From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
Marc Zyngier <maz@kernel.org>,
Huacai Chen <chenhuacai@kernel.org>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
Anup Patel <anup@brainfault.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
Eric Farman <farman@linux.ibm.com>,
Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Paul Durrant <paul@xen.org>
Cc: "James Morse" <james.morse@arm.com>,
"Alexandru Elisei" <alexandru.elisei@arm.com>,
"Suzuki K Poulose" <suzuki.poulose@arm.com>,
"Oliver Upton" <oliver.upton@linux.dev>,
"Atish Patra" <atishp@atishpatra.org>,
"David Hildenbrand" <david@redhat.com>,
kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
kvmarm@lists.linux.dev, kvmarm@lists.cs.columbia.edu,
linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org,
linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
"Yuan Yao" <yuan.yao@intel.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Isaku Yamahata" <isaku.yamahata@intel.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Fabiano Rosas" <farosas@linux.ibm.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Kai Huang" <kai.huang@intel.com>,
"Chao Gao" <chao.gao@intel.com>,
"Thomas Gleixner" <tglx@linutronix.de>
Subject: [PATCH v2 40/50] KVM: x86: Do compatibility checks when onlining CPU
Date: Wed, 30 Nov 2022 23:09:24 +0000 [thread overview]
Message-ID: <20221130230934.1014142-41-seanjc@google.com> (raw)
In-Reply-To: <20221130230934.1014142-1-seanjc@google.com>
From: Chao Gao <chao.gao@intel.com>
Do compatibility checks when enabling hardware to effectively add
compatibility checks when onlining a CPU. Abort enabling, i.e. the
online process, if the (hotplugged) CPU is incompatible with the known
good setup.
At init time, KVM does compatibility checks to ensure that all online
CPUs support hardware virtualization and a common set of features. But
KVM uses hotplugged CPUs without such compatibility checks. On Intel
CPUs, this leads to #GP if the hotplugged CPU doesn't support VMX, or
VM-Entry failure if the hotplugged CPU doesn't support all features
enabled by KVM.
Note, this is little more than a NOP on SVM, as SVM already checks for
full SVM support during hardware enabling.
Opportunistically add a pr_err() if setup_vmcs_config() fails, and
tweak all error messages to output which CPU failed.
Signed-off-by: Chao Gao <chao.gao@intel.com>
Co-developed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
arch/x86/kvm/svm/svm.c | 8 +++-----
arch/x86/kvm/vmx/vmx.c | 15 ++++++++++-----
arch/x86/kvm/x86.c | 5 +++++
3 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index c2e95c0d9fd8..46b658d0f46e 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -521,11 +521,12 @@ static void svm_init_osvw(struct kvm_vcpu *vcpu)
static bool kvm_is_svm_supported(void)
{
+ int cpu = raw_smp_processor_id();
const char *msg;
u64 vm_cr;
if (!cpu_has_svm(&msg)) {
- pr_err("SVM not supported, %s\n", msg);
+ pr_err("SVM not supported by CPU %d, %s\n", cpu, msg);
return false;
}
@@ -536,7 +537,7 @@ static bool kvm_is_svm_supported(void)
rdmsrl(MSR_VM_CR, vm_cr);
if (vm_cr & (1 << SVM_VM_CR_SVM_DISABLE)) {
- pr_err("SVM disabled (by BIOS) in MSR_VM_CR\n");
+ pr_err("SVM disabled (by BIOS) in MSR_VM_CR on CPU %d\n", cpu);
return false;
}
@@ -587,9 +588,6 @@ static int svm_hardware_enable(void)
if (efer & EFER_SVME)
return -EBUSY;
- if (!kvm_is_svm_supported())
- return -EINVAL;
-
sd = per_cpu_ptr(&svm_data, me);
sd->asid_generation = 1;
sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 6416ed5b7f89..39dd3082fcd8 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2711,14 +2711,16 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
static bool kvm_is_vmx_supported(void)
{
+ int cpu = raw_smp_processor_id();
+
if (!cpu_has_vmx()) {
- pr_err("CPU doesn't support VMX\n");
+ pr_err("VMX not supported by CPU %d\n", cpu);
return false;
}
if (!this_cpu_has(X86_FEATURE_MSR_IA32_FEAT_CTL) ||
!this_cpu_has(X86_FEATURE_VMX)) {
- pr_err("VMX not enabled (by BIOS) in MSR_IA32_FEAT_CTL\n");
+ pr_err("VMX not enabled (by BIOS) in MSR_IA32_FEAT_CTL on CPU %d\n", cpu);
return false;
}
@@ -2727,18 +2729,21 @@ static bool kvm_is_vmx_supported(void)
static int vmx_check_processor_compat(void)
{
+ int cpu = raw_smp_processor_id();
struct vmcs_config vmcs_conf;
struct vmx_capability vmx_cap;
if (!kvm_is_vmx_supported())
return -EIO;
- if (setup_vmcs_config(&vmcs_conf, &vmx_cap) < 0)
+ if (setup_vmcs_config(&vmcs_conf, &vmx_cap) < 0) {
+ pr_err("Failed to setup VMCS config on CPU %d\n", cpu);
return -EIO;
+ }
if (nested)
nested_vmx_setup_ctls_msrs(&vmcs_conf, vmx_cap.ept);
- if (memcmp(&vmcs_config, &vmcs_conf, sizeof(struct vmcs_config)) != 0) {
- pr_err("CPU %d feature inconsistency!\n", smp_processor_id());
+ if (memcmp(&vmcs_config, &vmcs_conf, sizeof(struct vmcs_config))) {
+ pr_err("Inconsistent VMCS config on CPU %d\n", cpu);
return -EIO;
}
return 0;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ee9af412ffd4..5a9e74cedbc6 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -11967,6 +11967,11 @@ int kvm_arch_hardware_enable(void)
bool stable, backwards_tsc = false;
kvm_user_return_msr_cpu_online();
+
+ ret = kvm_x86_check_processor_compatibility();
+ if (ret)
+ return ret;
+
ret = static_call(kvm_x86_hardware_enable)();
if (ret != 0)
return ret;
--
2.38.1.584.g0f3c55d4c2-goog
next prev parent reply other threads:[~2022-11-30 23:16 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-30 23:08 [PATCH v2 00/50] KVM: Rework kvm_init() and hardware enabling Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 01/50] KVM: Register /dev/kvm as the _very_ last thing during initialization Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 02/50] KVM: Initialize IRQ FD after arch hardware setup Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 03/50] KVM: Allocate cpus_hardware_enabled " Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 04/50] KVM: Teardown VFIO ops earlier in kvm_exit() Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 05/50] KVM: s390: Unwind kvm_arch_init() piece-by-piece() if a step fails Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 06/50] KVM: s390: Move hardware setup/unsetup to init/exit Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 07/50] KVM: x86: Do timer initialization after XCR0 configuration Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 08/50] KVM: x86: Move hardware setup/unsetup to init/exit Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 09/50] KVM: Drop arch hardware (un)setup hooks Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 10/50] KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling Sean Christopherson
2022-12-01 15:42 ` Vitaly Kuznetsov
2022-11-30 23:08 ` [PATCH v2 11/50] KVM: VMX: Don't bother disabling eVMCS static key on module exit Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 12/50] KVM: VMX: Move Hyper-V eVMCS initialization to helper Sean Christopherson
2022-12-01 15:22 ` Vitaly Kuznetsov
2022-11-30 23:08 ` [PATCH v2 13/50] KVM: x86: Move guts of kvm_arch_init() to standalone helper Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 14/50] KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace Sean Christopherson
2022-11-30 23:08 ` [PATCH v2 15/50] KVM: x86: Serialize vendor module initialization (hardware setup) Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 16/50] KVM: arm64: Simplify the CPUHP logic Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 17/50] KVM: arm64: Free hypervisor allocations if vector slot init fails Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 18/50] KVM: arm64: Unregister perf callbacks if hypervisor finalization fails Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 19/50] KVM: arm64: Do arm/arch initialization without bouncing through kvm_init() Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 20/50] KVM: arm64: Mark kvm_arm_init() and its unique descendants as __init Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 21/50] KVM: MIPS: Hardcode callbacks to hardware virtualization extensions Sean Christopherson
2022-12-01 22:00 ` Philippe Mathieu-Daudé
2022-12-01 22:49 ` Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 22/50] KVM: MIPS: Setup VZ emulation? directly from kvm_mips_init() Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 23/50] KVM: MIPS: Register die notifier prior to kvm_init() Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 24/50] KVM: RISC-V: Do arch init directly in riscv_kvm_init() Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 25/50] KVM: RISC-V: Tag init functions and data with __init, __ro_after_init Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 26/50] KVM: PPC: Move processor compatibility check to module init Sean Christopherson
2022-12-01 5:21 ` Michael Ellerman
2022-12-01 16:38 ` Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 27/50] KVM: s390: Do s390 specific init without bouncing through kvm_init() Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 28/50] KVM: s390: Mark __kvm_s390_init() and its descendants as __init Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 29/50] KVM: Drop kvm_arch_{init,exit}() hooks Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 30/50] KVM: VMX: Make VMCS configuration/capabilities structs read-only after init Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 31/50] KVM: x86: Do CPU compatibility checks in x86 code Sean Christopherson
2022-12-02 12:16 ` Huang, Kai
2022-12-05 20:52 ` Isaku Yamahata
2022-12-05 21:12 ` Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 32/50] KVM: Drop kvm_arch_check_processor_compat() hook Sean Christopherson
2022-12-02 12:18 ` Huang, Kai
2022-11-30 23:09 ` [PATCH v2 33/50] KVM: x86: Use KBUILD_MODNAME to specify vendor module name Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 34/50] KVM: x86: Unify pr_fmt to use module name for all KVM modules Sean Christopherson
2022-12-01 10:43 ` Paul Durrant
2022-11-30 23:09 ` [PATCH v2 35/50] KVM: VMX: Use current CPU's info to perform "disabled by BIOS?" checks Sean Christopherson
2022-12-02 12:18 ` Huang, Kai
2022-11-30 23:09 ` [PATCH v2 36/50] KVM: x86: Do VMX/SVM support checks directly in vendor code Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 37/50] KVM: VMX: Shuffle support checks and hardware enabling code around Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 38/50] KVM: SVM: Check for SVM support in CPU compatibility checks Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 39/50] KVM: x86: Move CPU compat checks hook to kvm_x86_ops (from kvm_x86_init_ops) Sean Christopherson
2022-12-02 13:01 ` Huang, Kai
2022-12-05 21:04 ` Isaku Yamahata
2022-11-30 23:09 ` Sean Christopherson [this message]
2022-12-02 13:03 ` [PATCH v2 40/50] KVM: x86: Do compatibility checks when onlining CPU Huang, Kai
2022-12-02 13:36 ` Huang, Kai
2022-12-02 16:04 ` Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 41/50] KVM: Rename and move CPUHP_AP_KVM_STARTING to ONLINE section Sean Christopherson
2022-12-02 13:06 ` Huang, Kai
2022-12-02 16:08 ` Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 42/50] KVM: Disable CPU hotplug during hardware enabling/disabling Sean Christopherson
2022-12-02 12:59 ` Huang, Kai
2022-12-02 16:31 ` Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 43/50] KVM: Ensure CPU is stable during low level hardware enable/disable Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 44/50] KVM: Drop kvm_count_lock and instead protect kvm_usage_count with kvm_lock Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 45/50] KVM: Remove on_each_cpu(hardware_disable_nolock) in kvm_exit() Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 46/50] KVM: Use a per-CPU variable to track which CPUs have enabled virtualization Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 47/50] KVM: Make hardware_enable_failed a local variable in the "enable all" path Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 48/50] KVM: Register syscore (suspend/resume) ops early in kvm_init() Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 49/50] KVM: Opt out of generic hardware enabling on s390 and PPC Sean Christopherson
2022-11-30 23:09 ` [PATCH v2 50/50] KVM: Clean up error labels in kvm_init() Sean Christopherson
2022-12-02 8:02 ` [PATCH v2 00/50] KVM: Rework kvm_init() and hardware enabling Chao Gao
2022-12-27 13:02 ` Paolo Bonzini
2022-12-28 11:22 ` Marc Zyngier
2022-12-28 11:58 ` Paolo Bonzini
2022-12-29 20:52 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221130230934.1014142-41-seanjc@google.com \
--to=seanjc@google.com \
--cc=aleksandar.qemu.devel@gmail.com \
--cc=alexandru.elisei@arm.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=atishp@atishpatra.org \
--cc=borntraeger@linux.ibm.com \
--cc=chao.gao@intel.com \
--cc=chenhuacai@kernel.org \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=dwmw2@infradead.org \
--cc=farman@linux.ibm.com \
--cc=farosas@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=isaku.yamahata@intel.com \
--cc=james.morse@arm.com \
--cc=kai.huang@intel.com \
--cc=kvm-riscv@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maz@kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=paul@xen.org \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=suzuki.poulose@arm.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=yuan.yao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).