From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Sean Christopherson <seanjc@google.com>
Cc: kvm@vger.kernel.org
Subject: Re: [RFC PATCH v6 06/36] KVM: nVMX: Treat eVMCS as enabled for guest iff Hyper-V is also enabled
Date: Thu, 25 Aug 2022 12:21:05 +0200 [thread overview]
Message-ID: <87r114wrn2.fsf@redhat.com> (raw)
In-Reply-To: <20220824030138.3524159-7-seanjc@google.com>
Sean Christopherson <seanjc@google.com> writes:
> When querying whether or not eVMCS is enabled on behalf of the guest,
> treat eVMCS as enable if and only if Hyper-V is enabled/exposed to the
> guest.
>
> Note, flows that come from the host, e.g. KVM_SET_NESTED_STATE, must NOT
> check for Hyper-V being enabled as KVM doesn't require guest CPUID to be
> set before most ioctls().
>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> arch/x86/kvm/vmx/evmcs.c | 3 +++
> arch/x86/kvm/vmx/nested.c | 8 ++++----
> arch/x86/kvm/vmx/vmx.c | 3 +--
> arch/x86/kvm/vmx/vmx.h | 10 ++++++++++
> 4 files changed, 18 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
> index 6a61b1ae7942..9139c70b6008 100644
> --- a/arch/x86/kvm/vmx/evmcs.c
> +++ b/arch/x86/kvm/vmx/evmcs.c
> @@ -334,6 +334,9 @@ uint16_t nested_get_evmcs_version(struct kvm_vcpu *vcpu)
> * versions: lower 8 bits is the minimal version, higher 8 bits is the
> * maximum supported version. KVM supports versions from 1 to
> * KVM_EVMCS_VERSION.
> + *
> + * Note, do not check the Hyper-V is fully enabled in guest CPUID, this
> + * helper is used to _get_ the vCPU's supported CPUID.
> */
> if (kvm_cpu_cap_get(X86_FEATURE_VMX) &&
> (!vcpu || to_vmx(vcpu)->nested.enlightened_vmcs_enabled))
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index ddd4367d4826..28f9d64851b3 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -1982,7 +1982,7 @@ static enum nested_evmptrld_status nested_vmx_handle_enlightened_vmptrld(
> bool evmcs_gpa_changed = false;
> u64 evmcs_gpa;
>
> - if (likely(!vmx->nested.enlightened_vmcs_enabled))
> + if (likely(!guest_cpuid_has_evmcs(vcpu)))
> return EVMPTRLD_DISABLED;
>
> if (!nested_enlightened_vmentry(vcpu, &evmcs_gpa)) {
> @@ -2863,7 +2863,7 @@ static int nested_vmx_check_controls(struct kvm_vcpu *vcpu,
> nested_check_vm_entry_controls(vcpu, vmcs12))
> return -EINVAL;
>
> - if (to_vmx(vcpu)->nested.enlightened_vmcs_enabled)
> + if (guest_cpuid_has_evmcs(vcpu))
> return nested_evmcs_check_controls(vmcs12);
>
> return 0;
> @@ -3145,7 +3145,7 @@ static bool nested_get_evmcs_page(struct kvm_vcpu *vcpu)
> * L2 was running), map it here to make sure vmcs12 changes are
> * properly reflected.
> */
> - if (vmx->nested.enlightened_vmcs_enabled &&
> + if (guest_cpuid_has_evmcs(vcpu) &&
> vmx->nested.hv_evmcs_vmptr == EVMPTR_MAP_PENDING) {
> enum nested_evmptrld_status evmptrld_status =
> nested_vmx_handle_enlightened_vmptrld(vcpu, false);
> @@ -5067,7 +5067,7 @@ static int handle_vmclear(struct kvm_vcpu *vcpu)
> * state. It is possible that the area will stay mapped as
> * vmx->nested.hv_evmcs but this shouldn't be a problem.
> */
> - if (likely(!vmx->nested.enlightened_vmcs_enabled ||
> + if (likely(!guest_cpuid_has_evmcs(vcpu) ||
> !nested_enlightened_vmentry(vcpu, &evmcs_gpa))) {
> if (vmptr == vmx->nested.current_vmptr)
> nested_release_vmcs12(vcpu);
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index c9b49a09e6b5..d4ed802947d7 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -1930,8 +1930,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> * sanity checking and refuse to boot. Filter all unsupported
> * features out.
> */
> - if (!msr_info->host_initiated &&
> - vmx->nested.enlightened_vmcs_enabled)
> + if (!msr_info->host_initiated && guest_cpuid_has_evmcs(vcpu))
> nested_evmcs_filter_control_msr(msr_info->index,
> &msr_info->data);
> break;
> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> index 24d58c2ffaa3..35c7e6aef301 100644
> --- a/arch/x86/kvm/vmx/vmx.h
> +++ b/arch/x86/kvm/vmx/vmx.h
> @@ -626,4 +626,14 @@ static inline bool vmx_can_use_ipiv(struct kvm_vcpu *vcpu)
> return lapic_in_kernel(vcpu) && enable_ipiv;
> }
>
> +static inline bool guest_cpuid_has_evmcs(struct kvm_vcpu *vcpu)
> +{
> + /*
> + * eVMCS is exposed to the guest if Hyper-V is enabled in CPUID and
> + * eVMCS has been explicitly enabled by userspace.
> + */
> + return vcpu->arch.hyperv_enabled &&
> + to_vmx(vcpu)->nested.enlightened_vmcs_enabled;
I don't quite like 'guest_cpuid_has_evmcs' name as it makes me think
we're checking if eVMCS was exposed in guest CPUID but in fact we don't
do that. eVMCS can be enabled on a vCPU even if it is not exposed in
CPUID (and we should probably keep that to not mandate setting CPUID
before enabling eVMCS).
What about e.g. vcpu_has_evmcs_enabled() instead?
On a related not, any reason to put this to vmx/vmx.h and not
vmx/evmcs.h?
> +}
> +
> #endif /* __KVM_X86_VMX_H */
--
Vitaly
next prev parent reply other threads:[~2022-08-25 10:21 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-24 3:01 [RFC PATCH v6 00/36] KVM: x86: eVMCS rework Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 01/36] x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 02/36] x86/hyperv: Update " Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 03/36] KVM: x86: Zero out entire Hyper-V CPUID cache before processing entries Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 04/36] KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 05/36] KVM: x86: Report error when setting CPUID if Hyper-V allocation fails Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 06/36] KVM: nVMX: Treat eVMCS as enabled for guest iff Hyper-V is also enabled Sean Christopherson
2022-08-25 10:21 ` Vitaly Kuznetsov [this message]
2022-08-25 14:48 ` Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 07/36] KVM: nVMX: Refactor unsupported eVMCS controls logic to use 2-d array Sean Christopherson
2022-08-25 10:24 ` Vitaly Kuznetsov
2022-08-24 3:01 ` [RFC PATCH v6 08/36] KVM: nVMX: Use CC() macro to handle eVMCS unsupported controls checks Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 09/36] KVM: nVMX: Enforce unsupported eVMCS in VMX MSRs for host accesses Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 10/36] KVM: VMX: Define VMCS-to-EVMCS conversion for the new fields Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 11/36] KVM: nVMX: Support several new fields in eVMCSv1 Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 12/36] KVM: x86: hyper-v: Cache HYPERV_CPUID_NESTED_FEATURES CPUID leaf Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 13/36] KVM: selftests: Add ENCLS_EXITING_BITMAP{,HIGH} VMCS fields Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 14/36] KVM: selftests: Switch to updated eVMCSv1 definition Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 15/36] KVM: nVMX: WARN once and fail VM-Enter if eVMCS sees VMFUNC[63:32] != 0 Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 16/36] KVM: nVMX: Support PERF_GLOBAL_CTRL with enlightened VMCS Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 17/36] KVM: nVMX: Support TSC scaling " Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 18/36] KVM: selftests: Enable TSC scaling in evmcs selftest Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 19/36] KVM: VMX: Get rid of eVMCS specific VMX controls sanitization Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 20/36] KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02 Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 21/36] KVM: nVMX: Always emulate PERF_GLOBAL_CTRL VM-Entry/VM-Exit controls Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 22/36] KVM: VMX: Check VM_ENTRY_IA32E_MODE in setup_vmcs_config() Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 23/36] KVM: VMX: Check CPU_BASED_{INTR,NMI}_WINDOW_EXITING " Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 24/36] KVM: VMX: Tweak the special handling of SECONDARY_EXEC_ENCLS_EXITING " Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 25/36] KVM: VMX: Don't toggle VM_ENTRY_IA32E_MODE for 32-bit kernels/KVM Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 26/36] KVM: VMX: Extend VMX controls macro shenanigans Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 27/36] KVM: VMX: Move CPU_BASED_CR8_{LOAD,STORE}_EXITING filtering out of setup_vmcs_config() Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 28/36] KVM: VMX: Add missing VMEXIT controls to vmcs_config Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 29/36] KVM: VMX: Add missing CPU based VM execution " Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 30/36] KVM: VMX: Adjust CR3/INVPLG interception for EPT=y at runtime, not setup Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 31/36] KVM: x86: VMX: Replace some Intel model numbers with mnemonics Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 32/36] KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config() Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 33/36] KVM: nVMX: Always set required-1 bits of pinbased_ctls to PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 34/36] KVM: nVMX: Use sanitized allowed-1 bits for VMX control MSRs Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 35/36] KVM: VMX: Cache MSR_IA32_VMX_MISC in vmcs_config Sean Christopherson
2022-08-24 3:01 ` [RFC PATCH v6 36/36] KVM: nVMX: Use cached host MSR_IA32_VMX_MISC value for setting up nested MSR Sean Christopherson
2022-08-25 18:08 ` [RFC PATCH v6 00/36] KVM: x86: eVMCS rework Vitaly Kuznetsov
2022-08-25 18:29 ` Sean Christopherson
2022-08-26 17:19 ` Vitaly Kuznetsov
2022-08-27 14:03 ` Vitaly Kuznetsov
2022-08-29 15:54 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r114wrn2.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.