| Message ID | 20210303060435.8158-1-weijiang.yang@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list | expand |
Yang Weijiang <weijiang.yang@intel.com> writes: > CET in nested guest over Hyper-V is not supported for now. Relevant > enabling patches will be posted as a separate patch series. > > Suggested-by: Paolo Bonzini <pbonzini@redhat.com> > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> > --- > arch/x86/kvm/vmx/evmcs.h | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h > index bd41d9462355..25588694eb04 100644 > --- a/arch/x86/kvm/vmx/evmcs.h > +++ b/arch/x86/kvm/vmx/evmcs.h > @@ -59,8 +59,10 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs); > SECONDARY_EXEC_SHADOW_VMCS | \ > SECONDARY_EXEC_TSC_SCALING | \ > SECONDARY_EXEC_PAUSE_LOOP_EXITING) > -#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) > -#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) > +#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \ > + VM_EXIT_LOAD_CET_STATE) > +#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \ > + VM_ENTRY_LOAD_CET_STATE) > #define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING) > > #if IS_ENABLED(CONFIG_HYPERV) This should be enough when we run KVM on Hyper-V using eVMCS, however, it may not suffice when we run Hyper-V on KVM using eVMCS: there's still no corresponding eVMCS fields so CET can't be used. In case Hyper-V is smart enough it won't use the feature, however, it was proven to be 'not very smart' in the past, see nested_evmcs_filter_control_msr(). I'm wondering if we should also do diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c index 41f24661af04..9f81db51fd8b 100644 --- a/arch/x86/kvm/vmx/evmcs.c +++ b/arch/x86/kvm/vmx/evmcs.c @@ -351,11 +351,11 @@ void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata) switch (msr_index) { case MSR_IA32_VMX_EXIT_CTLS: case MSR_IA32_VMX_TRUE_EXIT_CTLS: - ctl_high &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL; + ctl_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL; break; case MSR_IA32_VMX_ENTRY_CTLS: case MSR_IA32_VMX_TRUE_ENTRY_CTLS: - ctl_high &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; + ctl_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL; break; case MSR_IA32_VMX_PROCBASED_CTLS2: ctl_high &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; to be on the safe side.
On Wed, Mar 03, 2021 at 10:36:40AM +0100, Vitaly Kuznetsov wrote: > Yang Weijiang <weijiang.yang@intel.com> writes: > > > CET in nested guest over Hyper-V is not supported for now. Relevant > > enabling patches will be posted as a separate patch series. > > > > Suggested-by: Paolo Bonzini <pbonzini@redhat.com> > > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> > > --- > > arch/x86/kvm/vmx/evmcs.h | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h > > index bd41d9462355..25588694eb04 100644 > > --- a/arch/x86/kvm/vmx/evmcs.h > > +++ b/arch/x86/kvm/vmx/evmcs.h > > @@ -59,8 +59,10 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs); > > SECONDARY_EXEC_SHADOW_VMCS | \ > > SECONDARY_EXEC_TSC_SCALING | \ > > SECONDARY_EXEC_PAUSE_LOOP_EXITING) > > -#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) > > -#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) > > +#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \ > > + VM_EXIT_LOAD_CET_STATE) > > +#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \ > > + VM_ENTRY_LOAD_CET_STATE) > > #define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING) > > > > #if IS_ENABLED(CONFIG_HYPERV) > > This should be enough when we run KVM on Hyper-V using eVMCS, however, > it may not suffice when we run Hyper-V on KVM using eVMCS: there's still > no corresponding eVMCS fields so CET can't be used. In case Hyper-V is > smart enough it won't use the feature, however, it was proven to be 'not > very smart' in the past, see nested_evmcs_filter_control_msr(). I'm > wondering if we should also do > > diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c > index 41f24661af04..9f81db51fd8b 100644 > --- a/arch/x86/kvm/vmx/evmcs.c > +++ b/arch/x86/kvm/vmx/evmcs.c > @@ -351,11 +351,11 @@ void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata) > switch (msr_index) { > case MSR_IA32_VMX_EXIT_CTLS: > case MSR_IA32_VMX_TRUE_EXIT_CTLS: > - ctl_high &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL; > + ctl_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL; > break; > case MSR_IA32_VMX_ENTRY_CTLS: > case MSR_IA32_VMX_TRUE_ENTRY_CTLS: > - ctl_high &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL; > + ctl_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL; > break; > case MSR_IA32_VMX_PROCBASED_CTLS2: > ctl_high &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; > > to be on the safe side. Yes, it looks good to me, will add it to new patch, thanks! > > -- > Vitaly
Hi Yang,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on kvm/queue]
[also build test ERROR on v5.15-rc3 next-20210922]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Yang-Weijiang/KVM-nVMX-Add-CET-entry-exit-load-bits-to-evmcs-unsupported-list/20210929-202056
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git queue
config: i386-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/3f14ea714b1a239ff3a334060b34981089b5882b
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Yang-Weijiang/KVM-nVMX-Add-CET-entry-exit-load-bits-to-evmcs-unsupported-list/20210929-202056
git checkout 3f14ea714b1a239ff3a334060b34981089b5882b
# save the attached .config to linux build tree
mkdir build_dir
make W=1 O=build_dir ARCH=i386 SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from arch/x86/kvm/vmx/evmcs.c:8:
arch/x86/kvm/vmx/evmcs.c: In function 'evmcs_sanitize_exec_ctrls':
>> arch/x86/kvm/vmx/evmcs.h:63:6: error: 'VM_EXIT_LOAD_CET_STATE' undeclared (first use in this function); did you mean 'VM_EXIT_LOAD_IA32_PAT'?
63 | VM_EXIT_LOAD_CET_STATE)
| ^~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/vmx/evmcs.c:304:29: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMEXIT_CTRL'
304 | vmcs_conf->vmexit_ctrl &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/vmx/evmcs.h:63:6: note: each undeclared identifier is reported only once for each function it appears in
63 | VM_EXIT_LOAD_CET_STATE)
| ^~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/vmx/evmcs.c:304:29: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMEXIT_CTRL'
304 | vmcs_conf->vmexit_ctrl &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> arch/x86/kvm/vmx/evmcs.h:65:7: error: 'VM_ENTRY_LOAD_CET_STATE' undeclared (first use in this function); did you mean 'VM_ENTRY_LOAD_IA32_PAT'?
65 | VM_ENTRY_LOAD_CET_STATE)
| ^~~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/vmx/evmcs.c:305:30: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMENTRY_CTRL'
305 | vmcs_conf->vmentry_ctrl &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/vmx/evmcs.c: In function 'nested_evmcs_check_controls':
>> arch/x86/kvm/vmx/evmcs.h:63:6: error: 'VM_EXIT_LOAD_CET_STATE' undeclared (first use in this function); did you mean 'VM_EXIT_LOAD_IA32_PAT'?
63 | VM_EXIT_LOAD_CET_STATE)
| ^~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/vmx/evmcs.c:394:3: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMEXIT_CTRL'
394 | EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> arch/x86/kvm/vmx/evmcs.h:65:7: error: 'VM_ENTRY_LOAD_CET_STATE' undeclared (first use in this function); did you mean 'VM_ENTRY_LOAD_IA32_PAT'?
65 | VM_ENTRY_LOAD_CET_STATE)
| ^~~~~~~~~~~~~~~~~~~~~~~
arch/x86/kvm/vmx/evmcs.c:403:3: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMENTRY_CTRL'
403 | EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kconfig warnings: (for reference only)
WARNING: unmet direct dependencies detected for PHY_SPARX5_SERDES
Depends on (ARCH_SPARX5 || COMPILE_TEST && OF && HAS_IOMEM
Selected by
- SPARX5_SWITCH && NETDEVICES && ETHERNET && NET_VENDOR_MICROCHIP && NET_SWITCHDEV && HAS_IOMEM && OF
vim +63 arch/x86/kvm/vmx/evmcs.h
22
23 /*
24 * Enlightened VMCSv1 doesn't support these:
25 *
26 * POSTED_INTR_NV = 0x00000002,
27 * GUEST_INTR_STATUS = 0x00000810,
28 * APIC_ACCESS_ADDR = 0x00002014,
29 * POSTED_INTR_DESC_ADDR = 0x00002016,
30 * EOI_EXIT_BITMAP0 = 0x0000201c,
31 * EOI_EXIT_BITMAP1 = 0x0000201e,
32 * EOI_EXIT_BITMAP2 = 0x00002020,
33 * EOI_EXIT_BITMAP3 = 0x00002022,
34 * GUEST_PML_INDEX = 0x00000812,
35 * PML_ADDRESS = 0x0000200e,
36 * VM_FUNCTION_CONTROL = 0x00002018,
37 * EPTP_LIST_ADDRESS = 0x00002024,
38 * VMREAD_BITMAP = 0x00002026,
39 * VMWRITE_BITMAP = 0x00002028,
40 *
41 * TSC_MULTIPLIER = 0x00002032,
42 * PLE_GAP = 0x00004020,
43 * PLE_WINDOW = 0x00004022,
44 * VMX_PREEMPTION_TIMER_VALUE = 0x0000482E,
45 * GUEST_IA32_PERF_GLOBAL_CTRL = 0x00002808,
46 * HOST_IA32_PERF_GLOBAL_CTRL = 0x00002c04,
47 *
48 * Currently unsupported in KVM:
49 * GUEST_IA32_RTIT_CTL = 0x00002814,
50 */
51 #define EVMCS1_UNSUPPORTED_PINCTRL (PIN_BASED_POSTED_INTR | \
52 PIN_BASED_VMX_PREEMPTION_TIMER)
53 #define EVMCS1_UNSUPPORTED_2NDEXEC \
54 (SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | \
55 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | \
56 SECONDARY_EXEC_APIC_REGISTER_VIRT | \
57 SECONDARY_EXEC_ENABLE_PML | \
58 SECONDARY_EXEC_ENABLE_VMFUNC | \
59 SECONDARY_EXEC_SHADOW_VMCS | \
60 SECONDARY_EXEC_TSC_SCALING | \
61 SECONDARY_EXEC_PAUSE_LOOP_EXITING)
62 #define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \
> 63 VM_EXIT_LOAD_CET_STATE)
64 #define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \
> 65 VM_ENTRY_LOAD_CET_STATE)
66 #define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING)
67
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h index bd41d9462355..25588694eb04 100644 --- a/arch/x86/kvm/vmx/evmcs.h +++ b/arch/x86/kvm/vmx/evmcs.h @@ -59,8 +59,10 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs); SECONDARY_EXEC_SHADOW_VMCS | \ SECONDARY_EXEC_TSC_SCALING | \ SECONDARY_EXEC_PAUSE_LOOP_EXITING) -#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL) -#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) +#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \ + VM_EXIT_LOAD_CET_STATE) +#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \ + VM_ENTRY_LOAD_CET_STATE) #define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING) #if IS_ENABLED(CONFIG_HYPERV)
CET in nested guest over Hyper-V is not supported for now. Relevant enabling patches will be posted as a separate patch series. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> --- arch/x86/kvm/vmx/evmcs.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)