From: Manali Shukla <manali.shukla@amd.com>
To: <kvm@vger.kernel.org>, <seanjc@google.com>
Cc: <linux-doc@vger.kernel.org>, <linux-perf-users@vger.kernel.org>,
<x86@kernel.org>, <pbonzini@redhat.com>, <peterz@infradead.org>,
<bp@alien8.de>, <santosh.shukla@amd.com>, <ravi.bangoria@amd.com>,
<thomas.lendacky@amd.com>, <nikunj@amd.com>,
<manali.shukla@amd.com>
Subject: [PATCH 13/13] KVM: x86: nSVM: Implement support for nested IBS virtualization
Date: Mon, 4 Sep 2023 09:53:47 +0000 [thread overview]
Message-ID: <20230904095347.14994-14-manali.shukla@amd.com> (raw)
In-Reply-To: <20230904095347.14994-1-manali.shukla@amd.com>
To handle the case where IBS is enabled for L1 and L2, IBS MSRs are
copied from vmcb12 to vmcb02 during vmentry and vice-versa during
vmexit.
To handle the case where IBS is enabled for L1 but _not_ for L2, IBS
MSRs are copied from vmcb01 to vmcb02 during vmentry and vice-versa
during vmexit.
Signed-off-by: Manali Shukla <manali.shukla@amd.com>
---
arch/x86/kvm/governed_features.h | 1 +
arch/x86/kvm/svm/nested.c | 23 +++++++++++++++++++++++
arch/x86/kvm/svm/svm.c | 18 ++++++++++++++++++
arch/x86/kvm/svm/svm.h | 1 +
4 files changed, 43 insertions(+)
diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h
index 423a73395c10..101c819f3876 100644
--- a/arch/x86/kvm/governed_features.h
+++ b/arch/x86/kvm/governed_features.h
@@ -16,6 +16,7 @@ KVM_GOVERNED_X86_FEATURE(PAUSEFILTER)
KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD)
KVM_GOVERNED_X86_FEATURE(VGIF)
KVM_GOVERNED_X86_FEATURE(VNMI)
+KVM_GOVERNED_X86_FEATURE(VIBS)
#undef KVM_GOVERNED_X86_FEATURE
#undef KVM_GOVERNED_FEATURE
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index dd496c9e5f91..a1bb32779b3e 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -616,6 +616,16 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12
} else if (unlikely(vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK)) {
svm_copy_lbrs(vmcb02, vmcb01);
}
+
+ if (guest_can_use(vcpu, X86_FEATURE_VIBS) &&
+ !(vmcb12->control.virt_ext & VIRTUAL_IBS_ENABLE_MASK))
+ vmcb02->control.virt_ext = vmcb12->control.virt_ext & ~VIRTUAL_IBS_ENABLE_MASK;
+
+ if (unlikely(guest_can_use(vcpu, X86_FEATURE_VIBS) &&
+ (svm->nested.ctl.virt_ext & VIRTUAL_IBS_ENABLE_MASK)))
+ svm_copy_ibs(vmcb02, vmcb12);
+ else if (unlikely(vmcb01->control.virt_ext & VIRTUAL_IBS_ENABLE_MASK))
+ svm_copy_ibs(vmcb02, vmcb01);
}
static inline bool is_evtinj_soft(u32 evtinj)
@@ -741,6 +751,13 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm,
vmcb02->control.virt_ext |=
(svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK);
+ vmcb02->control.virt_ext = vmcb01->control.virt_ext & VIRTUAL_IBS_ENABLE_MASK;
+
+ if (guest_can_use(vcpu, X86_FEATURE_VIBS))
+ vmcb02->control.virt_ext |= (svm->nested.ctl.virt_ext & VIRTUAL_IBS_ENABLE_MASK);
+ else
+ vmcb02->control.virt_ext &= ~VIRTUAL_IBS_ENABLE_MASK;
+
if (!nested_vmcb_needs_vls_intercept(svm))
vmcb02->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
@@ -1083,6 +1100,12 @@ int nested_svm_vmexit(struct vcpu_svm *svm)
svm_update_lbrv(vcpu);
}
+ if (unlikely(guest_can_use(vcpu, X86_FEATURE_VIBS) &&
+ (svm->nested.ctl.virt_ext & VIRTUAL_IBS_ENABLE_MASK)))
+ svm_copy_ibs(vmcb12, vmcb02);
+ else if (unlikely(vmcb01->control.virt_ext & VIRTUAL_IBS_ENABLE_MASK))
+ svm_copy_ibs(vmcb01, vmcb02);
+
if (vnmi) {
if (vmcb02->control.int_ctl & V_NMI_BLOCKING_MASK)
vmcb01->control.int_ctl |= V_NMI_BLOCKING_MASK;
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index b85120f0d3ac..7925bfa0b4ce 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1084,6 +1084,20 @@ void svm_ibs_msr_interception(struct vcpu_svm *svm, bool intercept)
set_msr_interception(&svm->vcpu, svm->msrpm, MSR_AMD64_ICIBSEXTDCTL, !intercept, !intercept);
}
+void svm_copy_ibs(struct vmcb *to_vmcb, struct vmcb *from_vmcb)
+{
+ to_vmcb->save.ibs_fetch_ctl = from_vmcb->save.ibs_fetch_ctl;
+ to_vmcb->save.ibs_fetch_linear_addr = from_vmcb->save.ibs_fetch_linear_addr;
+ to_vmcb->save.ibs_op_ctl = from_vmcb->save.ibs_op_ctl;
+ to_vmcb->save.ibs_op_rip = from_vmcb->save.ibs_op_rip;
+ to_vmcb->save.ibs_op_data = from_vmcb->save.ibs_op_data;
+ to_vmcb->save.ibs_op_data2 = from_vmcb->save.ibs_op_data2;
+ to_vmcb->save.ibs_op_data3 = from_vmcb->save.ibs_op_data3;
+ to_vmcb->save.ibs_dc_linear_addr = from_vmcb->save.ibs_dc_linear_addr;
+ to_vmcb->save.ibs_br_target = from_vmcb->save.ibs_br_target;
+ to_vmcb->save.ibs_fetch_extd_ctl = from_vmcb->save.ibs_fetch_extd_ctl;
+}
+
static void grow_ple_window(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
@@ -4441,6 +4455,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD);
kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF);
kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VNMI);
+ kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VIBS);
svm_recalc_instruction_intercepts(vcpu, svm);
@@ -5225,6 +5240,9 @@ static __init void svm_set_cpu_caps(void)
if (vnmi)
kvm_cpu_cap_set(X86_FEATURE_VNMI);
+ if (vibs)
+ kvm_cpu_cap_set(X86_FEATURE_VIBS);
+
/* Nested VM can receive #VMEXIT instead of triggering #GP */
kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK);
}
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index c2a02629a1d1..f607dc690d94 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -584,6 +584,7 @@ void svm_vcpu_init_msrpm(struct kvm_vcpu *vcpu, u32 *msrpm);
void svm_vcpu_free_msrpm(u32 *msrpm);
void svm_copy_lbrs(struct vmcb *to_vmcb, struct vmcb *from_vmcb);
void svm_update_lbrv(struct kvm_vcpu *vcpu);
+void svm_copy_ibs(struct vmcb *to_vmcb, struct vmcb *from_vmcb);
int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer);
void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);
--
2.34.1
next prev parent reply other threads:[~2023-09-04 9:57 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-04 9:53 [PATCH 00/13] Implement support for IBS virtualization Manali Shukla
2023-09-04 9:53 ` [PATCH 01/13] KVM: Add KVM_GET_LAPIC_W_EXTAPIC and KVM_SET_LAPIC_W_EXTAPIC for extapic Manali Shukla
2023-09-12 1:47 ` Chao Gao
2023-09-04 9:53 ` [PATCH 02/13] x86/cpufeatures: Add CPUID feature bit for Extended LVT Manali Shukla
2023-09-04 9:53 ` [PATCH 03/13] KVM: x86: Add emulation support for Extented LVT registers Manali Shukla
2023-09-12 2:36 ` Chao Gao
2023-09-04 9:53 ` [PATCH 04/13] x86/cpufeatures: Add CPUID feature bit for virtualized IBS Manali Shukla
2023-09-04 9:53 ` [PATCH 05/13] KVM: x86/cpuid: Add a KVM-only leaf for IBS capabilities Manali Shukla
2023-09-04 9:53 ` [PATCH 06/13] KVM: x86: Extend CPUID range to include new leaf Manali Shukla
2023-09-12 2:46 ` Chao Gao
2023-09-04 9:53 ` [PATCH 07/13] KVM: SVM: Extend VMCB area for virtualized IBS registers Manali Shukla
2023-09-12 2:50 ` Chao Gao
2023-09-04 9:53 ` [PATCH 08/13] perf/x86/amd: Add framework to save/restore host IBS state Manali Shukla
2023-09-05 14:54 ` Tom Lendacky
2023-09-04 9:53 ` [PATCH 09/13] KVM: SVM: add support for IBS virtualization for non SEV-ES guests Manali Shukla
2023-09-05 15:30 ` Tom Lendacky
2023-09-06 1:51 ` Alexey Kardashevskiy
2023-09-12 3:09 ` Chao Gao
2023-09-04 9:53 ` [PATCH 10/13] x86/cpufeatures: Add CPUID feature bit for VIBS in SEV-ES guest Manali Shukla
2023-09-04 9:53 ` [PATCH 11/13] KVM: SVM: Add support for IBS virtualization for SEV-ES guests Manali Shukla
2023-09-05 15:43 ` Tom Lendacky
2023-09-04 9:53 ` [PATCH 12/13] KVM: SVM: Enable IBS virtualization on non SEV-ES and " Manali Shukla
2023-09-05 16:00 ` Tom Lendacky
2023-09-12 3:30 ` Chao Gao
2023-09-04 9:53 ` Manali Shukla [this message]
2023-09-05 15:47 ` [PATCH 00/13] Implement support for IBS virtualization Peter Zijlstra
2023-09-06 15:38 ` Manali Shukla
2023-09-06 19:56 ` Peter Zijlstra
2023-09-07 15:49 ` Manali Shukla
2023-09-08 13:31 ` Peter Zijlstra
2023-09-11 12:32 ` Manali Shukla
2023-09-28 11:18 ` Manali Shukla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230904095347.14994-14-manali.shukla@amd.com \
--to=manali.shukla@amd.com \
--cc=bp@alien8.de \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.bangoria@amd.com \
--cc=santosh.shukla@amd.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).