From: Manali Shukla <manali.shukla@amd.com>
To: Sean Christopherson <seanjc@google.com>
Cc: kvm@vger.kernel.org, linux-kselftest@vger.kernel.org,
pbonzini@redhat.com, shuah@kernel.org, nikunj@amd.com,
thomas.lendacky@amd.com, vkuznets@redhat.com, bp@alien8.de,
babu.moger@amd.com
Subject: Re: [PATCH v4 3/4] KVM: nSVM: implement the nested idle halt intercept
Date: Mon, 30 Dec 2024 12:35:34 +0530 [thread overview]
Message-ID: <c43cd283-554f-4d1d-8ce7-e786a137ed33@amd.com> (raw)
In-Reply-To: <Z2TB94Ux5mOlds3b@google.com>
Hi Sean,
Thank you for reviewing my patches.
On 12/20/2024 6:31 AM, Sean Christopherson wrote:
> On Tue, Oct 22, 2024, Manali Shukla wrote:
>> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
>> index d5314cb7dff4..feb241110f1a 100644
>> --- a/arch/x86/kvm/svm/nested.c
>> +++ b/arch/x86/kvm/svm/nested.c
>> @@ -178,6 +178,14 @@ void recalc_intercepts(struct vcpu_svm *svm)
>> } else {
>> WARN_ON(!(c->virt_ext & VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK));
>> }
>> +
>> + /*
>> + * Clear the HLT intercept for L2 guest when the Idle HLT intercept feature
>> + * is enabled on the platform and the guest can use the Idle HLT intercept
>> + * feature.
>> + */
>> + if (guest_can_use(&svm->vcpu, X86_FEATURE_IDLE_HLT))
>> + vmcb_clr_intercept(c, INTERCEPT_HLT);
>
> This is wrong. KVM needs to honor the intercept of vmcb12. If L1 wants to
> intercept HLT, then KVM needs to configure vmcb02 to intercept HLT, regradless
> of whether or not L1 is utilizing INTERCEPT_IDLE_HLT.
>
> Given how KVM currently handles intercepts for nested SVM, I'm pretty sure you
> can simply do nothing. recalc_intercepts() starts with KVM's intercepts (from
> vmcb01), and adds in L1's intercepts. So unless there is a special case, the
> default behavior should Just Work.
>
> for (i = 0; i < MAX_INTERCEPT; i++)
> c->intercepts[i] = h->intercepts[i];
>
> ...
>
> for (i = 0; i < MAX_INTERCEPT; i++)
> c->intercepts[i] |= g->intercepts[i];
>
> KVM's approach creates all kinds of virtualization holes, e.g. L1 can utilize
> IDLE_HLT even if the feature isn't advertised to L1. But that's true for quite
> literally all feature-based intercepts, so for better or worse, I don't think
> it makes sense to try and change that approach for this feature.
>
Yeah. Makes sense. I will remove the above condition from V5, so that intercept of
vmcb12 is honored.
>> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
>> index e86b79e975d3..38d546788fc6 100644
>> --- a/arch/x86/kvm/svm/svm.c
>> +++ b/arch/x86/kvm/svm/svm.c
>> @@ -4425,6 +4425,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
>> kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD);
>> kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF);
>> kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VNMI);
>> + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_IDLE_HLT);
>>
>> svm_recalc_instruction_intercepts(vcpu, svm);
>>
>> @@ -5228,6 +5229,9 @@ static __init void svm_set_cpu_caps(void)
>> if (vnmi)
>> kvm_cpu_cap_set(X86_FEATURE_VNMI);
>>
>> + if (cpu_feature_enabled(X86_FEATURE_IDLE_HLT))
>> + kvm_cpu_cap_set(X86_FEATURE_IDLE_HLT);
>
> kvm_cpu_cap_check_and_set() does this for you.
>
>> +
>> /* Nested VM can receive #VMEXIT instead of triggering #GP */
>> kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK);
>> }
>> --
>> 2.34.1
>>
- Manali
next prev parent reply other threads:[~2024-12-30 7:05 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-22 5:48 [PATCH v4 0/4] Add support for the Idle HLT intercept feature Manali Shukla
2024-10-22 5:48 ` [PATCH v4 1/4] x86/cpufeatures: Add CPUID feature bit for Idle HLT intercept Manali Shukla
2024-10-22 9:32 ` Borislav Petkov
2024-10-22 15:08 ` Sean Christopherson
2024-10-22 5:48 ` [PATCH v4 2/4] KVM: SVM: Add Idle HLT intercept support Manali Shukla
2024-10-22 5:48 ` [PATCH v4 3/4] KVM: nSVM: implement the nested idle halt intercept Manali Shukla
2024-12-20 1:01 ` Sean Christopherson
2024-12-30 7:05 ` Manali Shukla [this message]
2024-12-30 7:14 ` Manali Shukla
2024-10-22 5:48 ` [PATCH v4 4/4] KVM: selftests: KVM: SVM: Add Idle HLT intercept test Manali Shukla
2024-12-20 1:24 ` Sean Christopherson
2024-12-30 7:10 ` Manali Shukla
2024-11-28 15:09 ` [PATCH v4 0/4] Add support for the Idle HLT intercept feature Manali Shukla
2024-12-12 16:37 ` Manali Shukla
2024-12-23 9:13 ` Manali Shukla
2024-12-23 9:27 ` Manali Shukla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c43cd283-554f-4d1d-8ce7-e786a137ed33@amd.com \
--to=manali.shukla@amd.com \
--cc=babu.moger@amd.com \
--cc=bp@alien8.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.