From patchwork Wed Aug 5 21:21:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 11702553 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B3825722 for ; Wed, 5 Aug 2020 21:21:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9E87222CAE for ; Wed, 5 Aug 2020 21:21:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="t7pTWPde" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726398AbgHEVVo (ORCPT ); Wed, 5 Aug 2020 17:21:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726233AbgHEVVl (ORCPT ); Wed, 5 Aug 2020 17:21:41 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 625A5C06174A for ; Wed, 5 Aug 2020 14:21:41 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id g127so14732532ybf.11 for ; Wed, 05 Aug 2020 14:21:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=yQtZaZXi+U75DJ3qF2YeU3Fjk111QGLsB9W7wdn91GA=; b=t7pTWPdebF0bfhcL89P7swWBkn+mBQvQA9TOHfmNvcDmFWUnYpC6tIt10M8b5uwqzy VJqimRCIC0QT6snmk+1D+rG2NF8O+mDPwPnxAGHRd3Uk0gQQR7RBrEWz6F7epHFX0mGP 4tc4nd8gI/DupSg4aUgnILA7ctu2PIkIBAlyKqqX15M/hXPBXt4uuZKvROEMgxN9eN6q q/fUTwpara+3uNn/rEG9ER8lxqmnbD0Hfd2tY1fDZZbEJLuhzbl8u7ae9ZuTs3XTpTrR n5iWnS1g1XdGqvZgd/bmzDwRdGA6C473nYAVU05FAKDC4CCRTto2vgDq0gc8Se5KyQAG Myzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=yQtZaZXi+U75DJ3qF2YeU3Fjk111QGLsB9W7wdn91GA=; b=NSY2lv94G6N2w7KCFWusgBuoy5kAsSq9pEYQc+g/9htJeUss1+uIbrP5M7AjQ5Feer yiylGzurFoivW1kxcgJYg9nrNR8DWEm17GHuMqA85cftc2T3xLjAEtDxe0gIUd9vanmG v9w8FzHOSDVGTvR5ibBx+HC4iTWBk9Eejfws2SzNCTcTqG04hc5kOxykhTyQIUch1q0+ YV3u1Un/8BHGSTBup/b5nwiOaJEv5IEU2KNXUlUXwM15qKX/6YVtiBAkKk5juU4Z2Abn 3bbSwWEiHH/K2eQMO5g+hS2P6I+KAnhGTkgNM9RamArK0VnoaWHYZMDqKmLcFK3slvHM tIbg== X-Gm-Message-State: AOAM531mJnGZ7zv3/1wXnsVuRTAUTiSJRVh5x04Zm3nyPbzXgcbBo2CL gKZZZkwEJjCIbh3gpxTXcqrNF6R+XEZuLLyABbQeU1QvL0RfMszr5GsOY6HAIE/2jROiOI6kqMo s8AKCvoyhTEqEbsKEqaZjk+OWwQRe+TN8WJDF0J0dAD9oCxWl0j26JmtNeQ== X-Google-Smtp-Source: ABdhPJydJVXkSb37TwBwuFz9m1W1D23r2m9X9q/aeb6i5EVrtSorhWO2TZeCqIB4Q1uR7goI/xGF9B5gk8E= X-Received: by 2002:a25:a88:: with SMTP id 130mr7575300ybk.52.1596662499619; Wed, 05 Aug 2020 14:21:39 -0700 (PDT) Date: Wed, 5 Aug 2020 21:21:28 +0000 In-Reply-To: <20200805212131.2059634-1-oupton@google.com> Message-Id: <20200805212131.2059634-2-oupton@google.com> Mime-Version: 1.0 References: <20200805212131.2059634-1-oupton@google.com> X-Mailer: git-send-email 2.28.0.236.gb10cc79966-goog Subject: [PATCH v2 1/4] kvm: x86: encapsulate wrmsr(MSR_KVM_SYSTEM_TIME) emulation in helper fn From: Oliver Upton To: kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Oliver Upton , Jim Mattson , Peter Shier Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org No functional change intended. Reviewed-by: Jim Mattson Reviewed-by: Peter Shier Signed-off-by: Oliver Upton --- arch/x86/kvm/x86.c | 58 +++++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 26 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index dc4370394ab8..d18582aefa9f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1822,6 +1822,34 @@ static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) kvm_write_guest(kvm, wall_clock, &version, sizeof(version)); } +void kvm_write_system_time(struct kvm_vcpu *vcpu, gpa_t system_time, + bool old_msr, bool host_initiated) +{ + struct kvm_arch *ka = &vcpu->kvm->arch; + + if (vcpu->vcpu_id == 0 && !host_initiated) { + if (ka->boot_vcpu_runs_old_kvmclock && old_msr) + kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu); + + ka->boot_vcpu_runs_old_kvmclock = old_msr; + } + + vcpu->arch.time = system_time; + kvm_make_request(KVM_REQ_GLOBAL_CLOCK_UPDATE, vcpu); + + /* we verify if the enable bit is set... */ + vcpu->arch.pv_time_enabled = false; + if (!(system_time & 1)) + return; + + if (!kvm_gfn_to_hva_cache_init(vcpu->kvm, + &vcpu->arch.pv_time, system_time & ~1ULL, + sizeof(struct pvclock_vcpu_time_info))) + vcpu->arch.pv_time_enabled = true; + + return; +} + static uint32_t div_frac(uint32_t dividend, uint32_t divisor) { do_shl32_div32(dividend, divisor); @@ -2973,33 +3001,11 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) kvm_write_wall_clock(vcpu->kvm, data); break; case MSR_KVM_SYSTEM_TIME_NEW: - case MSR_KVM_SYSTEM_TIME: { - struct kvm_arch *ka = &vcpu->kvm->arch; - - if (vcpu->vcpu_id == 0 && !msr_info->host_initiated) { - bool tmp = (msr == MSR_KVM_SYSTEM_TIME); - - if (ka->boot_vcpu_runs_old_kvmclock != tmp) - kvm_make_request(KVM_REQ_MASTERCLOCK_UPDATE, vcpu); - - ka->boot_vcpu_runs_old_kvmclock = tmp; - } - - vcpu->arch.time = data; - kvm_make_request(KVM_REQ_GLOBAL_CLOCK_UPDATE, vcpu); - - /* we verify if the enable bit is set... */ - vcpu->arch.pv_time_enabled = false; - if (!(data & 1)) - break; - - if (!kvm_gfn_to_hva_cache_init(vcpu->kvm, - &vcpu->arch.pv_time, data & ~1ULL, - sizeof(struct pvclock_vcpu_time_info))) - vcpu->arch.pv_time_enabled = true; - + kvm_write_system_time(vcpu, data, false, msr_info->host_initiated); + break; + case MSR_KVM_SYSTEM_TIME: + kvm_write_system_time(vcpu, data, true, msr_info->host_initiated); break; - } case MSR_KVM_ASYNC_PF_EN: if (kvm_pv_enable_async_pf(vcpu, data)) return 1; From patchwork Wed Aug 5 21:21:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 11702557 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B9C3D722 for ; Wed, 5 Aug 2020 21:21:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A481622CBB for ; Wed, 5 Aug 2020 21:21:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ds3+5Saw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726262AbgHEVVt (ORCPT ); Wed, 5 Aug 2020 17:21:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726316AbgHEVVm (ORCPT ); Wed, 5 Aug 2020 17:21:42 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB87EC061756 for ; Wed, 5 Aug 2020 14:21:41 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id 4so5889556pjf.5 for ; Wed, 05 Aug 2020 14:21:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=FeBeam1y+XQlyZj+eo/3cIxBAhbswkJZwONr8od37Pw=; b=ds3+5Saw6p5mv3+tZlbQ2KRk7WCll8wRO6o9Dl3ABxlIWJmQaxe48jmTcruMDA2Fdn cd/jM8f4lvXl5z1/iyoFRSGJOvQWvlkbz98Kfj21FdPKTNq6fIKYXXHa86YIu9bYF8yv uTgt3QinLX/SBFtQGfQRrp9yfHRpi5GKuCxu/Ef7hfJswEHVhU42bSF1/YiEbS4/J93f Aruo7Lxa8cwwrNUIiorcqJ87lsAuw0XAsdr7xGOnMQksgcLDG4NYu7WvcWh/QtV0CBB5 fEKjMnlszTESMj5rJ932FBL+8M0YShb48ol3cfqb72zHOQ6pRIeYalKwJ7ASXon9BIDT IAZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=FeBeam1y+XQlyZj+eo/3cIxBAhbswkJZwONr8od37Pw=; b=N8NmsIMb4XTvPRQE6+tezgRDixF7bmvJ6P9fWu2EMBy2h6qpBA9BqB9wyOJhxoYhDG 4zl3hD95x4BnRgmDCMPjLTLGPsLAl35pqM1goilzE1Qp+BknxQrKCL4Q05gf8MsexpuU F+XrO0E+lDP/BlyB5FnKgQSLZR3+BOJVbQ/xTYWs/Z65q6FKvdQXwhg5C1/Jb2wKwSg9 OrYgM8PdQl7qnGJARxTGf/Mv6GVrgRlR+kQZNZopib/B7ZftKzJx0S52ig2HgtHyZiON m0u4wsi1AJaVS1erx0iLZdMzVelvTAhKYD8+VDpSGpaEZ2XCArt1SYkWCi5MUsgOTBK6 F0dg== X-Gm-Message-State: AOAM531egBv2Aou981yB5JEhUB8pKqcNP/olnIyR4+0yDOYpJ/N96ONh 6ln3ME3D6/MHX3mm62AefKw6GCmopsc4PgIZZ959kgFCvkV3KUK3LUAsWiSPleR8tpyP2TYpIEU +43L1VkPDGM4Gc8HqdxHe4YNSsDa+WzTd1JjVQMiIMYfwIoSpRWO+77mpmA== X-Google-Smtp-Source: ABdhPJyhJmdcMXsslnt+7FMcFeCVxLh/cKR0In5lp3N+Ou6yal4Zr7WXXJikyuG+92NmebuJqSWIPCFjwPg= X-Received: by 2002:a17:90b:f11:: with SMTP id br17mr5280393pjb.68.1596662501272; Wed, 05 Aug 2020 14:21:41 -0700 (PDT) Date: Wed, 5 Aug 2020 21:21:29 +0000 In-Reply-To: <20200805212131.2059634-1-oupton@google.com> Message-Id: <20200805212131.2059634-3-oupton@google.com> Mime-Version: 1.0 References: <20200805212131.2059634-1-oupton@google.com> X-Mailer: git-send-email 2.28.0.236.gb10cc79966-goog Subject: [PATCH v2 2/4] kvm: x86: set wall_clock in kvm_write_wall_clock() From: Oliver Upton To: kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Oliver Upton , Jim Mattson , Peter Shier Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Small change to avoid meaningless duplication in the subsequent patch. No functional change intended. Reviewed-by: Jim Mattson Reviewed-by: Peter Shier Signed-off-by: Oliver Upton --- arch/x86/kvm/x86.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d18582aefa9f..53d3a5ffde9c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1790,6 +1790,8 @@ static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) struct pvclock_wall_clock wc; u64 wall_nsec; + kvm->arch.wall_clock = wall_clock; + if (!wall_clock) return; @@ -2997,7 +2999,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) break; case MSR_KVM_WALL_CLOCK_NEW: case MSR_KVM_WALL_CLOCK: - vcpu->kvm->arch.wall_clock = data; kvm_write_wall_clock(vcpu->kvm, data); break; case MSR_KVM_SYSTEM_TIME_NEW: From patchwork Wed Aug 5 21:21:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 11702559 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9A06F1392 for ; Wed, 5 Aug 2020 21:21:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8064B22CAE for ; Wed, 5 Aug 2020 21:21:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="B14dUjdc" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726217AbgHEVVt (ORCPT ); Wed, 5 Aug 2020 17:21:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726209AbgHEVVo (ORCPT ); Wed, 5 Aug 2020 17:21:44 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DEFCC061575 for ; Wed, 5 Aug 2020 14:21:43 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id l67so20540537ybb.7 for ; Wed, 05 Aug 2020 14:21:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ayJsOn3aKHLyJjQL5fsgNNxb6FwO0IBguHhnmJqaAIY=; b=B14dUjdclIe8/Bov3DdhxL4QRWljXc6vQPMK4dYoUxpAXcTfOxLGcEwbJek9OBsyd1 SdJ1DOqedtKHF2Qd0lHIsRFaVJwcMvsOGGnjmEG0WtPxT0tqfoWYMKMz4jUxpY/VNUiB gr1IZKKNFEa4gg23noR2x93BWYJ0gOrJsFHvIz8gkz8v97yDeKQrr/o2hvcJ+ZM0jO0i ipIKkX6BEkAmnjAt0yk4LVWc4bOxY3kKbHyfvoFcHftNlXnfA4bLvZE3BjgYUUVB2W0a LdKb50yn7SHD+mKSUh8ZfIsg10fVdyrQ7MfxVqkThAnU1813BcBf76NEdK1FuzMR8TJM wv4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ayJsOn3aKHLyJjQL5fsgNNxb6FwO0IBguHhnmJqaAIY=; b=GgRV0O2UUg64RFAhqHVy3RNwYK4Dvb0VRqOx7jypFYFraAt6MB39wfO6PTZyunlpzw EPT2W3qFfxLRVNTqrbiVMWBYILS9kFRKIq4WNnDtjPU2hWsBjz0vYCBaMS6dsU/0g+XU I7c4z7mXd61wcVwhcqDAtx9rg4SLoKl25Bqg6ntIs1zr1LBW/+ySaJAiq5z01fc2acvO 8P3S6oOmRUSFTuvv2ZZvMbU57JgHaCPWeIilydEQ6tZmDAhLuUGnRB3DS1xesMJwQ/Z9 xmhIpkGmJNqz0R5lEdNoTadGP5grXj0KTCuD3Dqokj/mB1fQwgtbGhjc+kUEDHKS7XYi 2MjA== X-Gm-Message-State: AOAM5311hFVxEhdwogYM/lIq5aMVl/QBh+rLJjTcQ+yTQ+yd8WoxDlLN mG71FQ+EP8lNOEza0o4WoGXlZ4xmT8pyjNk37OUKIpFKCIB6I2PaQ6sjEaR3ZnTg4dv/9C0fzbt xOxqNsulMsh9bJrPw9laQ9CU45FpynRaT6lv9Rx75nuJlvbl0S3LGZ3gTXQ== X-Google-Smtp-Source: ABdhPJyXgqq0BogW1hC+fzLivTNb4KxKh9WfBkm8UxjfAsc7FHYlnIvAsNKm+/LkpBm2xndq6ugN4qI/2n4= X-Received: by 2002:a25:aaf3:: with SMTP id t106mr7341598ybi.56.1596662502698; Wed, 05 Aug 2020 14:21:42 -0700 (PDT) Date: Wed, 5 Aug 2020 21:21:30 +0000 In-Reply-To: <20200805212131.2059634-1-oupton@google.com> Message-Id: <20200805212131.2059634-4-oupton@google.com> Mime-Version: 1.0 References: <20200805212131.2059634-1-oupton@google.com> X-Mailer: git-send-email 2.28.0.236.gb10cc79966-goog Subject: [PATCH v2 3/4] kvm: x86: only provide PV features if enabled in guest's CPUID From: Oliver Upton To: kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Oliver Upton , Jim Mattson , Peter Shier Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org KVM unconditionally provides PV features to the guest, regardless of the configured CPUID. An unwitting guest that doesn't check KVM_CPUID_FEATURES before use could access paravirt features that userspace did not intend to provide. Fix this by checking the guest's CPUID before performing any paravirtual operations. Introduce a capability, KVM_CAP_ENFORCE_PV_FEATURE_CPUID, to gate the aforementioned enforcement. Migrating a VM from a host w/o this patch to a host with this patch could silently change the ABI exposed to the guest, warranting that we default to the old behavior and opt-in for the new one. Reviewed-by: Jim Mattson Reviewed-by: Peter Shier Signed-off-by: Oliver Upton --- Documentation/virt/kvm/api.rst | 11 ++++++ arch/x86/include/asm/kvm_host.h | 6 +++ arch/x86/kvm/cpuid.h | 16 ++++++++ arch/x86/kvm/x86.c | 67 ++++++++++++++++++++++++++++++--- include/uapi/linux/kvm.h | 1 + 5 files changed, 96 insertions(+), 5 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 644e5326aa50..e8fc6e34f344 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -6155,3 +6155,14 @@ KVM can therefore start protected VMs. This capability governs the KVM_S390_PV_COMMAND ioctl and the KVM_MP_STATE_LOAD MP_STATE. KVM_SET_MP_STATE can fail for protected guests when the state change is invalid. + + +8.24 KVM_CAP_ENFORCE_PV_CPUID +----------------------------- + +Architectures: x86 + +When enabled, KVM will disable paravirtual features provided to the +guest according to the bits in the KVM_CPUID_FEATURES CPUID leaf +(0x40000001). Otherwise, a guest may use the paravirtual features +regardless of what has actually been exposed through the CPUID leaf. diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 5ab3af7275d8..a641c3840a1e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -788,6 +788,12 @@ struct kvm_vcpu_arch { /* AMD MSRC001_0015 Hardware Configuration */ u64 msr_hwcr; + + /* + * Indicates whether PV emulation should be disabled if not present in + * the guest's cpuid. + */ + bool enforce_pv_feature_cpuid; }; struct kvm_lpage_info { diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index 3a923ae15f2f..c364c2877583 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -5,6 +5,7 @@ #include "x86.h" #include #include +#include extern u32 kvm_cpu_caps[NCAPINTS] __read_mostly; void kvm_set_cpu_caps(void); @@ -308,4 +309,19 @@ static inline bool page_address_valid(struct kvm_vcpu *vcpu, gpa_t gpa) return PAGE_ALIGNED(gpa) && !(gpa >> cpuid_maxphyaddr(vcpu)); } +static __always_inline bool guest_pv_has(struct kvm_vcpu *vcpu, + unsigned int kvm_feature) +{ + struct kvm_cpuid_entry2 *cpuid; + + if (!vcpu->arch.enforce_pv_feature_cpuid) + return true; + + cpuid = kvm_find_cpuid_entry(vcpu, KVM_CPUID_FEATURES, 0); + if (!cpuid) + return false; + + return cpuid->eax & (1u << kvm_feature); +} + #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 53d3a5ffde9c..51a9e8e394a5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -2763,6 +2763,14 @@ static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data) if (data & 0x30) return 1; + if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF_VMEXIT) && + (data & KVM_ASYNC_PF_DELIVERY_AS_PF_VMEXIT)) + return 1; + + if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF_INT) && + (data & KVM_ASYNC_PF_DELIVERY_AS_INT)) + return 1; + if (!lapic_in_kernel(vcpu)) return 1; @@ -2840,10 +2848,12 @@ static void record_steal_time(struct kvm_vcpu *vcpu) * Doing a TLB flush here, on the guest's behalf, can avoid * expensive IPIs. */ - trace_kvm_pv_tlb_flush(vcpu->vcpu_id, - st->preempted & KVM_VCPU_FLUSH_TLB); - if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB) - kvm_vcpu_flush_tlb_guest(vcpu); + if (guest_pv_has(vcpu, KVM_FEATURE_PV_TLB_FLUSH)) { + trace_kvm_pv_tlb_flush(vcpu->vcpu_id, + st->preempted & KVM_VCPU_FLUSH_TLB); + if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB) + kvm_vcpu_flush_tlb_guest(vcpu); + } vcpu->arch.st.preempted = 0; @@ -2998,30 +3008,54 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) vcpu->arch.smi_count = data; break; case MSR_KVM_WALL_CLOCK_NEW: + if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE2)) + return 1; + + kvm_write_wall_clock(vcpu->kvm, data); + break; case MSR_KVM_WALL_CLOCK: + if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE)) + return 1; + kvm_write_wall_clock(vcpu->kvm, data); break; case MSR_KVM_SYSTEM_TIME_NEW: + if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE2)) + return 1; + kvm_write_system_time(vcpu, data, false, msr_info->host_initiated); break; case MSR_KVM_SYSTEM_TIME: - kvm_write_system_time(vcpu, data, true, msr_info->host_initiated); + if (!guest_pv_has(vcpu, KVM_FEATURE_CLOCKSOURCE)) + return 1; + + kvm_write_system_time(vcpu, data, true, msr_info->host_initiated); break; case MSR_KVM_ASYNC_PF_EN: + if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF)) + return 1; + if (kvm_pv_enable_async_pf(vcpu, data)) return 1; break; case MSR_KVM_ASYNC_PF_INT: + if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF_INT)) + return 1; + if (kvm_pv_enable_async_pf_int(vcpu, data)) return 1; break; case MSR_KVM_ASYNC_PF_ACK: + if (!guest_pv_has(vcpu, KVM_FEATURE_ASYNC_PF)) + return 1; if (data & 0x1) { vcpu->arch.apf.pageready_pending = false; kvm_check_async_pf_completion(vcpu); } break; case MSR_KVM_STEAL_TIME: + if (!guest_pv_has(vcpu, KVM_FEATURE_STEAL_TIME)) + return 1; if (unlikely(!sched_info_on())) return 1; @@ -3038,11 +3072,17 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) break; case MSR_KVM_PV_EOI_EN: + if (!guest_pv_has(vcpu, KVM_FEATURE_PV_EOI)) + return 1; + if (kvm_lapic_enable_pv_eoi(vcpu, data, sizeof(u8))) return 1; break; case MSR_KVM_POLL_CONTROL: + if (!guest_pv_has(vcpu, KVM_FEATURE_POLL_CONTROL)) + return 1; + /* only enable bit supported */ if (data & (-1ULL << 1)) return 1; @@ -3522,6 +3562,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) case KVM_CAP_EXCEPTION_PAYLOAD: case KVM_CAP_SET_GUEST_DEBUG: case KVM_CAP_LAST_CPU: + case KVM_CAP_ENFORCE_PV_FEATURE_CPUID: r = 1; break; case KVM_CAP_SYNC_REGS: @@ -4389,6 +4430,11 @@ static int kvm_vcpu_ioctl_enable_cap(struct kvm_vcpu *vcpu, return kvm_x86_ops.enable_direct_tlbflush(vcpu); + case KVM_CAP_ENFORCE_PV_FEATURE_CPUID: + vcpu->arch.enforce_pv_feature_cpuid = cap->args[0]; + + return 0; + default: return -EINVAL; } @@ -7723,11 +7769,16 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) goto out; } + ret = -KVM_ENOSYS; + switch (nr) { case KVM_HC_VAPIC_POLL_IRQ: ret = 0; break; case KVM_HC_KICK_CPU: + if (!guest_pv_has(vcpu, KVM_FEATURE_PV_UNHALT)) + break; + kvm_pv_kick_cpu_op(vcpu->kvm, a0, a1); kvm_sched_yield(vcpu->kvm, a1); ret = 0; @@ -7738,9 +7789,15 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) break; #endif case KVM_HC_SEND_IPI: + if (!guest_pv_has(vcpu, KVM_FEATURE_PV_SEND_IPI)) + break; + ret = kvm_pv_send_ipi(vcpu->kvm, a0, a1, a2, a3, op_64_bit); break; case KVM_HC_SCHED_YIELD: + if (!guest_pv_has(vcpu, KVM_FEATURE_PV_SCHED_YIELD)) + break; + kvm_sched_yield(vcpu->kvm, a0); ret = 0; break; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index f6d86033c4fa..48c2d5c10b1e 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1035,6 +1035,7 @@ struct kvm_ppc_resize_hpt { #define KVM_CAP_LAST_CPU 184 #define KVM_CAP_SMALLER_MAXPHYADDR 185 #define KVM_CAP_S390_DIAG318 186 +#define KVM_CAP_ENFORCE_PV_FEATURE_CPUID 187 #ifdef KVM_CAP_IRQ_ROUTING From patchwork Wed Aug 5 21:21:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 11702555 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 02587722 for ; Wed, 5 Aug 2020 21:21:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DD9F422CBB for ; Wed, 5 Aug 2020 21:21:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="m/LFUUB5" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726442AbgHEVVt (ORCPT ); Wed, 5 Aug 2020 17:21:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33268 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726233AbgHEVVp (ORCPT ); Wed, 5 Aug 2020 17:21:45 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF8D8C06174A for ; Wed, 5 Aug 2020 14:21:44 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id a73so12859835pfa.10 for ; Wed, 05 Aug 2020 14:21:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=OH4M4A2tRqFAq/VO6fLf2hKWyVzHSTEuFuDzJJzFqVk=; b=m/LFUUB5oWDDCfTueb5Q2K0brXhWaD5I1SnD69iFPSYn9tHeER/nKYElKNtywgSH1H Cpl6lHEBLf4+IpTMr1W2d6IOvwU00DXUJNtzuk/hgpGeDtA5uuybkDqPSEsoBSNAcVes 7iVA36X4aZ8wB9nx+mLiek8KOiByXk+9+zBeumNwklzV+uWAr44q9JhkNuEYdLyP0iHE ysc8AFFtcQSukSC1mlmtnDvSTFsYl7fbV0o06leNpEzfmXbiGSW4NJ4DZkrkwJXwcD4U 1/JQ9HuYCVEIphpXFzdx3gC1OviKftZp3JleGWWhIaO+A2VU5eyJcsa92yqISA3bdmMw W7Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=OH4M4A2tRqFAq/VO6fLf2hKWyVzHSTEuFuDzJJzFqVk=; b=rBcgVcdBbAOnM3UKEcMRC1gM+/oyzH8JaOlxcOSEeEJViwymyDTwLhUVqIrB97I9fP qYFlP1b55In6fWpcvkvcxEzgcRA6k+BxSvFqAPfkppQJD+YmP+BrKUgC75RdAY5LsqbC NycH7dVw76TvKob1Jk183JF0etOCJYMjf5MFknzQATrNdt06cv18ddPc4K1LzVvTGz2h l6EwycSMfkFu2v0Ny7kd5Q+R5s4Tqe8BOtCQ16ywY+FS3tOt4Pv45/wZkZqGcidPZyGH lV0EABWcuupuWntQtmXgvlXtIcv3fT2QfwRSIoS0CAaMqyUufJf7d9qNwxg1S1KaKO1B ZZcA== X-Gm-Message-State: AOAM531YqIQ0jKNUtSWaOPzRPukik7usT5nwNkQmIYOTSj3byXgJYGAY gEG9PuROHx2/A8qyRwghrpIRM+dUNC9benh4lzjUN6iHdB6EWoVrL7SH4UpFnjUawY6e3/mAsnB 85u1qp2LXbp9hi5DtODNzsULXakrhrH3jIv21THEUrqfiyeaxPz+wE/0ouA== X-Google-Smtp-Source: ABdhPJzUz3wxyTncXylKyeIBz3+ZxF8tUl9xBkO9A9ERve3Ls2LbS0y4Mixsuh1FxhUrI30PfdGGxBXc4DY= X-Received: by 2002:a17:90a:e687:: with SMTP id s7mr5192197pjy.48.1596662504377; Wed, 05 Aug 2020 14:21:44 -0700 (PDT) Date: Wed, 5 Aug 2020 21:21:31 +0000 In-Reply-To: <20200805212131.2059634-1-oupton@google.com> Message-Id: <20200805212131.2059634-5-oupton@google.com> Mime-Version: 1.0 References: <20200805212131.2059634-1-oupton@google.com> X-Mailer: git-send-email 2.28.0.236.gb10cc79966-goog Subject: [PATCH v2 4/4] Documentation: kvm: fix some typos in cpuid.rst From: Oliver Upton To: kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Oliver Upton , Jim Mattson , Peter Shier Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Reviewed-by: Jim Mattson Reviewed-by: Peter Shier Signed-off-by: Oliver Upton --- Documentation/virt/kvm/cpuid.rst | 88 ++++++++++++++++---------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/Documentation/virt/kvm/cpuid.rst b/Documentation/virt/kvm/cpuid.rst index a7dff9186bed..f1583e682cc8 100644 --- a/Documentation/virt/kvm/cpuid.rst +++ b/Documentation/virt/kvm/cpuid.rst @@ -38,64 +38,64 @@ returns:: where ``flag`` is defined as below: -================================= =========== ================================ -flag value meaning -================================= =========== ================================ -KVM_FEATURE_CLOCKSOURCE 0 kvmclock available at msrs - 0x11 and 0x12 +================================== =========== ================================ +flag value meaning +================================== =========== ================================ +KVM_FEATURE_CLOCKSOURCE 0 kvmclock available at msrs + 0x11 and 0x12 -KVM_FEATURE_NOP_IO_DELAY 1 not necessary to perform delays - on PIO operations +KVM_FEATURE_NOP_IO_DELAY 1 not necessary to perform delays + on PIO operations -KVM_FEATURE_MMU_OP 2 deprecated +KVM_FEATURE_MMU_OP 2 deprecated -KVM_FEATURE_CLOCKSOURCE2 3 kvmclock available at msrs - 0x4b564d00 and 0x4b564d01 +KVM_FEATURE_CLOCKSOURCE2 3 kvmclock available at msrs + 0x4b564d00 and 0x4b564d01 -KVM_FEATURE_ASYNC_PF 4 async pf can be enabled by - writing to msr 0x4b564d02 +KVM_FEATURE_ASYNC_PF 4 async pf can be enabled by + writing to msr 0x4b564d02 -KVM_FEATURE_STEAL_TIME 5 steal time can be enabled by - writing to msr 0x4b564d03 +KVM_FEATURE_STEAL_TIME 5 steal time can be enabled by + writing to msr 0x4b564d03 -KVM_FEATURE_PV_EOI 6 paravirtualized end of interrupt - handler can be enabled by - writing to msr 0x4b564d04 +KVM_FEATURE_PV_EOI 6 paravirtualized end of interrupt + handler can be enabled by + writing to msr 0x4b564d04 -KVM_FEATURE_PV_UNHAULT 7 guest checks this feature bit - before enabling paravirtualized - spinlock support +KVM_FEATURE_PV_UNHALT 7 guest checks this feature bit + before enabling paravirtualized + spinlock support -KVM_FEATURE_PV_TLB_FLUSH 9 guest checks this feature bit - before enabling paravirtualized - tlb flush +KVM_FEATURE_PV_TLB_FLUSH 9 guest checks this feature bit + before enabling paravirtualized + tlb flush -KVM_FEATURE_ASYNC_PF_VMEXIT 10 paravirtualized async PF VM EXIT - can be enabled by setting bit 2 - when writing to msr 0x4b564d02 +KVM_FEATURE_ASYNC_PF_VMEXIT 10 paravirtualized async PF VM EXIT + can be enabled by setting bit 2 + when writing to msr 0x4b564d02 -KVM_FEATURE_PV_SEND_IPI 11 guest checks this feature bit - before enabling paravirtualized - sebd IPIs +KVM_FEATURE_PV_SEND_IPI 11 guest checks this feature bit + before enabling paravirtualized + send IPIs -KVM_FEATURE_PV_POLL_CONTROL 12 host-side polling on HLT can - be disabled by writing - to msr 0x4b564d05. +KVM_FEATURE_PV_POLL_CONTROL 12 host-side polling on HLT can + be disabled by writing + to msr 0x4b564d05. -KVM_FEATURE_PV_SCHED_YIELD 13 guest checks this feature bit - before using paravirtualized - sched yield. +KVM_FEATURE_PV_SCHED_YIELD 13 guest checks this feature bit + before using paravirtualized + sched yield. -KVM_FEATURE_ASYNC_PF_INT 14 guest checks this feature bit - before using the second async - pf control msr 0x4b564d06 and - async pf acknowledgment msr - 0x4b564d07. +KVM_FEATURE_ASYNC_PF_INT 14 guest checks this feature bit + before using the second async + pf control msr 0x4b564d06 and + async pf acknowledgment msr + 0x4b564d07. -KVM_FEATURE_CLOCSOURCE_STABLE_BIT 24 host will warn if no guest-side - per-cpu warps are expeced in - kvmclock -================================= =========== ================================ +KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24 host will warn if no guest-side + per-cpu warps are expected in + kvmclock +================================== =========== ================================ ::