From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Yang Weijiang <weijiang.yang@intel.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, jmattson@google.com,
yu.c.zhang@linux.intel.com
Subject: Re: [PATCH v11 8/9] KVM: VMX: Enable CET support for nested VM
Date: Thu, 23 Apr 2020 11:29:06 -0700 [thread overview]
Message-ID: <20200423182906.GL17824@linux.intel.com> (raw)
In-Reply-To: <20200326081847.5870-9-weijiang.yang@intel.com>
On Thu, Mar 26, 2020 at 04:18:45PM +0800, Yang Weijiang wrote:
> CET MSRs pass through guests for performance consideration.
> Configure the MSRs to match L0/L1 settings so that nested VM
> is able to run with CET.
>
> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
> ---
> arch/x86/kvm/vmx/nested.c | 41 +++++++++++++++++++++++++++++++++++++--
> arch/x86/kvm/vmx/vmcs12.c | 6 ++++++
> arch/x86/kvm/vmx/vmcs12.h | 14 ++++++++++++-
> arch/x86/kvm/vmx/vmx.c | 1 +
> 4 files changed, 59 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index e47eb7c0fbae..a71ef33de55f 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -627,6 +627,41 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu,
> nested_vmx_disable_intercept_for_msr(msr_bitmap_l1, msr_bitmap_l0,
> MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
>
> + /* Pass CET MSRs to nested VM if L0 and L1 are set to pass-through. */
> + if (!msr_write_intercepted_l01(vcpu, MSR_IA32_U_CET))
> + nested_vmx_disable_intercept_for_msr(
> + msr_bitmap_l1, msr_bitmap_l0,
> + MSR_IA32_U_CET, MSR_TYPE_RW);
> +
> + if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL3_SSP))
> + nested_vmx_disable_intercept_for_msr(
> + msr_bitmap_l1, msr_bitmap_l0,
> + MSR_IA32_PL3_SSP, MSR_TYPE_RW);
> +
> + if (!msr_write_intercepted_l01(vcpu, MSR_IA32_S_CET))
> + nested_vmx_disable_intercept_for_msr(
> + msr_bitmap_l1, msr_bitmap_l0,
> + MSR_IA32_S_CET, MSR_TYPE_RW);
> +
> + if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL0_SSP))
> + nested_vmx_disable_intercept_for_msr(
> + msr_bitmap_l1, msr_bitmap_l0,
> + MSR_IA32_PL0_SSP, MSR_TYPE_RW);
> +
> + if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL1_SSP))
> + nested_vmx_disable_intercept_for_msr(
> + msr_bitmap_l1, msr_bitmap_l0,
> + MSR_IA32_PL1_SSP, MSR_TYPE_RW);
> +
> + if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL2_SSP))
> + nested_vmx_disable_intercept_for_msr(
> + msr_bitmap_l1, msr_bitmap_l0,
> + MSR_IA32_PL2_SSP, MSR_TYPE_RW);
> +
> + if (!msr_write_intercepted_l01(vcpu, MSR_IA32_INT_SSP_TAB))
> + nested_vmx_disable_intercept_for_msr(
> + msr_bitmap_l1, msr_bitmap_l0,
> + MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW);
That's a lot of copy-paste. Maybe add a helper to do the conditional l01
check and subsequent call to nested_vmx_disable_intercept_for_msr()? It's
still a lot of boilerplate, but it's at least a little better. Not sure
what a good name would be.
nested_vmx_update_intercept_for_msr(vcpu, MSR_IA32_U_CET,
msr_bitmap_l1, msr_bitmap_l0,
MSR_TYPE_RW);
> /*
> * Checking the L0->L1 bitmap is trying to verify two things:
> *
> @@ -6040,7 +6075,8 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps)
> msrs->exit_ctls_high |=
> VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR |
> VM_EXIT_LOAD_IA32_EFER | VM_EXIT_SAVE_IA32_EFER |
> - VM_EXIT_SAVE_VMX_PREEMPTION_TIMER | VM_EXIT_ACK_INTR_ON_EXIT;
> + VM_EXIT_SAVE_VMX_PREEMPTION_TIMER | VM_EXIT_ACK_INTR_ON_EXIT |
> + VM_EXIT_LOAD_HOST_CET_STATE;
>
> /* We support free control of debug control saving. */
> msrs->exit_ctls_low &= ~VM_EXIT_SAVE_DEBUG_CONTROLS;
> @@ -6057,7 +6093,8 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps)
> #endif
> VM_ENTRY_LOAD_IA32_PAT;
> msrs->entry_ctls_high |=
> - (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER);
> + (VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR | VM_ENTRY_LOAD_IA32_EFER |
> + VM_ENTRY_LOAD_GUEST_CET_STATE);
This is wrong, the OR path is only for emulated stuff, I'm guessing you're
not planning on emulating CET :-)
And I think this needs to be conditional based on supported_xss?
> /* We support free control of debug control loading. */
> msrs->entry_ctls_low &= ~VM_ENTRY_LOAD_DEBUG_CONTROLS;
> diff --git a/arch/x86/kvm/vmx/vmcs12.c b/arch/x86/kvm/vmx/vmcs12.c
> index 53dfb401316d..82b82bebeee0 100644
> --- a/arch/x86/kvm/vmx/vmcs12.c
> +++ b/arch/x86/kvm/vmx/vmcs12.c
> @@ -141,6 +141,9 @@ const unsigned short vmcs_field_to_offset_table[] = {
> FIELD(GUEST_PENDING_DBG_EXCEPTIONS, guest_pending_dbg_exceptions),
> FIELD(GUEST_SYSENTER_ESP, guest_sysenter_esp),
> FIELD(GUEST_SYSENTER_EIP, guest_sysenter_eip),
> + FIELD(GUEST_S_CET, guest_s_cet),
> + FIELD(GUEST_SSP, guest_ssp),
> + FIELD(GUEST_INTR_SSP_TABLE, guest_ssp_tbl),
> FIELD(HOST_CR0, host_cr0),
> FIELD(HOST_CR3, host_cr3),
> FIELD(HOST_CR4, host_cr4),
> @@ -153,5 +156,8 @@ const unsigned short vmcs_field_to_offset_table[] = {
> FIELD(HOST_IA32_SYSENTER_EIP, host_ia32_sysenter_eip),
> FIELD(HOST_RSP, host_rsp),
> FIELD(HOST_RIP, host_rip),
> + FIELD(HOST_S_CET, host_s_cet),
> + FIELD(HOST_SSP, host_ssp),
> + FIELD(HOST_INTR_SSP_TABLE, host_ssp_tbl),
> };
> const unsigned int nr_vmcs12_fields = ARRAY_SIZE(vmcs_field_to_offset_table);
> diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h
> index d0c6df373f67..62b7be68f05c 100644
> --- a/arch/x86/kvm/vmx/vmcs12.h
> +++ b/arch/x86/kvm/vmx/vmcs12.h
> @@ -118,7 +118,13 @@ struct __packed vmcs12 {
> natural_width host_ia32_sysenter_eip;
> natural_width host_rsp;
> natural_width host_rip;
> - natural_width paddingl[8]; /* room for future expansion */
> + natural_width host_s_cet;
> + natural_width host_ssp;
> + natural_width host_ssp_tbl;
> + natural_width guest_s_cet;
> + natural_width guest_ssp;
> + natural_width guest_ssp_tbl;
> + natural_width paddingl[2]; /* room for future expansion */
Tangetial topic, it'd be helpful if FIELD and FIELD64 had compile-time
assertions similar to vmcs_read*() to verify the size of the vmcs12 field
is correct. In other words, I don't feel like reviewing all of these :-).
> u32 pin_based_vm_exec_control;
> u32 cpu_based_vm_exec_control;
> u32 exception_bitmap;
> @@ -301,6 +307,12 @@ static inline void vmx_check_vmcs12_offsets(void)
> CHECK_OFFSET(host_ia32_sysenter_eip, 656);
> CHECK_OFFSET(host_rsp, 664);
> CHECK_OFFSET(host_rip, 672);
> + CHECK_OFFSET(host_s_cet, 680);
> + CHECK_OFFSET(host_ssp, 688);
> + CHECK_OFFSET(host_ssp_tbl, 696);
> + CHECK_OFFSET(guest_s_cet, 704);
> + CHECK_OFFSET(guest_ssp, 712);
> + CHECK_OFFSET(guest_ssp_tbl, 720);
> CHECK_OFFSET(pin_based_vm_exec_control, 744);
> CHECK_OFFSET(cpu_based_vm_exec_control, 748);
> CHECK_OFFSET(exception_bitmap, 752);
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index a3d01014b9e7..c2e950d378bd 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -7153,6 +7153,7 @@ static void nested_vmx_cr_fixed1_bits_update(struct kvm_vcpu *vcpu)
> cr4_fixed1_update(X86_CR4_PKE, ecx, feature_bit(PKU));
> cr4_fixed1_update(X86_CR4_UMIP, ecx, feature_bit(UMIP));
> cr4_fixed1_update(X86_CR4_LA57, ecx, feature_bit(LA57));
> + cr4_fixed1_update(X86_CR4_CET, ecx, feature_bit(SHSTK));
>
> #undef cr4_fixed1_update
> }
> --
> 2.17.2
>
next prev parent reply other threads:[~2020-04-23 18:29 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-26 8:18 [PATCH v11 0/9] Introduce support for guest CET feature Yang Weijiang
2020-03-26 8:18 ` [PATCH v11 1/9] KVM: VMX: Introduce CET VMX fields and flags Yang Weijiang
2020-04-23 16:07 ` Sean Christopherson
2020-04-24 13:39 ` Yang Weijiang
2020-04-23 16:39 ` Sean Christopherson
2020-04-24 13:44 ` Yang Weijiang
2020-03-26 8:18 ` [PATCH v11 2/9] KVM: VMX: Set guest CET MSRs per KVM and host configuration Yang Weijiang
2020-04-23 16:27 ` Sean Christopherson
2020-04-24 14:07 ` Yang Weijiang
2020-04-24 14:55 ` Sean Christopherson
2020-04-25 9:14 ` Yang Weijiang
2020-04-25 13:26 ` Paolo Bonzini
2020-04-26 15:26 ` Yang Weijiang
2020-03-26 8:18 ` [PATCH v11 3/9] KVM: VMX: Set host/guest CET states for vmexit/vmentry Yang Weijiang
2020-04-01 2:23 ` kbuild test robot
2020-04-01 2:23 ` kbuild test robot
2020-04-23 17:17 ` Sean Christopherson
2020-04-24 14:35 ` Yang Weijiang
2020-04-24 14:49 ` Sean Christopherson
2020-04-25 9:20 ` Yang Weijiang
2020-04-27 17:04 ` Sean Christopherson
2020-04-27 17:56 ` Sean Christopherson
2020-03-26 8:18 ` [PATCH v11 4/9] KVM: VMX: Check CET dependencies on CR settings Yang Weijiang
2020-04-23 17:20 ` Sean Christopherson
2020-04-24 14:36 ` Yang Weijiang
2020-03-26 8:18 ` [PATCH v11 5/9] KVM: X86: Refresh CPUID once guest XSS MSR changes Yang Weijiang
2020-04-01 3:50 ` kbuild test robot
2020-04-01 3:50 ` kbuild test robot
2020-04-23 17:34 ` Sean Christopherson
2020-04-24 14:47 ` Yang Weijiang
2020-04-25 13:19 ` Paolo Bonzini
2020-04-26 15:01 ` Yang Weijiang
2020-03-26 8:18 ` [PATCH v11 6/9] KVM: X86: Load guest fpu state when access MSRs managed by XSAVES Yang Weijiang
2020-03-26 8:18 ` [PATCH v11 7/9] KVM: X86: Add userspace access interface for CET MSRs Yang Weijiang
2020-03-28 7:40 ` kbuild test robot
2020-03-28 7:40 ` kbuild test robot
2020-04-01 4:54 ` kbuild test robot
2020-04-01 4:54 ` kbuild test robot
2020-04-23 18:14 ` Sean Christopherson
2020-04-24 15:02 ` Yang Weijiang
2020-04-24 15:10 ` Sean Christopherson
2020-04-25 9:28 ` Yang Weijiang
2020-04-25 15:31 ` Paolo Bonzini
2020-04-26 15:23 ` Yang Weijiang
2020-04-27 14:04 ` Paolo Bonzini
2020-04-28 13:41 ` Yang Weijiang
2020-03-26 8:18 ` [PATCH v11 8/9] KVM: VMX: Enable CET support for nested VM Yang Weijiang
2020-04-01 6:11 ` kbuild test robot
2020-04-01 6:11 ` kbuild test robot
2020-04-23 18:29 ` Sean Christopherson [this message]
2020-04-24 15:24 ` Yang Weijiang
2020-03-26 8:18 ` [PATCH v11 9/9] KVM: X86: Set CET feature bits for CPUID enumeration Yang Weijiang
2020-03-27 4:41 ` kbuild test robot
2020-03-27 4:41 ` kbuild test robot
2020-04-23 16:56 ` Sean Christopherson
2020-04-24 14:17 ` Yang Weijiang
2020-04-23 16:58 ` Sean Christopherson
2020-04-24 14:23 ` Yang Weijiang
2020-03-26 8:18 ` [kvm-unit-tests PATCH] x86: Add tests for user-mode CET Yang Weijiang
2020-04-23 15:51 ` [PATCH v11 0/9] Introduce support for guest CET feature Sean Christopherson
2020-04-24 13:31 ` Yang Weijiang
2020-04-23 16:03 ` Sean Christopherson
2020-04-24 13:34 ` Yang Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200423182906.GL17824@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=weijiang.yang@intel.com \
--cc=yu.c.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.