From: "Xin Li (Intel)" <xin@zytor.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
linux-doc@vger.kernel.org
Cc: pbonzini@redhat.com, seanjc@google.com, corbet@lwn.net,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
xin@zytor.com, luto@kernel.org, peterz@infradead.org,
andrew.cooper3@citrix.com, chao.gao@intel.com, hch@infradead.org
Subject: [PATCH v8 02/21] KVM: VMX: Initialize VM entry/exit FRED controls in vmcs_config
Date: Mon, 13 Oct 2025 18:09:31 -0700 [thread overview]
Message-ID: <20251014010950.1568389-3-xin@zytor.com> (raw)
In-Reply-To: <20251014010950.1568389-1-xin@zytor.com>
From: Xin Li <xin3.li@intel.com>
Setup VM entry/exit FRED controls in the global vmcs_config for proper
FRED VMCS fields management:
1) load guest FRED state upon VM entry.
2) save guest FRED state during VM exit.
3) load host FRED state during VM exit.
Also add FRED control consistency checks to the existing VM entry/exit
consistency check framework.
Signed-off-by: Xin Li <xin3.li@intel.com>
Signed-off-by: Xin Li (Intel) <xin@zytor.com>
Tested-by: Shan Kang <shan.kang@intel.com>
Tested-by: Xuelian Guo <xuelian.guo@intel.com>
Reviewed-by: Chao Gao <chao.gao@intel.com>
---
Change in v5:
* Remove the pair VM_ENTRY_LOAD_IA32_FRED/VM_EXIT_ACTIVATE_SECONDARY_CONTROLS,
since the secondary VM exit controls are unconditionally enabled anyway, and
there are features other than FRED needing it (Chao Gao).
* Add TB from Xuelian Guo.
Change in v4:
* Do VM exit/entry consistency checks using the new macro from Sean
Christopherson.
Changes in v3:
* Add FRED control consistency checks to the existing VM entry/exit
consistency check framework (Sean Christopherson).
* Just do the unnecessary FRED state load/store on every VM entry/exit
(Sean Christopherson).
---
arch/x86/include/asm/vmx.h | 4 ++++
arch/x86/kvm/vmx/vmx.c | 2 ++
arch/x86/kvm/vmx/vmx.h | 7 +++++--
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 1f60c04d11fb..dd79d027ea70 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -109,6 +109,9 @@
#define VM_EXIT_LOAD_CET_STATE 0x10000000
#define VM_EXIT_ACTIVATE_SECONDARY_CONTROLS 0x80000000
+#define SECONDARY_VM_EXIT_SAVE_IA32_FRED BIT_ULL(0)
+#define SECONDARY_VM_EXIT_LOAD_IA32_FRED BIT_ULL(1)
+
#define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff
#define VM_ENTRY_LOAD_DEBUG_CONTROLS 0x00000004
@@ -122,6 +125,7 @@
#define VM_ENTRY_PT_CONCEAL_PIP 0x00020000
#define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000
#define VM_ENTRY_LOAD_CET_STATE 0x00100000
+#define VM_ENTRY_LOAD_IA32_FRED 0x00800000
#define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 255158595e77..d881f1c133fa 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2622,6 +2622,8 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
u32 entry_control;
u64 exit_control;
} const vmcs_entry_exit2_pairs[] = {
+ { VM_ENTRY_LOAD_IA32_FRED,
+ SECONDARY_VM_EXIT_SAVE_IA32_FRED | SECONDARY_VM_EXIT_LOAD_IA32_FRED },
};
memset(vmcs_conf, 0, sizeof(*vmcs_conf));
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index b2724aab48d2..2cf599211ab3 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -488,7 +488,8 @@ static inline u8 vmx_get_rvi(void)
VM_ENTRY_LOAD_BNDCFGS | \
VM_ENTRY_PT_CONCEAL_PIP | \
VM_ENTRY_LOAD_IA32_RTIT_CTL | \
- VM_ENTRY_LOAD_CET_STATE)
+ VM_ENTRY_LOAD_CET_STATE | \
+ VM_ENTRY_LOAD_IA32_FRED)
#define __KVM_REQUIRED_VMX_VM_EXIT_CONTROLS \
(VM_EXIT_SAVE_DEBUG_CONTROLS | \
@@ -515,7 +516,9 @@ static inline u8 vmx_get_rvi(void)
VM_EXIT_ACTIVATE_SECONDARY_CONTROLS)
#define KVM_REQUIRED_VMX_SECONDARY_VM_EXIT_CONTROLS (0)
-#define KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS (0)
+#define KVM_OPTIONAL_VMX_SECONDARY_VM_EXIT_CONTROLS \
+ (SECONDARY_VM_EXIT_SAVE_IA32_FRED | \
+ SECONDARY_VM_EXIT_LOAD_IA32_FRED)
#define KVM_REQUIRED_VMX_PIN_BASED_VM_EXEC_CONTROL \
(PIN_BASED_EXT_INTR_MASK | \
--
2.51.0
next prev parent reply other threads:[~2025-10-14 1:11 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-14 1:09 [PATCH v8 00/21] Enable FRED with KVM VMX Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 01/21] KVM: VMX: Add support for the secondary VM exit controls Xin Li (Intel)
2025-10-14 1:09 ` Xin Li (Intel) [this message]
2025-10-14 1:09 ` [PATCH v8 03/21] KVM: VMX: Disable FRED if FRED consistency checks fail Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 04/21] x86/cea: Prefix event stack names with ESTACK_ Xin Li (Intel)
2025-10-23 14:20 ` Dave Hansen
2025-10-14 1:09 ` [PATCH v8 05/21] x86/cea: Export API for per-CPU exception stacks for KVM Xin Li (Intel)
2025-10-23 1:20 ` Xin Li
2025-10-23 8:06 ` Peter Zijlstra
2025-10-23 8:55 ` Xin Li
2025-10-23 14:08 ` Sean Christopherson
2025-10-23 14:15 ` Peter Zijlstra
2025-10-23 15:03 ` Dave Hansen
2025-10-14 1:09 ` [PATCH v8 06/21] KVM: VMX: Initialize VMCS FRED fields Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 07/21] KVM: VMX: Set FRED MSR intercepts Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 08/21] KVM: VMX: Save/restore guest FRED RSP0 Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 09/21] KVM: VMX: Add support for saving and restoring FRED MSRs Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 10/21] KVM: x86: Add a helper to detect if FRED is enabled for a vCPU Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 11/21] KVM: VMX: Virtualize FRED event_data Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 12/21] KVM: VMX: Virtualize FRED nested exception tracking Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 13/21] KVM: x86: Save/restore the nested flag of an exception Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 14/21] KVM: x86: Mark CR4.FRED as not reserved Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 15/21] KVM: VMX: Dump FRED context in dump_vmcs() Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 16/21] KVM: x86: Advertise support for FRED Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 17/21] KVM: nVMX: Add support for the secondary VM exit controls Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 18/21] KVM: nVMX: Add FRED VMCS fields to nested VMX context handling Xin Li (Intel)
2025-10-14 6:57 ` Chao Gao
2025-10-14 7:49 ` Xin Li
2025-10-22 23:10 ` Xin Li
2025-10-14 1:09 ` [PATCH v8 19/21] KVM: nVMX: Add FRED-related VMCS field checks Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 20/21] KVM: nVMX: Add prerequisites to SHADOW_FIELD_R[OW] macros Xin Li (Intel)
2025-10-14 1:09 ` [PATCH v8 21/21] KVM: nVMX: Allow VMX FRED controls Xin Li (Intel)
2025-10-14 6:13 ` [syzbot ci] Re: Enable FRED with KVM VMX syzbot ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251014010950.1568389-3-xin@zytor.com \
--to=xin@zytor.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox