Re: [PATCH 1/2] KVM: SVM: Fix TSC_AUX virtualization setup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	x86@kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Ingo Molnar <mingo@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Babu Moger <babu.moger@amd.com>
Subject: Re: [PATCH 1/2] KVM: SVM: Fix TSC_AUX virtualization setup
Date: Fri, 15 Sep 2023 10:32:05 -0700	[thread overview]
Message-ID: <ZQSVFQ78M/OUtWaj@google.com> (raw)
In-Reply-To: <8b047dad-84ac-69f9-3875-38bca92d7534@amd.com>

On Fri, Sep 15, 2023, Tom Lendacky wrote:
> On 9/14/23 15:48, Tom Lendacky wrote:
> > On 9/14/23 15:28, Sean Christopherson wrote:
> > > On Thu, Sep 14, 2023, Tom Lendacky wrote:
> 
> > 
> > > 
> > > > +        if (guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
> > > > +            svm_clr_intercept(svm, INTERCEPT_RDTSCP);
> > > 
> > > Same thing here.
> > 
> > Will do.
> 
> For RDTSCP, svm_recalc_instruction_intercepts() will set/clear the RDTSCP
> intercept as part of the svm_vcpu_set_after_cpuid() path, but it will only
> do it based on kvm_cpu_cap_has(X86_FEATURE_RDTSCP) being true, which is very
> likely.
> 
> Do you think that is good enough and we can drop the setting and clearing of
> the RDTSCP intercept in the sev_es_vcpu_set_after_cpuid() function and only
> deal with the TSC_AUX MSR intercept?

The common handling should be good enough.

> On a side note, it looks like RDTSCP would not be intercepted if the KVM cap
> X86_FEATURE_RDTSCP feature is cleared, however unlikely, in
> kvm_set_cpu_caps() and RDTSCP is not advertised to the guest (assuming the
> guest is ignoring the RDTSCP CPUID bit).

Hmm, yes, though the only scenario in which KVM clears RDTSCP on AMD comes with
a WARN (it's a guard against KVM bugs).  If the guest ignores CPUID and uses
RDTSCP anyways, the guest deserves its death, and leaking the host pCPU doesn't
seem like a major issue.

That said, if hardware behavior is to ignore unknown intercepts, e.g. if KVM can
safely set INTERCEPT_RDTSCP even when hardware doesn't support said intercept,
then I wouldn't be opposed to doing:

	/*
	 * Intercept INVPCID if shadow paging is enabled to sync/free shadow
	 * roots, or if INVPCID is disabled in the guest to inject #UD.
	 */
	if (!kvm_cpu_cap_has(X86_FEATURE_INVPCID) ||
	    !npt_enabled || !guest_cpuid_has(&svm->vcpu, X86_FEATURE_INVPCID))
		svm_set_intercept(svm, INTERCEPT_INVPCID);
	else
		svm_clr_intercept(svm, INTERCEPT_INVPCID);

	if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP) &&
	    guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP))
		svm_clr_intercept(svm, INTERCEPT_RDTSCP);
	else
		svm_set_intercept(svm, INTERCEPT_RDTSCP);

Alternatively, KVM could check boot_cpu_has() instead or kvm_cpu_cap_has(), but
that's not foolproof either, e.g. see Intel's of hiding PCID to workaround the
TLB flushing bug on Alderlake.  So my vote would either be to keep things as-is,
or do the above (if that's safe).

next prev parent reply	other threads:[~2023-09-15 17:33 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-14 19:50 [PATCH 0/2] SEV-ES TSC_AUX virtualization fix and optimization Tom Lendacky
2023-09-14 19:50 ` [PATCH 1/2] KVM: SVM: Fix TSC_AUX virtualization setup Tom Lendacky
2023-09-14 20:28   ` Sean Christopherson
2023-09-14 20:48     ` Tom Lendacky
2023-09-14 21:13       ` Sean Christopherson
2023-09-15 14:26         ` Tom Lendacky
2023-09-15 14:32           ` Sean Christopherson
2023-09-15 16:52       ` Tom Lendacky
2023-09-15 17:32         ` Sean Christopherson [this message]
2023-09-15 20:54           ` Tom Lendacky
2023-09-14 19:50 ` [PATCH 2/2] KVM: SVM: Do not use user return MSR support for virtualized TSC_AUX Tom Lendacky
2023-09-15 14:43   ` Sean Christopherson
2023-09-15 14:51     ` Sean Christopherson
2023-09-15 15:08       ` Tom Lendacky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZQSVFQ78M/OUtWaj@google.com \
    --to=seanjc@google.com \
    --cc=babu.moger@amd.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.