From patchwork Sun Jun 9 15:49:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691262 Received: from smtp-fw-6001.amazon.com (smtp-fw-6001.amazon.com [52.95.48.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1E28446DE; Sun, 9 Jun 2024 15:51:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.95.48.154 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948267; cv=none; b=HNXfLrAf5TUM3mCWrZPjHxI3C6x0tBMv9UBeEAQaE3tE4Orsa1s7GXTGjxU4vzn44YB4fCA2Nu2g9PgLH3ayValV4GjVtS0pWIYsLfqlMce4So1CqXpXgMSanYc5tTSNJGiW/7w+gfi/guhXT6IKNOaLYsw9Kc97I8tC67KKDqc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948267; c=relaxed/simple; bh=cF25vajOKkfbhKDftt1MB4QKPKKFtwT/VnYRGJnzbM8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Wkuk+5hX1El5j2Pf9wc9KJzwca2qNBZ+KcrOsJjkCwxDqjCdRDTqctV1gJUruUJuKsqmSbzawyqQGOdi7ZhGTphkEtW6vJozeSFYAf5KvXTAI/7TP4XxQ7s0ju/22grHlKQkbw6NaxKvqBnO9ydAwuAW4WlXnqO9G4VuhQfEYaA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=mDYNVB6G; arc=none smtp.client-ip=52.95.48.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="mDYNVB6G" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948265; x=1749484265; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=0Kf/k8Ifp+IJgoAkFqq7BEZyoJRgq+MCrSwCJITAKBQ=; b=mDYNVB6GMK51cPoj5yLTHWLuHTFBzMY+72w0sG5vpqxVVdBMoj5csnlp j1ECqcrZOX+UW81VVq5WHNKK6Do1Ut6No9h4lcNnRdmgEp92JKELW7lLr s53DlKlD9M27utDGWwuNSaiajiYyq+yBV9wIi7pYQqSvrao8j3uquWGaX g=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="402162296" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.2]) by smtp-border-fw-6001.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:51:01 +0000 Received: from EX19MTAEUC001.ant.amazon.com [10.0.17.79:12461] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.26.236:2525] with esmtp (Farcaster) id d4395843-8a2c-4c0c-857a-37daf136215b; Sun, 9 Jun 2024 15:50:59 +0000 (UTC) X-Farcaster-Flow-ID: d4395843-8a2c-4c0c-857a-37daf136215b Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:50:59 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:50:53 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 01/18] KVM: x86: hyper-v: Introduce XMM output support Date: Sun, 9 Jun 2024 15:49:29 +0000 Message-ID: <20240609154945.55332-2-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D041UWA001.ant.amazon.com (10.13.139.124) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Prepare infrastructure to be able to return data through the XMM registers when Hyper-V hypercalls are issues in fast mode. The XMM registers are exposed to user-space through KVM_EXIT_HYPERV_HCALL and restored on successful hypercall completion. Signed-off-by: Nicolas Saenz Julienne --- There was some discussion in the RFC about whether growing 'struct kvm_hyperv_exit' is ABI breakage. IMO it isn't: - There is padding in 'struct kvm_run' that ensures that a bigger 'struct kvm_hyperv_exit' doesn't alter the offsets within that struct. - Adding a new field at the bottom of the 'hcall' field within the 'struct kvm_hyperv_exit' should be fine as well, as it doesn't alter the offsets within that struct either. - Ultimately, previous updates to 'struct kvm_hyperv_exit's hint that its size isn't part of the uABI. It already grew when syndbg was introduced. Documentation/virt/kvm/api.rst | 19 ++++++++++ arch/x86/include/asm/hyperv-tlfs.h | 2 +- arch/x86/kvm/hyperv.c | 56 +++++++++++++++++++++++++++++- include/uapi/linux/kvm.h | 6 ++++ 4 files changed, 81 insertions(+), 2 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index a71d91978d9ef..17893b330b76f 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -8893,3 +8893,22 @@ Ordering of KVM_GET_*/KVM_SET_* ioctls ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TBD + +10. Hyper-V CPUIDs +================== + +This section only applies to x86. + +New Hyper-V feature support is no longer being tracked through KVM +capabilities. Userspace can check if a particular version of KVM supports a +feature using KMV_GET_SUPPORTED_HV_CPUID. This section documents how Hyper-V +CPUIDs map to KVM functionality. + +10.1 HV_X64_HYPERCALL_XMM_OUTPUT_AVAILABLE +------------------------------------------ + +:Location: CPUID.40000003H:EDX[bit 15] + +This CPUID indicates that KVM supports retuning data to the guest in response +to a hypercall using the XMM registers. It also extends ``struct +kvm_hyperv_exit`` to allow passing the XMM data from userspace. diff --git a/arch/x86/include/asm/hyperv-tlfs.h b/arch/x86/include/asm/hyperv-tlfs.h index 3787d26810c1c..6a18c9f77d5fe 100644 --- a/arch/x86/include/asm/hyperv-tlfs.h +++ b/arch/x86/include/asm/hyperv-tlfs.h @@ -49,7 +49,7 @@ /* Support for physical CPU dynamic partitioning events is available*/ #define HV_X64_CPU_DYNAMIC_PARTITIONING_AVAILABLE BIT(3) /* - * Support for passing hypercall input parameter block via XMM + * Support for passing hypercall input and output parameter block via XMM * registers is available */ #define HV_X64_HYPERCALL_XMM_INPUT_AVAILABLE BIT(4) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 8a47f8541eab7..42f44546fe79c 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -1865,6 +1865,7 @@ struct kvm_hv_hcall { u16 rep_idx; bool fast; bool rep; + bool xmm_dirty; sse128_t xmm[HV_HYPERCALL_MAX_XMM_REGISTERS]; /* @@ -2396,9 +2397,49 @@ static int kvm_hv_hypercall_complete(struct kvm_vcpu *vcpu, u64 result) return ret; } +static void kvm_hv_write_xmm(struct kvm_hyperv_xmm_reg *xmm) +{ + int reg; + + kvm_fpu_get(); + for (reg = 0; reg < HV_HYPERCALL_MAX_XMM_REGISTERS; reg++) { + const sse128_t data = sse128(xmm[reg].low, xmm[reg].high); + _kvm_write_sse_reg(reg, &data); + } + kvm_fpu_put(); +} + +static bool kvm_hv_is_xmm_output_hcall(u16 code) +{ + return false; +} + +static bool kvm_hv_xmm_output_allowed(struct kvm_vcpu *vcpu) +{ + struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu); + + return !hv_vcpu->enforce_cpuid || + hv_vcpu->cpuid_cache.features_edx & + HV_X64_HYPERCALL_XMM_OUTPUT_AVAILABLE; +} + static int kvm_hv_hypercall_complete_userspace(struct kvm_vcpu *vcpu) { - return kvm_hv_hypercall_complete(vcpu, vcpu->run->hyperv.u.hcall.result); + bool fast = !!(vcpu->run->hyperv.u.hcall.input & HV_HYPERCALL_FAST_BIT); + u16 code = vcpu->run->hyperv.u.hcall.input & 0xffff; + u64 result = vcpu->run->hyperv.u.hcall.result; + + if (hv_result_success(result) && fast && + kvm_hv_is_xmm_output_hcall(code)) { + if (unlikely(!kvm_hv_xmm_output_allowed(vcpu))) { + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; + } + + kvm_hv_write_xmm(vcpu->run->hyperv.u.hcall.xmm); + } + + return kvm_hv_hypercall_complete(vcpu, result); } static u16 kvm_hvcall_signal_event(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) @@ -2553,6 +2594,7 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) hc.rep_cnt = (hc.param >> HV_HYPERCALL_REP_COMP_OFFSET) & 0xfff; hc.rep_idx = (hc.param >> HV_HYPERCALL_REP_START_OFFSET) & 0xfff; hc.rep = !!(hc.rep_cnt || hc.rep_idx); + hc.xmm_dirty = false; trace_kvm_hv_hypercall(hc.code, hc.fast, hc.var_cnt, hc.rep_cnt, hc.rep_idx, hc.ingpa, hc.outgpa); @@ -2673,6 +2715,15 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) break; } + if (hv_result_success(ret) && hc.xmm_dirty) { + if (unlikely(!kvm_hv_xmm_output_allowed(vcpu))) { + kvm_queue_exception(vcpu, UD_VECTOR); + return 1; + } + + kvm_hv_write_xmm((struct kvm_hyperv_xmm_reg *)hc.xmm); + } + hypercall_complete: return kvm_hv_hypercall_complete(vcpu, ret); @@ -2682,6 +2733,8 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) vcpu->run->hyperv.u.hcall.input = hc.param; vcpu->run->hyperv.u.hcall.params[0] = hc.ingpa; vcpu->run->hyperv.u.hcall.params[1] = hc.outgpa; + if (hc.fast) + memcpy(vcpu->run->hyperv.u.hcall.xmm, hc.xmm, sizeof(hc.xmm)); vcpu->arch.complete_userspace_io = kvm_hv_hypercall_complete_userspace; return 0; } @@ -2830,6 +2883,7 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, ent->ebx |= HV_ENABLE_EXTENDED_HYPERCALLS; ent->edx |= HV_X64_HYPERCALL_XMM_INPUT_AVAILABLE; + ent->edx |= HV_X64_HYPERCALL_XMM_OUTPUT_AVAILABLE; ent->edx |= HV_FEATURE_FREQUENCY_MSRS_AVAILABLE; ent->edx |= HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index d03842abae578..fbdee8d754595 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -90,6 +90,11 @@ struct kvm_pit_config { #define KVM_PIT_SPEAKER_DUMMY 1 +struct kvm_hyperv_xmm_reg { + __u64 low; + __u64 high; +}; + struct kvm_hyperv_exit { #define KVM_EXIT_HYPERV_SYNIC 1 #define KVM_EXIT_HYPERV_HCALL 2 @@ -108,6 +113,7 @@ struct kvm_hyperv_exit { __u64 input; __u64 result; __u64 params[2]; + struct kvm_hyperv_xmm_reg xmm[6]; } hcall; struct { __u32 msr; From patchwork Sun Jun 9 15:49:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691271 Received: from smtp-fw-52004.amazon.com (smtp-fw-52004.amazon.com [52.119.213.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2941446DE; Sun, 9 Jun 2024 15:51:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.119.213.154 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948297; cv=none; b=tjkncIpU85Z9zBW1+4wKmIheToXfbaJi0ToCn94uCvBIX1q99OemI8THWlcsqQCOHz1F26S1aM1NCaYYSCwbpb4jSCeaTaYySTCa7kQgjfzCMPKDBXNeDOf6KnLkj3uTbxdsX5QGJ/1BxxtU/SvXIAe6TQbcIHsizWxnwMXXl1k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948297; c=relaxed/simple; bh=xoDOnoxRP1Skg8wlkw9LFdoDrWMS0M1cQHhDOmR7bEQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=J9yxxwkHIgJ/7TtmHpt8aHNM2Ml4US2VozehnW4ezwjBnW1BaCkuW6BzfH+NgqR7OuHGlHWBKgrFrOJujaRfz9Iv1YXGngLFgaw+ejpb1YzTBOO9zRxncALyqSw5xjvZEWbIomunFnoep7a1WFsrkLGZUkgqVbTtg6ryo6sdAbc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=XtmHmQgg; arc=none smtp.client-ip=52.119.213.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="XtmHmQgg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948297; x=1749484297; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=FoWiVs4WmecYZS9CVkXEhJZc5evZL+HijJCjdvnwTvc=; b=XtmHmQggovWMf6gKYrjNlYmvdLAyCd5jlQqZL3QjBgi0VYc2mh/MAbZ1 zKnsIDdl5vCszbg8TcBfdzCAXEn5J74Kn6xHT/x/3vBZUMK9BMIwAOnlp cUADGg92d6BqwYqbbWIJJfoOTo8H/lCfQwFWKo0ay+Y83wXJxAf6amhvR k=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="210677666" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.43.8.2]) by smtp-border-fw-52004.iad7.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:51:34 +0000 Received: from EX19MTAEUA001.ant.amazon.com [10.0.10.100:48096] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.43.97:2525] with esmtp (Farcaster) id d60679e4-5673-4a13-b2f5-ce65b531245e; Sun, 9 Jun 2024 15:51:32 +0000 (UTC) X-Farcaster-Flow-ID: d60679e4-5673-4a13-b2f5-ce65b531245e Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUA001.ant.amazon.com (10.252.50.50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:51:32 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:51:26 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 02/18] KVM: x86: hyper-v: Introduce helpers to check if VSM is exposed to guest Date: Sun, 9 Jun 2024 15:49:30 +0000 Message-ID: <20240609154945.55332-3-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D040UWA002.ant.amazon.com (10.13.139.113) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Introduce a helper function to check if the guest exposes the VSM CPUID bit. Signed-off-by: Nicolas Saenz Julienne --- arch/x86/kvm/hyperv.h | 10 ++++++++++ include/asm-generic/hyperv-tlfs.h | 1 + 2 files changed, 11 insertions(+) diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h index 923e64903da9a..d007d2203e0e4 100644 --- a/arch/x86/kvm/hyperv.h +++ b/arch/x86/kvm/hyperv.h @@ -265,6 +265,12 @@ static inline void kvm_hv_nested_transtion_tlb_flush(struct kvm_vcpu *vcpu, } int kvm_hv_vcpu_flush_tlb(struct kvm_vcpu *vcpu); +static inline bool kvm_hv_cpuid_vsm_enabled(struct kvm_vcpu *vcpu) +{ + struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu); + + return hv_vcpu && (hv_vcpu->cpuid_cache.features_ebx & HV_ACCESS_VSM); +} #else /* CONFIG_KVM_HYPERV */ static inline void kvm_hv_setup_tsc_page(struct kvm *kvm, struct pvclock_vcpu_time_info *hv_clock) {} @@ -322,6 +328,10 @@ static inline u32 kvm_hv_get_vpindex(struct kvm_vcpu *vcpu) return vcpu->vcpu_idx; } static inline void kvm_hv_nested_transtion_tlb_flush(struct kvm_vcpu *vcpu, bool tdp_enabled) {} +static inline bool kvm_hv_cpuid_vsm_enabled(struct kvm_vcpu *vcpu) +{ + return false; +} #endif /* CONFIG_KVM_HYPERV */ #endif /* __ARCH_X86_KVM_HYPERV_H__ */ diff --git a/include/asm-generic/hyperv-tlfs.h b/include/asm-generic/hyperv-tlfs.h index 814207e7c37fc..ffac04bbd0c19 100644 --- a/include/asm-generic/hyperv-tlfs.h +++ b/include/asm-generic/hyperv-tlfs.h @@ -89,6 +89,7 @@ #define HV_ACCESS_STATS BIT(8) #define HV_DEBUGGING BIT(11) #define HV_CPU_MANAGEMENT BIT(12) +#define HV_ACCESS_VSM BIT(16) #define HV_ENABLE_EXTENDED_HYPERCALLS BIT(20) #define HV_ISOLATION BIT(22) From patchwork Sun Jun 9 15:49:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691272 Received: from smtp-fw-6001.amazon.com (smtp-fw-6001.amazon.com [52.95.48.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 033C4A3F; Sun, 9 Jun 2024 15:52:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.95.48.154 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948333; cv=none; b=kpClNe9SZP+ipS8ADMZf4q2QE7u42tywoP9QQC9kK0br+dtsK29KeXHYuKQd/WRIKI9c3d2mC8j2y5wL4TjsRGVwYAJxOKgL6SijL2GRbxMGmtGM9ayDPPqLeMZIG4YCf8Hs71DakvkRMfiY2IwFk17OKvXTD0MNJlPE6iqFEYA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948333; c=relaxed/simple; bh=fiIqYPG8ldJzwcsfZRp24T3B9YwKV2wISc7Jz2FOA2U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HBKYX8BNqUBoyVqhhFX1mZuCZ9kjyTH5eX5gs8Vn1BIvwjMGUt+Bi6iFUtYcGJ3e/wJsvS8uym8VfBRTQUPeKkPVS+qKQOC3G4ApyIEO2BSuOk5jDrYZC0ux7ftTZl8VH8L+5u5J9A68xTfbZ3rnF4swOkBk7gsfXrwQvp6w38E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=GqV4CWRR; arc=none smtp.client-ip=52.95.48.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="GqV4CWRR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948331; x=1749484331; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HDJVYAfP5VuuNJ8sdIBv6AEo9E99xin2DvJrLfd7Gyk=; b=GqV4CWRR5ZhKbaCjmBQsXq6FSPyaE1C3rmKQujp9k8ufHRf5LNiYkxwM 8afz+QdHv1qnb+fFbjz6nhZ81ALIz+N+LI/BAgexoHqWbiubIe7bbU+tp ZQTiPwH9VelJiE27Z+IPy78qAO9DXxI4fXbzLboXzrBCbCZfexJtHMVkz w=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="402162364" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.43.8.2]) by smtp-border-fw-6001.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:52:10 +0000 Received: from EX19MTAEUA002.ant.amazon.com [10.0.43.254:17093] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.27.80:2525] with esmtp (Farcaster) id 6f63b893-adde-4c3f-b595-c77d23d59666; Sun, 9 Jun 2024 15:52:09 +0000 (UTC) X-Farcaster-Flow-ID: 6f63b893-adde-4c3f-b595-c77d23d59666 Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUA002.ant.amazon.com (10.252.50.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:52:06 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:52:00 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 03/18] hyperv-tlfs: Update struct hv_send_ipi{_ex}'s declarations Date: Sun, 9 Jun 2024 15:49:31 +0000 Message-ID: <20240609154945.55332-4-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D031UWC001.ant.amazon.com (10.13.139.241) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Both 'struct hv_send_ipi' and 'struct hv_send_ipi_ex' have an 'union hv_input_vtl' parameter which has been ignored until now. Expose it, as KVM will soon provide a way of dealing with VTL-aware IPIs. While doing Also fixup __send_ipi_mask_ex(). Signed-off-by: Nicolas Saenz Julienne --- arch/x86/hyperv/hv_apic.c | 3 +-- include/asm-generic/hyperv-tlfs.h | 6 ++++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/x86/hyperv/hv_apic.c b/arch/x86/hyperv/hv_apic.c index 0569f579338b5..97907371d51ef 100644 --- a/arch/x86/hyperv/hv_apic.c +++ b/arch/x86/hyperv/hv_apic.c @@ -121,9 +121,8 @@ static bool __send_ipi_mask_ex(const struct cpumask *mask, int vector, if (unlikely(!ipi_arg)) goto ipi_mask_ex_done; + memset(ipi_arg, 0, sizeof(*ipi_arg)); ipi_arg->vector = vector; - ipi_arg->reserved = 0; - ipi_arg->vp_set.valid_bank_mask = 0; /* * Use HV_GENERIC_SET_ALL and avoid converting cpumask to VP_SET diff --git a/include/asm-generic/hyperv-tlfs.h b/include/asm-generic/hyperv-tlfs.h index ffac04bbd0c19..28cde641b5474 100644 --- a/include/asm-generic/hyperv-tlfs.h +++ b/include/asm-generic/hyperv-tlfs.h @@ -425,14 +425,16 @@ struct hv_vpset { /* HvCallSendSyntheticClusterIpi hypercall */ struct hv_send_ipi { u32 vector; - u32 reserved; + union hv_input_vtl in_vtl; + u8 reserved[3]; u64 cpu_mask; } __packed; /* HvCallSendSyntheticClusterIpiEx hypercall */ struct hv_send_ipi_ex { u32 vector; - u32 reserved; + union hv_input_vtl in_vtl; + u8 reserved[3]; struct hv_vpset vp_set; } __packed; From patchwork Sun Jun 9 15:49:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691273 Received: from smtp-fw-52003.amazon.com (smtp-fw-52003.amazon.com [52.119.213.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66DF145BF1; Sun, 9 Jun 2024 15:52:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.119.213.152 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948366; cv=none; b=dN27R75wFSZHluGqaYuwvV1kOj7cEgDip+fSmBBiueKE9cE5pPIBvTEJ1OvU6wW4zIUzGSNtbhsNMbLZYwfEDZbe5KrMvOo4ib2JBSlHFDjLkAlZRF1qqOxzeEC7XWkrv+RxjvLpUQD0f1y0lKSHSL2kEp7VFYZuTRNRxtjsBGQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948366; c=relaxed/simple; bh=O57QZSKQXPGZrBKQ3RZKVtUEiqpL95hz4AvhMAmm7MY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IC8JWCyOjFglKBiZAvbptMwKBzbntdkg0amDv7zWvjbiPn3XWzHovC0kXDaAX2b8b20y+55mb2aLov8BTTDxRMYVzqNjayS+hm54rsYiLPui45+u7MWYTTLTstk4E5iRpNohPikF+23MSbiyJ77MakEM5JAYenWLkAn3CQY4b5I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=vDSwP40q; arc=none smtp.client-ip=52.119.213.152 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="vDSwP40q" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948365; x=1749484365; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=mVP6aPqw1csbFkoDM3jiyC1IOI7STtntA93lIEw6LCQ=; b=vDSwP40qfWKBjwjiCnyJqOo+Eq6EvP/AR6/jjra9Y/ndcceoi1BbVoUZ oBwGeZihrPF+YQdRx6OJEx2vr3o0m50jSUx3FErSl2HSp6+todFfUfBw4 v2V9ekt+hMuHBoX01kZPIfP7aSRhXpbSFmp6VkH2PwePZ/tCcRn4BAC6i E=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="3828056" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-52003.iad7.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:52:41 +0000 Received: from EX19MTAEUB001.ant.amazon.com [10.0.17.79:56310] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.10.214:2525] with esmtp (Farcaster) id 2c750468-da6e-4b39-9ee5-571566531d31; Sun, 9 Jun 2024 15:52:39 +0000 (UTC) X-Farcaster-Flow-ID: 2c750468-da6e-4b39-9ee5-571566531d31 Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUB001.ant.amazon.com (10.252.51.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:52:38 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:52:32 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 04/18] KVM: x86: hyper-v: Introduce VTL awareness to Hyper-V's PV-IPIs Date: Sun, 9 Jun 2024 15:49:32 +0000 Message-ID: <20240609154945.55332-5-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D031UWA001.ant.amazon.com (10.13.139.88) To EX19D004EUC001.ant.amazon.com (10.252.51.190) HvCallSendSyntheticClusterIpi and HvCallSendSyntheticClusterIpiEx allow sending VTL-aware IPIs. Honour the hcall by exiting to user-space upon receiving a request with a valid VTL target. This behaviour is only available if the VSM CPUID flag is available and exposed to the guest. It doesn't introduce a behaviour change otherwise. User-space is accountable for the correct processing of the PV-IPI before resuming execution. Signed-off-by: Nicolas Saenz Julienne --- arch/x86/kvm/hyperv.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 42f44546fe79c..d00baf3ffb165 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2217,16 +2217,20 @@ static void kvm_hv_send_ipi_to_many(struct kvm *kvm, u32 vector, static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) { + bool vsm_enabled = kvm_hv_cpuid_vsm_enabled(vcpu); struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu); u64 *sparse_banks = hv_vcpu->sparse_banks; struct kvm *kvm = vcpu->kvm; struct hv_send_ipi_ex send_ipi_ex; struct hv_send_ipi send_ipi; + union hv_input_vtl *in_vtl; u64 valid_bank_mask; + int rsvd_shift; u32 vector; bool all_cpus; if (hc->code == HVCALL_SEND_IPI) { + in_vtl = &send_ipi.in_vtl; if (!hc->fast) { if (unlikely(kvm_read_guest(kvm, hc->ingpa, &send_ipi, sizeof(send_ipi)))) @@ -2235,16 +2239,22 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) vector = send_ipi.vector; } else { /* 'reserved' part of hv_send_ipi should be 0 */ - if (unlikely(hc->ingpa >> 32 != 0)) + rsvd_shift = vsm_enabled ? 40 : 32; + if (unlikely(hc->ingpa >> rsvd_shift != 0)) return HV_STATUS_INVALID_HYPERCALL_INPUT; + in_vtl->as_uint8 = (u8)(hc->ingpa >> 32); sparse_banks[0] = hc->outgpa; vector = (u32)hc->ingpa; } all_cpus = false; valid_bank_mask = BIT_ULL(0); + if (in_vtl->use_target_vtl) + return -ENODEV; + trace_kvm_hv_send_ipi(vector, sparse_banks[0]); } else { + in_vtl = &send_ipi_ex.in_vtl; if (!hc->fast) { if (unlikely(kvm_read_guest(kvm, hc->ingpa, &send_ipi_ex, sizeof(send_ipi_ex)))) @@ -2253,8 +2263,12 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) send_ipi_ex.vector = (u32)hc->ingpa; send_ipi_ex.vp_set.format = hc->outgpa; send_ipi_ex.vp_set.valid_bank_mask = sse128_lo(hc->xmm[0]); + in_vtl->as_uint8 = (u8)(hc->ingpa >> 32); } + if (vsm_enabled && in_vtl->use_target_vtl) + return -ENODEV; + trace_kvm_hv_send_ipi_ex(send_ipi_ex.vector, send_ipi_ex.vp_set.format, send_ipi_ex.vp_set.valid_bank_mask); @@ -2682,6 +2696,9 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) break; } ret = kvm_hv_send_ipi(vcpu, &hc); + /* VTL-enabled ipi, let user-space handle it */ + if (ret == -ENODEV) + goto hypercall_userspace_exit; break; case HVCALL_POST_DEBUG_DATA: case HVCALL_RETRIEVE_DEBUG_DATA: From patchwork Sun Jun 9 15:49:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691274 Received: from smtp-fw-33001.amazon.com (smtp-fw-33001.amazon.com [207.171.190.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 145F7A3F; Sun, 9 Jun 2024 15:54:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=207.171.190.10 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948450; cv=none; b=sKJ7cV/8cgx3Yn93pIeQrhhY08ueDHTWirUUJK1a5dLwjzWaAGnr0Otcr/CAOkSweS6+cWYT2dKIZ5TvsA5gkT9e2Js4UiLBoX6QpNLaKBNVM9D/YWPonvhE5rz4nh3oVwfIlWCi0Hy+1mAuz0B6xVoWinqntaMr3Gs7bmeli0Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948450; c=relaxed/simple; bh=Y+IYbl254IykxdsLbiee1NygSlrvXoQ8knEQJ/Bq8wg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OcY+7AxmRmv7iPiPwuyc8PeBb4T9XadeU5aX7XhP/q/sUDWmUhNOIw+Zg5bjusWZrg7rPX1uE5RQAOdKJOJpBE4KFVObxVdxlutcOfQ6S/yi5cEwA+C+utA1kUlNdbBR7h44XXufZV0ieLMPqPI3MisyjTHlhps0HSc5x2T6We8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=T6Hp8Uwa; arc=none smtp.client-ip=207.171.190.10 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="T6Hp8Uwa" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948449; x=1749484449; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4qx3lmbPV2Q3yA7fOSLXKYqumoQ7GY/syxf0sl+1BMQ=; b=T6Hp8UwaOo5qWDEGRU20GflPcOJfpX0USF7UoY39EPOFWrEjf4rjcOJ+ ImsdafQ1IxH1q98n5BZAI5FZRsPKb76F1nHZv2NDVP0I8/wYu+GkOc0wo oh08w7ACVUasuKpGWLdeCL8qmUv20ccE/zLZ6rvIHP9/YT5wMD7yna2PS E=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="349362102" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-33001.sea14.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:54:01 +0000 Received: from EX19MTAEUB002.ant.amazon.com [10.0.17.79:41173] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.43.97:2525] with esmtp (Farcaster) id ec32957b-cdc9-475c-b740-52de9e0a303c; Sun, 9 Jun 2024 15:53:58 +0000 (UTC) X-Farcaster-Flow-ID: ec32957b-cdc9-475c-b740-52de9e0a303c Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUB002.ant.amazon.com (10.252.51.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:53:58 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:53:52 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 05/18] KVM: x86: hyper-v: Introduce MP_STATE_HV_INACTIVE_VTL Date: Sun, 9 Jun 2024 15:49:34 +0000 Message-ID: <20240609154945.55332-6-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D039UWB003.ant.amazon.com (10.13.138.93) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Model inactive VTL vCPUs' behaviour with a new MP state. Inactive VTLs are in an artificial halt state. They enter into this state in response to invoking HvCallVtlCall, HvCallVtlReturn. User-space, which is VTL aware, can processes the hypercall, and set the vCPU in MP_STATE_HV_INACTIVE_VTL. When a vCPU is run in this state it'll block until a wakeup event is received. The rules of what constitutes an event are analogous to halt's except that VTL's ignore RFLAGS.IF. When a wakeup event is registered, KVM will exit to user-space with a KVM_SYSTEM_EVENT exit, and KVM_SYSTEM_EVENT_WAKEUP event type. User-space is responsible of deciding whether the event has precedence over the active VTL and will switch the vCPU to KVM_MP_STATE_RUNNABLE before resuming execution on it. Running a KVM_MP_STATE_HV_INACTIVE_VTL vCPU with pending events will return immediately to user-space. Note that by re-using the readily available halt infrastructure in KVM_RUN, MP_STATE_HV_INACTIVE_VTL correctly handles (or disables) virtualisation features like the VMX preemption timer or APICv before blocking. Suggested-by: Maxim Levitsky Signed-off-by: Nicolas Saenz Julienne --- I do recall Sean mentioning using MP states for this might have unexpected side-effects. But it was in the context of introducing a broader `HALTED_USERSPACE` style state. I believe that by narrowing down the MP state's semantics to the specifics of inactive VTLs -- alternatively, we could change RFLAGS.IF in user-space before updating the mp state -- we cement this as a VSM-only API as well as limit the ambiguity on the guest/vCPU's state upon entering into this execution mode. Documentation/virt/kvm/api.rst | 19 +++++++++++++++++++ arch/x86/kvm/hyperv.h | 8 ++++++++ arch/x86/kvm/svm/svm.c | 7 ++++++- arch/x86/kvm/vmx/vmx.c | 7 ++++++- arch/x86/kvm/x86.c | 16 +++++++++++++++- include/uapi/linux/kvm.h | 1 + 6 files changed, 55 insertions(+), 3 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 17893b330b76f..e664c54a13b04 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -1517,6 +1517,8 @@ Possible values are: [s390] KVM_MP_STATE_SUSPENDED the vcpu is in a suspend state and is waiting for a wakeup event [arm64] + KVM_MP_STATE_HV_INACTIVE_VTL the vcpu is an inactive VTL and is waiting for + a wakeup event [x86] ========================== =============================================== On x86, this ioctl is only useful after KVM_CREATE_IRQCHIP. Without an @@ -1559,6 +1561,23 @@ KVM_MP_STATE_RUNNABLE which reflect if the vcpu is paused or not. On LoongArch, only the KVM_MP_STATE_RUNNABLE state is used to reflect whether the vcpu is runnable. +For x86: +^^^^^^^^ + +KVM_MP_STATE_HV_INACTIVE_VTL is only available to a VM if Hyper-V's +HV_ACCESS_VSM CPUID is exposed to the guest. This processor state models the +behavior of an inactive VTL and should only be used for this purpose. A +userspace process should only switch a vCPU into this MP state in response to a +HvCallVtlCall, HvCallVtlReturn. + +If a vCPU is in KVM_MP_STATE_HV_INACTIVE_VTL, KVM will emulate the +architectural execution of a HLT instruction with the caveat that RFLAGS.IF is +ignored when deciding whether to wake up (TLFS 12.12.2.1). If a wakeup is +recognized, KVM will exit to userspace with a KVM_SYSTEM_EVENT exit, where the +event type is KVM_SYSTEM_EVENT_WAKEUP. Userspace has the responsibility to +switch the vCPU back into KVM_MP_STATE_RUNNABLE state. Calling KVM_RUN on a +KVM_MP_STATE_HV_INACTIVE_VTL vCPU with pending events will exit immediately. + 4.39 KVM_SET_MP_STATE --------------------- diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h index d007d2203e0e4..d42fe3f85b002 100644 --- a/arch/x86/kvm/hyperv.h +++ b/arch/x86/kvm/hyperv.h @@ -271,6 +271,10 @@ static inline bool kvm_hv_cpuid_vsm_enabled(struct kvm_vcpu *vcpu) return hv_vcpu && (hv_vcpu->cpuid_cache.features_ebx & HV_ACCESS_VSM); } +static inline bool kvm_hv_vcpu_is_idle_vtl(struct kvm_vcpu *vcpu) +{ + return vcpu->arch.mp_state == KVM_MP_STATE_HV_INACTIVE_VTL; +} #else /* CONFIG_KVM_HYPERV */ static inline void kvm_hv_setup_tsc_page(struct kvm *kvm, struct pvclock_vcpu_time_info *hv_clock) {} @@ -332,6 +336,10 @@ static inline bool kvm_hv_cpuid_vsm_enabled(struct kvm_vcpu *vcpu) { return false; } +static inline bool kvm_hv_vcpu_is_idle_vtl(struct kvm_vcpu *vcpu) +{ + return false; +} #endif /* CONFIG_KVM_HYPERV */ #endif /* __ARCH_X86_KVM_HYPERV_H__ */ diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 296c524988f95..9671191fef4ea 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -49,6 +49,7 @@ #include "svm.h" #include "svm_ops.h" +#include "hyperv.h" #include "kvm_onhyperv.h" #include "svm_onhyperv.h" @@ -3797,6 +3798,10 @@ bool svm_interrupt_blocked(struct kvm_vcpu *vcpu) if (!gif_set(svm)) return true; + /* + * The Hyper-V TLFS states that RFLAGS.IF is ignored when deciding + * whether to block interrupts targeted at inactive VTLs. + */ if (is_guest_mode(vcpu)) { /* As long as interrupts are being delivered... */ if ((svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK) @@ -3808,7 +3813,7 @@ bool svm_interrupt_blocked(struct kvm_vcpu *vcpu) if (nested_exit_on_intr(svm)) return false; } else { - if (!svm_get_if_flag(vcpu)) + if (!svm_get_if_flag(vcpu) && !kvm_hv_vcpu_is_idle_vtl(vcpu)) return true; } diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index b3c83c06f8265..ac0682fece604 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5057,7 +5057,12 @@ bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu) if (is_guest_mode(vcpu) && nested_exit_on_intr(vcpu)) return false; - return !(vmx_get_rflags(vcpu) & X86_EFLAGS_IF) || + /* + * The Hyper-V TLFS states that RFLAGS.IF is ignored when deciding + * whether to block interrupts targeted at inactive VTLs. + */ + return (!(vmx_get_rflags(vcpu) & X86_EFLAGS_IF) && + !kvm_hv_vcpu_is_idle_vtl(vcpu)) || (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS)); } diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8c9e4281d978d..a6e2312ccb68f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -134,6 +134,7 @@ static int kvm_vcpu_do_singlestep(struct kvm_vcpu *vcpu); static int __set_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); static void __get_sregs2(struct kvm_vcpu *vcpu, struct kvm_sregs2 *sregs2); +static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu); static DEFINE_MUTEX(vendor_module_lock); struct kvm_x86_ops kvm_x86_ops __read_mostly; @@ -11176,7 +11177,8 @@ static inline int vcpu_block(struct kvm_vcpu *vcpu) kvm_lapic_switch_to_sw_timer(vcpu); kvm_vcpu_srcu_read_unlock(vcpu); - if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED) + if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED || + kvm_hv_vcpu_is_idle_vtl(vcpu)) kvm_vcpu_halt(vcpu); else kvm_vcpu_block(vcpu); @@ -11218,6 +11220,7 @@ static inline int vcpu_block(struct kvm_vcpu *vcpu) vcpu->arch.apf.halted = false; break; case KVM_MP_STATE_INIT_RECEIVED: + case KVM_MP_STATE_HV_INACTIVE_VTL: break; default: WARN_ON_ONCE(1); @@ -11264,6 +11267,13 @@ static int vcpu_run(struct kvm_vcpu *vcpu) if (kvm_cpu_has_pending_timer(vcpu)) kvm_inject_pending_timer_irqs(vcpu); + if (kvm_hv_vcpu_is_idle_vtl(vcpu) && kvm_vcpu_has_events(vcpu)) { + r = 0; + vcpu->run->exit_reason = KVM_EXIT_SYSTEM_EVENT; + vcpu->run->system_event.type = KVM_SYSTEM_EVENT_WAKEUP; + break; + } + if (dm_request_for_irq_injection(vcpu) && kvm_vcpu_ready_for_interrupt_injection(vcpu)) { r = 0; @@ -11703,6 +11713,10 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu, goto out; break; + case KVM_MP_STATE_HV_INACTIVE_VTL: + if (is_guest_mode(vcpu) || !kvm_hv_cpuid_vsm_enabled(vcpu)) + goto out; + break; case KVM_MP_STATE_RUNNABLE: break; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index fbdee8d754595..f4864e6907e0b 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -564,6 +564,7 @@ struct kvm_vapic_addr { #define KVM_MP_STATE_LOAD 8 #define KVM_MP_STATE_AP_RESET_HOLD 9 #define KVM_MP_STATE_SUSPENDED 10 +#define KVM_MP_STATE_HV_INACTIVE_VTL 11 struct kvm_mp_state { __u32 mp_state; From patchwork Sun Jun 9 15:49:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691275 Received: from smtp-fw-9105.amazon.com (smtp-fw-9105.amazon.com [207.171.188.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A2DC4436C; Sun, 9 Jun 2024 15:54:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=207.171.188.204 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948482; cv=none; b=CjFk9IQ66NvDQRFZWQZkHtBFEBtZZJ8ccoUkULKNJPBeDQEzLmpHvmAKofImUx5n7tJ/scYNcsH55LRU8nk4L12nt4zQx9PRk9lYKU/bqYOPPEPsmY4ZL5j4CK/gqbK81SF5jOuAOTeUCKFWEkOZYTWyt5IqP2fEt8i91Cgurfk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948482; c=relaxed/simple; bh=WduR8XdHm6uR2y8XSyRWO7oQaaI9sWPsC7OJmg88mL0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Q0IKfzIVQnajIlUh68ShkS1sw7n83wK/SeUG5VirhDm1ffk/Hih8y/ur7nTMQHwAUudOYI3tkZ9RDXViHSjDpwGFPSpoqs0CYggKl7Fxf5JxZZM2DTxHVQAINq3OOKAD898/IirPigVukux+jSvSyy7y2C8c8HeaUE3/4mqojT4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=vpXAO5Zj; arc=none smtp.client-ip=207.171.188.204 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="vpXAO5Zj" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948481; x=1749484481; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=0tgT6eBQG8f7l9K75AtDFTl6Imilpnn0QiUasVVMPd8=; b=vpXAO5Zjhiv9xj7jQL7Rc7yG4DwLUMPTmeBcPRR0XARgur4NT+L2uiwk hXZ+UOlOUHoQxpwNOf2HGj+FvLzklmh2/YeuPQIsWNB9jAlybBTFBFgF8 GRgD30ONMhna5rxk6VZ0/2xIXfdlfNj5yxqps+sNAD05ClV7jx+S+5sfV c=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="732303415" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-9105.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:54:33 +0000 Received: from EX19MTAEUC002.ant.amazon.com [10.0.43.254:47647] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.43.97:2525] with esmtp (Farcaster) id b43a1426-8160-44b4-8b53-44db17c590ac; Sun, 9 Jun 2024 15:54:31 +0000 (UTC) X-Farcaster-Flow-ID: b43a1426-8160-44b4-8b53-44db17c590ac Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUC002.ant.amazon.com (10.252.51.245) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:54:31 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:54:24 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 06/18] KVM: x86: hyper-v: Exit on Get/SetVpRegisters hcall Date: Sun, 9 Jun 2024 15:49:35 +0000 Message-ID: <20240609154945.55332-7-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D040UWB004.ant.amazon.com (10.13.138.91) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Let user-space handle HvGetVpRegisters and HvSetVpRegisters as they are VTL aware hypercalls used solely in the context of VSM. Additionally, expose the cpuid bit. Signed-off-by: Nicolas Saenz Julienne --- Documentation/virt/kvm/api.rst | 10 ++++++++++ arch/x86/kvm/hyperv.c | 15 +++++++++++++++ include/asm-generic/hyperv-tlfs.h | 1 + 3 files changed, 26 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index e664c54a13b04..05b01b00a395c 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -8931,3 +8931,13 @@ CPUIDs map to KVM functionality. This CPUID indicates that KVM supports retuning data to the guest in response to a hypercall using the XMM registers. It also extends ``struct kvm_hyperv_exit`` to allow passing the XMM data from userspace. + +10.2 HV_ACCESS_VP_REGISTERS +--------------------------- + +:Location: CPUID.40000003H:EBX[bit 17] + +This CPUID indicates that KVM supports HvGetVpRegisters and HvSetVpRegisters. +Currently, it is only used in conjunction with HV_ACCESS_VSM, and immediately +exits to userspace with KVM_EXIT_HYPERV_HCALL as the reason. Userspace is +expected to complete the hypercall before resuming execution. diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index d00baf3ffb165..d0edc2bec5a4f 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2425,6 +2425,11 @@ static void kvm_hv_write_xmm(struct kvm_hyperv_xmm_reg *xmm) static bool kvm_hv_is_xmm_output_hcall(u16 code) { + switch (code) { + case HVCALL_GET_VP_REGISTERS: + return true; + } + return false; } @@ -2505,6 +2510,8 @@ static bool is_xmm_fast_hypercall(struct kvm_hv_hcall *hc) case HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX: case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE_EX: case HVCALL_SEND_IPI_EX: + case HVCALL_GET_VP_REGISTERS: + case HVCALL_SET_VP_REGISTERS: return true; } @@ -2543,6 +2550,10 @@ static bool hv_check_hypercall_access(struct kvm_vcpu_hv *hv_vcpu, u16 code) */ return !kvm_hv_is_syndbg_enabled(hv_vcpu->vcpu) || hv_vcpu->cpuid_cache.features_ebx & HV_DEBUGGING; + case HVCALL_GET_VP_REGISTERS: + case HVCALL_SET_VP_REGISTERS: + return hv_vcpu->cpuid_cache.features_ebx & + HV_ACCESS_VP_REGISTERS; case HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX: case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE_EX: if (!(hv_vcpu->cpuid_cache.enlightenments_eax & @@ -2727,6 +2738,9 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) break; } goto hypercall_userspace_exit; + case HVCALL_GET_VP_REGISTERS: + case HVCALL_SET_VP_REGISTERS: + goto hypercall_userspace_exit; default: ret = HV_STATUS_INVALID_HYPERCALL_CODE; break; @@ -2898,6 +2912,7 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, ent->ebx |= HV_POST_MESSAGES; ent->ebx |= HV_SIGNAL_EVENTS; ent->ebx |= HV_ENABLE_EXTENDED_HYPERCALLS; + ent->ebx |= HV_ACCESS_VP_REGISTERS; ent->edx |= HV_X64_HYPERCALL_XMM_INPUT_AVAILABLE; ent->edx |= HV_X64_HYPERCALL_XMM_OUTPUT_AVAILABLE; diff --git a/include/asm-generic/hyperv-tlfs.h b/include/asm-generic/hyperv-tlfs.h index 28cde641b5474..9e909f0834598 100644 --- a/include/asm-generic/hyperv-tlfs.h +++ b/include/asm-generic/hyperv-tlfs.h @@ -90,6 +90,7 @@ #define HV_DEBUGGING BIT(11) #define HV_CPU_MANAGEMENT BIT(12) #define HV_ACCESS_VSM BIT(16) +#define HV_ACCESS_VP_REGISTERS BIT(17) #define HV_ENABLE_EXTENDED_HYPERCALLS BIT(20) #define HV_ISOLATION BIT(22) From patchwork Sun Jun 9 15:49:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691276 Received: from smtp-fw-80008.amazon.com (smtp-fw-80008.amazon.com [99.78.197.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 21CA7A3F; Sun, 9 Jun 2024 15:54:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=99.78.197.219 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948500; cv=none; b=bWiujfr2V3VeeFfrU1RBsFIVPzrMiu4cTfNyUXKDG5Ob/om/IZuJHb2nUqowQIY15H4z9YvazOVYsp6FUM5YZKdJIFtgDL2CDzIDtiSCi4sA/rTKmTPAV4RBjmqbPqcbUG3+67jK9kB6He764nWTj49+QPbGogT5tftdZg5QG/w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948500; c=relaxed/simple; bh=zeOHXyH1AkerZ6qtIpe8nKHYadyVlMSclUF0sVIwb3g=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TsxmJ+tyGwUJAxcSfAbNvtit0Wx8Nh5bPzf910ys+K+PMGMhx0fMbmpnlK1XTlOB1QiFf29HXe/cHuvHvSpGW423h1rOS+hkTZrdVnTyDv5WnDn5xa9d9LASDIGO9t9oNXO8SAec5BN3Y2oOM8NJPI+GHYfv/b49djbDijytaaA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=aUGeZdHJ; arc=none smtp.client-ip=99.78.197.219 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="aUGeZdHJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948499; x=1749484499; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=I/86j7aiva56pQ+cJSneB/HDhIcRakQ4RDBTmO4bL2M=; b=aUGeZdHJrXcuEuRcNj0qYPR1LOrOpm7p+86DzyrbMvwrzsksGCrea2ha E+ftxkxXEvYpzsem2MvPVBMqk4iWujFrCdTWRfSzf65bXUCAalGjBK9v4 AT9uV3WGYv//eRCAsBUSqiq/TCjt6TCcgk6IkaAx4mYgcOJShqVLSBn0e k=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="95483540" Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.25.36.214]) by smtp-border-fw-80008.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:54:57 +0000 Received: from EX19MTAEUB002.ant.amazon.com [10.0.17.79:59043] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.43.97:2525] with esmtp (Farcaster) id f5f950e2-1e34-489a-994f-b9379fca9c2d; Sun, 9 Jun 2024 15:54:56 +0000 (UTC) X-Farcaster-Flow-ID: f5f950e2-1e34-489a-994f-b9379fca9c2d Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUB002.ant.amazon.com (10.252.51.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:54:56 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:54:49 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 07/18] KVM: x86: hyper-v: Exit on TranslateVirtualAddress hcall Date: Sun, 9 Jun 2024 15:49:36 +0000 Message-ID: <20240609154945.55332-8-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D040UWB004.ant.amazon.com (10.13.138.91) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Handle HvTranslateVirtualAddress in user-space. The hypercall is VTL-aware and only used in the context of VSM. Additionally, the TLFS doesn't introduce an ad-hoc CPUID bit for it, so the hypercall availability is tracked as part of the HV_ACCESS_VSM CPUID. This will be documented with the main VSM commit. Signed-off-by: Nicolas Saenz Julienne --- arch/x86/kvm/hyperv.c | 3 +++ include/asm-generic/hyperv-tlfs.h | 1 + 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index d0edc2bec5a4f..cbe2aca52514b 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2427,6 +2427,7 @@ static bool kvm_hv_is_xmm_output_hcall(u16 code) { switch (code) { case HVCALL_GET_VP_REGISTERS: + case HVCALL_TRANSLATE_VIRTUAL_ADDRESS: return true; } @@ -2512,6 +2513,7 @@ static bool is_xmm_fast_hypercall(struct kvm_hv_hcall *hc) case HVCALL_SEND_IPI_EX: case HVCALL_GET_VP_REGISTERS: case HVCALL_SET_VP_REGISTERS: + case HVCALL_TRANSLATE_VIRTUAL_ADDRESS: return true; } @@ -2740,6 +2742,7 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) goto hypercall_userspace_exit; case HVCALL_GET_VP_REGISTERS: case HVCALL_SET_VP_REGISTERS: + case HVCALL_TRANSLATE_VIRTUAL_ADDRESS: goto hypercall_userspace_exit; default: ret = HV_STATUS_INVALID_HYPERCALL_CODE; diff --git a/include/asm-generic/hyperv-tlfs.h b/include/asm-generic/hyperv-tlfs.h index 9e909f0834598..57c791c555861 100644 --- a/include/asm-generic/hyperv-tlfs.h +++ b/include/asm-generic/hyperv-tlfs.h @@ -159,6 +159,7 @@ union hv_reference_tsc_msr { #define HVCALL_CREATE_VP 0x004e #define HVCALL_GET_VP_REGISTERS 0x0050 #define HVCALL_SET_VP_REGISTERS 0x0051 +#define HVCALL_TRANSLATE_VIRTUAL_ADDRESS 0x0052 #define HVCALL_POST_MESSAGE 0x005c #define HVCALL_SIGNAL_EVENT 0x005d #define HVCALL_POST_DEBUG_DATA 0x0069 From patchwork Sun Jun 9 15:49:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691277 Received: from smtp-fw-33001.amazon.com (smtp-fw-33001.amazon.com [207.171.190.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 58ECB4436C; Sun, 9 Jun 2024 15:55:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=207.171.190.10 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948528; cv=none; b=ci9uEsCAovYIM8SnOVLzxw68AnbqKhtn5yIt8dBSFRkIruWnf6vtztuNweDgtROz5ubyGDkvgCK0w3PVYGb4br6+VxrbpHF+lBv0jMXPhjRrYobh2Piipkn2i4Ev2RTS15oM0QOwarDy9kCEI7K6ashQQIbXEXB9nYgDl6wpz8w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948528; c=relaxed/simple; bh=DqvLUFFsM4kKgd1oMzVjqszyKJwGL5RQYsMX7F6kX0k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XMDx6vLF7AWmm9Eu+uYFxT/pfVgzjusiIcLVAuMHm8EogKw0D9Y/UE3zQxAS2MN39WGV6bNF9Bt/2zT4inUParRekdOQCTlC3vnhSG7R1P/LsaMjckXjvY6IXkdT2ro10hFHbiZojgHlc5bU/gFCtdEhjAHyT6aQT7quvlHqjSM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=ro4HUwWu; arc=none smtp.client-ip=207.171.190.10 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="ro4HUwWu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948527; x=1749484527; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nTqojU/JXT3fYm8Yq++n3olx+D224pV1FluFfxEsmp8=; b=ro4HUwWuP0OAH0Cjayg4FsiaDRws1ubvoEbn+wQzkmcmqS4ZId1dbIZd itp1tVEye5uK8jH9rVaBZ+uhTqaaLCe1hDuv/hXAl7EG2aFNkFDIExiK5 LvZKwuNoCDkKHNavKKEcWwJOUQwQMnjK6kXC5YKIDYbu6LSp5bireczXM U=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="349362166" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-33001.sea14.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:55:24 +0000 Received: from EX19MTAEUC002.ant.amazon.com [10.0.43.254:49558] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.10.214:2525] with esmtp (Farcaster) id c7591299-d521-4ea1-9828-a09e4088386b; Sun, 9 Jun 2024 15:55:21 +0000 (UTC) X-Farcaster-Flow-ID: c7591299-d521-4ea1-9828-a09e4088386b Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUC002.ant.amazon.com (10.252.51.245) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:55:21 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:55:15 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 08/18] KVM: x86: hyper-v: Exit on StartVirtualProcessor and GetVpIndexFromApicId hcalls Date: Sun, 9 Jun 2024 15:49:37 +0000 Message-ID: <20240609154945.55332-9-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D045UWA002.ant.amazon.com (10.13.139.12) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Both HvCallStartVirtualProcessor and GetVpIndexFromApicId are used as part of the Hyper-V VSM CPU bootstrap process, and requires VTL awareness, as such handle the hypercall in user-space. Also, expose the ad-hoc CPUID bit. Note that these hypercalls aren't necessary on Hyper-V guests that don't enable VSM. Signed-off-by: Nicolas Saenz Julienne --- Documentation/virt/kvm/api.rst | 11 +++++++++++ arch/x86/kvm/hyperv.c | 7 +++++++ include/asm-generic/hyperv-tlfs.h | 1 + 3 files changed, 19 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 05b01b00a395c..161a772c23c6a 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -8941,3 +8941,14 @@ This CPUID indicates that KVM supports HvGetVpRegisters and HvSetVpRegisters. Currently, it is only used in conjunction with HV_ACCESS_VSM, and immediately exits to userspace with KVM_EXIT_HYPERV_HCALL as the reason. Userspace is expected to complete the hypercall before resuming execution. + +10.3 HV_START_VIRTUAL_PROCESSOR +------------------------------- + +:Location: CPUID.40000003H:EBX[bit 21] + +This CPUID indicates that KVM supports HvCallStartVirtualProcessor and +HvCallGetVpIndexFromApicId. Currently, it is only used in conjunction with +HV_ACCESS_VSM, and immediately exits to userspace with KVM_EXIT_HYPERV_HCALL as +the reason. Userspace is expected to complete the hypercall before resuming +execution. diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index cbe2aca52514b..dd64f41dc835d 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2556,6 +2556,10 @@ static bool hv_check_hypercall_access(struct kvm_vcpu_hv *hv_vcpu, u16 code) case HVCALL_SET_VP_REGISTERS: return hv_vcpu->cpuid_cache.features_ebx & HV_ACCESS_VP_REGISTERS; + case HVCALL_START_VP: + case HVCALL_GET_VP_ID_FROM_APIC_ID: + return hv_vcpu->cpuid_cache.features_ebx & + HV_START_VIRTUAL_PROCESSOR; case HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX: case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE_EX: if (!(hv_vcpu->cpuid_cache.enlightenments_eax & @@ -2743,6 +2747,8 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) case HVCALL_GET_VP_REGISTERS: case HVCALL_SET_VP_REGISTERS: case HVCALL_TRANSLATE_VIRTUAL_ADDRESS: + case HVCALL_START_VP: + case HVCALL_GET_VP_ID_FROM_APIC_ID: goto hypercall_userspace_exit; default: ret = HV_STATUS_INVALID_HYPERCALL_CODE; @@ -2916,6 +2922,7 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, ent->ebx |= HV_SIGNAL_EVENTS; ent->ebx |= HV_ENABLE_EXTENDED_HYPERCALLS; ent->ebx |= HV_ACCESS_VP_REGISTERS; + ent->ebx |= HV_START_VIRTUAL_PROCESSOR; ent->edx |= HV_X64_HYPERCALL_XMM_INPUT_AVAILABLE; ent->edx |= HV_X64_HYPERCALL_XMM_OUTPUT_AVAILABLE; diff --git a/include/asm-generic/hyperv-tlfs.h b/include/asm-generic/hyperv-tlfs.h index 57c791c555861..e24b88ec4ec00 100644 --- a/include/asm-generic/hyperv-tlfs.h +++ b/include/asm-generic/hyperv-tlfs.h @@ -92,6 +92,7 @@ #define HV_ACCESS_VSM BIT(16) #define HV_ACCESS_VP_REGISTERS BIT(17) #define HV_ENABLE_EXTENDED_HYPERCALLS BIT(20) +#define HV_START_VIRTUAL_PROCESSOR BIT(21) #define HV_ISOLATION BIT(22) /* From patchwork Sun Jun 9 15:49:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691278 Received: from smtp-fw-9106.amazon.com (smtp-fw-9106.amazon.com [207.171.188.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 911634436C; Sun, 9 Jun 2024 15:55:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=207.171.188.206 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948555; cv=none; b=pXcgJGA/glsZP6KIxnYns33egmIIAOCyDQ3O90DX4tYUL9RN81JLTn/akFNfDBddMbNg4J1anT5rkc4YWVcbbxNrvPz4P363m/vGebxc+wDUMoUqD/dRQwuaTc2XzSu/BtUZsCyDi7pQnIjez8cRfh1Ub65zhpRAxY4kJZOMJuQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948555; c=relaxed/simple; bh=uCUtObTjiEnV3j9+EyoqPUnLoSRAi6mm5Lb+ySRZSYk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=D7cnZxF0GB8lTDfXAc9J/Pt0rcCi1qkbmjCO41i/e/3DwNDQmVW4THqFfe3D5qiOnh61AScv+60/FBNhf2zZJMcO/WAiqnfG1QpwIa2dS8EBI6hPVpHZIs4RBAtLKFRnPL4p3X0S5VOJBwGncd6J+EiT255ps8VTMkq0EKFBEYU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=JKxPNg4v; arc=none smtp.client-ip=207.171.188.206 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="JKxPNg4v" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948554; x=1749484554; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=pM/dNrIh1bZMVrAjyRovRDN62/6qtCzxnE8/uU1weJg=; b=JKxPNg4vFliU63RiCUidd0OgqZXgZ059Ih1AiIKnmFKgmrU+0hx0d1L3 rwbuMGoWUJCJAKhjx/xR2wfr6YUzDBHDbSCC857IDkxrvIyRWaXgRCJ71 GdwxRNEX2fO5XkKWwIzmsnztxiNH78nKNQmrGoVdI2/WTF1CCOJZOWfQx Y=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="731692502" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-9106.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:55:48 +0000 Received: from EX19MTAEUC001.ant.amazon.com [10.0.43.254:6729] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.34.168:2525] with esmtp (Farcaster) id 83a55886-23e8-4ce4-97de-7b5d50a5344d; Sun, 9 Jun 2024 15:55:46 +0000 (UTC) X-Farcaster-Flow-ID: 83a55886-23e8-4ce4-97de-7b5d50a5344d Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:55:46 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:55:40 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 09/18] KVM: Define and communicate KVM_EXIT_MEMORY_FAULT RWX flags to userspace Date: Sun, 9 Jun 2024 15:49:38 +0000 Message-ID: <20240609154945.55332-10-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D046UWB003.ant.amazon.com (10.13.139.174) To EX19D004EUC001.ant.amazon.com (10.252.51.190) From: Anish Moorthy kvm_prepare_memory_fault_exit() already takes parameters describing the RWX-ness of the relevant access but doesn't actually do anything with them. Define and use the flags necessary to pass this information on to userspace. Suggested-by: Sean Christopherson Signed-off-by: Anish Moorthy Signed-off-by: Nicolas Saenz Julienne --- Documentation/virt/kvm/api.rst | 5 +++++ include/linux/kvm_host.h | 9 ++++++++- include/uapi/linux/kvm.h | 3 +++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 161a772c23c6a..761b99987cf1a 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7014,6 +7014,9 @@ spec refer, https://github.com/riscv/riscv-sbi-doc. /* KVM_EXIT_MEMORY_FAULT */ struct { + #define KVM_MEMORY_EXIT_FLAG_READ (1ULL << 0) + #define KVM_MEMORY_EXIT_FLAG_WRITE (1ULL << 1) + #define KVM_MEMORY_EXIT_FLAG_EXEC (1ULL << 2) #define KVM_MEMORY_EXIT_FLAG_PRIVATE (1ULL << 3) __u64 flags; __u64 gpa; @@ -7025,6 +7028,8 @@ could not be resolved by KVM. The 'gpa' and 'size' (in bytes) describe the guest physical address range [gpa, gpa + size) of the fault. The 'flags' field describes properties of the faulting access that are likely pertinent: + - KVM_MEMORY_EXIT_FLAG_READ/WRITE/EXEC - When set, indicates that the memory + fault occurred on a read/write/exec access respectively. - KVM_MEMORY_EXIT_FLAG_PRIVATE - When set, indicates the memory fault occurred on a private memory access. When clear, indicates the fault occurred on a shared access. diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 692c01e41a18e..59f687985ba24 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2397,8 +2397,15 @@ static inline void kvm_prepare_memory_fault_exit(struct kvm_vcpu *vcpu, vcpu->run->memory_fault.gpa = gpa; vcpu->run->memory_fault.size = size; - /* RWX flags are not (yet) defined or communicated to userspace. */ vcpu->run->memory_fault.flags = 0; + + if (is_write) + vcpu->run->memory_fault.flags |= KVM_MEMORY_EXIT_FLAG_WRITE; + else if (is_exec) + vcpu->run->memory_fault.flags |= KVM_MEMORY_EXIT_FLAG_EXEC; + else + vcpu->run->memory_fault.flags |= KVM_MEMORY_EXIT_FLAG_READ; + if (is_private) vcpu->run->memory_fault.flags |= KVM_MEMORY_EXIT_FLAG_PRIVATE; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index f4864e6907e0b..d6d8b17bfa9a7 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -434,6 +434,9 @@ struct kvm_run { } notify; /* KVM_EXIT_MEMORY_FAULT */ struct { +#define KVM_MEMORY_EXIT_FLAG_READ (1ULL << 0) +#define KVM_MEMORY_EXIT_FLAG_WRITE (1ULL << 1) +#define KVM_MEMORY_EXIT_FLAG_EXEC (1ULL << 2) #define KVM_MEMORY_EXIT_FLAG_PRIVATE (1ULL << 3) __u64 flags; __u64 gpa; From patchwork Sun Jun 9 15:49:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691279 Received: from smtp-fw-52002.amazon.com (smtp-fw-52002.amazon.com [52.119.213.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A78F046525; Sun, 9 Jun 2024 15:56:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.119.213.150 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948578; cv=none; b=ruzUno8Zlwc5s35f0K++i6Mjs7g6k3B26/G+E/1xki5XCq6XWiBYYTeEwGsW+xgNMTnfec9lNFkd8mS8c1Whx3qdgyxye7nq6bY0yN+QOZbvNM2eFAC9IHArXmJNHWrEILS4sh4s+GeLAbekZjGBDxTpbtx56nuxmLr2yJgKIJw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948578; c=relaxed/simple; bh=nKicQm1fuxxmfMOtq9FjXlLMZ2bIMAyDM0roGI3NN6c=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=n0BLrxR8ZdXncF5fdMLf6m19DQipqea0bb1EdIIvoC9i/ytfhMCfcVYSSOGlv/R59dn6ENuqbQsQpcxcZkuFkC47LF2g/Wkis+8ufTg6KqnrOAA89eazntUSA82QAbTwmhc0bbOclIu8IHaLy9LgOxFD74d0Y6KliEhJjyNTn4c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=Z0N6nJAe; arc=none smtp.client-ip=52.119.213.150 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="Z0N6nJAe" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948578; x=1749484578; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=qLfuMJ5kf1Vn28FgflcJ4xBnNXHKY1gso6hmxRR5Gmo=; b=Z0N6nJAe/JkVw9pniFRvp+SCxPNLf8byOmrr0kv7tyvv8GeBH4qcSALA jpooqQ0HFDC+M7ZwJrsSvjAeSnmM5y2EJNJx/5MIb26tRjH6Ooduhoi/H aK2k591zg3PceIVvjmhCBqYNtPIhXLBxYqJr2sUd8HXOhdH34l984iWGF c=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="638289185" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-52002.iad7.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:56:14 +0000 Received: from EX19MTAEUA001.ant.amazon.com [10.0.43.254:18360] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.43.97:2525] with esmtp (Farcaster) id 0a5637ff-4a9c-4ada-8af3-798f672d6f63; Sun, 9 Jun 2024 15:56:12 +0000 (UTC) X-Farcaster-Flow-ID: 0a5637ff-4a9c-4ada-8af3-798f672d6f63 Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUA001.ant.amazon.com (10.252.50.50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:56:11 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:56:05 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 10/18] KVM: x86: Keep track of instruction length during faults Date: Sun, 9 Jun 2024 15:49:39 +0000 Message-ID: <20240609154945.55332-11-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D036UWC003.ant.amazon.com (10.13.139.214) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Both VMX and SVM provide the length of the instruction being run at the time of the page fault. Save it within 'struct kvm_page_fault', as it'll become useful in the future. Signed-off-by: Nicolas Saenz Julienne --- arch/x86/kvm/mmu/mmu.c | 11 ++++++++--- arch/x86/kvm/mmu/mmu_internal.h | 5 ++++- arch/x86/kvm/vmx/vmx.c | 16 ++++++++++++++-- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 8d74bdef68c1d..39b113afefdfc 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4271,7 +4271,8 @@ void kvm_arch_async_page_ready(struct kvm_vcpu *vcpu, struct kvm_async_pf *work) work->arch.cr3 != kvm_mmu_get_guest_pgd(vcpu, vcpu->arch.mmu)) return; - kvm_mmu_do_page_fault(vcpu, work->cr2_or_gpa, work->arch.error_code, true, NULL); + kvm_mmu_do_page_fault(vcpu, work->cr2_or_gpa, work->arch.error_code, + true, NULL, 0); } static inline u8 kvm_max_level_for_order(int order) @@ -5887,7 +5888,7 @@ int noinline kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u64 err if (r == RET_PF_INVALID) { r = kvm_mmu_do_page_fault(vcpu, cr2_or_gpa, error_code, false, - &emulation_type); + &emulation_type, insn_len); if (KVM_BUG_ON(r == RET_PF_INVALID, vcpu->kvm)) return -EIO; } @@ -5924,8 +5925,12 @@ int noinline kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u64 err if (!mmio_info_in_cache(vcpu, cr2_or_gpa, direct) && !is_guest_mode(vcpu)) emulation_type |= EMULTYPE_ALLOW_RETRY_PF; emulate: + /* + * x86_emulate_instruction() expects insn to contain data if + * insn_len > 0. + */ return x86_emulate_instruction(vcpu, cr2_or_gpa, emulation_type, insn, - insn_len); + insn ? insn_len : 0); } EXPORT_SYMBOL_GPL(kvm_mmu_page_fault); diff --git a/arch/x86/kvm/mmu/mmu_internal.h b/arch/x86/kvm/mmu/mmu_internal.h index ce2fcd19ba6be..a0cde1a0e39b0 100644 --- a/arch/x86/kvm/mmu/mmu_internal.h +++ b/arch/x86/kvm/mmu/mmu_internal.h @@ -192,6 +192,7 @@ struct kvm_page_fault { const gpa_t addr; const u64 error_code; const bool prefetch; + const u8 insn_len; /* Derived from error_code. */ const bool exec; @@ -288,11 +289,13 @@ static inline void kvm_mmu_prepare_memory_fault_exit(struct kvm_vcpu *vcpu, } static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, - u64 err, bool prefetch, int *emulation_type) + u64 err, bool prefetch, + int *emulation_type, u8 insn_len) { struct kvm_page_fault fault = { .addr = cr2_or_gpa, .error_code = err, + .insn_len = insn_len, .exec = err & PFERR_FETCH_MASK, .write = err & PFERR_WRITE_MASK, .present = err & PFERR_PRESENT_MASK, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index ac0682fece604..9ba38e0b0c7a8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5807,11 +5807,13 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu) if (unlikely(allow_smaller_maxphyaddr && !kvm_vcpu_is_legal_gpa(vcpu, gpa))) return kvm_emulate_instruction(vcpu, 0); - return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, 0); + return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, + vmcs_read32(VM_EXIT_INSTRUCTION_LEN)); } static int handle_ept_misconfig(struct kvm_vcpu *vcpu) { + u8 insn_len = 0; gpa_t gpa; if (vmx_check_emulate_instruction(vcpu, EMULTYPE_PF, NULL, 0)) @@ -5828,7 +5830,17 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu) return kvm_skip_emulated_instruction(vcpu); } - return kvm_mmu_page_fault(vcpu, gpa, PFERR_RSVD_MASK, NULL, 0); + /* + * Using VMCS.VM_EXIT_INSTRUCTION_LEN on EPT misconfig depends on + * undefined behavior: Intel's SDM doesn't mandate the VMCS field be + * set when EPT misconfig occurs. In practice, real hardware updates + * VM_EXIT_INSTRUCTION_LEN on EPT misconfig, but other hypervisors + * (namely Hyper-V) don't set it due to it being undefined behavior. + */ + if (!static_cpu_has(X86_FEATURE_HYPERVISOR)) + insn_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN); + + return kvm_mmu_page_fault(vcpu, gpa, PFERR_RSVD_MASK, NULL, insn_len); } static int handle_nmi_window(struct kvm_vcpu *vcpu) From patchwork Sun Jun 9 15:49:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691289 Received: from smtp-fw-80009.amazon.com (smtp-fw-80009.amazon.com [99.78.197.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C632146441; Sun, 9 Jun 2024 15:56:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=99.78.197.220 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948604; cv=none; b=bQv/dhz7/ahhLMYSgiw8MVX+wptPOKt2Q52v5jtUGfvXiFqAH1LvgPtAu1LW6tPjfAl30eSd6fSepVKsCbqJiNeVscDSojtcOXcrDavDcEUAlJW4G0ocKiQO+C0jsRFDhdh34cys2a079TbpsRgpBk4nV/fkfWJcqp6J3Q2AdIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948604; c=relaxed/simple; bh=9ugFkrjOKDpd/cXxvCx9aOKKDZPmDfATT6lWxIdU1fE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dnGAmo4arAnS5hecE2XPMAvjQW+mj8ftlRS7ikepbIL+EFq4bU3F9clEHo71JLHYg5zeUOdvHXskYxt0jaYF1Hgu/jKaYWS/C2frf+HyTOIE1i1nXorScGfue5EMbqXQ3OKQj7NFZop/zA0SJa7+2gRB4Vqzo4w+KYawK4oMANE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=HUP1+kcw; arc=none smtp.client-ip=99.78.197.220 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="HUP1+kcw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948602; x=1749484602; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=VWO+H62eiiATp2Ug3hC1JKOqeo3z4q/lB+9V1DAUw3Q=; b=HUP1+kcwp24CikbouSqTIvgLBnLZujGFMIctGlJlT37pU1fpyk6rwDDP Dzh7VGxfpkMB1nSr7RbZ9BHsTZSGh/V2TI7zvW59bwBmPwKm1b18euXHz VDjrYuuvpD6nxAM/AxQRwy9iGR44EWsQkBJZDG8mw4tYDZ8hfCwSmXgO+ 4=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="95498707" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-80009.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:56:38 +0000 Received: from EX19MTAEUA002.ant.amazon.com [10.0.17.79:30248] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.35.119:2525] with esmtp (Farcaster) id a21984c0-fb14-4c45-8050-a7f53294da7f; Sun, 9 Jun 2024 15:56:37 +0000 (UTC) X-Farcaster-Flow-ID: a21984c0-fb14-4c45-8050-a7f53294da7f Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUA002.ant.amazon.com (10.252.50.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:56:37 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:56:30 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 11/18] KVM: x86: Pass the instruction length on memory fault user-space exits Date: Sun, 9 Jun 2024 15:49:40 +0000 Message-ID: <20240609154945.55332-12-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D042UWB002.ant.amazon.com (10.13.139.175) To EX19D004EUC001.ant.amazon.com (10.252.51.190) In order to simplify Hyper-V VSM secure memory intercept generation in user-space (it avoids the need of implementing an x86 instruction decoder and the actual decoding). Pass the instruction length being run at the time of the guest exit as part of the memory fault exit information. The presence of this additional information is indicated by a new capability, KVM_CAP_FAULT_EXIT_INSN_LEN. Signed-off-by: Nicolas Saenz Julienne --- Documentation/virt/kvm/api.rst | 6 +++++- arch/x86/kvm/mmu/mmu_internal.h | 2 +- arch/x86/kvm/x86.c | 1 + include/linux/kvm_host.h | 3 ++- include/uapi/linux/kvm.h | 2 ++ 5 files changed, 11 insertions(+), 3 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 761b99987cf1a..18ddea9c4c58a 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7021,11 +7021,15 @@ spec refer, https://github.com/riscv/riscv-sbi-doc. __u64 flags; __u64 gpa; __u64 size; + __u8 insn_len; } memory_fault; KVM_EXIT_MEMORY_FAULT indicates the vCPU has encountered a memory fault that could not be resolved by KVM. The 'gpa' and 'size' (in bytes) describe the -guest physical address range [gpa, gpa + size) of the fault. The 'flags' field +guest physical address range [gpa, gpa + size) of the fault. The +'insn_len' field describes the size (in bytes) of the instruction +that caused the fault. It is only available if the underlying HW exposes that +information on guest exit, otherwise it's set to 0. The 'flags' field describes properties of the faulting access that are likely pertinent: - KVM_MEMORY_EXIT_FLAG_READ/WRITE/EXEC - When set, indicates that the memory diff --git a/arch/x86/kvm/mmu/mmu_internal.h b/arch/x86/kvm/mmu/mmu_internal.h index a0cde1a0e39b0..4f5c4c8af9941 100644 --- a/arch/x86/kvm/mmu/mmu_internal.h +++ b/arch/x86/kvm/mmu/mmu_internal.h @@ -285,7 +285,7 @@ static inline void kvm_mmu_prepare_memory_fault_exit(struct kvm_vcpu *vcpu, { kvm_prepare_memory_fault_exit(vcpu, fault->gfn << PAGE_SHIFT, PAGE_SIZE, fault->write, fault->exec, - fault->is_private); + fault->is_private, fault->insn_len); } static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a6e2312ccb68f..d2b8b74cb48bf 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4704,6 +4704,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) case KVM_CAP_VM_DISABLE_NX_HUGE_PAGES: case KVM_CAP_IRQFD_RESAMPLE: case KVM_CAP_MEMORY_FAULT_INFO: + case KVM_CAP_FAULT_EXIT_INSN_LEN: r = 1; break; case KVM_CAP_EXIT_HYPERCALL: diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 59f687985ba24..4fa16c4772269 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2391,11 +2391,12 @@ static inline void kvm_account_pgtable_pages(void *virt, int nr) static inline void kvm_prepare_memory_fault_exit(struct kvm_vcpu *vcpu, gpa_t gpa, gpa_t size, bool is_write, bool is_exec, - bool is_private) + bool is_private, u8 insn_len) { vcpu->run->exit_reason = KVM_EXIT_MEMORY_FAULT; vcpu->run->memory_fault.gpa = gpa; vcpu->run->memory_fault.size = size; + vcpu->run->memory_fault.insn_len = insn_len; vcpu->run->memory_fault.flags = 0; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index d6d8b17bfa9a7..516d39910f9ab 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -441,6 +441,7 @@ struct kvm_run { __u64 flags; __u64 gpa; __u64 size; + __u8 insn_len; } memory_fault; /* Fix the size of the union. */ char padding[256]; @@ -927,6 +928,7 @@ struct kvm_enable_cap { #define KVM_CAP_MEMORY_ATTRIBUTES 233 #define KVM_CAP_GUEST_MEMFD 234 #define KVM_CAP_VM_TYPES 235 +#define KVM_CAP_FAULT_EXIT_INSN_LEN 236 struct kvm_irq_routing_irqchip { __u32 irqchip; From patchwork Sun Jun 9 15:49:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691290 Received: from smtp-fw-52004.amazon.com (smtp-fw-52004.amazon.com [52.119.213.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F1F446522; Sun, 9 Jun 2024 15:57:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.119.213.154 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948626; cv=none; b=nZ4Ytuylu36DXu5zO9Mt1W5ygDqcLfJ+YC5CtlpPKzFn3UW0xLNG4k1yX9l8P+9Mlu0ugK6uPzm0jKJ7ipGMFa8nnkPJkDAPtNi35xDPO/1LcwgTv7DfDZ1EOTx6GHXBm/4HVwWhM9w1W+RhVCAPUZID3S2WBTxla88tHKqameI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948626; c=relaxed/simple; bh=vepqPlzQj204UkjPtHtl8uZ7TaVJFhx2ifbXgltVjjs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Lej2X/2BRphypIs0jRwW/CF31DWip9SXV7/GG6mNkqlxkUpdY4HzRs55S2Tuo6N1/jpkdhwsNZbc0qUwK9xTdqcKcHveFpFo+mQPnMer5BrHxW1du8d+rvb8RnOxQGWJrDDpDsjqX5r2l9ESfJnNtdY4IDn6Lih0gNbKcT9psnc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=PjaEdDgN; arc=none smtp.client-ip=52.119.213.154 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="PjaEdDgN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948624; x=1749484624; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=svtivqIKM5jIa+6jjwD2ez7xIbQu16Sv0pYWZNeRRHo=; b=PjaEdDgNKuqf5rNQMeyLRI7Afb9Gf0lzKIz90wexHKjU/e6ygJ5ckoG4 4YHj6HKnCoovT9DXHMp0+z6+Q/QAvlt7j55sVO+h+d7jd1ZEHFzbAuWXi buDDPp4s7CsZMemTImKLEeLuiPNT8J+Y/ZC/1bydizgYhWphBpVoGM0qh k=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="210678007" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.43.8.2]) by smtp-border-fw-52004.iad7.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:57:03 +0000 Received: from EX19MTAEUB001.ant.amazon.com [10.0.17.79:62225] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.14.23:2525] with esmtp (Farcaster) id dfe34c22-171a-4682-9b85-d6989c6f0cab; Sun, 9 Jun 2024 15:57:02 +0000 (UTC) X-Farcaster-Flow-ID: dfe34c22-171a-4682-9b85-d6989c6f0cab Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUB001.ant.amazon.com (10.252.51.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:57:02 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:56:55 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 12/18] KVM: x86/mmu: Introduce infrastructure to handle non-executable mappings Date: Sun, 9 Jun 2024 15:49:41 +0000 Message-ID: <20240609154945.55332-13-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D035UWA004.ant.amazon.com (10.13.139.109) To EX19D004EUC001.ant.amazon.com (10.252.51.190) The upcoming access restriction KVM memory attributes open the door to installing non-executable mappings. Introduce a new attribute in struct kvm_page_fault, map_executable, to control whether the gfn range should be mapped as executable and make sure it's taken into account when generating new sptes. No functional change intended. Signed-off-by: Nicolas Saenz Julienne --- arch/x86/kvm/mmu/mmu.c | 6 +++++- arch/x86/kvm/mmu/mmu_internal.h | 2 ++ arch/x86/kvm/mmu/tdp_mmu.c | 8 ++++++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 39b113afefdfc..b0c210b96419f 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3197,6 +3197,7 @@ void disallowed_hugepage_adjust(struct kvm_page_fault *fault, u64 spte, int cur_ static int direct_map(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) { struct kvm_shadow_walk_iterator it; + unsigned int access = ACC_ALL; struct kvm_mmu_page *sp; int ret; gfn_t base_gfn = fault->gfn; @@ -3229,7 +3230,10 @@ static int direct_map(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) if (WARN_ON_ONCE(it.level != fault->goal_level)) return -EFAULT; - ret = mmu_set_spte(vcpu, fault->slot, it.sptep, ACC_ALL, + if (!fault->map_executable) + access &= ~ACC_EXEC_MASK; + + ret = mmu_set_spte(vcpu, fault->slot, it.sptep, access, base_gfn, fault->pfn, fault); if (ret == RET_PF_SPURIOUS) return ret; diff --git a/arch/x86/kvm/mmu/mmu_internal.h b/arch/x86/kvm/mmu/mmu_internal.h index 4f5c4c8af9941..af0c3a154ed89 100644 --- a/arch/x86/kvm/mmu/mmu_internal.h +++ b/arch/x86/kvm/mmu/mmu_internal.h @@ -241,6 +241,7 @@ struct kvm_page_fault { kvm_pfn_t pfn; hva_t hva; bool map_writable; + bool map_executable; /* * Indicates the guest is trying to write a gfn that contains one or @@ -313,6 +314,7 @@ static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, .pfn = KVM_PFN_ERR_FAULT, .hva = KVM_HVA_ERR_BAD, + .map_executable = true, }; int r; diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 36539c1b36cd6..344781981999a 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1018,6 +1018,7 @@ static int tdp_mmu_map_handle_target_level(struct kvm_vcpu *vcpu, struct tdp_iter *iter) { struct kvm_mmu_page *sp = sptep_to_sp(rcu_dereference(iter->sptep)); + unsigned int access = ACC_ALL; u64 new_spte; int ret = RET_PF_FIXED; bool wrprot = false; @@ -1025,10 +1026,13 @@ static int tdp_mmu_map_handle_target_level(struct kvm_vcpu *vcpu, if (WARN_ON_ONCE(sp->role.level != fault->goal_level)) return RET_PF_RETRY; + if (!fault->map_executable) + access &= ~ACC_EXEC_MASK; + if (unlikely(!fault->slot)) - new_spte = make_mmio_spte(vcpu, iter->gfn, ACC_ALL); + new_spte = make_mmio_spte(vcpu, iter->gfn, access); else - wrprot = make_spte(vcpu, sp, fault->slot, ACC_ALL, iter->gfn, + wrprot = make_spte(vcpu, sp, fault->slot, access, iter->gfn, fault->pfn, iter->old_spte, fault->prefetch, true, fault->map_writable, &new_spte); From patchwork Sun Jun 9 15:49:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691291 Received: from smtp-fw-80007.amazon.com (smtp-fw-80007.amazon.com [99.78.197.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D4FC46441; Sun, 9 Jun 2024 15:57:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=99.78.197.218 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948651; cv=none; b=NBs2D2hNs6ppF17y4WzwTtIZ6Gr5DHGJlilK6Gcx/n4FQ4BChacN0rvxZEXG07P9HlZ0ma+s7HsoSrGxyq3H5MXysjKn421NPgp1z69MXLeELLryhxRF8KJ2EfwvF/4AwNHNOPLKxieGs8MoOmO4QRxUhl7KmIT5pLBchXqTX+k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948651; c=relaxed/simple; bh=+Tv5yHEFjqh1Rpgd3wuBbZaDYV3FvrXaVRj6ufcU9Qk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AU60hHQWwN56PeTovA3IWZZLrcSNT+BLYm6JCAGKtLPXJex1ZUUmI79h1T2VEoDECSnEe71PIbtpJCxxoHY/Y16kSWSHl9uDdFEp+Uv8O37zNICJHELHe3KqjLx5HhFkfz0UlT+8zCzHB/3gewoXLkq0e+oRX+UFQJzGBdWejCA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=LpPRGVnQ; arc=none smtp.client-ip=99.78.197.218 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="LpPRGVnQ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948650; x=1749484650; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=KQwnm28YLoi/23yqXhNNFcKbD35vEjDl1rOMbl5bsvk=; b=LpPRGVnQf5PyIoUwweMi1F3GKECPH3BVKc/ouZsCNg5Rdv+PcSa4ZBbR kCvzxCTf2HvVSImJjGS2hjCeXfmlubzE6ILQkV8QpurnvF1uO7/jdjnFa UmkM0OkK4LpDWrJWiomo6H++0JtWr4NW9lKiyNsLXxd9WS9hwE1pZ0Qkp g=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="302170451" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-80007.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:57:28 +0000 Received: from EX19MTAEUB002.ant.amazon.com [10.0.17.79:16374] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.31.105:2525] with esmtp (Farcaster) id aaf56908-2e02-4c60-8d3f-48c034269da9; Sun, 9 Jun 2024 15:57:27 +0000 (UTC) X-Farcaster-Flow-ID: aaf56908-2e02-4c60-8d3f-48c034269da9 Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUB002.ant.amazon.com (10.252.51.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:57:27 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:57:21 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 13/18] KVM: x86/mmu: Avoid warning when installing non-private memory attributes Date: Sun, 9 Jun 2024 15:49:42 +0000 Message-ID: <20240609154945.55332-14-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D041UWB001.ant.amazon.com (10.13.139.132) To EX19D004EUC001.ant.amazon.com (10.252.51.190) In preparation to introducing RWX memory attributes, make sure user-space is attempting to install a memory attribute with KVM_MEMORY_ATTRIBUTE_PRIVATE before throwing a warning on systems with no private memory support. Signed-off-by: Nicolas Saenz Julienne --- arch/x86/kvm/mmu/mmu.c | 8 ++++++-- virt/kvm/kvm_main.c | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index b0c210b96419f..d56c04fbdc66b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -7359,6 +7359,9 @@ void kvm_mmu_pre_destroy_vm(struct kvm *kvm) bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, struct kvm_gfn_range *range) { + unsigned long attrs = range->arg.attributes; + bool priv_attr = attrs & KVM_MEMORY_ATTRIBUTE_PRIVATE; + /* * Zap SPTEs even if the slot can't be mapped PRIVATE. KVM x86 only * supports KVM_MEMORY_ATTRIBUTE_PRIVATE, and so it *seems* like KVM @@ -7370,7 +7373,7 @@ bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, * Zapping SPTEs in this case ensures KVM will reassess whether or not * a hugepage can be used for affected ranges. */ - if (WARN_ON_ONCE(!kvm_arch_has_private_mem(kvm))) + if (WARN_ON_ONCE(priv_attr && !kvm_arch_has_private_mem(kvm))) return false; return kvm_unmap_gfn_range(kvm, range); @@ -7415,6 +7418,7 @@ bool kvm_arch_post_set_memory_attributes(struct kvm *kvm, struct kvm_gfn_range *range) { unsigned long attrs = range->arg.attributes; + bool priv_attr = attrs & KVM_MEMORY_ATTRIBUTE_PRIVATE; struct kvm_memory_slot *slot = range->slot; int level; @@ -7427,7 +7431,7 @@ bool kvm_arch_post_set_memory_attributes(struct kvm *kvm, * a range that has PRIVATE GFNs, and conversely converting a range to * SHARED may now allow hugepages. */ - if (WARN_ON_ONCE(!kvm_arch_has_private_mem(kvm))) + if (WARN_ON_ONCE(priv_attr && !kvm_arch_has_private_mem(kvm))) return false; /* diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 14841acb8b959..63c4b6739edee 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2506,6 +2506,7 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end, struct kvm_mmu_notifier_range pre_set_range = { .start = start, .end = end, + .arg.attributes = attributes, .handler = kvm_pre_set_memory_attributes, .on_lock = kvm_mmu_invalidate_begin, .flush_on_ret = true, From patchwork Sun Jun 9 15:49:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691292 Received: from smtp-fw-9106.amazon.com (smtp-fw-9106.amazon.com [207.171.188.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6041146441; Sun, 9 Jun 2024 15:57:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=207.171.188.206 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948675; cv=none; b=cmFIj93LbslBgSx14jZAhqNZBv+cg2tM/g01zCcvoH3P9cqa5RFppPAPmRJe/areIrZv/9+4fyT4SUIpVJFTef8gOaCMI0PJpbtsgPYIjvpJXWBZS+sWjn1ZEdliAOqTprlGAgAWdaZFfWBkFZYdkvaFCoeQybNhxBr2uz8FUS4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948675; c=relaxed/simple; bh=2ka8MvuD84iyFrsjou2EVsTvKhmpRdlc0YE7y7R91Ik=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=N3rhEKfA2d2YdqD6had42/3G0f0I3kYRSVkjZv/LiqDv4cYiuI6u93jZwD6KOG5I8o+0Ws+EHJR/r56l+XLNk+v75qaQ3htsFXUuaPbhXG3R4fNOEF9crnvuoDO28ajZF8n9V8bjAcbN/wOSOVZpT7zNUKv49TuULTK+MIf1L18= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=K91LMLvD; arc=none smtp.client-ip=207.171.188.206 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="K91LMLvD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948674; x=1749484674; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yt+3Dcy20QMTHGnCk6/y0RPLFoY3XYTwlSVc1Aecjnc=; b=K91LMLvD9fdwoe1RpwtS7sFV8FxNIR8XfetmhKmdwwRqWCJk+nK8uI17 ezJtUC/+Edba+7dk1WqKwv63f9r/CBt4rPVtEdEiaD9d5n6be9XLSSWN1 tNc9nqWe95HGUBJH+K93jWx+9qyAmsLzyp4wUvOBSMKf4Z/5912vDHLRf c=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="731692654" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-9106.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:57:54 +0000 Received: from EX19MTAEUC002.ant.amazon.com [10.0.10.100:32201] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.27.80:2525] with esmtp (Farcaster) id f4d45b61-398d-4935-98f2-085165cb7ee5; Sun, 9 Jun 2024 15:57:52 +0000 (UTC) X-Farcaster-Flow-ID: f4d45b61-398d-4935-98f2-085165cb7ee5 Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUC002.ant.amazon.com (10.252.51.245) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:57:52 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:57:46 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 14/18] KVM: x86/mmu: Init memslot if memory attributes available Date: Sun, 9 Jun 2024 15:49:43 +0000 Message-ID: <20240609154945.55332-15-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D042UWB003.ant.amazon.com (10.13.139.135) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Systems that lack private memory support are about to start using memory attributes. So query if the memory attributes xarray is empty in order to decide whether it's necessary to init the hugepage information when installing a new memslot. Signed-off-by: Nicolas Saenz Julienne --- arch/x86/kvm/mmu/mmu.c | 2 +- include/linux/kvm_host.h | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index d56c04fbdc66b..91edd873dcdbc 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -7487,7 +7487,7 @@ void kvm_mmu_init_memslot_memory_attributes(struct kvm *kvm, { int level; - if (!kvm_arch_has_private_mem(kvm)) + if (!kvm_memory_attributes_in_use(kvm)) return; for (level = PG_LEVEL_2M; level <= KVM_MAX_HUGEPAGE_LEVEL; level++) { diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 4fa16c4772269..9250bf1c4db15 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2424,12 +2424,21 @@ bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, bool kvm_arch_post_set_memory_attributes(struct kvm *kvm, struct kvm_gfn_range *range); +static inline bool kvm_memory_attributes_in_use(struct kvm *kvm) +{ + return !xa_empty(&kvm->mem_attr_array); +} + static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn) { return IS_ENABLED(CONFIG_KVM_PRIVATE_MEM) && kvm_get_memory_attributes(kvm, gfn) & KVM_MEMORY_ATTRIBUTE_PRIVATE; } #else +static inline bool kvm_memory_attributes_in_use(struct kvm *kvm) +{ + return false; +} static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn) { return false; From patchwork Sun Jun 9 15:49:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691293 Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4533346556; Sun, 9 Jun 2024 15:58:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.95.49.90 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948705; cv=none; b=VVtpRjCylr40mp3/uHrJY7inp27Fk8aC1S4dlBRxSF8gMFfXPnA2U1+zh6B521QCc3xmO+ULtXlVuIcNmXciA/rg03LvTtNhseLy6I5wSwlPHfJqixsJqgrq1rA9ZndHCKfgbUmibGe0J2xfCqAZJq2PYD3vTkl8nwO5/2Ng/Fg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948705; c=relaxed/simple; bh=qVgfWGR0+Ng2AEJqXpjr86a2GUm5d3YWtMQGcfiAaQo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rdxvLDrzhQDLehc3M+s8Ndn1XtRVQ9aaa5EIA9ng4ta2GUEDqQrPzjoBcnUuM0NVKRHakPZ4AQ8xDKL2pzDFUVMbZX7HNUVyKC28KyN5mKMRdKQ+pO00Umstpxmcm7Rzt8QCaZIWVmPoNgye+j000j7REiMcQ9JRT8IJEmDNNIk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=ko0KIgPg; arc=none smtp.client-ip=52.95.49.90 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="ko0KIgPg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948704; x=1749484704; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=xDjK0O0oeCWydOTmjmrWgRDxqczH4M2zJ1FRXg/k93o=; b=ko0KIgPgvl/Me3//j1gkohZtJ/OdSoeu0FfjuMWEI4Bw/B+M2hI2XqbZ 2wcxWU/bQAXY7f36kkyUh4XY41XrC82f7i4foJxAq+vDRdm6GHCKYpBFJ a9W0rDN+pPQkZdsIYLPtiAfenzxmsv3IBYI8ts2UCRBukeOQfM0gTonTo Y=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="412307001" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:58:20 +0000 Received: from EX19MTAEUC001.ant.amazon.com [10.0.43.254:16891] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.31.105:2525] with esmtp (Farcaster) id 802edc05-6356-4740-9bda-fb23ca1c6163; Sun, 9 Jun 2024 15:58:17 +0000 (UTC) X-Farcaster-Flow-ID: 802edc05-6356-4740-9bda-fb23ca1c6163 Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:58:17 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:58:11 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 15/18] KVM: Introduce RWX memory attributes Date: Sun, 9 Jun 2024 15:49:44 +0000 Message-ID: <20240609154945.55332-16-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D039UWB001.ant.amazon.com (10.13.138.119) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Declare memory attributes to map memory regions as non-readable, non-writable, and/or non-executable. The attributes are negated for the following reasons: - Setting a 0 memory attribute (attr->attributes == 0) shouldn't introduce any access restrictions. For example, when moving from private to shared mappings in context of confidential computing. - In practice, with negated attributes, a non-private RWX memory attribute is analogous to a delete operation. It's a nice outcome, as it forces remapping the region with huge-pages, doing the right thing for use-cases that have short-lived access restricted regions like Hyper-V's VSM. - A non-negated version of the flags has no way of expressing non-access mapping (NR/NW/NX) without having to introduce an extra flag (since 0 isn't available). Signed-off-by: Nicolas Saenz Julienne --- Documentation/virt/kvm/api.rst | 14 +++++++++++--- include/linux/kvm_host.h | 22 +++++++++++++++++++++- include/uapi/linux/kvm.h | 3 +++ virt/kvm/kvm_main.c | 32 +++++++++++++++++++++++++++++--- 4 files changed, 64 insertions(+), 7 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 18ddea9c4c58a..6d3bc5092ea63 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -6313,15 +6313,23 @@ of guest physical memory. __u64 flags; }; + #define KVM_MEMORY_ATTRIBUTE_NR (1ULL << 0) + #define KVM_MEMORY_ATTRIBUTE_NW (1ULL << 1) + #define KVM_MEMORY_ATTRIBUTE_NX (1ULL << 2) #define KVM_MEMORY_ATTRIBUTE_PRIVATE (1ULL << 3) The address and size must be page aligned. The supported attributes can be retrieved via ioctl(KVM_CHECK_EXTENSION) on KVM_CAP_MEMORY_ATTRIBUTES. If executed on a VM, KVM_CAP_MEMORY_ATTRIBUTES precisely returns the attributes supported by that VM. If executed at system scope, KVM_CAP_MEMORY_ATTRIBUTES -returns all attributes supported by KVM. The only attribute defined at this -time is KVM_MEMORY_ATTRIBUTE_PRIVATE, which marks the associated gfn as being -guest private memory. +returns all attributes supported by KVM. The attribute defined at this +time are: + + - KVM_MEMORY_ATTRIBUTE_NR/NW/NX - Respectively marks the memory region as + non-read, non-write and/or non-exec. Note that write-only, exec-only and + write-exec mappings are not supported. + - KVM_MEMORY_ATTRIBUTE_PRIVATE - Which marks the associated gfn as being guest + private memory. Note, there is no "get" API. Userspace is responsible for explicitly tracking the state of a gfn/page as needed. diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 9250bf1c4db15..85378345e8e77 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2411,6 +2411,21 @@ static inline void kvm_prepare_memory_fault_exit(struct kvm_vcpu *vcpu, vcpu->run->memory_fault.flags |= KVM_MEMORY_EXIT_FLAG_PRIVATE; } +static inline bool kvm_mem_attributes_may_read(u64 attrs) +{ + return !(attrs & KVM_MEMORY_ATTRIBUTE_NR); +} + +static inline bool kvm_mem_attributes_may_write(u64 attrs) +{ + return !(attrs & KVM_MEMORY_ATTRIBUTE_NW); +} + +static inline bool kvm_mem_attributes_may_exec(u64 attrs) +{ + return !(attrs & KVM_MEMORY_ATTRIBUTE_NX); +} + #ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES static inline unsigned long kvm_get_memory_attributes(struct kvm *kvm, gfn_t gfn) { @@ -2423,7 +2438,7 @@ bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, struct kvm_gfn_range *range); bool kvm_arch_post_set_memory_attributes(struct kvm *kvm, struct kvm_gfn_range *range); - +bool kvm_mem_attributes_valid(struct kvm *kvm, unsigned long attrs); static inline bool kvm_memory_attributes_in_use(struct kvm *kvm) { return !xa_empty(&kvm->mem_attr_array); @@ -2435,6 +2450,11 @@ static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn) kvm_get_memory_attributes(kvm, gfn) & KVM_MEMORY_ATTRIBUTE_PRIVATE; } #else +static inline bool kvm_mem_attributes_valid(struct kvm *kvm, + unsigned long attrs) +{ + return false; +} static inline bool kvm_memory_attributes_in_use(struct kvm *kvm) { return false; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 516d39910f9ab..26d4477dae8c6 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1550,6 +1550,9 @@ struct kvm_memory_attributes { __u64 flags; }; +#define KVM_MEMORY_ATTRIBUTE_NR (1ULL << 0) +#define KVM_MEMORY_ATTRIBUTE_NW (1ULL << 1) +#define KVM_MEMORY_ATTRIBUTE_NX (1ULL << 2) #define KVM_MEMORY_ATTRIBUTE_PRIVATE (1ULL << 3) #define KVM_CREATE_GUEST_MEMFD _IOWR(KVMIO, 0xd4, struct kvm_create_guest_memfd) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 63c4b6739edee..bd27fc01e9715 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2430,10 +2430,14 @@ bool kvm_range_has_memory_attributes(struct kvm *kvm, gfn_t start, gfn_t end, static u64 kvm_supported_mem_attributes(struct kvm *kvm) { + u64 supported_attrs = KVM_MEMORY_ATTRIBUTE_NR | + KVM_MEMORY_ATTRIBUTE_NW | + KVM_MEMORY_ATTRIBUTE_NX; + if (!kvm || kvm_arch_has_private_mem(kvm)) - return KVM_MEMORY_ATTRIBUTE_PRIVATE; + supported_attrs |= KVM_MEMORY_ATTRIBUTE_PRIVATE; - return 0; + return supported_attrs; } static __always_inline void kvm_handle_gfn_range(struct kvm *kvm, @@ -2557,6 +2561,28 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end, return r; } + +bool kvm_mem_attributes_valid(struct kvm *kvm, unsigned long attrs) +{ + bool may_read = kvm_mem_attributes_may_read(attrs); + bool may_write = kvm_mem_attributes_may_write(attrs); + bool may_exec = kvm_mem_attributes_may_exec(attrs); + bool priv = attrs & KVM_MEMORY_ATTRIBUTE_PRIVATE; + + if (attrs & ~kvm_supported_mem_attributes(kvm)) + return false; + + /* Private memory and access permissions are incompatible */ + if (priv && (!may_read || !may_write || !may_exec)) + return false; + + /* Write and exec mappings require read access */ + if ((may_write || may_exec) && !may_read) + return false; + + return true; +} + static int kvm_vm_ioctl_set_mem_attributes(struct kvm *kvm, struct kvm_memory_attributes *attrs) { @@ -2565,7 +2591,7 @@ static int kvm_vm_ioctl_set_mem_attributes(struct kvm *kvm, /* flags is currently not used. */ if (attrs->flags) return -EINVAL; - if (attrs->attributes & ~kvm_supported_mem_attributes(kvm)) + if (!kvm_mem_attributes_valid(kvm, attrs->attributes)) return -EINVAL; if (attrs->size == 0 || attrs->address + attrs->size < attrs->address) return -EINVAL; From patchwork Sun Jun 9 15:49:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691294 Received: from smtp-fw-52002.amazon.com (smtp-fw-52002.amazon.com [52.119.213.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 52F3D46557; Sun, 9 Jun 2024 15:58:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.119.213.150 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948747; cv=none; b=ntk+dMz42+GkcPEX2JxEljKfv94j/fD8TI9Qt2+hCh8u0bjTLVnWAA93jpjgTM50tdpspvfs73pUkUJhjLES5f88uzPKsmdVsUbWdXe8iJOlRW89c2eCfWbzdht+HY69UyTWIyiy0HJKyaVy+PMm3RgcVxjMFQvH+y2DvFEbcEY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948747; c=relaxed/simple; bh=PRJrKhkvJDOLYcJ7SIYsi0T/NexcKWckwbmRKbCxesM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=a67HSLVcnKjoHSVfZOlKYbtfoXHJNi5LALvnOYRvd8EMv8V24SAucdduLvzsYDl2dj7ou3zLYZ3v09IcvjqHNldIL/WsWbSct4DfdR/RrmoHojnMn+edph/eJsSzxAINhZNDC84rIbiEOP01SxR8ByVavzw84ZRQbaqaBeHbAbo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=rUs3BmRd; arc=none smtp.client-ip=52.119.213.150 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="rUs3BmRd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948746; x=1749484746; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=sR7xZHT3V8+jXkTU2bSicpBsqXv2xchKR7pQb26nxwM=; b=rUs3BmRduiP4bzYo3ldeRYgMkLe4cDxoRwUDkq7JmSbHlEG6SEiKOZX9 HOZ++wmNEN7DISLr8cwtzqyh3C9bJTRz+t/q9KDbgZS9PqBazJvqn6nfG NQ/RcNVr4bSltIOzQ9RnzCDrKqFo316sX1rWEIx+EPIkyMVoOJNiG2VRw M=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="638289400" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-52002.iad7.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:58:48 +0000 Received: from EX19MTAEUA001.ant.amazon.com [10.0.10.100:13872] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.34.168:2525] with esmtp (Farcaster) id 4fae357d-b286-44dc-8b59-813505dfb82d; Sun, 9 Jun 2024 15:58:45 +0000 (UTC) X-Farcaster-Flow-ID: 4fae357d-b286-44dc-8b59-813505dfb82d Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUA001.ant.amazon.com (10.252.50.50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:58:42 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:58:36 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 16/18] KVM: x86: Take mem attributes into account when faulting memory Date: Sun, 9 Jun 2024 15:49:45 +0000 Message-ID: <20240609154945.55332-17-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D038UWC002.ant.amazon.com (10.13.139.238) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Take into account access restrictions memory attributes when faulting guest memory. Prohibited memory accesses will cause an user-space fault exit. Additionally, bypass a warning in the !tdp case. Access restrictions in guest page tables might not necessarily match the host pte's when memory attributes are in use. Signed-off-by: Nicolas Saenz Julienne --- arch/x86/kvm/mmu/mmu.c | 64 ++++++++++++++++++++++++++++------ arch/x86/kvm/mmu/mmutrace.h | 29 +++++++++++++++ arch/x86/kvm/mmu/paging_tmpl.h | 2 +- include/linux/kvm_host.h | 4 +++ 4 files changed, 87 insertions(+), 12 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 91edd873dcdbc..dfe50c9c31f7b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -754,7 +754,8 @@ static u32 kvm_mmu_page_get_access(struct kvm_mmu_page *sp, int index) return sp->role.access; } -static void kvm_mmu_page_set_translation(struct kvm_mmu_page *sp, int index, +static void kvm_mmu_page_set_translation(struct kvm *kvm, + struct kvm_mmu_page *sp, int index, gfn_t gfn, unsigned int access) { if (sp_has_gptes(sp)) { @@ -762,10 +763,17 @@ static void kvm_mmu_page_set_translation(struct kvm_mmu_page *sp, int index, return; } - WARN_ONCE(access != kvm_mmu_page_get_access(sp, index), - "access mismatch under %s page %llx (expected %u, got %u)\n", - sp->role.passthrough ? "passthrough" : "direct", - sp->gfn, kvm_mmu_page_get_access(sp, index), access); + /* + * Userspace might have introduced memory attributes for this gfn, + * breaking the assumption that the spte's access restrictions match + * the guest's. Userspace is also responsible from taking care of + * faults caused by these 'artificial' access restrictions. + */ + WARN_ONCE(access != kvm_mmu_page_get_access(sp, index) && + !kvm_get_memory_attributes(kvm, gfn), + "access mismatch under %s page %llx (expected %u, got %u)\n", + sp->role.passthrough ? "passthrough" : "direct", sp->gfn, + kvm_mmu_page_get_access(sp, index), access); WARN_ONCE(gfn != kvm_mmu_page_get_gfn(sp, index), "gfn mismatch under %s page %llx (expected %llx, got %llx)\n", @@ -773,12 +781,12 @@ static void kvm_mmu_page_set_translation(struct kvm_mmu_page *sp, int index, sp->gfn, kvm_mmu_page_get_gfn(sp, index), gfn); } -static void kvm_mmu_page_set_access(struct kvm_mmu_page *sp, int index, - unsigned int access) +static void kvm_mmu_page_set_access(struct kvm *kvm, struct kvm_mmu_page *sp, + int index, unsigned int access) { gfn_t gfn = kvm_mmu_page_get_gfn(sp, index); - kvm_mmu_page_set_translation(sp, index, gfn, access); + kvm_mmu_page_set_translation(kvm, sp, index, gfn, access); } /* @@ -1607,7 +1615,7 @@ static void __rmap_add(struct kvm *kvm, int rmap_count; sp = sptep_to_sp(spte); - kvm_mmu_page_set_translation(sp, spte_index(spte), gfn, access); + kvm_mmu_page_set_translation(kvm, sp, spte_index(spte), gfn, access); kvm_update_page_stats(kvm, sp->role.level, 1); rmap_head = gfn_to_rmap(gfn, sp->role.level, slot); @@ -2928,7 +2936,8 @@ static int mmu_set_spte(struct kvm_vcpu *vcpu, struct kvm_memory_slot *slot, rmap_add(vcpu, slot, sptep, gfn, pte_access); } else { /* Already rmapped but the pte_access bits may have changed. */ - kvm_mmu_page_set_access(sp, spte_index(sptep), pte_access); + kvm_mmu_page_set_access(vcpu->kvm, sp, spte_index(sptep), + pte_access); } return ret; @@ -4320,6 +4329,38 @@ static int kvm_faultin_pfn_private(struct kvm_vcpu *vcpu, return RET_PF_CONTINUE; } +static int kvm_mem_attributes_faultin_access_prots(struct kvm_vcpu *vcpu, + struct kvm_page_fault *fault) +{ + bool may_read, may_write, may_exec; + unsigned long attrs; + + attrs = kvm_get_memory_attributes(vcpu->kvm, fault->gfn); + if (!attrs) + return RET_PF_CONTINUE; + + if (!kvm_mem_attributes_valid(vcpu->kvm, attrs)) { + kvm_err("Invalid mem attributes 0x%lx found for address 0x%016llx\n", + attrs, fault->addr); + return -EFAULT; + } + + trace_kvm_mem_attributes_faultin_access_prots(vcpu, fault, attrs); + + may_read = kvm_mem_attributes_may_read(attrs); + may_write = kvm_mem_attributes_may_write(attrs); + may_exec = kvm_mem_attributes_may_exec(attrs); + + if ((fault->user && !may_read) || (fault->write && !may_write) || + (fault->exec && !may_exec)) + return -EFAULT; + + fault->map_writable = may_write; + fault->map_executable = may_exec; + + return RET_PF_CONTINUE; +} + static int __kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) { bool async; @@ -4375,7 +4416,8 @@ static int kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault, * Now that we have a snapshot of mmu_invalidate_seq we can check for a * private vs. shared mismatch. */ - if (fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn)) { + if (fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn) || + kvm_mem_attributes_faultin_access_prots(vcpu, fault)) { kvm_mmu_prepare_memory_fault_exit(vcpu, fault); return -EFAULT; } diff --git a/arch/x86/kvm/mmu/mmutrace.h b/arch/x86/kvm/mmu/mmutrace.h index 195d98bc8de85..ddbdd7396e9fa 100644 --- a/arch/x86/kvm/mmu/mmutrace.h +++ b/arch/x86/kvm/mmu/mmutrace.h @@ -440,6 +440,35 @@ TRACE_EVENT( __entry->gfn, __entry->spte, __entry->level, __entry->errno) ); +TRACE_EVENT(kvm_mem_attributes_faultin_access_prots, + TP_PROTO(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault, + u64 mem_attrs), + TP_ARGS(vcpu, fault, mem_attrs), + + TP_STRUCT__entry( + __field(unsigned int, vcpu_id) + __field(unsigned long, guest_rip) + __field(u64, fault_address) + __field(bool, write) + __field(bool, exec) + __field(u64, mem_attrs) + ), + + TP_fast_assign( + __entry->vcpu_id = vcpu->vcpu_id; + __entry->guest_rip = kvm_rip_read(vcpu); + __entry->fault_address = fault->addr; + __entry->write = fault->write; + __entry->exec = fault->exec; + __entry->mem_attrs = mem_attrs; + ), + + TP_printk("vcpu %d rip 0x%lx gfn 0x%016llx access %s mem_attrs 0x%llx", + __entry->vcpu_id, __entry->guest_rip, __entry->fault_address, + __entry->exec ? "X" : (__entry->write ? "W" : "R"), + __entry->mem_attrs) +); + #endif /* _TRACE_KVMMMU_H */ #undef TRACE_INCLUDE_PATH diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index d3dbcf382ed2d..166f5f0e885e0 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -954,7 +954,7 @@ static int FNAME(sync_spte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp, int return 0; /* Update the shadowed access bits in case they changed. */ - kvm_mmu_page_set_access(sp, i, pte_access); + kvm_mmu_page_set_access(vcpu->kvm, sp, i, pte_access); sptep = &sp->spt[i]; spte = *sptep; diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 85378345e8e77..9c26161d13dea 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2463,6 +2463,10 @@ static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn) { return false; } +static inline unsigned long kvm_get_memory_attributes(struct kvm *kvm, gfn_t gfn) +{ + return 0; +} #endif /* CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES */ #ifdef CONFIG_KVM_PRIVATE_MEM From patchwork Sun Jun 9 15:49:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691295 Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3A6B481DA; Sun, 9 Jun 2024 15:59:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.95.49.90 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948751; cv=none; b=CkmxbgI8+42EEN3ZONQdqBdwT/iXwZtJ8EgzwEZ5RL7Kymam9s7OFYe3zsP9ttgFYSNJriKYipKEfmZ5u+E1txKfr//D2/Vr5OMemlA1aJJuxq6FSleCqlYQNJsFMABfJ7EbgCCVgCDmK2GlTqS3kuFT+aWZ/2oJVnhFY/8h3UM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948751; c=relaxed/simple; bh=4qqNteFovRvgrdnNLVbXKhbzhO0um01VZnTrVRwWtc0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AWmiDUqPVGXfCLARp/5vCgr6FfxaohC5BH1agTXyIDgGu1vZBNmQm4niRhmTAb3sW2ICwIL7TvhU509ZcA89bsUP/R1OW6ZJmTxxvK88FHNakIjEl1kLyPUJmwWx7pssUUI/6Xvikbyfoy5ldAcpLdjjyNQnC1ZGLH1Bt/Rk+qI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=opNAvep7; arc=none smtp.client-ip=52.95.49.90 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="opNAvep7" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948750; x=1749484750; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=FIRfnv2djVA+xk4ZO/I3aViZ1lXTyDCx5f6sDl9wnrk=; b=opNAvep743w6mDmVkai8g0ORNB6+LHzvEv8yYs2N1QP/yZHAwmwV/R/y JFdxIy642rBQVDlZisb57wig4d0/XhroxqtYbsl03IXXUpsqRqJ++ychD AR1zhBZ7TCHrYWHLtNkT8rcr8f+aqRJbRcoQQ/TN3LobiUiUAF5cVFboJ w=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="412307054" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:59:09 +0000 Received: from EX19MTAEUA002.ant.amazon.com [10.0.43.254:54959] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.31.105:2525] with esmtp (Farcaster) id 8bb8ad60-10df-4243-8ba3-f92239dae527; Sun, 9 Jun 2024 15:59:08 +0000 (UTC) X-Farcaster-Flow-ID: 8bb8ad60-10df-4243-8ba3-f92239dae527 Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUA002.ant.amazon.com (10.252.50.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:59:07 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:59:01 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 17/18] KVM: Introduce traces to track memory attributes modification. Date: Sun, 9 Jun 2024 15:49:46 +0000 Message-ID: <20240609154945.55332-18-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D045UWC002.ant.amazon.com (10.13.139.230) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Introduce traces that track memory attributes modification. Signed-off-by: Nicolas Saenz Julienne --- include/trace/events/kvm.h | 20 ++++++++++++++++++++ virt/kvm/kvm_main.c | 2 ++ 2 files changed, 22 insertions(+) diff --git a/include/trace/events/kvm.h b/include/trace/events/kvm.h index 74e40d5d4af42..aa6caeb16f12a 100644 --- a/include/trace/events/kvm.h +++ b/include/trace/events/kvm.h @@ -489,6 +489,26 @@ TRACE_EVENT(kvm_test_age_hva, TP_printk("mmu notifier test age hva: %#016lx", __entry->hva) ); +TRACE_EVENT(kvm_vm_set_mem_attributes, + TP_PROTO(u64 start, u64 cnt, u64 attributes), + TP_ARGS(start, cnt, attributes), + + TP_STRUCT__entry( + __field( u64, start ) + __field( u64, cnt ) + __field( u64, attributes ) + ), + + TP_fast_assign( + __entry->start = start; + __entry->cnt = cnt; + __entry->attributes = attributes; + ), + + TP_printk("gfn 0x%llx, cnt 0x%llx, attributes 0x%llx", + __entry->start, __entry->cnt, __entry->attributes) +); + #endif /* _TRACE_KVM_MAIN_H */ /* This part must be outside protection */ diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index bd27fc01e9715..1c493ece3deb1 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2556,6 +2556,8 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end, kvm_handle_gfn_range(kvm, &post_set_range); + trace_kvm_vm_set_mem_attributes(start, end - start, attributes); + out_unlock: mutex_unlock(&kvm->slots_lock); From patchwork Sun Jun 9 15:49:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 13691296 Received: from smtp-fw-80009.amazon.com (smtp-fw-80009.amazon.com [99.78.197.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CF6547773; Sun, 9 Jun 2024 15:59:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=99.78.197.220 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948778; cv=none; b=atkusyu5NpocCa3iKj1XziDW8kGMPkjP5kw3kqYR9tiU9dqSLOeiqSvxXRqfv+EMHUsqABGctDo4ragGZHFmne2qpgZlG1R7vXLZnYygvXhVn6cKEKTce5mC3VwddvG3/5JB3pHSfEdjKivLJtkSp6h7CuSixgGVuqH2fdjoC6w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717948778; c=relaxed/simple; bh=CCy4O8Rajex09opnQ3cvR+y3w5z+7/dgktja4ZDmCrI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cr1TsqD2ux+PAAcBWpPBEaFYY2JxiBDLenNRntzBn2Jqnk02RRQMEO/KMq097JmoESuQdmlQRGk2Upk+G1IVQhpHia0aEcZyMzrteKCTqFPvhWFcgUt9bzdemQqDy/IbqjxwQ/z6Q/crU9SowODLTFPgJdmHviF0kiLDDrtl7ss= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.es; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=ifS5c22+; arc=none smtp.client-ip=99.78.197.220 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.es Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="ifS5c22+" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1717948776; x=1749484776; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=2xpbGXjdiYfY57DmPTq+vnmg1VxAdFdiWMT93+NIDeg=; b=ifS5c22+s/cWFkPc1/QzMoMblBlavMUAK6bTzAa752YhXWJ6J2QCy7cl GUcNZh0svaPDpNRjTVgktgNvATAZPCY8x/wzQ5+HcgciLQqBy8GkR8wve wP+etzD/8j8IKnb9qCIpX9I5Qeoo1Om91FyFVFly40wUQ6u1e8Hy2mcsi Q=; X-IronPort-AV: E=Sophos;i="6.08,225,1712620800"; d="scan'208";a="95498928" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-80009.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2024 15:59:34 +0000 Received: from EX19MTAEUB001.ant.amazon.com [10.0.17.79:35948] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.26.236:2525] with esmtp (Farcaster) id b1c7cef1-ac9e-43a8-b2c2-8d9cfffadc0c; Sun, 9 Jun 2024 15:59:33 +0000 (UTC) X-Farcaster-Flow-ID: b1c7cef1-ac9e-43a8-b2c2-8d9cfffadc0c Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUB001.ant.amazon.com (10.252.51.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:59:33 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Sun, 9 Jun 2024 15:59:26 +0000 From: Nicolas Saenz Julienne To: , CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH 18/18] KVM: x86: hyper-v: Handle VSM hcalls in user-space Date: Sun, 9 Jun 2024 15:49:47 +0000 Message-ID: <20240609154945.55332-19-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240609154945.55332-1-nsaenz@amazon.com> References: <20240609154945.55332-1-nsaenz@amazon.com> Precedence: bulk X-Mailing-List: linux-trace-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D045UWA003.ant.amazon.com (10.13.139.46) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Let user-space handle all hypercalls that fall under the AccessVsm partition privilege flag. That is: - HvCallModifyVtlProtectionMask - HvCallEnablePartitionVtl - HvCallEnableVpVtl - HvCallVtlCall - HvCallVtlReturn All these are VTL aware and as such need to be handled in user-space. Additionally, select KVM_GENERIC_MEMORY_ATTRIBUTES when CONFIG_KVM_HYPERV is enabled, as it's necessary in order to implement VTL memory protections. Signed-off-by: Nicolas Saenz Julienne --- Documentation/virt/kvm/api.rst | 23 +++++++++++++++++++++++ arch/x86/kvm/Kconfig | 1 + arch/x86/kvm/hyperv.c | 29 +++++++++++++++++++++++++---- include/asm-generic/hyperv-tlfs.h | 6 +++++- 4 files changed, 54 insertions(+), 5 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 6d3bc5092ea63..77af2ccf49a30 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -8969,3 +8969,26 @@ HvCallGetVpIndexFromApicId. Currently, it is only used in conjunction with HV_ACCESS_VSM, and immediately exits to userspace with KVM_EXIT_HYPERV_HCALL as the reason. Userspace is expected to complete the hypercall before resuming execution. + +10.4 HV_ACCESS_VSM +------------------ + +:Location: CPUID.40000003H:EBX[bit 16] + +This CPUID indicates that KVM supports HvCallModifyVtlProtectionMask, +HvCallEnablePartitionVtl, HvCallEnableVpVtl, HvCallVtlCall, and +HvCallVtlReturn. Additionally, as a prerequirsite to being able to implement +Hyper-V VSM, it also identifies the availability of HvTranslateVirtualAddress, +as well as the VTL-aware aspects of HvCallSendSyntheticClusterIpi and +HvCallSendSyntheticClusterIpiEx. + +All these hypercalls immediately exit with KVM_EXIT_HYPERV_HCALL as the reason. +Userspace is expected to complete the hypercall before resuming execution. +Note that both IPI hypercalls will only exit to userspace if the request is +VTL-aware, which will only happen if HV_ACCESS_VSM is exposed to the guest. + +Access restriction memory attributes (4.141) are available to simplify +HvCallModifyVtlProtectionMask's implementation. + +Ultimately this CPUID also indicates that KVM_MP_STATE_HV_INACTIVE_VTL is +available. diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index fec95a7702703..8d851fe3b8c25 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -157,6 +157,7 @@ config KVM_SMM config KVM_HYPERV bool "Support for Microsoft Hyper-V emulation" depends on KVM + select KVM_GENERIC_MEMORY_ATTRIBUTES default y help Provides KVM support for emulating Microsoft Hyper-V. This allows KVM diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index dd64f41dc835d..1158c59a92790 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2388,7 +2388,12 @@ static void kvm_hv_hypercall_set_result(struct kvm_vcpu *vcpu, u64 result) } } -static int kvm_hv_hypercall_complete(struct kvm_vcpu *vcpu, u64 result) +static inline bool kvm_hv_is_vtl_call_return(u16 code) +{ + return code == HVCALL_VTL_CALL || code == HVCALL_VTL_RETURN; +} + +static int kvm_hv_hypercall_complete(struct kvm_vcpu *vcpu, u16 code, u64 result) { u32 tlb_lock_count = 0; int ret; @@ -2400,9 +2405,12 @@ static int kvm_hv_hypercall_complete(struct kvm_vcpu *vcpu, u64 result) result = HV_STATUS_INVALID_HYPERCALL_INPUT; trace_kvm_hv_hypercall_done(result); - kvm_hv_hypercall_set_result(vcpu, result); ++vcpu->stat.hypercalls; + /* VTL call and return don't set a hcall result */ + if (!kvm_hv_is_vtl_call_return(code)) + kvm_hv_hypercall_set_result(vcpu, result); + ret = kvm_skip_emulated_instruction(vcpu); if (tlb_lock_count) @@ -2459,7 +2467,7 @@ static int kvm_hv_hypercall_complete_userspace(struct kvm_vcpu *vcpu) kvm_hv_write_xmm(vcpu->run->hyperv.u.hcall.xmm); } - return kvm_hv_hypercall_complete(vcpu, result); + return kvm_hv_hypercall_complete(vcpu, code, result); } static u16 kvm_hvcall_signal_event(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) @@ -2513,6 +2521,7 @@ static bool is_xmm_fast_hypercall(struct kvm_hv_hcall *hc) case HVCALL_SEND_IPI_EX: case HVCALL_GET_VP_REGISTERS: case HVCALL_SET_VP_REGISTERS: + case HVCALL_MODIFY_VTL_PROTECTION_MASK: case HVCALL_TRANSLATE_VIRTUAL_ADDRESS: return true; } @@ -2552,6 +2561,12 @@ static bool hv_check_hypercall_access(struct kvm_vcpu_hv *hv_vcpu, u16 code) */ return !kvm_hv_is_syndbg_enabled(hv_vcpu->vcpu) || hv_vcpu->cpuid_cache.features_ebx & HV_DEBUGGING; + case HVCALL_MODIFY_VTL_PROTECTION_MASK: + case HVCALL_ENABLE_PARTITION_VTL: + case HVCALL_ENABLE_VP_VTL: + case HVCALL_VTL_CALL: + case HVCALL_VTL_RETURN: + return hv_vcpu->cpuid_cache.features_ebx & HV_ACCESS_VSM; case HVCALL_GET_VP_REGISTERS: case HVCALL_SET_VP_REGISTERS: return hv_vcpu->cpuid_cache.features_ebx & @@ -2744,6 +2759,11 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) break; } goto hypercall_userspace_exit; + case HVCALL_MODIFY_VTL_PROTECTION_MASK: + case HVCALL_ENABLE_PARTITION_VTL: + case HVCALL_ENABLE_VP_VTL: + case HVCALL_VTL_CALL: + case HVCALL_VTL_RETURN: case HVCALL_GET_VP_REGISTERS: case HVCALL_SET_VP_REGISTERS: case HVCALL_TRANSLATE_VIRTUAL_ADDRESS: @@ -2765,7 +2785,7 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) } hypercall_complete: - return kvm_hv_hypercall_complete(vcpu, ret); + return kvm_hv_hypercall_complete(vcpu, hc.code, ret); hypercall_userspace_exit: vcpu->run->exit_reason = KVM_EXIT_HYPERV; @@ -2921,6 +2941,7 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, ent->ebx |= HV_POST_MESSAGES; ent->ebx |= HV_SIGNAL_EVENTS; ent->ebx |= HV_ENABLE_EXTENDED_HYPERCALLS; + ent->ebx |= HV_ACCESS_VSM; ent->ebx |= HV_ACCESS_VP_REGISTERS; ent->ebx |= HV_START_VIRTUAL_PROCESSOR; diff --git a/include/asm-generic/hyperv-tlfs.h b/include/asm-generic/hyperv-tlfs.h index e24b88ec4ec00..6b12e5818292c 100644 --- a/include/asm-generic/hyperv-tlfs.h +++ b/include/asm-generic/hyperv-tlfs.h @@ -149,9 +149,13 @@ union hv_reference_tsc_msr { /* Declare the various hypercall operations. */ #define HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE 0x0002 #define HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST 0x0003 -#define HVCALL_ENABLE_VP_VTL 0x000f #define HVCALL_NOTIFY_LONG_SPIN_WAIT 0x0008 #define HVCALL_SEND_IPI 0x000b +#define HVCALL_MODIFY_VTL_PROTECTION_MASK 0x000c +#define HVCALL_ENABLE_PARTITION_VTL 0x000d +#define HVCALL_ENABLE_VP_VTL 0x000f +#define HVCALL_VTL_CALL 0x0011 +#define HVCALL_VTL_RETURN 0x0012 #define HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE_EX 0x0013 #define HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX 0x0014 #define HVCALL_SEND_IPI_EX 0x0015