From: Sean Christopherson <seanjc@google.com>
To: Jon Kohler <jon@nutanix.com>
Cc: Dave Hansen <dave.hansen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Chang S. Bae" <chang.seok.bae@intel.com>,
Kyle Huey <me@kylehuey.com>,
"neelnatu@google.com" <neelnatu@google.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH] x86/fpu/xstate: clear XSAVE features if DISABLED_MASK set
Date: Tue, 6 Jun 2023 16:40:40 -0700 [thread overview]
Message-ID: <ZH/D+JP2OGFtCUBy@google.com> (raw)
In-Reply-To: <8AE71A62-1BE3-4D6F-B57C-B5FCEA93169F@nutanix.com>
On Mon, Jun 05, 2023, Jon Kohler wrote:
> > On May 31, 2023, at 5:09 PM, Jon Kohler <jon@nutanix.com> wrote:
> >> The CPUID bits that enumerate support for a feature are independent from the CPUID
> >> bits that enumerate what XCR0 bits are supported, i.e. what features can be saved
> >> and restored via XSAVE/XRSTOR.
> >>
> >> KVM does mostly account for host XCR0, but in a very ad hoc way. E.g. MPX is
> >> handled by manually checking host XCR0.
> >>
> >> if (kvm_mpx_supported())
> >> kvm_cpu_cap_check_and_set(X86_FEATURE_MPX);
> >>
> >> PKU manually checks too, but indirectly by looking at whether or not the kernel
> >> has enabled CR4.OSPKE.
> >>
> >> if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
> >> kvm_cpu_cap_clear(X86_FEATURE_PKU);
> >>
> >> But unless I'm missing something, the various AVX and AMX bits rely solely on
> >> boot_cpu_data, i.e. would break if someone added CONFIG_X86_AVX or CONFIG_X86_AMX.
> >
> > What if we simply moved static unsigned short xsave_cpuid_features[] … into
> > xstate.h, which is already included in arch/x86/kvm/cpuid.c, and do
> > something similar to what I’m proposing in this patch already
> >
> > This would future proof such breakages I’d imagine?
> >
> > void kvm_set_cpu_caps(void)
> > {
> > ...
> > /*
> > * Clear CPUID for XSAVE features that are disabled.
> > */
> > for (i = 0; i < ARRAY_SIZE(xsave_cpuid_features); i++) {
> > unsigned short cid = xsave_cpuid_features[i];
> >
> > /* Careful: X86_FEATURE_FPU is 0! */
> > if ((i != XFEATURE_FP && !cid) || !boot_cpu_has(cid) ||
> > !cpu_feature_enabled(cid))
> > kvm_cpu_cap_clear(cid);
> > }
> > …
> > }
> >
>
> Sean - following up on this rough idea code above, wanted to validate that
> this was the direction you were thinking of having kvm_set_cpu_caps() clear
> caps when a particular xsave feature was disabled?
Ya, more or or less. But for KVM, that should be kvm_cpu_cap_has(), not boot_cpu_has().
And then I think KVM could actually WARN on a feature being disabled, i.e. put up
a tripwire to detect if things change in the future and the kernel lets the user
disable a feature that KVM wants to expose to a guest.
Side topic, I find the "cid" nomenclature super confusing, and the established
name in KVM is x86_feature.
Something like this?
for (i = 0; i < ARRAY_SIZE(xsave_cpuid_features); i++) {
unsigned int x86_feature = xsave_cpuid_features[i];
if (i != XFEATURE_FP && !x86_feature)
continue;
if (!kvm_cpu_cap_has(x86_feature))
continue;
if (WARN_ON_ONCE(!cpu_feature_enabled(x86_feature)))
kvm_cpu_cap_clear(x86_feature);
}
prev parent reply other threads:[~2023-06-06 23:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-30 20:01 [PATCH] x86/fpu/xstate: clear XSAVE features if DISABLED_MASK set Jon Kohler
2023-05-30 22:22 ` Dave Hansen
2023-05-31 3:04 ` Jon Kohler
2023-05-31 16:30 ` Sean Christopherson
[not found] ` <E17EFDD7-C54A-4532-B1D3-D567557FC54B@nutanix.com>
[not found] ` <ZHermsSGQBcDD07R@google.com>
2023-05-31 21:29 ` Borislav Petkov
2023-05-31 22:02 ` Sean Christopherson
[not found] ` <CBFC095A-10D1-4925-9F28-DEDEBBB38EF8@nutanix.com>
2023-06-05 13:23 ` Jon Kohler
2023-06-06 23:40 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZH/D+JP2OGFtCUBy@google.com \
--to=seanjc@google.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=chang.seok.bae@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jon@nutanix.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=me@kylehuey.com \
--cc=mingo@redhat.com \
--cc=neelnatu@google.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.