Re: [PATCH] KVM: x86: Implement PCID/INVPCID for guests with EPT

[Avi Kivity <avi@redhat.com>]

On 05/10/2012 03:32 AM, Mao, Junjie wrote:
> This patch handles PCID/INVPCID for guests.
>
> Process-context identifiers (PCIDs) are a facility by which a logical processor may cache information for multiple linear-address spaces so that the processor may retain cached information when software switches to a different linear-address space. Refer to section 4.10.1 in IA32 Intel Software Developer's Manual Volume 3A for details.
>
> For guests with EPT, the PCID feature is enabled and INVPCID behaves as running natively.
> For guests without EPT, the PCID feature is disabled and INVPCID triggers #UD.
>
>  
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> index 74c9edf..bb9a707 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -52,7 +52,7 @@
>  #define CR4_RESERVED_BITS                                               \
>  	(~(unsigned long)(X86_CR4_VME | X86_CR4_PVI | X86_CR4_TSD | X86_CR4_DE\
>  			  | X86_CR4_PSE | X86_CR4_PAE | X86_CR4_MCE     \
> -			  | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR  \
> +			  | X86_CR4_PGE | X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_PCIDE \
>  			  | X86_CR4_OSXSAVE | X86_CR4_SMEP | X86_CR4_RDWRGSFS \
>  			  | X86_CR4_OSXMMEXCPT | X86_CR4_VMXE))

We should hide cr4.pcide from nested vmx, until we prepare that code to
handle it.

> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index d2bd719..ba00789 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -413,6 +413,7 @@ struct vcpu_vmx {
>  	u32 exit_reason;
>  
>  	bool rdtscp_enabled;
> +	bool invpcid_enabled;
>  
>  	/* Support for a guest hypervisor (nested VMX) */
>  	struct nested_vmx nested;
> @@ -839,6 +840,12 @@ static inline bool cpu_has_vmx_rdtscp(void)
>  		SECONDARY_EXEC_RDTSCP;
>  }
>  
> +static bool vmx_pcid_supported(void)
> +{
> +	/* Enable PCID for non-ept guests may cause performance regression */

Why is that?

> +	return enable_ept && (boot_cpu_data.x86_capability[4] & bit(X86_FEATURE_PCID));
> +}
> +
>  /*
>   * Swap MSR entry in host/guest MSR entry array.
>   */
> @@ -4337,8 +4352,14 @@ static int handle_set_cr0(struct kvm_vcpu *vcpu, unsigned long val)
>  			return 1;
>  		vmcs_writel(CR0_READ_SHADOW, val);
>  		return 0;
> -	} else
> +	} else {
> +		unsigned long old_cr0 = kvm_read_cr0(vcpu);
> +		if ((old_cr0 & X86_CR0_PG) && !(val & X86_CR0_PG) &&
> +		    (kvm_read_cr4(vcpu) & X86_CR4_PCIDE))

Use kvm_read_cr4_bits(), it's slightly faster.  Also move this to x86.c.

> +			return 1;
> +
>  		return kvm_set_cr0(vcpu, val);
> +	}
>  }
>  
>  static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val)
> @@ -4349,8 +4370,26 @@ static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned long val)
>  			return 1;
>  		vmcs_writel(CR4_READ_SHADOW, val);
>  		return 0;
> -	} else
> -		return kvm_set_cr4(vcpu, val);
> +	} else {
> +		unsigned long old_cr4 = kvm_read_cr4(vcpu);
> +		int ret = 1;
> +
> +		if ((val & X86_CR4_PCIDE) && !(old_cr4 & X86_CR4_PCIDE)) {
> +			if (!guest_cpuid_has_pcid(vcpu))
> +				return ret;
> +
> +			/* PCID can not be enabled when cr3[11:0]!=000H or EFER.LMA=0 */
> +			if ((kvm_read_cr3(vcpu) & X86_CR3_PCID_MASK) || !is_long_mode(vcpu))
> +				return ret;
> +		}
> +
> +		ret = kvm_set_cr4(vcpu, val);
> +
> +		if (!ret && (!(val & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE)))
> +			kvm_mmu_reset_context(vcpu);
> +
> +		return ret;
> +	}

Move to x86.c please.

>  }
>  
>  /* called to set cr0 as approriate for clts instruction exit. */
> @@ -6420,6 +6459,23 @@ static void vmx_cpuid_update(struct kvm_vcpu *vcpu)
>  			}
>  		}
>  	}
> +
> +	vmx->invpcid_enabled = false;
> +	if (vmx_pcid_supported()) {
> +		exec_control = vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
> +		if (exec_control & SECONDARY_EXEC_ENABLE_INVPCID) {
> +			best = kvm_find_cpuid_entry(vcpu, 0x1, 0);
> +			if (best && (best->ecx & bit(X86_FEATURE_PCID)))
> +				vmx->invpcid_enabled = true;
> +			else {
> +				exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID;
> +				vmcs_write32(SECONDARY_VM_EXEC_CONTROL,
> +						exec_control);
> +				best = kvm_find_cpuid_entry(vcpu, 0x7, 0);
> +				best->ecx &= ~bit(X86_FEATURE_INVPCID);
> +			}
> +		}
> +	}
>  }
>  
>

If we enter a nested guest (which is running without PCID), we need
either to handle INVPCID exits (and inject a #UD) or disable INVPCID in
exec controls.  The first is faster since it doesn't involve VMWRITEs. 
If we do that, we don't need this code (since it will work for
non-nested guests as well).

-- 
error compiling committee.c: too many arguments to function