Re: [PATCH] KVM: x86: Always set kvm_run->if_flag

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Marc Orr <marcorr@google.com>,
	pbonzini@redhat.com, vkuznets@redhat.com, wanpengli@tencent.com,
	jmattson@google.com, joro@8bytes.org, tglx@linutronix.de,
	mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
	x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: x86: Always set kvm_run->if_flag
Date: Tue, 7 Dec 2021 16:34:43 +0000	[thread overview]
Message-ID: <Ya+NIxO5pIkB8057@google.com> (raw)
In-Reply-To: <5e69c0ca-389c-3ace-7559-edd901a0ab3c@amd.com>

On Tue, Dec 07, 2021, Tom Lendacky wrote:
> On 12/7/21 9:14 AM, Marc Orr wrote:
> > On Tue, Dec 7, 2021 at 6:43 AM Tom Lendacky <thomas.lendacky@amd.com> wrote:
> > > > +static bool svm_get_if_flag(struct kvm_vcpu *vcpu)
> > > > +{
> > > > +     struct vmcb *vmcb = to_svm(vcpu)->vmcb;
> > > > +
> > > > +     return !!(vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK);
> > > 
> > > I'm not sure if this is always valid to use for non SEV-ES guests. Maybe
> > > the better thing would be:
> > > 
> > >          return sev_es_guest(vcpu->kvm) ? vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK
> > >                                         : kvm_get_rflags(vcpu) & X86_EFLAGS_IF;
> > > 
> > > (Since this function returns a bool, I don't think you need the !!)
> > 
> > I had the same reservations when writing the patch. (Why fix what's
> > not broken.) The reason I wrote the patch this way is based on what I
> > read in APM vol2: Appendix B Layout of VMCB: "GUEST_INTERRUPT_MASK -
> > Value of the RFLAGS.IF bit for the guest."
> 
> I just verified with the hardware team that this flag is indeed only set for
> a guest with protected state (SEV-ES / SEV-SNP). An update to the APM will
> be made.

svm_interrupt_blocked() should be modified to use the new svm_get_if_flag()
helper so that the SEV-{ES,SN} behavior is contained in a single location, e.g.

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 208566f63bce..fef04e9fa9c9 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -3583,14 +3583,10 @@ bool svm_interrupt_blocked(struct kvm_vcpu *vcpu)
        if (!gif_set(svm))
                return true;

-       if (sev_es_guest(vcpu->kvm)) {
-               /*
-                * SEV-ES guests to not expose RFLAGS. Use the VMCB interrupt mask
-                * bit to determine the state of the IF flag.
-                */
-               if (!(vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK))
+       if (!is_guest_mode(vcpu)) {
+               if (!svm_get_if_flag(vcpu))
                        return true;
-       } else if (is_guest_mode(vcpu)) {
+       } else {
                /* As long as interrupts are being delivered...  */
                if ((svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK)
                    ? !(svm->vmcb01.ptr->save.rflags & X86_EFLAGS_IF)
@@ -3600,9 +3596,6 @@ bool svm_interrupt_blocked(struct kvm_vcpu *vcpu)
                /* ... vmexits aren't blocked by the interrupt shadow  */
                if (nested_exit_on_intr(svm))
                        return false;
-       } else {
-               if (!(kvm_get_rflags(vcpu) & X86_EFLAGS_IF))
-                       return true;
        }

        return (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK);

next prev parent reply	other threads:[~2021-12-07 16:34 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-07  4:31 [PATCH] KVM: x86: Always set kvm_run->if_flag Marc Orr
2021-12-07  4:49 ` Jim Mattson
2021-12-07 14:43 ` Tom Lendacky
2021-12-07 15:14   ` Marc Orr
2021-12-07 15:33     ` Maxim Levitsky
2021-12-07 16:00     ` Tom Lendacky
2021-12-07 16:34       ` Sean Christopherson [this message]
2021-12-07 17:28         ` Marc Orr
2021-12-07 17:28       ` Marc Orr
2021-12-09 17:52         ` Paolo Bonzini

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:208566f63bc dfblob:fef04e9fa9c )
 OR (
bs:"Re: [PATCH] KVM: x86: Always set kvm_run->if_flag" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Ya+NIxO5pIkB8057@google.com \
    --to=seanjc@google.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcorr@google.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.