[RFC,24/73] KVM: x86/PVM: Introduce PVM mode switching

Message ID	20240226143630.33643-25-jiangshanlai@gmail.com (mailing list archive)
State	New, archived
Headers	show Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84D9013342D; Mon, 26 Feb 2024 14:35:57 +0000 (UTC) From: Lai Jiangshan <jiangshanlai@gmail.com> To: linux-kernel@vger.kernel.org Cc: Lai Jiangshan <jiangshan.ljs@antgroup.com>, Hou Wenlong <houwenlong.hwl@antgroup.com>, Linus Torvalds <torvalds@linux-foundation.org>, Peter Zijlstra <peterz@infradead.org>, Sean Christopherson <seanjc@google.com>, Thomas Gleixner <tglx@linutronix.de>, Borislav Petkov <bp@alien8.de>, Ingo Molnar <mingo@redhat.com>, kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>, x86@kernel.org, Kees Cook <keescook@chromium.org>, Juergen Gross <jgross@suse.com>, Dave Hansen <dave.hansen@linux.intel.com>, "H. Peter Anvin" <hpa@zytor.com> Subject: [RFC PATCH 24/73] KVM: x86/PVM: Introduce PVM mode switching Date: Mon, 26 Feb 2024 22:35:41 +0800 Message-Id: <20240226143630.33643-25-jiangshanlai@gmail.com> In-Reply-To: <20240226143630.33643-1-jiangshanlai@gmail.com> References: <20240226143630.33643-1-jiangshanlai@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	KVM: x86/PVM: Introduce a new hypervisor \| expand [RFC,00/73] KVM: x86/PVM: Introduce a new hypervisor [RFC,01/73] KVM: Documentation: Add the specification for PVM [RFC,02/73] x86/ABI/PVM: Add PVM-specific ABI header file [RFC,03/73] x86/entry: Implement switcher for PVM VM enter/exit [RFC,04/73] x86/entry: Implement direct switching for the switcher [RFC,05/73] KVM: x86: Set 'vcpu->arch.exception.injected' as true before vendor callback [RFC,06/73] KVM: x86: Move VMX interrupt/nmi handling into kvm.ko [RFC,07/73] KVM: x86/mmu: Adapt shadow MMU for PVM [RFC,08/73] KVM: x86: Allow hypercall handling to not skip the instruction [RFC,09/73] KVM: x86: Add PVM virtual MSRs into emulated_msrs_all[] [RFC,10/73] KVM: x86: Introduce vendor feature to expose vendor-specific CPUID [RFC,11/73] KVM: x86: Implement gpc refresh for guest usage [RFC,12/73] KVM: x86: Add NR_VCPU_SREG in SREG enum [RFC,13/73] KVM: x86/emulator: Reinject #GP if instruction emulation failed for PVM [RFC,14/73] KVM: x86: Create stubs for PVM module as a new vendor [RFC,15/73] mm/vmalloc: Add a helper to reserve a contiguous and aligned kernel virtual area [RFC,16/73] KVM: x86/PVM: Implement host mmu initialization [RFC,17/73] KVM: x86/PVM: Implement module initialization related callbacks [RFC,18/73] KVM: x86/PVM: Implement VM/VCPU initialization related callbacks [RFC,19/73] x86/entry: Export 32-bit ignore syscall entry and __ia32_enabled variable [RFC,20/73] KVM: x86/PVM: Implement vcpu_load()/vcpu_put() related callbacks [RFC,21/73] KVM: x86/PVM: Implement vcpu_run() callbacks [RFC,22/73] KVM: x86/PVM: Handle some VM exits before enable interrupts [RFC,23/73] KVM: x86/PVM: Handle event handling related MSR read/write operation [RFC,24/73] KVM: x86/PVM: Introduce PVM mode switching [RFC,25/73] KVM: x86/PVM: Implement APIC emulation related callbacks [RFC,26/73] KVM: x86/PVM: Implement event delivery flags related callbacks [RFC,27/73] KVM: x86/PVM: Implement event injection related callbacks [RFC,28/73] KVM: x86/PVM: Handle syscall from user mode [RFC,29/73] KVM: x86/PVM: Implement allowed range checking for #PF [RFC,30/73] KVM: x86/PVM: Implement segment related callbacks [RFC,31/73] KVM: x86/PVM: Implement instruction emulation for #UD and #GP [RFC,32/73] KVM: x86/PVM: Enable guest debugging functions [RFC,33/73] KVM: x86/PVM: Handle VM-exit due to hardware exceptions [RFC,34/73] KVM: x86/PVM: Handle ERETU/ERETS synthetic instruction [RFC,35/73] KVM: x86/PVM: Handle PVM_SYNTHETIC_CPUID synthetic instruction [RFC,36/73] KVM: x86/PVM: Handle KVM hypercall [RFC,37/73] KVM: x86/PVM: Use host PCID to reduce guest TLB flushing [RFC,38/73] KVM: x86/PVM: Handle hypercalls for privilege instruction emulation [RFC,39/73] KVM: x86/PVM: Handle hypercall for CR3 switching [RFC,40/73] KVM: x86/PVM: Handle hypercall for loading GS selector [RFC,41/73] KVM: x86/PVM: Allow to load guest TLS in host GDT [RFC,42/73] KVM: x86/PVM: Support for kvm_exit() tracepoint [RFC,43/73] KVM: x86/PVM: Enable direct switching [RFC,44/73] KVM: x86/PVM: Implement TSC related callbacks [RFC,45/73] KVM: x86/PVM: Add dummy PMU related callbacks [RFC,46/73] KVM: x86/PVM: Support for CPUID faulting [RFC,47/73] KVM: x86/PVM: Handle the left supported MSRs in msrs_to_save_base[] [RFC,48/73] KVM: x86/PVM: Implement system registers setting callbacks [RFC,49/73] KVM: x86/PVM: Implement emulation for non-PVM mode [RFC,50/73] x86/tools/relocs: Cleanup cmdline options [RFC,51/73] x86/tools/relocs: Append relocations into input file [RFC,52/73] x86/boot: Allow to do relocation for uncompressed kernel [RFC,53/73] x86/pvm: Add Kconfig option and the CPU feature bit for PVM guest [RFC,54/73] x86/pvm: Detect PVM hypervisor support [RFC,55/73] x86/pvm: Relocate kernel image to specific virtual address range [RFC,56/73] x86/pvm: Relocate kernel image early in PVH entry [RFC,57/73] x86/pvm: Make cpu entry area and vmalloc area variable [RFC,58/73] x86/pvm: Relocate kernel address space layout [RFC,59/73] x86/pti: Force enabling KPTI for PVM guest [RFC,60/73] x86/pvm: Add event entry/exit and dispatch code [RFC,61/73] x86/pvm: Allow to install a system interrupt handler [RFC,62/73] x86/pvm: Add early kernel event entry and dispatch code [RFC,63/73] x86/pvm: Add hypercall support [RFC,64/73] x86/pvm: Enable PVM event delivery [RFC,65/73] x86/kvm: Patch KVM hypercall as PVM hypercall [RFC,66/73] x86/pvm: Use new cpu feature to describe XENPV and PVM [RFC,67/73] x86/pvm: Implement cpu related PVOPS [RFC,68/73] x86/pvm: Implement irq related PVOPS [RFC,69/73] x86/pvm: Implement mmu related PVOPS [RFC,70/73] x86/pvm: Don't use SWAPGS for gsbase read/write [RFC,71/73] x86/pvm: Adapt pushf/popf in this_cpu_cmpxchg16b_emu() [RFC,72/73] x86/pvm: Use RDTSCP as default in vdso_read_cpunode() [RFC,73/73] x86/pvm: Disable some unsupported syscalls and features

Message ID

20240226143630.33643-25-jiangshanlai@gmail.com (mailing list archive)

State

New, archived

Headers

From: Lai Jiangshan <jiangshanlai@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: Lai Jiangshan <jiangshan.ljs@antgroup.com>,
	Hou Wenlong <houwenlong.hwl@antgroup.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Sean Christopherson <seanjc@google.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Borislav Petkov <bp@alien8.de>,
	Ingo Molnar <mingo@redhat.com>,
	kvm@vger.kernel.org,
	Paolo Bonzini <pbonzini@redhat.com>,
	x86@kernel.org,
	Kees Cook <keescook@chromium.org>,
	Juergen Gross <jgross@suse.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: [RFC PATCH 24/73] KVM: x86/PVM: Introduce PVM mode switching
Date: Mon, 26 Feb 2024 22:35:41 +0800
Message-Id: <20240226143630.33643-25-jiangshanlai@gmail.com>
In-Reply-To: <20240226143630.33643-1-jiangshanlai@gmail.com>
References: <20240226143630.33643-1-jiangshanlai@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

KVM: x86/PVM: Introduce a new hypervisor | expand

Commit Message

Lai Jiangshan Feb. 26, 2024, 2:35 p.m. UTC

From: Lai Jiangshan <jiangshan.ljs@antgroup.com>

In PVM ABI, CPL is not used directly. Instead, supervisor mode and user
mode are used to represent the original CPL0/CPL3 concept. It is assumed
that the kernel runs in supervisor mode and userspace runs in user mode.
From the x86 operating modes perspective, the PVM supervisor mode is a
modified 64-bit long mode. Therefore, 32-bit compatibility mode is not
allowed for the supervisor mode, and its hardware CS must be __USER_CS.

When switching to user mode, the stack and GS base of supervisor mode
are saved into the associated MSRs. When switching back from user mode,
the stack and GS base of supervisor mode are automatically restored from
the MSRs. Therefore, in PVM ABI, the value of MSR_KERNEL_GS_BASE in
supervisor mode is the same as the value of MSR_GS_BASE in supervisor
mode, which does not follow the x86 ABI.

Signed-off-by: Lai Jiangshan <jiangshan.ljs@antgroup.com>
Signed-off-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
---
 arch/x86/kvm/pvm/pvm.c | 129 +++++++++++++++++++++++++++++++++++++++++
 arch/x86/kvm/pvm/pvm.h |   1 +
 2 files changed, 130 insertions(+)

diff --git a/arch/x86/kvm/pvm/pvm.c b/arch/x86/kvm/pvm/pvm.c
index 69f8fbbb6176..3735baee1d5f 100644
--- a/arch/x86/kvm/pvm/pvm.c
+++ b/arch/x86/kvm/pvm/pvm.c
@@ -31,6 +31,22 @@  static bool __read_mostly is_intel;
 
 static unsigned long host_idt_base;
 
+static inline bool is_smod(struct vcpu_pvm *pvm)
+{
+	unsigned long switch_flags = pvm->switch_flags;
+
+	if ((switch_flags & SWITCH_FLAGS_MOD_TOGGLE) == SWITCH_FLAGS_SMOD)
+		return true;
+
+	WARN_ON_ONCE((switch_flags & SWITCH_FLAGS_MOD_TOGGLE) != SWITCH_FLAGS_UMOD);
+	return false;
+}
+
+static inline void pvm_switch_flags_toggle_mod(struct vcpu_pvm *pvm)
+{
+	pvm->switch_flags ^= SWITCH_FLAGS_MOD_TOGGLE;
+}
+
 static inline u16 kernel_cs_by_msr(u64 msr_star)
 {
 	// [47..32]
@@ -80,6 +96,82 @@  static inline void __load_fs_base(struct vcpu_pvm *pvm)
 	wrmsrl(MSR_FS_BASE, pvm->segments[VCPU_SREG_FS].base);
 }
 
+static u64 pvm_read_guest_gs_base(struct vcpu_pvm *pvm)
+{
+	preempt_disable();
+	if (pvm->loaded_cpu_state)
+		__save_gs_base(pvm);
+	preempt_enable();
+
+	return pvm->segments[VCPU_SREG_GS].base;
+}
+
+static u64 pvm_read_guest_fs_base(struct vcpu_pvm *pvm)
+{
+	preempt_disable();
+	if (pvm->loaded_cpu_state)
+		__save_fs_base(pvm);
+	preempt_enable();
+
+	return pvm->segments[VCPU_SREG_FS].base;
+}
+
+static u64 pvm_read_guest_kernel_gs_base(struct vcpu_pvm *pvm)
+{
+	return pvm->msr_kernel_gs_base;
+}
+
+static void pvm_write_guest_gs_base(struct vcpu_pvm *pvm, u64 data)
+{
+	preempt_disable();
+	pvm->segments[VCPU_SREG_GS].base = data;
+	if (pvm->loaded_cpu_state)
+		__load_gs_base(pvm);
+	preempt_enable();
+}
+
+static void pvm_write_guest_fs_base(struct vcpu_pvm *pvm, u64 data)
+{
+	preempt_disable();
+	pvm->segments[VCPU_SREG_FS].base = data;
+	if (pvm->loaded_cpu_state)
+		__load_fs_base(pvm);
+	preempt_enable();
+}
+
+static void pvm_write_guest_kernel_gs_base(struct vcpu_pvm *pvm, u64 data)
+{
+	pvm->msr_kernel_gs_base = data;
+}
+
+// switch_to_smod() and switch_to_umod() switch the mode (smod/umod) and
+// the CR3.  No vTLB flushing when switching the CR3 per PVM Spec.
+static inline void switch_to_smod(struct kvm_vcpu *vcpu)
+{
+	struct vcpu_pvm *pvm = to_pvm(vcpu);
+
+	pvm_switch_flags_toggle_mod(pvm);
+	kvm_mmu_new_pgd(vcpu, pvm->msr_switch_cr3);
+	swap(pvm->msr_switch_cr3, vcpu->arch.cr3);
+
+	pvm_write_guest_gs_base(pvm, pvm->msr_kernel_gs_base);
+	kvm_rsp_write(vcpu, pvm->msr_supervisor_rsp);
+
+	pvm->hw_cs = __USER_CS;
+	pvm->hw_ss = __USER_DS;
+}
+
+static inline void switch_to_umod(struct kvm_vcpu *vcpu)
+{
+	struct vcpu_pvm *pvm = to_pvm(vcpu);
+
+	pvm->msr_supervisor_rsp = kvm_rsp_read(vcpu);
+
+	pvm_switch_flags_toggle_mod(pvm);
+	kvm_mmu_new_pgd(vcpu, pvm->msr_switch_cr3);
+	swap(pvm->msr_switch_cr3, vcpu->arch.cr3);
+}
+
 /*
  * Test whether DS, ES, FS and GS need to be reloaded.
  *
@@ -309,6 +401,15 @@  static int pvm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	int ret = 0;
 
 	switch (msr_info->index) {
+	case MSR_FS_BASE:
+		msr_info->data = pvm_read_guest_fs_base(pvm);
+		break;
+	case MSR_GS_BASE:
+		msr_info->data = pvm_read_guest_gs_base(pvm);
+		break;
+	case MSR_KERNEL_GS_BASE:
+		msr_info->data = pvm_read_guest_kernel_gs_base(pvm);
+		break;
 	case MSR_STAR:
 		msr_info->data = pvm->msr_star;
 		break;
@@ -352,6 +453,9 @@  static int pvm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_PVM_RETS_RIP:
 		msr_info->data = pvm->msr_rets_rip_plus2 - 2;
 		break;
+	case MSR_PVM_SWITCH_CR3:
+		msr_info->data = pvm->msr_switch_cr3;
+		break;
 	default:
 		ret = kvm_get_msr_common(vcpu, msr_info);
 	}
@@ -372,6 +476,15 @@  static int pvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	u64 data = msr_info->data;
 
 	switch (msr_index) {
+	case MSR_FS_BASE:
+		pvm_write_guest_fs_base(pvm, data);
+		break;
+	case MSR_GS_BASE:
+		pvm_write_guest_gs_base(pvm, data);
+		break;
+	case MSR_KERNEL_GS_BASE:
+		pvm_write_guest_kernel_gs_base(pvm, data);
+		break;
 	case MSR_STAR:
 		/*
 		 * Guest KERNEL_CS/DS shouldn't be NULL and guest USER_CS/DS
@@ -436,6 +549,9 @@  static int pvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_PVM_RETS_RIP:
 		pvm->msr_rets_rip_plus2 = msr_info->data + 2;
 		break;
+	case MSR_PVM_SWITCH_CR3:
+		pvm->msr_switch_cr3 = msr_info->data;
+		break;
 	default:
 		ret = kvm_set_msr_common(vcpu, msr_info);
 	}
@@ -443,6 +559,13 @@  static int pvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	return ret;
 }
 
+static int pvm_get_cpl(struct kvm_vcpu *vcpu)
+{
+	if (is_smod(to_pvm(vcpu)))
+		return 0;
+	return 3;
+}
+
 static void pvm_setup_mce(struct kvm_vcpu *vcpu)
 {
 }
@@ -683,6 +806,11 @@  static fastpath_t pvm_vcpu_run(struct kvm_vcpu *vcpu)
 
 	pvm_vcpu_run_noinstr(vcpu);
 
+	if (is_smod(pvm)) {
+		if (pvm->hw_cs != __USER_CS || pvm->hw_ss != __USER_DS)
+			kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
+	}
+
 	pvm_load_host_xsave_state(vcpu);
 
 	return EXIT_FASTPATH_NONE;
@@ -949,6 +1077,7 @@  static struct kvm_x86_ops pvm_x86_ops __initdata = {
 	.get_msr_feature = pvm_get_msr_feature,
 	.get_msr = pvm_get_msr,
 	.set_msr = pvm_set_msr,
+	.get_cpl = pvm_get_cpl,
 	.load_mmu_pgd = pvm_load_mmu_pgd,
 
 	.vcpu_pre_run = pvm_vcpu_pre_run,
diff --git a/arch/x86/kvm/pvm/pvm.h b/arch/x86/kvm/pvm/pvm.h
index 57ca2e901e0d..b0c633ce2987 100644
--- a/arch/x86/kvm/pvm/pvm.h
+++ b/arch/x86/kvm/pvm/pvm.h
@@ -61,6 +61,7 @@  struct vcpu_pvm {
 	u64 unused_MSR_IA32_SYSENTER_CS;
 	u64 unused_MSR_IA32_SYSENTER_EIP;
 	u64 unused_MSR_IA32_SYSENTER_ESP;
+	u64 msr_kernel_gs_base;
 	u64 msr_tsc_aux;
 	/*
 	 * Only bits masked by msr_ia32_feature_control_valid_bits can be set in

[RFC,24/73] KVM: x86/PVM: Introduce PVM mode switching

Commit Message

Patch