From: Xin Li <xin3.li@intel.com>
To: kvm@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org,
linux-kselftest@vger.kernel.org
Cc: seanjc@google.com, pbonzini@redhat.com, corbet@lwn.net,
kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org,
decui@microsoft.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org,
hpa@zytor.com, vkuznets@redhat.com, peterz@infradead.org,
ravi.v.shankar@intel.com
Subject: [PATCH v1 06/23] KVM: VMX: Defer enabling FRED MSRs save/load until after set CPUID
Date: Wed, 8 Nov 2023 10:29:46 -0800 [thread overview]
Message-ID: <20231108183003.5981-7-xin3.li@intel.com> (raw)
In-Reply-To: <20231108183003.5981-1-xin3.li@intel.com>
Clear FRED VM entry/exit controls when initializing a vCPU, and set
these controls only if FRED is enumerated after set CPUID.
FRED VM entry/exit controls need to be set to establish context
sufficient to support FRED event delivery immediately after VM entry
and exit. However it is not required to save/load FRED MSRs for
a non-FRED guest, which aren't supposed to access FRED MSRs.
A non-FRED guest should get #GP upon accessing FRED MSRs, otherwise
it corrupts host FRED MSRs.
Tested-by: Shan Kang <shan.kang@intel.com>
Signed-off-by: Xin Li <xin3.li@intel.com>
---
arch/x86/kvm/vmx/vmx.c | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 9186f41974ab..5d4786812664 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -4423,6 +4423,9 @@ static u32 vmx_vmentry_ctrl(void)
if (cpu_has_perf_global_ctrl_bug())
vmentry_ctrl &= ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL;
+ /* Whether to load guest FRED MSRs is deferred until after set CPUID */
+ vmentry_ctrl &= ~VM_ENTRY_LOAD_IA32_FRED;
+
return vmentry_ctrl;
}
@@ -4458,7 +4461,13 @@ static u32 vmx_vmexit_ctrl(void)
static u64 vmx_secondary_vmexit_ctrl(void)
{
- return vmcs_config.secondary_vmexit_ctrl;
+ u64 secondary_vmexit_ctrl = vmcs_config.secondary_vmexit_ctrl;
+
+ /* Whether to save/load FRED MSRs is deferred until after set CPUID */
+ secondary_vmexit_ctrl &= ~(SECONDARY_VM_EXIT_SAVE_IA32_FRED |
+ SECONDARY_VM_EXIT_LOAD_IA32_FRED);
+
+ return secondary_vmexit_ctrl;
}
static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu)
@@ -7785,10 +7794,33 @@ static void update_intel_pt_cfg(struct kvm_vcpu *vcpu)
vmx->pt_desc.ctl_bitmask &= ~(0xfULL << (32 + i * 4));
}
+static void vmx_vcpu_config_fred_after_set_cpuid(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+ if (!cpu_feature_enabled(X86_FEATURE_FRED) ||
+ !guest_cpuid_has(vcpu, X86_FEATURE_FRED))
+ return;
+
+ /* Enable loading guest FRED MSRs from VMCS */
+ vm_entry_controls_setbit(vmx, VM_ENTRY_LOAD_IA32_FRED);
+
+ /*
+ * Enable saving guest FRED MSRs into VMCS and loading host FRED MSRs
+ * from VMCS.
+ */
+ vm_exit_controls_setbit(vmx, VM_EXIT_ACTIVATE_SECONDARY_CONTROLS);
+ secondary_vm_exit_controls_setbit(vmx,
+ SECONDARY_VM_EXIT_SAVE_IA32_FRED |
+ SECONDARY_VM_EXIT_LOAD_IA32_FRED);
+}
+
static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
+ vmx_vcpu_config_fred_after_set_cpuid(vcpu);
+
/*
* XSAVES is effectively enabled if and only if XSAVE is also exposed
* to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be
--
2.42.0
next prev parent reply other threads:[~2023-11-08 19:00 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-08 18:29 [PATCH v1 00/23] Enable FRED with KVM VMX Xin Li
2023-11-08 18:29 ` [PATCH v1 01/23] KVM: VMX: Cleanup VMX basic information defines and usages Xin Li
2023-11-08 18:29 ` [PATCH v1 02/23] KVM: VMX: Cleanup VMX misc " Xin Li
2023-11-08 18:29 ` [PATCH v1 03/23] KVM: VMX: Add support for the secondary VM exit controls Xin Li
2023-11-08 18:29 ` [PATCH v1 04/23] KVM: x86: Mark CR4.FRED as not reserved Xin Li
2023-11-08 18:29 ` [PATCH v1 05/23] KVM: VMX: Initialize FRED VM entry/exit controls in vmcs_config Xin Li
2023-11-09 8:53 ` Chao Gao
2023-11-09 15:15 ` Sean Christopherson
2023-11-10 0:04 ` Li, Xin3
2023-11-10 15:01 ` Sean Christopherson
2023-11-14 4:05 ` Li, Xin3
2023-11-13 17:18 ` Nikolay Borisov
2023-11-15 2:39 ` Li, Xin3
2023-11-08 18:29 ` Xin Li [this message]
2023-11-09 9:15 ` [PATCH v1 06/23] KVM: VMX: Defer enabling FRED MSRs save/load until after set CPUID Chao Gao
2023-11-09 23:50 ` Li, Xin3
2023-11-10 0:18 ` Sean Christopherson
2023-11-14 2:50 ` Li, Xin3
2023-11-15 21:47 ` Sean Christopherson
2023-11-08 18:29 ` [PATCH v1 07/23] KVM: VMX: Disable intercepting FRED MSRs Xin Li
2023-11-09 9:21 ` Chao Gao
2023-11-08 18:29 ` [PATCH v1 08/23] KVM: VMX: Initialize VMCS FRED fields Xin Li
2023-11-13 3:04 ` Chao Gao
2023-11-14 6:02 ` Li, Xin3
2023-11-14 6:51 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 09/23] KVM: VMX: Switch FRED RSP0 between host and guest Xin Li
2023-11-13 3:47 ` Chao Gao
2023-11-14 5:17 ` Li, Xin3
2023-11-14 7:47 ` Chao Gao
2023-11-15 3:04 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 10/23] KVM: VMX: Add support for FRED context save/restore Xin Li
2023-11-13 5:24 ` Chao Gao
2023-11-14 4:48 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 11/23] KVM: x86: Add kvm_is_fred_enabled() Xin Li
2023-11-13 7:35 ` Chao Gao
2023-11-14 4:42 ` Li, Xin3
2023-11-14 8:16 ` Chao Gao
2023-11-14 18:57 ` Li, Xin3
2023-11-20 9:04 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 12/23] KVM: VMX: Handle FRED event data Xin Li
2023-11-13 10:14 ` Chao Gao
2023-11-14 4:34 ` Li, Xin3
2023-11-14 8:58 ` Chao Gao
2023-11-15 2:52 ` Li, Xin3
2023-11-16 2:39 ` Chao Gao
2023-11-20 8:16 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 13/23] KVM: VMX: Handle VMX nested exception for FRED Xin Li
2023-11-14 7:40 ` Chao Gao
2023-11-15 3:03 ` Li, Xin3
2023-12-06 8:37 ` Li, Xin3
2023-12-07 8:42 ` Chao Gao
2023-12-07 10:09 ` Li, Xin3
2023-12-08 1:56 ` Chao Gao
2023-12-08 23:48 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 14/23] KVM: VMX: Dump FRED context in dump_vmcs() Xin Li
2023-11-14 14:36 ` Nikolay Borisov
2023-11-15 2:41 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 15/23] KVM: nVMX: Add support for the secondary VM exit controls Xin Li
2023-11-09 8:21 ` Jeremi Piotrowski
2023-11-10 0:12 ` Li, Xin3
2023-11-20 15:52 ` Vitaly Kuznetsov
2023-11-20 17:42 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 16/23] KVM: nVMX: Add FRED VMCS fields Xin Li
2023-11-08 18:29 ` [PATCH v1 17/23] KVM: nVMX: Add support for VMX FRED controls Xin Li
2023-11-08 18:29 ` [PATCH v1 18/23] KVM: nVMX: Add VMCS FRED states checking Xin Li
2023-11-08 18:29 ` [PATCH v1 19/23] KVM: x86: Allow FRED/LKGS/WRMSRNS to be exposed to guests Xin Li
2023-11-08 18:30 ` [PATCH v1 20/23] KVM: selftests: Add FRED VMCS fields to evmcs Xin Li
2023-11-08 18:30 ` [PATCH v1 21/23] KVM: selftests: Run debug_regs test with FRED enabled Xin Li
2023-11-08 18:30 ` [PATCH v1 22/23] KVM: selftests: Add a new VM guest mode to run user level code Xin Li
2023-11-08 18:30 ` [PATCH v1 23/23] KVM: selftests: Add fred exception tests Xin Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231108183003.5981-7-xin3.li@intel.com \
--to=xin3.li@intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.