From: Binbin Wu <binbin.wu@linux.intel.com>
To: "Huang, Kai" <kai.huang@intel.com>,
"seanjc@google.com" <seanjc@google.com>
Cc: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"Li, Xiaoyao" <xiaoyao.li@intel.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"Yamahata, Isaku" <isaku.yamahata@intel.com>,
"yuan.yao@linux.intel.com" <yuan.yao@linux.intel.com>
Subject: Re: [PATCH v3 1/2] KVM: x86: Check hypercall's exit to userspace generically
Date: Wed, 6 Nov 2024 16:32:33 +0800 [thread overview]
Message-ID: <cef7b663-bc6d-44a1-9d5e-736aa097ea68@linux.intel.com> (raw)
In-Reply-To: <662b4aa037bfd5e8f3653a833b460f18636e2bc1.camel@intel.com>
On 11/5/2024 5:20 PM, Huang, Kai wrote:
>> I think I prefer Binbin's version, as it forces the caller to provide cui(), i.e.
>> makes it harder KVM to fail to handle the backend of the hypercall.
> Fine to me.
>
> [...]
>
>> The one thing I don't love about providing a separate cui() is that it means
>> duplicating the guts of the completion helper. Ha! But we can avoid that by
>> adding another macro (untested).
>>
>> More macros/helpers is a bit ugly too, but I like the symmetry, and it will
>> definitely be easier to maintain. E.g. if the completion phase needs to pivot
>> on the exact hypercall, then we can update common code and don't need to remember
>> to go update TDX too.
>>
>> If no one objects and/or has a better idea, I'll splice together Binbin's patch
>> with this blob, and post a series tomorrow.
>>
>> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
>> index 8e8ca6dab2b2..0b0fa9174000 100644
>> --- a/arch/x86/include/asm/kvm_host.h
>> +++ b/arch/x86/include/asm/kvm_host.h
>> @@ -2179,6 +2179,16 @@ static inline void kvm_clear_apicv_inhibit(struct kvm *kvm,
>> kvm_set_or_clear_apicv_inhibit(kvm, reason, false);
>> }
>>
>> +#define kvm_complete_hypercall_exit(vcpu, ret_reg) \
>> +do { \
>> + u64 ret = (vcpu)->run->hypercall.ret; \
>> + \
>> + if (!is_64_bit_mode(vcpu)) \
>> + ret = (u32)ret; \
>> + kvm_##ret_reg##_write(vcpu, ret); \
>> + ++(vcpu)->stat.hypercalls; \
>> +} while (0)
>> +
>> int ____kvm_emulate_hypercall(struct kvm_vcpu *vcpu, unsigned long nr,
>> unsigned long a0, unsigned long a1,
>> unsigned long a2, unsigned long a3,
>> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
>> index 425a301911a6..aec79e132d3b 100644
>> --- a/arch/x86/kvm/x86.c
>> +++ b/arch/x86/kvm/x86.c
>> @@ -9989,12 +9989,8 @@ static void kvm_sched_yield(struct kvm_vcpu *vcpu, unsigned long dest_id)
>>
>> static int complete_hypercall_exit(struct kvm_vcpu *vcpu)
>> {
>> - u64 ret = vcpu->run->hypercall.ret;
>> + kvm_complete_hypercall_exit(vcpu, rax);
>>
>> - if (!is_64_bit_mode(vcpu))
>> - ret = (u32)ret;
>> - kvm_rax_write(vcpu, ret);
>> - ++vcpu->stat.hypercalls;
>> return kvm_skip_emulated_instruction(vcpu);
>> }
>>
> I think there's one issue here:
>
> I assume macro kvm_complete_hypercall_exit(vcpu, ret_reg) will also be used by
> TDX. The issue is it calls !is_64_bit_mode(vcpu), which has below WARN():
>
> WARN_ON_ONCE(vcpu->arch.guest_state_protected);
>
> So IIUC TDX will hit this.
>
> Btw, we have below (kinda) duplicated code in ____kvm_emulate_hypercall() too:
>
> ++vcpu->stat.hypercalls;
>
> if (!op_64_bit)
> ret = (u32)ret;
>
> kvm_register_write_raw(vcpu, ret_reg, ret);
>
> If we add a helper to do above, e.g.,
>
> static void kvm_complete_hypercall_exit(struct kvm_vcpu *vcpu, int ret_reg,
> unsigned long ret, bool op_64_bit)
> {
> if (!op_64_bit)
> ret = (u32)ret;
> kvm_register_write_raw(vcpu, ret_reg, ret);
> ++vcpu->stat.hypercalls;
> }
If this is going to be the final version, it would be better to make it
public, and export the symbol, so that TDX code can reuse it.
>
> Then we can have
>
> static int complete_hypercall_exit(struct kvm_vcpu *vcpu)
> {
> kvm_complete_hypercall_exit(vcpu, VCPU_REGS_RAX,
> vcpu->run->hypercall.ret, is_64_bit_mode(vcpu));
>
> return kvm_skip_emulated_instruction(vcpu);
> }
>
> TDX version can use:
>
> kvm_complete_hypercall_exit(vcpu, VCPU_REGS_R10,
> vcpu->run->hypercall.ret, true);
>
> And ____kvm_emulate_hypercall() can be:
>
> static int ____kvm_emulate_hypercall(vcpu, ...)
> {
> ...
> out:
> kvm_complete_hypercall_exit(vcpu, ret_reg, ret, op_64_bit);
> return 1;
> }
>
next prev parent reply other threads:[~2024-11-06 8:32 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-26 2:22 [PATCH v3 0/2] KVM: x86: Check hypercall's exit to userspace generically Binbin Wu
2024-08-26 2:22 ` [PATCH v3 1/2] " Binbin Wu
2024-10-09 6:48 ` Xiaoyao Li
2024-10-30 20:49 ` Sean Christopherson
2024-10-31 0:49 ` Huang, Kai
2024-10-31 14:54 ` Sean Christopherson
2024-11-01 2:25 ` Binbin Wu
2024-11-01 15:26 ` Sean Christopherson
2024-11-01 11:05 ` Huang, Kai
2024-11-01 16:39 ` Sean Christopherson
2024-11-01 21:13 ` Huang, Kai
2024-11-04 9:03 ` Binbin Wu
2024-11-04 8:49 ` Binbin Wu
2024-11-04 9:55 ` Huang, Kai
2024-11-05 1:07 ` Binbin Wu
2024-11-05 2:32 ` Sean Christopherson
2024-11-05 9:20 ` Huang, Kai
2024-11-06 8:32 ` Binbin Wu [this message]
2024-11-06 8:54 ` Huang, Kai
2024-11-06 10:11 ` Binbin Wu
2024-11-06 15:30 ` Sean Christopherson
2024-11-25 6:47 ` Binbin Wu
2024-11-25 12:08 ` Huang, Kai
2024-10-31 4:56 ` Binbin Wu
2024-10-31 15:11 ` Sean Christopherson
2024-08-26 2:22 ` [PATCH v3 2/2] KVM: x86: Use user_exit_on_hypercall() instead of opencode Binbin Wu
2024-10-09 6:49 ` Xiaoyao Li
2024-10-09 5:37 ` [PATCH v3 0/2] KVM: x86: Check hypercall's exit to userspace generically Binbin Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cef7b663-bc6d-44a1-9d5e-736aa097ea68@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=xiaoyao.li@intel.com \
--cc=yuan.yao@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.