Re: [PATCH 1/2] KVM: x86: Add build-time assertion on usage of bit()

[Sean Christopherson <sean.j.christopherson@intel.com>]

On Wed, Dec 11, 2019 at 10:24:36AM -0800, Jim Mattson wrote:
> On Wed, Dec 11, 2019 at 9:58 AM Sean Christopherson
> <sean.j.christopherson@intel.com> wrote:
> >
> > Add build-time checks to ensure KVM isn't trying to do a reverse CPUID
> > lookup on Linux-defined feature bits, along with comments to explain
> > the gory details of X86_FEATUREs and bit().
> >
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> > ---
> >
> > Note, the premature newline in the first line of the second comment is
> > intentional to reduce churn in the next patch.
> >
> >  arch/x86/kvm/x86.h | 23 +++++++++++++++++++++--
> >  1 file changed, 21 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
> > index cab5e71f0f0f..4ee4175c66a7 100644
> > --- a/arch/x86/kvm/x86.h
> > +++ b/arch/x86/kvm/x86.h
> > @@ -144,9 +144,28 @@ static inline bool is_pae_paging(struct kvm_vcpu *vcpu)
> >         return !is_long_mode(vcpu) && is_pae(vcpu) && is_paging(vcpu);
> >  }
> >
> > -static inline u32 bit(int bitno)
> > +/*
> > + * Retrieve the bit mask from an X86_FEATURE_* definition.  Features contain
> > + * the hardware defined bit number (stored in bits 4:0) and a software defined
> > + * "word" (stored in bits 31:5).  The word is used to index into arrays of
> > + * bit masks that hold the per-cpu feature capabilities, e.g. this_cpu_has().
> > + */
> > +static __always_inline u32 bit(int feature)
> >  {
> > -       return 1 << (bitno & 31);
> > +       /*
> > +        * bit() is intended to be used only for hardware-defined
> > +        * words, i.e. words whose bits directly correspond to a CPUID leaf.
> > +        * Retrieving the bit mask from a Linux-defined word is nonsensical
> > +        * as the bit number/mask is an arbitrary software-defined value and
> > +        * can't be used by KVM to query/control guest capabilities.
> > +        */
> > +       BUILD_BUG_ON((feature >> 5) == CPUID_LNX_1);
> > +       BUILD_BUG_ON((feature >> 5) == CPUID_LNX_2);
> > +       BUILD_BUG_ON((feature >> 5) == CPUID_LNX_3);
> > +       BUILD_BUG_ON((feature >> 5) == CPUID_LNX_4);
> > +       BUILD_BUG_ON((feature >> 5) > CPUID_7_EDX);
> 
> What is magical about CPUID_7_EDX?

It's currently the last cpufeatures word.  My thought was to force this to
be updated in order to do reverse lookup on the next new word.  I didn't
want to use NCAPINTS because that gets updated when a new word is added to
cpufeatures, i.e. wouldn't catch the case where the next new word is a
Linux-defined word, which is extremely unlikely but theoretically possible.

> > +
> > +       return 1 << (feature & 31);
> 
> Why not BIT(feature & 31)?

That's a very good question.

> >  }
> >
> >  static inline u8 vcpu_virt_addr_bits(struct kvm_vcpu *vcpu)
> > --
> > 2.24.0
> >