From: Robert Hoo <robert.hu@linux.intel.com>
To: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: chang.seok.bae@intel.com, kvm@vger.kernel.org,
robert.hu@intel.com, pbonzini@redhat.com, seanjc@google.com,
wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org
Subject: Re: [RFC PATCH 03/12] kvm/vmx: Introduce the new tertiary processor-based VM-execution controls
Date: Tue, 26 Jan 2021 17:27:06 +0800 [thread overview]
Message-ID: <0702b26fadeff53c08657afa1872a47df90c4198.camel@linux.intel.com> (raw)
In-Reply-To: <87czxt4amd.fsf@vitty.brq.redhat.com>
On Mon, 2021-01-25 at 10:41 +0100, Vitaly Kuznetsov wrote:
> Robert Hoo <robert.hu@linux.intel.com> writes:
>
[...]
> >
> > /*
> > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> > index 47b8357..12a926e 100644
> > --- a/arch/x86/kvm/vmx/vmx.c
> > +++ b/arch/x86/kvm/vmx/vmx.c
> > @@ -2376,6 +2376,7 @@ static __init int setup_vmcs_config(struct
> > vmcs_config *vmcs_conf,
> > u32 _pin_based_exec_control = 0;
> > u32 _cpu_based_exec_control = 0;
> > u32 _cpu_based_2nd_exec_control = 0;
> > + u64 _cpu_based_3rd_exec_control = 0;
> > u32 _vmexit_control = 0;
> > u32 _vmentry_control = 0;
> >
> > @@ -2397,7 +2398,8 @@ static __init int setup_vmcs_config(struct
> > vmcs_config *vmcs_conf,
> >
> > opt = CPU_BASED_TPR_SHADOW |
> > CPU_BASED_USE_MSR_BITMAPS |
> > - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS;
> > + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS |
> > + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS;
> > if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS,
> > &_cpu_based_exec_control) < 0)
> > return -EIO;
> > @@ -2557,6 +2559,7 @@ static __init int setup_vmcs_config(struct
> > vmcs_config *vmcs_conf,
> > vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control;
> > vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control;
> > vmcs_conf->cpu_based_2nd_exec_ctrl =
> > _cpu_based_2nd_exec_control;
> > + vmcs_conf->cpu_based_3rd_exec_ctrl =
> > _cpu_based_3rd_exec_control;
> > vmcs_conf->vmexit_ctrl = _vmexit_control;
> > vmcs_conf->vmentry_ctrl = _vmentry_control;
> >
> > @@ -4200,6 +4203,12 @@ u32 vmx_exec_control(struct vcpu_vmx *vmx)
> > #define vmx_adjust_sec_exec_exiting(vmx, exec_control, lname,
> > uname) \
> > vmx_adjust_sec_exec_control(vmx, exec_control, lname, uname,
> > uname##_EXITING, true)
> >
> > +static u64 vmx_tertiary_exec_control(struct vcpu_vmx *vmx)
> > +{
> > + /* Though currently, no special adjustment. There might be in
> > the future*/
> > + return vmcs_config.cpu_based_3rd_exec_ctrl;
> > +}
> > +
> > static void vmx_compute_secondary_exec_control(struct vcpu_vmx
> > *vmx)
> > {
> > struct kvm_vcpu *vcpu = &vmx->vcpu;
> > @@ -4310,6 +4319,9 @@ static void init_vmcs(struct vcpu_vmx *vmx)
> > secondary_exec_controls_set(vmx, vmx-
> > >secondary_exec_control);
> > }
> >
> > + if (cpu_has_tertiary_exec_ctrls())
> > + tertiary_exec_controls_set(vmx,
> > vmx_tertiary_exec_control(vmx));
> > +
> > if (kvm_vcpu_apicv_active(&vmx->vcpu)) {
> > vmcs_write64(EOI_EXIT_BITMAP0, 0);
> > vmcs_write64(EOI_EXIT_BITMAP1, 0);
> > @@ -5778,6 +5790,7 @@ void dump_vmcs(void)
> > {
> > u32 vmentry_ctl, vmexit_ctl;
> > u32 cpu_based_exec_ctrl, pin_based_exec_ctrl,
> > secondary_exec_control;
> > + u64 tertiary_exec_control = 0;
> > unsigned long cr4;
> > u64 efer;
> >
> > @@ -5796,6 +5809,9 @@ void dump_vmcs(void)
> > if (cpu_has_secondary_exec_ctrls())
> > secondary_exec_control =
> > vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
> >
> > + if (cpu_has_tertiary_exec_ctrls())
> > + tertiary_exec_control =
> > vmcs_read64(TERTIARY_VM_EXEC_CONTROL);
>
> We'll have to do something about Enlightened VMCS I believe. In
> theory,
> when eVMCS is in use, 'CPU_BASED_ACTIVATE_TERTIARY_CONTROLS' should
> not
> be exposed, e.g. when KVM hosts a EVMCS enabled guest the control
> should
> be filtered out. Something like (completely untested):
>
> diff --git a/arch/x86/kvm/vmx/evmcs.c b/arch/x86/kvm/vmx/evmcs.c
> index 41f24661af04..c44ff05f3235 100644
> --- a/arch/x86/kvm/vmx/evmcs.c
> +++ b/arch/x86/kvm/vmx/evmcs.c
> @@ -299,6 +299,7 @@ const unsigned int nr_evmcs_1_fields =
> ARRAY_SIZE(vmcs_field_to_evmcs_1);
>
> __init void evmcs_sanitize_exec_ctrls(struct vmcs_config *vmcs_conf)
> {
> + vmcs_conf->cpu_based_exec_ctrl &=
> ~EVMCS1_UNSUPPORTED_EXEC_CTRL;
> vmcs_conf->pin_based_exec_ctrl &=
> ~EVMCS1_UNSUPPORTED_PINCTRL;
> vmcs_conf->cpu_based_2nd_exec_ctrl &=
> ~EVMCS1_UNSUPPORTED_2NDEXEC;
>
> diff --git a/arch/x86/kvm/vmx/evmcs.h b/arch/x86/kvm/vmx/evmcs.h
> index bd41d9462355..bf2c5e7a4a8f 100644
> --- a/arch/x86/kvm/vmx/evmcs.h
> +++ b/arch/x86/kvm/vmx/evmcs.h
> @@ -50,6 +50,7 @@ DECLARE_STATIC_KEY_FALSE(enable_evmcs);
> */
> #define EVMCS1_UNSUPPORTED_PINCTRL (PIN_BASED_POSTED_INTR | \
> PIN_BASED_VMX_PREEMPTION_TIMER)
> +#define EVMCS1_UNSUPPORTED_EXEC_CTRL
> (CPU_BASED_ACTIVATE_TERTIARY_CONTROLS)
> #define
> EVMCS1_UNSUPPORTED_2NDEXEC \
> (SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY
> | \
> SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES
> | \
>
> should do the job I think.
Agree, until L0 HyperV supports the new tertiary control, L1 KVM shall
not expose it to its guests. Thanks Vitaly pointing out, and with
detailed explanation.
BTW, when would enlightened VMCS support VMCS Tertiary Control and Key
Locker feature?
>
> > +
> > pr_err("*** Guest State ***\n");
> > pr_err("CR0: actual=0x%016lx, shadow=0x%016lx,
> > gh_mask=%016lx\n",
> > vmcs_readl(GUEST_CR0), vmcs_readl(CR0_READ_SHADOW),
> > @@ -5878,8 +5894,9 @@ void dump_vmcs(void)
> > vmcs_read64(HOST_IA32_PERF_GLOBAL_CTRL));
> >
> > pr_err("*** Control State ***\n");
> > - pr_err("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n",
> > - pin_based_exec_ctrl, cpu_based_exec_ctrl,
> > secondary_exec_control);
> > + pr_err("PinBased=0x%08x CPUBased=0x%08x SecondaryExec=0x%08x
> > TertiaryExec=0x%016llx\n",
> > + pin_based_exec_ctrl, cpu_based_exec_ctrl,
> > secondary_exec_control,
> > + tertiary_exec_control);
> > pr_err("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl,
> > vmexit_ctl);
> > pr_err("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n",
> > vmcs_read32(EXCEPTION_BITMAP),
> > diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> > index f6f66e5..94f1c27 100644
> > --- a/arch/x86/kvm/vmx/vmx.h
> > +++ b/arch/x86/kvm/vmx/vmx.h
> > @@ -373,6 +373,14 @@ static inline u8 vmx_get_rvi(void)
> > BUILD_CONTROLS_SHADOW(exec, CPU_BASED_VM_EXEC_CONTROL)
> > BUILD_CONTROLS_SHADOW(secondary_exec, SECONDARY_VM_EXEC_CONTROL)
> >
> > +static inline void tertiary_exec_controls_set(struct vcpu_vmx
> > *vmx, u64 val)
> > +{
> > + if (vmx->loaded_vmcs->controls_shadow.tertiary_exec != val) {
> > + vmcs_write64(TERTIARY_VM_EXEC_CONTROL, val);
> > + vmx->loaded_vmcs->controls_shadow.tertiary_exec = val;
> > + }
> > +}
> > +
> > static inline void vmx_register_cache_reset(struct kvm_vcpu *vcpu)
> > {
> > vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 <<
> > VCPU_REGS_RSP)
>
>
next prev parent reply other threads:[~2021-01-26 16:25 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 9:06 [RFC PATCH 00/12] KVM: Support Intel KeyLocker Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 01/12] x86/keylocker: Move LOADIWKEY opcode definition from keylocker.c to keylocker.h Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 02/12] x86/cpufeature: Add CPUID.19H:{EBX,ECX} cpuid leaves Robert Hoo
2021-04-05 15:32 ` Sean Christopherson
2021-04-06 3:34 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 03/12] kvm/vmx: Introduce the new tertiary processor-based VM-execution controls Robert Hoo
2021-01-25 9:41 ` Vitaly Kuznetsov
2021-01-26 9:27 ` Robert Hoo [this message]
2021-02-03 6:32 ` Robert Hoo
2021-02-03 8:45 ` Vitaly Kuznetsov
2021-04-05 15:38 ` Sean Christopherson
2021-04-06 3:37 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 04/12] kvm/vmx: enable LOADIWKEY vm-exit support in " Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 05/12] kvm/vmx: Add KVM support on KeyLocker operations Robert Hoo
2021-04-05 16:25 ` Sean Christopherson
2021-04-08 5:44 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 06/12] kvm/cpuid: Enumerate KeyLocker feature in KVM Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 07/12] kvm/vmx/nested: Support new IA32_VMX_PROCBASED_CTLS3 vmx feature control MSR Robert Hoo
2021-04-05 15:44 ` Sean Christopherson
2021-04-08 5:45 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 08/12] kvm/vmx: Refactor vmx_compute_tertiary_exec_control() Robert Hoo
2021-04-05 15:46 ` Sean Christopherson
2021-04-08 5:45 ` Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 09/12] kvm/vmx/vmcs12: Add Tertiary Exec-Control field in vmcs12 Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 10/12] kvm/vmx/nested: Support tertiary VM-Exec control in vmcs02 Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 11/12] kvm/vmx/nested: Support CR4.KL in nested Robert Hoo
2021-01-25 9:06 ` [RFC PATCH 12/12] kvm/vmx/nested: Enable nested LOADIWKey VM-exit Robert Hoo
2021-04-05 16:03 ` [RFC PATCH 00/12] KVM: Support Intel KeyLocker Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0702b26fadeff53c08657afa1872a47df90c4198.camel@linux.intel.com \
--to=robert.hu@linux.intel.com \
--cc=chang.seok.bae@intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=robert.hu@intel.com \
--cc=seanjc@google.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox