| Message ID | 20210914154825.104886-1-mlevitsk@redhat.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | nSVM fixes and optional features | expand |
On 14/09/21 17:48, Maxim Levitsky wrote: > Those are few patches I was working on lately, all somewhat related > to the two CVEs that I found recently. > > First 7 patches fix various minor bugs that relate to these CVEs. > > The rest of the patches implement various optional SVM features, > some of which the guest could enable anyway due to incorrect > checking of virt_ext field. > > Last patch is somewhat an RFC, I would like to hear your opinion > on that. > > I also implemented nested TSC scaling while at it. > > As for other optional SVM features here is my summary of few features > I took a look at: > > X86_FEATURE_DECODEASSISTS: > this feature should make it easier > for the L1 to emulate an instruction on MMIO access, by not > needing to read the guest memory but rather using the instruction > bytes that the CPU already fetched. > > The challenge of implementing this is that we sometimes inject > #PF and #NPT syntenically and in those cases we must be sure > we set the correct instruction bytes. > > Also this feature adds assists for MOV CR/DR, INTn, and INVLPG, > which aren't that interesting but must be supported as well to > expose this feature to the nested guest. > > X86_FEATURE_VGIF > Might allow the L2 to run the L3 a bit faster, but due to crazy complex > logic we already have around int_ctl and vgif probably not worth it. > > X86_FEATURE_VMCBCLEAN > Should just be enabled, because otherwise L1 doesn't even attempt > to set the clean bits. But we need to know if we can take an > advantage of these bits first. > > X86_FEATURE_FLUSHBYASID > X86_FEATURE_AVIC > These two features would be very good to enable, but that > would require lots of work, and will be done eventually. > > There are few more nested SVM features that I didn't yet had a > chance to take a look at. > > Best regards, > Maxim Levitsky > > Maxim Levitsky (14): > KVM: x86: nSVM: restore int_vector in svm_clear_vintr > KVM: x86: selftests: test simultaneous uses of V_IRQ from L1 and L0 > KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround > KVM: x86: nSVM: don't copy pause related settings > KVM: x86: nSVM: don't copy virt_ext from vmcb12 > KVM: x86: SVM: don't set VMLOAD/VMSAVE intercepts on vCPU reset > KVM: x86: SVM: add warning for CVE-2021-3656 > KVM: x86: SVM: add module param to control LBR virtualization > KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running > KVM: x86: nSVM: implement nested LBR virtualization > KVM: x86: nSVM: implement nested VMLOAD/VMSAVE > KVM: x86: SVM: add module param to control TSC scaling > KVM: x86: nSVM: implement nested TSC scaling > KVM: x86: nSVM: support PAUSE filter threshold and count > > arch/x86/kvm/svm/nested.c | 105 +++++++-- > arch/x86/kvm/svm/svm.c | 218 +++++++++++++++--- > arch/x86/kvm/svm/svm.h | 20 +- > arch/x86/kvm/vmx/vmx.c | 1 + > arch/x86/kvm/x86.c | 1 + > tools/testing/selftests/kvm/.gitignore | 1 + > tools/testing/selftests/kvm/Makefile | 1 + > .../selftests/kvm/x86_64/svm_int_ctl_test.c | 128 ++++++++++ > 8 files changed, 427 insertions(+), 48 deletions(-) > create mode 100644 tools/testing/selftests/kvm/x86_64/svm_int_ctl_test.c > Queued more patches, with 9-10-11-14 left now. Paolo