+Gm5WolXptWg67wml1lK+xSuXuB deoUT+selg0FHPclZ3Wu4DQASftia9CmU4QnLKzOMIMTVe/XEcT29v4vATGf6b+9Bk/2 E2LKPj8jGPBoxXc78gfBVtVpXQ+m+0/mfZCBtMnOFg+TIj25n9K9dO9Lpubis1ERlNBq J8rg== X-Gm-Message-State: ABy/qLbnfrS0ZaKaRIYx8ZEN1OuoZEvviL0cKlz5gsy9PA6ogJqCGfuH CSm3zlVJ0ykJ9DbFAorZfJDWSD6ymwE= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:db8d:0:b0:d18:73fc:40af with SMTP id g135-20020a25db8d000000b00d1873fc40afmr18262ybf.5.1690593396223; Fri, 28 Jul 2023 18:16:36 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:15:59 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-13-seanjc@google.com> Subject: [PATCH v2 12/21] KVM: x86: Use KVM-governed feature framework to track "XSAVES enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772721941743136249 X-GMAIL-MSGID: 1772721941743136249 Use the governed feature framework to track if XSAVES is "enabled", i.e. if XSAVES can be used by the guest. Add a comment in the SVM code to explain the very unintuitive logic of deliberately NOT checking if XSAVES is enumerated in the guest CPUID model. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/svm.c | 17 ++++++++++++++--- arch/x86/kvm/vmx/vmx.c | 32 ++++++++++++++++++-------------- arch/x86/kvm/x86.c | 4 ++-- 4 files changed, 35 insertions(+), 19 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index b29c15d5e038..b896a64e4ac3 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -6,6 +6,7 @@ BUILD_BUG() #define KVM_GOVERNED_X86_FEATURE(x) KVM_GOVERNED_FEATURE(X86_FEATURE_##x) KVM_GOVERNED_X86_FEATURE(GBPAGES) +KVM_GOVERNED_X86_FEATURE(XSAVES) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 64092df06f94..d5f8cb402eb7 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4204,9 +4204,20 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) struct vcpu_svm *svm = to_svm(vcpu); struct kvm_cpuid_entry2 *best; - vcpu->arch.xsaves_enabled = guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && - boot_cpu_has(X86_FEATURE_XSAVE) && - boot_cpu_has(X86_FEATURE_XSAVES); + /* + * SVM doesn't provide a way to disable just XSAVES in the guest, KVM + * can only disable all variants of by disallowing CR4.OSXSAVE from + * being set. As a result, if the host has XSAVE and XSAVES, and the + * guest has XSAVE enabled, the guest can execute XSAVES without + * faulting. Treat XSAVES as enabled in this case regardless of + * whether it's advertised to the guest so that KVM context switches + * XSS on VM-Enter/VM-Exit. Failure to do so would effectively give + * the guest read/write access to the host's XSS. + */ + if (boot_cpu_has(X86_FEATURE_XSAVE) && + boot_cpu_has(X86_FEATURE_XSAVES) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) + kvm_governed_feature_set(vcpu, X86_FEATURE_XSAVES); /* Update nrips enabled cache */ svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) && diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a0a47be2feed..3100ed62615c 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4518,16 +4518,19 @@ vmx_adjust_secondary_exec_control(struct vcpu_vmx *vmx, u32 *exec_control, * based on a single guest CPUID bit, with a dedicated feature bit. This also * verifies that the control is actually supported by KVM and hardware. */ -#define vmx_adjust_sec_exec_control(vmx, exec_control, name, feat_name, ctrl_name, exiting) \ -({ \ - bool __enabled; \ - \ - if (cpu_has_vmx_##name()) { \ - __enabled = guest_cpuid_has(&(vmx)->vcpu, \ - X86_FEATURE_##feat_name); \ - vmx_adjust_secondary_exec_control(vmx, exec_control, \ - SECONDARY_EXEC_##ctrl_name, __enabled, exiting); \ - } \ +#define vmx_adjust_sec_exec_control(vmx, exec_control, name, feat_name, ctrl_name, exiting) \ +({ \ + struct kvm_vcpu *__vcpu = &(vmx)->vcpu; \ + bool __enabled; \ + \ + if (cpu_has_vmx_##name()) { \ + if (kvm_is_governed_feature(X86_FEATURE_##feat_name)) \ + __enabled = guest_can_use(__vcpu, X86_FEATURE_##feat_name); \ + else \ + __enabled = guest_cpuid_has(__vcpu, X86_FEATURE_##feat_name); \ + vmx_adjust_secondary_exec_control(vmx, exec_control, SECONDARY_EXEC_##ctrl_name,\ + __enabled, exiting); \ + } \ }) /* More macro magic for ENABLE_/opt-in versus _EXITING/opt-out controls. */ @@ -4587,10 +4590,7 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml || !atomic_read(&vcpu->kvm->nr_memslots_dirty_logging)) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; - if (cpu_has_vmx_xsaves()) - vmx_adjust_secondary_exec_control(vmx, &exec_control, - SECONDARY_EXEC_ENABLE_XSAVES, - vcpu->arch.xsaves_enabled, false); + vmx_adjust_sec_exec_feature(vmx, &exec_control, xsaves, XSAVES); /* * RDPID is also gated by ENABLE_RDTSCP, turn on the control if either @@ -4609,6 +4609,7 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) SECONDARY_EXEC_ENABLE_RDTSCP, rdpid_or_rdtscp_enabled, false); } + vmx_adjust_sec_exec_feature(vmx, &exec_control, invpcid, INVPCID); vmx_adjust_sec_exec_exiting(vmx, &exec_control, rdrand, RDRAND); @@ -7722,6 +7723,9 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) boot_cpu_has(X86_FEATURE_XSAVE) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); + if (boot_cpu_has(X86_FEATURE_XSAVE) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); vmx_setup_uret_msrs(vmx); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5a14378ed4e1..201fa957ce9a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1012,7 +1012,7 @@ void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu) if (vcpu->arch.xcr0 != host_xcr0) xsetbv(XCR_XFEATURE_ENABLED_MASK, vcpu->arch.xcr0); - if (vcpu->arch.xsaves_enabled && + if (guest_can_use(vcpu, X86_FEATURE_XSAVES) && vcpu->arch.ia32_xss != host_xss) wrmsrl(MSR_IA32_XSS, vcpu->arch.ia32_xss); } @@ -1043,7 +1043,7 @@ void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu) if (vcpu->arch.xcr0 != host_xcr0) xsetbv(XCR_XFEATURE_ENABLED_MASK, host_xcr0); - if (vcpu->arch.xsaves_enabled && + if (guest_can_use(vcpu, X86_FEATURE_XSAVES) && vcpu->arch.ia32_xss != host_xss) wrmsrl(MSR_IA32_XSS, host_xss); } From patchwork Sat Jul 29 01:16:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128047 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp905006vqg; Sat, 29 Jul 2023 00:56:31 -0700 (PDT) X-Google-Smtp-Source: APBJJlETHiWV7nk+buHmEBHaOFjYTnorsMsiI823XH4ozwQXdT8/NpBqN7KhhxT/1sneRckMS/5r X-Received: by 2002:a05:6a00:1797:b0:682:4e4c:48bc with SMTP id s23-20020a056a00179700b006824e4c48bcmr5513591pfg.21.1690617390608; Sat, 29 Jul 2023 00:56:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690617390; cv=none; d=google.com; s=arc-20160816; b=pD7t3GgalpupjeDSQezTSOCKmyHwzJKM+QFwjbc8ZYaGe7aHF+GhuIf98hKbT58l38 Vhpa+ohl7j85T8riDjQq5bVzD/2xmZMOFQgqyJWqAPQXXQE/UsZmbbp20q2GxrZM0066 IW67Agt9s2e7iyVrx/84mU1JgyWPzadcQhcXvZ2w1ak4i/R/Mhg5lkzkV3DZO+aFU16S ULMXo3hMXIfmSS6vndFPPoNlSgwxP+BG82FelUIezD+Bza2WiigXnfI9vLfTMAihtvVq MkMUfLuzIYvZHM4kzheQ3utI0SQEGcsVAcQPMCKVDACL7lV7Ez6zjfgTsCwBXLyiYFav pxAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=ZBstFzzUxVyW0UD2LT3q1n62xfHDtx4xPYrvh1DuKtE=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=k214OS3ob6AcYlhBi4GL1WRRDCZqW3jvuOFR9DIGqO1b07Mwsm6IYu/ci8WcVVaG1u oyvqfLl44WVGZBJsIRnlySB0UPdeyGfBT5YiB0u2HDXhS5O54XGuE1tZXny/UOlbrhxv 8NzBL4JHdOsoXoixpLRE8E5aGMNRgvscSI9nOEsS6TEEWlZCT1e4t1CCaQyhTTks37zD EOODByeqrQ1wf2ZhN5aQMI82qeFr4eDOF/7oI6tuiGizpLYZGj4MIWPyd4KJP2VrnvVr 7f0R4xap5CX4Ggtlz/D2iOQcCr0fPae0Zectg4xgrFjbP4mB6RQ1IM4OL7eEyiNAdV8N JYGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=AWA3eueK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eb25-20020a056a004c9900b00686769858b3si677690pfb.60.2023.07.29.00.56.17; Sat, 29 Jul 2023 00:56:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=AWA3eueK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231486AbjG2BSN (ORCPT + 99 others); Fri, 28 Jul 2023 21:18:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237393AbjG2BRg (ORCPT ); Fri, 28 Jul 2023 21:17:36 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F17855A9 for ; Fri, 28 Jul 2023 18:17:06 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1bbbc4ae328so20393585ad.1 for ; Fri, 28 Jul 2023 18:17:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593398; x=1691198198; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ZBstFzzUxVyW0UD2LT3q1n62xfHDtx4xPYrvh1DuKtE=; b=AWA3eueKfdIcRemXTjYfiddcMtJI0gM8qgAv12KCTw4HqUU0shQMSFOxKJIqy4vXKo o6PGd++MfofA37Ilb4CdFRIImOYn0LHj5TT/u1y6lKa9cwtHyqNqTYJcxTPFrFc5HcMg EzkaGymUsTaNE6uXUIiX2/rTAeuI23PlQHZzCKwbbJLVpdsqh7sHcY7VRZn0qolmfCBn sXyDMqpc2/A4JbuFGUtM7AmJ5Kvx2y7QHKtKaD736u9Q81xpRZHnJtwpiSI05j1+W0Hx gPZA0p3nGewQVfW/euy/AuhF4Bt3UH3aB9Rmw0+o18MlQzaEbSF8ZXWj2V8m1ocyJGws Bj/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593398; x=1691198198; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZBstFzzUxVyW0UD2LT3q1n62xfHDtx4xPYrvh1DuKtE=; b=BpMghsoJtiZG7BkzrF1eXNCnhUDC+Ih7FDx8bHsSDrO/RsqxVfcZchR8D7tTWFuIut WueIx+snl+kynWmOGrPRAdkhuc0EQWfCq/KHEQxXgRqnXqbgrCaaMxChEZghNHzgeZUW GtYvz/wfbLMWw5WMhT/pK1EqZdJj/D9RoC5i32ckDUtwURg1Xnf7oLBGWGivZyBSaboi VJXv9xymmlvVf7plt1x49Sl/gEY4SgimrovQqMOgMbAsFwzg6MUpaUfVLz3QJaoJY+xp m0wwmDIY+GFDODc0l9FwKkCbRZCPPEVnWNfhKOpEI9pVJMByAV84a8oHtJpibF2qeARk QJ7A== X-Gm-Message-State: ABy/qLZP5njHzNBZAVzkFR5V++Q2rFdt1BsQuT6FZWl2WDqtL/wSFdhZ aM+9Akv1D37Wu7D8+O3Fdqmul/6Nfzk= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:e542:b0:1b8:c666:207a with SMTP id n2-20020a170902e54200b001b8c666207amr13470plf.9.1690593398073; Fri, 28 Jul 2023 18:16:38 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:00 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-14-seanjc@google.com> Subject: [PATCH v2 13/21] KVM: nVMX: Use KVM-governed feature framework to track "nested VMX enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772740821405716877 X-GMAIL-MSGID: 1772740821405716877 Track "VMX exposed to L1" via a governed feature flag instead of using a dedicated helper to provide the same functionality. The main goal is to drive convergence between VMX and SVM with respect to querying features that are controllable via module param (SVM likes to cache nested features), avoiding the guest CPUID lookups at runtime is just a bonus and unlikely to provide any meaningful performance benefits. No functional change intended. Signed-off-by: Sean Christopherson Reviewed-by: Yuan Yao --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/vmx/nested.c | 7 ++++--- arch/x86/kvm/vmx/vmx.c | 21 ++++++--------------- arch/x86/kvm/vmx/vmx.h | 1 - 4 files changed, 11 insertions(+), 19 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index b896a64e4ac3..22446614bf49 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -7,6 +7,7 @@ BUILD_BUG() KVM_GOVERNED_X86_FEATURE(GBPAGES) KVM_GOVERNED_X86_FEATURE(XSAVES) +KVM_GOVERNED_X86_FEATURE(VMX) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 22e08d30baef..c5ec0ef51ff7 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -6426,7 +6426,7 @@ static int vmx_get_nested_state(struct kvm_vcpu *vcpu, vmx = to_vmx(vcpu); vmcs12 = get_vmcs12(vcpu); - if (nested_vmx_allowed(vcpu) && + if (guest_can_use(vcpu, X86_FEATURE_VMX) && (vmx->nested.vmxon || vmx->nested.smm.vmxon)) { kvm_state.hdr.vmx.vmxon_pa = vmx->nested.vmxon_ptr; kvm_state.hdr.vmx.vmcs12_pa = vmx->nested.current_vmptr; @@ -6567,7 +6567,7 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, if (kvm_state->flags & ~KVM_STATE_NESTED_EVMCS) return -EINVAL; } else { - if (!nested_vmx_allowed(vcpu)) + if (!guest_can_use(vcpu, X86_FEATURE_VMX)) return -EINVAL; if (!page_address_valid(vcpu, kvm_state->hdr.vmx.vmxon_pa)) @@ -6601,7 +6601,8 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, return -EINVAL; if ((kvm_state->flags & KVM_STATE_NESTED_EVMCS) && - (!nested_vmx_allowed(vcpu) || !vmx->nested.enlightened_vmcs_enabled)) + (!guest_can_use(vcpu, X86_FEATURE_VMX) || + !vmx->nested.enlightened_vmcs_enabled)) return -EINVAL; vmx_leave_nested(vcpu); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 3100ed62615c..fdf932cfc64d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1894,17 +1894,6 @@ static void vmx_write_tsc_multiplier(struct kvm_vcpu *vcpu) vmcs_write64(TSC_MULTIPLIER, vcpu->arch.tsc_scaling_ratio); } -/* - * nested_vmx_allowed() checks whether a guest should be allowed to use VMX - * instructions and MSRs (i.e., nested VMX). Nested VMX is disabled for - * all guests if the "nested" module option is off, and can also be disabled - * for a single guest by disabling its VMX cpuid bit. - */ -bool nested_vmx_allowed(struct kvm_vcpu *vcpu) -{ - return nested && guest_cpuid_has(vcpu, X86_FEATURE_VMX); -} - /* * Userspace is allowed to set any supported IA32_FEATURE_CONTROL regardless of * guest CPUID. Note, KVM allows userspace to set "VMX in SMX" to maintain @@ -2032,7 +2021,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) [msr_info->index - MSR_IA32_SGXLEPUBKEYHASH0]; break; case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR: - if (!nested_vmx_allowed(vcpu)) + if (!guest_can_use(vcpu, X86_FEATURE_VMX)) return 1; if (vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index, &msr_info->data)) @@ -2340,7 +2329,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR: if (!msr_info->host_initiated) return 1; /* they are read-only */ - if (!nested_vmx_allowed(vcpu)) + if (!guest_can_use(vcpu, X86_FEATURE_VMX)) return 1; return vmx_set_vmx_msr(vcpu, msr_index, data); case MSR_IA32_RTIT_CTL: @@ -7727,13 +7716,15 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX); + vmx_setup_uret_msrs(vmx); if (cpu_has_secondary_exec_ctrls()) vmcs_set_secondary_exec_control(vmx, vmx_secondary_exec_control(vmx)); - if (nested_vmx_allowed(vcpu)) + if (guest_can_use(vcpu, X86_FEATURE_VMX)) vmx->msr_ia32_feature_control_valid_bits |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX | FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; @@ -7742,7 +7733,7 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) ~(FEAT_CTL_VMX_ENABLED_INSIDE_SMX | FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX); - if (nested_vmx_allowed(vcpu)) + if (guest_can_use(vcpu, X86_FEATURE_VMX)) nested_vmx_cr_fixed1_bits_update(vcpu); if (boot_cpu_has(X86_FEATURE_INTEL_PT) && diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index cde902b44d97..c2130d2c8e24 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -374,7 +374,6 @@ struct kvm_vmx { u64 *pid_table; }; -bool nested_vmx_allowed(struct kvm_vcpu *vcpu); void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, struct loaded_vmcs *buddy); int allocate_vpid(void); From patchwork Sat Jul 29 01:16:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127985 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp816634vqg; Fri, 28 Jul 2023 20:03:12 -0700 (PDT) X-Google-Smtp-Source: APBJJlE13x+IzX8wziXGCvvTIbl0oGzPslzRXeEoRDdWJRXNiXC4/rReyCooSoIOnob3EMC83nh8 X-Received: by 2002:a05:6a20:9185:b0:131:52ce:5148 with SMTP id v5-20020a056a20918500b0013152ce5148mr4443270pzd.39.1690599792137; Fri, 28 Jul 2023 20:03:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690599792; cv=none; d=google.com; s=arc-20160816; b=HUvroMgChxDmGuYlGNDZq4zdi1YswRX0dD/wxpaRfEg1tN8JCR1rKuKwH7fQj+ehO0 c+HuVf/Jfdfb80l7lbUiljn70FYjNTCcX8vrykCCiAFqNxr83sUkHJOzKArjd4ZkCv7p fkm6ha8byDoULZa1XO/TxdBAOGt0sD3W83WAY0j5HcMgz9dzrr4iKd1HpMEjqalIXqEL kVIS4++M90I0QP7mQFp0tfFKMMHArBsPIPdnjThEnjfhXV3qWs7Bsm4tPc7oh+3w9/t5 KxglKdfvvTp1JrDA4or2EZSGxbdiScltqLxUe332zda5vxVhRro2wdNur1eAIyn/qabV R0lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=EGn34XFQPv+N6od2XkKlclrB8ffPqa49xtGxfrYWBec=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=nPl/zDMHJTa4Vg97rLnIWl526ceMiBGvSskzfP52JL8VUHmUa61taR8bdSrGACzf6z BR6FeHxNUeHaDMraC5PGOR7bcWYTMn0YDzJB7XirKNYUdyLpfoX1WBtcVgbgEcGOekfd 2A9PeVFPNJRCmw69L5ESGWc+Eqa9D1S3R11+UtgMjU4NgYDBMnn+7tvjU1kE39NxAJB1 +Agj4ghUZrLYjupOrs85BtjgwTQW6GhRO3a5ENFRLnLsdx/3JMJc52gFNjBlWcNQA/ma rjFsOjpOc2IDwVYbU7fICqNT5Aodz1DVex/kWvQ7pCzsuSaLAS2J0TZoli4q8tVphxmQ 8BWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=v31PIkS9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x185-20020a6386c2000000b005573ea250f0si542614pgd.116.2023.07.28.20.02.59; Fri, 28 Jul 2023 20:03:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=v31PIkS9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236148AbjG2BSS (ORCPT + 99 others); Fri, 28 Jul 2023 21:18:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237454AbjG2BRi (ORCPT ); Fri, 28 Jul 2023 21:17:38 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 301E24695 for ; Fri, 28 Jul 2023 18:17:06 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5844e92ee6bso26778467b3.3 for ; Fri, 28 Jul 2023 18:17:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593400; x=1691198200; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=EGn34XFQPv+N6od2XkKlclrB8ffPqa49xtGxfrYWBec=; b=v31PIkS9snbDUZj+Uyjuf6WXXAA6w8WXWgiyqlnQ1/vx7fwISulFdmJYlpAyHQAAJ7 dgMjNdDeTU75s+eO6KvMT7xVzL91qu+03JuwQkuiVIQcJO6nkA5Cj+picfRGu9nLNmt9 xaOfhF8j9ImmDwHDZXNENBLwCpSIzj5ptpXm4P5NXZpg0/2PzmAf7qxMvsdHm8Q0X5EY gu4tssSDCpbSWayrA6+e5IaeWLI771OGU89pb0GiRYlddzYesDHPCvC2Ab/U2ZTtJhlP SXIS15hjbLy6j1YFOTTMWZnsx4Ce7j138ve9JAgeFY0iaO8zZ6BAIgC5oH07iQUH5ALI 1law== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593400; x=1691198200; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EGn34XFQPv+N6od2XkKlclrB8ffPqa49xtGxfrYWBec=; b=VmeJ+6Fau2bCkiT/9N+DKRHJPrEZ58L3470qiRcFn9Sz3BkIU3fZYoF+sWcpbar8Mn liJAI4CIvz0JK50MiV9g/bFmfP6kfMxJr7Hipt+0tHioqwyHxSqAQuVz8W9+Wron4iiT 7td41xBVqczgZ8rDTL3Jg3DHvWDHEBsU0u3HNKKTacYn0OoZHkf2Y7kIFb3xIp3kYx8H aM5N6VxZKHL+Xxza6ZeEWIsAvkFoZZetAMZ1ZDzJIO8L1wgklzxQOCCu7DBIVkPfVvKn qUOqCqZ82WR7U9Xo+MggKvv3yi/K+0z4unN4Z3saSGmTAFJePSZCFYEcaWz0SbgGrQ1m 9OjA== X-Gm-Message-State: ABy/qLZ6se5QHb6gQ96aDY98mU9qtdjSvYG9RkaOVdyTczHALW/RUvkX aWnSguPf27AR+S+BDBmmv8lahDgdsYw= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:acde:0:b0:d1c:6a5e:3e46 with SMTP id x30-20020a25acde000000b00d1c6a5e3e46mr18827ybd.8.1690593400206; Fri, 28 Jul 2023 18:16:40 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:01 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-15-seanjc@google.com> Subject: [PATCH v2 14/21] KVM: nSVM: Use KVM-governed feature framework to track "NRIPS enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772722367246854336 X-GMAIL-MSGID: 1772722367246854336 Track "NRIPS exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 6 +++--- arch/x86/kvm/svm/svm.c | 4 +--- arch/x86/kvm/svm/svm.h | 1 - 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 22446614bf49..722b66af412c 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -8,6 +8,7 @@ BUILD_BUG() KVM_GOVERNED_X86_FEATURE(GBPAGES) KVM_GOVERNED_X86_FEATURE(XSAVES) KVM_GOVERNED_X86_FEATURE(VMX) +KVM_GOVERNED_X86_FEATURE(NRIPS) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 3342cc4a5189..9092f3f8dccf 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -716,7 +716,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, * what a nrips=0 CPU would do (L1 is responsible for advancing RIP * prior to injecting the event). */ - if (svm->nrips_enabled) + if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) vmcb02->control.next_rip = svm->nested.ctl.next_rip; else if (boot_cpu_has(X86_FEATURE_NRIPS)) vmcb02->control.next_rip = vmcb12_rip; @@ -726,7 +726,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, svm->soft_int_injected = true; svm->soft_int_csbase = vmcb12_csbase; svm->soft_int_old_rip = vmcb12_rip; - if (svm->nrips_enabled) + if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) svm->soft_int_next_rip = svm->nested.ctl.next_rip; else svm->soft_int_next_rip = vmcb12_rip; @@ -1026,7 +1026,7 @@ int nested_svm_vmexit(struct vcpu_svm *svm) if (vmcb12->control.exit_code != SVM_EXIT_ERR) nested_save_pending_event_to_vmcb12(svm, vmcb12); - if (svm->nrips_enabled) + if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) vmcb12->control.next_rip = vmcb02->control.next_rip; vmcb12->control.int_ctl = svm->nested.ctl.int_ctl; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d5f8cb402eb7..7c1aa532f767 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4219,9 +4219,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) kvm_governed_feature_set(vcpu, X86_FEATURE_XSAVES); - /* Update nrips enabled cache */ - svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) && - guest_cpuid_has(vcpu, X86_FEATURE_NRIPS); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_NRIPS); svm->tsc_scaling_enabled = tsc_scaling && guest_cpuid_has(vcpu, X86_FEATURE_TSCRATEMSR); svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 5829a1801862..c06de55425d4 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -259,7 +259,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool nrips_enabled : 1; bool tsc_scaling_enabled : 1; bool v_vmload_vmsave_enabled : 1; bool lbrv_enabled : 1; From patchwork Sat Jul 29 01:16:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127950 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp793477vqg; Fri, 28 Jul 2023 18:44:30 -0700 (PDT) X-Google-Smtp-Source: APBJJlFu/JLUU6G4Db/rajwIKMKueoCqoG/hrOKwkFkQceMmeaX7hcDzf4zWzzdqjPR9QSfD7niu X-Received: by 2002:a05:6a20:13cf:b0:13b:9de2:3bb3 with SMTP id ho15-20020a056a2013cf00b0013b9de23bb3mr2810195pzc.58.1690595070626; Fri, 28 Jul 2023 18:44:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690595070; cv=none; d=google.com; s=arc-20160816; b=BrUI5qS9M2QZj84FLL+VPuZ1Tv0GDUd2kcmezRcTwZRZDwf8t8nxZaVZOq3riyxi9k s8D6/F2NI/yilE4BWyhjAvA2x7/iwOFotv6c0CzQS8b2W5eBiMvO38FJqcZXAgI4HmAf +WY5yAdW0sfg/f0348L+sSLhxKB3wtA/VLrfcLoqvrimqLNkk2SJZt/OQgBmM0ygDHcF gwJoQpqp01V0k+VlmCp6r+n59ErSXFhn+eCdaOMEel3Zlb1WG4dk/KaQwnHKcOWqLBOz HzQucDXoYqvRI6taf41ri2sbj6OMOubJFYf+V/+dKzDuJIKeY6ALz52PSLGS+XLOVku6 4YEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=Y8epFYKyce1KnScIbSRkcuIoi0XcTk6uaJkGq1C7BJM=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=bslgtUuU3gqksXYHOdZCjzVZHA+29i9WS0mhomhR3vJwuLz6+Aw9HyO/nhlWwmrgkz NywckpW8JCuQrbRcKVmdUefas469IC7oWp9zioDVOMaf/eAM8ozxBAZKvsKN06uUd2WT r5NiXNUu9prTzzYR3BL1P/6hld9UUZN7q3U6E7xgKMQq0HZnYzHwT6RVAnpPDsq66+/1 2Zj/CzqMQr6aztvqy22uvaEHDj36cW0LbnGCzpOkHunvmVC+W1H4+/J/pf3KAmsIiKcc 1MhHkTs1Yo+xaHSeQ78cQErZSEBSy3HFQLenMM73cqe/aa1WOZCRY3ka7ZFlJnmAGYY/ 8Zfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=qZgEyJux; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j24-20020a632318000000b0055ae4bb1199si3890891pgj.698.2023.07.28.18.44.18; Fri, 28 Jul 2023 18:44:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=qZgEyJux; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237424AbjG2BSV (ORCPT + 99 others); Fri, 28 Jul 2023 21:18:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237506AbjG2BRi (ORCPT ); Fri, 28 Jul 2023 21:17:38 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D570A49EA for ; Fri, 28 Jul 2023 18:17:07 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1bbb97d27d6so18432715ad.1 for ; Fri, 28 Jul 2023 18:17:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593401; x=1691198201; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Y8epFYKyce1KnScIbSRkcuIoi0XcTk6uaJkGq1C7BJM=; b=qZgEyJuxgzUpwGX2Mn+ohO2gYTQrmIw0kdGVMzx6haVus/h7RD1MI1VGtBEFEHyods dpurSEpGuzO0+gcSy8R6KUUKSgxU1c1CEgrODN84DsDzj2p4BM2Wv6MIVfXD5J9lGm69 1fcXmrsVSrrxrfbrFS4lE5kHMfuwy55o2mN3jXqZJGxKIaXcodeTBE/6HFpJqc3V/7V7 64ZqHVnt3hcMlS9oC3pKNmiwQlIdXlyd3zPwuWPTY0EIYgdHG+uQfio4L5wX7E0jQEs8 A1Tnj/JKAWdTMSW9CsItz6c0/UYcuekd7XgvE+c8OSu0aGIRRBG4Mfve+VuuGYV8pvv7 ++xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593401; x=1691198201; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Y8epFYKyce1KnScIbSRkcuIoi0XcTk6uaJkGq1C7BJM=; b=XLI5+QSPdBMtnl4YvYDeitFbxgQ9lzaamfMR1OncIddMsWt9AajVQYJXpw5TzHg+Ah sjzp7KZ2VdhO6c+9qxf2bfyyZAUvSO2QIy1fUIaFCvUyEy5aE8NPPC6yd6Cw/LxlIuC6 rYx1VPo2RBC0zWIffJCRDFoS7+Gj9KRWmoyopJfxBgprLafOccNGUIdq0W8Osb5nZ675 m+/jZiF++STW+41tlLN6atySc/tLBbAbX2G+CuMw2ef9hRW/W+OGqqEzo+QWANfXuwCG w5pqNWuLL0bNJYSEdUn+P0J4rHS+UjZMt/8ht1jZ1DChJ5XzytFqeQDnzZQgCKa2GYjC CA8g== X-Gm-Message-State: ABy/qLZsbKwipmtXV/gu1fQOVxYUA8YszEnntJ7S9r6vf326Aogr7rG0 JEAlafs84KSSrIPtbpsNT7ZF0mFcvk8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:903:2445:b0:1bb:c7bc:ce9a with SMTP id l5-20020a170903244500b001bbc7bcce9amr13662pls.10.1690593401752; Fri, 28 Jul 2023 18:16:41 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:02 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-16-seanjc@google.com> Subject: [PATCH v2 15/21] KVM: nSVM: Use KVM-governed feature framework to track "TSC scaling enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772717416794533126 X-GMAIL-MSGID: 1772717416794533126 Track "TSC scaling exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. Note, this fixes a benign bug where KVM would mark TSC scaling as exposed to L1 even if overall nested SVM supported is disabled, i.e. KVM would let L1 write MSR_AMD64_TSC_RATIO even when KVM didn't advertise TSCRATEMSR support to userspace. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 2 +- arch/x86/kvm/svm/svm.c | 10 ++++++---- arch/x86/kvm/svm/svm.h | 1 - 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 722b66af412c..32c0469cf952 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -9,6 +9,7 @@ KVM_GOVERNED_X86_FEATURE(GBPAGES) KVM_GOVERNED_X86_FEATURE(XSAVES) KVM_GOVERNED_X86_FEATURE(VMX) KVM_GOVERNED_X86_FEATURE(NRIPS) +KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 9092f3f8dccf..da65948064dc 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -695,7 +695,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, vmcb02->control.tsc_offset = vcpu->arch.tsc_offset; - if (svm->tsc_scaling_enabled && + if (guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR) && svm->tsc_ratio_msr != kvm_caps.default_tsc_scaling_ratio) nested_svm_update_tsc_ratio_msr(vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7c1aa532f767..2f7f7df5a591 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2755,7 +2755,8 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) switch (msr_info->index) { case MSR_AMD64_TSC_RATIO: - if (!msr_info->host_initiated && !svm->tsc_scaling_enabled) + if (!msr_info->host_initiated && + !guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR)) return 1; msr_info->data = svm->tsc_ratio_msr; break; @@ -2897,7 +2898,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) switch (ecx) { case MSR_AMD64_TSC_RATIO: - if (!svm->tsc_scaling_enabled) { + if (!guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR)) { if (!msr->host_initiated) return 1; @@ -2919,7 +2920,8 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->tsc_ratio_msr = data; - if (svm->tsc_scaling_enabled && is_guest_mode(vcpu)) + if (guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR) && + is_guest_mode(vcpu)) nested_svm_update_tsc_ratio_msr(vcpu); break; @@ -4220,8 +4222,8 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_set(vcpu, X86_FEATURE_XSAVES); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_NRIPS); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_TSCRATEMSR); - svm->tsc_scaling_enabled = tsc_scaling && guest_cpuid_has(vcpu, X86_FEATURE_TSCRATEMSR); svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV); svm->v_vmload_vmsave_enabled = vls && guest_cpuid_has(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index c06de55425d4..4e7332f77702 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -259,7 +259,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool tsc_scaling_enabled : 1; bool v_vmload_vmsave_enabled : 1; bool lbrv_enabled : 1; bool pause_filter_enabled : 1; From patchwork Sat Jul 29 01:16:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128027 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp897993vqg; Sat, 29 Jul 2023 00:32:52 -0700 (PDT) X-Google-Smtp-Source: APBJJlEDb/vxTVISpsYxb4jjvFW9f+SklVhUKZqzuYLu/fETVZT0lSE7/eUCM4mfRZ6tU4t578tS X-Received: by 2002:a17:90a:940d:b0:268:46fb:df32 with SMTP id r13-20020a17090a940d00b0026846fbdf32mr3897563pjo.34.1690615972009; Sat, 29 Jul 2023 00:32:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690615971; cv=none; d=google.com; s=arc-20160816; b=YGMbNlvQFFdj5FDgc/ko121MHa2I1+r4GJiEjTivqzMEBpCwtKX0HOWkq0mE9HKcRh ntZV3YzGX6OuYsPvsW4CXTU7VDF7pkBJGUabLz7tfe4aO09jh8VMY2MOye71/uIPkWqE d+7yuvPyIXKUju3l98i9gFpAhGM8SDb2ujOAi7tU+a0a+eQ+mrGE/UCT1Ot+DX2UNXZP 7b56ReHPBmPggNfX6af2bWDGJkpu2XkzTFU/r8bfdKUfohPC4DK8zsme0D+i0nNS5aF1 V8SXlPUwBPwVEROLGP4PUKbRH+rK4dwQuT9NrRtu3cxRyUfmphUiBgRzefuweYV1udTU BQaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=RivGO1zReamo45LkTKZurMbG/2NW5Na6scf+1QseqDY=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=DppCPyfMg+Q2RcJ8slImKluxSoKKl+Y0XhcwKBAl5Q4tqqP3phEX4pDBNJRk89r3sf VuM2JA6OmL3tacr2kzW20damr89yQ5jZ7bPanzi1RWT071OKR3LDpnAZvLQYD1ZIUn2n fbEX7NHmZL9q+kASq15Ty754q7vtrAtTsra0SNksN97ZrRPDKK0d63C8efM5Chu84+Qw NnE06rlbgRdom+ZIR8CnkM4JOl1zqM6Jg0SC7zDx/JJQ+YaXLmCiu7uHPbk/SX2BSpD8 73gbKPbhhM7I9bqTN/JFEcH1YY3YcHgNKcAojfbmWexfhjqcCJiSLZ8H743ty1mH0DNR bL3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=hIQtvbpt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g8-20020a17090a640800b0025e81e3e0c1si3384785pjj.187.2023.07.29.00.32.38; Sat, 29 Jul 2023 00:32:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=hIQtvbpt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237462AbjG2BSZ (ORCPT + 99 others); Fri, 28 Jul 2023 21:18:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237455AbjG2BRk (ORCPT ); Fri, 28 Jul 2023 21:17:40 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4DD0849F2 for ; Fri, 28 Jul 2023 18:17:10 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d1bcb99b518so2503001276.2 for ; Fri, 28 Jul 2023 18:17:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593403; x=1691198203; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=RivGO1zReamo45LkTKZurMbG/2NW5Na6scf+1QseqDY=; b=hIQtvbpt0HUSaqF39Lk9Xfa9TrQTmVjU7RALdaw1fEsbZtAiuObGnFR0Gku+I64fsr EVrNvlR/IQ3tigJBye53R3SEyQq9ap5sEjRS/w2ib/Nbaz6ND/a27qXUH/r81czS+i95 +4M/PpgfVpbnHAK78VBIkHZWNOg/uMCvRhbsbRb5Hz+3PclOkZWQ3b+JNlm+EY4AMFDN 20KHnMdzEj16XfUGCUjYSYQTHQI7CuKSHt/AuA1oUQSVbnuRFX7uwRCDJlxDMZO7lCzE 2180eCxVHw5kgi3tfuffiJsVwm2w8dHM1viduqd8KLxmLQDiaS63Vsh1giEXn7bIp+Nv Jtog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593403; x=1691198203; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RivGO1zReamo45LkTKZurMbG/2NW5Na6scf+1QseqDY=; b=M3v4jlEiEsD0zGN1vM8KG5d42ZZ4N/FuuSYJLYrYA9cF8IbIylT8PQ6Hi2Z0pJsqkp mdDjaEvkK78Mctv+vrVkYsGMHp4V5+AR8BvkZqqZRloYqw3bCXkXDIwPDX9W4dFp9B4T R1z/IIbvFqlzT0QKWtGxObGE1dP1zlOJVakB3kXXClTKdpOILcQhgEr351s04zsR5eXQ BQVbW612m2gPneZcCmM+47UyF0ls//8Qxj2Q1eVOYxOOlRrV3l3pFvzwCUZlf3xSObRq PyydPwqT3ybj2RWPUzcaYKY7BNGzF5xO7i7cMEOuIQyUYQxcpUA9DmEj+UT+vux5IoLm YVeA== X-Gm-Message-State: ABy/qLYt/ec3n+3ILlar3IaH3YgoNu0mBbTCc1zCiwFIaVv0uXAr4FfV Gt5Uh2rmSFkb0P+u20Z0Y7Z598Uj2NU= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:2d1a:0:b0:d0c:77a8:1f6b with SMTP id t26-20020a252d1a000000b00d0c77a81f6bmr20040ybt.10.1690593403726; Fri, 28 Jul 2023 18:16:43 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:03 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-17-seanjc@google.com> Subject: [PATCH v2 16/21] KVM: nSVM: Use KVM-governed feature framework to track "vVM{SAVE,LOAD} enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772739333750083690 X-GMAIL-MSGID: 1772739333750083690 Track "virtual VMSAVE/VMLOAD exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. Opportunistically add a comment explaining why KVM disallows virtual VMLOAD/VMSAVE when the vCPU model is Intel. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 2 +- arch/x86/kvm/svm/svm.c | 10 +++++++--- arch/x86/kvm/svm/svm.h | 1 - 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 32c0469cf952..f01a95fd0071 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -10,6 +10,7 @@ KVM_GOVERNED_X86_FEATURE(XSAVES) KVM_GOVERNED_X86_FEATURE(VMX) KVM_GOVERNED_X86_FEATURE(NRIPS) KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) +KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index da65948064dc..24d47ebeb0e0 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -107,7 +107,7 @@ static void nested_svm_uninit_mmu_context(struct kvm_vcpu *vcpu) static bool nested_vmcb_needs_vls_intercept(struct vcpu_svm *svm) { - if (!svm->v_vmload_vmsave_enabled) + if (!guest_can_use(&svm->vcpu, X86_FEATURE_V_VMSAVE_VMLOAD)) return true; if (!nested_npt_enabled(svm)) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 2f7f7df5a591..39a69c1786ea 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1154,8 +1154,6 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 0, 0); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 0, 0); - - svm->v_vmload_vmsave_enabled = false; } else { /* * If hardware supports Virtual VMLOAD VMSAVE then enable it @@ -4226,7 +4224,13 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV); - svm->v_vmload_vmsave_enabled = vls && guest_cpuid_has(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); + /* + * Intercept VMLOAD if the vCPU mode is Intel in order to emulate that + * VMLOAD drops bits 63:32 of SYSENTER (ignoring the fact that exposing + * SVM on Intel is bonkers and extremely unlikely to work). + */ + if (!guest_cpuid_is_intel(vcpu)) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); svm->pause_filter_enabled = kvm_cpu_cap_has(X86_FEATURE_PAUSEFILTER) && guest_cpuid_has(vcpu, X86_FEATURE_PAUSEFILTER); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 4e7332f77702..b475241df6dc 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -259,7 +259,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool v_vmload_vmsave_enabled : 1; bool lbrv_enabled : 1; bool pause_filter_enabled : 1; bool pause_threshold_enabled : 1; From patchwork Sat Jul 29 01:16:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127963 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp806833vqg; Fri, 28 Jul 2023 19:29:24 -0700 (PDT) X-Google-Smtp-Source: APBJJlEpMh+D3R00yc4jPCIRC7oHTTpPhlp6dGnJpXNACRtzQuKymYmq4xty9FTPaaU3C5xe8mp8 X-Received: by 2002:a17:90a:8905:b0:268:6e77:2024 with SMTP id u5-20020a17090a890500b002686e772024mr2749352pjn.22.1690597764488; Fri, 28 Jul 2023 19:29:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690597764; cv=none; d=google.com; s=arc-20160816; b=jswICsPtIpAmYJhSh2f1zgwVLdWnhaNpii21bREJoTJ4irBdGxkvI4Tl4qXyeKOJZL bLm7Naep6PW+AHhxzq9UX4LSkQDUIHsVRtFz+1JuidCGh3Z8ap99q4EuktCwJQvwevDE 7DysONwzTqtMGinNDf7IyCGAldbAsQytj+mM/pf3AeY9YmOvSgwUsRT8gaocOKOnvdYC Tj763dR4laXJJeRRny1XqMd3qiurCi+nrjkp81/dpV8V7vIIPQ87tGwtk+Wq7Lh7X/D0 U7iQjDBXKpV4/OIOmbjVgXJ2NWoAhhvOHq2kGNidlPZCL4FgAsjtEGYxNtcn86WVu/lK IP1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=XWSSoUKucCtT+zh7f53pOsw13W6cMYdZgxKQXI7Ab2I=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=iDiQ/8/29/OZC0bTvBkIKLjVBf+gPc3e1du3OVEnh825/fFyXFqRvezA1mA/irFht5 +32tAHKJfjw1y9efDPRq+r+qG8hUGFoHKacXQ/GISUXld7wDeuE6Y+Y6N4xOx6ZIagL0 R8O4c1XrJkfzVc9VNjAsW/t5OrTcNJAPLPDLkGJhaZaDwVTP/ceoLmEU/cVUpctn9hlW o2l5L175eTWq+MgFwmgF7EOMVxBb/md83r0yjEE44TG/ke+YC/Aj+nbLasMstidiHPsN V6k9YrZZPxfovKXwqZUhAVdQQXOZrGoLCsxmNjFtSqCXdJl6P2pwxvatBlVJwHqYQcw7 ziiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=yhlSD1yG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w7-20020a17090a4f4700b0025eeb3cc4b2si3932813pjl.9.2023.07.28.19.29.11; Fri, 28 Jul 2023 19:29:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=yhlSD1yG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237423AbjG2BTA (ORCPT + 99 others); Fri, 28 Jul 2023 21:19:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36136 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237411AbjG2BRo (ORCPT ); Fri, 28 Jul 2023 21:17:44 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BAEE49F6 for ; Fri, 28 Jul 2023 18:17:11 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1bba7a32a40so20469725ad.0 for ; Fri, 28 Jul 2023 18:17:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593405; x=1691198205; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=XWSSoUKucCtT+zh7f53pOsw13W6cMYdZgxKQXI7Ab2I=; b=yhlSD1yG1el5nTNdFCwX254jnUkkNYOXgxL3vLVEESLQsoiTYOoBvmAlUHCdWGFKr7 D6bafPmaPvha3tf+K15xZ7Mxf33c/hOon4+KQtJUGFm2WaesQWQdoVCXaHYPAieARYFU dZkSQpl7ZxiGnohoOgKgMpLl0Ix06KpOa2AYEFv++505rIg5haD5FZ4bxDVls6tn9dHE bE3KIRAhn4R3bgbpFXdkhywGti73ytsYt3MV1CVcKFc0j5H7oiBOHvbCrLPKDoSWHm3T XwrcEmTGkJX2ew9kDZNXmnzPZUjNY8DELPKb/nbkLJQr5igoVMRQbeaeNqPfEZLFQEMd JiDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593405; x=1691198205; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XWSSoUKucCtT+zh7f53pOsw13W6cMYdZgxKQXI7Ab2I=; b=R1QmKkq9yXEyYytTQpMcrtRT6iUTuxpPvbeFl+ydhkMbL66kEXvyh5kJ9K4NgyVkoM 4YyTDdXjSXm9a4dFi547q6hEJhWsA5TSEfLf29lkVd8n85ENuSyhXUFxu+84i/t5OQFr J7sWcgMeqUoP9+CfAKlYaDQhL+ec5pSXxl8IWsIB3j1lW5Og6gkA90RW8IwYDECiUKe5 W25PcJ0YrgHMB8XLu4w7S/OaQ2CTKgek0Wo3jKgssSfBOGdvO+eaG7OKdlmUWAzonkJN KpEFJrZUFYVHtGAhlUcTE6uN9eUvPr95ecaUHJJwJqMdCEWREnZQlRgIbJjt26TvHSL2 vAkg== X-Gm-Message-State: ABy/qLZLLrRKzDg3XQrF1jWVcOY2jTe3HWciU6uh3I+ugG+GT5zvzwEh KN8WIAXgdPckrTLRNBoTA6z+TVzMAqQ= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:e542:b0:1b8:c666:207a with SMTP id n2-20020a170902e54200b001b8c666207amr13474plf.9.1690593405592; Fri, 28 Jul 2023 18:16:45 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:04 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-18-seanjc@google.com> Subject: [PATCH v2 17/21] KVM: nSVM: Use KVM-governed feature framework to track "LBRv enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772720241354661505 X-GMAIL-MSGID: 1772720241354661505 Track "LBR virtualization exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. Note, checking KVM's capabilities instead of the "lbrv" param means that the code isn't strictly equivalent, as lbrv_enabled could have been set if nested=false where as that the governed feature cannot. But that's a glorified nop as the feature/flag is consumed only by paths that are gated by nSVM being enabled. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 23 +++++++++++++---------- arch/x86/kvm/svm/svm.c | 7 ++++--- arch/x86/kvm/svm/svm.h | 1 - 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index f01a95fd0071..3a4c0e40e1e0 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -11,6 +11,7 @@ KVM_GOVERNED_X86_FEATURE(VMX) KVM_GOVERNED_X86_FEATURE(NRIPS) KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) +KVM_GOVERNED_X86_FEATURE(LBRV) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 24d47ebeb0e0..f50f74b1a04e 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -552,6 +552,7 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12 bool new_vmcb12 = false; struct vmcb *vmcb01 = svm->vmcb01.ptr; struct vmcb *vmcb02 = svm->nested.vmcb02.ptr; + struct kvm_vcpu *vcpu = &svm->vcpu; nested_vmcb02_compute_g_pat(svm); @@ -577,18 +578,18 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12 vmcb_mark_dirty(vmcb02, VMCB_DT); } - kvm_set_rflags(&svm->vcpu, vmcb12->save.rflags | X86_EFLAGS_FIXED); + kvm_set_rflags(vcpu, vmcb12->save.rflags | X86_EFLAGS_FIXED); - svm_set_efer(&svm->vcpu, svm->nested.save.efer); + svm_set_efer(vcpu, svm->nested.save.efer); - svm_set_cr0(&svm->vcpu, svm->nested.save.cr0); - svm_set_cr4(&svm->vcpu, svm->nested.save.cr4); + svm_set_cr0(vcpu, svm->nested.save.cr0); + svm_set_cr4(vcpu, svm->nested.save.cr4); svm->vcpu.arch.cr2 = vmcb12->save.cr2; - kvm_rax_write(&svm->vcpu, vmcb12->save.rax); - kvm_rsp_write(&svm->vcpu, vmcb12->save.rsp); - kvm_rip_write(&svm->vcpu, vmcb12->save.rip); + kvm_rax_write(vcpu, vmcb12->save.rax); + kvm_rsp_write(vcpu, vmcb12->save.rsp); + kvm_rip_write(vcpu, vmcb12->save.rip); /* In case we don't even reach vcpu_run, the fields are not updated */ vmcb02->save.rax = vmcb12->save.rax; @@ -602,7 +603,8 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12 vmcb_mark_dirty(vmcb02, VMCB_DR); } - if (unlikely(svm->lbrv_enabled && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { + if (unlikely(guest_can_use(vcpu, X86_FEATURE_LBRV) && + (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { /* * Reserved bits of DEBUGCTL are ignored. Be consistent with * svm_set_msr's definition of reserved bits. @@ -734,7 +736,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, vmcb02->control.virt_ext = vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK; - if (svm->lbrv_enabled) + if (guest_can_use(vcpu, X86_FEATURE_LBRV)) vmcb02->control.virt_ext |= (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK); @@ -1065,7 +1067,8 @@ int nested_svm_vmexit(struct vcpu_svm *svm) if (!nested_exit_on_intr(svm)) kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); - if (unlikely(svm->lbrv_enabled && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { + if (unlikely(guest_can_use(vcpu, X86_FEATURE_LBRV) && + (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { svm_copy_lbrs(vmcb12, vmcb02); svm_update_lbrv(vcpu); } else if (unlikely(vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK)) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 39a69c1786ea..a83fa6df7c04 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -984,9 +984,11 @@ void svm_update_lbrv(struct kvm_vcpu *vcpu) bool current_enable_lbrv = !!(svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK); - if (unlikely(is_guest_mode(vcpu) && svm->lbrv_enabled)) + if (unlikely(is_guest_mode(vcpu) && + guest_can_use(vcpu, X86_FEATURE_LBRV))) { if (unlikely(svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK)) enable_lbrv = true; + } if (enable_lbrv == current_enable_lbrv) return; @@ -4221,8 +4223,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_NRIPS); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_TSCRATEMSR); - - svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_LBRV); /* * Intercept VMLOAD if the vCPU mode is Intel in order to emulate that diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index b475241df6dc..0e21823e8a19 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -259,7 +259,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool lbrv_enabled : 1; bool pause_filter_enabled : 1; bool pause_threshold_enabled : 1; bool vgif_enabled : 1; From patchwork Sat Jul 29 01:16:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127995 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp829044vqg; Fri, 28 Jul 2023 20:48:40 -0700 (PDT) X-Google-Smtp-Source: APBJJlEybmDiyA+hZbp6R/dD9VhzAN9EZnCZ/i60IzHlM581yjHvaLqAWmOD2UuLGkopAGz+IO5Z X-Received: by 2002:a17:906:31d8:b0:99b:61e9:bb84 with SMTP id f24-20020a17090631d800b0099b61e9bb84mr954869ejf.56.1690602520735; Fri, 28 Jul 2023 20:48:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690602520; cv=none; d=google.com; s=arc-20160816; b=KUrBhbSvAPOu9J0q6jNC/O+64F4mtZV7C6hq5c0j62zMHO5Ehxqh2CLHFmX/fBR7gA FEuU04p14sIETQ07ee/EU387W5XCAqz0a78nP993UNrGw1G5U3zOXEeXf4qIvDgLqREe nb/cyxUxbjM6KPqu4jCEgAUrNsb0C2KwGkUoSDXX5pP1bYlrUtnPmZGhLvY3ER7rvTJs aakdt5pshcG6OGZnA6cS7zhtO8hIwKJF73GYuTk+o2Qdnq0+AC6arYRj4J1YprduQfTr TnVn/JUAP0MCpVcwlNqx+v7tTaZA4l7jrlhsH0HMzIWJTDGSOameQT+CMTvZjuVxemUk 8QOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=IAQPKbD8tPDmYBWrX7RApaZ6urq2NKcobd6GaE19UZk=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=SUYWh2DzDaXFs2siFFZ0Q6kTpzL23PZrZ7/X8gBOXG9NxoJQQt/RoyHV2JqHqHL9Rk 9DVpFQEv/h+zj976laYJ1txa/nA95mSjrFqMjxypr5eJg8jXCEhJib0o8oqkJqIJBQCH 9l3if/AfZoIWglyMfILaEbRmzObP/XzcCh3Pf6xjgRgqBVi81/VQc0AUYNTDd0ksdsQ7 sWkUMeUIRgBbrdt76PtsNUd/UJ792uAGQImkjD8pKlXC3yBH0p/FUy2Bg8lHApvi4sdl sRwZjBOc4J/YlWF+Qa9KYjdhi9+NwH5grzqRVxudl1lsZRx+pPF+L6GcCN+GICiygvl3 sAbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=ZeRoOCqF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q18-20020a1709060e5200b00993860a6d3csi3713830eji.81.2023.07.28.20.48.16; Fri, 28 Jul 2023 20:48:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=ZeRoOCqF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237375AbjG2BSa (ORCPT + 99 others); Fri, 28 Jul 2023 21:18:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237475AbjG2BRr (ORCPT ); Fri, 28 Jul 2023 21:17:47 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC1CB5260 for ; Fri, 28 Jul 2023 18:17:16 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-584126c65d1so29404367b3.3 for ; Fri, 28 Jul 2023 18:17:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593407; x=1691198207; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=IAQPKbD8tPDmYBWrX7RApaZ6urq2NKcobd6GaE19UZk=; b=ZeRoOCqFI4p+w9IAeXNpwy5tKs7MTBzITIeEzXVkbc0WGkIBaxYXBabBmGzaP1liLi XzrIM1m5WJ5mzyQ+rtejbV0YofqVAwW9vi2WTcum05Q9JdcoEmvQzyNePKLll1Sn2HMO ahBeBbAd+C4oZYuQ4+SLDrttWUUutbvJzB+NPE7xpQnmvhQPgMqjg7siGDxiXFihzVXR CGyom5LhVfRPhLZEQNaMXxCXXDXIhIMlYrl/Im0JiotbqoucEne7MLA8+4hOwpXgTPnp HZqMWWaIu0y0sib7kJ858UYs6W7nHxDs6gM9J0R2oTbVCNf3/l6v/DSd89ZM/J9z6Dt8 UoTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593407; x=1691198207; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IAQPKbD8tPDmYBWrX7RApaZ6urq2NKcobd6GaE19UZk=; b=NCEkWa5nxLo7nT7ycYZNVBeSTtzQ18dZNbd+rx5RWY6GX1LoGNa0BZtXzk4xCCciPu 9bU3tCzmLeE7Ude7DS6ph19qt0yDnQ/pLfv6qnYVT7XOHB90vpzvuIsuRS3ju0bq3RS1 rH0ddYDEAM9cjBXASDDWRsFHf7hHPPYQzQ85FNmbZ/BW4giM/PxeF0wT/kNJathyWi52 5OmEE0H47CFjBO2lmlTXJiylxVPTvR1g1wtbPhQF+KZvFLkDI4WWIy0qNoC/6XsbmTPj kST3m/6Vb+B82PId+X/quKeB88GAaEgvEYg8+oPR2k7OIyyxwt2M+jTg6l5Aa+87xqL1 SyoA== X-Gm-Message-State: ABy/qLZWZfShnCAfhg11QMcaDTTpptAbllhVHmZUSjWFw++vX4uyJ+AP yS36p/ca4noRnOYwyPT/DTbXXrj07hY= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:ae25:0:b0:56c:b037:88aa with SMTP id m37-20020a81ae25000000b0056cb03788aamr24021ywh.5.1690593407555; Fri, 28 Jul 2023 18:16:47 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:05 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-19-seanjc@google.com> Subject: [PATCH v2 18/21] KVM: nSVM: Use KVM-governed feature framework to track "Pause Filter enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772725228690769849 X-GMAIL-MSGID: 1772725228690769849 Track "Pause Filtering is exposed to L1" via governed feature flags instead of using dedicated bits/flags in vcpu_svm. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 2 ++ arch/x86/kvm/svm/nested.c | 10 ++++++++-- arch/x86/kvm/svm/svm.c | 7 ++----- arch/x86/kvm/svm/svm.h | 2 -- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 3a4c0e40e1e0..9afd34f30599 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -12,6 +12,8 @@ KVM_GOVERNED_X86_FEATURE(NRIPS) KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) KVM_GOVERNED_X86_FEATURE(LBRV) +KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) +KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index f50f74b1a04e..ac03b2bc5b2c 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -743,8 +743,14 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, if (!nested_vmcb_needs_vls_intercept(svm)) vmcb02->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; - pause_count12 = svm->pause_filter_enabled ? svm->nested.ctl.pause_filter_count : 0; - pause_thresh12 = svm->pause_threshold_enabled ? svm->nested.ctl.pause_filter_thresh : 0; + if (guest_can_use(vcpu, X86_FEATURE_PAUSEFILTER)) + pause_count12 = svm->nested.ctl.pause_filter_count; + else + pause_count12 = 0; + if (guest_can_use(vcpu, X86_FEATURE_PFTHRESHOLD)) + pause_thresh12 = svm->nested.ctl.pause_filter_thresh; + else + pause_thresh12 = 0; if (kvm_pause_in_guest(svm->vcpu.kvm)) { /* use guest values since host doesn't intercept PAUSE */ vmcb02->control.pause_filter_count = pause_count12; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a83fa6df7c04..be3a11f00f4e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4233,11 +4233,8 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) if (!guest_cpuid_is_intel(vcpu)) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); - svm->pause_filter_enabled = kvm_cpu_cap_has(X86_FEATURE_PAUSEFILTER) && - guest_cpuid_has(vcpu, X86_FEATURE_PAUSEFILTER); - - svm->pause_threshold_enabled = kvm_cpu_cap_has(X86_FEATURE_PFTHRESHOLD) && - guest_cpuid_has(vcpu, X86_FEATURE_PFTHRESHOLD); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PAUSEFILTER); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); svm->vgif_enabled = vgif && guest_cpuid_has(vcpu, X86_FEATURE_VGIF); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 0e21823e8a19..fb438439b61e 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -259,8 +259,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool pause_filter_enabled : 1; - bool pause_threshold_enabled : 1; bool vgif_enabled : 1; bool vnmi_enabled : 1; From patchwork Sat Jul 29 01:16:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127954 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp794242vqg; Fri, 28 Jul 2023 18:47:11 -0700 (PDT) X-Google-Smtp-Source: APBJJlHN0WCtOowMxO1FPweDA8FgNfJJktExjhVzN/Gja3gD4ymxfqdHzW+DPE+wHPE9AQjHV2aN X-Received: by 2002:a05:6a20:7493:b0:137:30db:bc35 with SMTP id p19-20020a056a20749300b0013730dbbc35mr3945181pzd.27.1690595231130; Fri, 28 Jul 2023 18:47:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690595231; cv=none; d=google.com; s=arc-20160816; b=TcxBgFYRbuyJqO07MsXhtRnXBeCUx8L2rEkF5z1Zt9cXhbZ+1KJ5GkvkEF8f65Jq5Z L3MJrtK8CAAyLWzLmnNmuzTH6UmoxPAHKZ9svj5zz+Dsu/XSRVMHOFLVjvCEVQBaY4kE SAlmYcxuQEKmPJr0RhOK2naIO1UjaHak8wh4vw5IkLvsoCygXwoaCQnPFf6sojHD7iBk jEyJjWwSuzOplIspHwToyM+/RZjbcJVLZYolfWNQO6wFx/Jan7qJEm0WevBopovzl/B6 oWgVuHK2Ozm9fY4PneRnJ6HxpAAh0sLKVgqm2AQ3T1nNe6j4H2azUhtq7z1vFbq15fxi juOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=y7cEpFM3GtEXX/RC2xjBSh+vjkWowYW5UIIx0dKpIJc=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=oJlpNx3uTxKPti8DFcz3VRxx8woI1JfCATn0mg9RN/VhX16vWPAGv9c35yrhA75vxg ZUnQYt4ZgTfflGUefaFlbHcIveA4svpKUaPW32WkvcMRlLn1qRGilD3zJwCmvnxPdtiP IRT7TyGMluonD4Te0jgVn7t8HAQnnGl6CuNPPb29UPoUjjpY/IW5VO/JEqfCQDLLWO89 PzYfTmJ4a2mXw2ayRZ8p9CdroNccSmCKcPd3hdq/KypCDlyTtyhPYjipcavzDEiQ8/Nm G1xm9mi9shn0m2I/9j6REFr9mNNHiljaGIlOKx006CUDTGU6FpthoXIFwRO561hCv6w5 fC/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=N7UCx11b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id be3-20020a656e43000000b00563efb72e22si3872103pgb.786.2023.07.28.18.46.58; Fri, 28 Jul 2023 18:47:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=N7UCx11b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237513AbjG2BSd (ORCPT + 99 others); Fri, 28 Jul 2023 21:18:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237490AbjG2BRs (ORCPT ); Fri, 28 Jul 2023 21:17:48 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 640F74EDB for ; Fri, 28 Jul 2023 18:17:20 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id 41be03b00d2f7-5637a108d02so1773459a12.2 for ; Fri, 28 Jul 2023 18:17:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593410; x=1691198210; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=y7cEpFM3GtEXX/RC2xjBSh+vjkWowYW5UIIx0dKpIJc=; b=N7UCx11biKYErqs/Sg1mCGYKNalKl+tIeARjD04Bwez6xhq6l8wVRALyxSOrQ1QQmO UTH9da3+mLMaP/KNOX/DxomZdnmpDv8Ay78AL76fWZzMDViUXtO0dFAhtRyLjra1Q/bb zoFxZP72VGejWtujQoQLPQkymjrudLkYNZepOq1DNNlgVdBTdi0EqxjsqJwGM3e+lOT7 LC2YLaJp8QrH+VQ/QHgMwFqy+Zu18ZYlIiZrNedoN8UlOirdkNhxINBuTR6vcyBap8NG +ZDNYYxueYkJUbiNOLasE5Z1m92P3Cmwk58uRzZZJSoe7nuD/V/CYxdpsA01S0tb90Yy 3E8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593410; x=1691198210; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=y7cEpFM3GtEXX/RC2xjBSh+vjkWowYW5UIIx0dKpIJc=; b=eqTj/1UkbgZPQ16jU1PjRpHpnQM7HKOSvUN6XLJkIu7QfJR6PH0F9Spy9vvAJAJ6qE ymrFTB0oFRiJDzLUmHGyzBS60t6TTLvRjCmrbh53JyrNtr8REX87nDoriOeeGXUG6ua6 KAspPrzf1hXzQ8DreO+DOzKFC8S2T+NE0C/N8R7lBBWV+7EjjimO/bWTVQfXED3MEp7Q atEL7w/siY5zd31ErGYgV3LQfx6FHupE2iTYIvcDBPCSQkfOhgqdg7O6x1Hm3q5Z5AGH /8SVIAUbQRE3MQ9OpjxtP1CIaeq3k6F1fbd/u0uuw2F5A8HM7eR9LYxoxSiZQ1DTVCud N0Jg== X-Gm-Message-State: ABy/qLbdrV3AboKECGO1A+n+CisOG6cRiREWrR+/W3O81busTtZ0+Zzs 7Ohk9D7yXK6j7E5ys1jwbHHYu/U0TDc= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:903:2291:b0:1b5:2b14:5f2c with SMTP id b17-20020a170903229100b001b52b145f2cmr14342plh.4.1690593409416; Fri, 28 Jul 2023 18:16:49 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:06 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-20-seanjc@google.com> Subject: [PATCH v2 19/21] KVM: nSVM: Use KVM-governed feature framework to track "vGIF enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772717584690084533 X-GMAIL-MSGID: 1772717584690084533 Track "virtual GIF exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. Note, checking KVM's capabilities instead of the "vgif" param means that the code isn't strictly equivalent, as vgif_enabled could have been set if nested=false where as that the governed feature cannot. But that's a glorified nop as the feature/flag is consumed only by paths that are Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 3 ++- arch/x86/kvm/svm/svm.c | 3 +-- arch/x86/kvm/svm/svm.h | 5 +++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 9afd34f30599..368696c2e96b 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -14,6 +14,7 @@ KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) KVM_GOVERNED_X86_FEATURE(LBRV) KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) +KVM_GOVERNED_X86_FEATURE(VGIF) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index ac03b2bc5b2c..dd496c9e5f91 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -660,7 +660,8 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, * exit_int_info, exit_int_info_err, next_rip, insn_len, insn_bytes. */ - if (svm->vgif_enabled && (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK)) + if (guest_can_use(vcpu, X86_FEATURE_VGIF) && + (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK)) int_ctl_vmcb12_bits |= (V_GIF_MASK | V_GIF_ENABLE_MASK); else int_ctl_vmcb01_bits |= (V_GIF_MASK | V_GIF_ENABLE_MASK); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index be3a11f00f4e..6d9bb4453f2d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4235,8 +4235,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PAUSEFILTER); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); - - svm->vgif_enabled = vgif && guest_cpuid_has(vcpu, X86_FEATURE_VGIF); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF); svm->vnmi_enabled = vnmi && guest_cpuid_has(vcpu, X86_FEATURE_VNMI); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index fb438439b61e..6eb5877cc6c3 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -22,6 +22,7 @@ #include #include +#include "cpuid.h" #include "kvm_cache_regs.h" #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) @@ -259,7 +260,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool vgif_enabled : 1; bool vnmi_enabled : 1; u32 ldr_reg; @@ -485,7 +485,8 @@ static inline bool svm_is_intercept(struct vcpu_svm *svm, int bit) static inline bool nested_vgif_enabled(struct vcpu_svm *svm) { - return svm->vgif_enabled && (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK); + return guest_can_use(&svm->vcpu, X86_FEATURE_VGIF) && + (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK); } static inline struct vmcb *get_vgif_vmcb(struct vcpu_svm *svm) From patchwork Sat Jul 29 01:16:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 127953 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp794152vqg; Fri, 28 Jul 2023 18:46:51 -0700 (PDT) X-Google-Smtp-Source: APBJJlGkeRLscu5LMvm7Y6cWIP5uvFHou3H58vVGKjy2xE0y3510fO1vbmibo040GVgWlX+cQw1a X-Received: by 2002:a17:902:8301:b0:1bb:7996:b269 with SMTP id bd1-20020a170902830100b001bb7996b269mr3420864plb.19.1690595211527; Fri, 28 Jul 2023 18:46:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690595211; cv=none; d=google.com; s=arc-20160816; b=boYNnkyVIfZX8jIG8L//uKoXqJgcnOWBoa5GVkMUWKzzUoN7k7/Hl3VkyOzk0QQL2E Tkqlr06jeVSlGFotwXdxfdttvV8JM9L74VrFSSUwq7xZaqapAG5xCeT4VkB9AGNqn5jg f0DbI7H2Q9mSRlQYoupXbMydKAl7tHBl5aDp+ACtDWp0oQsL5yCm1yEnDQ5tud7Mu6tF 4q8tdPefQ+W3ELVUVaeB0tWy+zCL6xX84xZchD6A+0aJcdN4C3yc9nkh574DkUnWE39f yKLu6QaesKmZdGJJAKIu5BQK1NqR1sZGYe5NaVC+ZUSfyRSDw6m8WoMXSYC9uIi0ejE0 oGVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=VgunzukDjbHa3GZgUyAC0qt2xyD/roymvALt+6M5c/I=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=L+5ESRwrZvoNHREJoP7Z0mrUVhDefv3XaAVyEKMl2N+Wge7zWSSnRRuOgpIdamVnEd lP2I5S0ZFlvXQQ0csoQ6hbthCJvhvs1pu9gDkFe0/rDDRD39y/oQQ4bXCKq/1dLZyInI Ts95dWBNEoSpzoK5Dy05E5VXS0jCrpkrX0D8wZ9+TwDeyjYuf4JKgVENB4PASEppj96Y BVa5yIzZrvHDQgTM+2xXmP/JS9Q/zJMnazSMikeVpVj6IrfBpi8JaICiZA0/LMA1DEmP +1X/bytEidH2C9goaK8R3IdtHZW3bS8STKmAzS+yrK7EQsBTrrFeDRR+OsUHF2NSX/WL m0fA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=oaLMtNoa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kb13-20020a170903338d00b001bb3bcd05bbsi1113100plb.471.2023.07.28.18.46.38; Fri, 28 Jul 2023 18:46:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=oaLMtNoa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237522AbjG2BSg (ORCPT + 99 others); Fri, 28 Jul 2023 21:18:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36618 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235248AbjG2BRt (ORCPT ); Fri, 28 Jul 2023 21:17:49 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 048F54EEC for ; Fri, 28 Jul 2023 18:17:22 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-c8f360a07a2so2440386276.2 for ; Fri, 28 Jul 2023 18:17:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593412; x=1691198212; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=VgunzukDjbHa3GZgUyAC0qt2xyD/roymvALt+6M5c/I=; b=oaLMtNoaDWLDjp7EXIcXnG7Ta8UVIB2jBzIDDVrwenl3iwfmCnZ/cJ2/73VgIR/qyc osC30NnMKZIrDgCTIPJKM8UJ5BR4tu4pKbB3e8aLCi7PR1j0Kt0QEOkmTEGzlhU9pFrj nQrc3ad1YG2CBMJjxUAcbD0q1GMSefgfF+hTdEB7ae0p8nm/CjL1fLIEf3gj/xHG9tX+ AEzIDs5tvNgA6AStrqBdBFfdqIUWrBnPRCSYH0KcfGxNlJ2buNJ5msJYAfE1DssmAgos EsoxekFuAQsCcWvNz5MZAx6kJpa5nrJOfanbYJfn8dmO0WM3+5daH4FKNVxgd9a3bSpw AuIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593412; x=1691198212; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VgunzukDjbHa3GZgUyAC0qt2xyD/roymvALt+6M5c/I=; b=DfvYBivqRJBpOH4IIKRlzgTPvU1IykXs8UGPFT3f4i1usDeNxLMGPcen3+H8h6k5cR laene63/qjBBPQTErixxTXMK4QtKPn0uJCv2ozdrtatobbqdhDOoaT3BGiP3V8NvrUyP bZLJDQV+Vbw267NXwHek24h1s48TUlOBrmchysOG6z90Rwsj4Ys4adwY9N9H6CmMz3qO JcHL8w1M95joMjZyla2OwtqWoVVkhTbGUMaw25Axki3wX8i0rNJUQuCAV8anPX9A4E5t w89n3mUmbTg6Sft0Nefs0qE6PI3hDz2bKwyHQLtAIFBhOK38+eOEa+VAvYd6ELTi42T3 n8+g== X-Gm-Message-State: ABy/qLbirdF+spuZP8qSYvA+unD8rtN35zrm1mo2JPSYGAhaY2xhsR7v I79pjit9U9OlgsxXF+by2/m386K2Jj4= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:2c5:0:b0:d09:3919:35c with SMTP id 188-20020a2502c5000000b00d093919035cmr17449ybc.11.1690593412338; Fri, 28 Jul 2023 18:16:52 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:07 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-21-seanjc@google.com> Subject: [PATCH v2 20/21] KVM: nSVM: Use KVM-governed feature framework to track "vNMI enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772717564665282830 X-GMAIL-MSGID: 1772717564665282830 Track "virtual NMI exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. Note, checking KVM's capabilities instead of the "vnmi" param means that the code isn't strictly equivalent, as vnmi_enabled could have been set if nested=false where as that the governed feature cannot. But that's a glorified nop as the feature/flag is consumed only by paths that are gated by nSVM being enabled. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/svm.c | 3 +-- arch/x86/kvm/svm/svm.h | 5 +---- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 368696c2e96b..423a73395c10 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -15,6 +15,7 @@ KVM_GOVERNED_X86_FEATURE(LBRV) KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) KVM_GOVERNED_X86_FEATURE(VGIF) +KVM_GOVERNED_X86_FEATURE(VNMI) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 6d9bb4453f2d..89cc9f4f3ddc 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4236,8 +4236,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PAUSEFILTER); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF); - - svm->vnmi_enabled = vnmi && guest_cpuid_has(vcpu, X86_FEATURE_VNMI); + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VNMI); svm_recalc_instruction_intercepts(vcpu, svm); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 6eb5877cc6c3..06400cfe2244 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -259,9 +259,6 @@ struct vcpu_svm { unsigned long soft_int_next_rip; bool soft_int_injected; - /* optional nested SVM features that are enabled for this guest */ - bool vnmi_enabled : 1; - u32 ldr_reg; u32 dfr_reg; struct page *avic_backing_page; @@ -537,7 +534,7 @@ static inline bool nested_npt_enabled(struct vcpu_svm *svm) static inline bool nested_vnmi_enabled(struct vcpu_svm *svm) { - return svm->vnmi_enabled && + return guest_can_use(&svm->vcpu, X86_FEATURE_VNMI) && (svm->nested.ctl.int_ctl & V_NMI_ENABLE_MASK); } From patchwork Sat Jul 29 01:16:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 128018 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp882663vqg; Fri, 28 Jul 2023 23:46:22 -0700 (PDT) X-Google-Smtp-Source: APBJJlH2/itbV3S97rr/uPmKjRgzr2sZa7NSUu1pS5ipUHZ8VFXKZ1OXxksmtj4rEwQx8PBIm56F X-Received: by 2002:a05:6a00:16c1:b0:67e:e019:3a28 with SMTP id l1-20020a056a0016c100b0067ee0193a28mr4527213pfc.16.1690613182603; Fri, 28 Jul 2023 23:46:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690613182; cv=none; d=google.com; s=arc-20160816; b=skPExEnyDvB0/bXqznL05ncGLS6BM0ilhTG6k/wBpLlRGfu7ZTWEQCcDlIbx8ILsIh P8r00TrPd81NA8hYbybKdCV0g8VigK1WH2TkiyW8WUdAoFEFkMKHoae0cGFvA4u7BuKr cFKLZxUcVgKtxwqC4F6WWXKo4HFo9/g3857OhNDXUgqFR8aatai0jMAc9QyyA9BGjlQO 7Kqi3t9uMwTgwxPb83gwQj4QaUDhQ+NVbd3H7tNck9p4V44nR0Qcdm82CPwKS6z2Ka9y GpKaElqoRnVrYxu/tJfkvXrFrxUhm284ZuDEu5Fdx/0H99vV5kKGyFV2IXWRxkKWs3UQ EPuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=Td1GH9IlHvpXHIHUDo3By6hiD1XsWn1I7aZZNe6DB5w=; fh=8Mc5uyvARtESo7rBGdZxKoor3rxsuqGYA/iIBYLTTUU=; b=Fi8bxdNJMs0r8zMTblBMpQrAWjrYdNRz4v/hfWzuoNsq3OXYQj9XYRue9sBUFjK7D3 Bk0gRfAxL1nJEFIMu95Aajfg4wh2Lun8RrhRXtRg4XmgRZcaXc6fEVgtjGI7gRRAD9Ln 1phuafPyYl7AXkYy8fi1ntaHd5uHgCpb6M5kCDtyYMfnS+fXZVf9vdczR7LMim2YjRMB PtdrcU53wwju/ytrrwoSyKrLNQXgZBjxl+Vi5hag9m0G3I0O3NmO1OevIPneb6cdH5te 6oJbD9TLxii6ImLOxWU8ooBlqdq3IBr53zIVqij0DxUQssB17UhmC5sTIqPSPEhBD6FW c+CA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=4Af6FshV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fi37-20020a056a0039a500b006826c8d5a31si2263199pfb.21.2023.07.28.23.46.08; Fri, 28 Jul 2023 23:46:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=4Af6FshV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236963AbjG2BSx (ORCPT + 99 others); Fri, 28 Jul 2023 21:18:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35974 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231725AbjG2BRu (ORCPT ); Fri, 28 Jul 2023 21:17:50 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77E444EEA for ; Fri, 28 Jul 2023 18:17:23 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d1c693a29a0so2526820276.1 for ; Fri, 28 Jul 2023 18:17:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690593414; x=1691198214; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Td1GH9IlHvpXHIHUDo3By6hiD1XsWn1I7aZZNe6DB5w=; b=4Af6FshVFsrgrFsPJc4IthqUvttt1ICUmFLNLWtLZE5xK3kzxiG/xG13Xua1xOPAG/ qsi+BpFoCzlp0VqIdOlZQTdc+VAwJpYpajeNm0aL+x2sNusxHJ/vlU7DAgRyh5rmbLaZ WiAqQcKmtSK4GPhYMEy5RsN9vB29UAhXPElyy3PHh1U4dOm6r1eZgY8xnD3/RvIcv/bn lxqE7kbzbGxs9WqU0pdeayYujblF5h2ScPpYWgTeS5EU3IHTWmT+NIX0KnUD0CHtrTJV kLsfo4Pxhv3CCog7OEi23/z3x7p5Ec3EYwTHO7qsM2gZaKo6owxQ+L33ziSVxQGlz6qK zKxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690593414; x=1691198214; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Td1GH9IlHvpXHIHUDo3By6hiD1XsWn1I7aZZNe6DB5w=; b=c0goQAeB0xlgoLvcUHS0MxZ+8mjHmOgO87aH1CdPVl/us2ndgNUcxjg2zf9LMO9qjB JTJkONMqD5D0UiE6Nkyqpy7lKhcQqO9sUi1xSZfjjEpMOshhZnVOCJSfOXlupzCOtGP9 +opqrYCs19R8vdemkAZlxlL9i3F1P3OrGDFs2piqzEcU3EexuX+rfMtZfdWkmsVfRlBc Py9L4j1n++d8/fuqCymR1GEbuJSOPP88ah7vG6/t1FYsFe4bLsPtbfnAgYb+9Ag/FtTd M+htVk3lYvd7bSm+RTl8bgvtWI92QviYdoscYrqXl0E9gapOq5atcx+t5M6XhvI1Wkaj 1ggA== X-Gm-Message-State: ABy/qLbtSnsp8euTTJfe3H/EjTEUddQNtr+9HcaitOa2a0EEkqJjoE3r PN9aaqoCqpaWr+wVcXwPWslHTua7Dz0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:69c7:0:b0:d07:f1ed:521a with SMTP id e190-20020a2569c7000000b00d07f1ed521amr17972ybc.4.1690593414398; Fri, 28 Jul 2023 18:16:54 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 18:16:08 -0700 In-Reply-To: <20230729011608.1065019-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729011608.1065019-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729011608.1065019-22-seanjc@google.com> Subject: [PATCH v2 21/21] KVM: x86: Disallow guest CPUID lookups when IRQs are disabled From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772736408821174390 X-GMAIL-MSGID: 1772736408821174390 Now that KVM has a framework for caching guest CPUID feature flags, add a "rule" that IRQs must be enabled when doing guest CPUID lookups, and enforce the rule via a lockdep assertion. CPUID lookups are slow, and within KVM, IRQs are only ever disabled in hot paths, e.g. the core run loop, fast page fault handling, etc. I.e. querying guest CPUID with IRQs disabled, especially in the run loop, should be avoided. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index f74d6c404551..4b14bd9c5637 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -11,6 +11,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include +#include "linux/lockdep.h" #include #include #include @@ -84,6 +85,18 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_find( struct kvm_cpuid_entry2 *e; int i; + /* + * KVM has a semi-arbitrary rule that querying the guest's CPUID model + * with IRQs disabled is disallowed. The CPUID model can legitimately + * have over one hundred entries, i.e. the lookup is slow, and IRQs are + * typically disabled in KVM only when KVM is in a performance critical + * path, e.g. the core VM-Enter/VM-Exit run loop. Nothing will break + * if this rule is violated, this assertion is purely to flag potential + * performance issues. If this fires, consider moving the lookup out + * of the hotpath, e.g. by caching information during CPUID updates. + */ + lockdep_assert_irqs_enabled(); + for (i = 0; i < nent; i++) { e = &entries[i];