Re: [PATCH v4 03/19] KVM: VMX: Disable FRED if FRED consistency checks fail

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: "Xin Li (Intel)" <xin@zytor.com>
Cc: pbonzini@redhat.com, kvm@vger.kernel.org,
	linux-doc@vger.kernel.org,  linux-kernel@vger.kernel.org,
	corbet@lwn.net, tglx@linutronix.de,  mingo@redhat.com,
	bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org,
	 hpa@zytor.com, andrew.cooper3@citrix.com, luto@kernel.org,
	 peterz@infradead.org, chao.gao@intel.com, xin3.li@intel.com
Subject: Re: [PATCH v4 03/19] KVM: VMX: Disable FRED if FRED consistency checks fail
Date: Tue, 24 Jun 2025 08:20:07 -0700	[thread overview]
Message-ID: <aFrCJzodXP0sT6Ny@google.com> (raw)
In-Reply-To: <20250328171205.2029296-4-xin@zytor.com>

On Fri, Mar 28, 2025, Xin Li (Intel) wrote:
> From: Xin Li <xin3.li@intel.com>
> 
> Do not virtualize FRED if FRED consistency checks fail.
> 
> Either on broken hardware, or when run KVM on top of another hypervisor
> before the underlying hypervisor implements nested FRED correctly.
> 
> Suggested-by: Chao Gao <chao.gao@intel.com>
> Signed-off-by: Xin Li <xin3.li@intel.com>
> Signed-off-by: Xin Li (Intel) <xin@zytor.com>
> Tested-by: Shan Kang <shan.kang@intel.com>
> Reviewed-by: Chao Gao <chao.gao@intel.com>
> ---
> 
> Change in v4:
> * Call out the reason why not check FRED VM-exit controls in
>   cpu_has_vmx_fred() (Chao Gao).
> ---
>  arch/x86/kvm/vmx/capabilities.h | 11 +++++++++++
>  arch/x86/kvm/vmx/vmx.c          |  3 +++
>  2 files changed, 14 insertions(+)
> 
> diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
> index b2aefee59395..b4f49a4690ca 100644
> --- a/arch/x86/kvm/vmx/capabilities.h
> +++ b/arch/x86/kvm/vmx/capabilities.h
> @@ -400,6 +400,17 @@ static inline bool vmx_pebs_supported(void)
>  	return boot_cpu_has(X86_FEATURE_PEBS) && kvm_pmu_cap.pebs_ept;
>  }
>  
> +static inline bool cpu_has_vmx_fred(void)
> +{
> +	/*
> +	 * setup_vmcs_config() guarantees FRED VM-entry/exit controls
> +	 * are either all set or none.  So, no need to check FRED VM-exit
> +	 * controls.
> +	 */
> +	return cpu_feature_enabled(X86_FEATURE_FRED) &&

Drop the cpu_feature_enabled().  These helpers are all about checking raw CPU
support; whether or not the kernel is configured to support FRED is irrelevant.

[For these helpers; KVM obviously needs to account for FRED support in other
 paths, but that should be automagically handled by kvm_set_cpu_caps()]


> +		(vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_FRED);
> +}
> +
>  static inline bool cpu_has_notify_vmexit(void)
>  {
>  	return vmcs_config.cpu_based_2nd_exec_ctrl &
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index e38545d0dd17..ab84939ace96 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -8052,6 +8052,9 @@ static __init void vmx_set_cpu_caps(void)
>  		kvm_cpu_cap_check_and_set(X86_FEATURE_DTES64);
>  	}
>  
> +	if (!cpu_has_vmx_fred())
> +		kvm_cpu_cap_clear(X86_FEATURE_FRED);
> +
>  	if (!enable_pmu)
>  		kvm_cpu_cap_clear(X86_FEATURE_PDCM);
>  	kvm_caps.supported_perf_cap = vmx_get_perf_capabilities();
> -- 
> 2.48.1
>

next prev parent reply	other threads:[~2025-06-24 15:20 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-28 17:11 [PATCH v4 00/19] Enable FRED with KVM VMX Xin Li (Intel)
2025-03-28 17:11 ` [PATCH v4 01/19] KVM: VMX: Add support for the secondary VM exit controls Xin Li (Intel)
2025-03-28 17:11 ` [PATCH v4 02/19] KVM: VMX: Initialize VM entry/exit FRED controls in vmcs_config Xin Li (Intel)
2025-04-14  7:41   ` Chao Gao
2025-04-14 16:53     ` Xin Li
2025-03-28 17:11 ` [PATCH v4 03/19] KVM: VMX: Disable FRED if FRED consistency checks fail Xin Li (Intel)
2025-06-24 15:20   ` Sean Christopherson [this message]
2025-03-28 17:11 ` [PATCH v4 04/19] x86/cea: Export per CPU array 'cea_exception_stacks' for KVM to use Xin Li (Intel)
2025-04-10  8:53   ` Christoph Hellwig
2025-04-10 14:18     ` Dave Hansen
2025-04-11 16:16       ` Xin Li
2025-03-28 17:11 ` [PATCH v4 05/19] KVM: VMX: Initialize VMCS FRED fields Xin Li (Intel)
2025-03-28 17:11 ` [PATCH v4 06/19] KVM: VMX: Set FRED MSR interception Xin Li (Intel)
2025-06-24 15:27   ` Sean Christopherson
2025-03-28 17:11 ` [PATCH v4 07/19] KVM: VMX: Save/restore guest FRED RSP0 Xin Li (Intel)
2025-06-24 15:44   ` Sean Christopherson
2025-03-28 17:11 ` [PATCH v4 08/19] KVM: VMX: Add support for FRED context save/restore Xin Li (Intel)
2025-06-24 16:27   ` Sean Christopherson
2025-06-25 17:18     ` Xin Li
2025-06-26 17:22       ` Xin Li
2025-06-26 20:50         ` Sean Christopherson
2025-03-28 17:11 ` [PATCH v4 09/19] KVM: x86: Add a helper to detect if FRED is enabled for a vCPU Xin Li (Intel)
2025-03-28 17:11 ` [PATCH v4 10/19] KVM: VMX: Virtualize FRED event_data Xin Li (Intel)
2025-03-28 17:11 ` [PATCH v4 11/19] KVM: VMX: Virtualize FRED nested exception tracking Xin Li (Intel)
2025-03-28 17:11 ` [PATCH v4 12/19] KVM: x86: Save/restore the nested flag of an exception Xin Li (Intel)
2025-03-28 17:11 ` [PATCH v4 13/19] KVM: x86: Mark CR4.FRED as not reserved Xin Li (Intel)
2025-03-28 17:12 ` [PATCH v4 14/19] KVM: VMX: Dump FRED context in dump_vmcs() Xin Li (Intel)
2025-06-24 16:32   ` Sean Christopherson
2025-06-25 17:38     ` Xin Li
2025-03-28 17:12 ` [PATCH v4 15/19] KVM: x86: Allow FRED/LKGS to be advertised to guests Xin Li (Intel)
2025-06-24 16:38   ` Sean Christopherson
2025-06-25 18:05     ` Xin Li
2025-06-25 18:29       ` Sean Christopherson
2025-03-28 17:12 ` [PATCH v4 16/19] KVM: nVMX: Add support for the secondary VM exit controls Xin Li (Intel)
2025-06-24 16:54   ` Sean Christopherson
2025-03-28 17:12 ` [PATCH v4 17/19] KVM: nVMX: Add FRED VMCS fields to nested VMX context management Xin Li (Intel)
2025-03-28 17:12 ` [PATCH v4 18/19] KVM: nVMX: Add VMCS FRED states checking Xin Li (Intel)
2025-03-28 17:12 ` [PATCH v4 19/19] KVM: nVMX: Allow VMX FRED controls Xin Li (Intel)
2025-03-28 17:25 ` [PATCH v4 00/19] Enable FRED with KVM VMX Xin Li
2025-06-24 17:06   ` Sean Christopherson
2025-06-24 17:43     ` Xin Li
2025-06-24 17:47       ` H. Peter Anvin
2025-06-24 18:02         ` Xin Li
2025-06-24 18:40           ` H. Peter Anvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aFrCJzodXP0sT6Ny@google.com \
    --to=seanjc@google.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=bp@alien8.de \
    --cc=chao.gao@intel.com \
    --cc=corbet@lwn.net \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    --cc=xin3.li@intel.com \
    --cc=xin@zytor.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.