From patchwork Tue Aug 28 16:04:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 10578785 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ED1D417DB for ; Tue, 28 Aug 2018 16:05:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD6872A656 for ; Tue, 28 Aug 2018 16:05:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D236F2A663; Tue, 28 Aug 2018 16:05:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ED6E92A656 for ; Tue, 28 Aug 2018 16:05:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727166AbeH1T5b (ORCPT ); Tue, 28 Aug 2018 15:57:31 -0400 Received: from mga01.intel.com ([192.55.52.88]:33258 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727111AbeH1T5b (ORCPT ); Tue, 28 Aug 2018 15:57:31 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Aug 2018 09:05:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,300,1531810800"; d="scan'208";a="65826875" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.9]) by fmsmga007.fm.intel.com with ESMTP; 28 Aug 2018 09:05:04 -0700 From: Sean Christopherson To: Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= Cc: kvm@vger.kernel.org, Jim Mattson , Sean Christopherson Subject: [PATCH v2 00/18] KVM: nVMX: add option to perform early consistency checks via H/W Date: Tue, 28 Aug 2018 09:04:41 -0700 Message-Id: <20180828160459.14093-1-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.18.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP KVM currently defers many VMX consistency checks to the CPU, including checks that result in VMFail (as opposed to VMExit). This behavior may be undesirable for some users since this means KVM detects certain classes of VMFail only after it has processed guest state. Because there is a strict ordering between checks that cause VMFail and those that cause VMExit, i.e. all VMFail checks are performed before any checks that cause VMExit, we can detect all VMFail conditions via a dry run of sorts. The end goal of this series is to add an optional (param-controlled) pre-run VMEnter into the nested_vmx_run() flow in order to perform all VMFail consistency checks prior to actually running vmcs02. By itself, this is not a complex process, but getting KVM to a point where the approach is viable requires a fair amount of refactoring, e.g. to split prepare_vmcs02() so that there is a point where vmcs02 can pass the VMFail checks without first consuming guest state. And while the goal (and subject) of this series is to enable early consistency checks, the vast majority of the series deals with bug fixes and cleanups in the nested VMX code. During the refactoring and testing, a number of pre-existing bugs, opportunities for code cleanup and easy optimization points (which unconvered more bugs) were encountered. Ideally, these patches would be split into 3-4 separate series, especially the bug fix patches. I smushed everything into a single series because the early VMEnter code breaks without the bug fixes and the refactoring shuffles the same code, and some of the cleanup and fixes are inter-dependent. Patch Synopsis: 1-4: bug fixes 5-6: optimizations 7: function rename 8: bug fix and refactoring 9-12: refactoring 13-14: bug fix 15: refactoring 16: optimization and prereq for early consistency checks 17-18: early consistency checks v1: https://www.spinics.net/lists/kvm/msg172795.html v2: - rebased on tag kvm-4.19-2 - added patch to skip instr in nested_vmx_{fail,succeed} Sean Christopherson (18): KVM: nVMX: move host EFER consistency checks to VMFail path KVM: nVMX: move vmcs12 EPTP consistency check to check_vmentry_prereqs() KVM: nVMX: use vm_exit_controls_init() to write exit controls for vmcs02 KVM: nVMX: reset cache/shadows on nested consistency check VMExit KVM: vmx: do not unconditionally clear EFER switching KVM: nVMX: try to set EFER bits correctly when init'ing entry controls KVM: nVMX: rename enter_vmx_non_root_mode to nested_vmx_enter_non_root_mode KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() KVM: nVMX: assimilate nested_vmx_entry_failure() into nested_vmx_enter_non_root_mode() KVM: nVMX: split pieces of prepare_vmcs02() to prepare_vmcs02_early() KVM: nVMX: do early preparation of vmcs02 before check_vmentry_postreqs() KVM: vVMX: rename label for post-enter_guest_mode consistency check KVM: nVMX: do not skip VMEnter instruction that succeeds KVM: nVMX: do not call nested_vmx_succeed() for consistency check VMExit KVM: nVMX: call kvm_skip_emulated_instruction in nested_vmx_{fail,succeed} KVM: vmx: write HOST_IA32_EFER in vmx_set_constant_host_state() KVM: nVMX: add option to perform early consistency checks via H/W KVM: nVMX: WARN if nested run hits VMFail with early consistency checks enabled arch/x86/kvm/vmx.c | 972 ++++++++++++++++++++++++++------------------- 1 file changed, 556 insertions(+), 416 deletions(-)