From: Sean Christopherson <seanjc@google.com>
To: Yang Weijiang <weijiang.yang@intel.com>
Cc: pbonzini@redhat.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org,
Vitaly Kuznetsov <vkuznets@redhat.com>
Subject: Re: [PATCH v2] KVM: nVMX: Sync L2 guest CET states between L1/L2
Date: Mon, 1 Mar 2021 09:46:19 -0800 [thread overview]
Message-ID: <YD0oa99pgXqlS07h@google.com> (raw)
In-Reply-To: <20210225030951.17099-2-weijiang.yang@intel.com>
+Vitaly
On Thu, Feb 25, 2021, Yang Weijiang wrote:
> These fields are rarely updated by L1 QEMU/KVM, sync them when L1 is trying to
> read/write them and after they're changed. If CET guest entry-load bit is not
> set by L1 guest, migrate them to L2 manaully.
>
> Suggested-by: Sean Christopherson <seanjc@google.com>
> Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
>
> change in v2:
> - Per Sean's review feedback, change CET guest states as rarely-updated fields.
> And also migrate L1's CET states to L2 if the entry-load bit is not set.
> - Opportunistically removed one blank line.
> ---
> arch/x86/kvm/cpuid.c | 1 -
> arch/x86/kvm/vmx/nested.c | 29 +++++++++++++++++++++++++++++
> arch/x86/kvm/vmx/vmx.h | 3 +++
> 3 files changed, 32 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 46087bca9418..afc97122c05c 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -143,7 +143,6 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu)
> }
> vcpu->arch.guest_supported_xss =
> (((u64)best->edx << 32) | best->ecx) & supported_xss;
> -
> } else {
> vcpu->arch.guest_supported_xss = 0;
> }
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 9728efd529a1..1703b8874fad 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -2516,6 +2516,12 @@ static void prepare_vmcs02_rare(struct vcpu_vmx *vmx, struct vmcs12 *vmcs12)
> vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr);
>
> set_cr4_guest_host_mask(vmx);
> +
> + if (kvm_cet_supported()) {
This needs to be conditioned on CET coming from vmcs12, it's on the loading of
host state on VM-Exit that is unconditional (if CET is supported).
if (kvm_cet_supported() && vmx->nested.nested_run_pending &&
(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_CET_STATE)) {
I also assume these should be guarded by one of the eVMCS fields, though a quick
search of the public docs didn't provide a hit on the CET fields.
Vitaly, any idea if these will be GUEST_GRP2 or something else?
> + vmcs_writel(GUEST_SSP, vmcs12->guest_ssp);
> + vmcs_writel(GUEST_S_CET, vmcs12->guest_s_cet);
> + vmcs_writel(GUEST_INTR_SSP_TABLE, vmcs12->guest_ssp_tbl);
> + }
> }
next prev parent reply other threads:[~2021-03-01 17:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-25 3:09 [PATCH] KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled Yang Weijiang
2021-02-25 3:09 ` [PATCH v2] KVM: nVMX: Sync L2 guest CET states between L1/L2 Yang Weijiang
2021-03-01 17:46 ` Sean Christopherson [this message]
2021-03-02 9:05 ` Yang Weijiang
2021-03-02 9:33 ` Paolo Bonzini
2021-03-02 10:35 ` Vitaly Kuznetsov
2021-03-03 6:09 ` Yang Weijiang
2021-03-01 17:39 ` [PATCH] KVM: nVMX: Set X86_CR4_CET in cr4_fixed1_bits if CET IBT is enabled Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YD0oa99pgXqlS07h@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=vkuznets@redhat.com \
--cc=weijiang.yang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.