From patchwork Wed Feb 7 17:26:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 197998 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2404006dyb; Wed, 7 Feb 2024 10:00:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IHXnrOP3C8ehoJQb0HzMwHL/5pxwBfCE1BHomRFD2+aSmz40p/6vQ5VQYVuC2XRAuaTacyu X-Received: by 2002:a17:906:2291:b0:a38:9eff:b4c7 with SMTP id p17-20020a170906229100b00a389effb4c7mr711664eja.26.1707328825014; Wed, 07 Feb 2024 10:00:25 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707328825; cv=pass; d=google.com; s=arc-20160816; b=K8lCQi2LhUIcBBnE3MngxWjqpVrWs2OEdIEwF0m0xs+9axF27X1fLfDLjrXmJFEXOP 9zTFJiWnvFb0OfEu2nKxYNTGtChB2UlreT0Gr+vJCsol65ho2nRiSIV6HyOiYQn5r4S7 OVO7SY4ep+kK9PS+h2SHRdCcpb+8Wwrk5TF2wr2p4IG+YeGgLx/L9r1wmdbCSVJeetO9 gyr1ArvHnb31kSOJWGsFj5ocu2hOIS6kuc+MWv7P1TvP03ltbOQ2h0g7pCff2CTEuu5x eamSjHLlmcakusAs410WtpWg9IETELrtYcD83Hjgg8sNfIjSljaPOAy4a4g/tgDJCUas yb0A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=WI/hF7LxCBnWA1sJr1LSn48MedXmLlNBBw6wJVSYtF8=; fh=uOhNRx4iB3yS3n3lkwWxA4oNC9mDGUHSPNo7jWIxTBI=; b=wxUOH9LtScSgWlvIAr+SF7LQ/CWCQ8Q/3pjbumOKy+Ocup0Fo6dYqL4YsnOHUO5L5i k9XxKPnwH3pvt14LFOty7vYIOz5MA0mtcVdpsWhp5E84ri3riNitMNNJUmBjNLipPxmg gfZspUrhb1N6n3JHGyW32Xo+2hxpzhGgD+7Bzy5pT44olUe+7vRhYwPu/YRs2+wQZpOp B3GhDOPVeOMdW/0P73DQHGoHfkvN+qJVAJIf/fzz9PKzPFDblRbd2fks2exPYZj08dVn FZxONRZImdwbtPlXaFmdg0LVPrkr7jnNsU2P2fNLyJaJnICMgcyBw/vTOkR8bbj8EPVn CQGQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cXU6ctIr; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56854-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56854-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCWjh2OEvmzwZxV2p6Tm8ocAeGnpxOfXZZffk1mwWebeiIhL4f6XKWSkzIY18xzuorBpQ0MI4/MUZ2nQF527MvKzxe6Peg== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id lo24-20020a170906fa1800b00a37ccd08fd9si1116970ejb.746.2024.02.07.10.00.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:00:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56854-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cXU6ctIr; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56854-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56854-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 6AD361F26075 for ; Wed, 7 Feb 2024 18:00:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2D5828593E; Wed, 7 Feb 2024 17:59:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cXU6ctIr" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA7C482D73; Wed, 7 Feb 2024 17:58:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328741; cv=none; b=jEST+afY6pwzdYfAZ549hxJCMUMhgPYs8K63ou/VsbhdE3ZfL9FDKEqI6TgSU315ZNgUzLf6GTzRvYegXUSzHUp4C5CL0AkFnkb4H2yW+MdozBlJtBxFUiZuPH67LDrIA7Og/4+9f0kNpjUVauoETQDxJDMfHxevi7ozdiMg5Lo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328741; c=relaxed/simple; bh=dwXFaZfeBnw1+7kR3wGG7wqwDgRBxlOpiKR9Dwurowg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HwHuq8MxIw/YpJd/TmSxr+bVjIVpjbWCTGRewAiHuHtxlG9idgM1iYKzcIva2UbZjEF4/TP/Sb/OQa6nxv9GIJ/WSz3lzIDdk/P0dsbaCDUxiquZ0+Qc09Zt8OWexnb1lkBMghG3yY61Tb1iOIkSdDqCekQZOoscf3QOaA56RDU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=cXU6ctIr; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328736; x=1738864736; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=dwXFaZfeBnw1+7kR3wGG7wqwDgRBxlOpiKR9Dwurowg=; b=cXU6ctIrD+EUFf5BwHr/4TyJvU9jFMWJotQFYLTeWIYuNRSaOSLhGmLv rXbMryjASa8WigiD7h5Mu2a1GZgOx8przUrbHtEZ5IM2e0OOMGRrpmyCv JPY467aeDmucyocxbkNg2pINxbEk1bTi9AFmyAlNdQ1nfBb3jHw85+19c 4rrbdNtOro2M4Ayg7RKTHF5er9oM1SLUUVfHxbey/2wEKgxvu5ow6HRSW 7oEaU468BLexcHELHk65+gxb/ELQdva8mVQXdqrrSZ1mSRL0zaoNsFbes 1srxgRdiOIOR4ehUqe89ebWOHXGIqXYxjUn97dEjdN3YCRH6M3k96/5xK A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622486" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622486" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:54 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020691" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:53 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 01/25] KVM: VMX: Cleanup VMX basic information defines and usages Date: Wed, 7 Feb 2024 09:26:21 -0800 Message-ID: <20240207172646.3981-2-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264030130027910 X-GMAIL-MSGID: 1790264030130027910 Define VMX basic information fields with BIT_ULL()/GENMASK_ULL(), and replace hardcoded VMX basic numbers with these field macros. Save the full/raw value of MSR_IA32_VMX_BASIC in the global vmcs_config as type u64 to get rid of the hi/lo crud, and then use VMX_BASIC helpers to extract info as needed. VMX_EPTP_MT_{WB,UC} values 0x6 and 0x0 are generic x86 memory type values, no need to prefix them with VMX_EPTP_. Signed-off-by: Xin Li Tested-by: Shan Kang Acked-by: Kai Huang --- Changes since v4: * Do not split VMX_BASIC bit definitions across multiple files (Kai Huang). * Put some words to the changelog to justify changes around memory type macros (Kai Huang). * Remove a leftover ';' (Kai Huang). Changes since v3: * Remove vmx_basic_vmcs_basic_cap() (Kai Huang). * Add 2 macros VMX_BASIC_VMCS12_SIZE and VMX_BASIC_MEM_TYPE_WB to avoid keeping 2 their bit shift macros (Kai Huang). Changes since v2: * Simply save the full/raw value of MSR_IA32_VMX_BASIC in the global vmcs_config, and then use the helpers to extract info from it as needed (Sean Christopherson). * Move all VMX_MISC related changes to the second patch (Kai Huang). * Commonize memory type definitions used in the VMX files, as memory types are architectural. Changes since v1: * Don't add field shift macros unless it's really needed, extra layer of indirect makes it harder to read (Sean Christopherson). * Add a static_assert() to ensure that VMX_BASIC_FEATURES_MASK doesn't overlap with VMX_BASIC_RESERVED_BITS (Sean Christopherson). * read MSR_IA32_VMX_BASIC into an u64 rather than 2 u32 (Sean Christopherson). * Add 2 new functions for extracting fields from VMX basic (Sean Christopherson). * Drop the tools header update (Sean Christopherson). * Move VMX basic field macros to arch/x86/include/asm/vmx.h. --- arch/x86/include/asm/msr-index.h | 9 --------- arch/x86/include/asm/vmx.h | 18 ++++++++++++++++-- arch/x86/kvm/vmx/capabilities.h | 6 ++---- arch/x86/kvm/vmx/nested.c | 31 ++++++++++++++++++++----------- arch/x86/kvm/vmx/vmx.c | 24 ++++++++++-------------- 5 files changed, 48 insertions(+), 40 deletions(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 1f9dc9bd13eb..e8af4cf01e89 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -1113,15 +1113,6 @@ #define MSR_IA32_VMX_VMFUNC 0x00000491 #define MSR_IA32_VMX_PROCBASED_CTLS3 0x00000492 -/* VMX_BASIC bits and bitmasks */ -#define VMX_BASIC_VMCS_SIZE_SHIFT 32 -#define VMX_BASIC_TRUE_CTLS (1ULL << 55) -#define VMX_BASIC_64 0x0001000000000000LLU -#define VMX_BASIC_MEM_TYPE_SHIFT 50 -#define VMX_BASIC_MEM_TYPE_MASK 0x003c000000000000LLU -#define VMX_BASIC_MEM_TYPE_WB 6LLU -#define VMX_BASIC_INOUT 0x0040000000000000LLU - /* Resctrl MSRs: */ /* - Intel: */ #define MSR_IA32_L3_QOS_CFG 0xc81 diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 4dba17363008..353538b79ce5 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -121,6 +121,17 @@ #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff +/* x86 memory types, explicitly used in VMX only */ +#define MEM_TYPE_WB 0x6ULL +#define MEM_TYPE_UC 0x0ULL + +/* VMX_BASIC bits */ +#define VMX_BASIC_32BIT_PHYS_ADDR_ONLY BIT_ULL(48) +#define VMX_BASIC_DUAL_MONITOR_TREATMENT BIT_ULL(49) +#define VMX_BASIC_INOUT BIT_ULL(54) +#define VMX_BASIC_TRUE_CTLS BIT_ULL(55) + + #define VMX_MISC_PREEMPTION_TIMER_RATE_MASK 0x0000001f #define VMX_MISC_SAVE_EFER_LMA 0x00000020 #define VMX_MISC_ACTIVITY_HLT 0x00000040 @@ -144,6 +155,11 @@ static inline u32 vmx_basic_vmcs_size(u64 vmx_basic) return (vmx_basic & GENMASK_ULL(44, 32)) >> 32; } +static inline u32 vmx_basic_vmcs_mem_type(u64 vmx_basic) +{ + return (vmx_basic & GENMASK_ULL(53, 50)) >> 50; +} + static inline int vmx_misc_preemption_timer_rate(u64 vmx_misc) { return vmx_misc & VMX_MISC_PREEMPTION_TIMER_RATE_MASK; @@ -506,8 +522,6 @@ enum vmcs_field { #define VMX_EPTP_PWL_5 0x20ull #define VMX_EPTP_AD_ENABLE_BIT (1ull << 6) #define VMX_EPTP_MT_MASK 0x7ull -#define VMX_EPTP_MT_WB 0x6ull -#define VMX_EPTP_MT_UC 0x0ull #define VMX_EPT_READABLE_MASK 0x1ull #define VMX_EPT_WRITABLE_MASK 0x2ull #define VMX_EPT_EXECUTABLE_MASK 0x4ull diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index 41a4533f9989..86ce8bb96bed 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -54,9 +54,7 @@ struct nested_vmx_msrs { }; struct vmcs_config { - int size; - u32 basic_cap; - u32 revision_id; + u64 basic; u32 pin_based_exec_ctrl; u32 cpu_based_exec_ctrl; u32 cpu_based_2nd_exec_ctrl; @@ -76,7 +74,7 @@ extern struct vmx_capability vmx_capability __ro_after_init; static inline bool cpu_has_vmx_basic_inout(void) { - return (((u64)vmcs_config.basic_cap << 32) & VMX_BASIC_INOUT); + return vmcs_config.basic & VMX_BASIC_INOUT; } static inline bool cpu_has_virtual_nmis(void) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 6329a306856b..14d0167825dd 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1226,23 +1226,29 @@ static bool is_bitwise_subset(u64 superset, u64 subset, u64 mask) return (superset | subset) == superset; } +#define VMX_BASIC_FEATURES_MASK \ + (VMX_BASIC_DUAL_MONITOR_TREATMENT | \ + VMX_BASIC_INOUT | \ + VMX_BASIC_TRUE_CTLS) + +#define VMX_BASIC_RESERVED_BITS \ + (GENMASK_ULL(63, 56) | GENMASK_ULL(47, 45) | BIT_ULL(31)) + static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { - const u64 feature_and_reserved = - /* feature (except bit 48; see below) */ - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | - /* reserved */ - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56); u64 vmx_basic = vmcs_config.nested.basic; - if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved)) + static_assert(!(VMX_BASIC_FEATURES_MASK & VMX_BASIC_RESERVED_BITS)); + + if (!is_bitwise_subset(vmx_basic, data, + VMX_BASIC_FEATURES_MASK | VMX_BASIC_RESERVED_BITS)) return -EINVAL; /* * KVM does not emulate a version of VMX that constrains physical * addresses of VMX structures (e.g. VMCS) to 32-bits. */ - if (data & BIT_ULL(48)) + if (data & VMX_BASIC_32BIT_PHYS_ADDR_ONLY) return -EINVAL; if (vmx_basic_vmcs_revision_id(vmx_basic) != @@ -2726,11 +2732,11 @@ static bool nested_vmx_check_eptp(struct kvm_vcpu *vcpu, u64 new_eptp) /* Check for memory type validity */ switch (new_eptp & VMX_EPTP_MT_MASK) { - case VMX_EPTP_MT_UC: + case MEM_TYPE_UC: if (CC(!(vmx->nested.msrs.ept_caps & VMX_EPTP_UC_BIT))) return false; break; - case VMX_EPTP_MT_WB: + case MEM_TYPE_WB: if (CC(!(vmx->nested.msrs.ept_caps & VMX_EPTP_WB_BIT))) return false; break; @@ -6994,6 +7000,9 @@ static void nested_vmx_setup_misc_data(struct vmcs_config *vmcs_conf, msrs->misc_high = 0; } +#define VMX_BSAIC_VMCS12_SIZE ((u64)VMCS12_SIZE << 32) +#define VMX_BASIC_MEM_TYPE_WB (MEM_TYPE_WB << 50) + static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) { /* @@ -7005,8 +7014,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) msrs->basic = VMCS12_REVISION | VMX_BASIC_TRUE_CTLS | - ((u64)VMCS12_SIZE << VMX_BASIC_VMCS_SIZE_SHIFT) | - (VMX_BASIC_MEM_TYPE_WB << VMX_BASIC_MEM_TYPE_SHIFT); + VMX_BSAIC_VMCS12_SIZE | + VMX_BASIC_MEM_TYPE_WB; if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index cce92f701dee..a16b3de01e3f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2564,13 +2564,13 @@ static u64 adjust_vmx_controls64(u64 ctl_opt, u32 msr) static int setup_vmcs_config(struct vmcs_config *vmcs_conf, struct vmx_capability *vmx_cap) { - u32 vmx_msr_low, vmx_msr_high; u32 _pin_based_exec_control = 0; u32 _cpu_based_exec_control = 0; u32 _cpu_based_2nd_exec_control = 0; u64 _cpu_based_3rd_exec_control = 0; u32 _vmexit_control = 0; u32 _vmentry_control = 0; + u64 basic_msr; u64 misc_msr; int i; @@ -2689,29 +2689,25 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, _vmexit_control &= ~x_ctrl; } - rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high); + rdmsrl(MSR_IA32_VMX_BASIC, basic_msr); /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */ - if ((vmx_msr_high & 0x1fff) > PAGE_SIZE) + if ((vmx_basic_vmcs_size(basic_msr) > PAGE_SIZE)) return -EIO; #ifdef CONFIG_X86_64 /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */ - if (vmx_msr_high & (1u<<16)) + if (basic_msr & VMX_BASIC_32BIT_PHYS_ADDR_ONLY) return -EIO; #endif /* Require Write-Back (WB) memory type for VMCS accesses. */ - if (((vmx_msr_high >> 18) & 15) != 6) + if (vmx_basic_vmcs_mem_type(basic_msr) != MEM_TYPE_WB) return -EIO; rdmsrl(MSR_IA32_VMX_MISC, misc_msr); - vmcs_conf->size = vmx_msr_high & 0x1fff; - vmcs_conf->basic_cap = vmx_msr_high & ~0x1fff; - - vmcs_conf->revision_id = vmx_msr_low; - + vmcs_conf->basic = basic_msr; vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control; vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control; vmcs_conf->cpu_based_2nd_exec_ctrl = _cpu_based_2nd_exec_control; @@ -2861,13 +2857,13 @@ struct vmcs *alloc_vmcs_cpu(bool shadow, int cpu, gfp_t flags) if (!pages) return NULL; vmcs = page_address(pages); - memset(vmcs, 0, vmcs_config.size); + memset(vmcs, 0, vmx_basic_vmcs_size(vmcs_config.basic)); /* KVM supports Enlightened VMCS v1 only */ if (kvm_is_using_evmcs()) vmcs->hdr.revision_id = KVM_EVMCS_VERSION; else - vmcs->hdr.revision_id = vmcs_config.revision_id; + vmcs->hdr.revision_id = vmx_basic_vmcs_revision_id(vmcs_config.basic); if (shadow) vmcs->hdr.shadow_vmcs = 1; @@ -2960,7 +2956,7 @@ static __init int alloc_kvm_area(void) * physical CPU. */ if (kvm_is_using_evmcs()) - vmcs->hdr.revision_id = vmcs_config.revision_id; + vmcs->hdr.revision_id = vmx_basic_vmcs_revision_id(vmcs_config.basic); per_cpu(vmxarea, cpu) = vmcs; } @@ -3362,7 +3358,7 @@ static int vmx_get_max_ept_level(void) u64 construct_eptp(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level) { - u64 eptp = VMX_EPTP_MT_WB; + u64 eptp = MEM_TYPE_WB; eptp |= (root_level == 5) ? VMX_EPTP_PWL_5 : VMX_EPTP_PWL_4; From patchwork Wed Feb 7 17:26:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 197999 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2404808dyb; Wed, 7 Feb 2024 10:01:22 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX+oUbvI5Thww79AiuasjI5qGcVnIzOoyh7CbUJBlriPsrfIcXcnOa9KywteQzDG9nf9wDHYalwodH+kCZV7skpvbn6BQ== X-Google-Smtp-Source: AGHT+IEN+nPQK3RHlmIUZY5tjgfTnHE6Kd3inxmkFLk9Cyk66+rkFWGtcY8DSlUT79TarAc6nZuP X-Received: by 2002:a05:6102:2758:b0:46b:460:bb59 with SMTP id p24-20020a056102275800b0046b0460bb59mr3680497vsu.3.1707328881567; Wed, 07 Feb 2024 10:01:21 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707328881; cv=pass; d=google.com; s=arc-20160816; b=Rg9cKODVjLv2oX0cdm9d852DLvzbeD+Sz/ThVFKe+dU4K4O61gW91WLzyJ9VtCSzDT YK645VbOgbpLlOHIpvTg0fvQIEncXnznzkrIobVnaIu7Al7dRYde2Ba+mIXeBKdGDWE/ J9f+OwrD29lJQvXklSs1CwSXbN6RJpXhjuCplJ+mV+5YN9hwH/jUCikBsqROPTGyy2Mm dDCTyGmpVm5NmuCqv7vxKoA7KEkNCoH6qiKk1aWvjJk3u7VXzwu1bxaFc4+b846tiwHB W2YRmll8Qzm7XygxJGGUDAPcK002HgxsBPRnbvX6TVWT88EPHELlxuhy2sUoBCv5sWxI fLQw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=TU/uwvIvwR9NwNrvO0iPlmmR3YoBTwS87N3kiSfMdmY=; fh=g1IZGfk84j7cEduuzmvCKXmqh4q7zj5BKyhg/Jlohs8=; b=DWstRglc7x1t07uBmdfpdhhlj2h7zpwRys9eIMWQcxF0AL7auAN/rkwe9MwSDxaRCi bkP8hfMp3JYwtlPYq3nAHxg6PY5VoAADp934ruKz3NhNpbBYs5+UqlEUV1CNfgSucTr+ uLrTw3smje7lxftwo1GxymnFM217yTSQ+jNGv/viKCPxn0Hl3cSNKArCQCBKChMWojFw BW+iVvHDbHw6YlkmHJBPtC4DDcn6qclB0/aS1uK8d28JQzBEalM1bJB3/P82AMrqrxyF dLgETavmqfkZnofxQbYwcnAU4nvKZbiGP4LdhgwpcOUXm6KPji3YLgprAiXKLWpAjD9Z qcjg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hKe1S0LQ; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56855-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56855-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCUHBpik90Cl5/x9EXbFSL3Mm5JuLje57AsI/DXrT8F8dkKlQIFOjnPV9VXa/HgmV5lU9TgFJsK2ts7fSqI2xM9ihOs40g== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id hy1-20020a67e7c1000000b0046d2fb23373si357965vsb.520.2024.02.07.10.01.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:01:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56855-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hKe1S0LQ; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56855-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56855-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D57AB1C26934 for ; Wed, 7 Feb 2024 18:00:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9279485C4A; Wed, 7 Feb 2024 17:59:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="hKe1S0LQ" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D477A8289C; Wed, 7 Feb 2024 17:58:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328742; cv=none; b=HYhyTkUHbxDeuz1X1HHqBqP7dCutnU/I5Hn4CqumPPorWdXMz9yl92HM+bilhduFb8c+aLhAJt7+NyfyoX3qKpIhN2+e4YhM9R3pvoiHlIAfM3JlUUOmln9AngOAlealCAr2496dOb9espMokeg3laOAbdKoFVnQ015XuwHF6YE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328742; c=relaxed/simple; bh=GA5wGvEdmsBzr4Wm0VKZyNgDb0Py8f+RvGg72fnnim0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y/DLErRU/aMiZUHDlCNdxC53rGEQ3u4v+T5i14nY54d5XedQoaOFLw1e/pC9VN2h6uIet1RWbB5yIdO94/bmKzrcX/jKXPQvfnOb11X9AdIjoNS6NkzqVI1j6uylpCemEj/jBZknQARz25t5+d64eX+tRSmrXUiqDMJU5KqUdAQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=hKe1S0LQ; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328737; x=1738864737; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=GA5wGvEdmsBzr4Wm0VKZyNgDb0Py8f+RvGg72fnnim0=; b=hKe1S0LQMFLOohlShixPyUdGmmctGBTOFiyaTM2IcTJGJwmO+bp/dPDH zlVpdvz1PVleOHWF4HxHXjL5pspyGmUv/tPKjbmWutSHVooAHH8If/KRQ vi2aGlS95ceJa6OesHcBgSM/gCu619fvzKWA8s5aaLRmv1TKTXw6QG0V7 y7uNMfnkLo572ZnySu+TTFlf6drKyD1Z4gtaysuMIxU88xlaLONL8XPKq aY6GLNfbPhsYAcmMXxmpDw3nujUlkAQ2yuDXMjxmHFKGO8qvBD1cxPAVi QmfYKu35vcc6YhoY6arbtPedkLx/SDfbv7gV3FIk88Gbkp8fTNNJT3WdD A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622500" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622500" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:55 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020695" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:53 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 02/25] KVM: VMX: Cleanup VMX misc information defines and usages Date: Wed, 7 Feb 2024 09:26:22 -0800 Message-ID: <20240207172646.3981-3-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264088911679195 X-GMAIL-MSGID: 1790264088911679195 Define VMX misc information fields with BIT_ULL()/GENMASK_ULL(), and move VMX misc field macros to vmx.h if used in multiple files or where they are used only once. Signed-off-by: Xin Li --- arch/x86/include/asm/msr-index.h | 5 ----- arch/x86/include/asm/vmx.h | 12 +++++------ arch/x86/kvm/vmx/capabilities.h | 4 ++-- arch/x86/kvm/vmx/nested.c | 34 ++++++++++++++++++++++++-------- arch/x86/kvm/vmx/nested.h | 2 +- arch/x86/kvm/vmx/vmx.c | 8 +++----- 6 files changed, 37 insertions(+), 28 deletions(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index e8af4cf01e89..4fa2b3dd743e 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -1129,11 +1129,6 @@ #define MSR_IA32_SMBA_BW_BASE 0xc0000280 #define MSR_IA32_EVT_CFG_BASE 0xc0000400 -/* MSR_IA32_VMX_MISC bits */ -#define MSR_IA32_VMX_MISC_INTEL_PT (1ULL << 14) -#define MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS (1ULL << 29) -#define MSR_IA32_VMX_MISC_PREEMPTION_TIMER_SCALE 0x1F - /* AMD-V MSRs */ #define MSR_VM_CR 0xc0010114 #define MSR_VM_IGNNE 0xc0010115 diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 353538b79ce5..76518e21c54d 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -132,12 +132,10 @@ #define VMX_BASIC_TRUE_CTLS BIT_ULL(55) -#define VMX_MISC_PREEMPTION_TIMER_RATE_MASK 0x0000001f -#define VMX_MISC_SAVE_EFER_LMA 0x00000020 -#define VMX_MISC_ACTIVITY_HLT 0x00000040 -#define VMX_MISC_ACTIVITY_WAIT_SIPI 0x00000100 -#define VMX_MISC_ZERO_LEN_INS 0x40000000 -#define VMX_MISC_MSR_LIST_MULTIPLIER 512 +/* VMX_MISC bits and bitmasks */ +#define VMX_MISC_INTEL_PT BIT_ULL(14) +#define VMX_MISC_VMWRITE_SHADOW_RO_FIELDS BIT_ULL(29) +#define VMX_MISC_ZERO_LEN_INS BIT_ULL(30) /* VMFUNC functions */ #define VMFUNC_CONTROL_BIT(x) BIT((VMX_FEATURE_##x & 0x1f) - 28) @@ -162,7 +160,7 @@ static inline u32 vmx_basic_vmcs_mem_type(u64 vmx_basic) static inline int vmx_misc_preemption_timer_rate(u64 vmx_misc) { - return vmx_misc & VMX_MISC_PREEMPTION_TIMER_RATE_MASK; + return vmx_misc & GENMASK_ULL(4, 0); } static inline int vmx_misc_cr3_count(u64 vmx_misc) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index 86ce8bb96bed..cb6588238f46 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -223,7 +223,7 @@ static inline bool cpu_has_vmx_vmfunc(void) static inline bool cpu_has_vmx_shadow_vmcs(void) { /* check if the cpu supports writing r/o exit information fields */ - if (!(vmcs_config.misc & MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS)) + if (!(vmcs_config.misc & VMX_MISC_VMWRITE_SHADOW_RO_FIELDS)) return false; return vmcs_config.cpu_based_2nd_exec_ctrl & @@ -365,7 +365,7 @@ static inline bool cpu_has_vmx_invvpid_global(void) static inline bool cpu_has_vmx_intel_pt(void) { - return (vmcs_config.misc & MSR_IA32_VMX_MISC_INTEL_PT) && + return (vmcs_config.misc & VMX_MISC_INTEL_PT) && (vmcs_config.cpu_based_2nd_exec_ctrl & SECONDARY_EXEC_PT_USE_GPA) && (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_RTIT_CTL); } diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 14d0167825dd..8a5fda04e2de 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -917,6 +917,8 @@ static int nested_vmx_store_msr_check(struct kvm_vcpu *vcpu, return 0; } +#define VMX_MISC_MSR_LIST_MULTIPLIER 512 + static u32 nested_vmx_max_atomic_switch_msrs(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -1315,18 +1317,34 @@ vmx_restore_control_msr(struct vcpu_vmx *vmx, u32 msr_index, u64 data) return 0; } +#define VMX_MISC_SAVE_EFER_LMA BIT_ULL(5) +#define VMX_MISC_ACTIVITY_STATE_BITMAP GENMASK_ULL(8, 6) +#define VMX_MISC_ACTIVITY_HLT BIT_ULL(6) +#define VMX_MISC_ACTIVITY_WAIT_SIPI BIT_ULL(8) +#define VMX_MISC_RDMSR_IN_SMM BIT_ULL(15) +#define VMX_MISC_VMXOFF_BLOCK_SMI BIT_ULL(28) + +#define VMX_MISC_FEATURES_MASK \ + (VMX_MISC_SAVE_EFER_LMA | \ + VMX_MISC_ACTIVITY_STATE_BITMAP | \ + VMX_MISC_INTEL_PT | \ + VMX_MISC_RDMSR_IN_SMM | \ + VMX_MISC_VMXOFF_BLOCK_SMI | \ + VMX_MISC_VMWRITE_SHADOW_RO_FIELDS | \ + VMX_MISC_ZERO_LEN_INS) + +#define VMX_MISC_RESERVED_BITS \ + (BIT_ULL(31) | GENMASK_ULL(13, 9)) + static int vmx_restore_vmx_misc(struct vcpu_vmx *vmx, u64 data) { - const u64 feature_and_reserved_bits = - /* feature */ - BIT_ULL(5) | GENMASK_ULL(8, 6) | BIT_ULL(14) | BIT_ULL(15) | - BIT_ULL(28) | BIT_ULL(29) | BIT_ULL(30) | - /* reserved */ - GENMASK_ULL(13, 9) | BIT_ULL(31); u64 vmx_misc = vmx_control_msr(vmcs_config.nested.misc_low, vmcs_config.nested.misc_high); - if (!is_bitwise_subset(vmx_misc, data, feature_and_reserved_bits)) + static_assert(!(VMX_MISC_FEATURES_MASK & VMX_MISC_RESERVED_BITS)); + + if (!is_bitwise_subset(vmx_misc, data, + VMX_MISC_FEATURES_MASK | VMX_MISC_RESERVED_BITS)) return -EINVAL; if ((vmx->nested.msrs.pinbased_ctls_high & @@ -6993,7 +7011,7 @@ static void nested_vmx_setup_misc_data(struct vmcs_config *vmcs_conf, { msrs->misc_low = (u32)vmcs_conf->misc & VMX_MISC_SAVE_EFER_LMA; msrs->misc_low |= - MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS | + VMX_MISC_VMWRITE_SHADOW_RO_FIELDS | VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE | VMX_MISC_ACTIVITY_HLT | VMX_MISC_ACTIVITY_WAIT_SIPI; diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index cce4e2aa30fb..0782fe599757 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -109,7 +109,7 @@ static inline unsigned nested_cpu_vmx_misc_cr3_count(struct kvm_vcpu *vcpu) static inline bool nested_cpu_has_vmwrite_any_field(struct kvm_vcpu *vcpu) { return to_vmx(vcpu)->nested.msrs.misc_low & - MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS; + VMX_MISC_VMWRITE_SHADOW_RO_FIELDS; } static inline bool nested_cpu_has_zero_length_injection(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a16b3de01e3f..581967d20659 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2571,7 +2571,6 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, u32 _vmexit_control = 0; u32 _vmentry_control = 0; u64 basic_msr; - u64 misc_msr; int i; /* @@ -2705,8 +2704,6 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, if (vmx_basic_vmcs_mem_type(basic_msr) != MEM_TYPE_WB) return -EIO; - rdmsrl(MSR_IA32_VMX_MISC, misc_msr); - vmcs_conf->basic = basic_msr; vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control; vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control; @@ -2714,7 +2711,8 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, vmcs_conf->cpu_based_3rd_exec_ctrl = _cpu_based_3rd_exec_control; vmcs_conf->vmexit_ctrl = _vmexit_control; vmcs_conf->vmentry_ctrl = _vmentry_control; - vmcs_conf->misc = misc_msr; + + rdmsrl(MSR_IA32_VMX_MISC, vmcs_conf->misc); #if IS_ENABLED(CONFIG_HYPERV) if (enlightened_vmcs) @@ -8603,7 +8601,7 @@ static __init int hardware_setup(void) u64 use_timer_freq = 5000ULL * 1000 * 1000; cpu_preemption_timer_multi = - vmcs_config.misc & VMX_MISC_PREEMPTION_TIMER_RATE_MASK; + vmx_misc_preemption_timer_rate(vmcs_config.misc); if (tsc_khz) use_timer_freq = (u64)tsc_khz * 1000; From patchwork Wed Feb 7 17:26:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198002 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2406450dyb; Wed, 7 Feb 2024 10:02:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IE0r+oTUkqg88I1xMe8dVtPAV21p+tK3RP1P+hoGzpMTgvxIkfeh03mxBi6jeYFM4KWNOMX X-Received: by 2002:a05:6871:70f:b0:210:cac2:4419 with SMTP id f15-20020a056871070f00b00210cac24419mr6841093oap.38.1707328979303; Wed, 07 Feb 2024 10:02:59 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707328979; cv=pass; d=google.com; s=arc-20160816; b=AoT/X1PoWyO1r4lOK74iwkx/r3TaMnRfALREYHPRq9kArF/UCczXbY9013WJYONE1s sX86GopMawN80piLlhjZzhwkWfD+kQS1gPnOrmBKQcPhET3RM7vOkGK6JW3IZoOpt4d7 ZyHGKAu0KKAWFIoHQbAGGgN2EJILXZCiTiyYcS+rYYAJicCjzT/3Bd/59L4DC/UWU/O6 GH0N1EQ++mb6mfqNCS+828kP9h+9+Nw+2Z1dmOGUdxmbO11njoQlyA4E9TiCGU87HKdh 0lKpmYGKF060n0ihbovdmnbCZdpmg9q/GCfgBa6ZVD3FZZ9gLT87yhuwqBThwTGlz9Ma +HKw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=tHAGFfBsjAYXw78L+nK58pdVGBrKMGIh3oFV0dFCo7E=; fh=h+7u2Qu7I79/GwALywmA/q2srdXecc6aZAQBIZtzFAo=; b=0fth2vMdSB/CcRIvLoySQ+OA+5jdQq0sGjJiwDYKo6Lydb4XAUiv+Ax6wnl0qdpSPe S/2Glm9JMw8z3Riiq7U795CUPgJRO/zBi6JzbZv6A0l7HkZ17M8ddkohp+wh+8XpOI4S qhVB6b0qgJATlNdqKR+na3gRqwWlfTaOl2nFhX1xIrvX9Fj0RGcgIxbjw7FE5HT/lzlH /GDMyCgHtTPQyOw0FdUSQttteMWi8MzX1Z/30r5y7V7+WSxX27274gJemODxS1n7rYf9 /FT9AuBZZSBa1piwrZ4CFcLpSBS3VJm3LMdDWgo4LCwryMk6D9o9hjEWjwRUXukF2r6m Ezmw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=K2fUHiwa; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56859-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56859-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCVmVkuGsxAeIFw8sTnZGzc/8Sz52fMZaONwipH69YRzHJjd1oW6Fh0iA8RVDMuTUxdsoJe8/DThlfPErFW3fadEeBJiJg== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id a4-20020a05620a066400b007838dfec439si1540914qkh.297.2024.02.07.10.02.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:02:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56859-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=K2fUHiwa; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56859-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56859-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0B8A11C20A0C for ; Wed, 7 Feb 2024 18:02:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 69CD412A15F; Wed, 7 Feb 2024 17:59:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="K2fUHiwa" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B913682D69; Wed, 7 Feb 2024 17:59:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328747; cv=none; b=h92oXLdjWOfnqbwnzEmbj7DWWfS403LNrZtye73goGcYsDEKXB+uw4MPHQY/z8hIzrsS3lTvEKZgnNIKcR6/5ir9hphA07JgefYc5Y8ZZ2vf6iCQ4Tr15qPeZg2BsaMM0WLv9Y43GYOF+i724MP1DKXhON3y+YaDCZBaPLtH09M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328747; c=relaxed/simple; bh=PcnQPgWK+YyII0rNNycJ8HWaVtKVITLhscfUd4NvpMU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dRidFXETO96n5zAWPE0sPiQPL/Nqnv79UllTTjsyA/D9UDHVxzFpZi/uYMD9FM6KBMUZ7OyTVbAFeQtsAhaSzBxgEVG/649fUh2hp6RVghZpXWf/vAv/0osZshZD0dMXz1+sXetHiCda5In7hEutmPbDcZBy4J68fppqrtyHRcU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=K2fUHiwa; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328741; x=1738864741; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=PcnQPgWK+YyII0rNNycJ8HWaVtKVITLhscfUd4NvpMU=; b=K2fUHiwaZ7OtREtwzLH+3IA4CYJ02UhSURDT15f9NCvVYgYLhofwKhAz 4vYboUb7udCRFjKAVyOKboJChGKjnVwX6WJGQ7iFAMZs+BjSV6Ss9lQaw qCY7JaE+b4Tz50yo+sB6pH07KnHMFiM3H24u50/dm+6/MkDOTfLPxRXax QCtFRUx9/pjNKNfMHqH+eYV5iiLv+WJqz1KmJZRdlCp6rSTLR2uXNtwS0 lryGlwSx2WKF2X2q/+y2ksbxigh7IVIk9Ddvecb/31d4IOyCV/UOZloEw kzQtAKh4srHS7VHuhC2Jj3ExnG73v0AovF2BPTU9Akqy5MfYpBripLhtg g==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622513" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622513" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:55 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020701" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:54 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 03/25] KVM: VMX: Add support for the secondary VM exit controls Date: Wed, 7 Feb 2024 09:26:23 -0800 Message-ID: <20240207172646.3981-4-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264191553913582 X-GMAIL-MSGID: 1790264191553913582 Enable the secondary VM exit controls to prepare for FRED enabling. The activation of the secondary VM exit controls is off now, and it will be switched on when a VMX feature needing it is enabled. Signed-off-by: Xin Li Tested-by: Shan Kang --- Change since v1: * Always load the secondary VM exit controls (Sean Christopherson). --- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/vmx.h | 3 +++ arch/x86/kvm/vmx/capabilities.h | 9 ++++++++- arch/x86/kvm/vmx/vmcs.h | 1 + arch/x86/kvm/vmx/vmx.c | 17 ++++++++++++++++- arch/x86/kvm/vmx/vmx.h | 7 ++++++- 6 files changed, 35 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 4fa2b3dd743e..ab9ec10a3fff 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -1112,6 +1112,7 @@ #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x00000490 #define MSR_IA32_VMX_VMFUNC 0x00000491 #define MSR_IA32_VMX_PROCBASED_CTLS3 0x00000492 +#define MSR_IA32_VMX_EXIT_CTLS2 0x00000493 /* Resctrl MSRs: */ /* - Intel: */ diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 76518e21c54d..272af2004111 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -105,6 +105,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_ACTIVATE_SECONDARY_CONTROLS 0x80000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -250,6 +251,8 @@ enum vmcs_field { TERTIARY_VM_EXEC_CONTROL_HIGH = 0x00002035, PID_POINTER_TABLE = 0x00002042, PID_POINTER_TABLE_HIGH = 0x00002043, + SECONDARY_VM_EXIT_CONTROLS = 0x00002044, + SECONDARY_VM_EXIT_CONTROLS_HIGH = 0x00002045, GUEST_PHYSICAL_ADDRESS = 0x00002400, GUEST_PHYSICAL_ADDRESS_HIGH = 0x00002401, VMCS_LINK_POINTER = 0x00002800, diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index cb6588238f46..e8f3ad0f79ee 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -59,8 +59,9 @@ struct vmcs_config { u32 cpu_based_exec_ctrl; u32 cpu_based_2nd_exec_ctrl; u64 cpu_based_3rd_exec_ctrl; - u32 vmexit_ctrl; u32 vmentry_ctrl; + u32 vmexit_ctrl; + u64 secondary_vmexit_ctrl; u64 misc; struct nested_vmx_msrs nested; }; @@ -136,6 +137,12 @@ static inline bool cpu_has_tertiary_exec_ctrls(void) CPU_BASED_ACTIVATE_TERTIARY_CONTROLS; } +static inline bool cpu_has_secondary_vmexit_ctrls(void) +{ + return vmcs_config.vmexit_ctrl & + VM_EXIT_ACTIVATE_SECONDARY_CONTROLS; +} + static inline bool cpu_has_vmx_virtualize_apic_accesses(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & diff --git a/arch/x86/kvm/vmx/vmcs.h b/arch/x86/kvm/vmx/vmcs.h index 7c1996b433e2..7d45a6504200 100644 --- a/arch/x86/kvm/vmx/vmcs.h +++ b/arch/x86/kvm/vmx/vmcs.h @@ -47,6 +47,7 @@ struct vmcs_host_state { struct vmcs_controls_shadow { u32 vm_entry; u32 vm_exit; + u64 secondary_vm_exit; u32 pin; u32 exec; u32 secondary_exec; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 581967d20659..4023474ea002 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2569,6 +2569,7 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, u32 _cpu_based_2nd_exec_control = 0; u64 _cpu_based_3rd_exec_control = 0; u32 _vmexit_control = 0; + u64 _secondary_vmexit_control = 0; u32 _vmentry_control = 0; u64 basic_msr; int i; @@ -2688,6 +2689,11 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, _vmexit_control &= ~x_ctrl; } + if (_vmexit_control & VM_EXIT_ACTIVATE_SECONDARY_CONTROLS) + _secondary_vmexit_control = + adjust_vmx_controls64(KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS, + MSR_IA32_VMX_EXIT_CTLS2); + rdmsrl(MSR_IA32_VMX_BASIC, basic_msr); /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */ @@ -2709,8 +2715,9 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf, vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control; vmcs_conf->cpu_based_2nd_exec_ctrl = _cpu_based_2nd_exec_control; vmcs_conf->cpu_based_3rd_exec_ctrl = _cpu_based_3rd_exec_control; - vmcs_conf->vmexit_ctrl = _vmexit_control; vmcs_conf->vmentry_ctrl = _vmentry_control; + vmcs_conf->vmexit_ctrl = _vmexit_control; + vmcs_conf->secondary_vmexit_ctrl = _secondary_vmexit_control; rdmsrl(MSR_IA32_VMX_MISC, vmcs_conf->misc); @@ -4421,6 +4428,11 @@ static u32 vmx_vmexit_ctrl(void) ~(VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | VM_EXIT_LOAD_IA32_EFER); } +static u64 vmx_secondary_vmexit_ctrl(void) +{ + return vmcs_config.secondary_vmexit_ctrl; +} + static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -4766,6 +4778,9 @@ static void init_vmcs(struct vcpu_vmx *vmx) vm_exit_controls_set(vmx, vmx_vmexit_ctrl()); + if (cpu_has_secondary_vmexit_ctrls()) + secondary_vm_exit_controls_set(vmx, vmx_secondary_vmexit_ctrl()); + /* 22.2.1, 20.8.1 */ vm_entry_controls_set(vmx, vmx_vmentry_ctrl()); diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index e3b0985bb74a..f470eeb2a5c8 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -506,7 +506,11 @@ static inline u8 vmx_get_rvi(void) VM_EXIT_LOAD_IA32_EFER | \ VM_EXIT_CLEAR_BNDCFGS | \ VM_EXIT_PT_CONCEAL_PIP | \ - VM_EXIT_CLEAR_IA32_RTIT_CTL) + VM_EXIT_CLEAR_IA32_RTIT_CTL | \ + VM_EXIT_ACTIVATE_SECONDARY_CONTROLS) + +#define KVM_REQUIRED_VMX_SECONDARY_VM_EXIT_CONTROLS (0) +#define KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS (0) #define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL \ (PIN_BASED_EXT_INTR_MASK | \ @@ -610,6 +614,7 @@ static __always_inline void lname##_controls_clearbit(struct vcpu_vmx *vmx, u##b } BUILD_CONTROLS_SHADOW(vm_entry, VM_ENTRY_CONTROLS, 32) BUILD_CONTROLS_SHADOW(vm_exit, VM_EXIT_CONTROLS, 32) +BUILD_CONTROLS_SHADOW(secondary_vm_exit, SECONDARY_VM_EXIT_CONTROLS, 64) BUILD_CONTROLS_SHADOW(pin, PIN_BASED_VM_EXEC_CONTROL, 32) BUILD_CONTROLS_SHADOW(exec, CPU_BASED_VM_EXEC_CONTROL, 32) BUILD_CONTROLS_SHADOW(secondary_exec, SECONDARY_VM_EXEC_CONTROL, 32) From patchwork Wed Feb 7 17:26:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198000 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2405492dyb; Wed, 7 Feb 2024 10:02:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IHYhFC0elHnsAcIi61sfwSGJizqrc0y/RKxks+yggLVapoN9Z0Zv92ZIT1MyStyGO01WFdI X-Received: by 2002:aa7:d059:0:b0:560:e51c:da87 with SMTP id n25-20020aa7d059000000b00560e51cda87mr159041edo.21.1707328921425; Wed, 07 Feb 2024 10:02:01 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707328921; cv=pass; d=google.com; s=arc-20160816; b=iPDvgbSN/+6f9CC1ZbCAAbOCkMCmd5tPu8uLaBSZO+bhs198886wpUzyC5sQioPPgC ivR/pDkxuPk6lH1K6AXsA50n74UhU7aXLbPsY9kQ2+V3UKqZiR2UmIDYTXB2AW+yoMk7 e8NLNxXa64uAWAjMOLvrnBWK2Qv0ZYXWhdZWACsR5lDB0PPIk3ZWJG0KKc3ekLKWdgcH Q9gRoIr81bM2iNK67c88d7dxnxAEetnJIEL6nWk2Qhizrvvr+3jNHf2mC5H/oCKR6L0E FFbx3GLk2HIHfkuzD23YR8iX9/Kd4LXfBtoqSK635QH4ccy75cL+DP26hgEdpKmVdxws VFPQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=nWPYB9eeGVBVZF3HehvyjJcetS3097sYt9v/f076u80=; fh=FWHRG/uKT7rPO2naz+B9ZpCYvmPzJ/TjxU6ScrFvhe4=; b=NTm3NXHd+YpFLHDUaQpKhr0MA7OsX7DMNb8ouKflKtt7DGgAJXucW5f7X2qotho4+r 8QdA/dmRrjbkox3ol+H1T0k+frlKCDGN8TCWx1pzmXiTlid+eWRV+WNngRHLRE3g/xSE NP0GSvt2Bs7Ap9hkSvSPoh8ig0L9RnNboat5cSkZek+vtGO9s58SEfoJANn6uHRtt+Tv ebr1NaReYPkBi0PHXs9N2Iee4qciTQW7BRatlaR1i0y062ixyvqzbE3Phht++Jz2bUbR UTAdL3ocTtAu6426J0+Dr4AWtUWnv5ByUI9rupMrSOHWA/FL0eA+zuALixj0+iBdK2C1 RmBQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OuxLvb5J; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56857-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56857-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCWvnPiR5blgZJnNrcv0fQunxzDVSdTNqlVR1WAJprihJMP/tTndgFEOT33zcnTQhBUJdWRgPDwMSOT2sJxNuWMYMzoBFw== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id q29-20020a50aa9d000000b005600f538252si1129074edc.227.2024.02.07.10.02.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:02:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56857-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OuxLvb5J; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56857-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56857-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 0CFF31F214EA for ; Wed, 7 Feb 2024 18:02:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6610E127B5F; Wed, 7 Feb 2024 17:59:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="OuxLvb5J" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE91D82D91; Wed, 7 Feb 2024 17:59:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328746; cv=none; b=seoSVQBdB2HnzsYIFezNX7uXixxz4EJU8JUrcPtdjFYR3OTM7ekSQelnlSBKqkklz5vI4ft+b0En8fAbi4SeKoo3Fq4BYUU+QvLZAkrCPUHjrSyqgUyEPe9ss2oSI7vdYTafdLmLj5Q+nsrVH6LQmf9VNOP4tlvWE7Ztubx0PUQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328746; c=relaxed/simple; bh=7KPmwPclT/FKLhFcFWIDWM27z0VWKv0aw6taF2QMvjE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SLUnv0zKSfRbuqORWU4bP7oDZZAwp5RPmbSj4MQuWEPiK90K2peKt7aTTvuNaQM/9uCKQGsgnkiZTsa+WF7c2aPXROYqGu7ap9yLUti+H09F4+M/ZPpLBcovuDWndkbCjI9l/6v++rYdxSrxGP+mDoom2yJ50kuGr+LbSzYIaXo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=OuxLvb5J; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328741; x=1738864741; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7KPmwPclT/FKLhFcFWIDWM27z0VWKv0aw6taF2QMvjE=; b=OuxLvb5J4PGsbqTzqonWOqpzQRnc1b29hErnPSClGKwV4tejtHIV+83d 4MOskxdxS+wkMWcDLTVLKnXinwcPbkrzH0RicnMdG1JD5VN3eyaOPJ/Ua JlgWHExdHv0b5q46D8lPMp/Ks5amFPzuqF6qe0fPjfhoc7we87rPRw3nx YPI/+Gh0/tIYV/vJabx79ReIKicK4SOuAhUFQFSIidCM8pnJ9vrS8KWoE 6hUCwoz5ChBsazKwjgA8Gy0xC8IO9LFFBTxHQYqHJQoNpYtRm+Hn391GD yowMjIc7tRC9VFfpPSkEsUBFqHcp4gKwCVL9gDPe2mLbfIB40hGXBAXnF A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622517" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622517" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:55 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020704" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:54 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 04/25] KVM: x86: Mark CR4.FRED as not reserved Date: Wed, 7 Feb 2024 09:26:24 -0800 Message-ID: <20240207172646.3981-5-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264131084816511 X-GMAIL-MSGID: 1790264131084816511 The CR4.FRED bit, i.e., CR4[32], is no longer a reserved bit when a guest enumerates FRED, otherwise it is still a reserved bit. Signed-off-by: Xin Li Tested-by: Shan Kang --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/x86.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b5b2d0fde579..0d88873eba63 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -134,7 +134,7 @@ | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_FSGSBASE \ | X86_CR4_OSXMMEXCPT | X86_CR4_LA57 | X86_CR4_VMXE \ | X86_CR4_SMAP | X86_CR4_PKE | X86_CR4_UMIP \ - | X86_CR4_LAM_SUP)) + | X86_CR4_LAM_SUP | X86_CR4_FRED)) #define CR8_RESERVED_BITS (~(unsigned long)X86_CR8_TPR) diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 2f7e19166658..9a52016ebf5a 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -532,6 +532,8 @@ bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type); __reserved_bits |= X86_CR4_PCIDE; \ if (!__cpu_has(__c, X86_FEATURE_LAM)) \ __reserved_bits |= X86_CR4_LAM_SUP; \ + if (!__cpu_has(__c, X86_FEATURE_FRED)) \ + __reserved_bits |= X86_CR4_FRED; \ __reserved_bits; \ }) From patchwork Wed Feb 7 17:26:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198015 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2410777dyb; Wed, 7 Feb 2024 10:08:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IFbwk7YKi/VZNMLCBKv8/JV7vmjnQPZ3PYDZBcfvTnwRirBXU6wMKD1Tk6cMqe2jCfNrxjK X-Received: by 2002:a17:90a:b395:b0:28f:fa9d:ebdf with SMTP id e21-20020a17090ab39500b0028ffa9debdfmr446131pjr.3.1707329298526; Wed, 07 Feb 2024 10:08:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329298; cv=pass; d=google.com; s=arc-20160816; b=jrrouT3xFfAmudFFSGjd3zPMockQTgcDmenxJqkTelZOdRIFCOx2e4zG9L3i4WFNa2 g3kC3CVmZNwVe4kU6jG4FfKf307jdJJuaCcSDWUzZ76hfQPEm/vHEgWm3E3dIlQj6X6h JS1frav4NRv0adw/K4gg7PzP4iFI5g+drtMjkKV7ZKVA+2EcFdQmDBrgMrJR+Fsuq4yn 0oXy/Ry94NPKXnu6f+1QBSJ54Fag3VIZMSEjLpFa69Y2pipcSJIkCNprFaDKW3/wWZhE z4dOoHcBf/NEIDablnhWllcmOHc3dKh+VOFVF1GP47rKgc24aUV2blPWvv1r82g3m08I R17A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=QVClY8K7ES5vcsDJPyph2kNefbcwGik0YRQd+5WJz+E=; fh=7CTDNyywr1PaK4zd71lrXO2wAF/n4ImSGIgbpiSoOl4=; b=CMiBLYMPwq9mUKDO8oPL/C4XPQw51HJggSzWRIFoJJuq/tNZQcPrW3CgbvrmpZ32k4 KWT1SMSh4otpmQgi8Pa0z+mLEK7GJtPKt0Jqy7iRybMpOWPrJDC+SJ8dZ2OhXikO1Yz4 YFDNviTDDPXv5trlVYUvVHVfx7rSkzheQ55tg4vyBOyNfe4ef3pBw4d5zbvhObXM+4Ww i2Si9kuQhFk6Nhyimqq5gScA/ahH2nuaGn1go2+mInqGEa6ZMwnrWrPvkaMGNnNDcSIf 343to2gRZx0ak8mtBNk/bXYQ1N3MJysYiqlck0cu2RzXsByCaT1gmlXbL+84BOU4kJ74 DVMA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=iFx5vvUr; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56862-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56862-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCV6lPt+jQBwzRYw9Rcg/ZXVphpNNOQf9lmdXDyxzbYiRLBpqQv8m4s6HHQ5hQN7FbsxPIkktuenRyuvB0jrV97hjTffKg== Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id ne22-20020a17090b375600b002965fd67447si3786850pjb.52.2024.02.07.10.08.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:08:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56862-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=iFx5vvUr; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56862-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56862-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 3495FB299E8 for ; Wed, 7 Feb 2024 18:03:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 33AAF12B165; Wed, 7 Feb 2024 17:59:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="iFx5vvUr" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C62C183CBD; Wed, 7 Feb 2024 17:59:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328748; cv=none; b=R+//D2VtxYgdOlv/7wGM9/HTcNdnRquWqAYlniBW3gwm13cOkjWGIy6c6DDkW3HAyTDX7aYM/TCiWtXhrVnhGEkRkoXSQnIm2QtmA8ira7MYcYl+02QUZ13cN4WnoT7oX7MdwjCot7xk4F8i0oiXDcKyr4e/D/3FfZwTaLn0b/8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328748; c=relaxed/simple; bh=/ejIOyjEmSLEKy4yAWEhsQcfTxQrq3hmpN4TbywkFdQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=o+XWb9vCsuXCnt16bvYyc+Tz53zsvG/ZK8erJdRMSHn+0ErbgoXhI3sDt/gVFTvIOVl2H8VHqK0beMIHHw4aJRYCf/qXykLXqV9weVUWdCD54biQarioQAs51AaaIJhgVtZrd1wd2gxS0QGsZcjmkbw1jrAIbBd/9N2JqAxv5wc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=iFx5vvUr; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328742; x=1738864742; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=/ejIOyjEmSLEKy4yAWEhsQcfTxQrq3hmpN4TbywkFdQ=; b=iFx5vvUrk1FnzNlPrZ73+gW3MhDVwC6Hw64DqpvScd13I2pAPEEDCNx0 lmlcNRjNGhsCfWXM3OXSasDaZ1k1CBPXBMc93b/8A3r/eC2CHSEyPEErT TG03sxAJrolp7GCqwNMaOShLxb/lMwq0N9B+vGJjJQGRgLHZqEj27QjPK HEaFWDER+7mXLWRqta0Vn8FtKaCylNm3+xK1my6HOGXLiDSgUZgM3M92j u9LY8YOR74fTYxdbns8zlZqtzhJ1bCqVKo9dgP9FdrOEL4nqxYVGwk91G 74UZNoFoNcE6HQwXV2CFjSpTGwziWITV7mynYcW+ZhvWXjiXP7UdKaKKc w==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622525" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622525" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:55 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020707" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:54 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 05/25] KVM: VMX: Initialize FRED VM entry/exit controls in vmcs_config Date: Wed, 7 Feb 2024 09:26:25 -0800 Message-ID: <20240207172646.3981-6-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264526829611989 X-GMAIL-MSGID: 1790264526829611989 Setup the global vmcs_config for FRED: 1) Add VM_ENTRY_LOAD_IA32_FRED to KVM_OPTIONAL_VMX_VM_ENTRY_CONTROLS to have a FRED CPU load guest FRED MSRs from VMCS upon VM entry. 2) Add SECONDARY_VM_EXIT_SAVE_IA32_FRED to KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS to have a FRED CPU save guest FRED MSRs to VMCS during VM exit. 3) add SECONDARY_VM_EXIT_LOAD_IA32_FRED to KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS to have a FRED CPU load host FRED MSRs from VMCS during VM exit. Signed-off-by: Xin Li Tested-by: Shan Kang --- Change since v1: * Remove FRED VM entry/exit controls consistency checks in setup_vmcs_config() (Sean Christopherson). --- arch/x86/include/asm/vmx.h | 3 +++ arch/x86/kvm/vmx/vmx.h | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 272af2004111..cb14f7e315f5 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -106,6 +106,8 @@ #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 #define VM_EXIT_ACTIVATE_SECONDARY_CONTROLS 0x80000000 +#define SECONDARY_VM_EXIT_SAVE_IA32_FRED 0x00000001 +#define SECONDARY_VM_EXIT_LOAD_IA32_FRED 0x00000002 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -119,6 +121,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_IA32_FRED 0x00800000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index f470eeb2a5c8..3ad52437f426 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -484,7 +484,8 @@ static inline u8 vmx_get_rvi(void) VM_ENTRY_LOAD_IA32_EFER | \ VM_ENTRY_LOAD_BNDCFGS | \ VM_ENTRY_PT_CONCEAL_PIP | \ - VM_ENTRY_LOAD_IA32_RTIT_CTL) + VM_ENTRY_LOAD_IA32_RTIT_CTL | \ + VM_ENTRY_LOAD_IA32_FRED) #define __KVM_REQUIRED_VMX_VM_EXIT_CONTROLS \ (VM_EXIT_SAVE_DEBUG_CONTROLS | \ @@ -510,7 +511,9 @@ static inline u8 vmx_get_rvi(void) VM_EXIT_ACTIVATE_SECONDARY_CONTROLS) #define KVM_REQUIRED_VMX_SECONDARY_VM_EXIT_CONTROLS (0) -#define KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS (0) +#define KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS \ + (SECONDARY_VM_EXIT_SAVE_IA32_FRED | \ + SECONDARY_VM_EXIT_LOAD_IA32_FRED) #define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL \ (PIN_BASED_EXT_INTR_MASK | \ From patchwork Wed Feb 7 17:26:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198004 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2406623dyb; Wed, 7 Feb 2024 10:03:10 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX6NtY77z1O2mPCmFHTp/KNhnwwbnHfX7zG5jkTqzsjxTgoDlSNScitfuAoZ/H6EFOe9hVSxBShohckxjfj5DeMMDF5QQ== X-Google-Smtp-Source: AGHT+IEPURhwFIo9MOqv4G0qqZlQBBndV3XM4vIhuBJqcXrpqoPTT8LbjEQW9Fj1KDNyS2ZnSXl3 X-Received: by 2002:a17:906:a188:b0:a38:18de:bc9b with SMTP id s8-20020a170906a18800b00a3818debc9bmr4443236ejy.36.1707328990358; Wed, 07 Feb 2024 10:03:10 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707328990; cv=pass; d=google.com; s=arc-20160816; b=dbdgRlSAxMBXB6kfQKr1LifvCxor0pQVOvV3YZbr3qemHLUGSDcSFoW3cEzM1HwldP ZtVxst6RuxtzAOC0MuYsHxYL6EcGeYr/cOJ3Og4a9zjdi7IW6uvgZUsbCIQfcc9ZMLGz wSjZlA8EnPdvDMSxKzvNqqqPH9kyaYO2oo23v9Urc49dgMmFQAyQfPXCSvaulrGgNcRS 4oo9y3J0J3Us0ax9pHKOfy5TbHvSRhtsNRIwNxJJugzkxtXYQZJdQojzicGGw269DOeG fwPj8bTcZSgCvTal1gPniW46GmT7QBNPzKOSCp+0bhayOwgUd/A1RYlzO5ikKsXlJ85r hPLQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=YFcqhiKO1HhOW/HBEuQXDS9S7Q/UDLcVlrqF7Fposhs=; fh=XOwJw+fk0lilMLBwbyfOJ1Lcp1yEf3WIPSDnICZ9quU=; b=NeVoV0N4TdvhPDSKrgz+ADOhdjtyVlA7Z19eZDaKkNozsL5zI/l9JqjQKkeJpLkjxj 941DLIGo57WTXtxHoLMWUOSmzrU03sJlOn0WEv8CQy8f5qvp9jI9+qDopJnC3h9mbYND YnQI/CpDYyYEFadsRPvLcUXR7qCwTCTmY4Gz2I+bzsW6iMdIFjWzWRQKyg+sVS6erwHU P+5+QimWngNTxMwWbbvhqcfLfKc8egGwRgwD2NBg9JK/go6OA4vgPcVno7nbolwccL3U mMEzYctrv3z1uQK/nj/X3IA018UAKH165qfg4kk4iZ1P85vwesJS0jIpIXGOnAows+Z1 hMww==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Om/u3VeJ"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56860-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56860-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCWqHKaUwt3PvQcmWwoWnZqZnu/t3CzLv3QMxkHzpHXb3Vvd1e6iFDFm7TFv5Z3jHDxA4btfQGjJ9a0qv40buVLQAQ/1qw== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id o23-20020a17090637d700b00a384f95cb24si1182719ejc.1002.2024.02.07.10.03.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:03:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56860-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Om/u3VeJ"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56860-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56860-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id F05171F2282E for ; Wed, 7 Feb 2024 18:03:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C6F7312AAE0; Wed, 7 Feb 2024 17:59:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Om/u3VeJ" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2A9684A21; Wed, 7 Feb 2024 17:59:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328748; cv=none; b=aNjBYsuzjuD80R+jQZjVb7zj9WSEloF60t4Nf489NMzRUmOkyDdBVYPxE20S4AxlCjwqxwrujPIYRzLN8hRwWdrVpEDzsKRTcmmvFPNWGSpeRDK2A23KXZtALwChliNMIWvrXoqGV6aC/CLpoXKbiJnKbScBCFqMTcztzzZIZ/s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328748; c=relaxed/simple; bh=4kdSkys88FpdgTkppEIsXzYqXf5ahVowuZYtgN30c0w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=I43TCW+eravJ71VVkIjqeS65GixU4+1ssCXretImo/in7btVFvhh5caTDsRhBSNkXdSaWYKbRYDIdZ/eg2Pybw6VHciTDn/HyRxQnHtZZmdFu9AsZe7YwziWrmAqMWQ53s1TlN9FhONneRvOo+x8hLO+UNP9fbbWjb8myyF4UKk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Om/u3VeJ; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328743; x=1738864743; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4kdSkys88FpdgTkppEIsXzYqXf5ahVowuZYtgN30c0w=; b=Om/u3VeJxKG+wOQ616W7Sr+RkErjHXzuBzXMsrLz+wVPm7qZdCjvnRi4 0vJPPwsuI30E5Z62dyxg70N98AH7G27dQiOAQxOZJKwi+pcKazpPiPe+H iI9f5WjQCTxl29OG9uwU6x0cK5vhvxpKTu2JW9MnXnale0rsSINc88arP NayUZR0LzF5u3oQGLazYFlEU+mPLywl3GaQJYB2p4e4SbOoC4Qz5hmtxU h9/NWCUf7hBNZGpvZ8C+bVrb4IN4jWyYokXEGRR8nnXFbpRV8gv0hg/Td la1oj7kqDh2mI/jPMTEp3wuJcAmS9yYikkLKxDfcfOzoDCxEFxObBUAWR A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622533" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622533" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:55 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020710" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:54 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 06/25] KVM: VMX: Defer enabling FRED MSRs save/load until after set CPUID Date: Wed, 7 Feb 2024 09:26:26 -0800 Message-ID: <20240207172646.3981-7-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264203363730779 X-GMAIL-MSGID: 1790264203363730779 Clear FRED VM entry/exit controls when initializing a vCPU, and set these controls only if FRED is enumerated after set CPUID. FRED VM entry/exit controls need to be set to establish context sufficient to support FRED event delivery immediately after VM entry and exit. However it is not required to save/load FRED MSRs for a non-FRED guest, which aren't supposed to access FRED MSRs. Signed-off-by: Xin Li Tested-by: Shan Kang --- Changes since v1: * Use kvm_cpu_cap_has() instead of cpu_feature_enabled() (Chao Gao). * Clear FRED VM entry/exit controls if FRED is not enumerated (Chao Gao). * Use guest_can_use() to trace FRED enumeration in a vcpu (Chao Gao). --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/vmx/vmx.c | 32 +++++++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index ad463b1ed4e4..507ca73e52e9 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -17,6 +17,7 @@ KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) KVM_GOVERNED_X86_FEATURE(VGIF) KVM_GOVERNED_X86_FEATURE(VNMI) KVM_GOVERNED_X86_FEATURE(LAM) +KVM_GOVERNED_X86_FEATURE(FRED) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 4023474ea002..34b6676f60d8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4402,6 +4402,9 @@ static u32 vmx_vmentry_ctrl(void) if (cpu_has_perf_global_ctrl_bug()) vmentry_ctrl &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; + /* Whether to load guest FRED MSRs is deferred until after set CPUID */ + vmentry_ctrl &= ~VM_ENTRY_LOAD_IA32_FRED; + return vmentry_ctrl; } @@ -4430,7 +4433,13 @@ static u32 vmx_vmexit_ctrl(void) static u64 vmx_secondary_vmexit_ctrl(void) { - return vmcs_config.secondary_vmexit_ctrl; + u64 secondary_vmexit_ctrl = vmcs_config.secondary_vmexit_ctrl; + + /* Whether to save/load FRED MSRs is deferred until after set CPUID */ + secondary_vmexit_ctrl &= ~(SECONDARY_VM_EXIT_SAVE_IA32_FRED | + SECONDARY_VM_EXIT_LOAD_IA32_FRED); + + return secondary_vmexit_ctrl; } static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu) @@ -7762,10 +7771,31 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4)); } +static void vmx_vcpu_config_fred_after_set_cpuid(struct kvm_vcpu *vcpu) +{ + struct vcpu_vmx *vmx = to_vmx(vcpu); + + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_FRED); + + if (guest_can_use(vcpu, X86_FEATURE_FRED)) { + vm_entry_controls_setbit(vmx, VM_ENTRY_LOAD_IA32_FRED); + secondary_vm_exit_controls_setbit(vmx, + SECONDARY_VM_EXIT_SAVE_IA32_FRED | + SECONDARY_VM_EXIT_LOAD_IA32_FRED); + } else { + vm_entry_controls_clearbit(vmx, VM_ENTRY_LOAD_IA32_FRED); + secondary_vm_exit_controls_clearbit(vmx, + SECONDARY_VM_EXIT_SAVE_IA32_FRED | + SECONDARY_VM_EXIT_LOAD_IA32_FRED); + } +} + static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); + vmx_vcpu_config_fred_after_set_cpuid(vcpu); + /* * XSAVES is effectively enabled if and only if XSAVE is also exposed * to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be From patchwork Wed Feb 7 17:26:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198003 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2406571dyb; Wed, 7 Feb 2024 10:03:07 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUz0OtJn8uEdurvJH7kmur/qqmnhLMep9DBL/5HB9yO+vyg+ODsK0BTJzpbTp6AXi89PtDk4TxkGuAzeqmCdzBWkZpXbg== X-Google-Smtp-Source: AGHT+IFydbZSPEbAeX3iJuSJ2hXibSvfAgOICabWeKoW0MKw8DcasdzlFQZfsai353/9Jhr940cI X-Received: by 2002:ac8:542:0:b0:429:9e63:57f4 with SMTP id c2-20020ac80542000000b004299e6357f4mr6464722qth.56.1707328986944; Wed, 07 Feb 2024 10:03:06 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707328986; cv=pass; d=google.com; s=arc-20160816; b=07W5Py1B5eYxCJiaRtO3wbD/uvu1RmDsWeiwggb+HYC+B5QrdwLV27rRScRA9ORpKX lGv0KY9O3PZqUAvhNASKqOmEIkSf/1tQv9h6uYP8ydDg4PgCTuVvrmQEa6kL03YQUmRg eTKB/0U0ewqV7ugDRF2tJ+B7WhuzqSq2kstj2ZkmWAUoS6GKHIkMCaxdb/7HUgoI6w6z 2X0+cxbQxBvHv5b97nWgvt979Z8OQXQjIV4Dfo7C+aCYDOy91y3JpxCwL0TheoQedAZS 6YUDV0SBEtnlGpgq4yuoKY6wqCEttdVZPLd4HO+3MLQ/TLBR3ntXYLcmzLpXWX+eq1OY DxVQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=tF7RVysBd6lAEodH3QjrqNTupaS3tEaU/TUvYeAgucA=; fh=cq+X9hvayPEIXBZJNHTSCn7NeciPYJgmsnmj+YCunvw=; b=npvJPwz+/FONFn+cxYKZW0E3LOanBPweMnghlzFWEoD1JXOeXAZh8q7lye1dyQxdgy 10u+Bv1QQ1hcCzmWhC7Cp+Q1+SrSXoUovYuhanNyPgvMJZPsaOTO867tIwYb9Rvu/6XN FfQ9t5hAIByJlbgQAieLKsIdrZEawZVoE+RlNlWIu95Is+PLa6DjLURU6lvzuDznXuTe 2XxMneMtlVRfyVUUt2l5LnVGOs7IERo0hUHIsvBlJsetVx+T2XoeiHs+6XVl/PzvCP0w dZ9J15971/dWes700IpYqk0KpVpZvHOU/Pm9u8YjHwMS6nHvQI0MsvX/CjNhVf2OKEzL rS5g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Yf1TkA9I; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56861-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56861-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCWDP1J1gepnSveCVqFJ3I8PKgMaps9J2klqLd4+Nc4h3dna5RLIeTk0jAA2WML/s4nbUAp3TFGVUe0NexhhEBXnyFS0qA== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id f13-20020ac859cd000000b0042c39f13f93si1534540qtf.656.2024.02.07.10.03.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:03:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56861-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Yf1TkA9I; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56861-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56861-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id AC0611C20FC6 for ; Wed, 7 Feb 2024 18:03:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B202D12AAC2; Wed, 7 Feb 2024 17:59:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Yf1TkA9I" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63DC585959; Wed, 7 Feb 2024 17:59:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328748; cv=none; b=JXmMnVtx0NFQNtnTTJ5qVAPrWn4Hf//37ye+t3bxfDHZvm2noKm4Kgq4lPq1UyFMQVZc9kFvnweiXOUMAS/luOtkN7pNW7hHRwMmEIcqHli8xjrvnj+WkwLr87EBUsvceo24pqUpUXpvBVWO4gZ1Aq9prWsjYLKPUXshN0jM6Mo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328748; c=relaxed/simple; bh=d3GcbZGq1+iZzuECARn9elrUw2PwCYl4eSLifsdjifc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S01aD9mLRwXyLCeucwdE/Dq+6j0RWCQUQJwK6VyRn0a3AkD2EtGWg1rX3YbxCD9qrqRDy1fhlDjdpGmQTqxiBC3xreIrwSJOx1Ot/HGroIExlSyJEaPvSm99+2/cdhKe6c0uICY+pifIkrVF5KpDenFFAJR7hh6m8URAZdEd1og= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Yf1TkA9I; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328747; x=1738864747; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=d3GcbZGq1+iZzuECARn9elrUw2PwCYl4eSLifsdjifc=; b=Yf1TkA9Iu3Hq/O4aec0aUdDb1I64fB37U1BcNpPNrJf7ScJKd3y/Wk46 +1QDP2aBZYY7kHi3FnEgJEEwOqm9gsSenLlcVHdRBLxKzrAovjdFIHSPc hpb3fdW12L0zjBbBif41x7R9lWMewO+E3UMCyIfofCwvHX/vGFrVyddrz UHHkrkj17OwV0tbC6kb7QzAZ5EeNW1vSyqVmkDne7mUf8EEjme9i2wPG2 hs2ahsdqAt1anaEwZ4JqrbzmeV0amp7Rr8PybF/9c+RGB8YNV+2y7i8TT 4XyOe1HdjAF3q4KdiBJaCbAO0fYH/tCfQgbJV1gCSs64gHEUiLzLggG1l g==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622538" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622538" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020714" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:55 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 07/25] KVM: VMX: Set intercept for FRED MSRs Date: Wed, 7 Feb 2024 09:26:27 -0800 Message-ID: <20240207172646.3981-8-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264199939802656 X-GMAIL-MSGID: 1790264199939802656 Add FRED MSRs to the valid passthrough MSR list and set FRED MSRs intercept based on FRED enumeration. Signed-off-by: Xin Li Tested-by: Shan Kang --- Change since v1: * Enable FRED MSRs intercept if FRED is no longer enumerated in CPUID (Chao Gao). --- arch/x86/kvm/vmx/vmx.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 34b6676f60d8..d58ed2d3d379 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -693,6 +693,9 @@ static bool is_valid_passthrough_msr(u32 msr) case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8: /* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */ return true; + case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG: + /* FRED MSRs should be passthrough to FRED guests only */ + return true; } r = possible_passthrough_msr_slot(msr) != -ENOENT; @@ -7774,10 +7777,12 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu) static void vmx_vcpu_config_fred_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); + bool fred_enumerated; kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_FRED); + fred_enumerated = guest_can_use(vcpu, X86_FEATURE_FRED); - if (guest_can_use(vcpu, X86_FEATURE_FRED)) { + if (fred_enumerated) { vm_entry_controls_setbit(vmx, VM_ENTRY_LOAD_IA32_FRED); secondary_vm_exit_controls_setbit(vmx, SECONDARY_VM_EXIT_SAVE_IA32_FRED | @@ -7788,6 +7793,16 @@ static void vmx_vcpu_config_fred_after_set_cpuid(struct kvm_vcpu *vcpu) SECONDARY_VM_EXIT_SAVE_IA32_FRED | SECONDARY_VM_EXIT_LOAD_IA32_FRED); } + + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP0, MSR_TYPE_RW, !fred_enumerated); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP1, MSR_TYPE_RW, !fred_enumerated); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP2, MSR_TYPE_RW, !fred_enumerated); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP3, MSR_TYPE_RW, !fred_enumerated); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_STKLVLS, MSR_TYPE_RW, !fred_enumerated); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP1, MSR_TYPE_RW, !fred_enumerated); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP2, MSR_TYPE_RW, !fred_enumerated); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP3, MSR_TYPE_RW, !fred_enumerated); + vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_CONFIG, MSR_TYPE_RW, !fred_enumerated); } static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) From patchwork Wed Feb 7 17:26:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198026 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2414160dyb; Wed, 7 Feb 2024 10:12:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IGOl8LGs9vW0fwMNPPgyFX0JBGs/OI49iyY8aHFD8JWlViP4RjEu/OLjILFMquJ9uBv+pGY X-Received: by 2002:a17:902:b908:b0:1d9:4282:4be8 with SMTP id bf8-20020a170902b90800b001d942824be8mr5189978plb.25.1707329573560; Wed, 07 Feb 2024 10:12:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329573; cv=pass; d=google.com; s=arc-20160816; b=cUvK1OxVIdHs4aiMPXNUm3BzVLszE299T53Hlk4Xq9T8+tTShwj2H0P9B0yip0tnmS q+AWViqXPuaTqO00Q2xdFN2LoQcfAbKkxSN/2BROCKGBUpxtqD2WEcGv1kSbxjVq+3ip RNQwKe0bozQZyZ6NME1qZv0sEP5SjLdteea4TDyYc1mmcRGI+3LyYN0w8ZI0mb3gdYv7 q+qWqyLjQlP9YKwYqC09hFjDYc4fFYnr7YYpgzgQIDtXN+VdmuPJ1wQrYrzukVt2Uux9 tAwg+HvIaZ8vuhioGPcLIjng2pwdi1a62Z1w3oJHyqBwitcJCEV0k/0sfZqbZ+zGWLjC kWBw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=niZeiwctjUiHoNmDuwQ0LTT6YTS81cqPoztWycw0s9s=; fh=+2e/crJL7QSJkJK4cBYCNcd01IgP2BCotmapENdFexw=; b=pjX8kKqTBKXyOw+zIf8L06VD909ralL+3l2AUnhuhhGnK4e1puJvTKnCq3jx2bDJiC 9YLAkDhqv2KeWCC4aJPCIxY2O7u+iQp5pSmD6G9GJUUDrHKC4489X1LiGsG2mnF+6nHy N8DSbptUFUsonYVXtYzkt1xLreVPAtsEUA1HqGaKQ3g0L5no37rW1MF3/MA0J9yD4nRY iq+cxXNCCevD4YS6tvfB2LXi9+8jc4QYvt2WBqNSs70RuoPsJm7ogP9bwKjRFgGuRM3Y dzQUWU6P+W+wRAXhVt4k0VQjN17sjVFGvQlYptjInW+gtKILzorSvy9aCYm6cP5duUW+ 847w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OqRqpmSU; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56864-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56864-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCXWOdKY5bG3+x34S2DLdYE6imqeRuhnOYeLrquQrUAMUAauPwYV4QQ5SgoxEglecyHv21gog59j3HvTAa85CPJ2sJ/JBA== Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id n3-20020a170902e54300b001d72fa74bc4si2354031plf.341.2024.02.07.10.12.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:12:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56864-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OqRqpmSU; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56864-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56864-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id DE00EB2726D for ; Wed, 7 Feb 2024 18:05:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7DC2B131E35; Wed, 7 Feb 2024 17:59:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="OqRqpmSU" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EC6282D73; Wed, 7 Feb 2024 17:59:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328754; cv=none; b=lBLKyqabVjohPyQMj1oePFchhuxK6zv7X3focyDvB18j8KjRHayhp0XFnjxTgM4q+DsvwD/5JcN22t1SvTRULaOHrSidbrFYkOfRQtnMHPRZygsPA97W7XqtLkBgQawbiKqpt7sbYiH9B92D0e6N0NP6zLQiUXye2bB8ox+qP88= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328754; c=relaxed/simple; bh=6/oClMkl2sbDD+4zBb79Jk5H49m2BcEbnOgVbHYMoUk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Jqw1hlWYe9osrY6yGqqoBF6YfvmXpFC9GpGtgPZlaqA1VSg73HxknzmjK/K+kKDRMtnf5TED2XqakYX1tQtelqh8A3i46GJ5cNRMFmpElly7IKwJhmM6brjrnz4AN79ALDvxpxWThFli1mxP2V+b9mBx/eQ7wCemMOsD4qTyEJg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=OqRqpmSU; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328748; x=1738864748; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6/oClMkl2sbDD+4zBb79Jk5H49m2BcEbnOgVbHYMoUk=; b=OqRqpmSU1B94ZXlNRGKGCWDIkq8WSfar/jjrsFZSvCf7JU284m6BnNiU irBs+b2aIBI5RFv0srbm0W98KylWtLXswn0virWg4ezBC2gD3sqRCMyrm bVD6qx5ksHCvHzAnl3UdzHXAHHkGeve6sJ3VEu9w9ZJeBoINtHy46njvv w37h+LWUZ3zVy1dz+JW8WbAc8xkOgPNlCRWuxVFdh8zS1g3Di+xA9kCPb ODDnYV9SkU565wHF0AAzAwtQypT8iKl21QXPJ3tA27DILiHXaKXH2lEnt i/y/tNfc55i7tjboruM7CBuxGE6ddKDNDtAX+PPRD96YsFNyVGZ7kt27G A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622548" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622548" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020718" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:55 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 08/25] KVM: VMX: Initialize VMCS FRED fields Date: Wed, 7 Feb 2024 09:26:28 -0800 Message-ID: <20240207172646.3981-9-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264815184831756 X-GMAIL-MSGID: 1790264815184831756 Initialize host VMCS FRED fields with host FRED MSRs' value and guest VMCS FRED fields to 0. FRED CPU states are managed in 9 new FRED MSRs, as well as a few existing CPU registers and MSRs, e.g., CR4.FRED. To support FRED context management, new VMCS fields corresponding to most of FRED CPU state MSRs are added to both the host-state and guest-state areas of VMCS. Specifically no VMCS fields are added for FRED RSP0 and SSP0 MSRs, because the 2 FRED MSRs are used during ring 3 event delivery only, thus KVM, running on ring 0, can run safely even with guest FRED RSP0 and SSP0. It can be deferred to load host FRED RSP0 and SSP0 until before returning to user level. Signed-off-by: Xin Li Tested-by: Shan Kang --- Changes since v1: * Use kvm_cpu_cap_has() instead of cpu_feature_enabled() to decouple KVM's capability to virtualize a feature and host's enabling of a feature (Chao Gao). * Move guest FRED states init into __vmx_vcpu_reset() (Chao Gao). --- arch/x86/include/asm/vmx.h | 16 ++++++++++++++++ arch/x86/kvm/vmx/vmx.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index cb14f7e315f5..4889754415b5 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -280,12 +280,28 @@ enum vmcs_field { GUEST_BNDCFGS_HIGH = 0x00002813, GUEST_IA32_RTIT_CTL = 0x00002814, GUEST_IA32_RTIT_CTL_HIGH = 0x00002815, + GUEST_IA32_FRED_CONFIG = 0x0000281a, + GUEST_IA32_FRED_RSP1 = 0x0000281c, + GUEST_IA32_FRED_RSP2 = 0x0000281e, + GUEST_IA32_FRED_RSP3 = 0x00002820, + GUEST_IA32_FRED_STKLVLS = 0x00002822, + GUEST_IA32_FRED_SSP1 = 0x00002824, + GUEST_IA32_FRED_SSP2 = 0x00002826, + GUEST_IA32_FRED_SSP3 = 0x00002828, HOST_IA32_PAT = 0x00002c00, HOST_IA32_PAT_HIGH = 0x00002c01, HOST_IA32_EFER = 0x00002c02, HOST_IA32_EFER_HIGH = 0x00002c03, HOST_IA32_PERF_GLOBAL_CTRL = 0x00002c04, HOST_IA32_PERF_GLOBAL_CTRL_HIGH = 0x00002c05, + HOST_IA32_FRED_CONFIG = 0x00002c08, + HOST_IA32_FRED_RSP1 = 0x00002c0a, + HOST_IA32_FRED_RSP2 = 0x00002c0c, + HOST_IA32_FRED_RSP3 = 0x00002c0e, + HOST_IA32_FRED_STKLVLS = 0x00002c10, + HOST_IA32_FRED_SSP1 = 0x00002c12, + HOST_IA32_FRED_SSP2 = 0x00002c14, + HOST_IA32_FRED_SSP3 = 0x00002c16, PIN_BASED_VM_EXEC_CONTROL = 0x00004000, CPU_BASED_VM_EXEC_CONTROL = 0x00004002, EXCEPTION_BITMAP = 0x00004004, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index d58ed2d3d379..b7b772183ee4 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1470,6 +1470,18 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, (unsigned long)(cpu_entry_stack(cpu) + 1)); } +#ifdef CONFIG_X86_64 + /* Per-CPU FRED MSRs */ + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) { + vmcs_write64(HOST_IA32_FRED_RSP1, read_msr(MSR_IA32_FRED_RSP1)); + vmcs_write64(HOST_IA32_FRED_RSP2, read_msr(MSR_IA32_FRED_RSP2)); + vmcs_write64(HOST_IA32_FRED_RSP3, read_msr(MSR_IA32_FRED_RSP3)); + vmcs_write64(HOST_IA32_FRED_SSP1, read_msr(MSR_IA32_FRED_SSP1)); + vmcs_write64(HOST_IA32_FRED_SSP2, read_msr(MSR_IA32_FRED_SSP2)); + vmcs_write64(HOST_IA32_FRED_SSP3, read_msr(MSR_IA32_FRED_SSP3)); + } +#endif + vmx->loaded_vmcs->cpu = cpu; } } @@ -4321,6 +4333,15 @@ void vmx_set_constant_host_state(struct vcpu_vmx *vmx) */ vmcs_write16(HOST_DS_SELECTOR, 0); vmcs_write16(HOST_ES_SELECTOR, 0); + + /* + * FRED MSRs are per-cpu, however FRED CONFIG and STKLVLS MSRs + * are the same on all CPUs, thus they are initialized here. + */ + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) { + vmcs_write64(HOST_IA32_FRED_CONFIG, read_msr(MSR_IA32_FRED_CONFIG)); + vmcs_write64(HOST_IA32_FRED_STKLVLS, read_msr(MSR_IA32_FRED_STKLVLS)); + } #else vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */ vmcs_write16(HOST_ES_SELECTOR, __KERNEL_DS); /* 22.2.4 */ @@ -4865,6 +4886,19 @@ static void __vmx_vcpu_reset(struct kvm_vcpu *vcpu) */ vmx->pi_desc.nv = POSTED_INTR_VECTOR; vmx->pi_desc.sn = 1; + +#ifdef CONFIG_X86_64 + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) { + vmcs_write64(GUEST_IA32_FRED_CONFIG, 0); + vmcs_write64(GUEST_IA32_FRED_RSP1, 0); + vmcs_write64(GUEST_IA32_FRED_RSP2, 0); + vmcs_write64(GUEST_IA32_FRED_RSP3, 0); + vmcs_write64(GUEST_IA32_FRED_STKLVLS, 0); + vmcs_write64(GUEST_IA32_FRED_SSP1, 0); + vmcs_write64(GUEST_IA32_FRED_SSP2, 0); + vmcs_write64(GUEST_IA32_FRED_SSP3, 0); + } +#endif } static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) From patchwork Wed Feb 7 17:26:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198005 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2406924dyb; Wed, 7 Feb 2024 10:03:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IF7jTAu6rHo+EnLr9qrfbXp2Wiz6RT0gqOwY7J9QA/4qYKzymopWSwAAqem+NBbg6uRCvJl X-Received: by 2002:a05:622a:d2:b0:42c:4826:7f04 with SMTP id p18-20020a05622a00d200b0042c48267f04mr379900qtw.29.1707329010356; Wed, 07 Feb 2024 10:03:30 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329010; cv=pass; d=google.com; s=arc-20160816; b=rQvnNmFobUdZeUVPxPR1U93j6tikm5bIFDuFiUxl0eynUyZB6KLTvXgWkdmsKc5Lv6 2EW1qnqVxJ3cFPauKXMnNtLcZBf3SUT9BpBemFDYgWJ0S/BLZxXOZ0Oa4nuJX95V5LO1 qqZOfEuoZMOrYaH7l3oXJzXCKQ2lqkKlmHQFWsqUm1EmJrj4nTsB4oWU2SahLJ7KGKo2 NcmUgVrfRqR8fOgA0r8Zk5w3ARSG7Qj53i/mBiLD/xBU+7gWAeIjzEx71efBeMMnV0sU 7jslIhaqTpMRJ/AW8F5gs5xBFRu8yNi/nHoSW0qfga5606Ls7yN1XWXqGGOshGUeAMOp q2vA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=O4FIUlTl/IfiVjXPyzJ/QW0ouKqLlA6XYYo/BTcTNPQ=; fh=6bhtLln5xTiTRGJQ+YgzHUPW5lgf8a3+fgxnudGBNbA=; b=brjR0YrIyNTdR+u0WLn4AsTK7NfQDSNawwFI9TpvrrEC76Edz+dDzOygBl0mGTQGhR F9HvCpOQEPL6aU4Pg8r6NGY/JgnLzaZ0H0i/PDkxeSfli6ywTft4WShTHdKRnCp7C6V6 l8NinqqqJ+kgXmz90D5hnXTLOK4/r3ZeeI56HB2aTsf/bgj2xPkJOo763CqNKNUoqcFp R2qmatPi+XPfSJ9eVAYzC14wZFZhKEOYzcIiksqNuOk6uYkqiODvTPd1274pXjfsUWp0 Ad+OZjisgsNHAMIsZp5KQYDaOQzBULzZALajGI6DErmhDPp3H+vT/e/ukTRj4zhKjY10 XXuA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="XUXI/ocY"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56863-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56863-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCUi19H7SggFJQN+UG3VLS7H+ALc8bYM/7y4l/Ui/LiAqls98bRM3HSxD5J9n3wYjT4s7ooWegARYENGguC/F7TulKPmEg== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id y10-20020a05622a164a00b0042c48226303si216369qtj.789.2024.02.07.10.03.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:03:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56863-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="XUXI/ocY"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56863-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56863-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 1F1521C22108 for ; Wed, 7 Feb 2024 18:03:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 776D912BEA6; Wed, 7 Feb 2024 17:59:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="XUXI/ocY" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 524F7126F11; Wed, 7 Feb 2024 17:59:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328750; cv=none; b=Zq9bX+sJQv3uDnmtPSUxXj/lZBscefVE/JuccvRVF/LTO6lXH2gAisaBvxyvMSf0KA0OC2QL/02cSbiMUC2H/W4rNAWYZhhJx0xYO1Hevxz+t/EGNRWJwMN3WQY79flyqscPLZq2xV9bdQfV2jlE22vBW8rBD7MnT5PSv0IRHfY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328750; c=relaxed/simple; bh=GjnwgyBkd3KBWam4oCzszCoyfvTgjRR1j1p0QWV6WrM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tk2+dHkEF9p9yzj9B3z0BzSxRaNz+hCibqjKpkHFnk9Qb3Lr4/qkoLs8vRRe5vwlzw//aXPw9f3uxBa7s13AJ5XXazUyFG+WS8dZgRMYebjeqEcOZnELw35nDbGBwfv6wkLxT5g8pgqdMy/+lQBn8IqgGn1cpirYdPpEeyGzosc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=XUXI/ocY; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328749; x=1738864749; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=GjnwgyBkd3KBWam4oCzszCoyfvTgjRR1j1p0QWV6WrM=; b=XUXI/ocYcY/xOo4Dsm41ycUIIOVqJEY+5OPjRfc4q1sdOrxggzSSA/Kr viPiXoYX1wj8+4duCntrLrwSp1v+H6VQ1mH+iD+YZZtciaaWlCOWf499F F2fSp/B1BehqSPSEEtNDaCCDU7ndrzI71wfmrqkfa4pDmBKvRVM+pdtbu oHLCvxDgCTPmJsWqbfNiLhk+7D1OqYQjCZU9mTYGoJX8awZsslOT5LNVk Ll3mm86A5dlcWX2AOMcsUpNTU/gyRvpo/XACdi04zwIYgg3gcuRDrkdHd kT5wZZ699GibQJkPAD4eNrAeBCCmqbdrBF9Hawo8EgNpqqplv5SfuLJE8 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622554" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622554" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020721" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:55 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 09/25] KVM: VMX: Switch FRED RSP0 between host and guest Date: Wed, 7 Feb 2024 09:26:29 -0800 Message-ID: <20240207172646.3981-10-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264224574958350 X-GMAIL-MSGID: 1790264224574958350 Switch MSR_IA32_FRED_RSP0 between host and guest in vmx_prepare_switch_to_{host,guest}(). MSR_IA32_FRED_RSP0 is used during ring 3 event delivery only, thus KVM, running on ring 0, can run safely with guest FRED RSP0, i.e., no need to switch between host/guest FRED RSP0 during VM entry and exit. KVM should switch to host FRED RSP0 before returning to user level, and switch to guest FRED RSP0 before entering guest mode. Signed-off-by: Xin Li Tested-by: Shan Kang --- Changes since v1: * Don't use guest_cpuid_has() in vmx_prepare_switch_to_{host,guest}(), which are called from IRQ-disabled context (Chao Gao). * Reset msr_guest_fred_rsp0 in __vmx_vcpu_reset() (Chao Gao). --- arch/x86/kvm/vmx/vmx.c | 17 +++++++++++++++++ arch/x86/kvm/vmx/vmx.h | 2 ++ 2 files changed, 19 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b7b772183ee4..264378c3b784 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1337,6 +1337,16 @@ void vmx_prepare_switch_to_guest(struct kvm_vcpu *vcpu) } wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base); + + if (guest_can_use(vcpu, X86_FEATURE_FRED)) { + /* + * MSR_IA32_FRED_RSP0 is top of task stack, which never changes. + * Thus it should be initialized only once. + */ + if (unlikely(vmx->msr_host_fred_rsp0 == 0)) + vmx->msr_host_fred_rsp0 = read_msr(MSR_IA32_FRED_RSP0); + wrmsrl(MSR_IA32_FRED_RSP0, vmx->msr_guest_fred_rsp0); + } #else savesegment(fs, fs_sel); savesegment(gs, gs_sel); @@ -1381,6 +1391,11 @@ static void vmx_prepare_switch_to_host(struct vcpu_vmx *vmx) invalidate_tss_limit(); #ifdef CONFIG_X86_64 wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base); + + if (guest_can_use(&vmx->vcpu, X86_FEATURE_FRED)) { + vmx->msr_guest_fred_rsp0 = read_msr(MSR_IA32_FRED_RSP0); + wrmsrl(MSR_IA32_FRED_RSP0, vmx->msr_host_fred_rsp0); + } #endif load_fixmap_gdt(raw_smp_processor_id()); vmx->guest_state_loaded = false; @@ -4889,6 +4904,8 @@ static void __vmx_vcpu_reset(struct kvm_vcpu *vcpu) #ifdef CONFIG_X86_64 if (kvm_cpu_cap_has(X86_FEATURE_FRED)) { + vmx->msr_guest_fred_rsp0 = 0; + vmcs_write64(GUEST_IA32_FRED_CONFIG, 0); vmcs_write64(GUEST_IA32_FRED_RSP1, 0); vmcs_write64(GUEST_IA32_FRED_RSP2, 0); diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 3ad52437f426..176ad39be406 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -278,6 +278,8 @@ struct vcpu_vmx { #ifdef CONFIG_X86_64 u64 msr_host_kernel_gs_base; u64 msr_guest_kernel_gs_base; + u64 msr_host_fred_rsp0; + u64 msr_guest_fred_rsp0; #endif u64 spec_ctrl; From patchwork Wed Feb 7 17:26:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198007 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2408915dyb; Wed, 7 Feb 2024 10:05:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IF3eFcPRsU6upQM3m84+XjmSIcZgKshIJcc+paTvC8lh/buvUhPa8dAWCy0a/M6PutJnvNz X-Received: by 2002:a17:902:784b:b0:1d8:e4b8:95d6 with SMTP id e11-20020a170902784b00b001d8e4b895d6mr5282258pln.27.1707329156562; Wed, 07 Feb 2024 10:05:56 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329156; cv=pass; d=google.com; s=arc-20160816; b=uC2bg0xBRApcMLtLMrJepp2xIgrtnJy3cjPDtyDOZXfaY/MnJtOtplec3R1top+7D1 zHtdhv0PJmw9+kzOyiOzSDMVEj3GiSZzVhyT1s9jNVwf59juo3l8rWaemTlaK8cKAXJ3 8CpRxobQK7VzyCaTzEA0NjQ0M4FoVYK2TihClhxFJdSQl+W9CNKtICqOTpzWLztS4Tyn QZtunM0pf52oY+YAHxuSNuGesXfjwQWC58fawtQ5doZoIeRiXgioNsDlbnECK8BI6CeM 1c3gRsw8i7VB0jCcZlx7WFu5nM1MYIteBtLvNTZ2pxYKIWU35i79vR0NdthJ8iJOUGe+ U+HQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=1F1eNWARokUbL3JeiwOUE71HFFjHzQX8Pp+rK4ef1dY=; fh=E6151iY6cQUqE4oJft80zhcA3FQdZ1813jqVoTayG3s=; b=tsCf8QZZln0oNzIQzl02TyFEeJJ1yXjH7Vix4DRUwK5VRekb9rTkZEa0zNBK0nf8vl +U4wwKBNoAOhcfSPVXv9jyDqk8G5oEdEtK1KkUWTRfTh0Xx0Oi/2qXkEikS74bewnPT6 HNbDOwIpsK4xBtjULTUTMn0L2RYgO5rhi0SnuT2g/wG0LAuw1NCeHwIvLbr/YuCLo9XS DdmVz/my6DY0pqGwyRJ++0/X99gwiTUtT7g9s65NuULy+TY6xSgDz5aofYfB4qQA9lBQ sm/ixo6awAfGkObc8T9XQlqxemAT5PdwvIJjQ+wywRopadEA6hbIWr00LWq7iwm7GzQW 4Hdw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=jHLPd4gT; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56865-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56865-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCVUbyK46Y/XPmQ2+JptfEC/JYrxf1EBA7m8yH1ci5qV3dfVWXVuMVaDQhv55KKw8C61uGKVr0e+W/mIzW+wVhRA65RE6g== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id o19-20020a170902e29300b001d9bd98670asi1990716plc.424.2024.02.07.10.05.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:05:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56865-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=jHLPd4gT; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56865-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56865-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 2DC392855C3 for ; Wed, 7 Feb 2024 18:05:32 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 255261339A9; Wed, 7 Feb 2024 17:59:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="jHLPd4gT" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 503D3126F0C; Wed, 7 Feb 2024 17:59:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328754; cv=none; b=R/bnNnR9Ee3d8B2RXxnC+CtOWIj8jxBtERd6vpJ6Uc8D8fkA/PFEZqi6VDnNly6q2sx78xmjjor2SEOXjQwc6z1oegmOZY8YNRI/eUzI2hMNEngV2ApvbbszA3KrmDfq3ELe0sJgRSgIFyvmowICoAJDR95Xmg1oxZprS0vMmzg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328754; c=relaxed/simple; bh=CuYDQvdxxw4eRy/EkzJIG8807riNAmdDprp/aAi8Qi0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kqNCnz79aPUsDELIkldNr/2E6aQ6Qgzk3r50U+o/66a0ZwzJzntWEtaOAWLH5Uf644iDePtNANXJR+Sz80rzRBkoglGR3lxTpNfka13RnkRDrNJKZsf/QNETUINlWdk/fi6nbNfMNgRujTS9RVyFouDC4KywtMNOTeWd37O+xWI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=jHLPd4gT; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328749; x=1738864749; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=CuYDQvdxxw4eRy/EkzJIG8807riNAmdDprp/aAi8Qi0=; b=jHLPd4gTh0gbi6tqn1Bi/w/hoP1dHqusk7cmgPPGsQO6URHH7kRTxLve B0uEnS3XxHTZRRUWixwBR+0NB1TMq4tDHr3KE1gHA3xGnYbyrpEF92j/M Q43mJFZJXAptvO7k4jD066tKE7DecqWVicQZhNAqg0RhCQchb93DpAs7m gyE5DOWeGaMwOYIhaTziBuQB97+yQo/fBRB4UtDzFtNT+NpbY+oLGcjgj rn3FqQ580A+F01dtYTSWK6fhPEQHksBZ9dHXOQsbCNSQZXC/71xBEKfOD lNhc0uYo3uaeA/20yPUUudb3Cz/cUX7DwPur2EA+NQt9nWNrDgdza4iqO Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622562" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622562" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020724" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:55 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 10/25] KVM: VMX: Add support for FRED context save/restore Date: Wed, 7 Feb 2024 09:26:30 -0800 Message-ID: <20240207172646.3981-11-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264377308232961 X-GMAIL-MSGID: 1790264377308232961 Handle host initiated FRED MSR access requests to allow FRED context to be set/get from user level. During VM save/restore and live migration, FRED context needs to be saved/restored, which requires FRED MSRs to be accessed from a user level application, e.g., Qemu. Note, handling of MSR_IA32_FRED_SSP0, i.e., MSR_IA32_PL0_SSP, is not added yet, which is done in the KVM CET patch set. Signed-off-by: Xin Li Tested-by: Shan Kang --- Changes since v1: * Use kvm_cpu_cap_has() instead of cpu_feature_enabled() (Chao Gao). * Fail host requested FRED MSRs access if KVM cannot virtualize FRED (Chao Gao). * Handle the case FRED MSRs are valid but KVM cannot virtualize FRED (Chao Gao). * Add sanity checks when writing to FRED MSRs. --- arch/x86/kvm/vmx/vmx.c | 72 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 47 +++++++++++++++++++++++++++ 2 files changed, 119 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 264378c3b784..ee61d2c25cb0 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1420,6 +1420,24 @@ static void vmx_write_guest_kernel_gs_base(struct vcpu_vmx *vmx, u64 data) preempt_enable(); vmx->msr_guest_kernel_gs_base = data; } + +static u64 vmx_read_guest_fred_rsp0(struct vcpu_vmx *vmx) +{ + preempt_disable(); + if (vmx->guest_state_loaded) + vmx->msr_guest_fred_rsp0 = read_msr(MSR_IA32_FRED_RSP0); + preempt_enable(); + return vmx->msr_guest_fred_rsp0; +} + +static void vmx_write_guest_fred_rsp0(struct vcpu_vmx *vmx, u64 data) +{ + preempt_disable(); + if (vmx->guest_state_loaded) + wrmsrl(MSR_IA32_FRED_RSP0, data); + preempt_enable(); + vmx->msr_guest_fred_rsp0 = data; +} #endif void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, @@ -2019,6 +2037,33 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case MSR_KERNEL_GS_BASE: msr_info->data = vmx_read_guest_kernel_gs_base(vmx); break; + case MSR_IA32_FRED_RSP0: + msr_info->data = vmx_read_guest_fred_rsp0(vmx); + break; + case MSR_IA32_FRED_RSP1: + msr_info->data = vmcs_read64(GUEST_IA32_FRED_RSP1); + break; + case MSR_IA32_FRED_RSP2: + msr_info->data = vmcs_read64(GUEST_IA32_FRED_RSP2); + break; + case MSR_IA32_FRED_RSP3: + msr_info->data = vmcs_read64(GUEST_IA32_FRED_RSP3); + break; + case MSR_IA32_FRED_STKLVLS: + msr_info->data = vmcs_read64(GUEST_IA32_FRED_STKLVLS); + break; + case MSR_IA32_FRED_SSP1: + msr_info->data = vmcs_read64(GUEST_IA32_FRED_SSP1); + break; + case MSR_IA32_FRED_SSP2: + msr_info->data = vmcs_read64(GUEST_IA32_FRED_SSP2); + break; + case MSR_IA32_FRED_SSP3: + msr_info->data = vmcs_read64(GUEST_IA32_FRED_SSP3); + break; + case MSR_IA32_FRED_CONFIG: + msr_info->data = vmcs_read64(GUEST_IA32_FRED_CONFIG); + break; #endif case MSR_EFER: return kvm_get_msr_common(vcpu, msr_info); @@ -2226,6 +2271,33 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vmx_update_exception_bitmap(vcpu); } break; + case MSR_IA32_FRED_RSP0: + vmx_write_guest_fred_rsp0(vmx, data); + break; + case MSR_IA32_FRED_RSP1: + vmcs_write64(GUEST_IA32_FRED_RSP1, data); + break; + case MSR_IA32_FRED_RSP2: + vmcs_write64(GUEST_IA32_FRED_RSP2, data); + break; + case MSR_IA32_FRED_RSP3: + vmcs_write64(GUEST_IA32_FRED_RSP3, data); + break; + case MSR_IA32_FRED_STKLVLS: + vmcs_write64(GUEST_IA32_FRED_STKLVLS, data); + break; + case MSR_IA32_FRED_SSP1: + vmcs_write64(GUEST_IA32_FRED_SSP1, data); + break; + case MSR_IA32_FRED_SSP2: + vmcs_write64(GUEST_IA32_FRED_SSP2, data); + break; + case MSR_IA32_FRED_SSP3: + vmcs_write64(GUEST_IA32_FRED_SSP3, data); + break; + case MSR_IA32_FRED_CONFIG: + vmcs_write64(GUEST_IA32_FRED_CONFIG, data); + break; #endif case MSR_IA32_SYSENTER_CS: if (is_guest_mode(vcpu)) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 363b1c080205..4e8d60f248e3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1451,6 +1451,9 @@ static const u32 msrs_to_save_base[] = { MSR_STAR, #ifdef CONFIG_X86_64 MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR, + MSR_IA32_FRED_RSP0, MSR_IA32_FRED_RSP1, MSR_IA32_FRED_RSP2, + MSR_IA32_FRED_RSP3, MSR_IA32_FRED_STKLVLS, MSR_IA32_FRED_SSP1, + MSR_IA32_FRED_SSP2, MSR_IA32_FRED_SSP3, MSR_IA32_FRED_CONFIG, #endif MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA, MSR_IA32_FEAT_CTL, MSR_IA32_BNDCFGS, MSR_TSC_AUX, @@ -1892,6 +1895,30 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data, return 1; data = (u32)data; + break; + case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG: + if (index != MSR_IA32_FRED_STKLVLS && is_noncanonical_address(data, vcpu)) + return 1; + if ((index >= MSR_IA32_FRED_RSP0 && index <= MSR_IA32_FRED_RSP3) && + (data & GENMASK_ULL(5, 0))) + return 1; + if ((index >= MSR_IA32_FRED_SSP1 && index <= MSR_IA32_FRED_SSP3) && + (data & GENMASK_ULL(2, 0))) + return 1; + + if (host_initiated) { + if (!kvm_cpu_cap_has(X86_FEATURE_FRED)) + return 1; + } else { + /* + * Inject #GP upon FRED MSRs accesses from a non-FRED guest, + * which also ensures no malicious guest can write to FRED + * MSRs to corrupt host FRED MSRs. + */ + if (!guest_can_use(vcpu, X86_FEATURE_FRED)) + return 1; + } + break; } @@ -1936,6 +1963,22 @@ int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data, !guest_cpuid_has(vcpu, X86_FEATURE_RDPID)) return 1; break; + case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG: + if (host_initiated) { + if (!kvm_cpu_cap_has(X86_FEATURE_FRED)) + return 1; + } else { + /* + * Inject #GP upon FRED MSRs accesses from a non-FRED guest, + * which also ensures no malicious guest can write to FRED + * MSRs to corrupt host FRED MSRs. + */ + if (!guest_can_use(vcpu, X86_FEATURE_FRED)) + return 1; + } + + break; + } msr.index = index; @@ -7364,6 +7407,10 @@ static void kvm_probe_msr_to_save(u32 msr_index) if (!(kvm_get_arch_capabilities() & ARCH_CAP_TSX_CTRL_MSR)) return; break; + case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG: + if (!kvm_cpu_cap_has(X86_FEATURE_FRED)) + return; + break; default: break; } From patchwork Wed Feb 7 17:26:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198006 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2408767dyb; Wed, 7 Feb 2024 10:05:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IFrRx9404vd8E5HwuDYs0EBQQ/b8pmWUJzOd7OYlBduZn0hKRQgEjZgYeW8xdDeFP5Di3Q3 X-Received: by 2002:a92:d5cf:0:b0:363:8440:94af with SMTP id d15-20020a92d5cf000000b00363844094afmr6517003ilq.4.1707329145770; Wed, 07 Feb 2024 10:05:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329145; cv=pass; d=google.com; s=arc-20160816; b=mNewRMOIthZ+vdmAVbt9fKUvKRT8f1ujbxYSCgdmjninRIb26aruDZv+Hwqs4VL8ma 88fqYNRhdVpDjWKCxgnvFwP+luCYT4YRiCnE2B54FZcMO3cY4GCWBJM33WMZO8O887t2 59Lm5ppG8iG/3TK33/GnxwJHCViZjpTrOZesafNwMtBGLuNSxkFVTGZIsgcA99ADO7k6 gCuo7NagnAgfrNmLgoNT5Dtpo/Cs39hB9A5tuHXa/+npW5Ykz14m/54/koxIFfoLEIEm MTJ2tvtsLLNap89Dt1o5epJ5nZChnNA7n2o9wXUDE5g09uhxkXoHKR2E4svJFrRvKBEs tpFw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=ItYiO89XXonjbBMGkjDbXnR4McxkibpxA64VrR7S6jg=; fh=9q6zzg5mP9AgQlwhw5vFElFklKMmOQcV0LHONnp9NoY=; b=qlSC5oSOgFWS280MrWZFe7+MjmAbKwSfOtHucwoubjwKCpkkFXFGZoEX/eqQwJD39e BLPT0TXD2/m5U+Xdm/hhL+ixk+qM7WPLRcF7H7Sg843Sldsv6fHf495dWAeaOs+tX6Tu aRSK8BRByE8nkL697M7ZBFJsWTgHJ1FYWy1us9snHjyzCEybh2hQKwf7p7/LYfV5U+G9 Kw3o9ktQ06nJ0WwM/3r1vzw+o9ttmfAGocaJeomiqQaEV9CTxcblQru6e0KD3GzJsUGd VfLQzR8LwW3sIVXArxeu3eRzG1uXegJmjBanmtMsA7wsL7PwEPfNd/O79aqFBYvzMluS r+yA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OCB9h80F; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56866-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56866-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCXPXYGtzToRcwGCxN9bMXu7HqeRmAbSKRoHY/GXwH7ZTmCfGaGViYXlDmpqkzDEIAoUdrBWC49e0EkEV3iV2S/pR3gFpg== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id x29-20020a63b21d000000b005d8c06e15e6si1953281pge.533.2024.02.07.10.05.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:05:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56866-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OCB9h80F; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56866-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56866-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 1102B2831F5 for ; Wed, 7 Feb 2024 18:05:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8F755131E36; Wed, 7 Feb 2024 17:59:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="OCB9h80F" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D10E127B40; Wed, 7 Feb 2024 17:59:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328754; cv=none; b=NhpX6zDodKTMSnKnai/ywGt+We0mUna8mztBlNTB1Pwjwsykf6FU96a/uFf88XzvRadnkCA35VbF/FjiXSbzPJRzxXs608/FN5Hk3wifXjycZLmoTdt/whdKisAWWf1UIprwK6eqlhOPSq2MH4o5cWr9US3Y7HBVpjsmvqNgCcI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328754; c=relaxed/simple; bh=yTi4kr3PlzXNPrwqknVaKsYqhBkec/CNGRO3VuNenIU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=D128TCLDPMq5OzUb+E8n/Nz0S6jcS2Kv9j6EOygWpihi5cpIMSfwMLzoPksuDe/un7MgeaZmXZYtGvmdiUpA3a39hP0jNZjosR+15MzmVPocLhOcqr3o1IDykYnRL8egcKSwqJG0jte/dO8VhlO81zbTphxjwNABvaC6hgYhxUY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=OCB9h80F; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328749; x=1738864749; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yTi4kr3PlzXNPrwqknVaKsYqhBkec/CNGRO3VuNenIU=; b=OCB9h80F7FAanD2ydW1HwX83AWeHVomZP1XI5gtKVGBrJ6QMXttwHb2+ Hed4Wl0a2WKc+5Kvf74/AsOfCe76wej4ZwEOPCqdNUk14GIljTH2GAXy0 wYhbpIb9sS7eD0W/hC1QtunqirRyCuGqbp+ZtpXpz7d0DI1g8WU97wc++ OCqNNm5+oaBk10c/CiwZiM54hjf4aUzKGFh2gyJLHC7kZQnTMSPXPHPiG vxrMGHwg3Dla5aS2vR68X2F7FQsGonot5rNn9DQse3lFLguRlhI0QC44t qnZWsrdftvuP7K9o84sqA89HvThib+nmZ3tSgCwX6l1cNKen5s/zk+zM1 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622567" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622567" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020727" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:56 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 11/25] KVM: x86: Add kvm_is_fred_enabled() Date: Wed, 7 Feb 2024 09:26:31 -0800 Message-ID: <20240207172646.3981-12-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264366441302551 X-GMAIL-MSGID: 1790264366441302551 Add kvm_is_fred_enabled() to get if FRED is enabled on a vCPU. Signed-off-by: Xin Li Tested-by: Shan Kang --- Change since v1: * Explain why it is ok to only check CR4.FRED (Chao Gao). --- arch/x86/kvm/kvm_cache_regs.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/arch/x86/kvm/kvm_cache_regs.h b/arch/x86/kvm/kvm_cache_regs.h index 75eae9c4998a..1d431c703fdf 100644 --- a/arch/x86/kvm/kvm_cache_regs.h +++ b/arch/x86/kvm/kvm_cache_regs.h @@ -187,6 +187,23 @@ static __always_inline bool kvm_is_cr4_bit_set(struct kvm_vcpu *vcpu, return !!kvm_read_cr4_bits(vcpu, cr4_bit); } +/* + * It's enough to check just CR4.FRED (X86_CR4_FRED) to tell if + * a vCPU is running with FRED enabled, because: + * 1) CR4.FRED can be set to 1 only _after_ IA32_EFER.LMA = 1. + * 2) To leave IA-32e mode, CR4.FRED must be cleared first. + * + * More details at FRED Spec 6.0 Section 4.2 Enabling in CR4. + */ +static __always_inline bool kvm_is_fred_enabled(struct kvm_vcpu *vcpu) +{ +#ifdef CONFIG_X86_64 + return kvm_is_cr4_bit_set(vcpu, X86_CR4_FRED); +#else + return false; +#endif +} + static inline ulong kvm_read_cr3(struct kvm_vcpu *vcpu) { if (!kvm_register_is_available(vcpu, VCPU_EXREG_CR3)) From patchwork Wed Feb 7 17:26:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198011 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2409495dyb; Wed, 7 Feb 2024 10:06:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IEMEZbmXXY+kPa92U/rSkE8cvFFHC1H30fH3wgCQp4rY4VLn1IhDcngriRnAmv1Kr6VUKj2 X-Received: by 2002:ac8:5b92:0:b0:42a:8462:29f2 with SMTP id a18-20020ac85b92000000b0042a846229f2mr8242896qta.49.1707329197504; Wed, 07 Feb 2024 10:06:37 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329197; cv=pass; d=google.com; s=arc-20160816; b=YXQI428WnBqPLHo80ldrd9rmjbBRYQA/7F3F/tEVmcoNPKgQ0U+Ai7eSLKDzhKgKxE iGvmL3dSfiDOS6yAg8p8/+D2IlQlmJ/Y80DaT8yr6/hF9hx4Gy6ppi8QXtgCcG7/F+g+ jepDbsHSxIMG/xWU4aL2BA5NczlWaqN7bVDoCVQAy73kAZWAQlXX5ywpBXP5PEA04Ylh F6nQTJX677CuHhoYMK6xYiDImlfdUQL5acIvk+sDgjiiXbRY29eTFb/MwllSYxe4Ri8+ LvI/VRPMWJcENOp1MMv1xPuZw01NxXQlla+VhSq0lLHfe0N6fy9GLE4EEDw8WM9D4vVh zEzQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=Vgxah/oL/nUtuXpgBXX9RneHvObP2vdUQ3FDR/d7mSI=; fh=f513VthjCpMrUQBj3PvsIVGWdUyENkCoMqbOoyGaWKU=; b=JqyTbcbXIgFZ3PHPFmb8GH5HFz6GSwKpaCb7MdXdXf0rSyqloOX4/xj+GXh8w7opif rDfUnG/+g2OT15p8ljm88UMEG8XUbvdPtTcmwMVUJ/mTC54qc9WnVk8DJep1shqgmHkS 74iDI1ETIzvPud7XZrOV/fpkftavIXSwI6F1bbBjl1sfVuNgpmL5q+/DMKjpYyWYtIHT Toow7rZf0Gbiy9+gEmtpr1aLSIcpJlhBlbX9S8/QouRbcQVJsqmUWo8c9Dxsy9zbUxTL /ZV+8zfUttL297Jc7Zzs/DNHfhgoCMA1HRWteLdj6aTblZ/cGZq5jzhZ2ZYUmKhkMfIr DikA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fO7IYgeQ; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56868-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56868-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCVOBeLMnVVbdS6M86ht+stlBT0cGAqXQhlnpvw7iU8nB1/+u2PMH9slcRU+8ov42Q262NZkmPyjrXg5omejEqJVDzB6pg== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id a9-20020a05622a064900b0042c4208f213si1401083qtb.44.2024.02.07.10.06.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:06:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56868-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fO7IYgeQ; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56868-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56868-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C4A031C2555B for ; Wed, 7 Feb 2024 18:06:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B84001353E4; Wed, 7 Feb 2024 17:59:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="fO7IYgeQ" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82D311292F1; Wed, 7 Feb 2024 17:59:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328756; cv=none; b=VZRVu6p36VNJd0ddFG8HKv9tfi7s6PlqsLGDyp9B7q6tcmXv8XwA32oZ1rkOeGh6ZMzBF6mgTI8QOZpw4dEp6fUfru2ezAQM2PqlEYGMRBYvsjkw17+K+2woXH7w8tP/fSsa47iOvvmou2JJWg8y3R/+TpBpMY9+JXCgFlhzLAY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328756; c=relaxed/simple; bh=hhNjuLldlaiHvg8yHAWCF4e5LFJRIyWq4h1vGubEja0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gQoa2B7Ie0UgU8V2A7PGOYwnjJLNo5IjVdwmHilLGAogJ52UD/Uh58NftfVEwZLr3WixpmJilDmFMZvvX+dBWlOfd8FWBICdbFCkGEhamkQtb20/vuv3P406DYW6vrcK8/JNftbk168q96jSYEN6Rs2KAQRS01Jb9Fawp8QTZQA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=fO7IYgeQ; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328751; x=1738864751; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hhNjuLldlaiHvg8yHAWCF4e5LFJRIyWq4h1vGubEja0=; b=fO7IYgeQUbqdeSvfHMkunhdYm2z7KFbce0Khf1MZZPApeSHq6avBBd/P AfDOyLZZnCop5Tujmbb5wVprnMfVWycXAIGDJ6p9HHSyUCOktfyfmyElk zVRVrEq22tAcURuQ3tt2MX4JpjY00B2ClRJqerExVzGrRzzbrbKTj6bKW Pf3d+5yRnb1hgYvSVgYtbspKbT8eiWzZg6U076iKzzWtuevZnybzfG/6G HWWfQ/28nTQ3nC+mpqEdAUlcWEFD1CEDGzYlrXDLtg7rlGtBqrZmH87v+ HiehAvIkEifonG9ctyHJBMX+biETwB4u/UpaJBHHStXOUQnUCfSb5B/Th g==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622581" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622581" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:57 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020730" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:56 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 12/25] KVM: VMX: Handle FRED event data Date: Wed, 7 Feb 2024 09:26:32 -0800 Message-ID: <20240207172646.3981-13-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264420203248624 X-GMAIL-MSGID: 1790264420203248624 Set injected-event data when injecting a #PF, #DB, or #NM caused by extended feature disable using FRED event delivery, and save original-event data for being used as injected-event data. Unlike IDT using some extra CPU register as part of an event context, e.g., %cr2 for #PF, FRED saves a complete event context in its stack frame, e.g., FRED saves the faulting linear address of a #PF into the event data field defined in its stack frame. Thus a new VMX control field called injected-event data is added to provide the event data that will be pushed into a FRED stack frame for VM entries that inject an event using FRED event delivery. In addition, a new VM exit information field called original-event data is added to store the event data that would have saved into a FRED stack frame for VM exits that occur during FRED event delivery. After such a VM exit is handled to allow the original-event to be delivered, the data in the original-event data VMCS field needs to be set into the injected-event data VMCS field for the injection of the original event. Signed-off-by: Xin Li Tested-by: Shan Kang --- Change since v1: * Document event data should be equal to CR2/DR6/IA32_XFD_ERR instead of using WARN_ON() (Chao Gao). * Zero event data if a #NM was not caused by extended feature disable (Chao Gao). --- arch/x86/include/asm/vmx.h | 4 ++ arch/x86/kvm/vmx/vmx.c | 109 ++++++++++++++++++++++++++++--------- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 10 +++- 4 files changed, 95 insertions(+), 29 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 4889754415b5..6b796c5c9c2b 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -256,8 +256,12 @@ enum vmcs_field { PID_POINTER_TABLE_HIGH = 0x00002043, SECONDARY_VM_EXIT_CONTROLS = 0x00002044, SECONDARY_VM_EXIT_CONTROLS_HIGH = 0x00002045, + INJECTED_EVENT_DATA = 0x00002052, + INJECTED_EVENT_DATA_HIGH = 0x00002053, GUEST_PHYSICAL_ADDRESS = 0x00002400, GUEST_PHYSICAL_ADDRESS_HIGH = 0x00002401, + ORIGINAL_EVENT_DATA = 0x00002404, + ORIGINAL_EVENT_DATA_HIGH = 0x00002405, VMCS_LINK_POINTER = 0x00002800, VMCS_LINK_POINTER_HIGH = 0x00002801, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index ee61d2c25cb0..f622fb90a098 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1871,9 +1871,29 @@ static void vmx_inject_exception(struct kvm_vcpu *vcpu) vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, vmx->vcpu.arch.event_exit_inst_len); intr_info |= INTR_TYPE_SOFT_EXCEPTION; - } else + } else { intr_info |= INTR_TYPE_HARD_EXCEPTION; + if (kvm_is_fred_enabled(vcpu)) { + u64 event_data = 0; + + if (is_debug(intr_info)) + /* + * Compared to DR6, FRED #DB event data saved on + * the stack frame have bits 4 ~ 11 and 16 ~ 31 + * inverted, i.e., + * fred_db_event_data = dr6 ^ 0xFFFF0FF0UL + */ + event_data = vcpu->arch.dr6 ^ DR6_RESERVED; + else if (is_page_fault(intr_info)) + event_data = vcpu->arch.cr2; + else if (is_nm_fault(intr_info)) + event_data = to_vmx(vcpu)->fred_xfd_event_data; + + vmcs_write64(INJECTED_EVENT_DATA, event_data); + } + } + vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr_info); vmx_clear_hlt(vcpu); @@ -7082,8 +7102,11 @@ static void handle_nm_fault_irqoff(struct kvm_vcpu *vcpu) * * Queuing exception is done in vmx_handle_exit. See comment there. */ - if (vcpu->arch.guest_fpu.fpstate->xfd) + if (vcpu->arch.guest_fpu.fpstate->xfd) { rdmsrl(MSR_IA32_XFD_ERR, vcpu->arch.guest_fpu.xfd_err); + to_vmx(vcpu)->fred_xfd_event_data = vcpu->arch.cr0 & X86_CR0_TS + ? 0 : vcpu->arch.guest_fpu.xfd_err; + } } static void handle_exception_irqoff(struct vcpu_vmx *vmx) @@ -7199,29 +7222,28 @@ static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx) vmx->loaded_vmcs->entry_time)); } -static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu, - u32 idt_vectoring_info, - int instr_len_field, - int error_code_field) +static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu, bool vectoring) { - u8 vector; - int type; - bool idtv_info_valid; - - idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK; + u32 event_id = vectoring ? to_vmx(vcpu)->idt_vectoring_info + : vmcs_read32(VM_ENTRY_INTR_INFO_FIELD); + int instr_len_field = vectoring ? VM_EXIT_INSTRUCTION_LEN + : VM_ENTRY_INSTRUCTION_LEN; + int error_code_field = vectoring ? IDT_VECTORING_ERROR_CODE + : VM_ENTRY_EXCEPTION_ERROR_CODE; + int event_data_field = vectoring ? ORIGINAL_EVENT_DATA + : INJECTED_EVENT_DATA; + u8 vector = event_id & INTR_INFO_VECTOR_MASK; + int type = event_id & INTR_INFO_INTR_TYPE_MASK; vcpu->arch.nmi_injected = false; kvm_clear_exception_queue(vcpu); kvm_clear_interrupt_queue(vcpu); - if (!idtv_info_valid) + if (!(event_id & INTR_INFO_VALID_MASK)) return; kvm_make_request(KVM_REQ_EVENT, vcpu); - vector = idt_vectoring_info & VECTORING_INFO_VECTOR_MASK; - type = idt_vectoring_info & VECTORING_INFO_TYPE_MASK; - switch (type) { case INTR_TYPE_NMI_INTR: vcpu->arch.nmi_injected = true; @@ -7236,10 +7258,31 @@ static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu, vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field); fallthrough; case INTR_TYPE_HARD_EXCEPTION: - if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) { - u32 err = vmcs_read32(error_code_field); - kvm_requeue_exception_e(vcpu, vector, err); - } else + if (kvm_is_fred_enabled(vcpu)) { + /* Save event data for being used as injected-event data */ + u64 event_data = vmcs_read64(event_data_field); + + switch (vector) { + case DB_VECTOR: + /* %dr6 should be equal to (event_data ^ DR6_RESERVED) */ + vcpu->arch.dr6 = event_data ^ DR6_RESERVED; + break; + case NM_VECTOR: + to_vmx(vcpu)->fred_xfd_event_data = event_data; + break; + case PF_VECTOR: + /* %cr2 should be equal to event_data */ + vcpu->arch.cr2 = event_data; + break; + default: + WARN_ON(event_data != 0); + break; + } + } + + if (event_id & INTR_INFO_DELIVER_CODE_MASK) + kvm_requeue_exception_e(vcpu, vector, vmcs_read32(error_code_field)); + else kvm_requeue_exception(vcpu, vector); break; case INTR_TYPE_SOFT_INTR: @@ -7255,18 +7298,12 @@ static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu, static void vmx_complete_interrupts(struct vcpu_vmx *vmx) { - __vmx_complete_interrupts(&vmx->vcpu, vmx->idt_vectoring_info, - VM_EXIT_INSTRUCTION_LEN, - IDT_VECTORING_ERROR_CODE); + __vmx_complete_interrupts(&vmx->vcpu, true); } static void vmx_cancel_injection(struct kvm_vcpu *vcpu) { - __vmx_complete_interrupts(vcpu, - vmcs_read32(VM_ENTRY_INTR_INFO_FIELD), - VM_ENTRY_INSTRUCTION_LEN, - VM_ENTRY_EXCEPTION_ERROR_CODE); - + __vmx_complete_interrupts(vcpu, false); vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, 0); } @@ -7382,6 +7419,24 @@ static noinstr void vmx_vcpu_enter_exit(struct kvm_vcpu *vcpu, vmx_disable_fb_clear(vmx); + /* + * %cr2 needs to be saved after a VM exit and restored before a VM + * entry in case a VM exit happens immediately after delivery of a + * guest #PF but before guest reads %cr2. + * + * A FRED guest should read its #PF faulting linear address from + * the event data field in its FRED stack frame instead of %cr2. + * But the FRED 5.0 spec still requires a FRED CPU to update %cr2 + * in the normal way, thus %cr2 is still updated even for a FRED + * guest. + * + * Note, an NMI could interrupt KVM: + * 1) after VM exit but before CR2 is saved. + * 2) after CR2 is restored but before VM entry. + * And a #PF could happen durng NMI handlng, which overwrites %cr2. + * Thus exc_nmi() should save and restore %cr2 upon entering and + * before leaving to make sure %cr2 not corrupted. + */ if (vcpu->arch.cr2 != native_read_cr2()) native_write_cr2(vcpu->arch.cr2); diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 176ad39be406..d5738c5a4814 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -266,6 +266,7 @@ struct vcpu_vmx { u32 exit_intr_info; u32 idt_vectoring_info; ulong rflags; + u64 fred_xfd_event_data; /* * User return MSRs are always emulated when enabled in the guest, but diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 4e8d60f248e3..00c0062726ae 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -680,8 +680,14 @@ static void kvm_multiple_exception(struct kvm_vcpu *vcpu, vcpu->arch.exception.injected = true; if (WARN_ON_ONCE(has_payload)) { /* - * A reinjected event has already - * delivered its payload. + * For a reinjected event, KVM delivers its + * payload through: + * #PF: save %cr2 into arch.cr2 immediately + * after VM exits. + * #DB: save %dr6 into arch.dr6 later in + * sync_dirty_debug_regs(). + * + * For FRED guest, see __vmx_complete_interrupts(). */ has_payload = false; payload = 0; From patchwork Wed Feb 7 17:26:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198012 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2410331dyb; Wed, 7 Feb 2024 10:07:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IFgEHmvR7bpsazRxk5fbShFNeBxDGOoRvYJS9h4zN6lDFf7VqdDqgfGrF+c2OucBPOBzshq X-Received: by 2002:a05:620a:1585:b0:783:bd57:f8f5 with SMTP id d5-20020a05620a158500b00783bd57f8f5mr6675073qkk.77.1707329263897; Wed, 07 Feb 2024 10:07:43 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329263; cv=pass; d=google.com; s=arc-20160816; b=U7weXy1lA0vEfIlT4Ke2Ek7EmgV32quhHmOhizRE1Fsxb13hclG5/hsH+skrlxpjAj OoOdxrcp1615GQjO+ORv5Gi/q383jQKbzRKYa3pbgVnxr19LtIcQG1IV4Wji+f6PY4aq pXHXaUKmx0ZKeIHAS22iBAZoXta2F2+281UaAOyZYma9MHgTUoIdUJNismcj7vC/4C51 zuVlWELjTttutn1vxdED5/WMEvOMjEATyG+9BlbEuW3xRRAeeOMHbwG7UkhhbZqOZ2Vj iRR+kHOmMS7b8Aw/cdkEnAh+r+ZgOZIY30dfJM8yPvXer79gSmcGSQxGpX0RZjhQf1SV B48A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=AqNJlHR67nxqc8unJttcfipRvKjSANcfDvHpby/5CUo=; fh=EnMAfrsSqNFNVcplwJEE2hvgB0/bw1Q2RU37zbknOHM=; b=zKfWpJ6eRKyKJxWNfGvma47qdrYIqLXRQ0F1kcRjuKN9/JeITKf1nXWGustg2Engfr V60kjmWOp8vkbcFa652pzz1/yvW7Betv/g4lnNpm5vRbi15FtH+TbO3ZQltqcvNadnyu 20Un466DVZH87FNECS8gFjJmSukeuOxJkSupqhcUJiM1lFn89Zz3AMirSMbMQtEs6TFd 1aAzEfEJu+5GY+VMXnbGp1NEqlSqvM9K4tBHr2CUfsTWUrtDkHpUBfWLvkG9XMMWYUWG PJCbcpQrFTsclVlK1peiZtYj4GeSR+ceqn8VQzYcxCbLixLiq/GJSygvGTQSYex0nP8Z 8Zdw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="SPl/j3GQ"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56871-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56871-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCULjVt/R7P8oOXpuCx3y4m587iQjC2thUA3yxWHDxWmCKY5/VP9rfRZDF/5MFXHnVyuXLMew109o3G8GwX51yljgX5J5w== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d26-20020a05620a205a00b0078400d7f282si1541947qka.725.2024.02.07.10.07.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:07:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56871-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="SPl/j3GQ"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56871-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56871-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 9EDA61C20AB1 for ; Wed, 7 Feb 2024 18:07:43 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4C78013665F; Wed, 7 Feb 2024 17:59:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="SPl/j3GQ" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26F7F84A21; Wed, 7 Feb 2024 17:59:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328759; cv=none; b=d2CfiBDlkCV7Pl9D9HHPlFM2ZAhk8cATphAfVaG3uj6i6YGhMQqYplBwlHF7YsF0C2V+9h09ejXgY2yk6K2Uw115+bUf5AhdQJicIM4UdqD8guSmqpslQMD7cPNevcZnlok4tyDDUY7dabUAHfMKK8uctf010vHEQs9GFSIdW+E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328759; c=relaxed/simple; bh=edLH9zVNg+M5C8W3UpTDiXcfqi/CQzK1tlqmCjLesjM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JunnZopjCoVdrb0PjgZC3eZ1NL7IA2YKJ2xmf7PbY4KS1itY+FMYO06X6EyBRwYBuU1H/JivrJ8VPF66wvwcu3KEsjLwadW/bQSQW3I2QVYwVwF9echbifTD72wDRjSXELHvqMZEB15ioEGb2mtqN3NWib14Nov+ItgSGdbAH2s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=SPl/j3GQ; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328754; x=1738864754; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=edLH9zVNg+M5C8W3UpTDiXcfqi/CQzK1tlqmCjLesjM=; b=SPl/j3GQYzSjAvPegSB+me3LHOMz2S1EoYKc1pOjksiGxnH998BaLHvT BLP5Btq7JKTGZ/LPFqClpeVH3lEAxo0V7XkbViVRxTt9jFWtKa1yNGp4g xSkqDvFFA7yeyaVLO7dvVpUNXBiC9y02mrvcX0xPsMd7DoEhclVwB8J6p wGMW4w8oOSLCS+/CtEXRkfxATVqcDzNqNqnNjpC+cHpNapl8N4FA6947r /ue2ZN4Wlo4/82Mf6VEnBSjcoNO+U2NIzjyGe+L9wNYOHUHKoUg7il0rz U2Ohz3cPZemYpz5RJmCwfeDqfWIHNlUNcgmojJ70GwJ5C4Nlp+escOj4Q Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622603" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622603" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020734" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:56 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 13/25] KVM: VMX: Handle VMX nested exception for FRED Date: Wed, 7 Feb 2024 09:26:33 -0800 Message-ID: <20240207172646.3981-14-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264490436055215 X-GMAIL-MSGID: 1790264490436055215 Set VMX nested exception bit in the VM-entry interruption information VMCS field when injecting a nested exception using FRED event delivery to ensure: 1) The nested exception is injected on a correct stack level. 2) The nested bit defined in FRED stack frame is set. The event stack level used by FRED event delivery depends on whether the event was a nested exception encountered during delivery of another event, because a nested exception is "regarded" as happening on ring 0. E.g., when #PF is configured to use stack level 1 in IA32_FRED_STKLVLS MSR: - nested #PF will be delivered on stack level 1 when encountered in ring 3. - normal #PF will be delivered on stack level 0 when encountered in ring 3. The VMX nested-exception support ensures the correct event stack level is chosen when a VM entry injects a nested exception. Signed-off-by: Xin Li Tested-by: Shan Kang --- Changes since v1: * Set the nested flag when there is an original interrupt (Chao Gao). --- arch/x86/include/asm/kvm_host.h | 6 +++-- arch/x86/include/asm/vmx.h | 5 ++-- arch/x86/kvm/svm/svm.c | 4 +-- arch/x86/kvm/vmx/vmx.c | 8 ++++-- arch/x86/kvm/x86.c | 46 ++++++++++++++++++++++++++------- arch/x86/kvm/x86.h | 1 + 6 files changed, 53 insertions(+), 17 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 0d88873eba63..ef278ee0b6ca 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -736,6 +736,7 @@ struct kvm_queued_exception { u32 error_code; unsigned long payload; bool has_payload; + bool nested; }; struct kvm_vcpu_arch { @@ -2060,8 +2061,9 @@ int kvm_emulate_rdpmc(struct kvm_vcpu *vcpu); void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr); void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code); void kvm_queue_exception_p(struct kvm_vcpu *vcpu, unsigned nr, unsigned long payload); -void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr); -void kvm_requeue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code); +void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr, bool nested); +void kvm_requeue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, + u32 error_code, bool nested); void kvm_inject_page_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault); void kvm_inject_emulated_page_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault); diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 6b796c5c9c2b..68af74e48788 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -134,7 +134,7 @@ #define VMX_BASIC_DUAL_MONITOR_TREATMENT BIT_ULL(49) #define VMX_BASIC_INOUT BIT_ULL(54) #define VMX_BASIC_TRUE_CTLS BIT_ULL(55) - +#define VMX_BASIC_NESTED_EXCEPTION BIT_ULL(58) /* VMX_MISC bits and bitmasks */ #define VMX_MISC_INTEL_PT BIT_ULL(14) @@ -407,8 +407,9 @@ enum vmcs_field { #define INTR_INFO_INTR_TYPE_MASK 0x700 /* 10:8 */ #define INTR_INFO_DELIVER_CODE_MASK 0x800 /* 11 */ #define INTR_INFO_UNBLOCK_NMI 0x1000 /* 12 */ +#define INTR_INFO_NESTED_EXCEPTION_MASK 0x2000 /* 13 */ #define INTR_INFO_VALID_MASK 0x80000000 /* 31 */ -#define INTR_INFO_RESVD_BITS_MASK 0x7ffff000 +#define INTR_INFO_RESVD_BITS_MASK 0x7fffd000 #define VECTORING_INFO_VECTOR_MASK INTR_INFO_VECTOR_MASK #define VECTORING_INFO_TYPE_MASK INTR_INFO_INTR_TYPE_MASK diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e90b429c84f1..c220b690a37c 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4057,10 +4057,10 @@ static void svm_complete_interrupts(struct kvm_vcpu *vcpu) if (exitintinfo & SVM_EXITINTINFO_VALID_ERR) { u32 err = svm->vmcb->control.exit_int_info_err; - kvm_requeue_exception_e(vcpu, vector, err); + kvm_requeue_exception_e(vcpu, vector, err, false); } else - kvm_requeue_exception(vcpu, vector); + kvm_requeue_exception(vcpu, vector, false); break; case SVM_EXITINTINFO_TYPE_INTR: kvm_queue_interrupt(vcpu, vector, false); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f622fb90a098..1f265d526daf 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1891,6 +1891,8 @@ static void vmx_inject_exception(struct kvm_vcpu *vcpu) event_data = to_vmx(vcpu)->fred_xfd_event_data; vmcs_write64(INJECTED_EVENT_DATA, event_data); + + intr_info |= ex->nested ? INTR_INFO_NESTED_EXCEPTION_MASK : 0; } } @@ -7281,9 +7283,11 @@ static void __vmx_complete_interrupts(struct kvm_vcpu *vcpu, bool vectoring) } if (event_id & INTR_INFO_DELIVER_CODE_MASK) - kvm_requeue_exception_e(vcpu, vector, vmcs_read32(error_code_field)); + kvm_requeue_exception_e(vcpu, vector, vmcs_read32(error_code_field), + event_id & INTR_INFO_NESTED_EXCEPTION_MASK); else - kvm_requeue_exception(vcpu, vector); + kvm_requeue_exception(vcpu, vector, + event_id & INTR_INFO_NESTED_EXCEPTION_MASK); break; case INTR_TYPE_SOFT_INTR: vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 00c0062726ae..725819262085 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -645,7 +645,8 @@ static void kvm_leave_nested(struct kvm_vcpu *vcpu) static void kvm_multiple_exception(struct kvm_vcpu *vcpu, unsigned nr, bool has_error, u32 error_code, - bool has_payload, unsigned long payload, bool reinject) + bool has_payload, unsigned long payload, + bool reinject, bool nested) { u32 prev_nr; int class1, class2; @@ -696,6 +697,13 @@ static void kvm_multiple_exception(struct kvm_vcpu *vcpu, vcpu->arch.exception.pending = true; vcpu->arch.exception.injected = false; } + + vcpu->arch.exception.nested = vcpu->arch.exception.nested || + (kvm_is_fred_enabled(vcpu) && + ((reinject && nested) || + vcpu->arch.nmi_injected || + vcpu->arch.interrupt.injected)); + vcpu->arch.exception.has_error_code = has_error; vcpu->arch.exception.vector = nr; vcpu->arch.exception.error_code = error_code; @@ -725,8 +733,28 @@ static void kvm_multiple_exception(struct kvm_vcpu *vcpu, vcpu->arch.exception.injected = false; vcpu->arch.exception.pending = false; + /* + * A #DF is NOT a nested event per its definition, however per + * FRED spec 5.0 Appendix B, its delivery determines the new + * stack level as is done for events occurring when CPL = 0. + */ + vcpu->arch.exception.nested = false; + kvm_queue_exception_e(vcpu, DF_VECTOR, 0); } else { + /* + * FRED spec 5.0 Appendix B: delivery of a nested exception + * determines the new stack level as is done for events + * occurring when CPL = 0. + * + * IOW, FRED event delivery of an event encountered in ring 3 + * normally uses stack level 0 unconditionally. However, if + * the event is an exception nested on any earlier event, + * delivery of the nested exception will consult the FRED MSR + * IA32_FRED_STKLVLS to determine which stack level to use. + */ + vcpu->arch.exception.nested = kvm_is_fred_enabled(vcpu); + /* replace previous exception with a new one in a hope that instruction re-execution will regenerate lost exception */ @@ -736,20 +764,20 @@ static void kvm_multiple_exception(struct kvm_vcpu *vcpu, void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr) { - kvm_multiple_exception(vcpu, nr, false, 0, false, 0, false); + kvm_multiple_exception(vcpu, nr, false, 0, false, 0, false, false); } EXPORT_SYMBOL_GPL(kvm_queue_exception); -void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr) +void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr, bool nested) { - kvm_multiple_exception(vcpu, nr, false, 0, false, 0, true); + kvm_multiple_exception(vcpu, nr, false, 0, false, 0, true, nested); } EXPORT_SYMBOL_GPL(kvm_requeue_exception); void kvm_queue_exception_p(struct kvm_vcpu *vcpu, unsigned nr, unsigned long payload) { - kvm_multiple_exception(vcpu, nr, false, 0, true, payload, false); + kvm_multiple_exception(vcpu, nr, false, 0, true, payload, false, false); } EXPORT_SYMBOL_GPL(kvm_queue_exception_p); @@ -757,7 +785,7 @@ static void kvm_queue_exception_e_p(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code, unsigned long payload) { kvm_multiple_exception(vcpu, nr, true, error_code, - true, payload, false); + true, payload, false, false); } int kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err) @@ -829,13 +857,13 @@ void kvm_inject_nmi(struct kvm_vcpu *vcpu) void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code) { - kvm_multiple_exception(vcpu, nr, true, error_code, false, 0, false); + kvm_multiple_exception(vcpu, nr, true, error_code, false, 0, false, false); } EXPORT_SYMBOL_GPL(kvm_queue_exception_e); -void kvm_requeue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code) +void kvm_requeue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code, bool nested) { - kvm_multiple_exception(vcpu, nr, true, error_code, false, 0, true); + kvm_multiple_exception(vcpu, nr, true, error_code, false, 0, true, nested); } EXPORT_SYMBOL_GPL(kvm_requeue_exception_e); diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index 9a52016ebf5a..c1f1d5696080 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -108,6 +108,7 @@ static inline void kvm_clear_exception_queue(struct kvm_vcpu *vcpu) { vcpu->arch.exception.pending = false; vcpu->arch.exception.injected = false; + vcpu->arch.exception.nested = false; vcpu->arch.exception_vmexit.pending = false; } From patchwork Wed Feb 7 17:26:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198008 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2408925dyb; Wed, 7 Feb 2024 10:05:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IE48aPJoEcao9zQFQK48FaaQRYX5DWUUOVGotTSvPYNRq6xS+F5/s5j9kdCqjDTZzT3HLP5 X-Received: by 2002:a17:907:7791:b0:a38:7171:e832 with SMTP id ky17-20020a170907779100b00a387171e832mr1874195ejc.32.1707329157283; Wed, 07 Feb 2024 10:05:57 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329157; cv=pass; d=google.com; s=arc-20160816; b=XdVoh+agYF4ffD+H+boM+A1u7ME4mzm1L2WRPu8FZt5JH6+itvz0O0mO2dNWQwXtYn 5QiaV4zQZC/LK/fscSj7dtg5mGFwTwS+0sta58i8anL2NkqH91RdqI+bO2y/RqWk76Q4 52tjN65IGu5F3Q//luyAoexcoceZ1CXonauT4hrspcsxSqSmZ7CzHsUZAIpG6MUPlJ4q aPqfm7oT2wiThOhhdsNixjwHbt8ZztOKuxIfK0tT6UoIHOQSG+OPzEJbA7XL26HXPssS 4toz21P9AVg7HWLgRrBut/uaJU7MhUxNV0FMw7Z28RZ9e5z/syTkh8mcdeHFK1f4+iUj xBmA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=liYs/LdnPBh9a3AsHAtE1oG/KW/mYwAmk1RMSlifdCk=; fh=nDSbmerVnJOyI74v9KL7uKhYqhioU7yq9el459ZlRqc=; b=PF/y6sxOUWqg8aYPrJIy/xyunhAUxp5kROe1yWx38v1+lYG499knEKSgBBQIXPzO83 i/PqvUVi/uriVjuAOUmpy3A6jgDeGKeCsDWOEaDkWtYFn3xAE6cSaxftfYGnfwsygPrU lqWcKfyUw85jCh6+r9t6Kq7ZiogqH9kZfQ9Ag58uWmI3EvtV3USdZP3cx8uJtfUoLEF9 dzX+vd6BbK9dIYP4bp6FM6fLhizevBPr9roJ4Y893wljK8eodZM7dW6t3huct32Iivh/ hHuUXe+chfMimcIsmkyX2YLb+gBBS/U9lp7mR/q+W4gAropcxP8gJaC1p1CXeFvkTCAx dPDg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=jvKP5vq8; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56867-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56867-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCXqlqmCkdE7CpFDPjcw/pI04R0K/pW0FinMSu3AJNOXjWB6R5TdI0YrFqm3ci5R9bphNgdBUSDFHv3v3Zwr8VuXv7m/Aw== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id l22-20020a1709066b9600b00a3887a540e0si725241ejr.706.2024.02.07.10.05.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:05:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56867-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=jvKP5vq8; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56867-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56867-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id DDD191F26047 for ; Wed, 7 Feb 2024 18:05:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 258FE134CF8; Wed, 7 Feb 2024 17:59:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="jvKP5vq8" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5659D1292FC; Wed, 7 Feb 2024 17:59:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328755; cv=none; b=UWhfyvdiaNF0zTwrH4Z5jLanZNGymV2tC6JJuHHcO4TQqcU4DWYCrc3nwrz74bllZHnPe4bYjd1D6y0Tl378YjlfNcWDTkzlFXveJ9upSG+l/QaUTkdvEsS6JXIAOShnpB/8WxqMBovDAxOo6qqQyHfk86AME5Ew6PyOKjkvBMs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328755; c=relaxed/simple; bh=6yDtgID+NU20uYplexiB1KaOa+Pw5BLzopQ2Vyh34IM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eLB485q6UQMb4VctwcADQ29huHLplZAbhjBjs7roNHEzG/4Rw63P8RVikxENU4f8fc4Q9xeh2GnTWnZZwt+Z9MtnoSrLhCOfM2JNhEjG3FqoLRp69rEtCRCiQHRhZc9gUe0sgRTKbLYT011v08LnMw5aEZN9YXT/B3Ej3rbj1ho= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=jvKP5vq8; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328755; x=1738864755; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6yDtgID+NU20uYplexiB1KaOa+Pw5BLzopQ2Vyh34IM=; b=jvKP5vq8i560Dtekp3lYw5efJ5hMWesynOUWh5KKbcslaDhZ4ZDu0e4u 2BKZSX9rR2ZAhnp9TbkDjjSnE2CjjDYAG12EV4sd8aFWNAFOSukdlFzv+ dP2EWKDqru3LmaYtFzGmigJy+rOLp8ntys8hKJ6sx/UyDIxo8i9IvnR+5 3Ra/jArneBrnqlgq8I86T/daEtGIhNHJ3f01a0km1SnKNQsOe8he687RF V71cE0Yg2XVETJhqAJ24bkzYyKsNlHX800wAi6XR/N30pGSO+qXXyKRMS 4Rm8GBwoFOhYLGid9/cHOUr16u5XWvn066/SM4DdQp1+4Io2Xw9yjDyPq A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622618" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622618" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020737" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:57 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 14/25] KVM: VMX: Disable FRED if FRED consistency checks fail Date: Wed, 7 Feb 2024 09:26:34 -0800 Message-ID: <20240207172646.3981-15-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264378649659264 X-GMAIL-MSGID: 1790264378649659264 Refuse to virtualize FRED if FRED consistency checks fail. Suggested-by: Chao Gao Signed-off-by: Xin Li --- arch/x86/kvm/vmx/capabilities.h | 10 ++++++++++ arch/x86/kvm/vmx/vmx.c | 2 ++ 2 files changed, 12 insertions(+) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index e8f3ad0f79ee..73bf6618c425 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -400,6 +400,16 @@ static inline bool vmx_pebs_supported(void) return boot_cpu_has(X86_FEATURE_PEBS) && kvm_pmu_cap.pebs_ept; } +static inline bool cpu_has_vmx_fred(void) +{ + return boot_cpu_has(X86_FEATURE_FRED) && + (vmcs_config.basic & VMX_BASIC_NESTED_EXCEPTION) && + (vmcs_config.vmexit_ctrl & VM_EXIT_ACTIVATE_SECONDARY_CONTROLS) && + (vmcs_config.secondary_vmexit_ctrl & SECONDARY_VM_EXIT_SAVE_IA32_FRED) && + (vmcs_config.secondary_vmexit_ctrl & SECONDARY_VM_EXIT_LOAD_IA32_FRED) && + (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_FRED); +} + static inline bool cpu_has_notify_vmexit(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 1f265d526daf..a484b9ac2400 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8113,6 +8113,8 @@ static __init void vmx_set_cpu_caps(void) kvm_cpu_cap_check_and_set(X86_FEATURE_DS); kvm_cpu_cap_check_and_set(X86_FEATURE_DTES64); } + if (!cpu_has_vmx_fred()) + kvm_cpu_cap_clear(X86_FEATURE_FRED); if (!enable_pmu) kvm_cpu_cap_clear(X86_FEATURE_PDCM); From patchwork Wed Feb 7 17:26:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198009 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2409251dyb; Wed, 7 Feb 2024 10:06:20 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCV0xyppYCZG4eu2yhcKKz3mfYbFGMb3IccNN59j7aduwqWY/eBhK5p9SRSeY4xfyANQfeStpvYxWrri4LzjJiu0T1GdFw== X-Google-Smtp-Source: AGHT+IFTlzlmoGs8MeCKIKCt2D9S2lSg+ynyjOyW5MYiDtuQbCvi5f6T4jtCVpW2g9kyq9anGm72 X-Received: by 2002:a17:902:a38d:b0:1d7:2645:147e with SMTP id x13-20020a170902a38d00b001d72645147emr4869747pla.39.1707329180374; Wed, 07 Feb 2024 10:06:20 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329180; cv=pass; d=google.com; s=arc-20160816; b=MIwAQFmjvXE1/5cwkrNObtKvx/zsRx2lgFDi9zbN0a8Z1pcUY6oiNfmcqQtHYVbZRD m9z7Q4Yq+C8hl/GTTG3AcN80+Ai7itXjKOiVquZZLPH1a0Vh/mcHf3YKis4PYxlTjXE4 Zu2w1mCEiPo43JTAZQCzbpgZ1vi7lsHaCasiXYzUscdRZqBuo1fMtVmm3JfgEcgKXZd/ MUA2NhGxsciw6qOlPTkcTP1BZ4eHCXyIfl6SsBwL0QcJBsw7ZncAh8RHCl6QNpYBrXkT xPr3z4HZOB5/V9vWpidKs0SHRhrSCA805/QT2cNMrKeuYcmJOUIr0ATx+psAt1vekbYh OZqA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=oJSya1TJQCIfvD6khXix973w02pfwNBVjbEHTa0qnL0=; fh=KQFAZV4sg/jvofwYPbgSLi0d3n+PE3UgOOlKOJGJOWo=; b=l++dyDe+0YWtM+/fMdqARYd/xTqvi+MZOyR9RPI1PW2E/fIwQUy66YuFqrrdOY9YFH gRSBrW6YA4JYahgX+JtB/ybqssa16fyFVo551Fvdhd0q2RcPk5AAxCyXVJP8bEj69Dj7 APdtiePAIiEWUiVjdKe18xoP/LascziJaNXMAmKwlO6K+Skt6tdLFPxQUCgbLBcVmvLM YvwTr9E5JWl18qXi2TX8wU64fcbCmsPLqwDKet5tv7IElzWr4CriuiOO03csYX+my7O1 zoCi7e7JrlGnLgi40GpsYiI2jIyM+rSkev69KMSVkyF7jusw9EMEjjzPxCvt9bXVQB9x eQ+g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FuEdYOm1; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56869-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56869-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCWqc+Fs/hOdqmjazTrup7aM5upx7D6vWWzGEJmToQYK5KGRWYO6Dvhc/rUQnN1t/lIminIfxxiWZM9c4GCQnK7sCgAc/A== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id jb15-20020a170903258f00b001d936f175a2si1967006plb.594.2024.02.07.10.06.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:06:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56869-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FuEdYOm1; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56869-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56869-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B314328338C for ; Wed, 7 Feb 2024 18:06:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 248411350EC; Wed, 7 Feb 2024 17:59:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FuEdYOm1" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B67ED126F33; Wed, 7 Feb 2024 17:59:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328756; cv=none; b=R+hUCjPxLNSTjSD6XeWqXb6N1kmaaX7ooGWspu44ocH45a+7jgfrHdgHopygaugvevwOuIkjMvwJWCIv4Qv6fUZOPuaLi3vp7oJb5Wg1sTPTSvt8mObtoJ1ohVIDm+TKsAZjSP7TjKWXwCTIo07wieFlKLgrWUH8micX9VA6ukU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328756; c=relaxed/simple; bh=1XvBmM+YzYnVz9M1D4uwp8d1EPKb60Zx1bXRfvYrhEc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HW4kNut2LLSADrDRzTduatZ1Irnm/3FIwkZJmRflrkJzYH0fUzO3T/tTTGr3jLxPc2QTgI04B9JhApgxYAt6qaiBdJSKWaAF/gV9c0tj5y6Y2fkXygeQJb6AyAqPtzdYV9pTVRnkwbzL/S1Zful4ggl8sLjtzVm8tm+hVYGwLpo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FuEdYOm1; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328755; x=1738864755; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1XvBmM+YzYnVz9M1D4uwp8d1EPKb60Zx1bXRfvYrhEc=; b=FuEdYOm1jRH2qLR+AI0gR69esI/hL2nRpl/Uz7oDb2N0EnpmZE0bl/Yr 9WyPTU51wrboiSlH7oJBQMYnkEBdFw1gxXrfBiJ0ZPyBifAV8hRG6ja56 dq/DzDwjT/zoQAAyuZoMYjiE0QlcQR49ss0RhsULD5iyn39dgy7ckeXMl 2GpJlGQzG092vwBTkkjfGeqZD1wNmwg8+0RcMi7pG0xvC2o1jR9Wv38GR G19Dz2gjec1tTcj+ikNX2/T64jiQP5IETjz9lf1DEsEXd4MLK6i5uslL4 NRnuQBdNKXVLy9NMbm2Jq3389W/qmPFKRNSqqKKn6OhbJ7mKeEn+o/zZk A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622627" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622627" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020740" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:57 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 15/25] KVM: VMX: Dump FRED context in dump_vmcs() Date: Wed, 7 Feb 2024 09:26:35 -0800 Message-ID: <20240207172646.3981-16-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264402639267995 X-GMAIL-MSGID: 1790264402639267995 Add FRED related VMCS fields to dump_vmcs() to have it dump FRED context. Signed-off-by: Xin Li Tested-by: Shan Kang --- Change since v1: * Use kvm_cpu_cap_has() instead of cpu_feature_enabled() (Chao Gao). * Dump guest FRED states only if guest has FRED enabled (Nikolay Borisov). --- arch/x86/kvm/vmx/vmx.c | 46 +++++++++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a484b9ac2400..e3409607122d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6392,7 +6392,7 @@ void dump_vmcs(struct kvm_vcpu *vcpu) struct vcpu_vmx *vmx = to_vmx(vcpu); u32 vmentry_ctl, vmexit_ctl; u32 cpu_based_exec_ctrl, pin_based_exec_ctrl, secondary_exec_control; - u64 tertiary_exec_control; + u64 tertiary_exec_control, secondary_vmexit_ctl; unsigned long cr4; int efer_slot; @@ -6403,6 +6403,8 @@ void dump_vmcs(struct kvm_vcpu *vcpu) vmentry_ctl = vmcs_read32(VM_ENTRY_CONTROLS); vmexit_ctl = vmcs_read32(VM_EXIT_CONTROLS); + secondary_vmexit_ctl = cpu_has_secondary_vmexit_ctrls() ? + vmcs_read64(SECONDARY_VM_EXIT_CONTROLS) : 0; cpu_based_exec_ctrl = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL); pin_based_exec_ctrl = vmcs_read32(PIN_BASED_VM_EXEC_CONTROL); cr4 = vmcs_readl(GUEST_CR4); @@ -6449,6 +6451,19 @@ void dump_vmcs(struct kvm_vcpu *vcpu) vmx_dump_sel("LDTR:", GUEST_LDTR_SELECTOR); vmx_dump_dtsel("IDTR:", GUEST_IDTR_LIMIT); vmx_dump_sel("TR: ", GUEST_TR_SELECTOR); +#ifdef CONFIG_X86_64 + if (kvm_is_fred_enabled(vcpu)) { + pr_err("FRED guest: config=0x%016llx, stack levels=0x%016llx\n" + "RSP0=0x%016lx, RSP1=0x%016llx\n" + "RSP2=0x%016llx, RSP3=0x%016llx\n", + vmcs_read64(GUEST_IA32_FRED_CONFIG), + vmcs_read64(GUEST_IA32_FRED_STKLVLS), + read_msr(MSR_IA32_FRED_RSP0), + vmcs_read64(GUEST_IA32_FRED_RSP1), + vmcs_read64(GUEST_IA32_FRED_RSP2), + vmcs_read64(GUEST_IA32_FRED_RSP3)); + } +#endif efer_slot = vmx_find_loadstore_msr_slot(&vmx->msr_autoload.guest, MSR_EFER); if (vmentry_ctl & VM_ENTRY_LOAD_IA32_EFER) pr_err("EFER= 0x%016llx\n", vmcs_read64(GUEST_IA32_EFER)); @@ -6496,6 +6511,19 @@ void dump_vmcs(struct kvm_vcpu *vcpu) vmcs_readl(HOST_TR_BASE)); pr_err("GDTBase=%016lx IDTBase=%016lx\n", vmcs_readl(HOST_GDTR_BASE), vmcs_readl(HOST_IDTR_BASE)); +#ifdef CONFIG_X86_64 + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) { + pr_err("FRED host: config=0x%016llx, stack levels=0x%016llx\n" + "RSP0=0x%016llx, RSP1=0x%016llx\n" + "RSP2=0x%016llx, RSP3=0x%016llx\n", + vmcs_read64(HOST_IA32_FRED_CONFIG), + vmcs_read64(HOST_IA32_FRED_STKLVLS), + vmx->msr_host_fred_rsp0, + vmcs_read64(HOST_IA32_FRED_RSP1), + vmcs_read64(HOST_IA32_FRED_RSP2), + vmcs_read64(HOST_IA32_FRED_RSP3)); + } +#endif pr_err("CR0=%016lx CR3=%016lx CR4=%016lx\n", vmcs_readl(HOST_CR0), vmcs_readl(HOST_CR3), vmcs_readl(HOST_CR4)); @@ -6517,25 +6545,29 @@ void dump_vmcs(struct kvm_vcpu *vcpu) pr_err("*** Control State ***\n"); pr_err("CPUBased=0x%08x SecondaryExec=0x%08x TertiaryExec=0x%016llx\n", cpu_based_exec_ctrl, secondary_exec_control, tertiary_exec_control); - pr_err("PinBased=0x%08x EntryControls=%08x ExitControls=%08x\n", - pin_based_exec_ctrl, vmentry_ctl, vmexit_ctl); + pr_err("PinBased=0x%08x EntryControls=0x%08x\n", + pin_based_exec_ctrl, vmentry_ctl); + pr_err("ExitControls=0x%08x SecondaryExitControls=0x%016llx\n", + vmexit_ctl, secondary_vmexit_ctl); pr_err("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmcs_read32(EXCEPTION_BITMAP), vmcs_read32(PAGE_FAULT_ERROR_CODE_MASK), vmcs_read32(PAGE_FAULT_ERROR_CODE_MATCH)); - pr_err("VMEntry: intr_info=%08x errcode=%08x ilen=%08x\n", + pr_err("VMEntry: intr_info=%08x errcode=%08x ilen=%08x event data=%016llx\n", vmcs_read32(VM_ENTRY_INTR_INFO_FIELD), vmcs_read32(VM_ENTRY_EXCEPTION_ERROR_CODE), - vmcs_read32(VM_ENTRY_INSTRUCTION_LEN)); + vmcs_read32(VM_ENTRY_INSTRUCTION_LEN), + kvm_cpu_cap_has(X86_FEATURE_FRED) ? vmcs_read64(INJECTED_EVENT_DATA) : 0); pr_err("VMExit: intr_info=%08x errcode=%08x ilen=%08x\n", vmcs_read32(VM_EXIT_INTR_INFO), vmcs_read32(VM_EXIT_INTR_ERROR_CODE), vmcs_read32(VM_EXIT_INSTRUCTION_LEN)); pr_err(" reason=%08x qualification=%016lx\n", vmcs_read32(VM_EXIT_REASON), vmcs_readl(EXIT_QUALIFICATION)); - pr_err("IDTVectoring: info=%08x errcode=%08x\n", + pr_err("IDTVectoring: info=%08x errcode=%08x event data=%016llx\n", vmcs_read32(IDT_VECTORING_INFO_FIELD), - vmcs_read32(IDT_VECTORING_ERROR_CODE)); + vmcs_read32(IDT_VECTORING_ERROR_CODE), + kvm_cpu_cap_has(X86_FEATURE_FRED) ? vmcs_read64(ORIGINAL_EVENT_DATA) : 0); pr_err("TSC Offset = 0x%016llx\n", vmcs_read64(TSC_OFFSET)); if (secondary_exec_control & SECONDARY_EXEC_TSC_SCALING) pr_err("TSC Multiplier = 0x%016llx\n", From patchwork Wed Feb 7 17:26:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198010 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2409325dyb; Wed, 7 Feb 2024 10:06:26 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWRMSDaofPUSCcqP8iqkOqWmqviGVtlId7JRRImjCYIa1pCclrSUbE/jn8qgzxNYRu1cYTEP5rrzxsEh+51SuZpnXgSgA== X-Google-Smtp-Source: AGHT+IHIWNhklBKruOEvBg6UmfTAVucKFnPfbZty41+deHCBtDyYgkNT453QjHx7yUSAYpzfgAz9 X-Received: by 2002:a05:6512:70b:b0:511:46c0:d879 with SMTP id b11-20020a056512070b00b0051146c0d879mr4161956lfs.47.1707329186104; Wed, 07 Feb 2024 10:06:26 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329186; cv=pass; d=google.com; s=arc-20160816; b=g1IbZXK1TxCshw7qSkPzxKCLQ+giwjuKwi2dL0RE+Ui2eKCrMIB6yvV3QVDnlkzZrs 7gW87h+eePfeFuCxPp2b5aaeqvxpa9C3bPInWElPQDtYlk6zDE5g1gkjPu9ezeDSpLhh mX6nevbxyltKipIP0VPhXKVx+vC8yDKLIrZY0pKfV2pf8V7dQIHtf9+uLfn95KJj17BA gCa6CIG58uFGREOBH2HvsIvnXUpBDwmjzM39rYtsO+MhHNbxHObzHFymd7GGuXdmtH7n sLzKbOAnZIKt3KaF8ktv1ms4kmdIVErhjoBfC6c0ZAPbV7lJtJV3o+2rhhjMp6jNii6/ aRUA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=EUec2dPEGKl52G8SBBommKDjKc08dscdk9Rv3UI0bPE=; fh=bzWhc9vvo/fFGQyNnocwI+uV7cb2dNbcEATUP2+7hz8=; b=vZMhhzPchmFojWuuVrkX82vDRDfq12Epn7UDSJE4sHBcP1kopJuEQCnKgjKxkWntRl zJldH37ENoduycYlcKq0V98U3SzT/Lg1tA5pOziPe3o1nLcyNwOsaarMYZK2rixQmkO7 qBEXIZYIoVJTcxOBhqhofjPMhnyyLTekrJ4IKC7J+VrAbeGHu2JUVk/j0qzhNqQ6O2Af ZaIAhPafJAw4xlrHB05iavxeA8YTp9Sje3HQtfpMxKV40wbYD5KAw+AcKrNLCy1/uv7b mvSRkBAgmGB/Nb2KV8Sbxf6Ev7EpxrJFxff9L25hRZvALSqbKR0QJReLMGZbUtJpj65S ovwA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="MkP6UW/r"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56870-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56870-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCWcujaKi0pcwRoGMDLuCWqDG45Tt2UbxB7I7/2iIagAxwiNy5zP9HndaWU4jiR2jY/XBccC1ef36W2BGukAw1pMtsRCZg== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id i21-20020a1709061cd500b00a382a80b161si1183428ejh.381.2024.02.07.10.06.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:06:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56870-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="MkP6UW/r"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56870-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56870-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 13BA11F2143E for ; Wed, 7 Feb 2024 18:06:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7DF3E1350FA; Wed, 7 Feb 2024 17:59:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="MkP6UW/r" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0C48912E1FF; Wed, 7 Feb 2024 17:59:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328757; cv=none; b=XCSGxIPlIX0xUYnhGsN8k4qhDha/1mQgTWkyYyMRLXWBgfUbJ9XbHAZTFgxgwfNrXGvPpd08NVTx9pCG7wl72SxAEB7a7is68OpNMYDZG+3Qm2rlqDh0fpIJZzZKcodtDFNV3T9EdlhSWxEltkC/NyCI0nJ5jr77ngHhVhpPEXk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328757; c=relaxed/simple; bh=3pK7WhYRNrzUuExDIrRQm3nMz+8daA5Durxbr8goEqA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rZtypkzkCruF4+WtzOYcROMg4XRswVp+w/KiV5Pkt5D2IyB/I+A1LewlIl8jvFokHESKQ67+pIZo1yCqhxd3EncJswtjBpdv3TfD/50S35jtpEWxvd/NJMsmVt1Y+geGbSQaS9YwvDo99pkZqjdBEtDwPzJjiwurdYQMC5uqinY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=MkP6UW/r; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328756; x=1738864756; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=3pK7WhYRNrzUuExDIrRQm3nMz+8daA5Durxbr8goEqA=; b=MkP6UW/r7J2zFPdKcii71cIHypVuCxcYH4n9BtlYmiefG3pi82t5a3Oa bAjUhDe2W+0qGJFJhvsjNph6g6BSDk7PiaiS9niDXjo2qIyj/Ez0v/ksh 32cxftjDiDD3y5BWEh+uNOlP02A/Eu90grm69zlZKLB2aORKkilug60Ce 4kttSkCAhNpmAN/f1mgGZPT8GCHJz33eNpF9sJJL+JVCjg/neVJ8kSkrx 3mxo0jg7MRvXFoWJgE08tZjHBbrnS0u0sE+gTaA5lQxbTsK0tYEyWppeQ sxUCEbxZu1F+Zf3sXnRX4wx7U3kgj4X6zcD/eEjM7Q4p+fJ7AFv3quVdW Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622640" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622640" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020744" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:57 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 16/25] KVM: VMX: Invoke vmx_set_cpu_caps() before nested setup Date: Wed, 7 Feb 2024 09:26:36 -0800 Message-ID: <20240207172646.3981-17-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264408353579020 X-GMAIL-MSGID: 1790264408353579020 Set VMX CPU capabilities before initializing nested instead of after, as it needs to check VMX CPU capabilities to setup the VMX basic MSR for nested. Signed-off-by: Xin Li --- arch/x86/kvm/vmx/vmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index e3409607122d..fc808d599493 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8912,6 +8912,8 @@ static __init int hardware_setup(void) setup_default_sgx_lepubkeyhash(); + vmx_set_cpu_caps(); + if (nested) { nested_vmx_setup_ctls_msrs(&vmcs_config, vmx_capability.ept); @@ -8920,8 +8922,6 @@ static __init int hardware_setup(void) return r; } - vmx_set_cpu_caps(); - r = alloc_kvm_area(); if (r && nested) nested_vmx_hardware_unsetup(); From patchwork Wed Feb 7 17:26:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198016 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2410890dyb; Wed, 7 Feb 2024 10:08:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IE8VT5WjWahjHhiuaE4qBshz3krG66MPk+LlHJC9W3fxX2PL7nHOhohcLVl+qEu+hiKc5LS X-Received: by 2002:a05:6a21:1690:b0:19e:ac67:13a9 with SMTP id np16-20020a056a21169000b0019eac6713a9mr454616pzb.19.1707329308415; Wed, 07 Feb 2024 10:08:28 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329308; cv=pass; d=google.com; s=arc-20160816; b=hoqOxzCl96po1xKqSZniFkkQLPuRmXI0JW7tiFZ2OFLOt9+MtgshNOFNBKEFjn8d/y qZEt5KziaTwGc6VndzECm+PFR2ZnyPUUEZr9Yd0P4eDvVo+GeywC9NYntMMdkFzlgUls 3V2ltcQ/rb77gymLBsoj8Jkryl1o9TFUc3RcLtS5yVOnQU6kA3//0YexU1KAzicdCkv4 wTFGHk2zIFhzw7YQo5kJEC9eFCqpaBVQq4v1EJ5xRN4AB0RD3Ad15bRmyu1hcmfpmyTI YVQ5KHCPSu/UFflNAUbHFJ24cobVjH0PvTCf5fj0HdNLZ/Ff54AuKoyhFeAkuf2mY3pb 3mXw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=Jr2ba+8GqYghvsRyvTxsCd3lhjIURIZWbLA8KIkWJkc=; fh=zxdHXOZl11ZeN4WgOEmYT1IzQ9RS/wDWXXVvHDaw3Us=; b=sAbT1Zj8pqI4WG+oe0jvcSpTm0oRsAbl5GyCbJRVzStmGuu1rHGvFGzAA4cFcPm3Q1 svKxyGBuaG9JJldatO8xM8ZYA4ZZpzhRywy338TDyHtVmkDt/hZ6O3HN4iAA/qbeTWo+ 5Qb5xxpu5uUe2E//P8/2mcfmj0JYiRhCA8+J0k/Zi67RUXj4I59YR/FXwdxs8EEWqo6X 4ygOifo54meV1bb6I9JToX+dxBVjC1NrRl+mx1N/eOtMPmEdtImD14k1DKNT09A88BI5 AdLw5CeHssmuY04Vg7wUoLf49/+1jMp/B5q0ZIrVxTdBMKQBGlWSi145/oQXWJcxkDIF ijzA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Rn+Q2Da6; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56873-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56873-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCXu8SdHDTgYgkliLvBQ3/55Jy1fwcCyuk7zAxvBiXOwnaa6Gnl8q4CrfdMBRHLEYf7dwWkch6Vx51/iUrr4xUmB/OGRzQ== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id bt22-20020a056a00439600b006e06d644ee9si1382564pfb.282.2024.02.07.10.08.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:08:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56873-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Rn+Q2Da6; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56873-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56873-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 2FA7728303D for ; Wed, 7 Feb 2024 18:08:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E664A137C50; Wed, 7 Feb 2024 17:59:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Rn+Q2Da6" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 52EF912EBF0; Wed, 7 Feb 2024 17:59:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328762; cv=none; b=KBq6blAsaoJC8HofcUm4S1Qg0CbCo6EFQ4L+Gba5QYYmY7aWl620GYKqKVCxj6QL8ezgmd2cp3zE04M4xCSzV/GgPetkxo2qhL8YdFs1pIZjLcwLU+WaucLTh9CxzrW+SzAhGqo/DbVmxL5J2GbIEFJKgVvDn/d93tB1Ku2/XLY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328762; c=relaxed/simple; bh=USb5Ju1kxbbARTyuAyo5ZcKDfqzzPCpBdNzGP1yedVA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ueNNWiI8X0ST4cvCpa/PYVQ7sDfFH8kBq7QQmmJNpNBig6hZe1bBuh9np9VoRbrLy4zeKsFJX5kWVku997Y8ZeL+ZL2K5m8oK9lroaGSY0+ZSlaEvouvszJzDur4BrnpFISRMehNM+9FqwzU7ipK0fUUvPIMvRMnpoqGFQ6wBrY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Rn+Q2Da6; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328757; x=1738864757; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=USb5Ju1kxbbARTyuAyo5ZcKDfqzzPCpBdNzGP1yedVA=; b=Rn+Q2Da6qCkY/kpr+0pQ2Hsm0dSkq6ZZkpJwGteBpVVqWTs+f8evJjSM nIVPKirRfs/FQ075N+RcaG1jmX/vdOZYV0bmqSuP2NPEvBifTJ3ukMYC5 aIAfek1qTXze7VIVWHOKeNsG8QZxYjefVBX015M80P4AUnP7ENEl1R19N 5rUZJ54p+TzhZg6XsqFdEXEfMLHjiaNN81jzvo1E4X2wn5UsQmH/Tg2m5 0jodA2mJSBT/b99Az4I4tCEl6vaa1qWUEVoz9++ecdrUthRMsEgRKkHA6 R76UWdwNSgRSXP4qan1nLGtTcQdE8rUX1XLDkBSCnX53mxKXj/AmCqqZI Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622644" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622644" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020748" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:57 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 17/25] KVM: nVMX: Add support for the secondary VM exit controls Date: Wed, 7 Feb 2024 09:26:37 -0800 Message-ID: <20240207172646.3981-18-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264537147876895 X-GMAIL-MSGID: 1790264537147876895 Enable the secondary VM exit controls to prepare for nested FRED. Signed-off-by: Xin Li Tested-by: Shan Kang --- Documentation/virt/kvm/x86/nested-vmx.rst | 1 + arch/x86/kvm/vmx/capabilities.h | 1 + arch/x86/kvm/vmx/nested.c | 15 ++++++++++++++- arch/x86/kvm/vmx/vmcs12.c | 1 + arch/x86/kvm/vmx/vmcs12.h | 2 ++ arch/x86/kvm/x86.h | 2 +- 6 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Documentation/virt/kvm/x86/nested-vmx.rst b/Documentation/virt/kvm/x86/nested-vmx.rst index ac2095d41f02..e64ef231f310 100644 --- a/Documentation/virt/kvm/x86/nested-vmx.rst +++ b/Documentation/virt/kvm/x86/nested-vmx.rst @@ -217,6 +217,7 @@ struct shadow_vmcs is ever changed. u16 host_fs_selector; u16 host_gs_selector; u16 host_tr_selector; + u64 secondary_vm_exit_controls; }; diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index 73bf6618c425..b41c2cde811d 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -38,6 +38,7 @@ struct nested_vmx_msrs { u32 pinbased_ctls_high; u32 exit_ctls_low; u32 exit_ctls_high; + u64 secondary_exit_ctls; u32 entry_ctls_low; u32 entry_ctls_high; u32 misc_low; diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 8a5fda04e2de..1132e360ff13 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1431,6 +1431,7 @@ int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) case MSR_IA32_VMX_PINBASED_CTLS: case MSR_IA32_VMX_PROCBASED_CTLS: case MSR_IA32_VMX_EXIT_CTLS: + case MSR_IA32_VMX_EXIT_CTLS2: case MSR_IA32_VMX_ENTRY_CTLS: /* * The "non-true" VMX capability MSRs are generated from the @@ -1509,6 +1510,9 @@ int vmx_get_vmx_msr(struct nested_vmx_msrs *msrs, u32 msr_index, u64 *pdata) if (msr_index == MSR_IA32_VMX_EXIT_CTLS) *pdata |= VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR; break; + case MSR_IA32_VMX_EXIT_CTLS2: + *pdata = msrs->secondary_exit_ctls; + break; case MSR_IA32_VMX_TRUE_ENTRY_CTLS: case MSR_IA32_VMX_ENTRY_CTLS: *pdata = vmx_control_msr( @@ -2443,6 +2447,11 @@ static void prepare_vmcs02_early(struct vcpu_vmx *vmx, struct loaded_vmcs *vmcs0 exec_control &= ~VM_EXIT_LOAD_IA32_EFER; vm_exit_controls_set(vmx, exec_control); + if (exec_control & VM_EXIT_ACTIVATE_SECONDARY_CONTROLS) { + exec_control = __secondary_vm_exit_controls_get(vmcs01); + secondary_vm_exit_controls_set(vmx, exec_control); + } + /* * Interrupt/Exception Fields */ @@ -6856,13 +6865,17 @@ static void nested_vmx_setup_exit_ctls(struct vmcs_config *vmcs_conf, VM_EXIT_HOST_ADDR_SPACE_SIZE | #endif VM_EXIT_LOAD_IA32_PAT | VM_EXIT_SAVE_IA32_PAT | - VM_EXIT_CLEAR_BNDCFGS; + VM_EXIT_CLEAR_BNDCFGS | VM_EXIT_ACTIVATE_SECONDARY_CONTROLS; msrs->exit_ctls_high |= VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR | VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER | VM_EXIT_SAVE_VMX_PREEMPTION_TIMER | VM_EXIT_ACK_INTR_ON_EXIT | VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL; + /* secondary exit controls */ + if (msrs->exit_ctls_high & VM_EXIT_ACTIVATE_SECONDARY_CONTROLS) + rdmsrl(MSR_IA32_VMX_EXIT_CTLS2, msrs->secondary_exit_ctls); + /* We support free control of debug control saving. */ msrs->exit_ctls_low &= ~VM_EXIT_SAVE_DEBUG_CONTROLS; } diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c index 106a72c923ca..98457d7b2b23 100644 --- a/arch/x86/kvm/vmx/vmcs12.c +++ b/arch/x86/kvm/vmx/vmcs12.c @@ -73,6 +73,7 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(PAGE_FAULT_ERROR_CODE_MATCH, page_fault_error_code_match), FIELD(CR3_TARGET_COUNT, cr3_target_count), FIELD(VM_EXIT_CONTROLS, vm_exit_controls), + FIELD(SECONDARY_VM_EXIT_CONTROLS, secondary_vm_exit_controls), FIELD(VM_EXIT_MSR_STORE_COUNT, vm_exit_msr_store_count), FIELD(VM_EXIT_MSR_LOAD_COUNT, vm_exit_msr_load_count), FIELD(VM_ENTRY_CONTROLS, vm_entry_controls), diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h index 01936013428b..f50f897b9b5f 100644 --- a/arch/x86/kvm/vmx/vmcs12.h +++ b/arch/x86/kvm/vmx/vmcs12.h @@ -185,6 +185,7 @@ struct __packed vmcs12 { u16 host_gs_selector; u16 host_tr_selector; u16 guest_pml_index; + u64 secondary_vm_exit_controls; }; /* @@ -358,6 +359,7 @@ static inline void vmx_check_vmcs12_offsets(void) CHECK_OFFSET(host_gs_selector, 992); CHECK_OFFSET(host_tr_selector, 994); CHECK_OFFSET(guest_pml_index, 996); + CHECK_OFFSET(secondary_vm_exit_controls, 998); } extern const unsigned short vmcs12_field_offsets[]; diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index c1f1d5696080..498bb6090b1e 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -47,7 +47,7 @@ void kvm_spurious_fault(void); * associated feature that KVM supports for nested virtualization. */ #define KVM_FIRST_EMULATED_VMX_MSR MSR_IA32_VMX_BASIC -#define KVM_LAST_EMULATED_VMX_MSR MSR_IA32_VMX_VMFUNC +#define KVM_LAST_EMULATED_VMX_MSR MSR_IA32_VMX_EXIT_CTLS2 #define KVM_DEFAULT_PLE_GAP 128 #define KVM_VMX_DEFAULT_PLE_WINDOW 4096 From patchwork Wed Feb 7 17:26:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198018 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2411129dyb; Wed, 7 Feb 2024 10:08:47 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXs/ln7DK2lpJg2kcqog3NnucGsdulkC/fjFhHL6n86oLxFjxxj1zHDs58L42ZpRt3htweHePgGb51f99Tr+vLS9m9HsQ== X-Google-Smtp-Source: AGHT+IEUPktNEgfrSjA3GH6oMNM6zqDWi6mf06UPFlj2r/AZDWHFvRzbC6A9qJ1eWzR3a62zhRmO X-Received: by 2002:a05:6830:111a:b0:6d9:d841:8071 with SMTP id w26-20020a056830111a00b006d9d8418071mr6537188otq.0.1707329327714; Wed, 07 Feb 2024 10:08:47 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329327; cv=pass; d=google.com; s=arc-20160816; b=zdGqP7rSs4bjDhTrmdYfZWX2P81VBMJXxvCHyO4MLT8azBF/i/0q5EzdP7W2enZLv9 DvpH43tYPgVbpG1sdX/wAzxhpwJG10s01w09PYOHqszwz3p6fp53p6pLvgBe+neo/D25 ZYDYZZSJqN0hspq3XiotwH9AG8I8gMgHCGTqgtBs4Z+yYikgq4Nd5ZBZAX6zXunnyDjp YX5aMdnFpCaJPbbhG62GE7kxV0tDn1wHgPFeRuBvYbeI7mLIAs2/WQHdlsd3eWgq8s0z Zyudrtpxp8Q/aWoHE6ujwQXrpYbC5uyiI+Y3cNgaQ3Qq2dQSivI4pJ2UAnpqBvF2p9BX VH7w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=MG120uJczA3urCp3JXo20gLwqosL2kXYoQUlITMEX5I=; fh=Yjg/vsxUQAAjaaP+kDdMOsedBIe9ZIJB6W75bauApJg=; b=LrR+tJMfq8wFyw6togF6liogAPXVD3AhmTxqNK34klSnXyZdQh/vDgxIkfssW2Y+9n OvUtBK1TH9K3KxEzZV/PW1Tkb7MgJda71A1igV1+2RUNdanp65PvQgRuHVw39ecgNV7Y DuU6cLk2qA37i7Yd9jAMegAnWnnAIywdgZcHWrstabn2l4ghVeiQmUGWHxPzwSwQk4bD OtLScIs45SBPKeZvmT+5DqA8sKAkmrTm94hiuFQc0o56wkjC0p8eMVYDVXfLmK34Za+N TIX730Q6E/ArSyF/JDq0/oq3d1I3687DSnjTrjocxJAiVYVeyQ/ePuDgPcU0yiUWXLmK ZYyQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=WcN3sbci; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56874-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56874-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCX0rnwmgQFFSHDzvgmABLivcwbpM2SSF8rCyxN5A4hHcGFNomW8eLqpOzUF1G0DSKHkG2Z2r0p2LNkte2CDui0d/ot24Q== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d5-20020a9d5e05000000b006e2b8e06854si777902oti.305.2024.02.07.10.08.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:08:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56874-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=WcN3sbci; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56874-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56874-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 6E989283D1E for ; Wed, 7 Feb 2024 18:08:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BF394138494; Wed, 7 Feb 2024 17:59:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="WcN3sbci" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 866B612F365; Wed, 7 Feb 2024 17:59:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328762; cv=none; b=op7HQquZtY9CLuw1QnlGQ4oxin/Jrjt9Z3m1aCVQOv2QuKWxveXq7ewnnKJ7DhO4n5rxv9nuomFprsELjMNmuiTqrd3xkETooKt/4aX/oZU1/tlTf3m1kOU67n/eHN1k/2F6wmRgd1tA9JIVPOjatyaEbIZuSBNRFk8qpFbmZWI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328762; c=relaxed/simple; bh=3apt9vZ3hftEsa5TOJ4CT5yROR6mgWfUiQ1RR21TjI0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Sr/tFkHGhJy3xlcSg8uMewQMEHiF9prDSU6VvgstJyqGJ4s9ypDVu/HSLwsfMCPn6LuvP0W/h8Lk5+Cq8NHPEl2pSLJ8i/FwHun4t67g9R8jmmI72M1fq6y1NrhB/CVattcfwrldn0JQqU3YRd1e/ixgO1/EXrLo3pt3V0SEEjY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=WcN3sbci; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328757; x=1738864757; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=3apt9vZ3hftEsa5TOJ4CT5yROR6mgWfUiQ1RR21TjI0=; b=WcN3sbcie59lKDTVRRElcgrHfXl/2IcqP1mwllzS2CtQzjG0q8drVYRa hL0GuI4EHjG4gQVsb4hXP6UwAZjCy7UtJl7tr1jBJD8QVj6dwTwhWsMus rOYm9HxIHknVDjHgJFtn4ssdTKkWILaIuJmdVejWmxaTpXuVrvRfAo4as XLxn/mvOWw2IJdl0Y9Eej5HezoSps0oFe+urYHinFwnDhZNMs8l6peX2F k6ThYcmx0dr6R+58OT9uoIZMltL8Wa0AGcBAJ+AJyZFHu91wUJSc3QVUm FAZSK2b4iomrk+36OOy/6+sa/AhoY2uORNhGTWdcdfMKfZTbTLDZ5rY/C g==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622651" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622651" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020752" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:58 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 18/25] KVM: nVMX: Add a prerequisite to SHADOW_FIELD_R[OW] macros Date: Wed, 7 Feb 2024 09:26:38 -0800 Message-ID: <20240207172646.3981-19-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264557233450451 X-GMAIL-MSGID: 1790264557233450451 Add a prerequisite for accessing VMCS fields referenced in macros SHADOW_FIELD_R[OW], because a VMCS field may not exist on some CPUs. Signed-off-by: Xin Li --- arch/x86/kvm/vmx/nested.c | 70 ++++++++++++++++++------ arch/x86/kvm/vmx/vmcs_shadow_fields.h | 76 +++++++++++++-------------- 2 files changed, 91 insertions(+), 55 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 1132e360ff13..94da6a0a2f81 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -53,14 +53,14 @@ struct shadow_vmcs_field { u16 offset; }; static struct shadow_vmcs_field shadow_read_only_fields[] = { -#define SHADOW_FIELD_RO(x, y) { x, offsetof(struct vmcs12, y) }, +#define SHADOW_FIELD_RO(x, y, c) { x, offsetof(struct vmcs12, y) }, #include "vmcs_shadow_fields.h" }; static int max_shadow_read_only_fields = ARRAY_SIZE(shadow_read_only_fields); static struct shadow_vmcs_field shadow_read_write_fields[] = { -#define SHADOW_FIELD_RW(x, y) { x, offsetof(struct vmcs12, y) }, +#define SHADOW_FIELD_RW(x, y, c) { x, offsetof(struct vmcs12, y) }, #include "vmcs_shadow_fields.h" }; static int max_shadow_read_write_fields = @@ -83,6 +83,17 @@ static void init_vmcs_shadow_fields(void) pr_err("Missing field from shadow_read_only_field %x\n", field + 1); + switch (field) { +#define SHADOW_FIELD_RO(x, y, c) \ + case x: \ + if (!(c)) \ + continue; \ + break; +#include "vmcs_shadow_fields.h" + default: + break; + } + clear_bit(field, vmx_vmread_bitmap); if (field & 1) #ifdef CONFIG_X86_64 @@ -114,18 +125,12 @@ static void init_vmcs_shadow_fields(void) * on bare metal. */ switch (field) { - case GUEST_PML_INDEX: - if (!cpu_has_vmx_pml()) - continue; - break; - case VMX_PREEMPTION_TIMER_VALUE: - if (!cpu_has_vmx_preemption_timer()) - continue; - break; - case GUEST_INTR_STATUS: - if (!cpu_has_vmx_apicv()) - continue; +#define SHADOW_FIELD_RW(x, y, c) \ + case x: \ + if (!(c)) \ + continue; \ break; +#include "vmcs_shadow_fields.h" default: break; } @@ -1585,6 +1590,18 @@ static void copy_shadow_to_vmcs12(struct vcpu_vmx *vmx) for (i = 0; i < max_shadow_read_write_fields; i++) { field = shadow_read_write_fields[i]; + + switch (field.encoding) { +#define SHADOW_FIELD_RW(x, y, c) \ + case x: \ + if (!(c)) \ + continue; \ + break; +#include "vmcs_shadow_fields.h" + default: + break; + } + val = __vmcs_readl(field.encoding); vmcs12_write_any(vmcs12, field.encoding, field.offset, val); } @@ -1619,6 +1636,23 @@ static void copy_vmcs12_to_shadow(struct vcpu_vmx *vmx) for (q = 0; q < ARRAY_SIZE(fields); q++) { for (i = 0; i < max_fields[q]; i++) { field = fields[q][i]; + + switch (field.encoding) { +#define SHADOW_FIELD_RO(x, y, c) \ + case x: \ + if (!(c)) \ + continue; \ + break; +#define SHADOW_FIELD_RW(x, y, c) \ + case x: \ + if (!(c)) \ + continue; \ + break; +#include "vmcs_shadow_fields.h" + default: + break; + } + val = vmcs12_read_any(vmcs12, field.encoding, field.offset); __vmcs_writel(field.encoding, val); @@ -5492,9 +5526,10 @@ static int handle_vmread(struct kvm_vcpu *vcpu) static bool is_shadow_field_rw(unsigned long field) { switch (field) { -#define SHADOW_FIELD_RW(x, y) case x: +#define SHADOW_FIELD_RW(x, y, c) \ + case x: \ + return c; #include "vmcs_shadow_fields.h" - return true; default: break; } @@ -5504,9 +5539,10 @@ static bool is_shadow_field_rw(unsigned long field) static bool is_shadow_field_ro(unsigned long field) { switch (field) { -#define SHADOW_FIELD_RO(x, y) case x: +#define SHADOW_FIELD_RO(x, y, c) \ + case x: \ + return c; #include "vmcs_shadow_fields.h" - return true; default: break; } diff --git a/arch/x86/kvm/vmx/vmcs_shadow_fields.h b/arch/x86/kvm/vmx/vmcs_shadow_fields.h index cad128d1657b..7f48056fe351 100644 --- a/arch/x86/kvm/vmx/vmcs_shadow_fields.h +++ b/arch/x86/kvm/vmx/vmcs_shadow_fields.h @@ -3,10 +3,10 @@ BUILD_BUG_ON(1) #endif #ifndef SHADOW_FIELD_RO -#define SHADOW_FIELD_RO(x, y) +#define SHADOW_FIELD_RO(x, y, c) #endif #ifndef SHADOW_FIELD_RW -#define SHADOW_FIELD_RW(x, y) +#define SHADOW_FIELD_RW(x, y, c) #endif /* @@ -32,48 +32,48 @@ BUILD_BUG_ON(1) */ /* 16-bits */ -SHADOW_FIELD_RW(GUEST_INTR_STATUS, guest_intr_status) -SHADOW_FIELD_RW(GUEST_PML_INDEX, guest_pml_index) -SHADOW_FIELD_RW(HOST_FS_SELECTOR, host_fs_selector) -SHADOW_FIELD_RW(HOST_GS_SELECTOR, host_gs_selector) +SHADOW_FIELD_RW(GUEST_INTR_STATUS, guest_intr_status, cpu_has_vmx_apicv()) +SHADOW_FIELD_RW(GUEST_PML_INDEX, guest_pml_index, cpu_has_vmx_pml()) +SHADOW_FIELD_RW(HOST_FS_SELECTOR, host_fs_selector, true) +SHADOW_FIELD_RW(HOST_GS_SELECTOR, host_gs_selector, true) /* 32-bits */ -SHADOW_FIELD_RO(VM_EXIT_REASON, vm_exit_reason) -SHADOW_FIELD_RO(VM_EXIT_INTR_INFO, vm_exit_intr_info) -SHADOW_FIELD_RO(VM_EXIT_INSTRUCTION_LEN, vm_exit_instruction_len) -SHADOW_FIELD_RO(IDT_VECTORING_INFO_FIELD, idt_vectoring_info_field) -SHADOW_FIELD_RO(IDT_VECTORING_ERROR_CODE, idt_vectoring_error_code) -SHADOW_FIELD_RO(VM_EXIT_INTR_ERROR_CODE, vm_exit_intr_error_code) -SHADOW_FIELD_RO(GUEST_CS_AR_BYTES, guest_cs_ar_bytes) -SHADOW_FIELD_RO(GUEST_SS_AR_BYTES, guest_ss_ar_bytes) -SHADOW_FIELD_RW(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control) -SHADOW_FIELD_RW(PIN_BASED_VM_EXEC_CONTROL, pin_based_vm_exec_control) -SHADOW_FIELD_RW(EXCEPTION_BITMAP, exception_bitmap) -SHADOW_FIELD_RW(VM_ENTRY_EXCEPTION_ERROR_CODE, vm_entry_exception_error_code) -SHADOW_FIELD_RW(VM_ENTRY_INTR_INFO_FIELD, vm_entry_intr_info_field) -SHADOW_FIELD_RW(VM_ENTRY_INSTRUCTION_LEN, vm_entry_instruction_len) -SHADOW_FIELD_RW(TPR_THRESHOLD, tpr_threshold) -SHADOW_FIELD_RW(GUEST_INTERRUPTIBILITY_INFO, guest_interruptibility_info) -SHADOW_FIELD_RW(VMX_PREEMPTION_TIMER_VALUE, vmx_preemption_timer_value) +SHADOW_FIELD_RO(VM_EXIT_REASON, vm_exit_reason, true) +SHADOW_FIELD_RO(VM_EXIT_INTR_INFO, vm_exit_intr_info, true) +SHADOW_FIELD_RO(VM_EXIT_INSTRUCTION_LEN, vm_exit_instruction_len, true) +SHADOW_FIELD_RO(VM_EXIT_INTR_ERROR_CODE, vm_exit_intr_error_code, true) +SHADOW_FIELD_RO(IDT_VECTORING_INFO_FIELD, idt_vectoring_info_field, true) +SHADOW_FIELD_RO(IDT_VECTORING_ERROR_CODE, idt_vectoring_error_code, true) +SHADOW_FIELD_RO(GUEST_CS_AR_BYTES, guest_cs_ar_bytes, true) +SHADOW_FIELD_RO(GUEST_SS_AR_BYTES, guest_ss_ar_bytes, true) +SHADOW_FIELD_RW(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control, true) +SHADOW_FIELD_RW(PIN_BASED_VM_EXEC_CONTROL, pin_based_vm_exec_control, true) +SHADOW_FIELD_RW(EXCEPTION_BITMAP, exception_bitmap, true) +SHADOW_FIELD_RW(VM_ENTRY_EXCEPTION_ERROR_CODE, vm_entry_exception_error_code, true) +SHADOW_FIELD_RW(VM_ENTRY_INTR_INFO_FIELD, vm_entry_intr_info_field, true) +SHADOW_FIELD_RW(VM_ENTRY_INSTRUCTION_LEN, vm_entry_instruction_len, true) +SHADOW_FIELD_RW(TPR_THRESHOLD, tpr_threshold, true) +SHADOW_FIELD_RW(GUEST_INTERRUPTIBILITY_INFO, guest_interruptibility_info, true) +SHADOW_FIELD_RW(VMX_PREEMPTION_TIMER_VALUE, vmx_preemption_timer_value, cpu_has_vmx_preemption_timer()) /* Natural width */ -SHADOW_FIELD_RO(EXIT_QUALIFICATION, exit_qualification) -SHADOW_FIELD_RO(GUEST_LINEAR_ADDRESS, guest_linear_address) -SHADOW_FIELD_RW(GUEST_RIP, guest_rip) -SHADOW_FIELD_RW(GUEST_RSP, guest_rsp) -SHADOW_FIELD_RW(GUEST_CR0, guest_cr0) -SHADOW_FIELD_RW(GUEST_CR3, guest_cr3) -SHADOW_FIELD_RW(GUEST_CR4, guest_cr4) -SHADOW_FIELD_RW(GUEST_RFLAGS, guest_rflags) -SHADOW_FIELD_RW(CR0_GUEST_HOST_MASK, cr0_guest_host_mask) -SHADOW_FIELD_RW(CR0_READ_SHADOW, cr0_read_shadow) -SHADOW_FIELD_RW(CR4_READ_SHADOW, cr4_read_shadow) -SHADOW_FIELD_RW(HOST_FS_BASE, host_fs_base) -SHADOW_FIELD_RW(HOST_GS_BASE, host_gs_base) +SHADOW_FIELD_RO(EXIT_QUALIFICATION, exit_qualification, true) +SHADOW_FIELD_RO(GUEST_LINEAR_ADDRESS, guest_linear_address, true) +SHADOW_FIELD_RW(GUEST_RIP, guest_rip, true) +SHADOW_FIELD_RW(GUEST_RSP, guest_rsp, true) +SHADOW_FIELD_RW(GUEST_CR0, guest_cr0, true) +SHADOW_FIELD_RW(GUEST_CR3, guest_cr3, true) +SHADOW_FIELD_RW(GUEST_CR4, guest_cr4, true) +SHADOW_FIELD_RW(GUEST_RFLAGS, guest_rflags, true) +SHADOW_FIELD_RW(CR0_GUEST_HOST_MASK, cr0_guest_host_mask, true) +SHADOW_FIELD_RW(CR0_READ_SHADOW, cr0_read_shadow, true) +SHADOW_FIELD_RW(CR4_READ_SHADOW, cr4_read_shadow, true) +SHADOW_FIELD_RW(HOST_FS_BASE, host_fs_base, true) +SHADOW_FIELD_RW(HOST_GS_BASE, host_gs_base, true) /* 64-bit */ -SHADOW_FIELD_RO(GUEST_PHYSICAL_ADDRESS, guest_physical_address) -SHADOW_FIELD_RO(GUEST_PHYSICAL_ADDRESS_HIGH, guest_physical_address) +SHADOW_FIELD_RO(GUEST_PHYSICAL_ADDRESS, guest_physical_address, true) +SHADOW_FIELD_RO(GUEST_PHYSICAL_ADDRESS_HIGH, guest_physical_address, true) #undef SHADOW_FIELD_RO #undef SHADOW_FIELD_RW From patchwork Wed Feb 7 17:26:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198019 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2411690dyb; Wed, 7 Feb 2024 10:09:31 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWQJZS39zAC9hJP5kHSP61QTORIn9arHoN+ZRUYUUaMh/wglghdV5bSXYzkBMWFniKGLLauVjMDN/zzRGN73TvQDEt4Jg== X-Google-Smtp-Source: AGHT+IEASYfdNdv07pAjjqDDsR8RXR6JsiI36GrxIHD8pTZaQRrS4FxhuhdHr6mnS1FQpOVPhvhT X-Received: by 2002:a05:620a:11b7:b0:785:4ecd:116b with SMTP id c23-20020a05620a11b700b007854ecd116bmr382894qkk.11.1707329370853; Wed, 07 Feb 2024 10:09:30 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329370; cv=pass; d=google.com; s=arc-20160816; b=DUyNWilAdY6ZyTXYQiA19kU4OGh3I/9e+l3C/isfF/Fl9dM7SRtJDe1yFrzMpOd8WM 4Z73+aM/HhvjHhSzOq2puLZzhTIEbinbYa0U1qqk31p/p/1R3lOy9bl0lP2x4pMDYxss eK/Jiw9G+fE3ExxVa52o8hcFDlxFTfwr8qlXbOWu5jsYVb0zwknDd8TAdLyRtJX6u/da EkLk9CLGyVLU9Wt/jdYTe4h30zsk+jyBIXqmGvO37MZuyucat/auVq0PbKHlx9sP8sLp WKriNuj133mR2vvp1bO4PwUev3J1Rk8t6zq/wi1xa6V4nkTbMmBsYgLKhH5Xs+UPnfdP Ws+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=OvbTOw5Q0sR/YEX1+aqU7Xz3FoyjFpdCR8TU07HqMvg=; fh=1MD4LZgm4haIhmjeEF5Wthds3ifqzaKwDdFYLk7e5Tc=; b=R/8axdyoWTuIk6q++jhiIzj5BdEAgRTyZK+RT/t+8DXzkiXbUohfjv5CIugJ9sp99q N2gKi0UXdoX2WrqAqAjq9C+Gf0lNrLhKrTk/crJ1PY4KiFNy/DOPR9ku2B8148/9e0YB RXO2ikuImYD9jrem5zTW4kfENKz/9QOTcXg6x/koxVuBCfGBv8tbQexfidbyF7zbG69L bHEIGZRkXcQsF/mJIEFya69kl/siUSnD0JOqQio+lOnhqDjCP8iJ8yphLe8BRNzcREm3 U14jI8EBFOyu5O/OfVQnzwnQ95S42vlOZGQKMj2NLWZuqXZ865Y5Rx2hXAo2F8rAmpuu cJMw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=dmPJLWKC; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56875-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56875-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCU1aFXwSOi6QDSBCAXY6lP8AUpH+u9fbAvI0p5olN03R/Ri+mI4nmUgTS7yD7KKBdJOxghc3JKx5z8aNYwTpf4OKabSJA== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d1-20020a05622a100100b0042c43f8f5d3si1060414qte.145.2024.02.07.10.09.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:09:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56875-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=dmPJLWKC; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56875-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56875-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 8DDAC1C20C86 for ; Wed, 7 Feb 2024 18:09:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 175B81386CC; Wed, 7 Feb 2024 17:59:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dmPJLWKC" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D0F9D132C0B; Wed, 7 Feb 2024 17:59:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328763; cv=none; b=dvVOLoQ4/zF2Ym90rrm2tuS+0P1yJuXKbanwh6A0xMpk2MBNuOb+5Wn1suidqLuhb81TsepqPKUrEPidlJVKjEwL8bCPCuRv2cn9Amm48ha9LzYbtWDCiW5fuE3avic2LiCbtXQNSCecidg1UJ0dLcQBuyd8c8T1uA1UK6Nw0Xg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328763; c=relaxed/simple; bh=YtO5DWyhvAtwXcTgipQxc/ReOppALwE6U4QgY3DH1UI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NrzkPeJnVcUfHAYTEhKMxNQaXMkR/wQc849akw7futdh1iisXQUq/scwnHxdkelvrNJSK4B+3cMP5ojyiX5gaSWcTGdwfK+Nk+Fvqvb2H4Jy7YzxeynCYUbCWrCXE79e3uXxacfuiENGdxA8Dj94qIUtfFP9SOhtiKjykoZC7Jk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=dmPJLWKC; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328758; x=1738864758; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=YtO5DWyhvAtwXcTgipQxc/ReOppALwE6U4QgY3DH1UI=; b=dmPJLWKCtYIFUriIpSKn5pfOkhA5cMfZHBuSlB/cXeSwCcNjZZ1EhiWt LEzTRxJf9X67cdzHtkAMkrnz8uiUbBbATuiPZ0QBZHtJEfU4fOefNuM/n xQ+mcGjva2ol1XwM57Ewk19yNU/jsjX18JcMWu3CB3LQWavfuOUhwYmwF 5A287osD31le2ryi+CtH/b70XuVutLndF8N/7oBriptHe3YWDUg977V03 KgWo4151zmVNdcuceGDh4EvBRQhuHPsDYkiFSMJbpuDVTGhRa64haVqhV tCPyMWmpjAwnDYpspuco1fcmWuDBf8rZ0sjaNDEzlX3IRYiKFAfeU0i3n g==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622657" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622657" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:58:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020755" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:58 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 19/25] KVM: nVMX: Add FRED VMCS fields Date: Wed, 7 Feb 2024 09:26:39 -0800 Message-ID: <20240207172646.3981-20-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264602289631434 X-GMAIL-MSGID: 1790264602289631434 Add FRED VMCS fields to nested VMX context management. Todo: change VMCS12_REVISION, as struct vmcs12 is changed. Signed-off-by: Xin Li Tested-by: Shan Kang --- Change since v1: * Remove hyperv TLFS related changes (Jeremi Piotrowski). * Use kvm_cpu_cap_has() instead of cpu_feature_enabled() (Chao Gao). --- Documentation/virt/kvm/x86/nested-vmx.rst | 18 +++++ arch/x86/kvm/vmx/nested.c | 91 +++++++++++++++++++---- arch/x86/kvm/vmx/vmcs12.c | 18 +++++ arch/x86/kvm/vmx/vmcs12.h | 36 +++++++++ arch/x86/kvm/vmx/vmcs_shadow_fields.h | 4 + 5 files changed, 152 insertions(+), 15 deletions(-) diff --git a/Documentation/virt/kvm/x86/nested-vmx.rst b/Documentation/virt/kvm/x86/nested-vmx.rst index e64ef231f310..87fa9f3877ab 100644 --- a/Documentation/virt/kvm/x86/nested-vmx.rst +++ b/Documentation/virt/kvm/x86/nested-vmx.rst @@ -218,6 +218,24 @@ struct shadow_vmcs is ever changed. u16 host_gs_selector; u16 host_tr_selector; u64 secondary_vm_exit_controls; + u64 guest_ia32_fred_config; + u64 guest_ia32_fred_rsp1; + u64 guest_ia32_fred_rsp2; + u64 guest_ia32_fred_rsp3; + u64 guest_ia32_fred_stklvls; + u64 guest_ia32_fred_ssp1; + u64 guest_ia32_fred_ssp2; + u64 guest_ia32_fred_ssp3; + u64 host_ia32_fred_config; + u64 host_ia32_fred_rsp1; + u64 host_ia32_fred_rsp2; + u64 host_ia32_fred_rsp3; + u64 host_ia32_fred_stklvls; + u64 host_ia32_fred_ssp1; + u64 host_ia32_fred_ssp2; + u64 host_ia32_fred_ssp3; + u64 injected_event_data; + u64 original_event_data; }; diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 94da6a0a2f81..f9c1fbeac302 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -686,6 +686,9 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, MSR_KERNEL_GS_BASE, MSR_TYPE_RW); + + nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, + MSR_IA32_FRED_RSP0, MSR_TYPE_RW); #endif nested_vmx_set_intercept_for_msr(vmx, msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW); @@ -2498,6 +2501,8 @@ static void prepare_vmcs02_early(struct vcpu_vmx *vmx, struct loaded_vmcs *vmcs0 vmcs12->vm_entry_instruction_len); vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, vmcs12->guest_interruptibility_info); + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) + vmcs_write64(INJECTED_EVENT_DATA, vmcs12->injected_event_data); vmx->loaded_vmcs->nmi_known_unmasked = !(vmcs12->guest_interruptibility_info & GUEST_INTR_STATE_NMI); } else { @@ -2548,6 +2553,17 @@ static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12) vmcs_writel(GUEST_GDTR_BASE, vmcs12->guest_gdtr_base); vmcs_writel(GUEST_IDTR_BASE, vmcs12->guest_idtr_base); + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) { + vmcs_write64(GUEST_IA32_FRED_CONFIG, vmcs12->guest_ia32_fred_config); + vmcs_write64(GUEST_IA32_FRED_RSP1, vmcs12->guest_ia32_fred_rsp1); + vmcs_write64(GUEST_IA32_FRED_RSP2, vmcs12->guest_ia32_fred_rsp2); + vmcs_write64(GUEST_IA32_FRED_RSP3, vmcs12->guest_ia32_fred_rsp3); + vmcs_write64(GUEST_IA32_FRED_STKLVLS, vmcs12->guest_ia32_fred_stklvls); + vmcs_write64(GUEST_IA32_FRED_SSP1, vmcs12->guest_ia32_fred_ssp1); + vmcs_write64(GUEST_IA32_FRED_SSP2, vmcs12->guest_ia32_fred_ssp2); + vmcs_write64(GUEST_IA32_FRED_SSP3, vmcs12->guest_ia32_fred_ssp3); + } + vmx->segment_cache.bitmask = 0; } @@ -3835,6 +3851,22 @@ vmcs12_guest_cr4(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12) vcpu->arch.cr4_guest_owned_bits)); } +static inline unsigned long +nested_vmx_get_event_data(struct kvm_vcpu *vcpu, bool for_ex_vmexit) +{ + struct kvm_queued_exception *ex = for_ex_vmexit ? + &vcpu->arch.exception_vmexit : &vcpu->arch.exception; + + if (ex->has_payload) + return ex->payload; + else if (ex->vector == PF_VECTOR) + return vcpu->arch.cr2; + else if (ex->vector == DB_VECTOR) + return (vcpu->arch.dr6 & ~DR6_BT) ^ DR6_ACTIVE_LOW; + else + return 0; +} + static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, u32 vm_exit_reason, u32 exit_intr_info) @@ -3842,6 +3874,8 @@ static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu, u32 idt_vectoring; unsigned int nr; + vmcs12->original_event_data = 0; + /* * Per the SDM, VM-Exits due to double and triple faults are never * considered to occur during event delivery, even if the double/triple @@ -3880,6 +3914,12 @@ static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu, vcpu->arch.exception.error_code; } + idt_vectoring |= vcpu->arch.exception.nested ? + INTR_INFO_NESTED_EXCEPTION_MASK : 0; + + vmcs12->original_event_data = + nested_vmx_get_event_data(vcpu, false); + vmcs12->idt_vectoring_info_field = idt_vectoring; } else if (vcpu->arch.nmi_injected) { vmcs12->idt_vectoring_info_field = @@ -3970,19 +4010,7 @@ static void nested_vmx_inject_exception_vmexit(struct kvm_vcpu *vcpu) struct kvm_queued_exception *ex = &vcpu->arch.exception_vmexit; u32 intr_info = ex->vector | INTR_INFO_VALID_MASK; struct vmcs12 *vmcs12 = get_vmcs12(vcpu); - unsigned long exit_qual; - - if (ex->has_payload) { - exit_qual = ex->payload; - } else if (ex->vector == PF_VECTOR) { - exit_qual = vcpu->arch.cr2; - } else if (ex->vector == DB_VECTOR) { - exit_qual = vcpu->arch.dr6; - exit_qual &= ~DR6_BT; - exit_qual ^= DR6_ACTIVE_LOW; - } else { - exit_qual = 0; - } + unsigned long exit_qual = nested_vmx_get_event_data(vcpu, true); /* * Unlike AMD's Paged Real Mode, which reports an error code on #PF @@ -4003,10 +4031,12 @@ static void nested_vmx_inject_exception_vmexit(struct kvm_vcpu *vcpu) intr_info |= INTR_INFO_DELIVER_CODE_MASK; } - if (kvm_exception_is_soft(ex->vector)) + if (kvm_exception_is_soft(ex->vector)) { intr_info |= INTR_TYPE_SOFT_EXCEPTION; - else + } else { intr_info |= INTR_TYPE_HARD_EXCEPTION; + intr_info |= ex->nested ? INTR_INFO_NESTED_EXCEPTION_MASK : 0; + } if (!(vmcs12->idt_vectoring_info_field & VECTORING_INFO_VALID_MASK) && vmx_get_nmi_mask(vcpu)) @@ -4352,6 +4382,14 @@ static bool is_vmcs12_ext_field(unsigned long field) case GUEST_TR_BASE: case GUEST_GDTR_BASE: case GUEST_IDTR_BASE: + case GUEST_IA32_FRED_CONFIG: + case GUEST_IA32_FRED_RSP1: + case GUEST_IA32_FRED_RSP2: + case GUEST_IA32_FRED_RSP3: + case GUEST_IA32_FRED_STKLVLS: + case GUEST_IA32_FRED_SSP1: + case GUEST_IA32_FRED_SSP2: + case GUEST_IA32_FRED_SSP3: case GUEST_PENDING_DBG_EXCEPTIONS: case GUEST_BNDCFGS: return true; @@ -4401,6 +4439,18 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu, vmcs12->guest_tr_base = vmcs_readl(GUEST_TR_BASE); vmcs12->guest_gdtr_base = vmcs_readl(GUEST_GDTR_BASE); vmcs12->guest_idtr_base = vmcs_readl(GUEST_IDTR_BASE); + + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) { + vmcs12->guest_ia32_fred_config = vmcs_read64(GUEST_IA32_FRED_CONFIG); + vmcs12->guest_ia32_fred_rsp1 = vmcs_read64(GUEST_IA32_FRED_RSP1); + vmcs12->guest_ia32_fred_rsp2 = vmcs_read64(GUEST_IA32_FRED_RSP2); + vmcs12->guest_ia32_fred_rsp3 = vmcs_read64(GUEST_IA32_FRED_RSP3); + vmcs12->guest_ia32_fred_stklvls = vmcs_read64(GUEST_IA32_FRED_STKLVLS); + vmcs12->guest_ia32_fred_ssp1 = vmcs_read64(GUEST_IA32_FRED_SSP1); + vmcs12->guest_ia32_fred_ssp2 = vmcs_read64(GUEST_IA32_FRED_SSP2); + vmcs12->guest_ia32_fred_ssp3 = vmcs_read64(GUEST_IA32_FRED_SSP3); + } + vmcs12->guest_pending_dbg_exceptions = vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS); @@ -4625,6 +4675,17 @@ static void load_vmcs12_host_state(struct kvm_vcpu *vcpu, vmcs_write32(GUEST_IDTR_LIMIT, 0xFFFF); vmcs_write32(GUEST_GDTR_LIMIT, 0xFFFF); + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) { + vmcs_write64(GUEST_IA32_FRED_CONFIG, vmcs12->host_ia32_fred_config); + vmcs_write64(GUEST_IA32_FRED_RSP1, vmcs12->host_ia32_fred_rsp1); + vmcs_write64(GUEST_IA32_FRED_RSP2, vmcs12->host_ia32_fred_rsp2); + vmcs_write64(GUEST_IA32_FRED_RSP3, vmcs12->host_ia32_fred_rsp3); + vmcs_write64(GUEST_IA32_FRED_STKLVLS, vmcs12->host_ia32_fred_stklvls); + vmcs_write64(GUEST_IA32_FRED_SSP1, vmcs12->host_ia32_fred_ssp1); + vmcs_write64(GUEST_IA32_FRED_SSP2, vmcs12->host_ia32_fred_ssp2); + vmcs_write64(GUEST_IA32_FRED_SSP3, vmcs12->host_ia32_fred_ssp3); + } + /* If not VM_EXIT_CLEAR_BNDCFGS, the L2 value propagates to L1. */ if (vmcs12->vm_exit_controls & VM_EXIT_CLEAR_BNDCFGS) vmcs_write64(GUEST_BNDCFGS, 0); diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c index 98457d7b2b23..59f17fdfad11 100644 --- a/arch/x86/kvm/vmx/vmcs12.c +++ b/arch/x86/kvm/vmx/vmcs12.c @@ -80,6 +80,7 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(VM_ENTRY_MSR_LOAD_COUNT, vm_entry_msr_load_count), FIELD(VM_ENTRY_INTR_INFO_FIELD, vm_entry_intr_info_field), FIELD(VM_ENTRY_EXCEPTION_ERROR_CODE, vm_entry_exception_error_code), + FIELD(INJECTED_EVENT_DATA, injected_event_data), FIELD(VM_ENTRY_INSTRUCTION_LEN, vm_entry_instruction_len), FIELD(TPR_THRESHOLD, tpr_threshold), FIELD(SECONDARY_VM_EXEC_CONTROL, secondary_vm_exec_control), @@ -89,6 +90,7 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(VM_EXIT_INTR_ERROR_CODE, vm_exit_intr_error_code), FIELD(IDT_VECTORING_INFO_FIELD, idt_vectoring_info_field), FIELD(IDT_VECTORING_ERROR_CODE, idt_vectoring_error_code), + FIELD(ORIGINAL_EVENT_DATA, original_event_data), FIELD(VM_EXIT_INSTRUCTION_LEN, vm_exit_instruction_len), FIELD(VMX_INSTRUCTION_INFO, vmx_instruction_info), FIELD(GUEST_ES_LIMIT, guest_es_limit), @@ -152,5 +154,21 @@ const unsigned short vmcs12_field_offsets[] = { FIELD(HOST_IA32_SYSENTER_EIP, host_ia32_sysenter_eip), FIELD(HOST_RSP, host_rsp), FIELD(HOST_RIP, host_rip), + FIELD(GUEST_IA32_FRED_CONFIG, guest_ia32_fred_config), + FIELD(GUEST_IA32_FRED_RSP1, guest_ia32_fred_rsp1), + FIELD(GUEST_IA32_FRED_RSP2, guest_ia32_fred_rsp2), + FIELD(GUEST_IA32_FRED_RSP3, guest_ia32_fred_rsp3), + FIELD(GUEST_IA32_FRED_STKLVLS, guest_ia32_fred_stklvls), + FIELD(GUEST_IA32_FRED_SSP1, guest_ia32_fred_ssp1), + FIELD(GUEST_IA32_FRED_SSP2, guest_ia32_fred_ssp2), + FIELD(GUEST_IA32_FRED_SSP3, guest_ia32_fred_ssp3), + FIELD(HOST_IA32_FRED_CONFIG, host_ia32_fred_config), + FIELD(HOST_IA32_FRED_RSP1, host_ia32_fred_rsp1), + FIELD(HOST_IA32_FRED_RSP2, host_ia32_fred_rsp2), + FIELD(HOST_IA32_FRED_RSP3, host_ia32_fred_rsp3), + FIELD(HOST_IA32_FRED_STKLVLS, host_ia32_fred_stklvls), + FIELD(HOST_IA32_FRED_SSP1, host_ia32_fred_ssp1), + FIELD(HOST_IA32_FRED_SSP2, host_ia32_fred_ssp2), + FIELD(HOST_IA32_FRED_SSP3, host_ia32_fred_ssp3), }; const unsigned int nr_vmcs12_fields = ARRAY_SIZE(vmcs12_field_offsets); diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h index f50f897b9b5f..edf7fcef8ccf 100644 --- a/arch/x86/kvm/vmx/vmcs12.h +++ b/arch/x86/kvm/vmx/vmcs12.h @@ -186,6 +186,24 @@ struct __packed vmcs12 { u16 host_tr_selector; u16 guest_pml_index; u64 secondary_vm_exit_controls; + u64 guest_ia32_fred_config; + u64 guest_ia32_fred_rsp1; + u64 guest_ia32_fred_rsp2; + u64 guest_ia32_fred_rsp3; + u64 guest_ia32_fred_stklvls; + u64 guest_ia32_fred_ssp1; + u64 guest_ia32_fred_ssp2; + u64 guest_ia32_fred_ssp3; + u64 host_ia32_fred_config; + u64 host_ia32_fred_rsp1; + u64 host_ia32_fred_rsp2; + u64 host_ia32_fred_rsp3; + u64 host_ia32_fred_stklvls; + u64 host_ia32_fred_ssp1; + u64 host_ia32_fred_ssp2; + u64 host_ia32_fred_ssp3; + u64 injected_event_data; + u64 original_event_data; }; /* @@ -360,6 +378,24 @@ static inline void vmx_check_vmcs12_offsets(void) CHECK_OFFSET(host_tr_selector, 994); CHECK_OFFSET(guest_pml_index, 996); CHECK_OFFSET(secondary_vm_exit_controls, 998); + CHECK_OFFSET(guest_ia32_fred_config, 1006); + CHECK_OFFSET(guest_ia32_fred_rsp1, 1014); + CHECK_OFFSET(guest_ia32_fred_rsp2, 1022); + CHECK_OFFSET(guest_ia32_fred_rsp3, 1030); + CHECK_OFFSET(guest_ia32_fred_stklvls, 1038); + CHECK_OFFSET(guest_ia32_fred_ssp1, 1046); + CHECK_OFFSET(guest_ia32_fred_ssp2, 1054); + CHECK_OFFSET(guest_ia32_fred_ssp3, 1062); + CHECK_OFFSET(host_ia32_fred_config, 1070); + CHECK_OFFSET(host_ia32_fred_rsp1, 1078); + CHECK_OFFSET(host_ia32_fred_rsp2, 1086); + CHECK_OFFSET(host_ia32_fred_rsp3, 1094); + CHECK_OFFSET(host_ia32_fred_stklvls, 1102); + CHECK_OFFSET(host_ia32_fred_ssp1, 1110); + CHECK_OFFSET(host_ia32_fred_ssp2, 1118); + CHECK_OFFSET(host_ia32_fred_ssp3, 1126); + CHECK_OFFSET(injected_event_data, 1134); + CHECK_OFFSET(original_event_data, 1142); } extern const unsigned short vmcs12_field_offsets[]; diff --git a/arch/x86/kvm/vmx/vmcs_shadow_fields.h b/arch/x86/kvm/vmx/vmcs_shadow_fields.h index 7f48056fe351..3885a3e0fbe8 100644 --- a/arch/x86/kvm/vmx/vmcs_shadow_fields.h +++ b/arch/x86/kvm/vmx/vmcs_shadow_fields.h @@ -74,6 +74,10 @@ SHADOW_FIELD_RW(HOST_GS_BASE, host_gs_base, true) /* 64-bit */ SHADOW_FIELD_RO(GUEST_PHYSICAL_ADDRESS, guest_physical_address, true) SHADOW_FIELD_RO(GUEST_PHYSICAL_ADDRESS_HIGH, guest_physical_address, true) +SHADOW_FIELD_RO(ORIGINAL_EVENT_DATA, original_event_data, kvm_cpu_cap_has(X86_FEATURE_FRED)) +SHADOW_FIELD_RO(ORIGINAL_EVENT_DATA_HIGH, original_event_data, kvm_cpu_cap_has(X86_FEATURE_FRED)) +SHADOW_FIELD_RW(INJECTED_EVENT_DATA, injected_event_data, kvm_cpu_cap_has(X86_FEATURE_FRED)) +SHADOW_FIELD_RW(INJECTED_EVENT_DATA_HIGH, injected_event_data, kvm_cpu_cap_has(X86_FEATURE_FRED)) #undef SHADOW_FIELD_RO #undef SHADOW_FIELD_RW From patchwork Wed Feb 7 17:26:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198014 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2410463dyb; Wed, 7 Feb 2024 10:07:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IEi6PH445/gplFQ4O2Y2EByqCCbDd9kw6Db2BkopdHNrNdvRghvscQ1WRWa3AZUFfBT+DDy X-Received: by 2002:a05:6512:1195:b0:511:4a79:7d83 with SMTP id g21-20020a056512119500b005114a797d83mr5525895lfr.54.1707329273748; Wed, 07 Feb 2024 10:07:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329273; cv=pass; d=google.com; s=arc-20160816; b=HJJ3REldE8AEa11NP17xO8zX8eo1ns8OJ8mBtexdfoO5aVdYgTnlwefJ2/nLNSCADV 9vlrNC5Z1j9+PCiZi55lCKsf1sKYHn8slGgOVgzGLgE1Mwq/Fh/E2BUAs59HCFpHHtrj 5sTrN27CNzjknuaM6KJScqHhf4SGAtPRoOmfRj/jpJJ9kDNbJnuYFK+B8t62SPbw6zkN /mS+uUiuT+hslTu2KLgDJMvTMnZaktXRwdVoBKIAXi9UPmeT/pXVTooiwfXq7EXcuDX8 Apig91sIMowzeZ3k9Prl/EZrj+yBQAEHOdcmpwe+j0ApSMdoRfJLwBwCv5mwjg7CH25f XV1A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=o0neYqh7as7ozl0lUfN3Nm5xAWvUBHW6w9RZAyu3Sx0=; fh=DhjVf5F/wo69YpD8mpCY/1F2S/7atS8BA+4SS33MXJE=; b=e5iMI25vaPz6KbwcWxhdXvoOSk/FzYSmKZ7bEtrzg7X6JEM8icHJP/x5T0fs4RwnUp 9lHCYtkTZjZQggmP2B8WSwuFvJcSCKYkSs2LxgqakR/owtXDxS3D7mex5+AsmbJ0t5Rz k6JXYI3a2Fv17VRjKdy74ZkWYAOX74fOxnbbh0VGAbpgE3mpMDOFBrF3yzqZN54dUujI W62dZSPm2XRGAphoW7vIfA1//l9U8CaQurtscZDJG/wNYph3jZgulKQY9xajrpI84xq+ uxBxeBROY92pr01cwg9WUgOTQXxxlyjc7oIwv2jV+O7JZJxwahIyK9EFRIlJnGKPOxZU FmtA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=e2PmbUVb; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56872-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56872-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCWFl2wq/S/PjMAydqCn7d/h27/KCVv4PCEeqLJJ5pCRJqLyhaiHXKi8ZPzKp4Oc4OxCUFl5So4yrNOH6MptEzrQSNI3Ug== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id d19-20020a170906371300b00a38a2c6da91si251784ejc.146.2024.02.07.10.07.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:07:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56872-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=e2PmbUVb; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56872-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56872-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 568331F26A46 for ; Wed, 7 Feb 2024 18:07:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9E83C136998; Wed, 7 Feb 2024 17:59:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="e2PmbUVb" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAE751350DE; Wed, 7 Feb 2024 17:59:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328761; cv=none; b=TucjSMNmGAvflBFgt8A/J0AQvaXrhsl41jFoni2eAGh6qtqE6zK5yQHAlITAREpl3mCebx8S2h2W7e/4P1HwgErhpcNhYQsTre5X1irXIHvi+tAR1087yyvYqzxwqq6fSbG23oasJcM7BauNkslezX/bzyEVV3iNKcpxKrC7GTI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328761; c=relaxed/simple; bh=a4uFS7UxOu09WT9Xt4fj2tzuZKx0iXCkQwXaF3SS9Qo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dWUzhVHWgwoFPP+HROO9WaDdOCMv/P5Wq9BynDIXLWh+9EjTSwsPZdCnEx1QUnL+h6tmVBkucknrhThrPkKZf5mL0sizhB66tM8UThd5IQXwYsLqiahcYRzEY1oDLoUmOdhbmZ9mnOH4IubgyoVZUsCYyVbRjv6xEQw9C9Hets8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=e2PmbUVb; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328760; x=1738864760; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=a4uFS7UxOu09WT9Xt4fj2tzuZKx0iXCkQwXaF3SS9Qo=; b=e2PmbUVbayY+2PoajfMt/IamGHPN7QYChqhWT27L3UEK3KxxaGppZeiE xsvH81JtgrGr26Id/Ls5nZExKdAKDyaPwP7gBNYx3QjLy/Tp94zU1znZh PwiwxTiVvLo6bsUnW577336Fz+gNaOump8J+M9BZgY27o7gTyErCCv1LZ G5aiLoHSVm6y3ffxaO7kY3+l1HxjSUo534/09eFFjiwDvC8QJNfBw/cMi dngnZbZ3dQEK8ojLFr0nzc2o5hTlsB44nPA1oSXfydL8X2cF0KS6g73iW av44F1p1Y3yKnzJHuZtOGFZFfjrK0x6zKNR0aES406gyeu+xEUkrTGKj/ Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622667" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622667" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:59:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020759" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:58 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 20/25] KVM: nVMX: Add support for VMX FRED controls Date: Wed, 7 Feb 2024 09:26:40 -0800 Message-ID: <20240207172646.3981-21-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264500429094376 X-GMAIL-MSGID: 1790264500429094376 Add VMX FRED controls to nested VMX controls and set the VMX nested-exception support bit (bit 58) in the nested IA32_VMX_BASIC MSR when FRED is enabled. Signed-off-by: Xin Li Tested-by: Shan Kang --- arch/x86/kvm/vmx/nested.c | 14 ++++++++++---- arch/x86/kvm/vmx/vmx.c | 1 + 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index f9c1fbeac302..04a9cdb0361f 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1239,10 +1239,12 @@ static bool is_bitwise_subset(u64 superset, u64 subset, u64 mask) #define VMX_BASIC_FEATURES_MASK \ (VMX_BASIC_DUAL_MONITOR_TREATMENT | \ VMX_BASIC_INOUT | \ - VMX_BASIC_TRUE_CTLS) + VMX_BASIC_TRUE_CTLS | \ + VMX_BASIC_NESTED_EXCEPTION) -#define VMX_BASIC_RESERVED_BITS \ - (GENMASK_ULL(63, 56) | GENMASK_ULL(47, 45) | BIT_ULL(31)) +#define VMX_BASIC_RESERVED_BITS \ + (GENMASK_ULL(63, 59) | GENMASK_ULL(57, 56) | \ + GENMASK_ULL(47, 45) | BIT_ULL(31)) static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { @@ -6988,7 +6990,8 @@ static void nested_vmx_setup_entry_ctls(struct vmcs_config *vmcs_conf, #ifdef CONFIG_X86_64 VM_ENTRY_IA32E_MODE | #endif - VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS; + VM_ENTRY_LOAD_IA32_PAT | VM_ENTRY_LOAD_BNDCFGS | + VM_ENTRY_LOAD_IA32_FRED; msrs->entry_ctls_high |= (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER | VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL); @@ -7147,6 +7150,9 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; + + if (kvm_cpu_cap_has(X86_FEATURE_FRED)) + msrs->basic |= VMX_BASIC_NESTED_EXCEPTION; } static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index fc808d599493..1005b6a57d23 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7915,6 +7915,7 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu) entry = kvm_find_cpuid_entry_index(vcpu, 0x7, 1); cr4_fixed1_update(X86_CR4_LAM_SUP, eax, feature_bit(LAM)); + cr4_fixed1_update(X86_CR4_FRED, eax, feature_bit(FRED)); #undef cr4_fixed1_update } From patchwork Wed Feb 7 17:26:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198020 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2412663dyb; Wed, 7 Feb 2024 10:10:41 -0800 (PST) X-Google-Smtp-Source: AGHT+IFdScA/vp6ChZdUkFonxi2fX4F9fZL1z3cWXne4QOf2HPgG1bSue+OiKGa4RCvp+FQq25U0 X-Received: by 2002:a05:6870:9693:b0:219:a6d8:98af with SMTP id o19-20020a056870969300b00219a6d898afmr7095450oaq.15.1707329441268; Wed, 07 Feb 2024 10:10:41 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329441; cv=pass; d=google.com; s=arc-20160816; b=u8nx7Hayqat26PW7cDZ1TZX7LTHmKlFyjyXwZJPmDKVqV/w6aEbJScYmLA+rBtwXnT QN4Qrb3kvZxprNjjhc4E5i1ACzZzMEzOLPCaMFmy1JNSqvEq8k/FpgygyX7x4hhQnEcp uYLIb0YsSHtNIyXRfqq3XBdfpYodJdlm4TGZ2MoD+sZamTxgSTRXXj5fNtdeiDOyXstM U3CguXysIAFpwjZcwyo/H9oofW1iJ9AGsH6ar2Bvn8NBaKwQE4Nt9y3cIr6uLvZNnYa+ nHs3g2piYQexgGn63+BnygJXhvfT7+IkWA036ibF+lhV7zppjgzLljlm85y1ncEGvkZt IVGw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=uMO1Y+oL/XrkJbW76cF112alMXp1WOf3yaXz6ZXeQhg=; fh=q9pqe+DFSdqpA1SPBYyfOtdXCD2dE9pyaNEbxMKXg9E=; b=ANuQv9UVXyelxWR00rimqdnAvAnfENltR2zeGE6V0ntNm+sP6b0imaKcOjMn2GAAW+ MWCZZtsfJwbLePKhJT2/UZSQ35zGIyOyB8elr4eSEW9ivgatzrbcqQQt1xrvbn75BlGo C3WMpdJEr1Gf+A4jWs0xEulVe6THLbSI2f7c5qOIySVP2DUn+0SSEP9xI6e2Vb4bG3Ea Ulg7Dx9dvFJ0k/ScyXOEXciOSbFBeEpKACbT9+9iijYzkBIrCwNLOAJDrNvCMZKMFmJ2 MKx942VUKBOaLhecT86uVHOqSeu3i45foUCJsJPtxDfao8tJgCsLktiEd6ChR/4RDElo 8rFA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gRavKVRV; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56879-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56879-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCWRfK/5LW/5tkNnWD4OLFVrngV/ig880Ow2Ne/NGdizaJO+MzDQsnDr5hCCjS/AH7ubt90F41aVQlbctuT2H6sl0ocKWw== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id cn6-20020a056a020a8600b005d66232593dsi2244660pgb.868.2024.02.07.10.10.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:10:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56879-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gRavKVRV; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56879-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56879-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id AACF328A736 for ; Wed, 7 Feb 2024 18:09:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9510D13A249; Wed, 7 Feb 2024 17:59:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="gRavKVRV" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F3DA135400; Wed, 7 Feb 2024 17:59:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328767; cv=none; b=Ux9iTZfhROBcqiYqIYCr6nLbHPg1GDddBbqSPTiEQzNJf/d+wAgpwdtLk4EBGW30xeGwY0vYboEuL0XoTgVLMaeStY/TUIMp2u8VYaw0MtyBWAfb8a16glWKnb0Va7sgQjKNollBLTEuxlsWs2D6H1sBXqc0ESFF0/ADD6LoLsA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328767; c=relaxed/simple; bh=8BZSbnRLnmeG5U3FhWc8N6oHSSHjwpiY4v6RG2oTEPU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Tuq3na8c8z14G9q0/gEdrqPKEKX8CbidNTIbW26JkbcGy2qIxQfuYYii55B9p7FMiEUX0vpD3cWd6hxJFYDrup8ts/AbmiVa2DAmfnyCpF3HMZK5MNbHg1vOy4HQB7KZsNc6VnWkgmr8pvE0aFuvv6fYWoJ3oLGyddCzBW+0UOk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=gRavKVRV; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328762; x=1738864762; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8BZSbnRLnmeG5U3FhWc8N6oHSSHjwpiY4v6RG2oTEPU=; b=gRavKVRVYLF5Y1IJIGGdYroeqglKfJBzP3K/c3JGbwQQyj17SoFPkybk qRJZcopbgzT6Y/XRJfETHY4q7VsqVjT2IMUwldJfYU42ZrQlXfQB+AQ4N oKVwyIumgAppac5cLjjxzH53BVFeth6X9ldafNR9uhQ95qg0GkdG2OmAi FDrTEpeef/R7YKgnemkqefmhu8xdqnlc1OK6s3BjBfNSaY5ZCxzqu63ZT qH5WY1a6UzPPcEpXt20VSpj/TXCxPd/EkYvmJaV/e3Lsdu32jT4uuiY4U 9JDfoKjAclZvo/3dzmVRyE2eyu0T/ft2OzZN8bwI3zOPbmCYtIBRyIsoS w==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622668" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622668" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:59:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020762" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:59 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 21/25] KVM: nVMX: Add VMCS FRED states checking Date: Wed, 7 Feb 2024 09:26:41 -0800 Message-ID: <20240207172646.3981-22-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264675792599928 X-GMAIL-MSGID: 1790264675792599928 Add FRED related VMCS fields checkings. As real hardware, nested VMX performs checks on various VMCS fields, including both controls and guest/host states. With the introduction of VMX FRED, add FRED related VMCS fields checkings. Signed-off-by: Xin Li Tested-by: Shan Kang --- arch/x86/kvm/vmx/nested.c | 80 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 04a9cdb0361f..ef0bd46eb0ce 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2933,6 +2933,8 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12) { struct vcpu_vmx *vmx = to_vmx(vcpu); + bool fred_enabled = (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) && + (vmcs12->guest_cr4 & X86_CR4_FRED); if (CC(!vmx_control_verify(vmcs12->vm_entry_controls, vmx->nested.msrs.entry_ctls_low, @@ -2951,6 +2953,7 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK; bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK; bool should_have_error_code; + bool has_nested_exception = vmx->nested.msrs.basic & VMX_BASIC_NESTED_EXCEPTION; bool urg = nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST); bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE; @@ -2964,7 +2967,9 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, /* VM-entry interruption-info field: vector */ if (CC(intr_type == INTR_TYPE_NMI_INTR && vector != NMI_VECTOR) || CC(intr_type == INTR_TYPE_HARD_EXCEPTION && vector > 31) || - CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) + CC(intr_type == INTR_TYPE_OTHER_EVENT && + ((!fred_enabled && vector > 0) || + (fred_enabled && vector > 2)))) return -EINVAL; /* VM-entry interruption-info field: deliver error code */ @@ -2983,6 +2988,15 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, if (CC(intr_info & INTR_INFO_RESVD_BITS_MASK)) return -EINVAL; + /* + * When the CPU enumerates VMX nested-exception support, bit 13 + * (set to indicate a nested exception) of the intr info field + * may have value 1. Otherwise bit 13 is reserved. + */ + if (CC(!has_nested_exception && + (intr_info & INTR_INFO_NESTED_EXCEPTION_MASK))) + return -EINVAL; + /* VM-entry instruction length */ switch (intr_type) { case INTR_TYPE_SOFT_EXCEPTION: @@ -2992,6 +3006,12 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, CC(vmcs12->vm_entry_instruction_len == 0 && CC(!nested_cpu_has_zero_length_injection(vcpu)))) return -EINVAL; + break; + case INTR_TYPE_OTHER_EVENT: + if (fred_enabled && (vector == 1 || vector == 2)) + if (CC(vmcs12->vm_entry_instruction_len > 15)) + return -EINVAL; + break; } } @@ -3054,9 +3074,30 @@ static int nested_vmx_check_host_state(struct kvm_vcpu *vcpu, if (ia32e) { if (CC(!(vmcs12->host_cr4 & X86_CR4_PAE))) return -EINVAL; + if (vmcs12->vm_exit_controls & VM_EXIT_ACTIVATE_SECONDARY_CONTROLS && + vmcs12->secondary_vm_exit_controls & SECONDARY_VM_EXIT_LOAD_IA32_FRED) { + /* Bit 11, bits 5:4, and bit 2 of the IA32_FRED_CONFIG must be zero */ + if (CC(vmcs12->host_ia32_fred_config & + (BIT_ULL(11) | GENMASK_ULL(5, 4) | BIT_ULL(2))) || + CC(vmcs12->host_ia32_fred_rsp1 & GENMASK_ULL(5, 0)) || + CC(vmcs12->host_ia32_fred_rsp2 & GENMASK_ULL(5, 0)) || + CC(vmcs12->host_ia32_fred_rsp3 & GENMASK_ULL(5, 0)) || + CC(vmcs12->host_ia32_fred_ssp1 & GENMASK_ULL(2, 0)) || + CC(vmcs12->host_ia32_fred_ssp2 & GENMASK_ULL(2, 0)) || + CC(vmcs12->host_ia32_fred_ssp3 & GENMASK_ULL(2, 0)) || + CC(is_noncanonical_address(vmcs12->host_ia32_fred_config & PAGE_MASK, vcpu)) || + CC(is_noncanonical_address(vmcs12->host_ia32_fred_rsp1, vcpu)) || + CC(is_noncanonical_address(vmcs12->host_ia32_fred_rsp2, vcpu)) || + CC(is_noncanonical_address(vmcs12->host_ia32_fred_rsp3, vcpu)) || + CC(is_noncanonical_address(vmcs12->host_ia32_fred_ssp1, vcpu)) || + CC(is_noncanonical_address(vmcs12->host_ia32_fred_ssp2, vcpu)) || + CC(is_noncanonical_address(vmcs12->host_ia32_fred_ssp3, vcpu))) + return -EINVAL; + } } else { if (CC(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) || CC(vmcs12->host_cr4 & X86_CR4_PCIDE) || + CC(vmcs12->host_cr4 & X86_CR4_FRED) || CC((vmcs12->host_rip) >> 32)) return -EINVAL; } @@ -3200,6 +3241,43 @@ static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu, CC((vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))) return -EINVAL; + if (ia32e) { + if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_FRED) { + /* Bit 11, bits 5:4, and bit 2 of the IA32_FRED_CONFIG must be zero */ + if (CC(vmcs12->guest_ia32_fred_config & + (BIT_ULL(11) | GENMASK_ULL(5, 4) | BIT_ULL(2))) || + CC(vmcs12->guest_ia32_fred_rsp1 & GENMASK_ULL(5, 0)) || + CC(vmcs12->guest_ia32_fred_rsp2 & GENMASK_ULL(5, 0)) || + CC(vmcs12->guest_ia32_fred_rsp3 & GENMASK_ULL(5, 0)) || + CC(vmcs12->guest_ia32_fred_ssp1 & GENMASK_ULL(2, 0)) || + CC(vmcs12->guest_ia32_fred_ssp2 & GENMASK_ULL(2, 0)) || + CC(vmcs12->guest_ia32_fred_ssp3 & GENMASK_ULL(2, 0)) || + CC(is_noncanonical_address(vmcs12->guest_ia32_fred_config & PAGE_MASK, vcpu)) || + CC(is_noncanonical_address(vmcs12->guest_ia32_fred_rsp1, vcpu)) || + CC(is_noncanonical_address(vmcs12->guest_ia32_fred_rsp2, vcpu)) || + CC(is_noncanonical_address(vmcs12->guest_ia32_fred_rsp3, vcpu)) || + CC(is_noncanonical_address(vmcs12->guest_ia32_fred_ssp1, vcpu)) || + CC(is_noncanonical_address(vmcs12->guest_ia32_fred_ssp2, vcpu)) || + CC(is_noncanonical_address(vmcs12->guest_ia32_fred_ssp3, vcpu))) + return -EINVAL; + } + if (vmcs12->guest_cr4 & X86_CR4_FRED) { + unsigned int ss_dpl = VMX_AR_DPL(vmcs12->guest_ss_ar_bytes); + if (CC(ss_dpl == 1 || ss_dpl == 2)) + return -EINVAL; + if (ss_dpl == 0 && + CC(!(vmcs12->guest_cs_ar_bytes & VMX_AR_L_MASK))) + return -EINVAL; + if (ss_dpl == 3 && + (CC(vmcs12->guest_rflags & X86_EFLAGS_IOPL) || + CC(vmcs12->guest_interruptibility_info & GUEST_INTR_STATE_STI))) + return -EINVAL; + } + } else { + if (CC(vmcs12->guest_cr4 & X86_CR4_FRED)) + return -EINVAL; + } + if (nested_check_guest_non_reg_state(vmcs12)) return -EINVAL; From patchwork Wed Feb 7 17:26:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198017 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2411081dyb; Wed, 7 Feb 2024 10:08:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IFSFiogJeIoZmIcVpi3t/fK8QjJvoUNMHC9DeOpYGA7K2RNw75fQ0vBISp7oxMWo58i8eVU X-Received: by 2002:a05:6358:ed15:b0:176:4e7d:f30e with SMTP id hy21-20020a056358ed1500b001764e7df30emr4213543rwb.14.1707329324479; Wed, 07 Feb 2024 10:08:44 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329324; cv=pass; d=google.com; s=arc-20160816; b=tsRQY8mklVKOTY9B+M8omHlfukl4zG+Ad8Y8l8BqsJbkK0JkoZoeSDETCcVS2F/myn GIlRLvcoPWYreMl9Xe/4gzfzQ55hC76uI2679zExKqF+ATcoHILhvKiru3Dj2Lk5soDx GfYfSOauNgSiNOjVeXhJVs+nqbva/nRvOMZpF4FJ2RVWzEhHeU7T2L82pK6l/LWPBbim mcfDnNYzA88IOHiXX/vdB7wJxorH2ZFGxHr7LS1HqFofBsGyRQw0GGhfhmEpMYV1Q0z+ Ud7moAfiZAt/Ncls+O85ERwXZTyezTBqGLc8WbquXe3DkkpD3b7Yq/MthwN6jhveL/Qg f40w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=DIu4L7W0j6X/xGmRGLOBGj0fYKmZ7pfHZk7mC6Qo+mU=; fh=Yltwsu/SsYPddELBqOVy4eCaD3UqtJCdf1EPpoO53Ew=; b=dcdvLOwFEw1wMsXlPUmgDuHWX1VNkyzz9d6Oa1E1G98NqhDeUHBUJA+MmWQ2y8PFKV PAMhnPqx6PcPc+AuygpH1x4sxoZ/EeLc61SURv+o7X8PfHOo3e7m948+szd/8+asDbXe jwTIc2rjJ0TJ0d1RSJfzHp2jhborUJiFPg8rbNoD/XTAvU4cnnVEcOk37jwoFs/hnW7v lNjsY68Ox4eCFheWIP+1zzd4IvBUJ7ObxkH/cdwmdBhgaJBXpLWBJ68E0SwY6U1fLnYW WlC816vtCT7LL/4XVVHsFvWkzavDpICMTQ6L2TZ4rRrIehkT2kTvpggigLAwxvI9xtab bwcg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hAQGWwPc; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56876-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56876-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCXcrtnwUinufs1xuRJVHrbrMmpP3tPpFTUubJOlypQ/HhVqpKl4BmXZaR+CmrD0MAOytw0mEkOqEiFPeWCDjnJkpA7jbQ== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id c16-20020aa78810000000b006e03bbcc9e1si1972693pfo.271.2024.02.07.10.08.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:08:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56876-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hAQGWwPc; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56876-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56876-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 3C9ED283DE8 for ; Wed, 7 Feb 2024 18:08:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A8E58138491; Wed, 7 Feb 2024 17:59:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="hAQGWwPc" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2259A13541B; Wed, 7 Feb 2024 17:59:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328763; cv=none; b=DyHcAdKbVnFLldBVf+0MtoE1sGE4N8O/IaPCKeacKMGUusKK2qpewEmSYIFXTNECJbqUJuMLPnt8FH6FxURsidL54y6N3FIEConjL8pdYk35QGfVHjBfkIcIQs4NwELLt4LnUpsHSbdkr0Q80LHwa3dwWaK0YHuI5JWLmUjilu8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328763; c=relaxed/simple; bh=gY2JzDeF5jrwJMCmaKGSaYZDR3/rk8mwy1w2IX+fWds=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rp2+JRlbNEEaTgj2PxYDudUrHFLcf43WF10aev62ndxWtZfjmsyYJ0cMSVqlMaiSdEalx131b92PpmvWBDUuynKpcDnLgvtd4DJt31RR6KUkfAtNZqUyaEg1CNRKeShJwaldoW/jN9bZ9m4XfCpFJeVLzwc2Db2Kp/PREXJZM2Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=hAQGWwPc; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328762; x=1738864762; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=gY2JzDeF5jrwJMCmaKGSaYZDR3/rk8mwy1w2IX+fWds=; b=hAQGWwPce/F3knbJgkrpM+1aBaOvcVsWOrHp24cc1F9iW2UNacHs3o5K opVvsjAstIjkqh/cZuz+Aroz/4ES7DsAp78ZOcyIfI6ul9O5uFcJ6MGTN jrzsrtIfU2moUTHpqBfEqQ4AN4X5KLOmIIGOakHdje37lv3I/fvEF8/5p WQrz3bfs+mhXQzcRx1tbCN9oqRdSLhW41PlesapGxNK3irVn+oSEbD89l ZjZ8coCqYq7/P/ircZaTWx40uFkPxEhCxc91EQCVqzQnH0dxuOq7PzjmX kaYnd7YDwWoKdsME1EkApPYF11Tvh1EZvsJboupjIYmeP4tbtXl6yrugl A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622679" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622679" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:59:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020765" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:59 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 22/25] KVM: x86: Allow FRED/LKGS/WRMSRNS to be exposed to guests Date: Wed, 7 Feb 2024 09:26:42 -0800 Message-ID: <20240207172646.3981-23-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264553487030839 X-GMAIL-MSGID: 1790264553487030839 Allow FRED/LKGS/WRMSRNS to be exposed to guests, thus a guest OS could see these features when the guest is configured with FRED/LKGS/WRMSRNS in Qemu. A qemu patch is required to expose FRED/LKGS/WRMSRNS to KVM guests. Signed-off-by: Xin Li Tested-by: Shan Kang --- arch/x86/kvm/cpuid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index adba49afb5fe..afc1316d78ad 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -676,8 +676,8 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_mask(CPUID_7_1_EAX, F(AVX_VNNI) | F(AVX512_BF16) | F(CMPCCXADD) | - F(FZRM) | F(FSRS) | F(FSRC) | - F(AMX_FP16) | F(AVX_IFMA) | F(LAM) + F(FZRM) | F(FSRS) | F(FSRC) | F(FRED) | F(LKGS) | + F(WRMSRNS) | F(AMX_FP16) | F(AVX_IFMA) | F(LAM) ); kvm_cpu_cap_init_kvm_defined(CPUID_7_1_EDX, From patchwork Wed Feb 7 17:26:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198027 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2416765dyb; Wed, 7 Feb 2024 10:16:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IFVtEnTyokfHYw3/s6zKVX5zJpZCog7+YXDHWEB1uC49Q+Yrn17xzH5gvgIHTwlC9UilqhT X-Received: by 2002:a05:6e02:cb2:b0:363:dfa7:5582 with SMTP id 18-20020a056e020cb200b00363dfa75582mr1282315ilg.30.1707329797316; Wed, 07 Feb 2024 10:16:37 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329797; cv=pass; d=google.com; s=arc-20160816; b=aw5/DXysebwWJw0JUcDcT4hbWMnOkQrIV260WDX9sbboDVLqutsBdSxLXo0dcISLRR 0DOeUvEto9djDgAL5JctQFlGvDHseACCNHOFtxEEb/l6ZzXXdLu7W59Pe69HHys6FwcH GDikbxtv10ezEKM+R2ogmO3Wxa9OVQF3qF0iVFs4QhFpiZZxNATAYolC1XHFnvv2yM0x qNoQb2/YCRzlyOwO614CRGTt7Mzdgjrj+D2PFmppGmy3PHyst3/A//P53pBc5GL9WTNv iQb0IiRzcDaWcDPOjYU+tN4iwuPzIgbMgZs6FM9upSQ577qiNOE2p8Nhxc9a6NsQUShp DLbQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=MLDxFJ60JYkoLFsiN7fnCBOAoF4Dp8odoWg+qwL5O8Q=; fh=it+XMMKc903olccM+CIDPqYc5QUuMsw+mQZ4U+vjuuA=; b=1FwXpuJlT4W5m3g1J7FOmgHJFan5Dg0WoRZ2mcwx9vxbmQBD1Ddi8g7GnfIvwEdtcE sBuTwe8bxAHwfwY9KbZ55PqXceLGN1xA9Jq4lIcPqcYoTSIb5i5rslM3OBos6R+8+Wp7 Nxz8iN7Rp23Yk+XBjhewVCaO5yM8lW3zeW108FX7Z/egbMsI3o0OPmd6wvhvKQ47PBot I1vH1FbravbZtCOjHLP+Cbem51moXGzXUcl+7EmK/S8Nmj5cfA3BpVLhdsVfQdEme6g8 ZJn99LSZezZSUPtTZMMIIJIRRzgE1AuebGHv8VBI2J9g8y+YwEq4k3t8cUpKfN7eHBda LCXg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FiLjyUpL; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56877-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56877-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCXFXLaPUxkW6TSci1O9QOwIpZzsPHpbdmlsovd2WEXP4LmhVorUjkyPBxQ+8b1kYOTUnRRlZ1cGj8La9Ay3yz7W+0Rjsw== Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d5-20020a633605000000b005d3c533ffa1si2010972pga.590.2024.02.07.10.16.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:16:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56877-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FiLjyUpL; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56877-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56877-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id C232CB22D9F for ; Wed, 7 Feb 2024 18:09:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9C4381384BF; Wed, 7 Feb 2024 17:59:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FiLjyUpL" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 700AA135A52; Wed, 7 Feb 2024 17:59:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328764; cv=none; b=hNo+02CgTLO67lKkZu3SkfRZTtAkbrwmZUyOADubUd7xYnNbAJYI7hiaqmND1rkzjkRdFggKo7x1Bxw5FblZaG81rIsWrVPvno3PJxjM0jZD+gGknRtbXSRjJ/4FkNwLdKN2GOx6SNXtKn/ubNhEg7CKXe8dsm3llq0jaoKk1DM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328764; c=relaxed/simple; bh=pn5l9wgQCKTBHaMYVbWpY+69QPu5DgR37XqofOuD9KA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=obyEL/sGAG5FDCHmBkFoQIxAGI6cDCUa8zV3uQn567VDruYPJhvbHX3a76fsbgcVe4ULMXquTlR8V2ahsPHgr1Pa8Ubb6aKHFpujLBnG2C40mAmtKiHoFw2wXQOl5qhdyX0TVnjYDbEx0LJlRKaLx81OU8NDudtdjMJvENYIk50= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FiLjyUpL; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328763; x=1738864763; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=pn5l9wgQCKTBHaMYVbWpY+69QPu5DgR37XqofOuD9KA=; b=FiLjyUpLningK7sG0Wzl16D8+mb2CJhySD/AaJmPbR/lCmGGVN/eZd0s 9iz4BfKxuePI/VHBQ3rdW8zBz07syq6GJXnW/YplSFnJOZ6M+81+20Fve N5kKnEwIAmLN1ZdFdMt92jIS3P6/lXxDfed/EqUJnkR1jYtTiDpO2sxO8 dpk+NHeBl9l/rzoffC4XMWus4opeGkj+k6cW25+RSWMPDvHp6+8PN/6jc MfUFXFCIq6km4NVnN/474rteAD90mpfbGRaioo2BXI/2G4m1+UPy4QJmb DHPmPc26AqC4Hj3FWg64zuBW/0ZY1RYGlbqjHVhS91nKbud3TifzxCRr/ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622685" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622685" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:59:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020768" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:59 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 23/25] KVM: selftests: Run debug_regs test with FRED enabled Date: Wed, 7 Feb 2024 09:26:43 -0800 Message-ID: <20240207172646.3981-24-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790265049756945544 X-GMAIL-MSGID: 1790265049756945544 Run another round of debug_regs test with FRED enabled if FRED is available. Signed-off-by: Xin Li --- .../selftests/kvm/include/x86_64/processor.h | 4 ++ .../testing/selftests/kvm/x86_64/debug_regs.c | 50 ++++++++++++++----- 2 files changed, 41 insertions(+), 13 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h index a84863503fcb..bc5cd8628a20 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -48,6 +48,7 @@ extern bool host_cpu_is_amd; #define X86_CR4_SMEP (1ul << 20) #define X86_CR4_SMAP (1ul << 21) #define X86_CR4_PKE (1ul << 22) +#define X86_CR4_FRED (1ul << 32) struct xstate_header { u64 xstate_bv; @@ -164,6 +165,9 @@ struct kvm_x86_cpu_feature { #define X86_FEATURE_SPEC_CTRL KVM_X86_CPU_FEATURE(0x7, 0, EDX, 26) #define X86_FEATURE_ARCH_CAPABILITIES KVM_X86_CPU_FEATURE(0x7, 0, EDX, 29) #define X86_FEATURE_PKS KVM_X86_CPU_FEATURE(0x7, 0, ECX, 31) +#define X86_FEATURE_FRED KVM_X86_CPU_FEATURE(0x7, 1, EAX, 17) +#define X86_FEATURE_LKGS KVM_X86_CPU_FEATURE(0x7, 1, EAX, 18) +#define X86_FEATURE_WRMSRNS KVM_X86_CPU_FEATURE(0x7, 1, EAX, 19) #define X86_FEATURE_XTILECFG KVM_X86_CPU_FEATURE(0xD, 0, EAX, 17) #define X86_FEATURE_XTILEDATA KVM_X86_CPU_FEATURE(0xD, 0, EAX, 18) #define X86_FEATURE_XSAVES KVM_X86_CPU_FEATURE(0xD, 1, EAX, 3) diff --git a/tools/testing/selftests/kvm/x86_64/debug_regs.c b/tools/testing/selftests/kvm/x86_64/debug_regs.c index f6b295e0b2d2..69055e764f15 100644 --- a/tools/testing/selftests/kvm/x86_64/debug_regs.c +++ b/tools/testing/selftests/kvm/x86_64/debug_regs.c @@ -20,7 +20,7 @@ uint32_t guest_value; extern unsigned char sw_bp, hw_bp, write_data, ss_start, bd_start; -static void guest_code(void) +static void guest_test_code(void) { /* Create a pending interrupt on current vCPU */ x2apic_enable(); @@ -61,6 +61,15 @@ static void guest_code(void) /* DR6.BD test */ asm volatile("bd_start: mov %%dr0, %%rax" : : : "rax"); +} + +static void guest_code(void) +{ + guest_test_code(); + + if (get_cr4() & X86_CR4_FRED) + guest_test_code(); + GUEST_DONE(); } @@ -75,19 +84,15 @@ static void vcpu_skip_insn(struct kvm_vcpu *vcpu, int insn_len) vcpu_regs_set(vcpu, ®s); } -int main(void) +void run_test(struct kvm_vcpu *vcpu) { struct kvm_guest_debug debug; + struct kvm_run *run = vcpu->run; unsigned long long target_dr6, target_rip; - struct kvm_vcpu *vcpu; - struct kvm_run *run; - struct kvm_vm *vm; - struct ucall uc; - uint64_t cmd; int i; /* Instruction lengths starting at ss_start */ int ss_size[6] = { - 1, /* sti*/ + 1, /* sti */ 2, /* xor */ 2, /* cpuid */ 5, /* mov */ @@ -95,11 +100,6 @@ int main(void) 1, /* cli */ }; - TEST_REQUIRE(kvm_has_cap(KVM_CAP_SET_GUEST_DEBUG)); - - vm = vm_create_with_one_vcpu(&vcpu, guest_code); - run = vcpu->run; - /* Test software BPs - int3 */ memset(&debug, 0, sizeof(debug)); debug.control = KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP; @@ -202,6 +202,30 @@ int main(void) /* Disable all debug controls, run to the end */ memset(&debug, 0, sizeof(debug)); vcpu_guest_debug_set(vcpu, &debug); +} + +int main(void) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + struct ucall uc; + uint64_t cmd; + + TEST_REQUIRE(kvm_has_cap(KVM_CAP_SET_GUEST_DEBUG)); + + vm = vm_create_with_one_vcpu(&vcpu, guest_code); + + run_test(vcpu); + + if (kvm_cpu_has(X86_FEATURE_FRED)) { + struct kvm_sregs sregs; + + vcpu_sregs_get(vcpu, &sregs); + sregs.cr4 |= X86_CR4_FRED; + vcpu_sregs_set(vcpu, &sregs); + + run_test(vcpu); + } vcpu_run(vcpu); TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); From patchwork Wed Feb 7 17:26:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198021 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2412710dyb; Wed, 7 Feb 2024 10:10:44 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUiuecK5xaUtQ06oy7o+gMDWkeRHdH3e1DyoO0nJuQaoTPZ5yMszJ3KvuWIgzJqSBOednmuG6gAnKGkhYv/9GsLETTuLA== X-Google-Smtp-Source: AGHT+IFMYEnNQLMJs/RILWRhOrbxWVs3pLR2XIdCXHpWABUVJ0+NQ8kEcIsIlNgqOh2drJzGG2V4 X-Received: by 2002:a05:620a:911:b0:785:962d:a6a9 with SMTP id v17-20020a05620a091100b00785962da6a9mr3963855qkv.45.1707329444539; Wed, 07 Feb 2024 10:10:44 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707329444; cv=pass; d=google.com; s=arc-20160816; b=ltsJdsbsi4HTnA79PApuemu0l+M4iOkA2zbJKWYXcCrliEf89lT3icGKbLOyrlKDrs rFE6AoZ7AjdGVBLwvLkQ8NaN/o8LLrHxLeJkPz3SrL/6PiiWyKcUY/cAweC5Bq4vFouJ LS5wlTEXnDfhttNdqieOGTO0BFsOFuoC43qgWtnmWSVgu/maKjOFY+qjeannGX/1GVdG bLzc0OlA0EkP3LxP2OXYVWil3Mw5pwjATDNdN07YrGB9SnFgoqQ2CGTJObQK9MQ6U0cm 2JHl/x7AknVQcipAi9McSpmsxmu8oNFhMOxrpND6vIEWYNvAipseQP9mCqh51GtywgTS WSBQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=WWsHAlNSIXyIQTmknQ+VOAeBsI1mtIgoA4ITWuyVDh0=; fh=4X8elOtgleXq6nZY+e55N3HXhTX8DZXBbJNWKrFJ+qM=; b=hogKOBqUIQU28p63HFBPfBRmqpN4ujZ1NOIRYTetI0eYnvJNY0zqPiJrT/xjhWtfJY K2davYeyBw57r/+32m8ARPiFPF+W2ETlCE4VmIjNS1tYah9HHHkjI1eZH0R/U3XpxC2X ukMr7Nyn8+6zuIjHSctcqABaTnbGR8GDV+DCg6PWF+Kg2hOcMUlyzoWwWsph3C1wllTw 44dvKRwMbwzOEt2g1If6RDVaTt0ux5Fh1PrCNz2knVzSEPYLnTBoc2EJ44mo2ofmKKTS f8i/RLcSJzkWfNdtYAna8ySqCS8DkMqzo6ploVh3UH4V00ygYGwwF0AuGPbXvFuka6Xc 5XvQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=chL9Ufci; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56880-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56880-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCXN6cOT59I8G/v5QvpuC6VXlXVrQtM84AWNX+ehuaClEPAI4VN5mLM3qMSh8iuofUbmdjWDGq3iETkw12AYtVEshsLirA== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id vq23-20020a05620a559700b007859729f335si1531327qkn.196.2024.02.07.10.10.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:10:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56880-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=chL9Ufci; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56880-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56880-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id B04221C21D3D for ; Wed, 7 Feb 2024 18:10:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2996F13A263; Wed, 7 Feb 2024 17:59:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="chL9Ufci" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF98713666F; Wed, 7 Feb 2024 17:59:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328769; cv=none; b=I6cVb0ZrSHFCKZphI/Wc5NXta+qs5duu/XT9teNBcT4jbZnxP1AD7GubBnZXEF8PO6jsj22NBfgddfcdaF5x4geJtjaWnMwFQ6FTfrXiLQIvgMCjLlCufuduEFiL8za3LF4vTmdNC1iFNPPW6IbBG0OfVWSVZio76mLDBoxAM8o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328769; c=relaxed/simple; bh=WIt9o4OjjawnuBTk8GUkaHPSrfrC5St66G3/Ao7RYxg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dH2wJurC6EWjhQnfYXovyck33UiMvvLMCqjFfy0EcYBfzr+UF87jv50AatL25z93yB0kUPjHYDFO1WB0bJDqs3hI/gJI09fGyCLX7D7/zInsufuvE8FvBX7kb0XghykObddvgNBhIgByJY40T6dlEswmYyXUy+X0Sk4srv5JQc8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=chL9Ufci; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328764; x=1738864764; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=WIt9o4OjjawnuBTk8GUkaHPSrfrC5St66G3/Ao7RYxg=; b=chL9UfciYEARhNzX3RpIWqvj6D4+Cnpcafj3AB/BPc3oxcDptRjjl6cu guPU1fd9LGA6Cl1RRETA9EmbOf8cXnPE0WvRPyIltZgTMmjcyIXsE9Fe1 Jr+sT/aJStSvzJQkTtpsOIwktbE5Da2x4cbGthkhLRV+srKU0BpCfwuIq Q5eBOoTPKmqGUBoXN+IoOTtpRSN8KgiRnxrCVbHWfpsfewxtYxcs+TA8l plkWyXqB7o335G2i7E1kAImTYsjH0GwMp2HyNXx23bXIDT983fN6fPMN1 lMv7yQ8OHis7KzyhuOgxUfauGSyD4kp7jNWyn/aMqgQS8M/dblou0BKOl w==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622692" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622692" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:59:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020771" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:58:59 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 24/25] KVM: selftests: Add a new VM guest mode to run user level code Date: Wed, 7 Feb 2024 09:26:44 -0800 Message-ID: <20240207172646.3981-25-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790264679836847625 X-GMAIL-MSGID: 1790264679836847625 Add a new VM guest mode VM_MODE_PXXV48_4K_USER to set the user bit of guest page table entries, thus allow user level code to run in guests. Suggested-by: Sean Christopherson Signed-off-by: Xin Li --- .../testing/selftests/kvm/include/kvm_util_base.h | 1 + tools/testing/selftests/kvm/lib/kvm_util.c | 5 ++++- .../testing/selftests/kvm/lib/x86_64/processor.c | 15 ++++++++++----- tools/testing/selftests/kvm/lib/x86_64/vmx.c | 4 ++-- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h index 9e5afc472c14..ea1a585ef6f4 100644 --- a/tools/testing/selftests/kvm/include/kvm_util_base.h +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h @@ -187,6 +187,7 @@ enum vm_guest_mode { VM_MODE_P36V48_16K, VM_MODE_P36V48_64K, VM_MODE_P36V47_16K, + VM_MODE_PXXV48_4K_USER, /* For 48bits VA but ANY bits PA with USER bit set */ NUM_VM_MODES, }; diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index e066d584c656..8b4761836b3e 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -163,6 +163,7 @@ const char *vm_guest_mode_string(uint32_t i) [VM_MODE_P36V48_16K] = "PA-bits:36, VA-bits:48, 16K pages", [VM_MODE_P36V48_64K] = "PA-bits:36, VA-bits:48, 64K pages", [VM_MODE_P36V47_16K] = "PA-bits:36, VA-bits:47, 16K pages", + [VM_MODE_PXXV48_4K_USER] = "PA-bits:ANY, VA-bits:48, 4K user pages", }; _Static_assert(sizeof(strings)/sizeof(char *) == NUM_VM_MODES, "Missing new mode strings?"); @@ -189,6 +190,7 @@ const struct vm_guest_mode_params vm_guest_mode_params[] = { [VM_MODE_P36V48_16K] = { 36, 48, 0x4000, 14 }, [VM_MODE_P36V48_64K] = { 36, 48, 0x10000, 16 }, [VM_MODE_P36V47_16K] = { 36, 47, 0x4000, 14 }, + [VM_MODE_PXXV48_4K_USER] = { 0, 0, 0x1000, 12 }, }; _Static_assert(sizeof(vm_guest_mode_params)/sizeof(struct vm_guest_mode_params) == NUM_VM_MODES, "Missing new mode params?"); @@ -263,6 +265,7 @@ struct kvm_vm *____vm_create(struct vm_shape shape) vm->pgtable_levels = 3; break; case VM_MODE_PXXV48_4K: + case VM_MODE_PXXV48_4K_USER: #ifdef __x86_64__ kvm_get_cpu_address_width(&vm->pa_bits, &vm->va_bits); /* @@ -278,7 +281,7 @@ struct kvm_vm *____vm_create(struct vm_shape shape) vm->pgtable_levels = 4; vm->va_bits = 48; #else - TEST_FAIL("VM_MODE_PXXV48_4K not supported on non-x86 platforms"); + TEST_FAIL("VM_MODE_PXXV48_4K(_USER) not supported on non-x86 platforms"); #endif break; case VM_MODE_P47V64_4K: diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index d8288374078e..a8e60641df53 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -124,8 +124,8 @@ bool kvm_is_tdp_enabled(void) void virt_arch_pgd_alloc(struct kvm_vm *vm) { - TEST_ASSERT(vm->mode == VM_MODE_PXXV48_4K, "Attempt to use " - "unknown or unsupported guest mode, mode: 0x%x", vm->mode); + TEST_ASSERT((vm->mode == VM_MODE_PXXV48_4K) || (vm->mode == VM_MODE_PXXV48_4K_USER), + "Attempt to use unknown or unsupported guest mode, mode: 0x%x", vm->mode); /* If needed, create page map l4 table. */ if (!vm->pgd_created) { @@ -159,6 +159,8 @@ static uint64_t *virt_create_upper_pte(struct kvm_vm *vm, if (!(*pte & PTE_PRESENT_MASK)) { *pte = PTE_PRESENT_MASK | PTE_WRITABLE_MASK; + if (vm->mode == VM_MODE_PXXV48_4K_USER) + *pte |= PTE_USER_MASK; if (current_level == target_level) *pte |= PTE_LARGE_MASK | (paddr & PHYSICAL_PAGE_MASK); else @@ -185,7 +187,7 @@ void __virt_pg_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr, int level) uint64_t *pml4e, *pdpe, *pde; uint64_t *pte; - TEST_ASSERT(vm->mode == VM_MODE_PXXV48_4K, + TEST_ASSERT((vm->mode == VM_MODE_PXXV48_4K) || (vm->mode == VM_MODE_PXXV48_4K_USER), "Unknown or unsupported guest mode, mode: 0x%x", vm->mode); TEST_ASSERT((vaddr % pg_size) == 0, @@ -222,6 +224,8 @@ void __virt_pg_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr, int level) TEST_ASSERT(!(*pte & PTE_PRESENT_MASK), "PTE already present for 4k page at vaddr: 0x%lx\n", vaddr); *pte = PTE_PRESENT_MASK | PTE_WRITABLE_MASK | (paddr & PHYSICAL_PAGE_MASK); + if (vm->mode == VM_MODE_PXXV48_4K_USER) + *pte |= PTE_USER_MASK; } void virt_arch_pg_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr) @@ -268,8 +272,8 @@ uint64_t *__vm_get_page_table_entry(struct kvm_vm *vm, uint64_t vaddr, TEST_ASSERT(*level >= PG_LEVEL_NONE && *level < PG_LEVEL_NUM, "Invalid PG_LEVEL_* '%d'", *level); - TEST_ASSERT(vm->mode == VM_MODE_PXXV48_4K, "Attempt to use " - "unknown or unsupported guest mode, mode: 0x%x", vm->mode); + TEST_ASSERT((vm->mode == VM_MODE_PXXV48_4K) || (vm->mode == VM_MODE_PXXV48_4K_USER), + "Attempt to use unknown or unsupported guest mode, mode: 0x%x", vm->mode); TEST_ASSERT(sparsebit_is_set(vm->vpages_valid, (vaddr >> vm->page_shift)), "Invalid virtual address, vaddr: 0x%lx", @@ -536,6 +540,7 @@ static void vcpu_setup(struct kvm_vm *vm, struct kvm_vcpu *vcpu) switch (vm->mode) { case VM_MODE_PXXV48_4K: + case VM_MODE_PXXV48_4K_USER: sregs.cr0 = X86_CR0_PE | X86_CR0_NE | X86_CR0_PG; sregs.cr4 |= X86_CR4_PAE | X86_CR4_OSFXSR; sregs.efer |= (EFER_LME | EFER_LMA | EFER_NX); diff --git a/tools/testing/selftests/kvm/lib/x86_64/vmx.c b/tools/testing/selftests/kvm/lib/x86_64/vmx.c index 59d97531c9b1..65147de6f9c0 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/vmx.c +++ b/tools/testing/selftests/kvm/lib/x86_64/vmx.c @@ -403,8 +403,8 @@ void __nested_pg_map(struct vmx_pages *vmx, struct kvm_vm *vm, struct eptPageTableEntry *pt = vmx->eptp_hva, *pte; uint16_t index; - TEST_ASSERT(vm->mode == VM_MODE_PXXV48_4K, "Attempt to use " - "unknown or unsupported guest mode, mode: 0x%x", vm->mode); + TEST_ASSERT((vm->mode == VM_MODE_PXXV48_4K) || (vm->mode == VM_MODE_PXXV48_4K_USER), + "Attempt to use unknown or unsupported guest mode, mode: 0x%x", vm->mode); TEST_ASSERT((nested_paddr >> 48) == 0, "Nested physical address 0x%lx requires 5-level paging", From patchwork Wed Feb 7 17:26:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 198029 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2419323dyb; Wed, 7 Feb 2024 10:20:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IGES+9xs5Q6ugZP9/z929mFbA6SxivlDDtux/qh1qyRlx9bBBxX+isxR2ueeDepXxsSbEPh X-Received: by 2002:a05:6a20:d38c:b0:19e:99e8:f66a with SMTP id iq12-20020a056a20d38c00b0019e99e8f66amr7004951pzb.29.1707330018341; Wed, 07 Feb 2024 10:20:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707330018; cv=pass; d=google.com; s=arc-20160816; b=KPRYLCFeT5ukxKETTukg/PRLexTa3rW4l8dhSGCGPjy1dOTcqFY5tgcXYeFhOog/3t M2XR9rqJvgh+iDdDPumqMdfYb0vK3mVpnbiOHb2pQQ56sAuY79oCSawrS6O3JeJObaCk jBN8WVWeS9SpiFae8H/DuvNZjJRrXp4e/Kw0rdvY6Is34SZIYDiBgeww6+SgZoVxn+Ao fDZgepMX8Lldw9Ze08+6DajKAf8RxM2vDC3Bu0QoZMoCihaBEawDrhrdmhLT+7NMinWH OHrPdviM0qTH7G8MIVyzBX6veEPS40UAr1GAKAsO+jCICowyh0LntpYiK5e4WM0BeOls PysQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=DvfG4qAq8u9nLCP95gMUJlKvvQ0po3pdUWVM3ch2QUc=; fh=GVlngSz2nelHuywEZbcKQGkEL7iUpva2Te8YOMUdsGc=; b=pC+cjE2ZIGuTtvZ4tg2xUlY63iO3DfXFAf5NB0cKbW41dxVJhWaYZtYsM4WR5ywLJl 7h6pf/DWZV0FfkoSZNawCQIi2Dd94HLiNULjtnrLLqcS8b+j58YbSpsktxj9p4VFzScY NxrEv3TpTq3jOHIBn48uTSfMlrcuJ1kYoHdt1An+KCDRwW30ZD1f6fuTrkS46Xp1xmfx s6lTbVHiPiJbN7TGOAWQpmRzsfe/wWBCIPLr0gx+Zh8MC+CjZvG5ds947WlADSBGlUP0 xMMPVYwpKwb6Q/fjuJGN1q/iYU+eXDafv4uNJaE6AFipwp5fa+sQsZlIWrbbTx2IPyYJ N+uw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="W/0Tt4Fz"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56878-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56878-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=2; AJvYcCUXaihlEqhy+E/GRq8bFuw5vzj5Phm2bZ1H0VCDRpBcw9NbeV/PjbnAgl2QS052dbft99aT78ttiK2gGxIsxAQa0viIXg== Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id z7-20020a17090ad78700b0029653f86794si3827414pju.109.2024.02.07.10.20.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 10:20:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-56878-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="W/0Tt4Fz"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-56878-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-56878-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id D574CB260D7 for ; Wed, 7 Feb 2024 18:09:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B8AFF1386C4; Wed, 7 Feb 2024 17:59:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="W/0Tt4Fz" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED17A13666D; Wed, 7 Feb 2024 17:59:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328766; cv=none; b=aiIwkCycWz+bYDdMew8qmoQQ0fMceet13yLCprM1xnAoi0OdTHK2kG9Lg8dpUaX94u7ptos9y5uX5v6E3SusziRfBttdUS/ELDMsj/nTdRHVvOChJKgzXvgfbs+BU7vn/Gh1F/MH6CQo/Jzlt9r8MHHsJkFdGYfVGUzgmeARlOE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707328766; c=relaxed/simple; bh=3GyeqzdJGUkQmo95EtC+7E0F/vWHyp4/sc8IpnaEc98=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=L986HWQH7weRaoBBz7/08wtBrfqOJIZ+x9TF62vl5OjVzwAqzFsnuO1CjXDWgEz5ai7bAwc0fcB9NkAsyO2laZWp8MRY9mH3XPgqMPEnbN65ap7KXiMz9hiznHsum3pZqDQg9RWmpxcZzhJdajUrYn9pDpT6dMjkuNdKYXmtcp8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=W/0Tt4Fz; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707328764; x=1738864764; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=3GyeqzdJGUkQmo95EtC+7E0F/vWHyp4/sc8IpnaEc98=; b=W/0Tt4FzBBUCOiUYJJvnUnuRhGqToWKMo2rVq3n7POtpEgKl/uYLllbk 1mr7QsPXXfeZn83lUrO64vTJJNwB3NuKA4qcR9Npe435w1Cmf1Edu9992 Ub7PwMa6eJRi5Oc3npymP7keqwDUq2N6T30cYraZwt1+xeF2sM5/QATh2 JCm++8u460u15V4No5YetpU+fUraxkbqNbdTyc3wMIyeYZm4DdGMdu7W2 o7bZPv67xiTblCPzNjrvKG0jtCnk9G0p8tuh4tyNYduOo6ho3+1rAFOav Mwf2uKm9zXjNePYdzBgfYXiD1HNtTaQa9soSUTw2Mjc7oUNPoJcL+PBc1 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10977"; a="11622705" X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="11622705" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2024 09:59:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,251,1701158400"; d="scan'208";a="6020774" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmviesa004.fm.intel.com with ESMTP; 07 Feb 2024 09:59:00 -0800 From: Xin Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, shuah@kernel.org, vkuznets@redhat.com, peterz@infradead.org, ravi.v.shankar@intel.com, xin@zytor.com Subject: [PATCH v2 25/25] KVM: selftests: Add fred exception tests Date: Wed, 7 Feb 2024 09:26:45 -0800 Message-ID: <20240207172646.3981-26-xin3.li@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207172646.3981-1-xin3.li@intel.com> References: <20240207172646.3981-1-xin3.li@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790265281526635816 X-GMAIL-MSGID: 1790265281526635816 Add tests for FRED event data and VMX nested-exception. FRED is designed to save a complete event context in its stack frame, e.g., FRED saves the faulting linear address of a #PF into a 64-bit event data field defined in FRED stack frame. As such, FRED VMX adds event data handling during VMX transitions. Besides, FRED introduces event stack levels to dispatch an event handler onto a stack baesd on current stack level and stack levels defined in IA32_FRED_STKLVLS MSR for each exception vector. VMX nested-exception support ensures a correct event stack level is chosen when a VM entry injects a nested exception, which is regarded as occurred in ring 0. To fully test the underlying FRED VMX code, this test should be run one more round with EPT disabled to inject page faults as nested exceptions. Originally-by: Shan Kang Signed-off-by: Xin Li --- tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/include/x86_64/processor.h | 32 ++ .../testing/selftests/kvm/x86_64/fred_test.c | 297 ++++++++++++++++++ 3 files changed, 330 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86_64/fred_test.c diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 492e937fab00..eaac13a605f2 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -67,6 +67,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/get_msr_index_features TEST_GEN_PROGS_x86_64 += x86_64/exit_on_emulation_failure_test TEST_GEN_PROGS_x86_64 += x86_64/fix_hypercall_test TEST_GEN_PROGS_x86_64 += x86_64/hwcr_msr_test +TEST_GEN_PROGS_x86_64 += x86_64/fred_test TEST_GEN_PROGS_x86_64 += x86_64/hyperv_clock TEST_GEN_PROGS_x86_64 += x86_64/hyperv_cpuid TEST_GEN_PROGS_x86_64 += x86_64/hyperv_evmcs diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h index bc5cd8628a20..ef7aaab790e0 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -1275,4 +1275,36 @@ void virt_map_level(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr, #define PFERR_GUEST_PAGE_MASK BIT_ULL(PFERR_GUEST_PAGE_BIT) #define PFERR_IMPLICIT_ACCESS BIT_ULL(PFERR_IMPLICIT_ACCESS_BIT) +/* + * FRED related data structures and functions + */ + +#define FRED_SSX_NMI BIT_ULL(18) + +struct fred_stack { + u64 r15; + u64 r14; + u64 r13; + u64 r12; + u64 bp; + u64 bx; + u64 r11; + u64 r10; + u64 r9; + u64 r8; + u64 ax; + u64 cx; + u64 dx; + u64 si; + u64 di; + u64 error_code; + u64 ip; + u64 csx; + u64 flags; + u64 sp; + u64 ssx; + u64 event_data; + u64 reserved; +}; + #endif /* SELFTEST_KVM_PROCESSOR_H */ diff --git a/tools/testing/selftests/kvm/x86_64/fred_test.c b/tools/testing/selftests/kvm/x86_64/fred_test.c new file mode 100644 index 000000000000..412afa919568 --- /dev/null +++ b/tools/testing/selftests/kvm/x86_64/fred_test.c @@ -0,0 +1,297 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * FRED nested exception tests + * + * Copyright (C) 2023, Intel, Inc. + */ +#define _GNU_SOURCE /* for program_invocation_short_name */ +#include +#include +#include +#include +#include +#include + +#include "apic.h" +#include "kvm_util.h" +#include "test_util.h" +#include "guest_modes.h" +#include "processor.h" + +#define IRQ_VECTOR 0xAA + +#define FRED_STKLVL(v,l) (_AT(unsigned long, l) << (2 * (v))) +#define FRED_CONFIG_ENTRYPOINT(p) _AT(unsigned long, (p)) + +/* This address is already mapped in guest page table. */ +#define FRED_VALID_RSP 0x8000 + +/* + * The following addresses are not yet mapped in both EPT and guest page + * tables at the beginning. As a result, it causes an EPT violation VM + * exit with an original guest #PF to access any of them for the first + * time. + * + * Use these addresses as guest FRED RSP0 to generate nested #PFs to test + * if event data are properly virtualized. + */ +static unsigned long fred_invalid_rsp[4] = { + 0x0, + 0xf0000000, + 0xe0000000, + 0xd0000000, +}; + +extern char asm_user_nop[]; +extern char asm_user_ud[]; +extern char asm_done_fault[]; + +extern void asm_test_fault(int test); + +/* + * user level code for triggering faults. + */ +asm(".pushsection .text\n" + ".align 4096\n" + + ".type asm_user_nop, @function\n" + "asm_user_nop:\n" + "1: .byte 0x90\n" + "jmp 1b\n" + + ".fill asm_user_ud - ., 1, 0xcc\n" + + ".type asm_user_ud, @function\n" + ".org asm_user_nop + 16\n" + "asm_user_ud:\n" + /* Trigger a #UD */ + "ud2\n" + + ".align 4096, 0xcc\n" + ".popsection"); + +/* Send current stack level and #PF address */ +#define GUEST_SYNC_CSL_FA(__stage, __pf_address) \ + GUEST_SYNC_ARGS(__stage, __pf_address, 0, 0, 0) + +void fred_entry_from_user(struct fred_stack *stack) +{ + u32 current_stack_level = rdmsr(MSR_IA32_FRED_CONFIG) & 0x3; + + GUEST_SYNC_CSL_FA(current_stack_level, stack->event_data); + + /* Do NOT go back to user level, continue the next test instead */ + stack->ssx = 0x18; + stack->csx = 0x10; + stack->ip = (u64)&asm_done_fault; +} + +void fred_entry_from_kernel(struct fred_stack *stack) +{ + /* + * Keep NMI blocked to delay the delivery of the next NMI until + * returning to user level. + * */ + stack->ssx &= ~FRED_SSX_NMI; +} + +#define PUSH_REGS \ + "push %rdi\n" \ + "push %rsi\n" \ + "push %rdx\n" \ + "push %rcx\n" \ + "push %rax\n" \ + "push %r8\n" \ + "push %r9\n" \ + "push %r10\n" \ + "push %r11\n" \ + "push %rbx\n" \ + "push %rbp\n" \ + "push %r12\n" \ + "push %r13\n" \ + "push %r14\n" \ + "push %r15\n" + +#define POP_REGS \ + "pop %r15\n" \ + "pop %r14\n" \ + "pop %r13\n" \ + "pop %r12\n" \ + "pop %rbp\n" \ + "pop %rbx\n" \ + "pop %r11\n" \ + "pop %r10\n" \ + "pop %r9\n" \ + "pop %r8\n" \ + "pop %rax\n" \ + "pop %rcx\n" \ + "pop %rdx\n" \ + "pop %rsi\n" \ + "pop %rdi\n" + +/* + * FRED entry points. + */ +asm(".pushsection .text\n" + ".type asm_fred_entrypoint_user, @function\n" + ".align 4096\n" + "asm_fred_entrypoint_user:\n" + "endbr64\n" + PUSH_REGS + "movq %rsp, %rdi\n" + "call fred_entry_from_user\n" + POP_REGS + /* Do NOT go back to user level, continue the next test instead */ + ".byte 0xf2,0x0f,0x01,0xca\n" /* ERETS */ + + ".fill asm_fred_entrypoint_kernel - ., 1, 0xcc\n" + + ".type asm_fred_entrypoint_kernel, @function\n" + ".org asm_fred_entrypoint_user + 256\n" + "asm_fred_entrypoint_kernel:\n" + "endbr64\n" + PUSH_REGS + "movq %rsp, %rdi\n" + "call fred_entry_from_kernel\n" + POP_REGS + ".byte 0xf2,0x0f,0x01,0xca\n" /* ERETS */ + ".align 4096, 0xcc\n" + ".popsection"); + +extern char asm_fred_entrypoint_user[]; + +/* + * Prepare a FRED stack frame for ERETU to return to user level code, + * nop or ud2. + * + * Because FRED RSP0 is deliberately not mapped in guest page table, + * the delivery of interrupt/NMI or #UD from ring 3 causes a nested + * #PF, which is then delivered on FRED RSPx (x is 1, 2 or 3, + * determinated by MSR FRED_STKLVL[PF_VECTOR]). + */ +asm(".pushsection .text\n" + ".type asm_test_fault, @function\n" + ".align 4096\n" + "asm_test_fault:\n" + "endbr64\n" + "push %rbp\n" + "mov %rsp, %rbp\n" + "and $(~0x3f), %rsp\n" + "push $0\n" + "push $0\n" + "mov $0x2b, %rax\n" + /* Unblock NMI */ + "bts $18, %rax\n" + /* Set long mode bit */ + "bts $57, %rax\n" + "push %rax\n" + /* No stack required for the FRED user level test code */ + "push $0\n" + "pushf\n" + "pop %rax\n" + /* Allow external interrupts */ + "bts $9, %rax\n" + "push %rax\n" + "mov $0x33, %rax\n" + "push %rax\n" + "cmp $0, %edi\n" + "jne 1f\n" + "lea asm_user_nop(%rip), %rax\n" + "jmp 2f\n" + "1: lea asm_user_ud(%rip), %rax\n" + "2: push %rax\n" + "push $0\n" + /* ERETU to user level code to allow event delivery immediately */ + ".byte 0xf3,0x0f,0x01,0xca\n" + "asm_done_fault:\n" + "mov %rbp, %rsp\n" + "pop %rbp\n" + "ret\n" + ".align 4096, 0xcc\n" + ".popsection"); + +/* + * To fully test the underlying FRED VMX code, this test should be run one + * more round with EPT disabled to inject page faults as nested exceptions. + */ +static void guest_code(void) +{ + wrmsr(MSR_IA32_FRED_CONFIG, + FRED_CONFIG_ENTRYPOINT(asm_fred_entrypoint_user)); + + wrmsr(MSR_IA32_FRED_RSP1, FRED_VALID_RSP); + wrmsr(MSR_IA32_FRED_RSP2, FRED_VALID_RSP); + wrmsr(MSR_IA32_FRED_RSP3, FRED_VALID_RSP); + + /* Enable FRED */ + set_cr4(get_cr4() | X86_CR4_FRED); + + x2apic_enable(); + + wrmsr(MSR_IA32_FRED_STKLVLS, FRED_STKLVL(PF_VECTOR, 1)); + wrmsr(MSR_IA32_FRED_RSP0, fred_invalid_rsp[1]); + /* 1: ud2 to generate #UD */ + asm_test_fault(1); + + wrmsr(MSR_IA32_FRED_STKLVLS, FRED_STKLVL(PF_VECTOR, 2)); + wrmsr(MSR_IA32_FRED_RSP0, fred_invalid_rsp[2]); + asm volatile("cli"); + /* Create a pending interrupt on current vCPU */ + x2apic_write_reg(APIC_ICR, APIC_DEST_SELF | APIC_INT_ASSERT | + APIC_DM_FIXED | IRQ_VECTOR); + /* Return to ring 3 */ + asm_test_fault(0); + x2apic_write_reg(APIC_EOI, 0); + + wrmsr(MSR_IA32_FRED_STKLVLS, FRED_STKLVL(PF_VECTOR, 3)); + wrmsr(MSR_IA32_FRED_RSP0, fred_invalid_rsp[3]); + /* + * The first NMI is just to have NMI blocked in ring 0, because + * fred_entry_from_kernel() deliberately clears the NMI bit in + * FRED stack frame. + */ + x2apic_write_reg(APIC_ICR, APIC_DEST_SELF | APIC_INT_ASSERT | + APIC_DM_NMI | NMI_VECTOR); + /* The second NMI will be delivered after returning to ring 3 */ + x2apic_write_reg(APIC_ICR, APIC_DEST_SELF | APIC_INT_ASSERT | + APIC_DM_NMI | NMI_VECTOR); + /* Return to ring 3 */ + asm_test_fault(0); + + GUEST_DONE(); +} + +int main(int argc, char *argv[]) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + struct ucall uc; + uint64_t expected_current_stack_level = 1; + + TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_FRED)); + + vm = __vm_create_with_vcpus(VM_SHAPE(VM_MODE_PXXV48_4K_USER), 1, 0, + guest_code, &vcpu); + + while (true) { + uint64_t r; + + vcpu_run(vcpu); + + r = get_ucall(vcpu, &uc); + + if (r == UCALL_DONE) + break; + + if (r == UCALL_SYNC) { + TEST_ASSERT((uc.args[1] == expected_current_stack_level) && + (uc.args[2] == fred_invalid_rsp[expected_current_stack_level] - 1), + "Incorrect stack level %lx and #PF address %lx\n", + uc.args[1], uc.args[2]); + expected_current_stack_level++; + } + } + + kvm_vm_free(vm); + return 0; +}