Re: [PATCH] KVM: VMX: Add quirk to allow L1 to set FREEZE_IN_SMM in vmcs12

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Jim Mattson <jmattson@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	Jonathan Corbet <corbet@lwn.net>,
	 Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	 Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org,  "H. Peter Anvin" <hpa@zytor.com>,
	Maxim Levitsky <mlevitsk@redhat.com>,
	kvm@vger.kernel.org,  linux-doc@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: VMX: Add quirk to allow L1 to set FREEZE_IN_SMM in vmcs12
Date: Thu, 5 Feb 2026 10:16:05 -0800	[thread overview]
Message-ID: <aYTeZY1DoJUyrGzo@google.com> (raw)
In-Reply-To: <CALMp9eT_uJZwO5AF-wWHFH1DnOKWjUtU2u9TCOs7=ZK8_xCx+w@mail.gmail.com>

On Thu, Feb 05, 2026, Jim Mattson wrote:
> On Thu, Feb 5, 2026 at 6:47 AM Sean Christopherson <seanjc@google.com> wrote:
> > > > In other words, unless I'm missing something, the only reasonable option is to
> > > > run the guest with FREEZE_IN_SMM=1, which means ignoring the guest's wishes.
> > > > Or I guess another way to look at it: you can have any color car you want, as
> > > > long as it's black :-)
> > >
> > > I would be happy with FREEZE_IN_SMM=1. I'm not happy with the host
> > > dictating FREEZE_IN_SMM=0.
> >
> > Yep, make sense.
> 
> Perhaps we should ignore both L0 and L1, and arbitrarily set
> FREEZE_IN_SMM=1 for both vmcs01 and vmcs02 when MPT is enabled. 

Hmm, I like that idea even more, because it's waaay simpler to implement.  Argh,
the wrinkle is that KVM doesn't actually know if DEBUGCTLMSR_FREEZE_IN_SMM is
supported.  Oh, nice, it's reported in PERF_CAPABILITIES.

  IA32_DEBUGCTL.FREEZE_WHILE_SMM is supported if
  IA32_PERF_CAPABILITIES.FREEZE_WHILE_SMM[Bit 12] is reporting 1

Arguably, this is a fix for mediated PMU support.  Because as you pointed out,
we can freeze PMCs on SMI for mediated vPMUs without impacting host profiling,
unlike the legacy vCPU where it being a weird extension of perf means we can't
deny guest profiling without breaking host perf usage.

This? (untested)

diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 4d3566bb1a93..5563f68158bb 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -324,6 +324,7 @@
 #define PERF_CAP_PEBS_TRAP             BIT_ULL(6)
 #define PERF_CAP_ARCH_REG              BIT_ULL(7)
 #define PERF_CAP_PEBS_FORMAT           0xf00
+#define PERF_CAP_FREEZE_IN_SMM         BIT_ULL(12)
 #define PERF_CAP_FW_WRITES             BIT_ULL(13)
 #define PERF_CAP_PEBS_BASELINE         BIT_ULL(14)
 #define PERF_CAP_PEBS_TIMING_INFO      BIT_ULL(17)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 27acafd03381..ef0d8108ff42 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -8119,13 +8119,12 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
 static __init u64 vmx_get_perf_capabilities(void)
 {
        u64 perf_cap = PERF_CAP_FW_WRITES;
-       u64 host_perf_cap = 0;
 
        if (!enable_pmu)
                return 0;
 
        if (boot_cpu_has(X86_FEATURE_PDCM))
-               rdmsrq(MSR_IA32_PERF_CAPABILITIES, host_perf_cap);
+               rdmsrq(MSR_IA32_PERF_CAPABILITIES, kvm_host.perf_capabilities);
 
        if (!cpu_feature_enabled(X86_FEATURE_ARCH_LBR) &&
            !enable_mediated_pmu) {
@@ -8139,11 +8138,11 @@ static __init u64 vmx_get_perf_capabilities(void)
                if (!vmx_lbr_caps.has_callstack)
                        memset(&vmx_lbr_caps, 0, sizeof(vmx_lbr_caps));
                else if (vmx_lbr_caps.nr)
-                       perf_cap |= host_perf_cap & PERF_CAP_LBR_FMT;
+                       perf_cap |= kvm_host.perf_capabilities & PERF_CAP_LBR_FMT;
        }
 
        if (vmx_pebs_supported()) {
-               perf_cap |= host_perf_cap & PERF_CAP_PEBS_MASK;
+               perf_cap |= kvm_host.perf_capabilities & PERF_CAP_PEBS_MASK;
 
                /*
                 * Disallow adaptive PEBS as it is functionally broken, can be
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 70bfe81dea54..e780d0e06b61 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -408,6 +408,11 @@ static inline void vmx_guest_debugctl_write(struct kvm_vcpu *vcpu, u64 val)
        WARN_ON_ONCE(val & VMX_HOST_OWNED_DEBUGCTL_BITS);
 
        val |= vcpu->arch.host_debugctl & VMX_HOST_OWNED_DEBUGCTL_BITS;
+
+       if (kvm_vcpu_has_mediated_pmu(vcpu) &&
+           (kvm_host.perf_capabilities & PERF_CAP_FREEZE_IN_SMM))
+               val |= DEBUGCTLMSR_FREEZE_IN_SMM;
+
        vmcs_write64(GUEST_IA32_DEBUGCTL, val);
 }
 
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 70e81f008030..e0084e1063d0 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -52,6 +52,7 @@ struct kvm_host_values {
        u64 xss;
        u64 s_cet;
        u64 arch_capabilities;
+       u64 perf_capabilities;
 };
 
 void kvm_spurious_fault(void);

     prev parent reply	other threads:[~2026-02-05 18:16 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-13 22:53 [PATCH] KVM: VMX: Add quirk to allow L1 to set FREEZE_IN_SMM in vmcs12 Jim Mattson
2026-01-14  0:42 ` Sean Christopherson
2026-01-14  3:47   ` Jim Mattson
2026-01-22 21:26     ` Jim Mattson
2026-02-04  2:00       ` Sean Christopherson
2026-02-05  0:42         ` Jim Mattson
2026-02-05  1:18           ` Sean Christopherson
2026-02-05  4:11             ` Jim Mattson
2026-02-05 14:47               ` Sean Christopherson
2026-02-05 17:43                 ` Jim Mattson
2026-02-05 18:16                   ` Sean Christopherson [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4d3566bb1a9 dfblob:5563f68158b dfblob:27acafd0338
dfblob:ef0d8108ff4 dfblob:70bfe81dea5 dfblob:e780d0e06b6
dfblob:70e81f00803 dfblob:e0084e1063d )
 OR (
bs:"Re: [PATCH] KVM: VMX: Add quirk to allow L1 to set FREEZE_IN_SMM in vmcs12" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aYTeZY1DoJUyrGzo@google.com \
    --to=seanjc@google.com \
    --cc=bp@alien8.de \
    --cc=corbet@lwn.net \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=mlevitsk@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.