From patchwork Thu Aug 10 23:49:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 134261 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp775561vqi; Thu, 10 Aug 2023 17:43:22 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGoQSpI/gIi0sHj77N/gAZZMCda7oTnK8DiDxSWtcafePYO8pBreQd41VQJc8AyQdGEoKiL X-Received: by 2002:a17:907:78d3:b0:99d:6b3c:3d40 with SMTP id kv19-20020a17090778d300b0099d6b3c3d40mr423689ejc.6.1691714602088; Thu, 10 Aug 2023 17:43:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691714602; cv=none; d=google.com; s=arc-20160816; b=juVUcPizCtMOctKAtUYehTcsgiq0+BfpORvOBwfy/+iuRJBsEykkhjPWYOJM4+BfSK RBCOOSZjcn8h5SVg12AetnOCZ1OwQ26F140Xa9fDsPkKFWLsOhj2IfxB2L1hiqsWHJjo vTiKo15bQ2SGqz/PLrEuER1/nENfAkFq/P82SMmgAbQe6YF6QoVWnFrp8+H9ku8FlvLc qI55JCFClZKtyHwvPtbDSEOG+JqJ4U1xwJETAoGtBTUqa6JbGWTKs5SmwZwMAl4kMSF9 BeMyj5oMPxEpK6wlv23LW4cqAKczvhouCr9Ts18MjG0/YVqIuau/U4ick1chtSDpVDDN pCGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=0MxTrgQSzrtixzHynHiQH/awbsTAu12j+2kwyEuuwhY=; fh=V7CVPPTRbh2VufElafI2Ok/nHdujZmxHH7PJW4f8amU=; b=nZBMXu6Ng3A8v6ZZZbry4sPaK169IN0UMpe+cwV+GLfQYAaCCcEEZlE8nlXsAQZ0UL JEdMRpRXdQNz7iUsoOme7rLZGc71r8S5Cwlc6xReNDWC/VGUyC7G/MacRQvA8aKc4iaA iEy52eNGj21pAhfZxzMh7sok/6Ne88Jawi0UU0BAN++BbtmSxr6th1VFJEwX2WvlBOyU xvTJrQpzPzqEVpkgHmsvs+/b/ZGH6y8a9CHhsvGWItrnJ15M0E/QCgKaPbIk/CdLemAL K6dWiDUW5kkJUyc0dWS7EaHgJg9NO81XA4WTAxFhdHWqck+B/+tQC+3wq/9sUpes5RVf rmjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="D41wM5/g"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b7-20020a170906194700b0099cbc7832dasi2607216eje.358.2023.08.10.17.42.58; Thu, 10 Aug 2023 17:43:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="D41wM5/g"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233168AbjHJXta (ORCPT + 99 others); Thu, 10 Aug 2023 19:49:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233100AbjHJXt0 (ORCPT ); Thu, 10 Aug 2023 19:49:26 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50DA82D4D for ; Thu, 10 Aug 2023 16:49:23 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-268113acd37so2980908a91.0 for ; Thu, 10 Aug 2023 16:49:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691711363; x=1692316163; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=0MxTrgQSzrtixzHynHiQH/awbsTAu12j+2kwyEuuwhY=; b=D41wM5/g3u8d/j3OyazCXF0tL/NoX3Es3irpgu4hQ1Zgy074Lje5t9CTlosGNkkzAm e1sZp2u9aBlvHNlEgivhCI8oKjSUi+JvPSw7+/UNJyCMlcLmc8jJ774LkjyYS+DYUJFB jJXaEsQ9nWtG1YR1q3edXWTfYPsE83IkpENakCI09mLgVyLvUaLBS/WIJ5ACFTsMd3LG fcfy2KDrQ8AFUa+JUrjH7UtkBYlnZRNSOBcWByOpaQCMFUiVrsV+xahHmGGfigoD4gAz h4Rq9diDLjmbuMfrOQUi/mL8LoHBCme/6haejzJllsBHpRBd0FaJuwt/TCZjFVjo+y30 YJjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691711363; x=1692316163; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0MxTrgQSzrtixzHynHiQH/awbsTAu12j+2kwyEuuwhY=; b=L4hIIVZvA0sGulXbDgkIpStlcP2DsAi/1PRg91fdg2WvMNaCnx4ojwIOmRU4c19aie papFzBtmWWwxfBNFpcRgYY3cY6drcEva8lzfvy9jhVd3JUvKxMaeRpyGlVOc6zQGv99P JkQ/fhj1ICZUqj8soLc7NCZFAXLJcNqyTh+lc5WIKBRQWSy3AFRB0GAmkqeBLJFJfZYo hlLXSs2LVxiL52YGNrIPvzqRKVQxbQg9aIJJh+rv/KUvnvEJQVsJ8VAJkblXSTGi9Zst 789mNiLKXxz3Lk+xrUBDpdth3XXusUlf6jVELb4aiOx3qppXhao8ORYyJr/4iYYTrvt0 86iQ== X-Gm-Message-State: AOJu0Yxit62QxIIXXr6W4CFlJEzPjIH02yFwXKEKWRrqInSetLhsMBP3 f0jtlVffbCNtF31i4/LPARMDsFSS9rg= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90b:612:b0:263:3727:6045 with SMTP id gb18-20020a17090b061200b0026337276045mr90090pjb.4.1691711362872; Thu, 10 Aug 2023 16:49:22 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 10 Aug 2023 16:49:17 -0700 In-Reply-To: <20230810234919.145474-1-seanjc@google.com> Mime-Version: 1.0 References: <20230810234919.145474-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.694.ge786442a9b-goog Message-ID: <20230810234919.145474-2-seanjc@google.com> Subject: [PATCH 1/2] KVM: SVM: Don't inject #UD if KVM attempts emulation of SEV guest w/o insn From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Wu Zongyo , Tom Lendacky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773891331025689539 X-GMAIL-MSGID: 1773891331025689539 Don't inject a #UD if KVM attempts to emulate an instruction for an SEV guest without a prefilled buffer, and instead resume the guest and hope that it can make forward progress. When commit 04c40f344def ("KVM: SVM: Inject #UD on attempted emulation for SEV guest w/o insn buffer") added the completely arbitrary #UD behavior, there were no known scenarios where a well-behaved guest would induce a VM-Exit that triggered emulation, i.e. it was thought that injecting #UD would be helpful. However, now that KVM (correctly) attempts to re-inject INT3/INTO, e.g. if a #NPF is encountered when attempting to deliver the INT3/INTO, an SEV guest can trigger emulation without a buffer, through no fault of its own. Resuming the guest and retrying the INT3/INTO is architecturally wrong, e.g. the vCPU will incorrectly re-hit code #DBs, but for SEV guests there is literally no other option that has a chance of making forward progress. Drop the #UD injection for all flavors of emulation, even though that means that a *misbehaving* guest will effectively end up in an infinite loop instead of getting a #UD. There's no evidence that suggests that an unexpected #UD is actually better than hanging the vCPU, e.g. a soft-hung vCPU can still respond to IRQs and NMIs to generate a backtrace. Reported-by: Wu Zongyo Closes: https://lore.kernel.org/all/8eb933fd-2cf3-d7a9-32fe-2a1d82eac42a@mail.ustc.edu.cn Fixes: 6ef88d6e36c2 ("KVM: SVM: Re-inject INT3/INTO instead of retrying the instruction") Cc: stable@vger.kernel.org Cc: Tom Lendacky Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 212706d18c62..581958c9dd4d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4725,18 +4725,24 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, * and cannot be decrypted by KVM, i.e. KVM would read cyphertext and * decode garbage. * - * Inject #UD if KVM reached this point without an instruction buffer. - * In practice, this path should never be hit by a well-behaved guest, - * e.g. KVM doesn't intercept #UD or #GP for SEV guests, but this path - * is still theoretically reachable, e.g. via unaccelerated fault-like - * AVIC access, and needs to be handled by KVM to avoid putting the - * guest into an infinite loop. Injecting #UD is somewhat arbitrary, - * but its the least awful option given lack of insight into the guest. + * Resume the guest if KVM reached this point without an instruction + * buffer. This path should *almost* never be hit by a well-behaved + * guest, e.g. KVM doesn't intercept #UD or #GP for SEV guests. But if + * a #NPF occurs while the guest is vectoring an INT3/INTO, then KVM + * will attempt to re-inject the INT3/INTO and skip the instruction. + * In that scenario, retrying the INT3/INTO and hoping the guest will + * make forward progress is the only option that has a chance of + * success (and in practice it will work the vast majority of the time). + * + * This path is also theoretically reachable if the guest is doing + * something odd, e.g. if the guest is triggering unaccelerated fault- + * like AVIC access. Resuming the guest will put it into an infinite + * loop of sorts, but there's no hope of forward progress and injecting + * an exception will at best yield confusing behavior, not to mention + * break the INT3/INTO+#NPF case above. */ - if (unlikely(!insn)) { - kvm_queue_exception(vcpu, UD_VECTOR); + if (unlikely(!insn)) return false; - } /* * Emulate for SEV guests if the insn buffer is not empty. The buffer From patchwork Thu Aug 10 23:49:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 134263 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp779830vqi; Thu, 10 Aug 2023 17:57:05 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF6lGa8tMbT0ZF3pCPQnqTuThmOQe26u2aM2OC+Ydrt+uUfnURg1gDEkBUSQO+nJn8RY0Sv X-Received: by 2002:a17:902:8604:b0:1bd:af7f:a9f1 with SMTP id f4-20020a170902860400b001bdaf7fa9f1mr314048plo.47.1691715425206; Thu, 10 Aug 2023 17:57:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691715425; cv=none; d=google.com; s=arc-20160816; b=lPrmNpyABNkHHlb7T26G3rPdLipO+52X8MA6cOLc7chwWs/GPBQEBOgvewv1TSqIAO LyRfq6b/LHQd0JVkgczb1zyFkIP3WzOXk3q+zTU+yo78+B6XiEoKfat1u4R7GvodDCT0 t0twNdzHSELKR8DXk4q/6QUImLb8WvIk/VVdnuxPKSL/eW1JvJCDUFjAUXrHduaXIPLY vgMtRcXiQCDPJeB6hJ7+M1DRsNHQoaKyn/n0jcKiqQlXG3HMOJ9cTUzGrk8n+fCwtY/n 1wk9mx4hdC+aRqnh7lgBR6yb1lBtEyaHAUGiYctQfVJaMI7LvmM7ShnQnf9Rr1vB4Z51 mWYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=WMPe2NIMjXJcWowFfDwErjX/zalQdCmsflMWWEEOcuo=; fh=V7CVPPTRbh2VufElafI2Ok/nHdujZmxHH7PJW4f8amU=; b=P435rGmEXFFAJvKzhKjmxAy/dtLY8U34fCdqY4a5pVX7D4/1q9bUN33yga0MGlmlg+ +MYR98d5stQghRGcuu/Hqbgzd6npc7I5uhx28MSLq5mhRrFLyPrkPUFZBYd960X6RUfS iH+fQxDS8aoOGNfppfQSzJZkhpHGU7+xMhfWtym7vEQ2GHoi2T/tebBB3sHlQOR6ju2A 3YrbtD58qPcfrXAmm74VtOR6gMmdrwJ3qjl1AlInBetwl/JYlRolagmkh6mlagCXD0e9 wi7hYjrj/yzMTibg/G9n1a0i7xBcvU1uZkahxwHNV+DF2oyS71CIFHr1s6Wk5ZaYJoB9 fraQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="d7jjy5/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b2-20020a170902650200b001b3bd85f54bsi2311843plk.35.2023.08.10.17.56.48; Thu, 10 Aug 2023 17:57:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="d7jjy5/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233195AbjHJXtd (ORCPT + 99 others); Thu, 10 Aug 2023 19:49:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233106AbjHJXt0 (ORCPT ); Thu, 10 Aug 2023 19:49:26 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F33F42D52 for ; Thu, 10 Aug 2023 16:49:24 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-26b1371594dso1098590a91.2 for ; Thu, 10 Aug 2023 16:49:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691711364; x=1692316164; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=WMPe2NIMjXJcWowFfDwErjX/zalQdCmsflMWWEEOcuo=; b=d7jjy5/AjtnCGxszuB7lAloMbDsavS+OxL1L+9ajnm5Qz/Y41Z1HgawGVsunTUS3xB dqcAxCYwbvgbMRbN0nW3VCxeCNJkAUonDBIq7bfmj3bpZcxYkXpflWcNEgD2rTCkap+T IePqZu8IGKglgFlO74RS9KRjymGEQb8S/NFO/hVu19GnxTYtwH0AUY/So2DEapA7nvha Tht7/Q3vLjDfkl9g2FmxocBIfgE95sWGpDfRjHgcpYNKXdlr1/YbB7eYq+rmdlVinP9+ BCTcd4/s2uOMlfXjfgoVPnPZsZego0tS/+3I7sRNhkUPL/Dp4/0oPN/SH/YFiyY0VNrL 3A2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691711364; x=1692316164; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WMPe2NIMjXJcWowFfDwErjX/zalQdCmsflMWWEEOcuo=; b=AAqEHFWGswWIayi/taUxDoj0i4ufZWeW69D2UR7NvOLrYSdKW1gtsPa9HEfu0F7znC lntnQPhN5GA3vpG9IkHJhTZhn+i1b/kgF+zsCQpPeOJX2y8lPP3lT/hGz6HbcORNYDaN PrwecfB+yBicJtzN38jHPJaVQ7k3IDPsB9Ht/0NzwZDhUMtBIyMwbLeoZJ2O7FoSbvF3 ccGVvuLU3mZIheCY+t7/z2+rLh7JcRdLdeEdTh3BdNTgHc5qGN5eak/voJEbhYk6p1c/ d6RVQjNlnfq7IJ/o0pu+EhXzR5R2WfKBPZofpAoHle2sYdt4lR4MH56/OyOeABdXJCMf sKpA== X-Gm-Message-State: AOJu0YyTy0+y20MoWoE+2Xk61lsG12zaJFG3Z9KV67ggPXlvkfebcahK DlIZpdnF8JWCo8scswnxHsgLBlCNWwY= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90b:4009:b0:26b:dcc:eea0 with SMTP id ie9-20020a17090b400900b0026b0dcceea0mr11392pjb.9.1691711364542; Thu, 10 Aug 2023 16:49:24 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 10 Aug 2023 16:49:18 -0700 In-Reply-To: <20230810234919.145474-1-seanjc@google.com> Mime-Version: 1.0 References: <20230810234919.145474-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.694.ge786442a9b-goog Message-ID: <20230810234919.145474-3-seanjc@google.com> Subject: [PATCH 2/2] KVM: SVM: Require nrips support for SEV guests (and beyond) From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Wu Zongyo , Tom Lendacky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773892193510947156 X-GMAIL-MSGID: 1773892193510947156 Disallow SEV (and beyond) if nrips is disabled via module param, as KVM can't read guest memory to partially emulate and skip an instruction. All CPUs that support SEV support NRIPS, i.e. this is purely stopping the user from shooting themselves in the foot. Cc: Tom Lendacky Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/svm/svm.c | 11 ++++------- arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2cd15783dfb9..8ce9ffc8709e 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2185,7 +2185,7 @@ void __init sev_hardware_setup(void) bool sev_es_supported = false; bool sev_supported = false; - if (!sev_enabled || !npt_enabled) + if (!sev_enabled || !npt_enabled || !nrips) goto out; /* diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 581958c9dd4d..7cb5ef5835c2 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -202,7 +202,7 @@ static int nested = true; module_param(nested, int, S_IRUGO); /* enable/disable Next RIP Save */ -static int nrips = true; +int nrips = true; module_param(nrips, int, 0444); /* enable/disable Virtual VMLOAD VMSAVE */ @@ -5191,9 +5191,11 @@ static __init int svm_hardware_setup(void) svm_adjust_mmio_mask(); + nrips = nrips && boot_cpu_has(X86_FEATURE_NRIPS); + /* * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which - * may be modified by svm_adjust_mmio_mask()). + * may be modified by svm_adjust_mmio_mask()), as well as nrips. */ sev_hardware_setup(); @@ -5205,11 +5207,6 @@ static __init int svm_hardware_setup(void) goto err; } - if (nrips) { - if (!boot_cpu_has(X86_FEATURE_NRIPS)) - nrips = false; - } - enable_apicv = avic = avic && avic_hardware_setup(); if (!enable_apicv) { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 2237230aad98..860511276087 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -34,6 +34,7 @@ #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; +extern int nrips; extern int vgif; extern bool intercept_smi; extern bool x2avic_enabled;