[v4,06/19] KVM: VMX: Set FRED MSR interception

Message ID	20250328171205.2029296-7-xin@zytor.com (mailing list archive)
State	New
Headers	show Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB4451DB15C; Fri, 28 Mar 2025 17:13:12 +0000 (UTC) From: "Xin Li (Intel)" <xin@zytor.com> To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Cc: corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, andrew.cooper3@citrix.com, luto@kernel.org, peterz@infradead.org, chao.gao@intel.com, xin3.li@intel.com Subject: [PATCH v4 06/19] KVM: VMX: Set FRED MSR interception Date: Fri, 28 Mar 2025 10:11:52 -0700 Message-ID: <20250328171205.2029296-7-xin@zytor.com> In-Reply-To: <20250328171205.2029296-1-xin@zytor.com> References: <20250328171205.2029296-1-xin@zytor.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Enable FRED with KVM VMX \| expand [v4,00/19] Enable FRED with KVM VMX [v4,01/19] KVM: VMX: Add support for the secondary VM exit controls [v4,02/19] KVM: VMX: Initialize VM entry/exit FRED controls in vmcs_config [v4,03/19] KVM: VMX: Disable FRED if FRED consistency checks fail [v4,04/19] x86/cea: Export per CPU array 'cea_exception_stacks' for KVM to use [v4,05/19] KVM: VMX: Initialize VMCS FRED fields [v4,06/19] KVM: VMX: Set FRED MSR interception [v4,07/19] KVM: VMX: Save/restore guest FRED RSP0 [v4,08/19] KVM: VMX: Add support for FRED context save/restore [v4,09/19] KVM: x86: Add a helper to detect if FRED is enabled for a vCPU [v4,10/19] KVM: VMX: Virtualize FRED event_data [v4,11/19] KVM: VMX: Virtualize FRED nested exception tracking [v4,12/19] KVM: x86: Save/restore the nested flag of an exception [v4,13/19] KVM: x86: Mark CR4.FRED as not reserved [v4,14/19] KVM: VMX: Dump FRED context in dump_vmcs() [v4,15/19] KVM: x86: Allow FRED/LKGS to be advertised to guests [v4,16/19] KVM: nVMX: Add support for the secondary VM exit controls [v4,17/19] KVM: nVMX: Add FRED VMCS fields to nested VMX context management [v4,18/19] KVM: nVMX: Add VMCS FRED states checking [v4,19/19] KVM: nVMX: Allow VMX FRED controls

Message ID

20250328171205.2029296-7-xin@zytor.com (mailing list archive)

State

New

Headers

From: "Xin Li (Intel)" <xin@zytor.com>
To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org,
        linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: corbet@lwn.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
        dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
        andrew.cooper3@citrix.com, luto@kernel.org, peterz@infradead.org,
        chao.gao@intel.com, xin3.li@intel.com
Subject: [PATCH v4 06/19] KVM: VMX: Set FRED MSR interception
Date: Fri, 28 Mar 2025 10:11:52 -0700
Message-ID: <20250328171205.2029296-7-xin@zytor.com>
In-Reply-To: <20250328171205.2029296-1-xin@zytor.com>
References: <20250328171205.2029296-1-xin@zytor.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Enable FRED with KVM VMX | expand

Commit Message

Xin Li (Intel) March 28, 2025, 5:11 p.m. UTC

From: Xin Li <xin3.li@intel.com>

Add FRED MSRs to the VMX passthrough MSR list and set FRED MSRs
interception.

8 FRED MSRs, i.e., MSR_IA32_FRED_RSP[123], MSR_IA32_FRED_STKLVLS,
MSR_IA32_FRED_SSP[123] and MSR_IA32_FRED_CONFIG, are all safe to
be passthrough, because they all have a pair of corresponding host
and guest VMCS fields.

Both MSR_IA32_FRED_RSP0 and MSR_IA32_FRED_SSP0 are dedicated for
userspace event delivery only, IOW they are NOT used in any kernel
event delivery and the execution of ERETS.  Thus KVM can run safely
with guest values in the 2 MSRs.  As a result, save and restore of
their guest values are deferred until vCPU context switch and their
host values are restored upon host returning to userspace.

Signed-off-by: Xin Li <xin3.li@intel.com>
Signed-off-by: Xin Li (Intel) <xin@zytor.com>
Tested-by: Shan Kang <shan.kang@intel.com>
---
 arch/x86/kvm/vmx/vmx.c | 40 ++++++++++++++++++++++++++++++++++++++++
 arch/x86/kvm/vmx/vmx.h |  2 +-
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index ac6aa2d091c3..236fe5428a74 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -176,6 +176,16 @@  static u32 vmx_possible_passthrough_msrs[MAX_POSSIBLE_PASSTHROUGH_MSRS] = {
 	MSR_FS_BASE,
 	MSR_GS_BASE,
 	MSR_KERNEL_GS_BASE,
+	MSR_IA32_FRED_RSP0,
+	MSR_IA32_FRED_RSP1,
+	MSR_IA32_FRED_RSP2,
+	MSR_IA32_FRED_RSP3,
+	MSR_IA32_FRED_STKLVLS,
+	MSR_IA32_FRED_SSP1,
+	MSR_IA32_FRED_SSP2,
+	MSR_IA32_FRED_SSP3,
+	MSR_IA32_FRED_CONFIG,
+	MSR_IA32_FRED_SSP0,		/* Should be added through CET */
 	MSR_IA32_XFD,
 	MSR_IA32_XFD_ERR,
 #endif
@@ -7935,6 +7945,34 @@  static void update_intel_pt_cfg(struct kvm_vcpu *vcpu)
 		vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4));
 }
 
+static void vmx_set_intercept_for_fred_msr(struct kvm_vcpu *vcpu)
+{
+	bool flag = !guest_cpu_cap_has(vcpu, X86_FEATURE_FRED);
+
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP1, MSR_TYPE_RW, flag);
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP2, MSR_TYPE_RW, flag);
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP3, MSR_TYPE_RW, flag);
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_STKLVLS, MSR_TYPE_RW, flag);
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP1, MSR_TYPE_RW, flag);
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP2, MSR_TYPE_RW, flag);
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_SSP3, MSR_TYPE_RW, flag);
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_CONFIG, MSR_TYPE_RW, flag);
+
+	/*
+	 * IA32_FRED_RSP0 and IA32_PL0_SSP (a.k.a. IA32_FRED_SSP0) are only used
+	 * for delivering events when running userspace, while KVM always runs in
+	 * kernel mode (the CPL is always 0 after any VM exit), thus KVM can run
+	 * safely with guest IA32_FRED_RSP0 and IA32_PL0_SSP.
+	 *
+	 * As a result, no need to intercept IA32_FRED_RSP0 and IA32_PL0_SSP.
+	 *
+	 * Note, save and restore of IA32_PL0_SSP belong to CET supervisor context
+	 * management no matter whether FRED is enabled or not.  So leave its
+	 * state management to CET code.
+	 */
+	vmx_set_intercept_for_msr(vcpu, MSR_IA32_FRED_RSP0, MSR_TYPE_RW, flag);
+}
+
 void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
@@ -8007,6 +8045,8 @@  void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
 
 	/* Refresh #PF interception to account for MAXPHYADDR changes. */
 	vmx_update_exception_bitmap(vcpu);
+
+	vmx_set_intercept_for_fred_msr(vcpu);
 }
 
 static __init u64 vmx_get_perf_capabilities(void)
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index d53904db5d1a..f48791cf6aa6 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -356,7 +356,7 @@  struct vcpu_vmx {
 	struct lbr_desc lbr_desc;
 
 	/* Save desired MSR intercept (read: pass-through) state */
-#define MAX_POSSIBLE_PASSTHROUGH_MSRS	16
+#define MAX_POSSIBLE_PASSTHROUGH_MSRS	26
 	struct {
 		DECLARE_BITMAP(read, MAX_POSSIBLE_PASSTHROUGH_MSRS);
 		DECLARE_BITMAP(write, MAX_POSSIBLE_PASSTHROUGH_MSRS);

[v4,06/19] KVM: VMX: Set FRED MSR interception

Commit Message

Patch