LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list
@ 2021-03-03  6:04 Yang Weijiang
  2021-03-03  6:04 ` [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2 Yang Weijiang
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Yang Weijiang @ 2021-03-03  6:04 UTC (permalink / raw)
  To: pbonzini, seanjc, vkuznets, kvm, linux-kernel; +Cc: Yang Weijiang

CET in nested guest over Hyper-V is not supported for now. Relevant
enabling patches will be posted as a separate patch series.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
 arch/x86/kvm/vmx/evmcs.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h
index bd41d9462355..25588694eb04 100644
--- a/arch/x86/kvm/vmx/evmcs.h
+++ b/arch/x86/kvm/vmx/evmcs.h
@@ -59,8 +59,10 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs);
 	 SECONDARY_EXEC_SHADOW_VMCS |					\
 	 SECONDARY_EXEC_TSC_SCALING |					\
 	 SECONDARY_EXEC_PAUSE_LOOP_EXITING)
-#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL)
-#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL)
+#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \
+					VM_EXIT_LOAD_CET_STATE)
+#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \
+					 VM_ENTRY_LOAD_CET_STATE)
 #define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING)
 
 #if IS_ENABLED(CONFIG_HYPERV)
-- 
2.26.2


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2
  2021-03-03  6:04 [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list Yang Weijiang
@ 2021-03-03  6:04 ` Yang Weijiang
  2021-03-03 12:24   ` Paolo Bonzini
  2021-03-03  9:36 ` [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list Vitaly Kuznetsov
  2021-09-29 21:35 ` kernel test robot
  2 siblings, 1 reply; 7+ messages in thread
From: Yang Weijiang @ 2021-03-03  6:04 UTC (permalink / raw)
  To: pbonzini, seanjc, vkuznets, kvm, linux-kernel; +Cc: Yang Weijiang

These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to
read/write them and after they're changed. If CET guest entry-load bit is not
set by L1 guest, migrate them to L2 manaully.

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
---
 arch/x86/kvm/cpuid.c      |  1 -
 arch/x86/kvm/vmx/nested.c | 30 ++++++++++++++++++++++++++++++
 arch/x86/kvm/vmx/vmx.h    |  3 +++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index d191de769093..8692f53b8cd0 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -143,7 +143,6 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu)
 		}
 		vcpu->arch.guest_supported_xss =
 			(((u64)best->edx << 32) | best->ecx) & supported_xss;
-
 	} else {
 		vcpu->arch.guest_supported_xss = 0;
 	}
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 9728efd529a1..24cace55e1f9 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2516,6 +2516,13 @@ static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
 	vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr);
 
 	set_cr4_guest_host_mask(vmx);
+
+	if (kvm_cet_supported() && vmx->nested.nested_run_pending &&
+	    (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE)) {
+		vmcs_writel(GUEST_SSP, vmcs12->guest_ssp);
+		vmcs_writel(GUEST_S_CET, vmcs12->guest_s_cet);
+		vmcs_writel(GUEST_INTR_SSP_TABLE, vmcs12->guest_ssp_tbl);
+	}
 }
 
 /*
@@ -2556,6 +2563,15 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
 	if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending ||
 	    !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)))
 		vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs);
+
+	if (kvm_cet_supported() && (!vmx->nested.nested_run_pending ||
+	    !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE))) {
+		vmcs_writel(GUEST_SSP, vmx->nested.vmcs01_guest_ssp);
+		vmcs_writel(GUEST_S_CET, vmx->nested.vmcs01_guest_s_cet);
+		vmcs_writel(GUEST_INTR_SSP_TABLE,
+			    vmx->nested.vmcs01_guest_ssp_tbl);
+	}
+
 	vmx_set_rflags(vcpu, vmcs12->guest_rflags);
 
 	/* EXCEPTION_BITMAP and CR0_GUEST_HOST_MASK should basically be the
@@ -3375,6 +3391,12 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
 	if (kvm_mpx_supported() &&
 		!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
 		vmx->nested.vmcs01_guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
+	if (kvm_cet_supported() &&
+		!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE)) {
+		vmx->nested.vmcs01_guest_ssp = vmcs_readl(GUEST_SSP);
+		vmx->nested.vmcs01_guest_s_cet = vmcs_readl(GUEST_S_CET);
+		vmx->nested.vmcs01_guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE);
+	}
 
 	/*
 	 * Overwrite vmcs01.GUEST_CR3 with L1's CR3 if EPT is disabled *and*
@@ -4001,6 +4023,9 @@ static bool is_vmcs12_ext_field(unsigned long field)
 	case GUEST_IDTR_BASE:
 	case GUEST_PENDING_DBG_EXCEPTIONS:
 	case GUEST_BNDCFGS:
+	case GUEST_SSP:
+	case GUEST_INTR_SSP_TABLE:
+	case GUEST_S_CET:
 		return true;
 	default:
 		break;
@@ -4052,6 +4077,11 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu,
 		vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
 	if (kvm_mpx_supported())
 		vmcs12->guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
+	if (kvm_cet_supported()) {
+		vmcs12->guest_ssp = vmcs_readl(GUEST_SSP);
+		vmcs12->guest_s_cet = vmcs_readl(GUEST_S_CET);
+		vmcs12->guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE);
+	}
 
 	vmx->nested.need_sync_vmcs02_to_vmcs12_rare = false;
 }
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 9d3a557949ac..36dc4fdb0909 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -155,6 +155,9 @@ struct nested_vmx {
 	/* to migrate it to L2 if VM_ENTRY_LOAD_DEBUG_CONTROLS is off */
 	u64 vmcs01_debugctl;
 	u64 vmcs01_guest_bndcfgs;
+	u64 vmcs01_guest_ssp;
+	u64 vmcs01_guest_s_cet;
+	u64 vmcs01_guest_ssp_tbl;
 
 	/* to migrate it to L1 if L2 writes to L1's CR8 directly */
 	int l1_tpr_threshold;
-- 
2.26.2


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list
  2021-03-03  6:04 [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list Yang Weijiang
  2021-03-03  6:04 ` [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2 Yang Weijiang
@ 2021-03-03  9:36 ` Vitaly Kuznetsov
  2021-03-04  6:10   ` Yang Weijiang
  2021-09-29 21:35 ` kernel test robot
  2 siblings, 1 reply; 7+ messages in thread
From: Vitaly Kuznetsov @ 2021-03-03  9:36 UTC (permalink / raw)
  To: Yang Weijiang; +Cc: pbonzini, seanjc, kvm, linux-kernel

Yang Weijiang <weijiang.yang@intel.com> writes:

> CET in nested guest over Hyper-V is not supported for now. Relevant
> enabling patches will be posted as a separate patch series.
>
> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
> ---
>  arch/x86/kvm/vmx/evmcs.h | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h
> index bd41d9462355..25588694eb04 100644
> --- a/arch/x86/kvm/vmx/evmcs.h
> +++ b/arch/x86/kvm/vmx/evmcs.h
> @@ -59,8 +59,10 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs);
>  	 SECONDARY_EXEC_SHADOW_VMCS |					\
>  	 SECONDARY_EXEC_TSC_SCALING |					\
>  	 SECONDARY_EXEC_PAUSE_LOOP_EXITING)
> -#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL)
> -#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL)
> +#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \
> +					VM_EXIT_LOAD_CET_STATE)
> +#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \
> +					 VM_ENTRY_LOAD_CET_STATE)
>  #define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING)
>  
>  #if IS_ENABLED(CONFIG_HYPERV)

This should be enough when we run KVM on Hyper-V using eVMCS, however,
it may not suffice when we run Hyper-V on KVM using eVMCS: there's still
no corresponding eVMCS fields so CET can't be used. In case Hyper-V is
smart enough it won't use the feature, however, it was proven to be 'not
very smart' in the past, see nested_evmcs_filter_control_msr(). I'm
wondering if we should also do

diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
index 41f24661af04..9f81db51fd8b 100644
--- a/arch/x86/kvm/vmx/evmcs.c
+++ b/arch/x86/kvm/vmx/evmcs.c
@@ -351,11 +351,11 @@ void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata)
        switch (msr_index) {
        case MSR_IA32_VMX_EXIT_CTLS:
        case MSR_IA32_VMX_TRUE_EXIT_CTLS:
-               ctl_high &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL;
+               ctl_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
                break;
        case MSR_IA32_VMX_ENTRY_CTLS:
        case MSR_IA32_VMX_TRUE_ENTRY_CTLS:
-               ctl_high &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL;
+               ctl_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
                break;
        case MSR_IA32_VMX_PROCBASED_CTLS2:
                ctl_high &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;

to be on the safe side.

-- 
Vitaly


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2
  2021-03-03  6:04 ` [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2 Yang Weijiang
@ 2021-03-03 12:24   ` Paolo Bonzini
  2021-03-04  6:13     ` Yang Weijiang
  0 siblings, 1 reply; 7+ messages in thread
From: Paolo Bonzini @ 2021-03-03 12:24 UTC (permalink / raw)
  To: Yang Weijiang, seanjc, vkuznets, kvm, linux-kernel

On 03/03/21 07:04, Yang Weijiang wrote:
> These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to
> read/write them and after they're changed. If CET guest entry-load bit is not
> set by L1 guest, migrate them to L2 manaully.
> 
> Suggested-by: Sean Christopherson <seanjc@google.com>
> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>

Hi Weijiang, can you post the complete series again?  Thanks!

Paolo

> ---
>   arch/x86/kvm/cpuid.c      |  1 -
>   arch/x86/kvm/vmx/nested.c | 30 ++++++++++++++++++++++++++++++
>   arch/x86/kvm/vmx/vmx.h    |  3 +++
>   3 files changed, 33 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index d191de769093..8692f53b8cd0 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -143,7 +143,6 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu)
>   		}
>   		vcpu->arch.guest_supported_xss =
>   			(((u64)best->edx << 32) | best->ecx) & supported_xss;
> -
>   	} else {
>   		vcpu->arch.guest_supported_xss = 0;
>   	}
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 9728efd529a1..24cace55e1f9 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -2516,6 +2516,13 @@ static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
>   	vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr);
>   
>   	set_cr4_guest_host_mask(vmx);
> +
> +	if (kvm_cet_supported() && vmx->nested.nested_run_pending &&
> +	    (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE)) {
> +		vmcs_writel(GUEST_SSP, vmcs12->guest_ssp);
> +		vmcs_writel(GUEST_S_CET, vmcs12->guest_s_cet);
> +		vmcs_writel(GUEST_INTR_SSP_TABLE, vmcs12->guest_ssp_tbl);
> +	}
>   }
>   
>   /*
> @@ -2556,6 +2563,15 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
>   	if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending ||
>   	    !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)))
>   		vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs);
> +
> +	if (kvm_cet_supported() && (!vmx->nested.nested_run_pending ||
> +	    !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE))) {
> +		vmcs_writel(GUEST_SSP, vmx->nested.vmcs01_guest_ssp);
> +		vmcs_writel(GUEST_S_CET, vmx->nested.vmcs01_guest_s_cet);
> +		vmcs_writel(GUEST_INTR_SSP_TABLE,
> +			    vmx->nested.vmcs01_guest_ssp_tbl);
> +	}
> +
>   	vmx_set_rflags(vcpu, vmcs12->guest_rflags);
>   
>   	/* EXCEPTION_BITMAP and CR0_GUEST_HOST_MASK should basically be the
> @@ -3375,6 +3391,12 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
>   	if (kvm_mpx_supported() &&
>   		!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
>   		vmx->nested.vmcs01_guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
> +	if (kvm_cet_supported() &&
> +		!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE)) {
> +		vmx->nested.vmcs01_guest_ssp = vmcs_readl(GUEST_SSP);
> +		vmx->nested.vmcs01_guest_s_cet = vmcs_readl(GUEST_S_CET);
> +		vmx->nested.vmcs01_guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE);
> +	}
>   
>   	/*
>   	 * Overwrite vmcs01.GUEST_CR3 with L1's CR3 if EPT is disabled *and*
> @@ -4001,6 +4023,9 @@ static bool is_vmcs12_ext_field(unsigned long field)
>   	case GUEST_IDTR_BASE:
>   	case GUEST_PENDING_DBG_EXCEPTIONS:
>   	case GUEST_BNDCFGS:
> +	case GUEST_SSP:
> +	case GUEST_INTR_SSP_TABLE:
> +	case GUEST_S_CET:
>   		return true;
>   	default:
>   		break;
> @@ -4052,6 +4077,11 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu,
>   		vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
>   	if (kvm_mpx_supported())
>   		vmcs12->guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
> +	if (kvm_cet_supported()) {
> +		vmcs12->guest_ssp = vmcs_readl(GUEST_SSP);
> +		vmcs12->guest_s_cet = vmcs_readl(GUEST_S_CET);
> +		vmcs12->guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE);
> +	}
>   
>   	vmx->nested.need_sync_vmcs02_to_vmcs12_rare = false;
>   }
> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> index 9d3a557949ac..36dc4fdb0909 100644
> --- a/arch/x86/kvm/vmx/vmx.h
> +++ b/arch/x86/kvm/vmx/vmx.h
> @@ -155,6 +155,9 @@ struct nested_vmx {
>   	/* to migrate it to L2 if VM_ENTRY_LOAD_DEBUG_CONTROLS is off */
>   	u64 vmcs01_debugctl;
>   	u64 vmcs01_guest_bndcfgs;
> +	u64 vmcs01_guest_ssp;
> +	u64 vmcs01_guest_s_cet;
> +	u64 vmcs01_guest_ssp_tbl;
>   
>   	/* to migrate it to L1 if L2 writes to L1's CR8 directly */
>   	int l1_tpr_threshold;
> 


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list
  2021-03-03  9:36 ` [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list Vitaly Kuznetsov
@ 2021-03-04  6:10   ` Yang Weijiang
  0 siblings, 0 replies; 7+ messages in thread
From: Yang Weijiang @ 2021-03-04  6:10 UTC (permalink / raw)
  To: Vitaly Kuznetsov; +Cc: Yang Weijiang, pbonzini, seanjc, kvm, linux-kernel

On Wed, Mar 03, 2021 at 10:36:40AM +0100, Vitaly Kuznetsov wrote:
> Yang Weijiang <weijiang.yang@intel.com> writes:
> 
> > CET in nested guest over Hyper-V is not supported for now. Relevant
> > enabling patches will be posted as a separate patch series.
> >
> > Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
> > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
> > ---
> >  arch/x86/kvm/vmx/evmcs.h | 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h
> > index bd41d9462355..25588694eb04 100644
> > --- a/arch/x86/kvm/vmx/evmcs.h
> > +++ b/arch/x86/kvm/vmx/evmcs.h
> > @@ -59,8 +59,10 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs);
> >  	 SECONDARY_EXEC_SHADOW_VMCS |					\
> >  	 SECONDARY_EXEC_TSC_SCALING |					\
> >  	 SECONDARY_EXEC_PAUSE_LOOP_EXITING)
> > -#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL)
> > -#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL)
> > +#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \
> > +					VM_EXIT_LOAD_CET_STATE)
> > +#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \
> > +					 VM_ENTRY_LOAD_CET_STATE)
> >  #define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING)
> >  
> >  #if IS_ENABLED(CONFIG_HYPERV)
> 
> This should be enough when we run KVM on Hyper-V using eVMCS, however,
> it may not suffice when we run Hyper-V on KVM using eVMCS: there's still
> no corresponding eVMCS fields so CET can't be used. In case Hyper-V is
> smart enough it won't use the feature, however, it was proven to be 'not
> very smart' in the past, see nested_evmcs_filter_control_msr(). I'm
> wondering if we should also do
> 
> diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
> index 41f24661af04..9f81db51fd8b 100644
> --- a/arch/x86/kvm/vmx/evmcs.c
> +++ b/arch/x86/kvm/vmx/evmcs.c
> @@ -351,11 +351,11 @@ void nested_evmcs_filter_control_msr(u32 msr_index, u64 *pdata)
>         switch (msr_index) {
>         case MSR_IA32_VMX_EXIT_CTLS:
>         case MSR_IA32_VMX_TRUE_EXIT_CTLS:
> -               ctl_high &= ~VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL;
> +               ctl_high &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
>                 break;
>         case MSR_IA32_VMX_ENTRY_CTLS:
>         case MSR_IA32_VMX_TRUE_ENTRY_CTLS:
> -               ctl_high &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL;
> +               ctl_high &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
>                 break;
>         case MSR_IA32_VMX_PROCBASED_CTLS2:
>                 ctl_high &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
> 
> to be on the safe side.

Yes, it looks good to me, will add it to new patch, thanks!

> 
> -- 
> Vitaly

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2
  2021-03-03 12:24   ` Paolo Bonzini
@ 2021-03-04  6:13     ` Yang Weijiang
  0 siblings, 0 replies; 7+ messages in thread
From: Yang Weijiang @ 2021-03-04  6:13 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: Yang Weijiang, seanjc, vkuznets, kvm, linux-kernel

On Wed, Mar 03, 2021 at 01:24:07PM +0100, Paolo Bonzini wrote:
> On 03/03/21 07:04, Yang Weijiang wrote:
> > These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to
> > read/write them and after they're changed. If CET guest entry-load bit is not
> > set by L1 guest, migrate them to L2 manaully.
> > 
> > Suggested-by: Sean Christopherson <seanjc@google.com>
> > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
> 
> Hi Weijiang, can you post the complete series again?  Thanks!

Sure, sent v3 version to include all the patches. Thanks!

> 
> Paolo
> 
> > ---
> >   arch/x86/kvm/cpuid.c      |  1 -
> >   arch/x86/kvm/vmx/nested.c | 30 ++++++++++++++++++++++++++++++
> >   arch/x86/kvm/vmx/vmx.h    |  3 +++
> >   3 files changed, 33 insertions(+), 1 deletion(-)
> > 
> > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> > index d191de769093..8692f53b8cd0 100644
> > --- a/arch/x86/kvm/cpuid.c
> > +++ b/arch/x86/kvm/cpuid.c
> > @@ -143,7 +143,6 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu)
> >   		}
> >   		vcpu->arch.guest_supported_xss =
> >   			(((u64)best->edx << 32) | best->ecx) & supported_xss;
> > -
> >   	} else {
> >   		vcpu->arch.guest_supported_xss = 0;
> >   	}
> > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > index 9728efd529a1..24cace55e1f9 100644
> > --- a/arch/x86/kvm/vmx/nested.c
> > +++ b/arch/x86/kvm/vmx/nested.c
> > @@ -2516,6 +2516,13 @@ static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
> >   	vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr);
> >   	set_cr4_guest_host_mask(vmx);
> > +
> > +	if (kvm_cet_supported() && vmx->nested.nested_run_pending &&
> > +	    (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE)) {
> > +		vmcs_writel(GUEST_SSP, vmcs12->guest_ssp);
> > +		vmcs_writel(GUEST_S_CET, vmcs12->guest_s_cet);
> > +		vmcs_writel(GUEST_INTR_SSP_TABLE, vmcs12->guest_ssp_tbl);
> > +	}
> >   }
> >   /*
> > @@ -2556,6 +2563,15 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
> >   	if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending ||
> >   	    !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)))
> >   		vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs);
> > +
> > +	if (kvm_cet_supported() && (!vmx->nested.nested_run_pending ||
> > +	    !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE))) {
> > +		vmcs_writel(GUEST_SSP, vmx->nested.vmcs01_guest_ssp);
> > +		vmcs_writel(GUEST_S_CET, vmx->nested.vmcs01_guest_s_cet);
> > +		vmcs_writel(GUEST_INTR_SSP_TABLE,
> > +			    vmx->nested.vmcs01_guest_ssp_tbl);
> > +	}
> > +
> >   	vmx_set_rflags(vcpu, vmcs12->guest_rflags);
> >   	/* EXCEPTION_BITMAP and CR0_GUEST_HOST_MASK should basically be the
> > @@ -3375,6 +3391,12 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
> >   	if (kvm_mpx_supported() &&
> >   		!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
> >   		vmx->nested.vmcs01_guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
> > +	if (kvm_cet_supported() &&
> > +		!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE)) {
> > +		vmx->nested.vmcs01_guest_ssp = vmcs_readl(GUEST_SSP);
> > +		vmx->nested.vmcs01_guest_s_cet = vmcs_readl(GUEST_S_CET);
> > +		vmx->nested.vmcs01_guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE);
> > +	}
> >   	/*
> >   	 * Overwrite vmcs01.GUEST_CR3 with L1's CR3 if EPT is disabled *and*
> > @@ -4001,6 +4023,9 @@ static bool is_vmcs12_ext_field(unsigned long field)
> >   	case GUEST_IDTR_BASE:
> >   	case GUEST_PENDING_DBG_EXCEPTIONS:
> >   	case GUEST_BNDCFGS:
> > +	case GUEST_SSP:
> > +	case GUEST_INTR_SSP_TABLE:
> > +	case GUEST_S_CET:
> >   		return true;
> >   	default:
> >   		break;
> > @@ -4052,6 +4077,11 @@ static void sync_vmcs02_to_vmcs12_rare(struct kvm_vcpu *vcpu,
> >   		vmcs_readl(GUEST_PENDING_DBG_EXCEPTIONS);
> >   	if (kvm_mpx_supported())
> >   		vmcs12->guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
> > +	if (kvm_cet_supported()) {
> > +		vmcs12->guest_ssp = vmcs_readl(GUEST_SSP);
> > +		vmcs12->guest_s_cet = vmcs_readl(GUEST_S_CET);
> > +		vmcs12->guest_ssp_tbl = vmcs_readl(GUEST_INTR_SSP_TABLE);
> > +	}
> >   	vmx->nested.need_sync_vmcs02_to_vmcs12_rare = false;
> >   }
> > diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> > index 9d3a557949ac..36dc4fdb0909 100644
> > --- a/arch/x86/kvm/vmx/vmx.h
> > +++ b/arch/x86/kvm/vmx/vmx.h
> > @@ -155,6 +155,9 @@ struct nested_vmx {
> >   	/* to migrate it to L2 if VM_ENTRY_LOAD_DEBUG_CONTROLS is off */
> >   	u64 vmcs01_debugctl;
> >   	u64 vmcs01_guest_bndcfgs;
> > +	u64 vmcs01_guest_ssp;
> > +	u64 vmcs01_guest_s_cet;
> > +	u64 vmcs01_guest_ssp_tbl;
> >   	/* to migrate it to L1 if L2 writes to L1's CR8 directly */
> >   	int l1_tpr_threshold;
> > 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list
  2021-03-03  6:04 [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list Yang Weijiang
  2021-03-03  6:04 ` [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2 Yang Weijiang
  2021-03-03  9:36 ` [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list Vitaly Kuznetsov
@ 2021-09-29 21:35 ` kernel test robot
  2 siblings, 0 replies; 7+ messages in thread
From: kernel test robot @ 2021-09-29 21:35 UTC (permalink / raw)
  To: Yang Weijiang, pbonzini, seanjc, vkuznets, kvm, linux-kernel
  Cc: kbuild-all, Yang Weijiang

[-- Attachment #1: Type: text/plain, Size: 6289 bytes --]

Hi Yang,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on kvm/queue]
[also build test ERROR on v5.15-rc3 next-20210922]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Yang-Weijiang/KVM-nVMX-Add-CET-entry-exit-load-bits-to-evmcs-unsupported-list/20210929-202056
base:   https://git.kernel.org/pub/scm/virt/kvm/kvm.git queue
config: i386-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
        # https://github.com/0day-ci/linux/commit/3f14ea714b1a239ff3a334060b34981089b5882b
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Yang-Weijiang/KVM-nVMX-Add-CET-entry-exit-load-bits-to-evmcs-unsupported-list/20210929-202056
        git checkout 3f14ea714b1a239ff3a334060b34981089b5882b
        # save the attached .config to linux build tree
        mkdir build_dir
        make W=1 O=build_dir ARCH=i386 SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from arch/x86/kvm/vmx/evmcs.c:8:
   arch/x86/kvm/vmx/evmcs.c: In function 'evmcs_sanitize_exec_ctrls':
>> arch/x86/kvm/vmx/evmcs.h:63:6: error: 'VM_EXIT_LOAD_CET_STATE' undeclared (first use in this function); did you mean 'VM_EXIT_LOAD_IA32_PAT'?
      63 |      VM_EXIT_LOAD_CET_STATE)
         |      ^~~~~~~~~~~~~~~~~~~~~~
   arch/x86/kvm/vmx/evmcs.c:304:29: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMEXIT_CTRL'
     304 |  vmcs_conf->vmexit_ctrl &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
         |                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/x86/kvm/vmx/evmcs.h:63:6: note: each undeclared identifier is reported only once for each function it appears in
      63 |      VM_EXIT_LOAD_CET_STATE)
         |      ^~~~~~~~~~~~~~~~~~~~~~
   arch/x86/kvm/vmx/evmcs.c:304:29: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMEXIT_CTRL'
     304 |  vmcs_conf->vmexit_ctrl &= ~EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
         |                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> arch/x86/kvm/vmx/evmcs.h:65:7: error: 'VM_ENTRY_LOAD_CET_STATE' undeclared (first use in this function); did you mean 'VM_ENTRY_LOAD_IA32_PAT'?
      65 |       VM_ENTRY_LOAD_CET_STATE)
         |       ^~~~~~~~~~~~~~~~~~~~~~~
   arch/x86/kvm/vmx/evmcs.c:305:30: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMENTRY_CTRL'
     305 |  vmcs_conf->vmentry_ctrl &= ~EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
         |                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/x86/kvm/vmx/evmcs.c: In function 'nested_evmcs_check_controls':
>> arch/x86/kvm/vmx/evmcs.h:63:6: error: 'VM_EXIT_LOAD_CET_STATE' undeclared (first use in this function); did you mean 'VM_EXIT_LOAD_IA32_PAT'?
      63 |      VM_EXIT_LOAD_CET_STATE)
         |      ^~~~~~~~~~~~~~~~~~~~~~
   arch/x86/kvm/vmx/evmcs.c:394:3: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMEXIT_CTRL'
     394 |   EVMCS1_UNSUPPORTED_VMEXIT_CTRL;
         |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> arch/x86/kvm/vmx/evmcs.h:65:7: error: 'VM_ENTRY_LOAD_CET_STATE' undeclared (first use in this function); did you mean 'VM_ENTRY_LOAD_IA32_PAT'?
      65 |       VM_ENTRY_LOAD_CET_STATE)
         |       ^~~~~~~~~~~~~~~~~~~~~~~
   arch/x86/kvm/vmx/evmcs.c:403:3: note: in expansion of macro 'EVMCS1_UNSUPPORTED_VMENTRY_CTRL'
     403 |   EVMCS1_UNSUPPORTED_VMENTRY_CTRL;
         |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kconfig warnings: (for reference only)
   WARNING: unmet direct dependencies detected for PHY_SPARX5_SERDES
   Depends on (ARCH_SPARX5 || COMPILE_TEST && OF && HAS_IOMEM
   Selected by
   - SPARX5_SWITCH && NETDEVICES && ETHERNET && NET_VENDOR_MICROCHIP && NET_SWITCHDEV && HAS_IOMEM && OF


vim +63 arch/x86/kvm/vmx/evmcs.h

    22	
    23	/*
    24	 * Enlightened VMCSv1 doesn't support these:
    25	 *
    26	 *	POSTED_INTR_NV                  = 0x00000002,
    27	 *	GUEST_INTR_STATUS               = 0x00000810,
    28	 *	APIC_ACCESS_ADDR		= 0x00002014,
    29	 *	POSTED_INTR_DESC_ADDR           = 0x00002016,
    30	 *	EOI_EXIT_BITMAP0                = 0x0000201c,
    31	 *	EOI_EXIT_BITMAP1                = 0x0000201e,
    32	 *	EOI_EXIT_BITMAP2                = 0x00002020,
    33	 *	EOI_EXIT_BITMAP3                = 0x00002022,
    34	 *	GUEST_PML_INDEX			= 0x00000812,
    35	 *	PML_ADDRESS			= 0x0000200e,
    36	 *	VM_FUNCTION_CONTROL             = 0x00002018,
    37	 *	EPTP_LIST_ADDRESS               = 0x00002024,
    38	 *	VMREAD_BITMAP                   = 0x00002026,
    39	 *	VMWRITE_BITMAP                  = 0x00002028,
    40	 *
    41	 *	TSC_MULTIPLIER                  = 0x00002032,
    42	 *	PLE_GAP                         = 0x00004020,
    43	 *	PLE_WINDOW                      = 0x00004022,
    44	 *	VMX_PREEMPTION_TIMER_VALUE      = 0x0000482E,
    45	 *      GUEST_IA32_PERF_GLOBAL_CTRL     = 0x00002808,
    46	 *      HOST_IA32_PERF_GLOBAL_CTRL      = 0x00002c04,
    47	 *
    48	 * Currently unsupported in KVM:
    49	 *	GUEST_IA32_RTIT_CTL		= 0x00002814,
    50	 */
    51	#define EVMCS1_UNSUPPORTED_PINCTRL (PIN_BASED_POSTED_INTR | \
    52					    PIN_BASED_VMX_PREEMPTION_TIMER)
    53	#define EVMCS1_UNSUPPORTED_2NDEXEC					\
    54		(SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |				\
    55		 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |			\
    56		 SECONDARY_EXEC_APIC_REGISTER_VIRT |				\
    57		 SECONDARY_EXEC_ENABLE_PML |					\
    58		 SECONDARY_EXEC_ENABLE_VMFUNC |					\
    59		 SECONDARY_EXEC_SHADOW_VMCS |					\
    60		 SECONDARY_EXEC_TSC_SCALING |					\
    61		 SECONDARY_EXEC_PAUSE_LOOP_EXITING)
    62	#define EVMCS1_UNSUPPORTED_VMEXIT_CTRL (VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | \
  > 63						VM_EXIT_LOAD_CET_STATE)
    64	#define EVMCS1_UNSUPPORTED_VMENTRY_CTRL (VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | \
  > 65						 VM_ENTRY_LOAD_CET_STATE)
    66	#define EVMCS1_UNSUPPORTED_VMFUNC (VMX_VMFUNC_EPTP_SWITCHING)
    67	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 65538 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-09-29 21:36 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-03  6:04 [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list Yang Weijiang
2021-03-03  6:04 ` [PATCH v3] KVM: nVMX: Sync L2 guest CET states between L1/L2 Yang Weijiang
2021-03-03 12:24   ` Paolo Bonzini
2021-03-04  6:13     ` Yang Weijiang
2021-03-03  9:36 ` [PATCH] KVM: nVMX: Add CET entry/exit load bits to evmcs unsupported list Vitaly Kuznetsov
2021-03-04  6:10   ` Yang Weijiang
2021-09-29 21:35 ` kernel test robot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).