From patchwork Fri Feb 17 23:10:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145333 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41B1CC05027 for ; Fri, 17 Feb 2023 23:10:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229927AbjBQXKj (ORCPT ); Fri, 17 Feb 2023 18:10:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229885AbjBQXKb (ORCPT ); Fri, 17 Feb 2023 18:10:31 -0500 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1738B595A0 for ; Fri, 17 Feb 2023 15:10:29 -0800 (PST) Received: by mail-yb1-xb4a.google.com with SMTP id w6-20020a25c706000000b0098592b9ff86so2552521ybe.9 for ; Fri, 17 Feb 2023 15:10:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=KioFTda0zEdQSBw0TQsNW7u7HebdEbC7ULL51zMSfbE=; b=MCT5iiV4rc2yE80RyBM9o4KOTMsZUh2bAIbwptEF0tPQ9AAIaLqeXfPV1v20xeQdBJ ngvY5MNXm07+nxgNuRVOw426oKdsi4ub/BMFNHHzgpk+EOmpzHjGpfwdwZBvTVIsXJ1Z ixYtudyqlOIGwVMjR24PG6YIbvmFhc89VzwHoRedtJxRbKHjBrbkpRxTQeXTDHZ53RLv v75nUo1kDzVi4ZVoxG0a8eb1dmu/6aE1NqaDLwhmqbHynV8Y12e7IUCx+nsNis1FHY/k nW0CsLs/BM7+/PNt0iB7yoNFIxk5lLvX8E9NBgK01X2cqZqg5s3MH84roh/Ua50ptKae XOmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KioFTda0zEdQSBw0TQsNW7u7HebdEbC7ULL51zMSfbE=; b=zdzN4gvA67gdZqT9GE4xOGDSDEhhKLz9RSVVOVgPXJdLyk8DTBj4fMBeERe2t1r8kx xZPv9WtENY7CACkv6XHzckjbKVZLdBKeBCPijkbzL0ZPLZlyASqwX/dzW1pmB6aX/zhq 3hT17HW2z3FRN1fTK1q2BJr+tZuSTNETJnePg9epH82x8EvSFqbDNisY6SGMJ6m/v/yV xhxkI8VHd6Qo0vMu7wpdXBbGpXDK4zXVNo5nXtxyvuX8nNhhiN5kZwfV4dWxhya6d5sZ hdlR29few7bBmpgKFykOc7uZaK9b/QdlLjIUKa9rE+HYkY9iSg4l4wUKiRKNKYVYvaCI r/CA== X-Gm-Message-State: AO0yUKU8BwYeZg2Y8iqTSM1gXTZM+aXHNizLn+xZfZweMcIbL1kzUtS2 uB/H7ZqrSOhQOC8v8828aAzjHt3fZFQ= X-Google-Smtp-Source: AK7set9Dwo/hviHwIJnFBxeHVrNQ2bUODo/qyA0pDmZ2dx1zM98CMehXtRboa/88TVYh1yvoZFtBjxAmVxw= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:9205:0:b0:8ef:90e1:b2f8 with SMTP id b5-20020a259205000000b008ef90e1b2f8mr206400ybo.2.1676675428316; Fri, 17 Feb 2023 15:10:28 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:11 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-2-seanjc@google.com> Subject: [PATCH 01/12] KVM: x86: Add a framework for enabling KVM-governed x86 features From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Introduce yet another X86_FEATURE flag framework to manage and cache KVM governed features (for lack of a better term). "Governed" in this case means that KVM has some level of involvement and/or vested interest in whether or not an X86_FEATURE can be used by the guest. The intent of the framework is twofold: to simplify caching of guest CPUID flags that KVM needs to frequently query, and to add clarity to such caching, e.g. it isn't immediately obvious that SVM's bundle of flags for "optional nested] SVM features" track whether or not a flag is exposed to L1. Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm_host.h | 11 +++++++ arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/cpuid.h | 51 ++++++++++++++++++++++++++++++++ arch/x86/kvm/governed_features.h | 9 ++++++ 4 files changed, 73 insertions(+) create mode 100644 arch/x86/kvm/governed_features.h diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 792a6037047a..cd660de02f7b 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -835,6 +835,17 @@ struct kvm_vcpu_arch { struct kvm_cpuid_entry2 *cpuid_entries; struct kvm_hypervisor_cpuid kvm_cpuid; + /* + * Track whether or not the guest is allowed to use features that are + * governed by KVM, where "governed" means KVM needs to manage state + * and/or explicitly enable the feature in hardware. Typically, but + * not always, governed features can be used by the guest if and only + * if both KVM and userspace want to expose the feature to the guest. + */ + struct { + u32 enabled; + } governed_features; + u64 reserved_gpa_bits; int maxphyaddr; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 8f8edeaf8177..013fdc27fc8f 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -335,6 +335,8 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) struct kvm_lapic *apic = vcpu->arch.apic; struct kvm_cpuid_entry2 *best; + vcpu->arch.governed_features.enabled = 0; + best = kvm_find_cpuid_entry(vcpu, 1); if (best && apic) { if (cpuid_entry_has(best, X86_FEATURE_TSC_DEADLINE_TIMER)) diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index b1658c0de847..f61a2106ba90 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -232,4 +232,55 @@ static __always_inline bool guest_pv_has(struct kvm_vcpu *vcpu, return vcpu->arch.pv_cpuid.features & (1u << kvm_feature); } +enum kvm_governed_features { +#define KVM_GOVERNED_FEATURE(x) KVM_GOVERNED_##x, +#include "governed_features.h" + KVM_NR_GOVERNED_FEATURES +}; + +static __always_inline int kvm_governed_feature_index(unsigned int x86_feature) +{ + switch (x86_feature) { +#define KVM_GOVERNED_FEATURE(x) case x: return KVM_GOVERNED_##x; +#include "governed_features.h" + default: + return -1; + } +} + +static __always_inline int kvm_is_governed_feature(unsigned int x86_feature) +{ + return kvm_governed_feature_index(x86_feature) >= 0; +} + +static __always_inline u32 kvm_governed_feature_bit(unsigned int x86_feature) +{ + int index = kvm_governed_feature_index(x86_feature); + + BUILD_BUG_ON(index < 0); + return BIT(index); +} + +static __always_inline void kvm_governed_feature_set(struct kvm_vcpu *vcpu, + unsigned int x86_feature) +{ + BUILD_BUG_ON(KVM_NR_GOVERNED_FEATURES > + sizeof(vcpu->arch.governed_features.enabled) * BITS_PER_BYTE); + + vcpu->arch.governed_features.enabled |= kvm_governed_feature_bit(x86_feature); +} + +static __always_inline void kvm_governed_feature_check_and_set(struct kvm_vcpu *vcpu, + unsigned int x86_feature) +{ + if (guest_cpuid_has(vcpu, x86_feature)) + kvm_governed_feature_set(vcpu, x86_feature); +} + +static __always_inline bool guest_can_use(struct kvm_vcpu *vcpu, + unsigned int x86_feature) +{ + return vcpu->arch.governed_features.enabled & kvm_governed_feature_bit(x86_feature); +} + #endif diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h new file mode 100644 index 000000000000..40ce8e6608cd --- /dev/null +++ b/arch/x86/kvm/governed_features.h @@ -0,0 +1,9 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#if !defined(KVM_GOVERNED_FEATURE) || defined(KVM_GOVERNED_X86_FEATURE) +BUILD_BUG() +#endif + +#define KVM_GOVERNED_X86_FEATURE(x) KVM_GOVERNED_FEATURE(X86_FEATURE_##x) + +#undef KVM_GOVERNED_X86_FEATURE +#undef KVM_GOVERNED_FEATURE From patchwork Fri Feb 17 23:10:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145334 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99E2CC64ED6 for ; Fri, 17 Feb 2023 23:10:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229913AbjBQXKl (ORCPT ); Fri, 17 Feb 2023 18:10:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229892AbjBQXKc (ORCPT ); Fri, 17 Feb 2023 18:10:32 -0500 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 105E56855E for ; Fri, 17 Feb 2023 15:10:30 -0800 (PST) Received: by mail-pj1-x104a.google.com with SMTP id o8-20020a17090a0a0800b0023699c4353eso353010pjo.6 for ; Fri, 17 Feb 2023 15:10:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Jv7eFJCQHJdShrZad4wg6qbhczS1BO2S26DrILrvWfg=; b=PFHXa5FBY+a98Z9yhWweF+SxDQQJFEMs/DEpJGFZxDfSIxf44H5vOl3VOmkB5k/UXL U3qRSMbobqQF16A/BVrXRskJUiV2o0dTn/LKHqc9U2JijMlZ4cxm9EioE+Ge1KjSeugJ ILLisMTKa/AFV865ZWzsbS1JSwkmuPn6yF7z18WK9tugVUsjbEiBPGQNPv3f5dQabJPH /nHNy9lxyEQQezs5pqgLJcaAPGgIepldgdv4CCVkTaRmLij2029pBnXCp7ZCf2MZjXZo OawdxxDdwOLXn91PoeKTV+UXRw0EChPxEAp31Vk9jO5/uqniV2CbcKYWBO31lsjoM89w lebQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Jv7eFJCQHJdShrZad4wg6qbhczS1BO2S26DrILrvWfg=; b=DgPsqX/H2pGBEOITcUk2V79ICfX562CRXe0G1XwKsQaFNOqm/gzp9gbUVqBh9pZiDP z0LtxA+YKAO0T5SSU3mfWXFUyerc0iw4YlkB2Z+YUmnWeleLSjrOhMrMSSppyAMB/JKd pWoL704OjnH1aDp1DQafaUF/JRDLswU8FCScaaBIxSnAn+MO5gwdORIkEcmc2zuuUgOx 164RfibR0PF1pcuHqGKQgi6BqruDLX/kTP+ih6nrwzX0WSmp4sT/kBZHJ4QCwyXPoMVV 1gjHLv3UF1GbAq3Tx1twduzasbX6CvWA8iqxKtTImOk6opwpdHr9Gj8WkFZTfEzwfy35 ahfg== X-Gm-Message-State: AO0yUKVYn4aR6WUS1lsANXgNYv4K1ujkKuwu8IAUwkuYJQVm2uzQHnSO bKn8aM1qoXcW/cxx6zCVVJa4WhM6sm4= X-Google-Smtp-Source: AK7set/aRqzoIGn2r6hKGdQL2yk7USvE3Z3o494g7U9jz+D7bYJ70gxPWaaOqXWw6886u2sgHjajnJplNP4= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:ab0e:b0:19b:c29:3932 with SMTP id ik14-20020a170902ab0e00b0019b0c293932mr427871plb.3.1676675430051; Fri, 17 Feb 2023 15:10:30 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:12 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-3-seanjc@google.com> Subject: [PATCH 02/12] KVM: x86/mmu: Use KVM-governed feature framework to track "GBPAGES enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Use the governed feature framework to track whether or not the guest can use 1GiB pages, and drop the one-off helper that wraps the surprisingly non-trivial logic surrounding 1GiB page usage in the guest. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 16 ++++++++++++++++ arch/x86/kvm/governed_features.h | 2 ++ arch/x86/kvm/mmu/mmu.c | 20 +++----------------- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 013fdc27fc8f..3b604499c35c 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -337,6 +337,22 @@ static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vcpu->arch.governed_features.enabled = 0; + /* + * If TDP is enabled, let the guest use GBPAGES if they're supported in + * hardware. The hardware page walker doesn't let KVM disable GBPAGES, + * i.e. won't treat them as reserved, and KVM doesn't redo the GVA->GPA + * walk for performance and complexity reasons. Not to mention KVM + * _can't_ solve the problem because GVA->GPA walks aren't visible to + * KVM once a TDP translation is installed. Mimic hardware behavior so + * that KVM's is at least consistent, i.e. doesn't randomly inject #PF. + * If TDP is disabled, honor guest CPUID as KVM has full visibility and + * can install smaller shadow pages if the host lacks 1GiB support. + */ + if (!tdp_enabled) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_GBPAGES); + else if (boot_cpu_has(X86_FEATURE_GBPAGES)) + kvm_governed_feature_set(vcpu, X86_FEATURE_GBPAGES); + best = kvm_find_cpuid_entry(vcpu, 1); if (best && apic) { if (cpuid_entry_has(best, X86_FEATURE_TSC_DEADLINE_TIMER)) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 40ce8e6608cd..b29c15d5e038 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -5,5 +5,7 @@ BUILD_BUG() #define KVM_GOVERNED_X86_FEATURE(x) KVM_GOVERNED_FEATURE(X86_FEATURE_##x) +KVM_GOVERNED_X86_FEATURE(GBPAGES) + #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index c91ee2927dd7..36e4561554ca 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4728,28 +4728,13 @@ __reset_rsvds_bits_mask(struct rsvd_bits_validate *rsvd_check, } } -static bool guest_can_use_gbpages(struct kvm_vcpu *vcpu) -{ - /* - * If TDP is enabled, let the guest use GBPAGES if they're supported in - * hardware. The hardware page walker doesn't let KVM disable GBPAGES, - * i.e. won't treat them as reserved, and KVM doesn't redo the GVA->GPA - * walk for performance and complexity reasons. Not to mention KVM - * _can't_ solve the problem because GVA->GPA walks aren't visible to - * KVM once a TDP translation is installed. Mimic hardware behavior so - * that KVM's is at least consistent, i.e. doesn't randomly inject #PF. - */ - return tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) : - guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES); -} - static void reset_guest_rsvds_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context) { __reset_rsvds_bits_mask(&context->guest_rsvd_check, vcpu->arch.reserved_gpa_bits, context->cpu_role.base.level, is_efer_nx(context), - guest_can_use_gbpages(vcpu), + guest_can_use(vcpu, X86_FEATURE_GBPAGES), is_cr4_pse(context), guest_cpuid_is_amd_or_hygon(vcpu)); } @@ -4826,7 +4811,8 @@ static void reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, __reset_rsvds_bits_mask(shadow_zero_check, reserved_hpa_bits(), context->root_role.level, context->root_role.efer_nx, - guest_can_use_gbpages(vcpu), is_pse, is_amd); + guest_can_use(vcpu, X86_FEATURE_GBPAGES), + is_pse, is_amd); if (!shadow_me_mask) return; From patchwork Fri Feb 17 23:10:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145335 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C54CC636D6 for ; Fri, 17 Feb 2023 23:10:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229922AbjBQXKp (ORCPT ); Fri, 17 Feb 2023 18:10:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229902AbjBQXKj (ORCPT ); Fri, 17 Feb 2023 18:10:39 -0500 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D44EB692BE for ; Fri, 17 Feb 2023 15:10:32 -0800 (PST) Received: by mail-yb1-xb4a.google.com with SMTP id y33-20020a25ad21000000b00953ffdfbe1aso2047614ybi.23 for ; Fri, 17 Feb 2023 15:10:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=kJiU495PRP5A5yKfuE+SWyHAevKRlJJJV0/9mgyLCwE=; b=gGRP8xLIV88x5+pesHlVSzH3eaURYkYcw9vwHWwO8otNJ8uT8UFPqg/GOY5panNWVn kEGeFIyz5hBE74qRNMuhJA2YZcEyKw5HhR40IEfFVJ4HTvJl44BCvkzPRoPslCZ5v9FP i97P7A81huZghUvo0ONVhCtFQbCKNfVmmM5gxglAxn67NPCcV8uQ/2eXhMgJ1gRGRmNw XpuDim0RFlBUosrevfxb+JUDXdtgrk8gobMn7ujgLNpTw9we+jT9m+OikOKQOpl9Auix op9EYj7vbSG3oMCuvGHNuRM7gbVKBqp7bTGgvZwEqv8quf47MYGRFfprbJalGiMKUTBL 1yaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kJiU495PRP5A5yKfuE+SWyHAevKRlJJJV0/9mgyLCwE=; b=G5piPcu2uZCVuovMi3UgGIRvqJsWOC4uKc9+kwQyVVd95JPi/UAtpHjBqUuUDdH6Bz mj/R2PiWGO0wlTjAuWRToqhVIM16mGa6P5rTCkILAVID5XJ8cKzPFC1iqG1LDHWq937A 2VyO+DrKcE1Io2M6PtRTFSf4vLiJWmtj1G1vfCiz5JcBx4xjFr19gyKB6hdpekHDd8gY CEi6fCS88h0V4CYKnmmltUGV6lLtRn7z5kQh073WVurMEwaVGhClhkLTn420reNPEjlQ 7Kg2u4jm3/kLCMBQqmz0WQE3qCXWMKTXu3opMSR3CL5OdfaELCsnRE7v+bFQZ7GzZYzb W1rg== X-Gm-Message-State: AO0yUKUZYJc3EOw4IGX+74gl/OubhPxCNXrICuKGsHkH3rzKeaK4Imea x/d3ESirjaMayeNmfDxOXjroeW1F61I= X-Google-Smtp-Source: AK7set/6P/RBz9ydyNWe0LYN3vZl7Y1NK7LeQ8O5kyHRcxXD9i9uSGZ7Dxx1aMgRFxSd6+WP7y4o0y5F4y4= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:7b02:0:b0:52e:d589:c893 with SMTP id w2-20020a817b02000000b0052ed589c893mr1365013ywc.457.1676675431997; Fri, 17 Feb 2023 15:10:31 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:13 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-4-seanjc@google.com> Subject: [PATCH 03/12] KVM: VMX: Recompute "XSAVES enabled" only after CPUID update From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Recompute whether or not XSAVES is enabled for the guest only if the guest's CPUID model changes instead of redoing the computation every time KVM generates vmcs01's secondary execution controls. The boot_cpu_has() and cpu_has_vmx_xsaves() checks should never change after KVM is loaded, and if they do the kernel/KVM is hosed. Opportunistically add a comment explaining _why_ XSAVES is effectively exposed to the guest if and only if XSAVE is also exposed to the guest. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 47abd9101e68..b6fdb311a7d8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4620,19 +4620,10 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml || !atomic_read(&vcpu->kvm->nr_memslots_dirty_logging)) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; - if (cpu_has_vmx_xsaves()) { - /* Exposing XSAVES only when XSAVE is exposed */ - bool xsaves_enabled = - boot_cpu_has(X86_FEATURE_XSAVE) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); - - vcpu->arch.xsaves_enabled = xsaves_enabled; - + if (cpu_has_vmx_xsaves()) vmx_adjust_secondary_exec_control(vmx, &exec_control, SECONDARY_EXEC_XSAVES, - xsaves_enabled, false); - } + vcpu->arch.xsaves_enabled, false); /* * RDPID is also gated by ENABLE_RDTSCP, turn on the control if either @@ -7709,8 +7700,15 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); - /* xsaves_enabled is recomputed in vmx_compute_secondary_exec_control(). */ - vcpu->arch.xsaves_enabled = false; + /* + * XSAVES is effectively enabled if and only if XSAVE is also exposed + * to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be + * set if and only if XSAVE is supported. + */ + vcpu->arch.xsaves_enabled = cpu_has_vmx_xsaves() && + boot_cpu_has(X86_FEATURE_XSAVE) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); vmx_setup_uret_msrs(vmx); From patchwork Fri Feb 17 23:10:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145336 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0ADD2C64EC4 for ; Fri, 17 Feb 2023 23:10:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229941AbjBQXKt (ORCPT ); Fri, 17 Feb 2023 18:10:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229933AbjBQXKk (ORCPT ); Fri, 17 Feb 2023 18:10:40 -0500 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93DE65B755 for ; Fri, 17 Feb 2023 15:10:34 -0800 (PST) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-5365663d982so25234637b3.3 for ; Fri, 17 Feb 2023 15:10:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=CaPfkcXmkBtA2D8Z87DWoQYnHOyWPdakqD7fSwd7G24=; b=o8r/4PULq9yEbjeUsh71LSJhc1lJ8bkaR5WaNXMyqA4+4XPVUCxKwwXcnLE1CHGc8w 9nyn5fAOI8sLNMoIzdrE5cBMEqd0dlUyNoM7LxPIN6JSi9K23b3EyCUEQf8J37GO/zMG H00hMnY3qXelWrkK9CPXZzNlGE1mw41mxNbmUDZxiyolPd3uTBR31wt1uousgdnKjTJe dJJDypc6eJMlVyXE+SV3aKkIt5IUvagP3iIExEM1EGabPJWdzyPTlyLh/IIneyXVQiUh eOTOeI9RCJRBr4b3AeCsJKgUyQHXtSzg72E0/FW6HWWC67noH7trvDIYJhw1yQCd5iUA j+ZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CaPfkcXmkBtA2D8Z87DWoQYnHOyWPdakqD7fSwd7G24=; b=qvv6g5Jkrl//g4HH0MXBnt9NIz0Hm3SzuKMVIFRzZprw4gpixImYi5YuB/zdH10rFS 1jbVZLr/GnDJsqkVhv7K3zrkMfbaFgqLANdsd/beHWq2Kj0W3H3LWC4FqpNtqFQqMCxg gquVBgSpOpZqVLIM0ljjT2HvsAh8714C/KbHrcxfapW0paDmhPz4KNGOdge5iZKm+/Rl 57rkAYGaxu6Y9uk/q7W6496ocyZbq6GBafeaey9VKWIrnfr3EXep2Oa3ZZaDksbRNPnu WFHFFuHc8vPaEYmxbyryooj6+REkl8SIuX9RxG6F7b5pSCUk55ML/Jbh/19vbEYWen5k GDqw== X-Gm-Message-State: AO0yUKWn6/HsbdZa19zCmkrw8si4edpZsp6Lf9gAmEVbDh+hrXG0W3qw 54dfVQyGuRiJAGoIh9GP9NgnQb3Dnpk= X-Google-Smtp-Source: AK7set9lwmygVTrhElwNKRyRVFkTjGN/CJxbBQigJrcSU8FY/SWoZqMg5AO6hWJ8rwepN8u9uOFmXoH9ZfY= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:1024:b0:8fc:686c:cf87 with SMTP id x4-20020a056902102400b008fc686ccf87mr29473ybt.4.1676675433776; Fri, 17 Feb 2023 15:10:33 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:14 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-5-seanjc@google.com> Subject: [PATCH 04/12] KVM: VMX: Rename XSAVES control to follow KVM's preferred "ENABLE_XYZ" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Rename the XSAVES secondary execution control to follow KVM's preferred style so that XSAVES related logic can use common macros that depend on KVM's preferred style. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/include/asm/vmx.h | 2 +- arch/x86/kvm/vmx/capabilities.h | 2 +- arch/x86/kvm/vmx/hyperv.h | 2 +- arch/x86/kvm/vmx/nested.c | 6 +++--- arch/x86/kvm/vmx/nested.h | 2 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/vmx.h | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 498dc600bd5c..aeb319665502 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -69,7 +69,7 @@ #define SECONDARY_EXEC_RDSEED_EXITING VMCS_CONTROL_BIT(RDSEED_EXITING) #define SECONDARY_EXEC_ENABLE_PML VMCS_CONTROL_BIT(PAGE_MOD_LOGGING) #define SECONDARY_EXEC_PT_CONCEAL_VMX VMCS_CONTROL_BIT(PT_CONCEAL_VMX) -#define SECONDARY_EXEC_XSAVES VMCS_CONTROL_BIT(XSAVES) +#define SECONDARY_EXEC_ENABLE_XSAVES VMCS_CONTROL_BIT(XSAVES) #define SECONDARY_EXEC_MODE_BASED_EPT_EXEC VMCS_CONTROL_BIT(MODE_BASED_EPT_EXEC) #define SECONDARY_EXEC_PT_USE_GPA VMCS_CONTROL_BIT(PT_USE_GPA) #define SECONDARY_EXEC_TSC_SCALING VMCS_CONTROL_BIT(TSC_SCALING) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index 45162c1bcd8f..3c3875b3dedd 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -252,7 +252,7 @@ static inline bool cpu_has_vmx_pml(void) static inline bool cpu_has_vmx_xsaves(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & - SECONDARY_EXEC_XSAVES; + SECONDARY_EXEC_ENABLE_XSAVES; } static inline bool cpu_has_vmx_waitpkg(void) diff --git a/arch/x86/kvm/vmx/hyperv.h b/arch/x86/kvm/vmx/hyperv.h index 78d17667e7ec..51fe0251cb67 100644 --- a/arch/x86/kvm/vmx/hyperv.h +++ b/arch/x86/kvm/vmx/hyperv.h @@ -87,7 +87,7 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs); SECONDARY_EXEC_DESC | \ SECONDARY_EXEC_ENABLE_RDTSCP | \ SECONDARY_EXEC_ENABLE_INVPCID | \ - SECONDARY_EXEC_XSAVES | \ + SECONDARY_EXEC_ENABLE_XSAVES | \ SECONDARY_EXEC_RDSEED_EXITING | \ SECONDARY_EXEC_RDRAND_EXITING | \ SECONDARY_EXEC_TSC_SCALING | \ diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 7c4f5ca405c7..1d19fcf02a8e 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2301,7 +2301,7 @@ static void prepare_vmcs02_early(struct vcpu_vmx *vmx, struct loaded_vmcs *vmcs0 SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_ENABLE_INVPCID | SECONDARY_EXEC_ENABLE_RDTSCP | - SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_ENABLE_XSAVES | SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_APIC_REGISTER_VIRT | @@ -6321,7 +6321,7 @@ static bool nested_vmx_l1_wants_exit(struct kvm_vcpu *vcpu, * If if it were, XSS would have to be checked against * the XSS exit bitmap in vmcs12. */ - return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES); + return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_XSAVES); case EXIT_REASON_UMWAIT: case EXIT_REASON_TPAUSE: return nested_cpu_has2(vmcs12, @@ -6882,7 +6882,7 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps) SECONDARY_EXEC_ENABLE_INVPCID | SECONDARY_EXEC_ENABLE_VMFUNC | SECONDARY_EXEC_RDSEED_EXITING | - SECONDARY_EXEC_XSAVES | + SECONDARY_EXEC_ENABLE_XSAVES | SECONDARY_EXEC_TSC_SCALING | SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE; diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index 96952263b029..b4b9d51438c6 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -168,7 +168,7 @@ static inline int nested_cpu_has_ept(struct vmcs12 *vmcs12) static inline bool nested_cpu_has_xsaves(struct vmcs12 *vmcs12) { - return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES); + return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_XSAVES); } static inline bool nested_cpu_has_pml(struct vmcs12 *vmcs12) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b6fdb311a7d8..14ce195eee5a 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4622,7 +4622,7 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (cpu_has_vmx_xsaves()) vmx_adjust_secondary_exec_control(vmx, &exec_control, - SECONDARY_EXEC_XSAVES, + SECONDARY_EXEC_ENABLE_XSAVES, vcpu->arch.xsaves_enabled, false); /* diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 2acdc54bc34b..2db14e0f4081 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -574,7 +574,7 @@ static inline u8 vmx_get_rvi(void) SECONDARY_EXEC_APIC_REGISTER_VIRT | \ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | \ SECONDARY_EXEC_SHADOW_VMCS | \ - SECONDARY_EXEC_XSAVES | \ + SECONDARY_EXEC_ENABLE_XSAVES | \ SECONDARY_EXEC_RDSEED_EXITING | \ SECONDARY_EXEC_RDRAND_EXITING | \ SECONDARY_EXEC_ENABLE_PML | \ From patchwork Fri Feb 17 23:10:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145337 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50795C05027 for ; Fri, 17 Feb 2023 23:10:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229973AbjBQXKw (ORCPT ); Fri, 17 Feb 2023 18:10:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229947AbjBQXKl (ORCPT ); Fri, 17 Feb 2023 18:10:41 -0500 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46E5868AC7 for ; Fri, 17 Feb 2023 15:10:36 -0800 (PST) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-53659b9818dso18561877b3.18 for ; Fri, 17 Feb 2023 15:10:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=2TnnXLHs2EigAQxoZxOgm8ELOh1fY6tAR5v57woQrQM=; b=evWLFJz9F/oKh/+eqv6kDQcb25TLjrSKGiZ+885GucdcbYldsNDzdH5NDukODm5mES Xax2e9thCVVomFzY5yxPyLPBjJkAtXUsgxyTUk3DlpsaylUfFdp6qu59Md5UtCpFeWHT riYbvV5qIXDbPm0yBIP//Xxf/o/cfrnOxu+wv8G5R4Z4ibzLL1o1LLzJ+FveFN19oNVT vTCEusG7Vs/2GMEH2O0V6eV+mmI3qKAezzH4K5cFM922iXnY1DSBwSdRnNp57rGpFtdp MM5BMjHWDkRSFwYXcQVxjyFPFKgTon0rJNdIbPuXnBizF+upt3SEQVw+Om1aDVl9JwKr l6Gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2TnnXLHs2EigAQxoZxOgm8ELOh1fY6tAR5v57woQrQM=; b=VmHaShl+iZtHEgIYqo3eqgsa5dpLBYMAMoYqMZuDvxQCdXohqJYMfUXPMV1ZVlM9Hw CXgCwFvMbrAXcOt6A/eYaFFXgSn7PIbaJfdVTlluGJf3W/q0IYCPFaN4oZeV8Hqdzp1O DfKwfmq+2HgtEaTqgbv3bdVs8JBjvYq7KKYxfcGsJVX2yNgWY9Z1o/x8l79jELQE/Bim 8hz+JfuGFpGpA26T3BXMYgtTnvhq8Sjq0FUQsUc6QQc8bqi2z1ZWnhbInGUVHwQkuYIm yLzoRGxy+0H94KdZBYb91cUFNHYRWCW2ow0IxfD06AI8bU2fLMzKZ8wsLJW+91vfpdzP nDEg== X-Gm-Message-State: AO0yUKXEfa+EHovdbet0/F+6a0VX4RuDUdrMAa9qOlabikD07FeFj7Nk RbZdnFaGoRHTE/KQcAuEa3+9Y/M3Bok= X-Google-Smtp-Source: AK7set8XekvWEQvFbi786Gs+IJcaBhEwI/d27S46Y/W3uuSOuMmnY1FW2Ag2e+5k0Xo/SyoYY03FVGaOuT8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a0d:d543:0:b0:52e:ebb7:98f9 with SMTP id x64-20020a0dd543000000b0052eebb798f9mr1162884ywd.201.1676675435569; Fri, 17 Feb 2023 15:10:35 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:15 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-6-seanjc@google.com> Subject: [PATCH 05/12] KVM: x86: Use KVM-governed feature framework to track "XSAVES enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Use the governed feature framework to track if XSAVES is "enabled", i.e. if XSAVES can be used by the guest. Add a comment in the SVM code to explain the very unintuitive logic of deliberately NOT checking if XSAVES is enumerated in the guest CPUID model. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/svm.c | 17 ++++++++++++--- arch/x86/kvm/vmx/vmx.c | 36 ++++++++++++++++---------------- arch/x86/kvm/x86.c | 4 ++-- 4 files changed, 35 insertions(+), 23 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index b29c15d5e038..b896a64e4ac3 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -6,6 +6,7 @@ BUILD_BUG() #define KVM_GOVERNED_X86_FEATURE(x) KVM_GOVERNED_FEATURE(X86_FEATURE_##x) KVM_GOVERNED_X86_FEATURE(GBPAGES) +KVM_GOVERNED_X86_FEATURE(XSAVES) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b43775490074..d89e516449ad 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4128,9 +4128,20 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) struct vcpu_svm *svm = to_svm(vcpu); struct kvm_cpuid_entry2 *best; - vcpu->arch.xsaves_enabled = guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && - boot_cpu_has(X86_FEATURE_XSAVE) && - boot_cpu_has(X86_FEATURE_XSAVES); + /* + * SVM doesn't provide a way to disable just XSAVES in the guest, KVM + * can only disable all variants of by disallowing CR4.OSXSAVE from + * being set. As a result, if the host has XSAVE and XSAVES, and the + * guest has XSAVE enabled, the guest can execute XSAVES without + * faulting. Treat XSAVES as enabled in this case regardless of + * whether it's advertised to the guest so that KVM context switches + * XSS on VM-Enter/VM-Exit. Failure to do so would effectively give + * the guest read/write access to the host's XSS. + */ + if (boot_cpu_has(X86_FEATURE_XSAVE) && + boot_cpu_has(X86_FEATURE_XSAVES) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) + kvm_governed_feature_set(vcpu, X86_FEATURE_XSAVES); /* Update nrips enabled cache */ svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) && diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 14ce195eee5a..c64a12756016 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4551,16 +4551,19 @@ vmx_adjust_secondary_exec_control(struct vcpu_vmx *vmx, u32 *exec_control, * based on a single guest CPUID bit, with a dedicated feature bit. This also * verifies that the control is actually supported by KVM and hardware. */ -#define vmx_adjust_sec_exec_control(vmx, exec_control, name, feat_name, ctrl_name, exiting) \ -({ \ - bool __enabled; \ - \ - if (cpu_has_vmx_##name()) { \ - __enabled = guest_cpuid_has(&(vmx)->vcpu, \ - X86_FEATURE_##feat_name); \ - vmx_adjust_secondary_exec_control(vmx, exec_control, \ - SECONDARY_EXEC_##ctrl_name, __enabled, exiting); \ - } \ +#define vmx_adjust_sec_exec_control(vmx, exec_control, name, feat_name, ctrl_name, exiting) \ +({ \ + struct kvm_vcpu *__vcpu = &(vmx)->vcpu; \ + bool __enabled; \ + \ + if (cpu_has_vmx_##name()) { \ + if (kvm_is_governed_feature(X86_FEATURE_##feat_name)) \ + __enabled = guest_can_use(__vcpu, X86_FEATURE_##feat_name); \ + else \ + __enabled = guest_cpuid_has(__vcpu, X86_FEATURE_##feat_name); \ + vmx_adjust_secondary_exec_control(vmx, exec_control, SECONDARY_EXEC_##ctrl_name,\ + __enabled, exiting); \ + } \ }) /* More macro magic for ENABLE_/opt-in versus _EXITING/opt-out controls. */ @@ -4620,10 +4623,7 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) if (!enable_pml || !atomic_read(&vcpu->kvm->nr_memslots_dirty_logging)) exec_control &= ~SECONDARY_EXEC_ENABLE_PML; - if (cpu_has_vmx_xsaves()) - vmx_adjust_secondary_exec_control(vmx, &exec_control, - SECONDARY_EXEC_ENABLE_XSAVES, - vcpu->arch.xsaves_enabled, false); + vmx_adjust_sec_exec_feature(vmx, &exec_control, xsaves, XSAVES); /* * RDPID is also gated by ENABLE_RDTSCP, turn on the control if either @@ -4642,6 +4642,7 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx *vmx) SECONDARY_EXEC_ENABLE_RDTSCP, rdpid_or_rdtscp_enabled, false); } + vmx_adjust_sec_exec_feature(vmx, &exec_control, invpcid, INVPCID); vmx_adjust_sec_exec_exiting(vmx, &exec_control, rdrand, RDRAND); @@ -7705,10 +7706,9 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) * to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be * set if and only if XSAVE is supported. */ - vcpu->arch.xsaves_enabled = cpu_has_vmx_xsaves() && - boot_cpu_has(X86_FEATURE_XSAVE) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVES); + if (cpu_has_vmx_xsaves() && boot_cpu_has(X86_FEATURE_XSAVE) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); vmx_setup_uret_msrs(vmx); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index f706621c35b8..541982de5762 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -988,7 +988,7 @@ void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu) if (vcpu->arch.xcr0 != host_xcr0) xsetbv(XCR_XFEATURE_ENABLED_MASK, vcpu->arch.xcr0); - if (vcpu->arch.xsaves_enabled && + if (guest_can_use(vcpu, X86_FEATURE_XSAVES) && vcpu->arch.ia32_xss != host_xss) wrmsrl(MSR_IA32_XSS, vcpu->arch.ia32_xss); } @@ -1023,7 +1023,7 @@ void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu) if (vcpu->arch.xcr0 != host_xcr0) xsetbv(XCR_XFEATURE_ENABLED_MASK, host_xcr0); - if (vcpu->arch.xsaves_enabled && + if (guest_can_use(vcpu, X86_FEATURE_XSAVES) && vcpu->arch.ia32_xss != host_xss) wrmsrl(MSR_IA32_XSS, host_xss); } From patchwork Fri Feb 17 23:10:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145338 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5067C636D6 for ; Fri, 17 Feb 2023 23:11:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230021AbjBQXLH (ORCPT ); Fri, 17 Feb 2023 18:11:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56724 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229891AbjBQXKn (ORCPT ); Fri, 17 Feb 2023 18:10:43 -0500 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F0C2568AF2 for ; Fri, 17 Feb 2023 15:10:37 -0800 (PST) Received: by mail-pj1-x1049.google.com with SMTP id l7-20020a17090b078700b0020a71040b4cso913785pjz.6 for ; Fri, 17 Feb 2023 15:10:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=2tf53EPfhatPCq2VnYmKd0iZ7HVFsZitkXwBonW9dJw=; b=GJHSCDcjNVTZEVMG0mYD9ul4hN1+85Aunqv+jYXWQzMde9aoMzeSYZ4I1pC/+SHt3R /cyuE7zkSQkNLdFBx7HFJwR+2iAs21M21LyvgD51QkoX2EuiEh0rKweO1iFWNdjJU/Pg sgHDHKNYahaQ0ONGkeD57lK1suAGWoqaN35Pq1ckpJAs4PQZG4AuP+844LGzaAUocaz8 MBCFU4GWjw3IXSqouObLLnefpVjp8F6viiv5vqJaK7xwy4E6o0mUXtiCgiMc1Xq1E2I1 XPtmI9DLJX8EFQjlTP6cBR3csvVTSzK72LrqM/fPpJ9/J/tOO/GQn2saRsDVpnba48is zRAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2tf53EPfhatPCq2VnYmKd0iZ7HVFsZitkXwBonW9dJw=; b=WRhBWDtNUsj6bRXiaabwGkcfm6C3xqhiDsdtEbI8CmrIhKe/DkHb0bEixyIkXO/EVH /508am20/YHuinZUC8AeVWuHuSR2sC12jiQQ2xuCG3vbMgwg+KlSMFEW/1vc+1x1uR85 e258Hifljf8K+GEoDfL+n1n2AeqNGwzMQB41n6UdeDPVKw8kqcdj1HMh2teX4qH+ftwf 0pm7ukpV2j1ZTn4v5OtyjSO9nI1HlMcIl/LXuNfAF/Jpr9MRPQTKEvlWGUDgJnY4Kgt6 4A9d37uel+EJjiBwbIzE7GbmDqANdc5enD5jUXZidaY32MgcIOm5qv8XpF5y0fLS8M+o vSew== X-Gm-Message-State: AO0yUKWd/GaB7A83oFeLD+9KHLPa0w3zcsP/br9UOSiUQ+R3ls3lfm+/ s8Xx10mK+cs4LtiiBf46WIRH+P8h6Tw= X-Google-Smtp-Source: AK7set8U5H8TL6hd99x0K44Eq2yADGGXi5R4l78giHQJeDDRlRcTs78X88HWzHmF+bKnHg+VUiSw1X0+WWE= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:7a54:0:b0:4fc:d6df:85a3 with SMTP id j20-20020a637a54000000b004fcd6df85a3mr507170pgn.1.1676675437475; Fri, 17 Feb 2023 15:10:37 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:16 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-7-seanjc@google.com> Subject: [PATCH 06/12] KVM: nSVM: Use KVM-governed feature framework to track "NRIPS enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Track "NRIPS exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 6 +++--- arch/x86/kvm/svm/svm.c | 5 ++--- arch/x86/kvm/svm/svm.h | 1 - 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index b896a64e4ac3..359914112615 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -7,6 +7,7 @@ BUILD_BUG() KVM_GOVERNED_X86_FEATURE(GBPAGES) KVM_GOVERNED_X86_FEATURE(XSAVES) +KVM_GOVERNED_X86_FEATURE(NRIPS) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 05d38944a6c0..0641cb943450 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -694,7 +694,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, * what a nrips=0 CPU would do (L1 is responsible for advancing RIP * prior to injecting the event). */ - if (svm->nrips_enabled) + if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) vmcb02->control.next_rip = svm->nested.ctl.next_rip; else if (boot_cpu_has(X86_FEATURE_NRIPS)) vmcb02->control.next_rip = vmcb12_rip; @@ -704,7 +704,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, svm->soft_int_injected = true; svm->soft_int_csbase = vmcb12_csbase; svm->soft_int_old_rip = vmcb12_rip; - if (svm->nrips_enabled) + if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) svm->soft_int_next_rip = svm->nested.ctl.next_rip; else svm->soft_int_next_rip = vmcb12_rip; @@ -1004,7 +1004,7 @@ int nested_svm_vmexit(struct vcpu_svm *svm) if (vmcb12->control.exit_code != SVM_EXIT_ERR) nested_save_pending_event_to_vmcb12(svm, vmcb12); - if (svm->nrips_enabled) + if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) vmcb12->control.next_rip = vmcb02->control.next_rip; vmcb12->control.int_ctl = svm->nested.ctl.int_ctl; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d89e516449ad..cdffc6db8bc5 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4143,9 +4143,8 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) kvm_governed_feature_set(vcpu, X86_FEATURE_XSAVES); - /* Update nrips enabled cache */ - svm->nrips_enabled = kvm_cpu_cap_has(X86_FEATURE_NRIPS) && - guest_cpuid_has(vcpu, X86_FEATURE_NRIPS); + if (kvm_cpu_cap_has(X86_FEATURE_NRIPS)) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_NRIPS); svm->tsc_scaling_enabled = tsc_scaling && guest_cpuid_has(vcpu, X86_FEATURE_TSCRATEMSR); svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 839809972da1..bd6ee6945bdd 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -258,7 +258,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool nrips_enabled : 1; bool tsc_scaling_enabled : 1; bool v_vmload_vmsave_enabled : 1; bool lbrv_enabled : 1; From patchwork Fri Feb 17 23:10:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145339 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 429CCC636D6 for ; Fri, 17 Feb 2023 23:11:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229875AbjBQXLK (ORCPT ); Fri, 17 Feb 2023 18:11:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229933AbjBQXKu (ORCPT ); Fri, 17 Feb 2023 18:10:50 -0500 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4C8A59715 for ; Fri, 17 Feb 2023 15:10:39 -0800 (PST) Received: by mail-pl1-x649.google.com with SMTP id z5-20020a170903018500b00198bc9ba4edso1109483plg.21 for ; Fri, 17 Feb 2023 15:10:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=POxuYt4fAOA6ZFnHfsbFWDtIU9nPZFu5zx86sbOziVE=; b=QdavNrkdWkG2gZ3NsrzLR/fOs76DCKkMTVMxakZG6LoyMRh9Cf0XobBJFuUDa5G8r4 XF3yBtTZC2TMaUgjSZcjLQLbOnwIZpk0cM7vq4aeQcCccbCup+W/Fgll7QICn6WEauEO VCObIXioMDVz/EIaqO1tvqg8S2hLBr2pmkJWqMz6Ss2Gt+9n2OkXMQMdAVj+JDI8hcKO kdOmvMUAGpAXU7n+IcWsoXn1l5Q3RTHtu7kNi5bCj8WwNJ7RMYrBYJtfNTDmNNcEr8MO VDbssRqj35CSLlJWpbu4egzKdtsJYM3Kdw54fzQJ7ApuG2owQDYBmX0UCSHEVUGGtzmK RPmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=POxuYt4fAOA6ZFnHfsbFWDtIU9nPZFu5zx86sbOziVE=; b=KdxD4+UF5/DGNf/g7ioVKEkV12mNf577lhs9akB+5f3WmNDhf4aQqS9G7b6KZWOFaS qzwz2zmFHhGRnRIictx7xhsAMCGVnXQN95hTkDnFT5L/jnV9Qk7dmc7HE7LgbNijJvMy vNa4QGKvokBbz7dOy7cEjPsE4uWtfufG/R+58FGP9FBbADVIP7U5DhNLQhIePCXWJbx7 URXEVHgan76EMVRGO1BRWtWOGUmeuBpS3oTJCLyvB8FzVDDpzt15utVvfeKiudTNHDW2 ePzGooS7uzNJAxQ+hqWPHlNC21c++vmxgA1IzYVhBWP1Sjdse/YyLBeDJ4nFPipqhKXL /51Q== X-Gm-Message-State: AO0yUKX0dILVNCWG0iIG8g9Rnn+MD4OsJ25rMublUrNGA/cVswxhqrKY VkMc9+zrmgtDXMV4sQzWCP7Uo/Thxk8= X-Google-Smtp-Source: AK7set8SeUweXtk7HR0IBiw1qUttq5cL7IcOJcsq9Unmzju7hZFedUrzEbRQvuLif2OV75KqyJKp6SIO61w= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:ef85:b0:19a:fdca:e3f1 with SMTP id iz5-20020a170902ef8500b0019afdcae3f1mr441371plb.3.1676675439193; Fri, 17 Feb 2023 15:10:39 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:17 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-8-seanjc@google.com> Subject: [PATCH 07/12] KVM: nSVM: Use KVM-governed feature framework to track "TSC scaling enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Track "TSC scaling exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 4 ++-- arch/x86/kvm/svm/svm.c | 12 ++++++++---- arch/x86/kvm/svm/svm.h | 1 - 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 359914112615..0335576a80a8 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -8,6 +8,7 @@ BUILD_BUG() KVM_GOVERNED_X86_FEATURE(GBPAGES) KVM_GOVERNED_X86_FEATURE(XSAVES) KVM_GOVERNED_X86_FEATURE(NRIPS) +KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 0641cb943450..30e00c4e07c7 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -673,7 +673,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, vmcb02->control.tsc_offset = vcpu->arch.tsc_offset; if (svm->tsc_ratio_msr != kvm_caps.default_tsc_scaling_ratio) { - WARN_ON(!svm->tsc_scaling_enabled); + WARN_ON(!guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR)); nested_svm_update_tsc_ratio_msr(vcpu); } @@ -1043,7 +1043,7 @@ int nested_svm_vmexit(struct vcpu_svm *svm) } if (svm->tsc_ratio_msr != kvm_caps.default_tsc_scaling_ratio) { - WARN_ON(!svm->tsc_scaling_enabled); + WARN_ON(!guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR)); vcpu->arch.tsc_scaling_ratio = vcpu->arch.l1_tsc_scaling_ratio; __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio); } diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index cdffc6db8bc5..dd4aead5462c 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2737,7 +2737,8 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) switch (msr_info->index) { case MSR_AMD64_TSC_RATIO: - if (!msr_info->host_initiated && !svm->tsc_scaling_enabled) + if (!msr_info->host_initiated && + !guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR)) return 1; msr_info->data = svm->tsc_ratio_msr; break; @@ -2879,7 +2880,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) switch (ecx) { case MSR_AMD64_TSC_RATIO: - if (!svm->tsc_scaling_enabled) { + if (!guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR)) { if (!msr->host_initiated) return 1; @@ -2901,7 +2902,8 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->tsc_ratio_msr = data; - if (svm->tsc_scaling_enabled && is_guest_mode(vcpu)) + if (guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR) && + is_guest_mode(vcpu)) nested_svm_update_tsc_ratio_msr(vcpu); break; @@ -4146,7 +4148,9 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) if (kvm_cpu_cap_has(X86_FEATURE_NRIPS)) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_NRIPS); - svm->tsc_scaling_enabled = tsc_scaling && guest_cpuid_has(vcpu, X86_FEATURE_TSCRATEMSR); + if (tsc_scaling) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_TSCRATEMSR); + svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV); svm->v_vmload_vmsave_enabled = vls && guest_cpuid_has(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index bd6ee6945bdd..a523cfcdd12e 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -258,7 +258,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool tsc_scaling_enabled : 1; bool v_vmload_vmsave_enabled : 1; bool lbrv_enabled : 1; bool pause_filter_enabled : 1; From patchwork Fri Feb 17 23:10:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145340 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6613FC05027 for ; Fri, 17 Feb 2023 23:11:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229982AbjBQXLM (ORCPT ); Fri, 17 Feb 2023 18:11:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57422 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229914AbjBQXLE (ORCPT ); Fri, 17 Feb 2023 18:11:04 -0500 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 416F86A053 for ; Fri, 17 Feb 2023 15:10:41 -0800 (PST) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-53659b9818dso18563807b3.18 for ; Fri, 17 Feb 2023 15:10:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=xoyujDYNcmSn6sbEuz9ptxpGQrMCz4NdSnDyJI75LQw=; b=dpQqFvssXE0UA8WwasFAKBnP2Qr+hAS9iMB0u9edTg/bAjZj4XhrrT0weBm/X/66Sn ypVCWH0fcamcMwYZNEgACrCuZJDSNYJfRhyFQLb/NOILy9Q0miLSTkFhTFbq0TrMWfM/ TBSppg3h4vxQWjOUaDfKkQx6IQ8SrOEwxeV9Z761h2EGa/iL/m2uPZdjE3dOUODAHph2 ffxbJMs9RdgFl517e8dx/LN6AumlRS3X80c/mT/QLwtAgkM4xONk8O7zKU/QTMep2STF 7/RxkTXmbAtp1FVs07RE/ej5J703siUuwOmmIwMxoXaENzvI3YUKWMPvemIkiMgNtHxj mbKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xoyujDYNcmSn6sbEuz9ptxpGQrMCz4NdSnDyJI75LQw=; b=6QRVEde67gX5erUPA7FAZQ+2CQ8H8+x3Ql6UBLS/W5lkq6gDEyEefpN73bWggl61ui FvnxyAQoiNAS8Dm0H+seWxH2HH7+K2IQPCtJ55yRN1rfabLZ4EEx4Y3CddAHUAQoCAf3 uRclcWcFXF29UV43HP/cl91VUzXYa+Z44HUbY8p+kZjUH3fi0sZ/7MvHmY0noZ6RJ1WF MWfd/nmMKE20+8k9LSq21x+IGG2ijjWrz8cwo8XT3k//pgxsoLyrOs98QhTxg5wHX1f4 QtBvCGf3kB25+KhDwZZeZTaMyhz0IkhRhHVCxnT8aTod3pNBENURqMokFmtsGyPGyz6m oyTA== X-Gm-Message-State: AO0yUKXBSyPqTXImnF3zKgDbVDVrC2caItre2VfK8JHhVpMASeSSp7ur Twij8ZOuATonPlsRp6V14+DVUQWbLu0= X-Google-Smtp-Source: AK7set8FD8KPiW5RbVdBMkTuzISxQM/fZM5/zT59mGNOY8Xn9cS1Tk+Uu1Efwpubrn/SOWsjg0210bXEBXM= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:9346:0:b0:909:4c2d:3092 with SMTP id g6-20020a259346000000b009094c2d3092mr1339095ybo.643.1676675440994; Fri, 17 Feb 2023 15:10:40 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:18 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-9-seanjc@google.com> Subject: [PATCH 08/12] KVM: nSVM: Use KVM-governed feature framework to track "vVM{SAVE,LOAD} enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Track "virtual VMSAVE/VMLOAD exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 2 +- arch/x86/kvm/svm/svm.c | 5 ++--- arch/x86/kvm/svm/svm.h | 1 - 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 0335576a80a8..b66b9d550f33 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -9,6 +9,7 @@ KVM_GOVERNED_X86_FEATURE(GBPAGES) KVM_GOVERNED_X86_FEATURE(XSAVES) KVM_GOVERNED_X86_FEATURE(NRIPS) KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) +KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 30e00c4e07c7..6a96058c0e48 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -107,7 +107,7 @@ static void nested_svm_uninit_mmu_context(struct kvm_vcpu *vcpu) static bool nested_vmcb_needs_vls_intercept(struct vcpu_svm *svm) { - if (!svm->v_vmload_vmsave_enabled) + if (!guest_can_use(&svm->vcpu, X86_FEATURE_V_VMSAVE_VMLOAD)) return true; if (!nested_npt_enabled(svm)) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index dd4aead5462c..b3f0271c73b9 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1162,8 +1162,6 @@ static inline void init_vmcb_after_set_cpuid(struct kvm_vcpu *vcpu) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_EIP, 0, 0); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SYSENTER_ESP, 0, 0); - - svm->v_vmload_vmsave_enabled = false; } else { /* * If hardware supports Virtual VMLOAD VMSAVE then enable it @@ -4153,7 +4151,8 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV); - svm->v_vmload_vmsave_enabled = vls && guest_cpuid_has(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); + if (vls && !guest_cpuid_is_intel(vcpu)) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); svm->pause_filter_enabled = kvm_cpu_cap_has(X86_FEATURE_PAUSEFILTER) && guest_cpuid_has(vcpu, X86_FEATURE_PAUSEFILTER); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index a523cfcdd12e..1e3e7462b1d7 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -258,7 +258,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool v_vmload_vmsave_enabled : 1; bool lbrv_enabled : 1; bool pause_filter_enabled : 1; bool pause_threshold_enabled : 1; From patchwork Fri Feb 17 23:10:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145341 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E978AC05027 for ; Fri, 17 Feb 2023 23:11:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230031AbjBQXLd (ORCPT ); Fri, 17 Feb 2023 18:11:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229933AbjBQXLL (ORCPT ); Fri, 17 Feb 2023 18:11:11 -0500 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 857226C01D for ; Fri, 17 Feb 2023 15:10:44 -0800 (PST) Received: by mail-yb1-xb49.google.com with SMTP id 64-20020a250243000000b007eba3f8e3baso2338506ybc.4 for ; Fri, 17 Feb 2023 15:10:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=6T3Gs2nuLFt+Gi9I5SyZU1o7dxUXgiYSrrrG2VNSMxo=; b=Wt0DYMxGoRYkGatQPo0coKl/wrq7XW9qyPmdmUcYgYWqmxuF681eSGUYynQunnMGGC xzoG074xtnXxckeWUMdMuWVp2SSsVy1IiIfyNm+dk/D+Zv5n0TgI4qxGq4xHjEnajKC+ 2FBcS7lAs0bdc3CeB1Thb5ALnwV3m3OShvahkhL79qyWZ0amtCnp98lLVxLvyyLiDNFK 4JOfuA8IXxUJM3RkOO+9eIgwPp3lnHjBjV184/6Ezh1U9VNqdoYwI5xPccf4SbfjHGAA 5reeKVcnzRZdWBLPF4eaCJI3zTWyXmGD0sq8YUOxeM6NXFHtC8VCb4PtWvcXfLbItS0t 9TbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6T3Gs2nuLFt+Gi9I5SyZU1o7dxUXgiYSrrrG2VNSMxo=; b=17BT9fvf6jUjExauDps5YeZf7cdMXro3NjPSNqkMRYBrNK1XZkF/skITSVGqNJU2lg k28R/tJ7E/gHTNokvVLlrmoAZaRNL/E7/FRviyN/380ikHrAJUe0ICu9UU/ZxfegyErM s8pzhxpfmNa6nn4q/aDE7KUl+ExRIDaeiVFft+qRNTeCwqp86FFMKKBey2/RrAOQLb+m dGHLAK18+A+49IPE1u0CZ4c+/1Zn7QveE9lYukLWYfK+1QFDISi2w7WJBqE1Q1RoDr+a cLEgdDdm73/RyX7oJoPYVn7bjSg6hiZ7H36ka64J0X6CzH58LruULf7/zxxcP/Wf+Xnw gtng== X-Gm-Message-State: AO0yUKWntktyWZNJzpkruFgyFd3Z9MbdWvQobT57/eSrmEGbXUGvzuS/ aJtfrGYopZIeBs2VyTZ6jMRj7hmF3Ec= X-Google-Smtp-Source: AK7set+BLiMCMLxrwe6aIMejKhKuKOHIkqsRRgXPHUHo62iVRzAIWpbn42fyi84tYEqZIDTg3o5M2pCNiBk= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:10c:b0:997:c919:4484 with SMTP id o12-20020a056902010c00b00997c9194484mr16415ybh.6.1676675442720; Fri, 17 Feb 2023 15:10:42 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:19 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-10-seanjc@google.com> Subject: [PATCH 09/12] KVM: nSVM: Use KVM-governed feature framework to track "LBRv enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Track "LBR virtualization exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 23 +++++++++++++---------- arch/x86/kvm/svm/svm.c | 7 +++++-- arch/x86/kvm/svm/svm.h | 1 - 4 files changed, 19 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index b66b9d550f33..16c58d61bdf6 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -10,6 +10,7 @@ KVM_GOVERNED_X86_FEATURE(XSAVES) KVM_GOVERNED_X86_FEATURE(NRIPS) KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) +KVM_GOVERNED_X86_FEATURE(LBRV) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 6a96058c0e48..9e210b03e635 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -540,6 +540,7 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12 bool new_vmcb12 = false; struct vmcb *vmcb01 = svm->vmcb01.ptr; struct vmcb *vmcb02 = svm->nested.vmcb02.ptr; + struct kvm_vcpu *vcpu = &svm->vcpu; nested_vmcb02_compute_g_pat(svm); @@ -565,18 +566,18 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12 vmcb_mark_dirty(vmcb02, VMCB_DT); } - kvm_set_rflags(&svm->vcpu, vmcb12->save.rflags | X86_EFLAGS_FIXED); + kvm_set_rflags(vcpu, vmcb12->save.rflags | X86_EFLAGS_FIXED); - svm_set_efer(&svm->vcpu, svm->nested.save.efer); + svm_set_efer(vcpu, svm->nested.save.efer); - svm_set_cr0(&svm->vcpu, svm->nested.save.cr0); - svm_set_cr4(&svm->vcpu, svm->nested.save.cr4); + svm_set_cr0(vcpu, svm->nested.save.cr0); + svm_set_cr4(vcpu, svm->nested.save.cr4); svm->vcpu.arch.cr2 = vmcb12->save.cr2; - kvm_rax_write(&svm->vcpu, vmcb12->save.rax); - kvm_rsp_write(&svm->vcpu, vmcb12->save.rsp); - kvm_rip_write(&svm->vcpu, vmcb12->save.rip); + kvm_rax_write(vcpu, vmcb12->save.rax); + kvm_rsp_write(vcpu, vmcb12->save.rsp); + kvm_rip_write(vcpu, vmcb12->save.rip); /* In case we don't even reach vcpu_run, the fields are not updated */ vmcb02->save.rax = vmcb12->save.rax; @@ -590,7 +591,8 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12 vmcb_mark_dirty(vmcb02, VMCB_DR); } - if (unlikely(svm->lbrv_enabled && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { + if (unlikely(guest_can_use(vcpu, X86_FEATURE_LBRV) && + (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { /* * Reserved bits of DEBUGCTL are ignored. Be consistent with * svm_set_msr's definition of reserved bits. @@ -712,7 +714,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, vmcb02->control.virt_ext = vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK; - if (svm->lbrv_enabled) + if (guest_can_use(vcpu, X86_FEATURE_LBRV)) vmcb02->control.virt_ext |= (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK); @@ -1021,7 +1023,8 @@ int nested_svm_vmexit(struct vcpu_svm *svm) svm_switch_vmcb(svm, &svm->vmcb01); - if (unlikely(svm->lbrv_enabled && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { + if (unlikely(guest_can_use(vcpu, X86_FEATURE_LBRV) && + (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { svm_copy_lbrs(vmcb12, vmcb02); svm_update_lbrv(vcpu); } else if (unlikely(vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK)) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b3f0271c73b9..42591c77f98a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -994,9 +994,11 @@ void svm_update_lbrv(struct kvm_vcpu *vcpu) bool current_enable_lbrv = !!(svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK); - if (unlikely(is_guest_mode(vcpu) && svm->lbrv_enabled)) + if (unlikely(is_guest_mode(vcpu) && + guest_can_use(vcpu, X86_FEATURE_LBRV))) { if (unlikely(svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK)) enable_lbrv = true; + } if (enable_lbrv == current_enable_lbrv) return; @@ -4149,7 +4151,8 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) if (tsc_scaling) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_TSCRATEMSR); - svm->lbrv_enabled = lbrv && guest_cpuid_has(vcpu, X86_FEATURE_LBRV); + if (lbrv) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_LBRV); if (vls && !guest_cpuid_is_intel(vcpu)) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 1e3e7462b1d7..60817ff346b0 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -258,7 +258,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool lbrv_enabled : 1; bool pause_filter_enabled : 1; bool pause_threshold_enabled : 1; bool vgif_enabled : 1; From patchwork Fri Feb 17 23:10:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145342 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B6E1C636D6 for ; Fri, 17 Feb 2023 23:11:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230089AbjBQXLf (ORCPT ); Fri, 17 Feb 2023 18:11:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230038AbjBQXLO (ORCPT ); Fri, 17 Feb 2023 18:11:14 -0500 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 841A859B70 for ; Fri, 17 Feb 2023 15:10:45 -0800 (PST) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-536582abb72so20966427b3.5 for ; Fri, 17 Feb 2023 15:10:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=y+vRasImpgsONkuFWEwkUJDlQ5PlpYyW5BuRWOgPo+I=; b=duZP1OUSZ8GA7t5Oa5HX6hRRseF3k5EiTGYt+R3pS76fquatD1J2o/MeZx61e/YmEh CawMVRWWt0V1OGElmhOpu7JQeTb9c8c8ArnCdaPGyYtsEztkDJFZMSqJW49jcfZnWuOI r6zEtJTbWpCHlEi4nqmAUmyUUYVLgzsxzfB5rpRpdncAM8upT8wdTy4kY4ItoCkvmUD/ SNkmdMzpy9OHA8yBwwKdb4C9CnpNujIVT1dagQgfMC0QCmS9gDZUNaC5eCBX1edGb46X +8fmBURigrx+J18D+rONdcH1qQDIHZgCXK4mFz9FbdVyli0FBzWBF0MVID7xgLINh+/Y 3FLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=y+vRasImpgsONkuFWEwkUJDlQ5PlpYyW5BuRWOgPo+I=; b=LK6G8h6oTchPpvekge7nlZU9lRyGmW03gboHFDQBoEWKyGLHkiZx+phkOno9mCA2zn qVwpxT100QdRVRbu7hNuH9RzTp1YXhn73DW9V3tOSeL3TM/AOBh/GsrxNtdNFBAT2xQ2 FfD7hQjEk+Uu+k/JTEH/SN5Rsn35l7S+CyJoSOQB8ab+eWTR154ORuRZO6CR+GDrHxrx lUanrCFt/TFIWxEqqZvuBqR8GFTpiriYvbOfSl3Un60S9MB/9ypbSM6oahGkYSFJAo3Q zDoS0D9Nuui1fQHBcAZXvc3hzfN4/+XSv0s6Q5MgN9TbIeGAdtS6Lqj1ZLxH6onW8/G0 pNrg== X-Gm-Message-State: AO0yUKW/4TWx8gSMzjhm/ct0rAdAqgbvty5cGHdf9xwcPQsblAZ9W0Tj c0s3vbzzqq2iBBcq8AJmG9+mpYy9wtc= X-Google-Smtp-Source: AK7set+5RGeqQvHi2R+C6jJ1xgQJBifGa7LHdXlbRH9VtB2Jep8Ou1oYljFWFff7NqgcdMZqEY+jYtKw3x8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a0d:eb8f:0:b0:52f:f71:31c9 with SMTP id u137-20020a0deb8f000000b0052f0f7131c9mr1159924ywe.250.1676675444598; Fri, 17 Feb 2023 15:10:44 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:20 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-11-seanjc@google.com> Subject: [PATCH 10/12] KVM: nSVM: Use KVM-governed feature framework to track "Pause Filter enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Track "Pause Filtering is exposed to L1" via governed feature flags instead of using dedicated bits/flags in vcpu_svm. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 2 ++ arch/x86/kvm/svm/nested.c | 10 ++++++++-- arch/x86/kvm/svm/svm.c | 8 ++++---- arch/x86/kvm/svm/svm.h | 2 -- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 16c58d61bdf6..93c7d840e546 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -11,6 +11,8 @@ KVM_GOVERNED_X86_FEATURE(NRIPS) KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) KVM_GOVERNED_X86_FEATURE(LBRV) +KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) +KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 9e210b03e635..c38f17ba818e 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -721,8 +721,14 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, if (!nested_vmcb_needs_vls_intercept(svm)) vmcb02->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; - pause_count12 = svm->pause_filter_enabled ? svm->nested.ctl.pause_filter_count : 0; - pause_thresh12 = svm->pause_threshold_enabled ? svm->nested.ctl.pause_filter_thresh : 0; + if (guest_can_use(vcpu, X86_FEATURE_PAUSEFILTER)) + pause_count12 = svm->nested.ctl.pause_filter_count; + else + pause_count12 = 0; + if (guest_can_use(vcpu, X86_FEATURE_PFTHRESHOLD)) + pause_thresh12 = svm->nested.ctl.pause_filter_thresh; + else + pause_thresh12 = 0; if (kvm_pause_in_guest(svm->vcpu.kvm)) { /* use guest values since host doesn't intercept PAUSE */ vmcb02->control.pause_filter_count = pause_count12; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 42591c77f98a..b18bd0b33942 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4157,11 +4157,11 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) if (vls && !guest_cpuid_is_intel(vcpu)) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); - svm->pause_filter_enabled = kvm_cpu_cap_has(X86_FEATURE_PAUSEFILTER) && - guest_cpuid_has(vcpu, X86_FEATURE_PAUSEFILTER); + if (kvm_cpu_cap_has(X86_FEATURE_PAUSEFILTER)) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PAUSEFILTER); - svm->pause_threshold_enabled = kvm_cpu_cap_has(X86_FEATURE_PFTHRESHOLD) && - guest_cpuid_has(vcpu, X86_FEATURE_PFTHRESHOLD); + if (kvm_cpu_cap_has(X86_FEATURE_PFTHRESHOLD)) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); svm->vgif_enabled = vgif && guest_cpuid_has(vcpu, X86_FEATURE_VGIF); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 60817ff346b0..c05eea319d28 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -258,8 +258,6 @@ struct vcpu_svm { bool soft_int_injected; /* optional nested SVM features that are enabled for this guest */ - bool pause_filter_enabled : 1; - bool pause_threshold_enabled : 1; bool vgif_enabled : 1; u32 ldr_reg; From patchwork Fri Feb 17 23:10:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145343 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C99F0C05027 for ; Fri, 17 Feb 2023 23:11:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230007AbjBQXLp (ORCPT ); Fri, 17 Feb 2023 18:11:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230004AbjBQXL0 (ORCPT ); Fri, 17 Feb 2023 18:11:26 -0500 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 784AB6B305 for ; Fri, 17 Feb 2023 15:10:52 -0800 (PST) Received: by mail-pj1-x1049.google.com with SMTP id ns9-20020a17090b250900b0023487c793d0so1264998pjb.7 for ; Fri, 17 Feb 2023 15:10:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=TQzYXroMSTeC6jBkk8L8kpJ+IXUUCZH+35l1d+2iFCk=; b=nDWIVzLIP0yst3AFQlqDNtPsqJCThrW68j/ZDgsIoK51pQLuviijWNO1GiQNNGfcD4 GYM/nmpNu2qua902e+XJlPwfEnqeyWoe4s3Vb9i0Y1jVuzJWJ0wCTnDT4WrRry0KOOdA 1EvSk1Ml1D4JrModuEI7cV+JTr2ved0KqLeoFWDFdZZeMDm6Uui++DSXcDEHfDmoGKEn Amq0zZule0c9Xfswa3PJzg+CfbLGjw6SxBGdcFuUGioZRdQjUYH1XO7H/YAz36FXKc6W 1N6fmIjiwtceyLVKbWIRc4iUOqgSuX5UaryxPThGgeLffTTL/uoZX6eCLzvFdhzYcE6M jPHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TQzYXroMSTeC6jBkk8L8kpJ+IXUUCZH+35l1d+2iFCk=; b=dPDhD5XmjuIM0vZJGYs7QYHIOqrU7RlJyYwb6ROCpx1l029Mji9GpPY9TkcC/tE80+ lCQtT0h1t3Va8sE2fYDuQvMFB5cpYF1NL1vYPBSBm/sLOS9Yz0zCplHkfL9h5Ingi/tV TyZVoQZ3cM/pZ+jdiKnDhuCxIYuBkvTdy4YuHlpN1f3zUATMdel/3OGrcsMQ10qri88f cqq8BDYhJE/vuGh3nysoGeUlJ3+Zp+ceDKH36Dfi+kjrWSGoilT0t7weocQ/VW73e8vV XJEgncLiwzkcY4IS6IdbnSWAhLcMdaljv5rOYC7WRVBgXLKduKLsWMVd55hslvdZKuUq xqyA== X-Gm-Message-State: AO0yUKX63pv78BWjITSgXMagXp9nJI4hDIAAL1luD6y7YppT9OAvFdn+ y/t6UZuY9YEiqAtLEjkfgweBEEj8Cz0= X-Google-Smtp-Source: AK7set+hEkYWDn+KojTekGnWoBUk2Po7OXFgXYtmHrHkQClwpCjfHeHQHcwXrS5VyaQ6pS4PCCWQ1yqqAE0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:6d4a:0:b0:500:16e8:a008 with SMTP id i71-20020a636d4a000000b0050016e8a008mr130045pgc.8.1676675446370; Fri, 17 Feb 2023 15:10:46 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:21 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-12-seanjc@google.com> Subject: [PATCH 11/12] KVM: nSVM: Use KVM-governed feature framework to track "vGIF enabled" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Track "virtual GIF exposed to L1" via a governed feature flag instead of using a dedicated bit/flag in vcpu_svm. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 3 ++- arch/x86/kvm/svm/svm.c | 3 ++- arch/x86/kvm/svm/svm.h | 7 +++---- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h index 93c7d840e546..b49fdabb88c4 100644 --- a/arch/x86/kvm/governed_features.h +++ b/arch/x86/kvm/governed_features.h @@ -13,6 +13,7 @@ KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) KVM_GOVERNED_X86_FEATURE(LBRV) KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) +KVM_GOVERNED_X86_FEATURE(VGIF) #undef KVM_GOVERNED_X86_FEATURE #undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index c38f17ba818e..c73c2acaf4c0 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -648,7 +648,8 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, * exit_int_info, exit_int_info_err, next_rip, insn_len, insn_bytes. */ - if (svm->vgif_enabled && (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK)) + if (guest_can_use(vcpu, X86_FEATURE_VGIF) && + (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK)) int_ctl_vmcb12_bits |= (V_GIF_MASK | V_GIF_ENABLE_MASK); else int_ctl_vmcb01_bits |= (V_GIF_MASK | V_GIF_ENABLE_MASK); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b18bd0b33942..11068e8eb969 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4163,7 +4163,8 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) if (kvm_cpu_cap_has(X86_FEATURE_PFTHRESHOLD)) kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); - svm->vgif_enabled = vgif && guest_cpuid_has(vcpu, X86_FEATURE_VGIF); + if (vgif) + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF); svm_recalc_instruction_intercepts(vcpu, svm); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index c05eea319d28..be5419975694 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -22,6 +22,7 @@ #include #include +#include "cpuid.h" #include "kvm_cache_regs.h" #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT) @@ -257,9 +258,6 @@ struct vcpu_svm { unsigned long soft_int_next_rip; bool soft_int_injected; - /* optional nested SVM features that are enabled for this guest */ - bool vgif_enabled : 1; - u32 ldr_reg; u32 dfr_reg; struct page *avic_backing_page; @@ -484,7 +482,8 @@ static inline bool svm_is_intercept(struct vcpu_svm *svm, int bit) static inline bool nested_vgif_enabled(struct vcpu_svm *svm) { - return svm->vgif_enabled && (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK); + return guest_can_use(&svm->vcpu, X86_FEATURE_VGIF) && + (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK); } static inline struct vmcb *get_vgif_vmcb(struct vcpu_svm *svm) From patchwork Fri Feb 17 23:10:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13145344 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73FC1C64EC4 for ; Fri, 17 Feb 2023 23:11:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230012AbjBQXLr (ORCPT ); Fri, 17 Feb 2023 18:11:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230006AbjBQXL1 (ORCPT ); Fri, 17 Feb 2023 18:11:27 -0500 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B69D66BDD4 for ; Fri, 17 Feb 2023 15:10:53 -0800 (PST) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-53657805673so22031037b3.0 for ; Fri, 17 Feb 2023 15:10:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=npHi3V7E0yjLP2ajthwoOQ/SU63n4hMuJXlKMFS+nHI=; b=P8vTeMvHJCNfFsDWiLgIMpvKAPjVVwfRvi5yeYuL1WdcjubdsboNwBPVGDt+BksKvF 4zW5PNtqyX0zM7Qk4N95bYPYTer1L8lrDmHW8jXVK02zLEFiKAonT7XaVBYT7J+iyvgc WoJO3O26G7CBJotWPGqB2pmQo8aJi7c25P01waomQQIjiFmsh6q54ESUDx2tqgi5JUid OiBR38TxZopIgMZAPbxaItPr7wFx5bFVZmAOUlckkeOOVFE+Ae5o/wsBMzl6KyqJel0K 6kghLY1vDdnJrl0uydKaQl0uyZWCcekXaH3WIlhWI08zsOo0eWtsQ9LIKOpF4kH771pf C2Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=npHi3V7E0yjLP2ajthwoOQ/SU63n4hMuJXlKMFS+nHI=; b=XKK+W4Ixi1KOmYhDmM/xfgHahGUPdPH3zpl936YiEn3XnCL8MTwSbrH9Hk8ZnhJsZu HgeEetWYNegA5nAJpydQ3uI4EfSJ7f75ShsFdRIls8mvqpotL9Asac8P/fu3QCgpwIAI VrA3H3ntC1m3wX/V/fy0fhxX9mxZ5WxtWlsaq+JEYDsWgxbkvT2/i8TympCgFHdqwdSA H5YFMbpkUz9GiU5Cc/ghJ/8sGmdP0N3vVPj6wMLIhLymfXm7erCuimOa1GnzKTQ+a1ou oEX4L1qpN/oYFQC+oJnT3cQxgm/xlVACR+kJKyFIvp3oQJMVh3QQiptTHKSFy2y047Op /3LA== X-Gm-Message-State: AO0yUKUdpHWy0rEUgUgkeDHiaPT92nbLpUHvBQfV/8S8uNaYLnNcdwvU 7LeTbUdrUPMrgERDlCopC+c7/AsTrbs= X-Google-Smtp-Source: AK7set8oGKAOIbnVEAcCNMAuimrYVVMgE9qYLpO7OcA6QmLVbcQ5yyl8Qjto6YSNJMSBj5gTWp6gRPcFVmQ= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:9c45:0:b0:913:5de0:5acc with SMTP id x5-20020a259c45000000b009135de05accmr1520970ybo.494.1676675448091; Fri, 17 Feb 2023 15:10:48 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 17 Feb 2023 15:10:22 -0800 In-Reply-To: <20230217231022.816138-1-seanjc@google.com> Mime-Version: 1.0 References: <20230217231022.816138-1-seanjc@google.com> X-Mailer: git-send-email 2.39.2.637.g21b0678d19-goog Message-ID: <20230217231022.816138-13-seanjc@google.com> Subject: [PATCH 12/12] KVM: x86: Disallow guest CPUID lookups when IRQs are disabled From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Now that KVM has a framework for caching guest CPUID feature flags, add a "rule" that IRQs must be enabled when doing guest CPUID lookups, and enforce the rule via a lockdep assertion. CPUID lookups are slow, and within KVM, IRQs are only ever disabled in hot paths, e.g. the core run loop, fast page fault handling, etc. I.e. querying guest CPUID with IRQs disabled, especially in the run loop, should be avoided. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3b604499c35c..0f34774129d8 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -11,6 +11,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include +#include "linux/lockdep.h" #include #include #include @@ -90,6 +91,18 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_find( struct kvm_cpuid_entry2 *e; int i; + /* + * KVM has a semi-arbitrary rule that querying the guest's CPUID model + * with IRQs disabled is disallowed. The CPUID model can legitimately + * have over one hundred entries, i.e. the lookup is slow, and IRQs are + * typically disabled in KVM only when KVM is in a performance critical + * patch, e.g. the core VM-Enter/VM-Exit run loop. Nothing will break + * if this rule is violated, this assertion is purely to flag potential + * performance issues. If this fires, consider moving the lookup out + * of the hotpath, e.g. by caching information during CPUID updates. + */ + lockdep_assert_irqs_enabled(); + for (i = 0; i < nent; i++) { e = &entries[i];