[PATCH v2 1/2] KVM: x86: Introduce arch specific has_protected_pmu state

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vishal Annapurve <vannapurve@google.com>
To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@linux.intel.com
Cc: rick.p.edgecombe@intel.com, dapeng1.mi@linux.intel.com,
	mizhang@google.com,  kai.huang@intel.com, jmattson@google.com,
	kvm@vger.kernel.org,  linux-kernel@vger.kernel.org,
	Vishal Annapurve <vannapurve@google.com>
Subject: [PATCH v2 1/2] KVM: x86: Introduce arch specific has_protected_pmu state
Date: Thu,  7 May 2026 00:36:12 +0000	[thread overview]
Message-ID: <20260507003613.1784851-2-vannapurve@google.com> (raw)
In-Reply-To: <20260507003613.1784851-1-vannapurve@google.com>

PMU state for TDX VMs is virtualized by TDX Module [1]. Introduce
has_protected_pmu state to track the pmu state for such scenarios. Disable
KVM's PMU virtualization framework if pmu state is protected as
additional enlightenment is needed within KVM to control/manage the
visibility of PMU state to such VMs.

Additionally disallow userspace VMM to toggle PMU state using
KVM_CAP_PMU_CAPABILITY if pmu state is protected.

[1] Section 15.2: https://cdrdv2.intel.com/v1/dl/getContent/733575

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Vishal Annapurve <vannapurve@google.com>
---
 arch/x86/include/asm/kvm_host.h | 1 +
 arch/x86/kvm/x86.c              | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index c470e40a00aa..8371dcaaed1a 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1422,6 +1422,7 @@ struct kvm_arch {
 	bool has_private_mem;
 	bool has_protected_state;
 	bool has_protected_eoi;
+	bool has_protected_pmu;
 	bool pre_fault_allowed;
 	struct hlist_head *mmu_page_hash;
 	struct list_head active_mmu_pages;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 0a1b63c63d1a..4836e206f64a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6910,7 +6910,8 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
 			break;
 
 		mutex_lock(&kvm->lock);
-		if (!kvm->created_vcpus && !kvm->arch.created_mediated_pmu) {
+		if (!kvm->created_vcpus && !kvm->arch.created_mediated_pmu &&
+			!kvm->arch.has_protected_pmu) {
 			kvm->arch.enable_pmu = !(cap->args[0] & KVM_PMU_CAP_DISABLE);
 			r = 0;
 		}
@@ -13375,7 +13376,10 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 	kvm->arch.default_tsc_khz = max_tsc_khz ? : tsc_khz;
 	kvm->arch.apic_bus_cycle_ns = APIC_BUS_CYCLE_NS_DEFAULT;
 	kvm->arch.guest_can_read_msr_platform_info = true;
-	kvm->arch.enable_pmu = enable_pmu;
+	if (kvm->arch.has_protected_pmu)
+		kvm->arch.enable_pmu = false;
+	else
+		kvm->arch.enable_pmu = enable_pmu;
 
 #if IS_ENABLED(CONFIG_HYPERV)
 	spin_lock_init(&kvm->arch.hv_root_tdp_lock);
-- 
2.54.0.563.g4f69b47b94-goog

next prev parent reply	other threads:[~2026-05-07  0:36 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-07  0:36 [PATCH v2 0/2] KVM: TDX: Disable PMU virtualization for TDX VMs Vishal Annapurve
2026-05-07  0:36 ` Vishal Annapurve [this message]
2026-05-07 13:15   ` [PATCH v2 1/2] KVM: x86: Introduce arch specific has_protected_pmu state Sean Christopherson
2026-05-07  0:36 ` [PATCH v2 2/2] KVM: TDX: Set the has_protected_pmu flag for TDX VMs Vishal Annapurve
2026-05-07 13:23   ` Sean Christopherson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c470e40a00a dfblob:8371dcaaed1 dfblob:0a1b63c63d1
dfblob:4836e206f64 )
 OR (
bs:"[PATCH v2 1/2] KVM: x86: Introduce arch specific has_protected_pmu state" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260507003613.1784851-2-vannapurve@google.com \
    --to=vannapurve@google.com \
    --cc=dapeng1.mi@linux.intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=jmattson@google.com \
    --cc=kai.huang@intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mizhang@google.com \
    --cc=pbonzini@redhat.com \
    --cc=rick.p.edgecombe@intel.com \
    --cc=seanjc@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.