From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Robert Hoo <robert.hu@linux.intel.com>
Cc: chang.seok.bae@intel.com, kvm@vger.kernel.org,
robert.hu@intel.com, pbonzini@redhat.com, seanjc@google.com,
wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org
Subject: Re: [RFC PATCH 03/12] kvm/vmx: Introduce the new tertiary processor-based VM-execution controls
Date: Wed, 03 Feb 2021 09:45:21 +0100 [thread overview]
Message-ID: <87bld1pmji.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <8310773354ce83691afae0e463e42ecf5cc572f5.camel@linux.intel.com>
Robert Hoo <robert.hu@linux.intel.com> writes:
> On Mon, 2021-01-25 at 10:41 +0100, Vitaly Kuznetsov wrote:
>> Robert Hoo <robert.hu@linux.intel.com> writes:
>> We'll have to do something about Enlightened VMCS I believe. In
>> theory,
>> when eVMCS is in use, 'CPU_BASED_ACTIVATE_TERTIARY_CONTROLS' should
>> not
>> be exposed, e.g. when KVM hosts a EVMCS enabled guest the control
>> should
>> be filtered out. Something like (completely untested):
>>
>> diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
>> index 41f24661af04..c44ff05f3235 100644
>> --- a/arch/x86/kvm/vmx/evmcs.c
>> +++ b/arch/x86/kvm/vmx/evmcs.c
>> @@ -299,6 +299,7 @@ const unsigned int nr_evmcs_1_fields =
>> ARRAY_SIZE(vmcs_field_to_evmcs_1);
>>
>> __init void evmcs_sanitize_exec_ctrls(struct vmcs_config *vmcs_conf)
>> {
>> + vmcs_conf->cpu_based_exec_ctrl &=
>> ~EVMCS1_UNSUPPORTED_EXEC_CTRL;
>> vmcs_conf->pin_based_exec_ctrl &=
>> ~EVMCS1_UNSUPPORTED_PINCTRL;
>> vmcs_conf->cpu_based_2nd_exec_ctrl &=
>> ~EVMCS1_UNSUPPORTED_2NDEXEC;
>>
>> diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h
>> index bd41d9462355..bf2c5e7a4a8f 100644
>> --- a/arch/x86/kvm/vmx/evmcs.h
>> +++ b/arch/x86/kvm/vmx/evmcs.h
>> @@ -50,6 +50,7 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs);
>> */
>> #define EVMCS1_UNSUPPORTED_PINCTRL (PIN_BASED_POSTED_INTR | \
>> PIN_BASED_VMX_PREEMPTION_TIMER)
>> +#define EVMCS1_UNSUPPORTED_EXEC_CTRL
>> (CPU_BASED_ACTIVATE_TERTIARY_CONTROLS)
>> #define
>> EVMCS1_UNSUPPORTED_2NDEXEC \
>> (SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY
>> | \
>> SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES
>> | \
>>
>> should do the job I think.
>>
> Hi Vitaly,
>
> I'm going to incorporate above patch in my next version. Shall I have
> it your signed-off-by?
> [setup_vmcs_config: filter out tertiary control when using eVMCS]
> signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
You can just incorporate it into your patch or, in case you want to have
it separate, feel free just add a 'Suggested-by: Vitaly Kuznetsov
<vkuznets@redhat.com>' tag.
Thanks!
--
Vitaly
next prev parent reply other threads:[~2021-02-03 8:47 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 9:06 [RFC PATCH 00/12] KVM: Support Intel KeyLocker Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 01/12] x86/keylocker: Move LOADIWKEY opcode definition from keylocker.c to keylocker.h Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 02/12] x86/cpufeature: Add CPUID.19H:{EBX,ECX} cpuid leaves Robert Hoo
2021-04-05 15:32 ` Sean Christopherson
2021-04-06 3:34 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 03/12] kvm/vmx: Introduce the new tertiary processor-based VM-execution controls Robert Hoo
2021-01-25 9:41 ` Vitaly Kuznetsov
2021-01-26 9:27 ` Robert Hoo
2021-02-03 6:32 ` Robert Hoo
2021-02-03 8:45 ` Vitaly Kuznetsov [this message]
2021-04-05 15:38 ` Sean Christopherson
2021-04-06 3:37 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 04/12] kvm/vmx: enable LOADIWKEY vm-exit support in " Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 05/12] kvm/vmx: Add KVM support on KeyLocker operations Robert Hoo
2021-04-05 16:25 ` Sean Christopherson
2021-04-08 5:44 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 06/12] kvm/cpuid: Enumerate KeyLocker feature in KVM Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 07/12] kvm/vmx/nested: Support new IA32_VMX_PROCBASED_CTLS3 vmx feature control MSR Robert Hoo
2021-04-05 15:44 ` Sean Christopherson
2021-04-08 5:45 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 08/12] kvm/vmx: Refactor vmx_compute_tertiary_exec_control() Robert Hoo
2021-04-05 15:46 ` Sean Christopherson
2021-04-08 5:45 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 09/12] kvm/vmx/vmcs12: Add Tertiary Exec-Control field in vmcs12 Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 10/12] kvm/vmx/nested: Support tertiary VM-Exec control in vmcs02 Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 11/12] kvm/vmx/nested: Support CR4.KL in nested Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 12/12] kvm/vmx/nested: Enable nested LOADIWKey VM-exit Robert Hoo
2021-04-05 16:03 ` [RFC PATCH 00/12] KVM: Support Intel KeyLocker Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bld1pmji.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=chang.seok.bae@intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=robert.hu@intel.com \
--cc=robert.hu@linux.intel.com \
--cc=seanjc@google.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.