From patchwork Fri Jan 3 08:18:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Manali Shukla X-Patchwork-Id: 13925318 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2071.outbound.protection.outlook.com [40.107.220.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 763AE1C5F38; Fri, 3 Jan 2025 08:18:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735892336; cv=fail; b=SQscFXZBjKa3SZY1nnfvTT4jCt4RiXbb8/Wj7q/x9e8hTyXgvumE9uU/rmRI6nUyqW1+QT4z2AjJ8ObL4Z8vULcVPCTykFc8vZOs+Cj20eNxr0iJku1GbSlUuDDtT7K/7Y9GDWr27O0SerkHcB6nTOYSDKzoT4w34mo27y4oXUk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735892336; c=relaxed/simple; bh=OluUnzRJIt9HxfvzNQ2E+b4trgLt4WEmEmw08MGotVQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gan5m42BBfL+Y+F7RbPc00WgaQapO0rAwz55oGgkK3Z3TnMQsL9gmnbYY9FtZVM++o/sQQ/9t8lAdCWT670zJ2myF/HaoHDm7LNRDamClHhzB0NC/4wrH8h1L/KaQydKzc0eyBBNf+EyKXI0GmLjh0DN/uq/6F8B2AKwYEV8/lI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=fDVYiv2w; arc=fail smtp.client-ip=40.107.220.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="fDVYiv2w" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=U+ySbTszCtfNQXE1j6ou5M4Z0/clIDCwf/qqj3eHydjliQiTvJ8JMrSu33RYXeekVNg1DRUvBlHDUOimqOG1IA/IPdaI08oHJGkpltwRiU0dGh+vzsbtBnj5QqZNezDeRSVA4EwIikTX27FnZ11S+jOvHlNQipOgXUPAnhv7EobbXhK+6HXdBKrUKCXKiH8OD8Q4ptvqoh53U1bM99lIuizE+eY1HGoNXRlwI55Bh+Gy15nwX/pvgpdd6H9d06sL4/T4kKjhTPqSanFqAq+imlNN5uL1oKdtzJnnD3dx67Gn1NH8r3Zc5ziOg87oN4QtbKvthSRoz2tU0/qxiNPKhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=auOWSh9x6pE0Kir9tlEna/TO7Bk3zjU2GgWIEfQjFmE=; b=LUIUvqHdbJqg3KYSXBO45oMROG/Dz4HiFU9ypyDi/gB5j0pHiXvF8QU/iCnNQ6HuqUXlVDSQonrc1PQ78xj+AJ45fZNSDA9wURoD4ABhdQ0+wNdxs8ux3vKrE+X/O0AsID7CXptoVAWvytqIV3RoUo2tbESay+lPieo5fYuujIi1D7uwLwSv5QlsZ9J6KxGnXVNA3GBephgW3V8n5GcxtHRxb3eHWZP1xUH9be6B+D5Hf4J/x+0Y6GJLC3NquBBCL5lySU+0WSFo7JJ/QvaiWZT+L5nlgGw7WwsmPSUTlrY9H9w1ZwEJ1G0tF9EYnOqtnsLAKX1lt2Nv7fukc7bOHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=auOWSh9x6pE0Kir9tlEna/TO7Bk3zjU2GgWIEfQjFmE=; b=fDVYiv2wr/idv/qa9aBrvOXc0+jAWccJiXxgVPFnl8CkXFsWhOTvXec/Akj3s3qplSeR7Kczi+oTkB0+VNRfQyyfuM4RZOqakb7TyUQkDppioiyNtDK6vZIncDxz8awMjxd+uh5M+DQJsUXXPquOdJF6CaFB95q+4bbQLKFA9gs= Received: from DS7PR07CA0015.namprd07.prod.outlook.com (2603:10b6:5:3af::26) by SJ1PR12MB6363.namprd12.prod.outlook.com (2603:10b6:a03:453::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.12; Fri, 3 Jan 2025 08:18:46 +0000 Received: from CY4PEPF0000EDD0.namprd03.prod.outlook.com (2603:10b6:5:3af:cafe::1a) by DS7PR07CA0015.outlook.office365.com (2603:10b6:5:3af::26) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.14 via Frontend Transport; Fri, 3 Jan 2025 08:18:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD0.mail.protection.outlook.com (10.167.241.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8314.11 via Frontend Transport; Fri, 3 Jan 2025 08:18:45 +0000 Received: from chalupa-d178host.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 3 Jan 2025 02:18:44 -0600 From: Manali Shukla To: , CC: , , , , , , , , Subject: [PATCH v5 2/3] KVM: SVM: Add Idle HLT intercept support Date: Fri, 3 Jan 2025 08:18:27 +0000 Message-ID: <20250103081828.7060-3-manali.shukla@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250103081828.7060-1-manali.shukla@amd.com> References: <20250103081828.7060-1-manali.shukla@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD0:EE_|SJ1PR12MB6363:EE_ X-MS-Office365-Filtering-Correlation-Id: 483e5510-c37c-45d8-abd0-08dd2bcf3e4d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|376014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?ItifZghW54sW4RcuWJiJkwV8dO4UmEA?= =?utf-8?q?RIvnkC+5EutK4W58iFY0qcajDfTe04tjypS+N5qnf7vaQme+YPxFxw7hkMWZvr4K3?= =?utf-8?q?1lRLvr+u4EUQn9hJjDncR2AXHON7wz39WuSKt230TnEtubOOvtReuzAg/U0AMnatK?= =?utf-8?q?xZjTgcj0vsQKKGyQXBXr0OOKDh/d1qZ9JB2p7aL+ejilCnSz35jL6apQktmbY0J5g?= =?utf-8?q?0V+g/68CgIMxO49OL2D/7JxRkZj46WaJg+tsKuR4jwHOGUnRUeU8ZC2TbC8gET29I?= =?utf-8?q?lSzrSlE+a+bXZ2VYQ6OwVF6ucnaSu9Eb3RgHz0HAgiq/M5YjRdzOSae+6lhYhXTP3?= =?utf-8?q?o0FynrMTZ0Say+IROQPtpYOZQNHALjph0zc/hr4NJ7GMAktutTCH7mXzzYO5ATe/1?= =?utf-8?q?ZBABIA8wFYl357bcADargqGkDUMh7DUOhTyLi5nD0M87pfsBsNWkBX3qGqd80xq2f?= =?utf-8?q?LlR+HL7tzKUvqJXVq7b/roK/B4LhHHGmqVF+GGBCCr7nT1TN5EYaNPGY8krQWzJAH?= =?utf-8?q?F61CU/Fvd7S6BOdkSOJwjmxDSDiNF4MhcEIFfCdGO54k8PWx8uJMk4taePVaPCWXF?= =?utf-8?q?FAqAmLzhQoSUfnJg+0NXmI/GnmVqr8Y9F6BfoZa5IlfPoBXTKWMjB6p3gYo7VpNWJ?= =?utf-8?q?E7rJwJIOkJM2GTijoBdhpqzpdNeP7nKR9Z9XApvtN1mXCsvifiN8OGmbil2wtp8xT?= =?utf-8?q?ngbajV4T6IcNWg76WiE9lZy9k+OwDW8ZO+FhCu6/0VwfQ4UGxAL9BR2U/a4v3bFfr?= =?utf-8?q?TErz85TRfZFWpP5ddj2NWPCU1+UOpWoJrudMlOt65aUtyEp9+5AHquQtGYZBSLw/i?= =?utf-8?q?g/Vnj+Q5f01cVLFlY7dCk7Il7nUH6c4V4zS4l7BRHljhrDQrOF8GK1TY1cXMP5dr4?= =?utf-8?q?G1E9CACCiIrCKvAOPJ96otjFOPx+KVpon3jb/xAUonX1ncG+Q0vyOZScORIRnK/sD?= =?utf-8?q?tT24rSFMk3VQp7iSP72/wwkMfAXr0pHdtxW4hXWhyjtOa0L+nIIX6T4GjWU+HubYQ?= =?utf-8?q?h19qIIIonkVghf4xTv80Pk6RQZl2e5SdKmnPcB76JIQsps9bTaD28S/2pwyJhD9FL?= =?utf-8?q?JTnhyoY4Ort15JxrB7gIZS1Rlm4/cQzpNuQvu5kaf39KjhNzg6+GfRw+7FY/kpkt5?= =?utf-8?q?8mdGvdgMEnQtrxV6ZbLTknu3R7L5QQ+OBZv1xsnlmhzrXkRotrlNu4w8kcpBHoKko?= =?utf-8?q?0L4a0f2bXhhSbrKHVmUJXBB16nk5gABZJ1hWtvBxfTfLEzmPWpF+w82LSHMxHr5Tl?= =?utf-8?q?G8uXxJS1jwEyw8bD4xDHRfHzNs/d3UiVmKaKDNf/jFU4OI+LzIsOXS/zxGZqhI+gi?= =?utf-8?q?A/S8BhmcnPMiqa0qW+TY40L+PcG7q4zMWKa3qAo53sD9VE1Ta/X7UAuPJeRIABe9F?= =?utf-8?q?gW3UiRdaLqEOa8c4ATSHxE7i6A2azW0Ru2kXdrwN3f65vEfGLx/gjw=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jan 2025 08:18:45.8418 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 483e5510-c37c-45d8-abd0-08dd2bcf3e4d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD0.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6363 From: Manali Shukla The hypervisor can intercept the HLT instruction by setting the HLT-Intercept Bit in VMCB, causing a VMEXIT. This can be wasteful if there are pending V_INTR and V_NMI events, as the hypervisor must then initiate a VMRUN to handle them. If the HLT-Intercept Bit is cleared and the vCPU executes HLT while there are pending V_INTR and V_NMI events, the hypervisor won’t detect them, potentially causing indefinite suspension of the vCPU. This poses a problem for enlightened guests who wish to securely handle the events. For Secure AVIC scenarios, if a guest does a HLT while an interrupt is pending (in IRR), the hypervisor does not have a way to figure out whether the guest needs to be re-entered, as it cannot read the guest backing page. The Idle HLT intercept feature allows the hypervisor to intercept HLT execution only if there are no pending V_INTR and V_NMI events. There are two use cases for the Idle HLT intercept feature: - Secure VMs that wish to handle pending events securely without exiting to the hypervisor on HLT (Secure AVIC). - Optimization for all the VMs to avoid a wasteful VMEXIT during HLT when there are pending events. On discovering the Idle HLT Intercept, the KVM hypervisor, Sets the Idle HLT Intercept bit (bit (6), offset 0x14h) in the VMCB. When the Idle HLT Intercept bit is set, HLT Intercept bit (bit (0), offset 0xFh) should be cleared. Before entering the HLT state, the HLT instruction performs checks in following order: - The HLT intercept check, if set, it unconditionally triggers SVM_EXIT_HLT (0x78). - The Idle HLT intercept check, if set and there are no pending V_INTR or V_NMI events, triggers SVM_EXIT_IDLE_HLT (0xA6). Details about the Idle HLT intercept feature can be found in AMD APM [1]. [1]: AMD64 Architecture Programmer's Manual Pub. 24593, April 2024, Vol 2, 15.9 Instruction Intercepts (Table 15-7: IDLE_HLT). https://bugzilla.kernel.org/attachment.cgi?id=306250 Signed-off-by: Manali Shukla --- arch/x86/include/asm/svm.h | 1 + arch/x86/include/uapi/asm/svm.h | 2 ++ arch/x86/kvm/svm/svm.c | 13 ++++++++++--- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 2b59b9951c90..992050cb83d0 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -116,6 +116,7 @@ enum { INTERCEPT_INVPCID, INTERCEPT_MCOMMIT, INTERCEPT_TLBSYNC, + INTERCEPT_IDLE_HLT = 166, }; diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 1814b413fd57..ec1321248dac 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -95,6 +95,7 @@ #define SVM_EXIT_CR14_WRITE_TRAP 0x09e #define SVM_EXIT_CR15_WRITE_TRAP 0x09f #define SVM_EXIT_INVPCID 0x0a2 +#define SVM_EXIT_IDLE_HLT 0x0a6 #define SVM_EXIT_NPF 0x400 #define SVM_EXIT_AVIC_INCOMPLETE_IPI 0x401 #define SVM_EXIT_AVIC_UNACCELERATED_ACCESS 0x402 @@ -224,6 +225,7 @@ { SVM_EXIT_CR4_WRITE_TRAP, "write_cr4_trap" }, \ { SVM_EXIT_CR8_WRITE_TRAP, "write_cr8_trap" }, \ { SVM_EXIT_INVPCID, "invpcid" }, \ + { SVM_EXIT_IDLE_HLT, "idle-halt" }, \ { SVM_EXIT_NPF, "npf" }, \ { SVM_EXIT_AVIC_INCOMPLETE_IPI, "avic_incomplete_ipi" }, \ { SVM_EXIT_AVIC_UNACCELERATED_ACCESS, "avic_unaccelerated_access" }, \ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 78daedf6697b..36f307e71d5d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1296,8 +1296,12 @@ static void init_vmcb(struct kvm_vcpu *vcpu) svm_set_intercept(svm, INTERCEPT_MWAIT); } - if (!kvm_hlt_in_guest(vcpu->kvm)) - svm_set_intercept(svm, INTERCEPT_HLT); + if (!kvm_hlt_in_guest(vcpu->kvm)) { + if (cpu_feature_enabled(X86_FEATURE_IDLE_HLT)) + svm_set_intercept(svm, INTERCEPT_IDLE_HLT); + else + svm_set_intercept(svm, INTERCEPT_HLT); + } control->iopm_base_pa = iopm_base; control->msrpm_base_pa = __sme_set(__pa(svm->msrpm)); @@ -3341,6 +3345,7 @@ static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) = { [SVM_EXIT_CR4_WRITE_TRAP] = cr_trap, [SVM_EXIT_CR8_WRITE_TRAP] = cr_trap, [SVM_EXIT_INVPCID] = invpcid_interception, + [SVM_EXIT_IDLE_HLT] = kvm_emulate_halt, [SVM_EXIT_NPF] = npf_interception, [SVM_EXIT_RSM] = rsm_interception, [SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception, @@ -3503,7 +3508,7 @@ int svm_invoke_exit_handler(struct kvm_vcpu *vcpu, u64 exit_code) return interrupt_window_interception(vcpu); else if (exit_code == SVM_EXIT_INTR) return intr_interception(vcpu); - else if (exit_code == SVM_EXIT_HLT) + else if (exit_code == SVM_EXIT_HLT || exit_code == SVM_EXIT_IDLE_HLT) return kvm_emulate_halt(vcpu); else if (exit_code == SVM_EXIT_NPF) return npf_interception(vcpu); @@ -5224,6 +5229,8 @@ static __init void svm_set_cpu_caps(void) if (vnmi) kvm_cpu_cap_set(X86_FEATURE_VNMI); + kvm_cpu_cap_check_and_set(X86_FEATURE_IDLE_HLT); + /* Nested VM can receive #VMEXIT instead of triggering #GP */ kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK); }