[GIT PULL] KVM: Non-x86 changes for 6.4

[GIT PULL] KVM: Non-x86 changes for 6.4

[Sean Christopherson]

Non-x86, a.k.a. generic, KVM changes for 6.4.  Nothing particularly
interesting, just a random smattering of one-off patches.

The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:

  KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.4

for you to fetch changes up to b0d237087c674c43df76c1a0bc2737592f3038f4:

  KVM: Fix comments that refer to the non-existent install_new_memslots() (2023-03-24 08:20:17 -0700)

----------------------------------------------------------------
Common KVM changes for 6.4:

 - Drop unnecessary casts from "void *" throughout kvm_main.c

 - Tweak the layout of "struct kvm_mmu_memory_cache" to shrink the struct
   size by 8 bytes on 64-bit kernels by utilizing a padding hole

 - Fix a documentation format goof that was introduced when the KVM docs
   were converted to ReST

 - Constify MIPS's internal callbacks (a leftover from the hardware enabling
   rework that landed in 6.3)

----------------------------------------------------------------
Jun Miao (1):
      KVM: Fix comments that refer to the non-existent install_new_memslots()

Li kunyu (1):
      kvm: kvm_main: Remove unnecessary (void*) conversions

Mathias Krause (1):
      KVM: Shrink struct kvm_mmu_memory_cache

Sean Christopherson (1):
      KVM: MIPS: Make kvm_mips_callbacks const

Shaoqin Huang (1):
      KVM: Add the missed title format

 Documentation/virt/kvm/api.rst     |  1 +
 Documentation/virt/kvm/locking.rst |  2 +-
 arch/mips/include/asm/kvm_host.h   |  2 +-
 arch/mips/kvm/vz.c                 |  2 +-
 include/linux/kvm_host.h           |  4 ++--
 include/linux/kvm_types.h          |  2 +-
 virt/kvm/kvm_main.c                | 26 ++++++++++++--------------
 7 files changed, 19 insertions(+), 20 deletions(-)

[GIT PULL] KVM: x86: Misc changes for 6.4.

[Sean Christopherson]

KVM x86 "misc" changes for 6.4.  The two highlights are Mathias'
optimization for CR0.WP toggling and Binbin's addition of helpers to query
individual CR0/CR4 bits (a very nice and overdue cleanup).

The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:

  KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.4

for you to fetch changes up to cf9f4c0eb1699d306e348b1fd0225af7b2c282d3:

  KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults (2023-04-10 15:25:36 -0700)

----------------------------------------------------------------
KVM x86 changes for 6.4:

 - Optimize CR0.WP toggling by avoiding an MMU reload when TDP is enabled,
   and by giving the guest control of CR0.WP when EPT is enabled on VMX
   (VMX-only because SVM doesn't support per-bit controls)

 - Add CR0/CR4 helpers to query single bits, and clean up related code
   where KVM was interpreting kvm_read_cr4_bits()'s "unsigned long" return
   as a bool

 - Move AMD_PSFD to cpufeatures.h and purge KVM's definition

 - Misc cleanups

----------------------------------------------------------------
Binbin Wu (4):
      KVM: x86: Add helpers to query individual CR0/CR4 bits
      KVM: x86: Use boolean return value for is_{pae,pse,paging}()
      KVM: SVM: Use kvm_is_cr4_bit_set() to query SMAP/SMEP in "can emulate"
      KVM: x86: Change return type of is_long_mode() to bool

Mathias Krause (4):
      KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP enabled
      KVM: x86: Ignore CR0.WP toggles in non-paging mode
      KVM: x86: Make use of kvm_read_cr*_bits() when testing bits
      KVM: VMX: Make CR0.WP a guest owned bit

Robert Hoo (1):
      KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4()

Sean Christopherson (4):
      KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0()
      x86: KVM: Add common feature flag for AMD's PSFD
      KVM: x86: Assert that the emulator doesn't load CS with garbage in !RM
      KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults

Tom Rix (1):
      KVM: x86: set "mitigate_smt_rsb" storage-class-specifier to static

 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/kvm/cpuid.c               | 12 +++-------
 arch/x86/kvm/emulate.c             |  8 +++++++
 arch/x86/kvm/kvm_cache_regs.h      | 18 ++++++++++++++-
 arch/x86/kvm/mmu.h                 | 28 ++++++++++++++++++++++--
 arch/x86/kvm/mmu/mmu.c             | 15 +++++++++++++
 arch/x86/kvm/pmu.c                 |  4 ++--
 arch/x86/kvm/svm/svm.c             |  6 ++---
 arch/x86/kvm/vmx/nested.c          |  6 ++---
 arch/x86/kvm/vmx/vmx.c             |  8 +++----
 arch/x86/kvm/vmx/vmx.h             | 18 +++++++++++++++
 arch/x86/kvm/x86.c                 | 45 ++++++++++++++++++++++++--------------
 arch/x86/kvm/x86.h                 | 22 +++++++++----------
 13 files changed, 139 insertions(+), 52 deletions(-)

[GIT PULL] KVM: x86: MMU changes for 6.4

[Sean Christopherson]

KVM x86/mmu changes for 6.4.  The highlights are optimizations from Lai
(.invlpg(), .sync_page(), and rmaps) and Vipin (A/D harvesting).

I am also planning on sending the "persistent TDP MMU roots" patch[*] for
6.4-rc1, just waiting a few more days to give syzbot extra time to beat on
v2, and to settle on whether to guard VM desctruction with mmu_lock or RCU.

[*] https://lore.kernel.org/all/20230421214946.2571580-1-seanjc@google.com


The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:

  KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-mmu-6.4

for you to fetch changes up to 9ed3bf411226f446a9795f2b49a15b9df98d7cf5:

  KVM: x86/mmu: Move filling of Hyper-V's TLB range struct into Hyper-V code (2023-04-10 15:17:29 -0700)

----------------------------------------------------------------
KVM x86 MMU changes for 6.4:

 - Tweak FNAME(sync_spte) to avoid unnecessary writes+flushes when the
   guest is only adding new PTEs

 - Overhaul .sync_page() and .invlpg() to share the .sync_page()
   implementation, i.e. utilize .sync_page()'s optimizations when emulating
   invalidations

 - Clean up the range-based flushing APIs

 - Revamp the TDP MMU's reaping of Accessed/Dirty bits to clear a single
   A/D bit using a LOCK AND instead of XCHG, and skip all of the "handle
   changed SPTE" overhead associated with writing the entire entry

 - Track the number of "tail" entries in a pte_list_desc to avoid having
   to walk (potentially) all descriptors during insertion and deletion,
   which gets quite expensive if the guest is spamming fork()

 - Misc cleanups

----------------------------------------------------------------
David Matlack (3):
      KVM: x86/mmu: Collapse kvm_flush_remote_tlbs_with_{range,address}() together
      KVM: x86/mmu: Rename kvm_flush_remote_tlbs_with_address()
      KVM: x86/mmu: Use gfn_t in kvm_flush_remote_tlbs_range()

Lai Jiangshan (14):
      KVM: x86/mmu: Use 64-bit address to invalidate to fix a subtle bug
      KVM: x86/mmu: Move the check in FNAME(sync_page) as kvm_sync_page_check()
      KVM: x86/mmu: Check mmu->sync_page pointer in kvm_sync_page_check()
      KVM: x86/mmu: Set mmu->sync_page as NULL for direct paging
      KVM: x86/mmu: Move the code out of FNAME(sync_page)'s loop body into mmu.c
      KVM: x86/mmu: Reduce the update to the spte in FNAME(sync_spte)
      kvm: x86/mmu: Use KVM_MMU_ROOT_XXX for kvm_mmu_invalidate_addr()
      KVM: x86/mmu: Use kvm_mmu_invalidate_addr() in kvm_mmu_invpcid_gva()
      KVM: x86/mmu: Use kvm_mmu_invalidate_addr() in nested_ept_invalidate_addr()
      KVM: x86/mmu: Allow the roots to be invalid in FNAME(invlpg)
      KVM: x86/mmu: Remove FNAME(invlpg) and use FNAME(sync_spte) to update vTLB instead.
      kvm: x86/mmu: Remove @no_dirty_log from FNAME(prefetch_gpte)
      KVM: x86/mmu: Skip calling mmu->sync_spte() when the spte is 0
      KVM: x86/mmu: Track tail count in pte_list_desc to optimize guest fork()

Mathias Krause (1):
      KVM: x86/mmu: Fix comment typo

Paolo Bonzini (1):
      KVM: x86/mmu: Avoid indirect call for get_cr3

Sean Christopherson (6):
      KVM: x86/mmu: Sanity check input to kvm_mmu_free_roots()
      KVM: x86/mmu: Rename slot rmap walkers to add clarity and clean up code
      KVM: x86/mmu: Replace comment with an actual lockdep assertion on mmu_lock
      KVM: x86/mmu: Clean up mmu.c functions that put return type on separate line
      KVM: x86: Rename Hyper-V remote TLB hooks to match established scheme
      KVM: x86/mmu: Move filling of Hyper-V's TLB range struct into Hyper-V code

Vipin Sharma (13):
      KVM: x86/mmu: Add a helper function to check if an SPTE needs atomic write
      KVM: x86/mmu: Use kvm_ad_enabled() to determine if TDP MMU SPTEs need wrprot
      KVM: x86/mmu: Consolidate Dirty vs. Writable clearing logic in TDP MMU
      KVM: x86/mmu: Atomically clear SPTE dirty state in the clear-dirty-log flow
      KVM: x86/mmu: Drop access tracking checks when clearing TDP MMU dirty bits
      KVM: x86/mmu: Bypass __handle_changed_spte() when clearing TDP MMU dirty bits
      KVM: x86/mmu: Remove "record_dirty_log" in __tdp_mmu_set_spte()
      KVM: x86/mmu: Clear only A-bit (if enabled) when aging TDP MMU SPTEs
      KVM: x86/mmu: Drop unnecessary dirty log checks when aging TDP MMU SPTEs
      KVM: x86/mmu: Bypass __handle_changed_spte() when aging TDP MMU SPTEs
      KVM: x86/mmu: Remove "record_acc_track" in __tdp_mmu_set_spte()
      KVM: x86/mmu: Remove handle_changed_spte_dirty_log()
      KVM: x86/mmu: Merge all handle_changed_pte*() functions

 arch/x86/include/asm/kvm-x86-ops.h |   4 +-
 arch/x86/include/asm/kvm_host.h    |  32 +--
 arch/x86/kvm/kvm_onhyperv.c        |  33 ++-
 arch/x86/kvm/kvm_onhyperv.h        |   5 +-
 arch/x86/kvm/mmu/mmu.c             | 506 ++++++++++++++++++++++---------------
 arch/x86/kvm/mmu/mmu_internal.h    |   8 +-
 arch/x86/kvm/mmu/paging_tmpl.h     | 224 +++++-----------
 arch/x86/kvm/mmu/spte.c            |   2 +-
 arch/x86/kvm/mmu/tdp_iter.h        |  48 +++-
 arch/x86/kvm/mmu/tdp_mmu.c         | 215 ++++++----------
 arch/x86/kvm/svm/svm_onhyperv.h    |   5 +-
 arch/x86/kvm/vmx/nested.c          |   5 +-
 arch/x86/kvm/vmx/vmx.c             |   5 +-
 arch/x86/kvm/x86.c                 |   4 +-
 14 files changed, 522 insertions(+), 574 deletions(-)

[GIT PULL] KVM: x86: PMU changes for 6.4

[Sean Christopherson]

KVM x86/pmu changes for 6.4.  Hiding in the pile of selftests changes are a
a handful of small-but-important fixes.

Note, this superficially conflicts with the PRED_CMD/FLUSH_CMD changes
sitting in kvm/next due to "KVM: VMX: Refactor intel_pmu_{g,}set_msr() to
align with other helpers".  The resolution I have been using when preparing
kvm-x86/next for linux-next is to replace a "return 0" with a "break".

The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:

  KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-pmu-6.4

for you to fetch changes up to 457bd7af1a17182e7f1f97eeb5d9107f8699e99d:

  KVM: selftests: Test the PMU event "Instructions retired" (2023-04-14 13:21:38 -0700)

----------------------------------------------------------------
KVM x86 PMU changes for 6.4:

 - Disallow virtualizing legacy LBRs if architectural LBRs are available,
   the two are mutually exclusive in hardware

 - Disallow writes to immutable feature MSRs (notably PERF_CAPABILITIES)
   after KVM_RUN, and overhaul the vmx_pmu_caps selftest to better
   validate PERF_CAPABILITIES

 - Apply PMU filters to emulated events and add test coverage to the
   pmu_event_filter selftest

 - Misc cleanups and fixes

----------------------------------------------------------------
Aaron Lewis (5):
      KVM: x86/pmu: Prevent the PMU from counting disallowed events
      KVM: selftests: Add a common helper for the PMU event filter guest code
      KVM: selftests: Add helpers for PMC asserts in PMU event filter test
      KVM: selftests: Print detailed info in PMU event filter asserts
      KVM: selftests: Test the PMU event "Instructions retired"

Like Xu (4):
      KVM: x86/pmu: Zero out pmu->all_valid_pmc_idx each time it's refreshed
      KVM: x86/pmu: Rename pmc_is_enabled() to pmc_is_globally_enabled()
      KVM: x86/pmu: Rewrite reprogram_counters() to improve performance
      KVM: x86/pmu: Fix a typo in kvm_pmu_request_counter_reprogam()

Mathias Krause (1):
      KVM: x86: Shrink struct kvm_pmu

Sean Christopherson (25):
      KVM: x86/pmu: Disallow legacy LBRs if architectural LBRs are available
      KVM: x86: Rename kvm_init_msr_list() to clarify it inits multiple lists
      KVM: x86: Add a helper to query whether or not a vCPU has ever run
      KVM: x86: Add macros to track first...last VMX feature MSRs
      KVM: x86: Generate set of VMX feature MSRs using first/last definitions
      KVM: selftests: Split PMU caps sub-tests to avoid writing MSR after KVM_RUN
      KVM: x86: Disallow writes to immutable feature MSRs after KVM_RUN
      KVM: x86/pmu: WARN and bug the VM if PMU is refreshed after vCPU has run
      KVM: x86/pmu: Zero out LBR capabilities during PMU refresh
      KVM: selftests: Move 0/initial value PERF_CAPS checks to dedicated sub-test
      KVM: selftests: Assert that full-width PMC writes are supported if PDCM=1
      KVM: selftests: Print out failing MSR and value in vcpu_set_msr()
      KVM: selftests: Verify KVM preserves userspace writes to "durable" MSRs
      KVM: selftests: Drop now-redundant checks on PERF_CAPABILITIES writes
      KVM: selftests: Test all fungible features in PERF_CAPABILITIES
      KVM: selftests: Test all immutable non-format bits in PERF_CAPABILITIES
      KVM: selftests: Expand negative testing of guest writes to PERF_CAPABILITIES
      KVM: selftests: Test post-KVM_RUN writes to PERF_CAPABILITIES
      KVM: selftests: Drop "all done!" printf() from PERF_CAPABILITIES test
      KVM: selftests: Refactor LBR_FMT test to avoid use of separate macro
      KVM: selftests: Add negative testcase for PEBS format in PERF_CAPABILITIES
      KVM: selftests: Verify LBRs are disabled if vPMU is disabled
      KVM: VMX: Refactor intel_pmu_{g,}set_msr() to align with other helpers
      KVM: selftests: Use error codes to signal errors in PMU event filter test
      KVM: selftests: Copy full counter values from guest in PMU event filter test

 arch/x86/include/asm/kvm_host.h                    |   2 +-
 arch/x86/kvm/cpuid.c                               |   2 +-
 arch/x86/kvm/mmu/mmu.c                             |   2 +-
 arch/x86/kvm/pmu.c                                 |  21 +-
 arch/x86/kvm/pmu.h                                 |   2 +-
 arch/x86/kvm/svm/pmu.c                             |   2 +-
 arch/x86/kvm/svm/svm.c                             |   2 +-
 arch/x86/kvm/vmx/pmu_intel.c                       | 135 ++++++-----
 arch/x86/kvm/vmx/vmx.c                             |  16 +-
 arch/x86/kvm/x86.c                                 | 102 ++++++---
 arch/x86/kvm/x86.h                                 |  13 ++
 .../selftests/kvm/include/x86_64/processor.h       |  41 +++-
 .../selftests/kvm/x86_64/pmu_event_filter_test.c   | 252 ++++++++++++---------
 .../selftests/kvm/x86_64/vmx_pmu_caps_test.c       | 248 ++++++++++++++++----
 14 files changed, 565 insertions(+), 275 deletions(-)

[GIT PULL] KVM: x86: Selftests changes for 6.4

[Sean Christopherson]

KVM x86 selftests change for 6.4.  And an AMX+XCR0 bugfix that I landed here
to avoid creating a mess of unnecessary conflicts between the series to
overhaul the AMX test and the related selftests changes to verify the fix.

The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:

  KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-selftests-6.4

for you to fetch changes up to 20aef201dafba6a1ffe9daa145c7f2c525b74aae:

  KVM: selftests: Fix spelling mistake "perrmited" -> "permitted" (2023-04-14 10:04:51 -0700)

----------------------------------------------------------------
KVM selftests, and an AMX/XCR0 bugfix, for 6.4:

 - Don't advertisze XTILE_CFG in KVM_GET_SUPPORTED_CPUID if XTILE_DATA is
   not being reported due to userspace not opting in via prctl()

 - Overhaul the AMX selftests to improve coverage and cleanup the test

 - Misc cleanups

----------------------------------------------------------------
Aaron Lewis (9):
      KVM: selftests: Assert that XTILE is XSAVE-enabled
      KVM: selftests: Assert that both XTILE{CFG,DATA} are XSAVE-enabled
      KVM: selftests: Move XSAVE and OSXSAVE CPUID checks into AMX's init_regs()
      KVM: selftests: Check that the palette table exists before using it
      KVM: selftests: Check that XTILEDATA supports XFD
      KVM: x86: Add a helper to handle filtering of unpermitted XCR0 features
      KVM: selftests: Move XGETBV and XSETBV helpers to common code
      KVM: selftests: Add all known XFEATURE masks to common code
      KVM: selftests: Add test to verify KVM's supported XCR0

Ackerley Tng (1):
      KVM: selftests: Adjust VM's initial stack address to align with SysV ABI spec

Anish Moorthy (1):
      KVM: selftests: Fix nsec to sec conversion in demand_paging_test

Colin Ian King (1):
      KVM: selftests: Fix spelling mistake "perrmited" -> "permitted"

Hao Ge (1):
      KVM: selftests: Close opened file descriptor in stable_tsc_check_supported()

Ivan Orlov (1):
      KVM: selftests: Add 'malloc' failure check in vcpu_save_state

Like Xu (2):
      KVM: selftests: Add a helper to read kvm boolean module parameters
      KVM: selftests: Report enable_pmu module value when test is skipped

Mingwei Zhang (6):
      KVM: selftests: Add a fully functional "struct xstate" for x86
      KVM: selftests: Fix an error in comment of amx_test
      KVM: selftests: Enable checking on xcomp_bv in amx_test
      KVM: selftests: Add check of CR0.TS in the #NM handler in amx_test
      KVM: selftests: Assert that XTILE_DATA is set in IA32_XFD on #NM
      KVM: selftests: Verify XTILE_DATA in XSTATE isn't affected by IA32_XFD

Sean Christopherson (2):
      KVM: x86: Filter out XTILE_CFG if XTILE_DATA isn't permitted
      KVM: selftests: Rework dynamic XFeature helper to take mask, not bit

 arch/x86/kvm/cpuid.c                               |   2 +-
 arch/x86/kvm/x86.c                                 |   4 +-
 arch/x86/kvm/x86.h                                 |  29 +++++
 tools/testing/selftests/kvm/Makefile               |   1 +
 tools/testing/selftests/kvm/demand_paging_test.c   |   2 +-
 .../testing/selftests/kvm/include/kvm_util_base.h  |   1 +
 .../selftests/kvm/include/x86_64/processor.h       |  83 +++++++++++--
 tools/testing/selftests/kvm/lib/kvm_util.c         |   5 +
 tools/testing/selftests/kvm/lib/x86_64/processor.c |  36 ++++--
 tools/testing/selftests/kvm/x86_64/amx_test.c      | 118 ++++++++----------
 .../selftests/kvm/x86_64/pmu_event_filter_test.c   |   1 +
 .../kvm/x86_64/vmx_nested_tsc_scaling_test.c       |   8 +-
 .../selftests/kvm/x86_64/vmx_pmu_caps_test.c       |   1 +
 .../testing/selftests/kvm/x86_64/xcr0_cpuid_test.c | 132 +++++++++++++++++++++
 14 files changed, 326 insertions(+), 97 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86_64/xcr0_cpuid_test.c

[GIT PULL] KVM: x86: SVM changes for 6.4

[Sean Christopherson]

KVM SVM changes for 6.4.  The highlight, by a country mile, is support for
virtual NMIs.

The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:

  KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.4

for you to fetch changes up to c0d0ce9b5a851895f34fd401c9dddc70616711a4:

  KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (2023-04-04 11:08:12 -0700)

----------------------------------------------------------------
KVM SVM changes for 6.4:

 - Add support for virtual NMIs

 - Fixes for edge cases related to virtual interrupts

----------------------------------------------------------------
Maxim Levitsky (2):
      KVM: nSVM: Raise event on nested VM exit if L1 doesn't intercept IRQs
      KVM: SVM: add wrappers to enable/disable IRET interception

Santosh Shukla (5):
      KVM: nSVM: Don't sync vmcb02 V_IRQ back to vmcb12 if KVM (L0) is intercepting VINTR
      KVM: nSVM: Disable intercept of VINTR if saved L1 host RFLAGS.IF is 0
      KVM: SVM: Add definitions for new bits in VMCB::int_ctrl related to vNMI
      KVM: x86: Add support for SVM's Virtual NMI
      KVM: nSVM: Implement support for nested VNMI

Sean Christopherson (5):
      KVM: x86: Raise an event request when processing NMIs if an NMI is pending
      KVM: x86: Tweak the code and comment related to handling concurrent NMIs
      KVM: x86: Save/restore all NMIs when multiple NMIs are pending
      x86/cpufeatures: Redefine synthetic virtual NMI bit as AMD's "real" vNMI
      KVM: x86: Route pending NMIs from userspace through process_nmi()

Xinghui Li (1):
      KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK

 arch/x86/include/asm/cpufeatures.h |   8 +-
 arch/x86/include/asm/kvm-x86-ops.h |   2 +
 arch/x86/include/asm/kvm_host.h    |  11 ++-
 arch/x86/include/asm/svm.h         |  10 ++-
 arch/x86/kvm/svm/nested.c          |  91 ++++++++++++++++++----
 arch/x86/kvm/svm/svm.c             | 153 ++++++++++++++++++++++++++++++-------
 arch/x86/kvm/svm/svm.h             |  29 +++++++
 arch/x86/kvm/x86.c                 |  46 +++++++++--
 8 files changed, 292 insertions(+), 58 deletions(-)

[GIT PULL] KVM: x86: VMX changes for 6.4

[Sean Christopherson]

KVM VMX changes for 6.4.  A few cleanups and a few fixes, nothing super
interesting or urgent.  IMO, the most notable part of this pull request is
that ENCLS is actually allowed in compatibility mode. :-)

The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:

  KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.4

for you to fetch changes up to 4984563823f0034d3533854c1b50e729f5191089:

  KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (2023-04-11 09:35:49 -0700)

----------------------------------------------------------------
KVM VMX changes for 6.4:

 - Fix a bug in emulation of ENCLS in compatibility mode

 - Allow emulation of NOP and PAUSE for L2

 - Misc cleanups

----------------------------------------------------------------
Binbin Wu (1):
      KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler

Sean Christopherson (1):
      KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted

Yu Zhang (2):
      KVM: nVMX: Remove outdated comments in nested_vmx_setup_ctls_msrs()
      KVM: nVMX: Add helpers to setup VMX control msr configs

 arch/x86/kvm/vmx/nested.c | 112 ++++++++++++++++++++++++++++++----------------
 arch/x86/kvm/vmx/sgx.c    |   4 +-
 arch/x86/kvm/vmx/vmx.c    |  15 +++++++
 3 files changed, 91 insertions(+), 40 deletions(-)

Re: [GIT PULL] KVM: Non-x86 changes for 6.4

[Paolo Bonzini]

On Mon, Apr 24, 2023 at 7:35 PM Sean Christopherson <seanjc@google.com> wrote:
>
> Non-x86, a.k.a. generic, KVM changes for 6.4.  Nothing particularly
> interesting, just a random smattering of one-off patches.
>
> The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:
>
>   KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.4
>
> for you to fetch changes up to b0d237087c674c43df76c1a0bc2737592f3038f4:
>
>   KVM: Fix comments that refer to the non-existent install_new_memslots() (2023-03-24 08:20:17 -0700)

Pulled (but didn't push yet), thanks.

Paolo

> ----------------------------------------------------------------
> Common KVM changes for 6.4:
>
>  - Drop unnecessary casts from "void *" throughout kvm_main.c
>
>  - Tweak the layout of "struct kvm_mmu_memory_cache" to shrink the struct
>    size by 8 bytes on 64-bit kernels by utilizing a padding hole
>
>  - Fix a documentation format goof that was introduced when the KVM docs
>    were converted to ReST
>
>  - Constify MIPS's internal callbacks (a leftover from the hardware enabling
>    rework that landed in 6.3)
>
> ----------------------------------------------------------------
> Jun Miao (1):
>       KVM: Fix comments that refer to the non-existent install_new_memslots()
>
> Li kunyu (1):
>       kvm: kvm_main: Remove unnecessary (void*) conversions
>
> Mathias Krause (1):
>       KVM: Shrink struct kvm_mmu_memory_cache
>
> Sean Christopherson (1):
>       KVM: MIPS: Make kvm_mips_callbacks const
>
> Shaoqin Huang (1):
>       KVM: Add the missed title format
>
>  Documentation/virt/kvm/api.rst     |  1 +
>  Documentation/virt/kvm/locking.rst |  2 +-
>  arch/mips/include/asm/kvm_host.h   |  2 +-
>  arch/mips/kvm/vz.c                 |  2 +-
>  include/linux/kvm_host.h           |  4 ++--
>  include/linux/kvm_types.h          |  2 +-
>  virt/kvm/kvm_main.c                | 26 ++++++++++++--------------
>  7 files changed, 19 insertions(+), 20 deletions(-)
>

Re: [GIT PULL] KVM: x86: Misc changes for 6.4.

[Paolo Bonzini]

On Mon, Apr 24, 2023 at 7:35 PM Sean Christopherson <seanjc@google.com> wrote:
>
> KVM x86 "misc" changes for 6.4.  The two highlights are Mathias'
> optimization for CR0.WP toggling and Binbin's addition of helpers to query
> individual CR0/CR4 bits (a very nice and overdue cleanup).
>
> The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:
>
>   KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.4
>
> for you to fetch changes up to cf9f4c0eb1699d306e348b1fd0225af7b2c282d3:
>
>   KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults (2023-04-10 15:25:36 -0700)

Pulled (but didn't push yet), thanks.

Paolo


> ----------------------------------------------------------------
> KVM x86 changes for 6.4:
>
>  - Optimize CR0.WP toggling by avoiding an MMU reload when TDP is enabled,
>    and by giving the guest control of CR0.WP when EPT is enabled on VMX
>    (VMX-only because SVM doesn't support per-bit controls)
>
>  - Add CR0/CR4 helpers to query single bits, and clean up related code
>    where KVM was interpreting kvm_read_cr4_bits()'s "unsigned long" return
>    as a bool
>
>  - Move AMD_PSFD to cpufeatures.h and purge KVM's definition
>
>  - Misc cleanups
>
> ----------------------------------------------------------------
> Binbin Wu (4):
>       KVM: x86: Add helpers to query individual CR0/CR4 bits
>       KVM: x86: Use boolean return value for is_{pae,pse,paging}()
>       KVM: SVM: Use kvm_is_cr4_bit_set() to query SMAP/SMEP in "can emulate"
>       KVM: x86: Change return type of is_long_mode() to bool
>
> Mathias Krause (4):
>       KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP enabled
>       KVM: x86: Ignore CR0.WP toggles in non-paging mode
>       KVM: x86: Make use of kvm_read_cr*_bits() when testing bits
>       KVM: VMX: Make CR0.WP a guest owned bit
>
> Robert Hoo (1):
>       KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4()
>
> Sean Christopherson (4):
>       KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0()
>       x86: KVM: Add common feature flag for AMD's PSFD
>       KVM: x86: Assert that the emulator doesn't load CS with garbage in !RM
>       KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults
>
> Tom Rix (1):
>       KVM: x86: set "mitigate_smt_rsb" storage-class-specifier to static
>
>  arch/x86/include/asm/cpufeatures.h |  1 +
>  arch/x86/kvm/cpuid.c               | 12 +++-------
>  arch/x86/kvm/emulate.c             |  8 +++++++
>  arch/x86/kvm/kvm_cache_regs.h      | 18 ++++++++++++++-
>  arch/x86/kvm/mmu.h                 | 28 ++++++++++++++++++++++--
>  arch/x86/kvm/mmu/mmu.c             | 15 +++++++++++++
>  arch/x86/kvm/pmu.c                 |  4 ++--
>  arch/x86/kvm/svm/svm.c             |  6 ++---
>  arch/x86/kvm/vmx/nested.c          |  6 ++---
>  arch/x86/kvm/vmx/vmx.c             |  8 +++----
>  arch/x86/kvm/vmx/vmx.h             | 18 +++++++++++++++
>  arch/x86/kvm/x86.c                 | 45 ++++++++++++++++++++++++--------------
>  arch/x86/kvm/x86.h                 | 22 +++++++++----------
>  13 files changed, 139 insertions(+), 52 deletions(-)
>

Re: [GIT PULL] KVM: x86: MMU changes for 6.4

[Paolo Bonzini]

On Mon, Apr 24, 2023 at 7:35 PM Sean Christopherson <seanjc@google.com> wrote:
>
> KVM x86/mmu changes for 6.4.  The highlights are optimizations from Lai
> (.invlpg(), .sync_page(), and rmaps) and Vipin (A/D harvesting).
>
> I am also planning on sending the "persistent TDP MMU roots" patch[*] for
> 6.4-rc1, just waiting a few more days to give syzbot extra time to beat on
> v2, and to settle on whether to guard VM desctruction with mmu_lock or RCU.

No problem; due to a slightly ugly coincidence of these PRs with
Italian public holiday on April 25th, and the need to handle RISC-V
separately on the second week anyway, I'll probably send ARM+s390
tomorrow and wait a little more for x86, so we'll get the persistent
TDP MMU roots patch in time.

I'll push all these to kvm/queue anyway in the meanwhile.

Paolo

> [*] https://lore.kernel.org/all/20230421214946.2571580-1-seanjc@google.com
>
>
> The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:
>
>   KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-mmu-6.4
>
> for you to fetch changes up to 9ed3bf411226f446a9795f2b49a15b9df98d7cf5:
>
>   KVM: x86/mmu: Move filling of Hyper-V's TLB range struct into Hyper-V code (2023-04-10 15:17:29 -0700)
>
> ----------------------------------------------------------------
> KVM x86 MMU changes for 6.4:
>
>  - Tweak FNAME(sync_spte) to avoid unnecessary writes+flushes when the
>    guest is only adding new PTEs
>
>  - Overhaul .sync_page() and .invlpg() to share the .sync_page()
>    implementation, i.e. utilize .sync_page()'s optimizations when emulating
>    invalidations
>
>  - Clean up the range-based flushing APIs
>
>  - Revamp the TDP MMU's reaping of Accessed/Dirty bits to clear a single
>    A/D bit using a LOCK AND instead of XCHG, and skip all of the "handle
>    changed SPTE" overhead associated with writing the entire entry
>
>  - Track the number of "tail" entries in a pte_list_desc to avoid having
>    to walk (potentially) all descriptors during insertion and deletion,
>    which gets quite expensive if the guest is spamming fork()
>
>  - Misc cleanups
>
> ----------------------------------------------------------------
> David Matlack (3):
>       KVM: x86/mmu: Collapse kvm_flush_remote_tlbs_with_{range,address}() together
>       KVM: x86/mmu: Rename kvm_flush_remote_tlbs_with_address()
>       KVM: x86/mmu: Use gfn_t in kvm_flush_remote_tlbs_range()
>
> Lai Jiangshan (14):
>       KVM: x86/mmu: Use 64-bit address to invalidate to fix a subtle bug
>       KVM: x86/mmu: Move the check in FNAME(sync_page) as kvm_sync_page_check()
>       KVM: x86/mmu: Check mmu->sync_page pointer in kvm_sync_page_check()
>       KVM: x86/mmu: Set mmu->sync_page as NULL for direct paging
>       KVM: x86/mmu: Move the code out of FNAME(sync_page)'s loop body into mmu.c
>       KVM: x86/mmu: Reduce the update to the spte in FNAME(sync_spte)
>       kvm: x86/mmu: Use KVM_MMU_ROOT_XXX for kvm_mmu_invalidate_addr()
>       KVM: x86/mmu: Use kvm_mmu_invalidate_addr() in kvm_mmu_invpcid_gva()
>       KVM: x86/mmu: Use kvm_mmu_invalidate_addr() in nested_ept_invalidate_addr()
>       KVM: x86/mmu: Allow the roots to be invalid in FNAME(invlpg)
>       KVM: x86/mmu: Remove FNAME(invlpg) and use FNAME(sync_spte) to update vTLB instead.
>       kvm: x86/mmu: Remove @no_dirty_log from FNAME(prefetch_gpte)
>       KVM: x86/mmu: Skip calling mmu->sync_spte() when the spte is 0
>       KVM: x86/mmu: Track tail count in pte_list_desc to optimize guest fork()
>
> Mathias Krause (1):
>       KVM: x86/mmu: Fix comment typo
>
> Paolo Bonzini (1):
>       KVM: x86/mmu: Avoid indirect call for get_cr3
>
> Sean Christopherson (6):
>       KVM: x86/mmu: Sanity check input to kvm_mmu_free_roots()
>       KVM: x86/mmu: Rename slot rmap walkers to add clarity and clean up code
>       KVM: x86/mmu: Replace comment with an actual lockdep assertion on mmu_lock
>       KVM: x86/mmu: Clean up mmu.c functions that put return type on separate line
>       KVM: x86: Rename Hyper-V remote TLB hooks to match established scheme
>       KVM: x86/mmu: Move filling of Hyper-V's TLB range struct into Hyper-V code
>
> Vipin Sharma (13):
>       KVM: x86/mmu: Add a helper function to check if an SPTE needs atomic write
>       KVM: x86/mmu: Use kvm_ad_enabled() to determine if TDP MMU SPTEs need wrprot
>       KVM: x86/mmu: Consolidate Dirty vs. Writable clearing logic in TDP MMU
>       KVM: x86/mmu: Atomically clear SPTE dirty state in the clear-dirty-log flow
>       KVM: x86/mmu: Drop access tracking checks when clearing TDP MMU dirty bits
>       KVM: x86/mmu: Bypass __handle_changed_spte() when clearing TDP MMU dirty bits
>       KVM: x86/mmu: Remove "record_dirty_log" in __tdp_mmu_set_spte()
>       KVM: x86/mmu: Clear only A-bit (if enabled) when aging TDP MMU SPTEs
>       KVM: x86/mmu: Drop unnecessary dirty log checks when aging TDP MMU SPTEs
>       KVM: x86/mmu: Bypass __handle_changed_spte() when aging TDP MMU SPTEs
>       KVM: x86/mmu: Remove "record_acc_track" in __tdp_mmu_set_spte()
>       KVM: x86/mmu: Remove handle_changed_spte_dirty_log()
>       KVM: x86/mmu: Merge all handle_changed_pte*() functions
>
>  arch/x86/include/asm/kvm-x86-ops.h |   4 +-
>  arch/x86/include/asm/kvm_host.h    |  32 +--
>  arch/x86/kvm/kvm_onhyperv.c        |  33 ++-
>  arch/x86/kvm/kvm_onhyperv.h        |   5 +-
>  arch/x86/kvm/mmu/mmu.c             | 506 ++++++++++++++++++++++---------------
>  arch/x86/kvm/mmu/mmu_internal.h    |   8 +-
>  arch/x86/kvm/mmu/paging_tmpl.h     | 224 +++++-----------
>  arch/x86/kvm/mmu/spte.c            |   2 +-
>  arch/x86/kvm/mmu/tdp_iter.h        |  48 +++-
>  arch/x86/kvm/mmu/tdp_mmu.c         | 215 ++++++----------
>  arch/x86/kvm/svm/svm_onhyperv.h    |   5 +-
>  arch/x86/kvm/vmx/nested.c          |   5 +-
>  arch/x86/kvm/vmx/vmx.c             |   5 +-
>  arch/x86/kvm/x86.c                 |   4 +-
>  14 files changed, 522 insertions(+), 574 deletions(-)
>

Re: [GIT PULL] KVM: x86: PMU changes for 6.4

[Paolo Bonzini]

On Mon, Apr 24, 2023 at 7:35 PM Sean Christopherson <seanjc@google.com> wrote:
>
> KVM x86/pmu changes for 6.4.  Hiding in the pile of selftests changes are a
> a handful of small-but-important fixes.
>
> Note, this superficially conflicts with the PRED_CMD/FLUSH_CMD changes
> sitting in kvm/next due to "KVM: VMX: Refactor intel_pmu_{g,}set_msr() to
> align with other helpers".  The resolution I have been using when preparing
> kvm-x86/next for linux-next is to replace a "return 0" with a "break".

Yup, figured out the same. Pulled (put not pushed yet), thanks.

Paolo

> The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:
>
>   KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-pmu-6.4
>
> for you to fetch changes up to 457bd7af1a17182e7f1f97eeb5d9107f8699e99d:
>
>   KVM: selftests: Test the PMU event "Instructions retired" (2023-04-14 13:21:38 -0700)
>
> ----------------------------------------------------------------
> KVM x86 PMU changes for 6.4:
>
>  - Disallow virtualizing legacy LBRs if architectural LBRs are available,
>    the two are mutually exclusive in hardware
>
>  - Disallow writes to immutable feature MSRs (notably PERF_CAPABILITIES)
>    after KVM_RUN, and overhaul the vmx_pmu_caps selftest to better
>    validate PERF_CAPABILITIES
>
>  - Apply PMU filters to emulated events and add test coverage to the
>    pmu_event_filter selftest
>
>  - Misc cleanups and fixes
>
> ----------------------------------------------------------------
> Aaron Lewis (5):
>       KVM: x86/pmu: Prevent the PMU from counting disallowed events
>       KVM: selftests: Add a common helper for the PMU event filter guest code
>       KVM: selftests: Add helpers for PMC asserts in PMU event filter test
>       KVM: selftests: Print detailed info in PMU event filter asserts
>       KVM: selftests: Test the PMU event "Instructions retired"
>
> Like Xu (4):
>       KVM: x86/pmu: Zero out pmu->all_valid_pmc_idx each time it's refreshed
>       KVM: x86/pmu: Rename pmc_is_enabled() to pmc_is_globally_enabled()
>       KVM: x86/pmu: Rewrite reprogram_counters() to improve performance
>       KVM: x86/pmu: Fix a typo in kvm_pmu_request_counter_reprogam()
>
> Mathias Krause (1):
>       KVM: x86: Shrink struct kvm_pmu
>
> Sean Christopherson (25):
>       KVM: x86/pmu: Disallow legacy LBRs if architectural LBRs are available
>       KVM: x86: Rename kvm_init_msr_list() to clarify it inits multiple lists
>       KVM: x86: Add a helper to query whether or not a vCPU has ever run
>       KVM: x86: Add macros to track first...last VMX feature MSRs
>       KVM: x86: Generate set of VMX feature MSRs using first/last definitions
>       KVM: selftests: Split PMU caps sub-tests to avoid writing MSR after KVM_RUN
>       KVM: x86: Disallow writes to immutable feature MSRs after KVM_RUN
>       KVM: x86/pmu: WARN and bug the VM if PMU is refreshed after vCPU has run
>       KVM: x86/pmu: Zero out LBR capabilities during PMU refresh
>       KVM: selftests: Move 0/initial value PERF_CAPS checks to dedicated sub-test
>       KVM: selftests: Assert that full-width PMC writes are supported if PDCM=1
>       KVM: selftests: Print out failing MSR and value in vcpu_set_msr()
>       KVM: selftests: Verify KVM preserves userspace writes to "durable" MSRs
>       KVM: selftests: Drop now-redundant checks on PERF_CAPABILITIES writes
>       KVM: selftests: Test all fungible features in PERF_CAPABILITIES
>       KVM: selftests: Test all immutable non-format bits in PERF_CAPABILITIES
>       KVM: selftests: Expand negative testing of guest writes to PERF_CAPABILITIES
>       KVM: selftests: Test post-KVM_RUN writes to PERF_CAPABILITIES
>       KVM: selftests: Drop "all done!" printf() from PERF_CAPABILITIES test
>       KVM: selftests: Refactor LBR_FMT test to avoid use of separate macro
>       KVM: selftests: Add negative testcase for PEBS format in PERF_CAPABILITIES
>       KVM: selftests: Verify LBRs are disabled if vPMU is disabled
>       KVM: VMX: Refactor intel_pmu_{g,}set_msr() to align with other helpers
>       KVM: selftests: Use error codes to signal errors in PMU event filter test
>       KVM: selftests: Copy full counter values from guest in PMU event filter test
>
>  arch/x86/include/asm/kvm_host.h                    |   2 +-
>  arch/x86/kvm/cpuid.c                               |   2 +-
>  arch/x86/kvm/mmu/mmu.c                             |   2 +-
>  arch/x86/kvm/pmu.c                                 |  21 +-
>  arch/x86/kvm/pmu.h                                 |   2 +-
>  arch/x86/kvm/svm/pmu.c                             |   2 +-
>  arch/x86/kvm/svm/svm.c                             |   2 +-
>  arch/x86/kvm/vmx/pmu_intel.c                       | 135 ++++++-----
>  arch/x86/kvm/vmx/vmx.c                             |  16 +-
>  arch/x86/kvm/x86.c                                 | 102 ++++++---
>  arch/x86/kvm/x86.h                                 |  13 ++
>  .../selftests/kvm/include/x86_64/processor.h       |  41 +++-
>  .../selftests/kvm/x86_64/pmu_event_filter_test.c   | 252 ++++++++++++---------
>  .../selftests/kvm/x86_64/vmx_pmu_caps_test.c       | 248 ++++++++++++++++----
>  14 files changed, 565 insertions(+), 275 deletions(-)

Re: [GIT PULL] KVM: x86: Selftests changes for 6.4

[Paolo Bonzini]

On Mon, Apr 24, 2023 at 7:35 PM Sean Christopherson <seanjc@google.com> wrote:
>
> KVM x86 selftests change for 6.4.  And an AMX+XCR0 bugfix that I landed here
> to avoid creating a mess of unnecessary conflicts between the series to
> overhaul the AMX test and the related selftests changes to verify the fix.
>
> The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:
>
>   KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-selftests-6.4
>
> for you to fetch changes up to 20aef201dafba6a1ffe9daa145c7f2c525b74aae:
>
>   KVM: selftests: Fix spelling mistake "perrmited" -> "permitted" (2023-04-14 10:04:51 -0700)

Pulled (put not pushed yet), thanks.

Paolo

> ----------------------------------------------------------------
> KVM selftests, and an AMX/XCR0 bugfix, for 6.4:
>
>  - Don't advertisze XTILE_CFG in KVM_GET_SUPPORTED_CPUID if XTILE_DATA is
>    not being reported due to userspace not opting in via prctl()
>
>  - Overhaul the AMX selftests to improve coverage and cleanup the test
>
>  - Misc cleanups
>
> ----------------------------------------------------------------
> Aaron Lewis (9):
>       KVM: selftests: Assert that XTILE is XSAVE-enabled
>       KVM: selftests: Assert that both XTILE{CFG,DATA} are XSAVE-enabled
>       KVM: selftests: Move XSAVE and OSXSAVE CPUID checks into AMX's init_regs()
>       KVM: selftests: Check that the palette table exists before using it
>       KVM: selftests: Check that XTILEDATA supports XFD
>       KVM: x86: Add a helper to handle filtering of unpermitted XCR0 features
>       KVM: selftests: Move XGETBV and XSETBV helpers to common code
>       KVM: selftests: Add all known XFEATURE masks to common code
>       KVM: selftests: Add test to verify KVM's supported XCR0
>
> Ackerley Tng (1):
>       KVM: selftests: Adjust VM's initial stack address to align with SysV ABI spec
>
> Anish Moorthy (1):
>       KVM: selftests: Fix nsec to sec conversion in demand_paging_test
>
> Colin Ian King (1):
>       KVM: selftests: Fix spelling mistake "perrmited" -> "permitted"
>
> Hao Ge (1):
>       KVM: selftests: Close opened file descriptor in stable_tsc_check_supported()
>
> Ivan Orlov (1):
>       KVM: selftests: Add 'malloc' failure check in vcpu_save_state
>
> Like Xu (2):
>       KVM: selftests: Add a helper to read kvm boolean module parameters
>       KVM: selftests: Report enable_pmu module value when test is skipped
>
> Mingwei Zhang (6):
>       KVM: selftests: Add a fully functional "struct xstate" for x86
>       KVM: selftests: Fix an error in comment of amx_test
>       KVM: selftests: Enable checking on xcomp_bv in amx_test
>       KVM: selftests: Add check of CR0.TS in the #NM handler in amx_test
>       KVM: selftests: Assert that XTILE_DATA is set in IA32_XFD on #NM
>       KVM: selftests: Verify XTILE_DATA in XSTATE isn't affected by IA32_XFD
>
> Sean Christopherson (2):
>       KVM: x86: Filter out XTILE_CFG if XTILE_DATA isn't permitted
>       KVM: selftests: Rework dynamic XFeature helper to take mask, not bit
>
>  arch/x86/kvm/cpuid.c                               |   2 +-
>  arch/x86/kvm/x86.c                                 |   4 +-
>  arch/x86/kvm/x86.h                                 |  29 +++++
>  tools/testing/selftests/kvm/Makefile               |   1 +
>  tools/testing/selftests/kvm/demand_paging_test.c   |   2 +-
>  .../testing/selftests/kvm/include/kvm_util_base.h  |   1 +
>  .../selftests/kvm/include/x86_64/processor.h       |  83 +++++++++++--
>  tools/testing/selftests/kvm/lib/kvm_util.c         |   5 +
>  tools/testing/selftests/kvm/lib/x86_64/processor.c |  36 ++++--
>  tools/testing/selftests/kvm/x86_64/amx_test.c      | 118 ++++++++----------
>  .../selftests/kvm/x86_64/pmu_event_filter_test.c   |   1 +
>  .../kvm/x86_64/vmx_nested_tsc_scaling_test.c       |   8 +-
>  .../selftests/kvm/x86_64/vmx_pmu_caps_test.c       |   1 +
>  .../testing/selftests/kvm/x86_64/xcr0_cpuid_test.c | 132 +++++++++++++++++++++
>  14 files changed, 326 insertions(+), 97 deletions(-)
>  create mode 100644 tools/testing/selftests/kvm/x86_64/xcr0_cpuid_test.c
>

Re: [GIT PULL] KVM: x86: VMX changes for 6.4

[Paolo Bonzini]

On Mon, Apr 24, 2023 at 7:35 PM Sean Christopherson <seanjc@google.com> wrote:
>
> KVM VMX changes for 6.4.  A few cleanups and a few fixes, nothing super
> interesting or urgent.  IMO, the most notable part of this pull request is
> that ENCLS is actually allowed in compatibility mode. :-)
>
> The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:
>
>   KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.4
>
> for you to fetch changes up to 4984563823f0034d3533854c1b50e729f5191089:
>
>   KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (2023-04-11 09:35:49 -0700)

Pulled (but not pushed yet), thanks.

Paolo

> ----------------------------------------------------------------
> KVM VMX changes for 6.4:
>
>  - Fix a bug in emulation of ENCLS in compatibility mode
>
>  - Allow emulation of NOP and PAUSE for L2
>
>  - Misc cleanups
>
> ----------------------------------------------------------------
> Binbin Wu (1):
>       KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler
>
> Sean Christopherson (1):
>       KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
>
> Yu Zhang (2):
>       KVM: nVMX: Remove outdated comments in nested_vmx_setup_ctls_msrs()
>       KVM: nVMX: Add helpers to setup VMX control msr configs
>
>  arch/x86/kvm/vmx/nested.c | 112 ++++++++++++++++++++++++++++++----------------
>  arch/x86/kvm/vmx/sgx.c    |   4 +-
>  arch/x86/kvm/vmx/vmx.c    |  15 +++++++
>  3 files changed, 91 insertions(+), 40 deletions(-)
>

Re: [GIT PULL] KVM: x86: SVM changes for 6.4

[Paolo Bonzini]

On Mon, Apr 24, 2023 at 7:35 PM Sean Christopherson <seanjc@google.com> wrote:
>
> KVM SVM changes for 6.4.  The highlight, by a country mile, is support for
> virtual NMIs.
>
> The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:
>
>   KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.4
>
> for you to fetch changes up to c0d0ce9b5a851895f34fd401c9dddc70616711a4:
>
>   KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (2023-04-04 11:08:12 -0700)

Pulled (but not pushed yet), thanks.

This is probably the sub-PR for which I'm more interested in giving
the code a closer look, but this is more about understanding the
changes than it is about expecting something bad in it.

Paolo

> ----------------------------------------------------------------
> KVM SVM changes for 6.4:
>
>  - Add support for virtual NMIs
>
>  - Fixes for edge cases related to virtual interrupts
>
> ----------------------------------------------------------------
> Maxim Levitsky (2):
>       KVM: nSVM: Raise event on nested VM exit if L1 doesn't intercept IRQs
>       KVM: SVM: add wrappers to enable/disable IRET interception
>
> Santosh Shukla (5):
>       KVM: nSVM: Don't sync vmcb02 V_IRQ back to vmcb12 if KVM (L0) is intercepting VINTR
>       KVM: nSVM: Disable intercept of VINTR if saved L1 host RFLAGS.IF is 0
>       KVM: SVM: Add definitions for new bits in VMCB::int_ctrl related to vNMI
>       KVM: x86: Add support for SVM's Virtual NMI
>       KVM: nSVM: Implement support for nested VNMI
>
> Sean Christopherson (5):
>       KVM: x86: Raise an event request when processing NMIs if an NMI is pending
>       KVM: x86: Tweak the code and comment related to handling concurrent NMIs
>       KVM: x86: Save/restore all NMIs when multiple NMIs are pending
>       x86/cpufeatures: Redefine synthetic virtual NMI bit as AMD's "real" vNMI
>       KVM: x86: Route pending NMIs from userspace through process_nmi()
>
> Xinghui Li (1):
>       KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK
>
>  arch/x86/include/asm/cpufeatures.h |   8 +-
>  arch/x86/include/asm/kvm-x86-ops.h |   2 +
>  arch/x86/include/asm/kvm_host.h    |  11 ++-
>  arch/x86/include/asm/svm.h         |  10 ++-
>  arch/x86/kvm/svm/nested.c          |  91 ++++++++++++++++++----
>  arch/x86/kvm/svm/svm.c             | 153 ++++++++++++++++++++++++++++++-------
>  arch/x86/kvm/svm/svm.h             |  29 +++++++
>  arch/x86/kvm/x86.c                 |  46 +++++++++--
>  8 files changed, 292 insertions(+), 58 deletions(-)
>

Re: [GIT PULL] KVM: x86: SVM changes for 6.4

[Sean Christopherson]

On Wed, Apr 26, 2023, Paolo Bonzini wrote:
> On Mon, Apr 24, 2023 at 7:35 PM Sean Christopherson <seanjc@google.com> wrote:
> >
> > KVM SVM changes for 6.4.  The highlight, by a country mile, is support for
> > virtual NMIs.
> >
> > The following changes since commit d8708b80fa0e6e21bc0c9e7276ad0bccef73b6e7:
> >
> >   KVM: Change return type of kvm_arch_vm_ioctl() to "int" (2023-03-16 10:18:07 -0400)
> >
> > are available in the Git repository at:
> >
> >   https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.4
> >
> > for you to fetch changes up to c0d0ce9b5a851895f34fd401c9dddc70616711a4:
> >
> >   KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (2023-04-04 11:08:12 -0700)
> 
> Pulled (but not pushed yet), thanks.
> 
> This is probably the sub-PR for which I'm more interested in giving
> the code a closer look, but this is more about understanding the
> changes than it is about expecting something bad in it.

100% agree.  If you were to scrutinize only one thing for 6.4, the vNMI changes
are definitely my choice for extra eyeballs.

Re: [GIT PULL] KVM: x86: SVM changes for 6.4

[Paolo Bonzini]

On Wed, Apr 26, 2023 at 10:02 PM Sean Christopherson <seanjc@google.com> wrote:
> > This is probably the sub-PR for which I'm more interested in giving
> > the code a closer look, but this is more about understanding the
> > changes than it is about expecting something bad in it.
>
> 100% agree.  If you were to scrutinize only one thing for 6.4, the vNMI changes
> are definitely my choice for extra eyeballs.

Interesting read. The split commits left me wondering _why_ patches
1-7 were needed for vNMI, but that's a known limitation of losing the
cover letter, and the Link or Message-Id trailers try to amend for
that.

I have a few comments indeed, most of which are absolutely nits and
can be ignored or fixed as follow-ups. It's my turn to send a "belated
review" patch series, which I'll do for -rc2, but please check if
there are any disagreements.

First of all, this comment caught my attention:

+    /*
+     * Rules for synchronizing int_ctl bits from vmcb02 to vmcb01:
+     *
+     * V_IRQ, V_IRQ_VECTOR, V_INTR_PRIO_MASK, V_IGN_TPR:  If L1 doesn't
+     * intercept interrupts, then KVM will use vmcb02's V_IRQ (and related
+     * flags) to detect interrupt windows for L1 IRQs (even if L1 uses
+     * virtual interrupt masking).  Raise KVM_REQ_EVENT to ensure that
+     * KVM re-requests an interrupt window if necessary, which implicitly
+     * copies this bits from vmcb02 to vmcb01.
+     *
+     * V_TPR: If L1 doesn't use virtual interrupt masking, then L1's vTPR
+     * is stored in vmcb02, but its value doesn't need to be copied from/to
+     * vmcb01 because it is copied from/to the virtual APIC's TPR register
+     * on each VM entry/exit.
+     *
+     * V_GIF: If nested vGIF is not used, KVM uses vmcb02's V_GIF for L1's
+     * V_GIF.  However, GIF is architecturally clear on each VM exit, thus
+     * there is no need to copy V_GIF from vmcb02 to vmcb01.
+     */

"Rules for synchronizing int_ctl bits from vmcb02 to vmcb01" suggests
that this is work done here, and it also misled me into looking at
nested_sync_control_from_vmcb02 (which is instead about vmcb02 ->
vmcb12).

So what about replacing it with

    * int_ctl bits from vmcb02 have to be synchronized to both vmcb12
and vmcb01.
    * The former is in nested_sync_control_from_vmcb02, invoked on every vmexit,
    * while the latter is scattered all over the place:

and perhaps also call out nested_svm_virtualize_tpr(), sync_lapic_to_cr8() and
sync_cr8_to_lapic in the V_TPR part?

Another super small thing which is not worth a respin (would have been):

 Subject: [PATCH 05/13] KVM: x86: Raise an event request when processing NMIs
- if an NMI is pending
+ iff an NMI is pending

The "if" suggests that we were missing an event request, while "iff"
suggests that we were doing them unnecessarily.

As an aside, I like the "coding style violation" of commit
400fee8c9b2d. Because the "limit = 2" case is anti-architectural, it
makes more sense to have it as an "else" rather than as the default.
An alternative could have been:

  unsigned limit = 1;
  if (!static_call(kvm_x86_get_nmi_mask)(vcpu) && !vcpu->arch.nmi_injected)
      limit = 2;

but the ugly condition makes this solution worse.

Next on, commit ab2ee212a57b ("KVM: x86: Save/restore all NMIs when
multiple NMIs are pending"). Here, "allows userspace to restore 255
pending NMIs" in the commit message is kinda scary, and I thought
about following up with a fixlet to KVM_SET_VCPU_EVENTS:

+        events->nmi.pending = min(vcpu->arch.nmi_pending, 2);
         vcpu->arch.nmi_pending = 0;
         atomic_set(&vcpu->arch.nmi_queued, events->nmi.pending);
         kvm_make_request(KVM_REQ_NMI, vcpu);

but really this isn't needed because process_nmi() does have

     vcpu->arch.nmi_pending = min(vcpu->arch.nmi_pending, limit);

So in the end this is also fine, just a remark on the commit message.
May be worth an additional comment instead here in
KVM_SET_VCPU_EVENTS, before the atomic_set().

On to the actual vNMI patch:

+    /*
+     * KVM should never request an NMI window when vNMI is enabled, as KVM
+     * allows at most one to-be-injected NMI and one pending NMI, i.e. if
+     * two NMIs arrive simultaneously, KVM will inject one and set
+     * V_NMI_PENDING for the other.  WARN, but continue with the standard
+     * single-step approach to try and salvage the pending NMI.
+     */
+    WARN_ON_ONCE(is_vnmi_enabled(svm));

Understandable, but also scary. :) I am not sure losing a pending NMI
is a big deal. IIRC the "limit = 2" case only matters because Windows
uses an NMI shootdown when rebooting the system and in some cases it
would hang; but in this case we're in a buggy situation. And it means
having to think about how the IRET+single-step method interacts with
vNMI, and what is the meaning of !svm->awaiting_iret_completion
(tested right below) in this buggy case. I'd just "return" here.

And another small nit to conclude - kvm_get_nr_pending_nmis() could be static.

The only thing that leaves me a bit puzzled is the naming and
rationale of get_vnmi_vmcb_l1(). I'll let you or Santosh clarify that.

Thanks,

Paolo

Re: [GIT PULL] KVM: x86: SVM changes for 6.4

[Sean Christopherson]

On Wed, Apr 26, 2023, Paolo Bonzini wrote:
> On Wed, Apr 26, 2023 at 10:02 PM Sean Christopherson <seanjc@google.com> wrote:
> > > This is probably the sub-PR for which I'm more interested in giving
> > > the code a closer look, but this is more about understanding the
> > > changes than it is about expecting something bad in it.
> >
> > 100% agree.  If you were to scrutinize only one thing for 6.4, the vNMI changes
> > are definitely my choice for extra eyeballs.
> 
> Interesting read. The split commits left me wondering _why_ patches
> 1-7 were needed for vNMI, but that's a known limitation of losing the
> cover letter, and the Link or Message-Id trailers try to amend for
> that.
> 
> I have a few comments indeed, most of which are absolutely nits and
> can be ignored or fixed as follow-ups. It's my turn to send a "belated
> review" patch series, which I'll do for -rc2, but please check if
> there are any disagreements.
> 
> First of all, this comment caught my attention:
> 
> +    /*
> +     * Rules for synchronizing int_ctl bits from vmcb02 to vmcb01:
> +     *
> +     * V_IRQ, V_IRQ_VECTOR, V_INTR_PRIO_MASK, V_IGN_TPR:  If L1 doesn't
> +     * intercept interrupts, then KVM will use vmcb02's V_IRQ (and related
> +     * flags) to detect interrupt windows for L1 IRQs (even if L1 uses
> +     * virtual interrupt masking).  Raise KVM_REQ_EVENT to ensure that
> +     * KVM re-requests an interrupt window if necessary, which implicitly
> +     * copies this bits from vmcb02 to vmcb01.
> +     *
> +     * V_TPR: If L1 doesn't use virtual interrupt masking, then L1's vTPR
> +     * is stored in vmcb02, but its value doesn't need to be copied from/to
> +     * vmcb01 because it is copied from/to the virtual APIC's TPR register
> +     * on each VM entry/exit.
> +     *
> +     * V_GIF: If nested vGIF is not used, KVM uses vmcb02's V_GIF for L1's
> +     * V_GIF.  However, GIF is architecturally clear on each VM exit, thus
> +     * there is no need to copy V_GIF from vmcb02 to vmcb01.
> +     */
> 
> "Rules for synchronizing int_ctl bits from vmcb02 to vmcb01" suggests
> that this is work done here, and it also misled me into looking at
> nested_sync_control_from_vmcb02 (which is instead about vmcb02 ->
> vmcb12).

+1.  I had a similar reaction when I first saw the code, but learned to live with
it after a few versions :-)

> So what about replacing it with
> 
>     * int_ctl bits from vmcb02 have to be synchronized to both vmcb12
> and vmcb01.
>     * The former is in nested_sync_control_from_vmcb02, invoked on every vmexit,
>     * while the latter is scattered all over the place:
> 
> and perhaps also call out nested_svm_virtualize_tpr(), sync_lapic_to_cr8() and
> sync_cr8_to_lapic in the V_TPR part?
> 
> Another super small thing which is not worth a respin (would have been):
> 
>  Subject: [PATCH 05/13] KVM: x86: Raise an event request when processing NMIs
> - if an NMI is pending
> + iff an NMI is pending
> 
> The "if" suggests that we were missing an event request, while "iff"
> suggests that we were doing them unnecessarily.

Gah, suprised I didn't catch that, I do love me some "iff".

> As an aside, I like the "coding style violation" of commit
> 400fee8c9b2d. Because the "limit = 2" case is anti-architectural, it
> makes more sense to have it as an "else" rather than as the default.
> An alternative could have been:
> 
>   unsigned limit = 1;
>   if (!static_call(kvm_x86_get_nmi_mask)(vcpu) && !vcpu->arch.nmi_injected)
>       limit = 2;
> 
> but the ugly condition makes this solution worse.
> 
> Next on, commit ab2ee212a57b ("KVM: x86: Save/restore all NMIs when
> multiple NMIs are pending"). Here, "allows userspace to restore 255
> pending NMIs" in the commit message is kinda scary, and I thought
> about following up with a fixlet to KVM_SET_VCPU_EVENTS:
> 
> +        events->nmi.pending = min(vcpu->arch.nmi_pending, 2);
>          vcpu->arch.nmi_pending = 0;
>          atomic_set(&vcpu->arch.nmi_queued, events->nmi.pending);
>          kvm_make_request(KVM_REQ_NMI, vcpu);
> 
> but really this isn't needed because process_nmi() does have
> 
>      vcpu->arch.nmi_pending = min(vcpu->arch.nmi_pending, limit);
> 
> So in the end this is also fine, just a remark on the commit message.

Even restoring 255 NMIs would be fine from KVM's perspective.  The guest might
not be happy, but that's likely true if there are _any_ spurious NMIs.  IIRC, I
didn't call out the process_nmi() behavior because having 255 pending virtual
NMIs doesn't put KVM at risk anymore than does having 2 pending virtual NMIs.

> May be worth an additional comment instead here in
> KVM_SET_VCPU_EVENTS, before the atomic_set().
> 
> On to the actual vNMI patch:
> 
> +    /*
> +     * KVM should never request an NMI window when vNMI is enabled, as KVM
> +     * allows at most one to-be-injected NMI and one pending NMI, i.e. if
> +     * two NMIs arrive simultaneously, KVM will inject one and set
> +     * V_NMI_PENDING for the other.  WARN, but continue with the standard
> +     * single-step approach to try and salvage the pending NMI.
> +     */
> +    WARN_ON_ONCE(is_vnmi_enabled(svm));
> 
> Understandable, but also scary. :) I am not sure losing a pending NMI
> is a big deal. IIRC the "limit = 2" case only matters because Windows
> uses an NMI shootdown when rebooting the system and in some cases it
> would hang; but in this case we're in a buggy situation. And it means
> having to think about how the IRET+single-step method interacts with
> vNMI, and what is the meaning of !svm->awaiting_iret_completion
> (tested right below) in this buggy case. I'd just "return" here.

Heh, Santosh originally had it return and I had the opposite reaction: why bail
and *guarantee* problems for the guest, instead of continuing on and *maybe*
causing problems for the guest.

 : Last thought, unless there's something that will obviously break, it's probably
 : better to WARN and continue than to bail.  I.e. do the single-step and hope for
 : the best.  Bailing at this point doesn't seem like it would help.

I don't have a super strong preference.  As you said, KVM is already in a buggy
scenario, though my vote is still to carry on.

https://lkml.kernel.org/r/Y9mwz%2FG6%2BG8NSX3%2B%40google.com

> And another small nit to conclude - kvm_get_nr_pending_nmis() could be static.
> 
> The only thing that leaves me a bit puzzled is the naming and
> rationale of get_vnmi_vmcb_l1(). I'll let you or Santosh clarify that.

Ah, I think what happened is that I complained about is_vnmi_enabled() being
misleading (https://lore.kernel.org/all/Y9m0q31NBmsnhVGD@google.com), but instead
of renaming the top-level helper, Santosh added an inner helper and here we are.

Re-reading what I wrote, and looking at the code with fresh eyes, I don't think
I agree with past me regarding the name of is_vnmi_enabled().  My biggest
objection/confusion with the original code was the comment saying vNMI was
"inhibited".  Appending "for_l1()" makes the usage in the callers quite confusing.

So my vote is to do:

static inline bool is_vnmi_enabled(struct vcpu_svm *svm)
{
	if (!vnmi)
		return false;

	if (is_guest_mode(&svm->vcpu))
		return false;

	return !!(svm->vmcb01.ptr->control.int_ctl & V_NMI_ENABLE_MASK);
}

---
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index f44751dd8d5d..5b604565d4b3 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -556,25 +556,15 @@ static inline bool is_x2apic_msrpm_offset(u32 offset)
               (msr < (APIC_BASE_MSR + 0x100));
 }
 
-static inline struct vmcb *get_vnmi_vmcb_l1(struct vcpu_svm *svm)
+static inline bool is_vnmi_enabled(struct vcpu_svm *svm)
 {
        if (!vnmi)
-               return NULL;
+               return false;
 
        if (is_guest_mode(&svm->vcpu))
-               return NULL;
-       else
-               return svm->vmcb01.ptr;
-}
-
-static inline bool is_vnmi_enabled(struct vcpu_svm *svm)
-{
-       struct vmcb *vmcb = get_vnmi_vmcb_l1(svm);
-
-       if (vmcb)
-               return !!(vmcb->control.int_ctl & V_NMI_ENABLE_MASK);
-       else
                return false;
+
+       return !!(svm->vmcb01.ptr->control.int_ctl & V_NMI_ENABLE_MASK);
 }
 
 /* svm.c */