From nobody Thu Sep 18 21:55:08 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD61BC001DE for ; Fri, 21 Jul 2023 20:20:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231325AbjGUUUa (ORCPT ); Fri, 21 Jul 2023 16:20:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230460AbjGUUUE (ORCPT ); Fri, 21 Jul 2023 16:20:04 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B680422D for ; Fri, 21 Jul 2023 13:19:35 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-5734d919156so26637607b3.3 for ; Fri, 21 Jul 2023 13:19:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689970774; x=1690575574; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=wPlbfa+N8zgfbkJ5TFjNvfC430Np593GRATA+kV4uv8=; b=YMYRUHzUDCVMuYn52ynlOKvBnRXOyiLr1dfgtoseNBOu4bDGsTucDMvLpEpL1MqmUe 4GSO5jlD2I9GxnBXQQRXoK5LwMCPEGlozlc4vlePKaqf3bhgsDxPjj+cBfWd7xupVa2/ i0NHbQtd24teDqosxIhfXN30cvUCTA5BSKtrqljErAnCSidWLnVSreSjcp9t3cgs8/8f j1Q2DQWnzLCp1MpXEbmnFdAh1ipvd0bngkKlEdgjYWvm70IfbIeCjdTuzIFN9rQlcRMX LZJ/W3WzKqojxqlMu8WlcWnJ0ILoNtfwLgJUzJKLYFQ7bJ52u6OwVjmUKa7/uN93JeuR y32A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689970774; x=1690575574; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wPlbfa+N8zgfbkJ5TFjNvfC430Np593GRATA+kV4uv8=; b=eQYFBcWsRet42VEw/ul8L+f8mxIANPU9eEG3NTrERtSixg4Ztg9gjrNVoegI1ibwuB TxQl/TbXi45cVRK95qEnwhgGcBcCPFI3x2fIMaimQbB95QGTk6PifbGiV4/E7TLmxDDw KeUzR1A2ewJQzBGXnFG6Y9uVrgkPFdThwdu0k9l4IRIV5Q9tLVWYYmsMU6D8byzI9uCx TzXOVblKklRAwq08T9wopTY/6z8cVhSFBx24jyPpYIrNWZGrb2gYzR83ZYjCs/y+PTis jvKmMXCL+6KkUXwNmG4KDHCvaD3uQZYwEkTx8FVpmiR4fqJ4BGVeuPIm9BrIu7v86ufa yd6g== X-Gm-Message-State: ABy/qLZx6X6EORU5PV4tOwdeM2O93jEMdUPTylL0PiJ8jrFS3cO3UVdG zAXpEG4SM1fX2HO30BpDYrf48ESvIyU= X-Google-Smtp-Source: APBJJlFEHHeJp5RT7zszaIw4ZA9cDrjfXBLHHV5QoHMtGzvyQ4EWMvYocU2KpSc+oerwCYSdXu+UWVkF0+Q= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:ad55:0:b0:583:6f04:4267 with SMTP id l21-20020a81ad55000000b005836f044267mr10407ywk.8.1689970774670; Fri, 21 Jul 2023 13:19:34 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 21 Jul 2023 13:18:55 -0700 In-Reply-To: <20230721201859.2307736-1-seanjc@google.com> Mime-Version: 1.0 References: <20230721201859.2307736-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230721201859.2307736-16-seanjc@google.com> Subject: [PATCH v4 15/19] KVM: VMX: Ensure CPU is stable when probing basic VMX support From: Sean Christopherson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Sean Christopherson , Paolo Bonzini Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Andrew Cooper , Kai Huang , Chao Gao Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Disable migration when probing VMX support during module load to ensure the CPU is stable, mostly to match similar SVM logic, where allowing migration effective requires deliberately writing buggy code. As a bonus, KVM won't report the wrong CPU to userspace if VMX is unsupported, but in practice that is a very, very minor bonus as the only way that reporting the wrong CPU would actually matter is if hardware is broken or if the system is misconfigured, i.e. if KVM gets migrated from a CPU that _does_ support VMX to a CPU that does _not_ support VMX. Reviewed-by: Kai Huang Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6f4fcd82fa6e..0e1f3856a9be 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2737,9 +2737,9 @@ static int setup_vmcs_config(struct vmcs_config *vmcs= _conf, return 0; } =20 -static bool kvm_is_vmx_supported(void) +static bool __kvm_is_vmx_supported(void) { - int cpu =3D raw_smp_processor_id(); + int cpu =3D smp_processor_id(); =20 if (!(cpuid_ecx(1) & feature_bit(VMX))) { pr_err("VMX not supported by CPU %d\n", cpu); @@ -2755,13 +2755,24 @@ static bool kvm_is_vmx_supported(void) return true; } =20 +static bool kvm_is_vmx_supported(void) +{ + bool supported; + + migrate_disable(); + supported =3D __kvm_is_vmx_supported(); + migrate_enable(); + + return supported; +} + static int vmx_check_processor_compat(void) { int cpu =3D raw_smp_processor_id(); struct vmcs_config vmcs_conf; struct vmx_capability vmx_cap; =20 - if (!kvm_is_vmx_supported()) + if (!__kvm_is_vmx_supported()) return -EIO; =20 if (setup_vmcs_config(&vmcs_conf, &vmx_cap) < 0) { --=20 2.41.0.487.g6d72f3e995-goog