arch/x86/kvm/Makefile | 4 -- arch/x86/kvm/svm/svm.c | 17 ++++--- arch/x86/kvm/svm/svm.h | 3 +- arch/x86/kvm/svm/vmenter.S | 97 +++++++++++++++++--------------------- 4 files changed, 56 insertions(+), 65 deletions(-)
Clean up SVM's enter/exit assembly code so that it can be compiled
without OBJECT_FILES_NON_STANDARD. The "standard" __svm_vcpu_run() can't
be made 100% bulletproof, as RBP isn't restored on #VMEXIT, but that's
also the case for __vmx_vcpu_run(), and getting "close enough" is better
than not even trying.
As for SEV-ES, after yet another refresher on swap types, I realized KVM
can simply let the hardware restore registers after #VMEXIT, all that's
missing is storing the current values to the host save area (I learned the
hard way that they are swap Type B, *sigh*). Unless I'm missing something,
this provides 100% accuracy when using stack frames for unwinding, and
requires less assembly (though probably not fewer code bytes; I didn't check).
In between, build the SEV-ES code iff CONFIG_KVM_AMD_SEV=y, and yank out
"support" for 32-bit kernels, which was unncessarily polluting the code.
I'm pretty sure I actually managed to test all of this, thanks to the SEV-ES
smoke selftests, and a bit of hacking to disable V_SPEC_CTRL, passthrough
SPEC_CTRL unconditionally, and have the selftests W/R SPEC_CTRL from its
guest.
Sean Christopherson (8):
KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding
KVM: SVM: Wrap __svm_sev_es_vcpu_run() with #ifdef CONFIG_KVM_AMD_SEV
KVM: SVM: Drop 32-bit "support" from __svm_sev_es_vcpu_run()
KVM: SVM: Clobber RAX instead of RBX when discarding
spec_ctrl_intercepted
KVM: SVM: Save/restore non-volatile GPRs in SEV-ES VMRUN via host save
area
KVM: SVM: Save/restore args across SEV-ES VMRUN via host save area
KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run()
KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD
arch/x86/kvm/Makefile | 4 --
arch/x86/kvm/svm/svm.c | 17 ++++---
arch/x86/kvm/svm/svm.h | 3 +-
arch/x86/kvm/svm/vmenter.S | 97 +++++++++++++++++---------------------
4 files changed, 56 insertions(+), 65 deletions(-)
base-commit: ec1e3d33557babed2c2c2c7da6e84293c2f56f58
--
2.44.0.rc0.258.g7320e95886-goog
On Fri, 23 Feb 2024 12:42:25 -0800, Sean Christopherson wrote:
> Clean up SVM's enter/exit assembly code so that it can be compiled
> without OBJECT_FILES_NON_STANDARD. The "standard" __svm_vcpu_run() can't
> be made 100% bulletproof, as RBP isn't restored on #VMEXIT, but that's
> also the case for __vmx_vcpu_run(), and getting "close enough" is better
> than not even trying.
>
> As for SEV-ES, after yet another refresher on swap types, I realized KVM
> can simply let the hardware restore registers after #VMEXIT, all that's
> missing is storing the current values to the host save area (I learned the
> hard way that they are swap Type B, *sigh*). Unless I'm missing something,
> this provides 100% accuracy when using stack frames for unwinding, and
> requires less assembly (though probably not fewer code bytes; I didn't check).
>
> [...]
Applied to kvm-x86 svm, thanks!
[1/8] KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding
https://github.com/kvm-x86/linux/commit/19597a71a0c8
[2/8] KVM: SVM: Wrap __svm_sev_es_vcpu_run() with #ifdef CONFIG_KVM_AMD_SEV
https://github.com/kvm-x86/linux/commit/7774c8f32e99
[3/8] KVM: SVM: Drop 32-bit "support" from __svm_sev_es_vcpu_run()
https://github.com/kvm-x86/linux/commit/331282fdb15e
[4/8] KVM: SVM: Clobber RAX instead of RBX when discarding spec_ctrl_intercepted
https://github.com/kvm-x86/linux/commit/87e8e360a05f
[5/8] KVM: SVM: Save/restore non-volatile GPRs in SEV-ES VMRUN via host save area
https://github.com/kvm-x86/linux/commit/c92be2fd8edf
[6/8] KVM: SVM: Save/restore args across SEV-ES VMRUN via host save area
https://github.com/kvm-x86/linux/commit/adac42bf42c1
[7/8] KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run()
https://github.com/kvm-x86/linux/commit/4367a75887ec
[8/8] KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD
https://github.com/kvm-x86/linux/commit/27ca867042af
--
https://github.com/kvm-x86/linux/tree/next
On Wed, Apr 10, 2024 at 2:23 AM Sean Christopherson <seanjc@google.com> wrote: > Applied to kvm-x86 svm, thanks! > > [1/8] KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding > https://github.com/kvm-x86/linux/commit/19597a71a0c8 > [2/8] KVM: SVM: Wrap __svm_sev_es_vcpu_run() with #ifdef CONFIG_KVM_AMD_SEV > https://github.com/kvm-x86/linux/commit/7774c8f32e99 > [3/8] KVM: SVM: Drop 32-bit "support" from __svm_sev_es_vcpu_run() > https://github.com/kvm-x86/linux/commit/331282fdb15e > [4/8] KVM: SVM: Clobber RAX instead of RBX when discarding spec_ctrl_intercepted > https://github.com/kvm-x86/linux/commit/87e8e360a05f > [5/8] KVM: SVM: Save/restore non-volatile GPRs in SEV-ES VMRUN via host save area > https://github.com/kvm-x86/linux/commit/c92be2fd8edf > [6/8] KVM: SVM: Save/restore args across SEV-ES VMRUN via host save area > https://github.com/kvm-x86/linux/commit/adac42bf42c1 > [7/8] KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() > https://github.com/kvm-x86/linux/commit/4367a75887ec > [8/8] KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD > https://github.com/kvm-x86/linux/commit/27ca867042af Do we perhaps want this in 6.9 because of the issues that was reported with objtool? Paolo
On 2/23/24 14:42, Sean Christopherson wrote: > Clean up SVM's enter/exit assembly code so that it can be compiled > without OBJECT_FILES_NON_STANDARD. The "standard" __svm_vcpu_run() can't > be made 100% bulletproof, as RBP isn't restored on #VMEXIT, but that's > also the case for __vmx_vcpu_run(), and getting "close enough" is better > than not even trying. > > As for SEV-ES, after yet another refresher on swap types, I realized KVM > can simply let the hardware restore registers after #VMEXIT, all that's > missing is storing the current values to the host save area (I learned the > hard way that they are swap Type B, *sigh*). Unless I'm missing something, > this provides 100% accuracy when using stack frames for unwinding, and > requires less assembly (though probably not fewer code bytes; I didn't check). > > In between, build the SEV-ES code iff CONFIG_KVM_AMD_SEV=y, and yank out > "support" for 32-bit kernels, which was unncessarily polluting the code. > > I'm pretty sure I actually managed to test all of this, thanks to the SEV-ES > smoke selftests, and a bit of hacking to disable V_SPEC_CTRL, passthrough > SPEC_CTRL unconditionally, and have the selftests W/R SPEC_CTRL from its > guest. > > Sean Christopherson (8): > KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding > KVM: SVM: Wrap __svm_sev_es_vcpu_run() with #ifdef CONFIG_KVM_AMD_SEV > KVM: SVM: Drop 32-bit "support" from __svm_sev_es_vcpu_run() > KVM: SVM: Clobber RAX instead of RBX when discarding > spec_ctrl_intercepted > KVM: SVM: Save/restore non-volatile GPRs in SEV-ES VMRUN via host save > area > KVM: SVM: Save/restore args across SEV-ES VMRUN via host save area > KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() > KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD > > arch/x86/kvm/Makefile | 4 -- > arch/x86/kvm/svm/svm.c | 17 ++++--- > arch/x86/kvm/svm/svm.h | 3 +- > arch/x86/kvm/svm/vmenter.S | 97 +++++++++++++++++--------------------- > 4 files changed, 56 insertions(+), 65 deletions(-) Nice cleanup, thanks! For the series: Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> > > > base-commit: ec1e3d33557babed2c2c2c7da6e84293c2f56f58
© 2016 - 2026 Red Hat, Inc.