From: Sean Christopherson <seanjc@google.com>
To: Chao Gao <chao.gao@intel.com>
Cc: Xin Li <xin3.li@intel.com>,
kvm@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org,
linux-kselftest@vger.kernel.org, pbonzini@redhat.com,
corbet@lwn.net, kys@microsoft.com, haiyangz@microsoft.com,
wei.liu@kernel.org, decui@microsoft.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
x86@kernel.org, hpa@zytor.com, vkuznets@redhat.com,
peterz@infradead.org, ravi.v.shankar@intel.com
Subject: Re: [PATCH v1 05/23] KVM: VMX: Initialize FRED VM entry/exit controls in vmcs_config
Date: Thu, 9 Nov 2023 07:15:31 -0800 [thread overview]
Message-ID: <ZUz3cPmnqSq7Lol9@google.com> (raw)
In-Reply-To: <ZUyeATu4Fd2xI0+h@chao-email>
On Thu, Nov 09, 2023, Chao Gao wrote:
> On Wed, Nov 08, 2023 at 10:29:45AM -0800, Xin Li wrote:
> >Setup the global vmcs_config for FRED:
> >1) Add VM_ENTRY_LOAD_IA32_FRED to KVM_OPTIONAL_VMX_VM_ENTRY_CONTROLS to
> > have a FRED CPU load guest FRED MSRs from VMCS upon VM entry.
> >2) Add SECONDARY_VM_EXIT_SAVE_IA32_FRED to
> > KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS to have a FRED CPU save
> > guest FRED MSRs to VMCS during VM exit.
> >3) add SECONDARY_VM_EXIT_LOAD_IA32_FRED to
> > KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS to have a FRED CPU load
> > host FRED MSRs from VMCS during VM exit.
> >
> >Also add sanity checks to make sure FRED VM entry/exit controls can be
> >set on a FRED CPU.
> >
> >Tested-by: Shan Kang <shan.kang@intel.com>
> >Signed-off-by: Xin Li <xin3.li@intel.com>
> >---
> > arch/x86/include/asm/vmx.h | 3 +++
> > arch/x86/kvm/vmx/vmx.c | 19 ++++++++++++++++++-
> > arch/x86/kvm/vmx/vmx.h | 7 +++++--
> > 3 files changed, 26 insertions(+), 3 deletions(-)
> >
> >diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> >index 4d4177ec802c..41796a733bc9 100644
> >--- a/arch/x86/include/asm/vmx.h
> >+++ b/arch/x86/include/asm/vmx.h
> >@@ -106,6 +106,8 @@
> > #define VM_EXIT_PT_CONCEAL_PIP 0x01000000
> > #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000
> > #define VM_EXIT_ACTIVATE_SECONDARY_CONTROLS 0x80000000
> >+#define SECONDARY_VM_EXIT_SAVE_IA32_FRED 0x00000001
> >+#define SECONDARY_VM_EXIT_LOAD_IA32_FRED 0x00000002
> >
> > #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff
> >
> >@@ -119,6 +121,7 @@
> > #define VM_ENTRY_LOAD_BNDCFGS 0x00010000
> > #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000
> > #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000
> >+#define VM_ENTRY_LOAD_IA32_FRED 0x00800000
> >
> > #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff
> >
> >diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> >index df769207cbe0..9186f41974ab 100644
> >--- a/arch/x86/kvm/vmx/vmx.c
> >+++ b/arch/x86/kvm/vmx/vmx.c
> >@@ -2694,10 +2694,27 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
> > _vmexit_control &= ~x_ctrl;
> > }
> >
> >- if (_vmexit_control & VM_EXIT_ACTIVATE_SECONDARY_CONTROLS)
> >+ if (_vmexit_control & VM_EXIT_ACTIVATE_SECONDARY_CONTROLS) {
> > _secondary_vmexit_control =
> > adjust_vmx_controls64(KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS,
> > MSR_IA32_VMX_EXIT_CTLS2);
> >+ if (cpu_feature_enabled(X86_FEATURE_FRED) &&
> >+ !(_secondary_vmexit_control & SECONDARY_VM_EXIT_SAVE_IA32_FRED &&
> >+ _secondary_vmexit_control & SECONDARY_VM_EXIT_LOAD_IA32_FRED)) {
> >+ pr_warn_once("FRED enabled but no VMX VM-Exit {SAVE,LOAD}_IA32_FRED controls: %llx\n",
> >+ _secondary_vmexit_control);
>
> if there is no VM_EXIT_ACTIVATE_SECONDARY_CONTROLS, shouldn't we also emit this
> warning?
>
> >+ if (error_on_inconsistent_vmcs_config)
> >+ return -EIO;
> >+ }
> >+ }
> >+
> >+ if (cpu_feature_enabled(X86_FEATURE_FRED) &&
> >+ !(_vmentry_control & VM_ENTRY_LOAD_IA32_FRED)) {
> >+ pr_warn_once("FRED enabled but no VMX VM-Entry LOAD_IA32_FRED control: %x\n",
> >+ _vmentry_control);
>
> Can we just hide FRED from guests like what KVM does for other features which
> have similar dependencies? see vmx_set_cpu_caps().
Both of these warnings should simply be dropped. The error_on_inconsistent_vmcs_config
stuff is for inconsistencies within the allowed VMCS fields. Having a feature
that is supported in bare metal but not virtualized is perfectly legal, if
uncommon.
What *is* needed is for KVM to refuse to virtualize FRED if the entry/exit controls
aren't consistent. E.g. if at least one control is present, and at least one
control is missing. I.e. KVM needs a version of vmcs_entry_exit_pairs that can
deal with SECONDAY_VM_EXIT controls. I'll circle back to this when I give the
series a proper review, which is going to be 3+ weeks.
next prev parent reply other threads:[~2023-11-09 15:15 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-08 18:29 [PATCH v1 00/23] Enable FRED with KVM VMX Xin Li
2023-11-08 18:29 ` [PATCH v1 01/23] KVM: VMX: Cleanup VMX basic information defines and usages Xin Li
2023-11-08 18:29 ` [PATCH v1 02/23] KVM: VMX: Cleanup VMX misc " Xin Li
2023-11-08 18:29 ` [PATCH v1 03/23] KVM: VMX: Add support for the secondary VM exit controls Xin Li
2023-11-08 18:29 ` [PATCH v1 04/23] KVM: x86: Mark CR4.FRED as not reserved Xin Li
2023-11-08 18:29 ` [PATCH v1 05/23] KVM: VMX: Initialize FRED VM entry/exit controls in vmcs_config Xin Li
2023-11-09 8:53 ` Chao Gao
2023-11-09 15:15 ` Sean Christopherson [this message]
2023-11-10 0:04 ` Li, Xin3
2023-11-10 15:01 ` Sean Christopherson
2023-11-14 4:05 ` Li, Xin3
2023-11-13 17:18 ` Nikolay Borisov
2023-11-15 2:39 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 06/23] KVM: VMX: Defer enabling FRED MSRs save/load until after set CPUID Xin Li
2023-11-09 9:15 ` Chao Gao
2023-11-09 23:50 ` Li, Xin3
2023-11-10 0:18 ` Sean Christopherson
2023-11-14 2:50 ` Li, Xin3
2023-11-15 21:47 ` Sean Christopherson
2023-11-08 18:29 ` [PATCH v1 07/23] KVM: VMX: Disable intercepting FRED MSRs Xin Li
2023-11-09 9:21 ` Chao Gao
2023-11-08 18:29 ` [PATCH v1 08/23] KVM: VMX: Initialize VMCS FRED fields Xin Li
2023-11-13 3:04 ` Chao Gao
2023-11-14 6:02 ` Li, Xin3
2023-11-14 6:51 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 09/23] KVM: VMX: Switch FRED RSP0 between host and guest Xin Li
2023-11-13 3:47 ` Chao Gao
2023-11-14 5:17 ` Li, Xin3
2023-11-14 7:47 ` Chao Gao
2023-11-15 3:04 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 10/23] KVM: VMX: Add support for FRED context save/restore Xin Li
2023-11-13 5:24 ` Chao Gao
2023-11-14 4:48 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 11/23] KVM: x86: Add kvm_is_fred_enabled() Xin Li
2023-11-13 7:35 ` Chao Gao
2023-11-14 4:42 ` Li, Xin3
2023-11-14 8:16 ` Chao Gao
2023-11-14 18:57 ` Li, Xin3
2023-11-20 9:04 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 12/23] KVM: VMX: Handle FRED event data Xin Li
2023-11-13 10:14 ` Chao Gao
2023-11-14 4:34 ` Li, Xin3
2023-11-14 8:58 ` Chao Gao
2023-11-15 2:52 ` Li, Xin3
2023-11-16 2:39 ` Chao Gao
2023-11-20 8:16 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 13/23] KVM: VMX: Handle VMX nested exception for FRED Xin Li
2023-11-14 7:40 ` Chao Gao
2023-11-15 3:03 ` Li, Xin3
2023-12-06 8:37 ` Li, Xin3
2023-12-07 8:42 ` Chao Gao
2023-12-07 10:09 ` Li, Xin3
2023-12-08 1:56 ` Chao Gao
2023-12-08 23:48 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 14/23] KVM: VMX: Dump FRED context in dump_vmcs() Xin Li
2023-11-14 14:36 ` Nikolay Borisov
2023-11-15 2:41 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 15/23] KVM: nVMX: Add support for the secondary VM exit controls Xin Li
2023-11-09 8:21 ` Jeremi Piotrowski
2023-11-10 0:12 ` Li, Xin3
2023-11-20 15:52 ` Vitaly Kuznetsov
2023-11-20 17:42 ` Li, Xin3
2023-11-08 18:29 ` [PATCH v1 16/23] KVM: nVMX: Add FRED VMCS fields Xin Li
2023-11-08 18:29 ` [PATCH v1 17/23] KVM: nVMX: Add support for VMX FRED controls Xin Li
2023-11-08 18:29 ` [PATCH v1 18/23] KVM: nVMX: Add VMCS FRED states checking Xin Li
2023-11-08 18:29 ` [PATCH v1 19/23] KVM: x86: Allow FRED/LKGS/WRMSRNS to be exposed to guests Xin Li
2023-11-08 18:30 ` [PATCH v1 20/23] KVM: selftests: Add FRED VMCS fields to evmcs Xin Li
2023-11-08 18:30 ` [PATCH v1 21/23] KVM: selftests: Run debug_regs test with FRED enabled Xin Li
2023-11-08 18:30 ` [PATCH v1 22/23] KVM: selftests: Add a new VM guest mode to run user level code Xin Li
2023-11-08 18:30 ` [PATCH v1 23/23] KVM: selftests: Add fred exception tests Xin Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZUz3cPmnqSq7Lol9@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
--cc=xin3.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.