From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6BCCF29406 for ; Thu, 28 Nov 2024 01:34:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757676; cv=none; b=W9keFsxz9QXjpRrV5uN5uED4Tk0qf0TBO4Ifrs+vMK2feUgGei2675CzcaK12xgUhOIT7zAbLNzJwDPe6HEC/AgGPB3VfXv1Ro5mu8ppuvolYjdtGKA3XgIShaB+v20QZlc58eynw6g0+vwE0fouKkGtaUSscgidXCxaWQRstWU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757676; c=relaxed/simple; bh=qUOOQRdxqzW0iWtWBhZyxD40r+KxBbQyVzxJr0TNPM8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GS7bUgHid/CFXH550ffFcQlmy+6RW5nyHKMG/Bb4bMgMjOQUdMZ/+p2nM2QS7kNpMWJTmwxYDBCdhC5S8GQEcOd5/VS7Z3D6FAOIjU9VdO+INyxoiQXKKNJ0D6SFHOCONjqArrnm2DkSR50Ekvb2ep21kAgJzQypvbCZggm9/Qo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4C3zKq/e; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4C3zKq/e" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2eaf1a11078so452773a91.1 for ; Wed, 27 Nov 2024 17:34:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757674; x=1733362474; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=8PwmW/45ueQJahzHJJm7h5RjQBp4aZ3CpfBvMjYYokI=; b=4C3zKq/eL8aNPiGlFpon+1a7IxPxMNZtRN5E4LhXA/A99YMJU50nPSeh+Zy+CUsIMB 8/GTHMcPH/DCcKPbCcbE/V6vYwMSXTnUD+5vZlu5+E1Y9X3KfLVudNXZl0pf/rgrEEGe FJ5PDtV7Y690RD66ezgHlhOK+PFRKJZeMRK3P6hk/3sw8npIYlVvI3c5RZyvk4qMEpN3 3XbPfiMxfqlV2OIBjc1ZyEBYgrfQ7L1W6oz+LSgaFVJDpK3PO/Iar/FiohsDh4fsOjh6 GvVj0ZKdM06n67tF/ahUpGGnXJN7bXqMf+qZLlcPBWdxGA0OGryUdFzWAzsbndjkgX/t eznA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757674; x=1733362474; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8PwmW/45ueQJahzHJJm7h5RjQBp4aZ3CpfBvMjYYokI=; b=KZvpdGNG/oThlFtnLDJ2R5XOMSLZxtRIRm5Rw3qoAI02oCqjivJ8/lmEeaajTWt6Nh ql4Y2ABHP551GpShoKgH9WeBvF97DtDAKNbjHQMeAAzsUoqhQawSdyL9FbEdR0XnW4QS 8FTtE0P8ojKRKVka41JPZMMaV41jqHFOJ6VBA6gtgmLiPA23KnIFC6bjP17B4zKIyxrS mFZwkV59i89YPlKzWEjtPBoSVGCalgvD6/bL1pjS7Jt9QcWH/JVNr1nPOibhfggBU0hQ DsgPRm34G+8rjrK6fwnBoGKRx3hjQOI+51dN0L+ztYg5oLC5sskFcLjqJsum3HdntYva WsJw== X-Forwarded-Encrypted: i=1; AJvYcCUNWivYqZG3zGAomv2eD+7GmBr/EezSBKgX6y6NLuT00kpod9Kk0vaXJO+moA94eLjVfZN4SHPcptAR6Tk=@vger.kernel.org X-Gm-Message-State: AOJu0YzX6fw+PBpjGfiChFRT7yr4eMx8Os+rn/sOvTtVcUZewaDEYwRr dX6exnxL4faVys/ybweEyH27NYzFp8T+NMDZGYxAYRRhj/NGQGr04XYqaFvwT4C9kz1B2C2l4Of uzA== X-Google-Smtp-Source: AGHT+IHpXO85otaKd+k0LVF4CVKFisDTeercgU4ixevU+UUIJ0Tx7jcVkyEwl+8jlB2oryYpavN1dvJ2J/A= X-Received: from pjbqj4.prod.google.com ([2002:a17:90b:28c4:b0:2ea:839b:bb]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:35c9:b0:2ea:77d9:6345 with SMTP id 98e67ed59e1d1-2ee08ed4430mr5846693a91.22.1732757673761; Wed, 27 Nov 2024 17:34:33 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:28 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-2-seanjc@google.com> Subject: [PATCH v3 01/57] KVM: x86: Use feature_bit() to clear CONSTANT_TSC when emulating CPUID From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When clearing CONSTANT_TSC during CPUID emulation due to a Hyper-V quirk, use feature_bit() instead of SF() to ensure the bit is actually cleared. SF() evaluates to zero if the _host_ doesn't support the feature. I.e. KVM could keep the bit set if userspace advertised CONSTANT_TSC despite it not being supported in hardware. Note, translating from a scattered feature to a the hardware version is done by __feature_translate(), not SF(). The sole purpose of SF() is to check kernel support for the scattered feature, *before* translation. Cc: Vitaly Kuznetsov Signed-off-by: Sean Christopherson Reviewed-by: Vitaly Kuznetsov --- arch/x86/kvm/cpuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 097bdc022d0f..776f24408fa3 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1630,7 +1630,7 @@ bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *= ebx, *ebx &=3D ~(F(RTM) | F(HLE)); } else if (function =3D=3D 0x80000007) { if (kvm_hv_invtsc_suppressed(vcpu)) - *edx &=3D ~SF(CONSTANT_TSC); + *edx &=3D ~feature_bit(CONSTANT_TSC); } } else { *eax =3D *ebx =3D *ecx =3D *edx =3D 0; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2878022619 for ; Thu, 28 Nov 2024 01:34:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757677; cv=none; b=Si9jXFlPP5tgdj+YEkkFniClBk0Bju2g/nKPa4Sd5PMUuUq5hMAyFizsv2K9fS8TcMBDC0k5IPzgekxvfvcFWy5+aCNZBQgyaG+aGUijRMfWq62+WM8hrKXcd0kTEXBNPDt3eAKDaY/0XGhtprmDUFhuajWrXZcMKMV086nKCS4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757677; c=relaxed/simple; bh=hYeQH0cnFNph4gq4o9bmGO4zv0NeN0pKqksbk4WKQVo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=NoGHEmwMiFXJt7fKM9vX9uiLzr37crsZ5AQT3EZ39cH5zSlUBuLn2iyLzA8jC7D5Y4NVK7ftBZyEj2Ivga5GHkyXSuUBWCN38B8c1WbrUvpUz174N4NZajUAlYQbawgJIzeFXyTSYAufB2kjJkTD+R+5TciXFB/RJsj5prlQ9xY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=dHZGYmXU; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="dHZGYmXU" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2edeef8a994so387284a91.2 for ; Wed, 27 Nov 2024 17:34:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757675; x=1733362475; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=w0T1o7JOZFfzGvrXyxDf48T55kuY+CtU7N9pEQ+8xFU=; b=dHZGYmXUlg17fuDqtOqfMeqBcLMCsR5867e80+2csvlmUkPjiYleH3LPes5F669Lii bwE/D4Ya3ZMxruRs0GirjmWamMUT9hjU4la/uQNi/fI0I3U6kaQz66FEyhvRWJnyfyg/ Pxmvyfi5j8Yq6QGofaLKWm4xmAWta5iuyaTbGAtjuuwV5VyWI8cU4i5/zts4ar3Xf4/U v+6Qh7abV4P1vQK6n9f0Q7ME+qkVy2EZ9HQX54bmPIVoWbEv9uERs3dbhxQHToEBRPDM UfGdclGccaybePtKcBqpFRaOrvukus2mug45gfxxIXx7kGUHs/RtoMnaP6jimsBstbAr F3bA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757675; x=1733362475; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w0T1o7JOZFfzGvrXyxDf48T55kuY+CtU7N9pEQ+8xFU=; b=pABpezD/xzlZugJA3M3BFwdEF7+xuAD0DjzMwKl+Rx9YfrqcwQjJskXmgSJwhvVlHM y7mI+OPsHssujTJXAZI84vq/rr+82rLodZ75qLH0EgEjVypslbRxQa6GOhOn33Xn68X3 BJALRIHf1ixIYuRwMm2oZGExg6TgVjdPz8k/x/aIT5vJhtR4Qd4HjptlSWcnIMbX5RKY 4Cd8peRqhDwPkoKkEwZs7OEnpxTKJ/x/Qrx5KIvBHueveUExdIZOWpXiAIEmPc0/YXG1 yyyxq19i3fWzmc0jB3vIIdmXYN3ewXg16F6OwzhNWutHNnb3P5iM0NKJ3jtjUYriOHDJ hTkg== X-Forwarded-Encrypted: i=1; AJvYcCXJd7mb7RofcM5GASvVL1j2FROeFcyObffGAtK5ZwXTOKT6d958FbxGrerQZspqWFynT0NsoLMyL6BEnmw=@vger.kernel.org X-Gm-Message-State: AOJu0YzbLXWPX2q1tcrQdqCP1c4Ubrth8V7sQAwILVVE56zfHH5670B5 jKP+wbGWXLnonQQHcNtx4dCPHZ9BAmUDmGMIRnLWS1grC4bfkQCor+QBNxcCK4CuMi9P/2SyAtX yzQ== X-Google-Smtp-Source: AGHT+IHDd5pGSMVrB0JSh8VsrZ6k2engOzJtEji7Z7aPSZjMqbRPkWEXgFxjpCwpDi/5EAV05cqaqCdDPHU= X-Received: from pjbst14.prod.google.com ([2002:a17:90b:1fce:b0:2ea:9d23:79a0]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:164a:b0:2ea:9309:7594 with SMTP id 98e67ed59e1d1-2ee08e997e9mr6634363a91.4.1732757675429; Wed, 27 Nov 2024 17:34:35 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:29 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-3-seanjc@google.com> Subject: [PATCH v3 02/57] KVM: x86: Limit use of F() and SF() to kvm_cpu_cap_{mask,init_kvm_defined}() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Define and undefine the F() and SF() macros precisely around kvm_set_cpu_caps() to make it all but impossible to use the macros outside of kvm_cpu_cap_{mask,init_kvm_defined}(). Currently, F() is a simple passthrough, but SF() is actively dangerous as it checks that the scattered feature is supported by the host kernel. And usage outside of the aforementioned helpers will run afoul of future changes to harden KVM's CPUID management. Opportunistically switch to feature_bit() when stuffing LA57 based on raw hardware support. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 776f24408fa3..eb4b32bcfa56 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -61,15 +61,6 @@ u32 xstate_required_size(u64 xstate_bv, bool compacted) return ret; } =20 -#define F feature_bit - -/* Scattered Flag - For features that are scattered by cpufeatures.h. */ -#define SF(name) \ -({ \ - BUILD_BUG_ON(X86_FEATURE_##name >=3D MAX_CPU_FEATURES); \ - (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0); \ -}) - /* * Magic value used by KVM when querying userspace-provided CPUID entries = and * doesn't care about the CPIUD index because the index of the function in @@ -604,6 +595,15 @@ static __always_inline void kvm_cpu_cap_mask(enum cpui= d_leafs leaf, u32 mask) __kvm_cpu_cap_mask(leaf); } =20 +#define F feature_bit + +/* Scattered Flag - For features that are scattered by cpufeatures.h. */ +#define SF(name) \ +({ \ + BUILD_BUG_ON(X86_FEATURE_##name >=3D MAX_CPU_FEATURES); \ + (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0); \ +}) + void kvm_set_cpu_caps(void) { #ifdef CONFIG_X86_64 @@ -668,7 +668,7 @@ void kvm_set_cpu_caps(void) F(SGX_LC) | F(BUS_LOCK_DETECT) ); /* Set LA57 based on hardware capability. */ - if (cpuid_ecx(7) & F(LA57)) + if (cpuid_ecx(7) & feature_bit(LA57)) kvm_cpu_cap_set(X86_FEATURE_LA57); =20 /* @@ -850,6 +850,9 @@ void kvm_set_cpu_caps(void) } EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); =20 +#undef F +#undef SF + struct kvm_cpuid_array { struct kvm_cpuid_entry2 *entries; int maxnent; @@ -925,14 +928,14 @@ static int __do_cpuid_func_emulated(struct kvm_cpuid_= array *array, u32 func) ++array->nent; break; case 1: - entry->ecx =3D F(MOVBE); + entry->ecx =3D feature_bit(MOVBE); ++array->nent; break; case 7: entry->flags |=3D KVM_CPUID_FLAG_SIGNIFCANT_INDEX; entry->eax =3D 0; if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) - entry->ecx =3D F(RDPID); + entry->ecx =3D feature_bit(RDPID); ++array->nent; break; default: @@ -1082,7 +1085,7 @@ static inline int __do_cpuid_func(struct kvm_cpuid_ar= ray *array, u32 function) goto out; =20 cpuid_entry_override(entry, CPUID_D_1_EAX); - if (entry->eax & (F(XSAVES)|F(XSAVEC))) + if (entry->eax & (feature_bit(XSAVES) | feature_bit(XSAVEC))) entry->ebx =3D xstate_required_size(permitted_xcr0 | permitted_xss, true); else { @@ -1627,7 +1630,7 @@ bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *= ebx, u64 data; if (!__kvm_get_msr(vcpu, MSR_IA32_TSX_CTRL, &data, true) && (data & TSX_CTRL_CPUID_CLEAR)) - *ebx &=3D ~(F(RTM) | F(HLE)); + *ebx &=3D ~(feature_bit(RTM) | feature_bit(HLE)); } else if (function =3D=3D 0x80000007) { if (kvm_hv_invtsc_suppressed(vcpu)) *edx &=3D ~feature_bit(CONSTANT_TSC); --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F23387404E for ; Thu, 28 Nov 2024 01:34:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757679; cv=none; b=C3gZfnVX6Wamr5+APj2JDx/xA1EEFkIebHNwwT/FkyS/rTVTOOgR8fsndC11mrh7Yn71fY/idzd07XOjdM/QLq6qV0JqdHkuE/UQrFdq6X0n+cFxuTfppjnjXKsLF3HOZytNQp21bORZI9FUYY0mPOGupZ98RYbhd2XneSG1Jls= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757679; c=relaxed/simple; bh=7vVjTI1IYt9Ka0X6XGELMUcgFM1rLq1eO9TLeH2zWJQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=io58K5C203lTRY74DRsXAo1xdxY7kOPTsIKH/pe8h00Abp1l+BXZsOOIOzzxpQdfjcJrIQlrWMVQgmxOLJonsc2AyyredQsSpfn+5OLpLxA35FqZ4cgMIvyGHJTQiPtvzX4aES4+d2fS1FkOcsRkPvd5boPMwa/QnFjegZY92+o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=DtnA2cM0; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="DtnA2cM0" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-72524409ab8so363436b3a.2 for ; Wed, 27 Nov 2024 17:34:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757677; x=1733362477; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=W7i4MVUMNzTFsHNyUK39fhmabLo3cQhQ4gdIqXWZQBc=; b=DtnA2cM0EUH033fLJl81BAT1S1prxZNO05oTq8R4IEiv7Zf+7QVyQh04DAnOlg/WJn 4Pp9o9jDpnpPmcyZJOp2JqFPLt9w5cBbHwxVqKC9vVlegjtXUyZyt8u2xtgmHeEACy8H agattUT+dKx3FBMi34yNQ9Nl4RpyF5QxKjQOCYzUugyj/7TeXqtpXPszqpNaHnZyq6Wz /QEMMrntkikCLFdGfma4deCnwOCfEN6xjfX7rAQHYoX2mwUmsMax7G/6e4BHddckNOub ARuTwA4U+3oJt3QMn8cN+jwW/OVIS3WXfpxGc3NOJlK3h3119w5h9ptMI0A+ZaSkvVYy t5Bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757677; x=1733362477; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=W7i4MVUMNzTFsHNyUK39fhmabLo3cQhQ4gdIqXWZQBc=; b=TFtQI9RySIKKm9Q6gvv5eIGNg3DU1NIPFlRZzfmx0pQ4KHPJcMvBw6FbwtqMac4F1k 0PCz0BdoxROsVWtaBPAQUzE9KIMhQLNFe3RI9Aog26PJ3Wfm38auz0mlQ8LnYZGJE8ws tNVivqQeXyliRh20T9M5r+1Y1kG+kQ/SGKIy1OWO8rjVO2DRydwixZtLFQ4oMdVi7GbD 6CPCxJDMeWG0QI9CLcrGmAnpxfkWDCVvCUVAvKjzDvnjoP6cMzC7erUUiRkNLLXDs4zz zVzkyhZ+gXJ8NRJHLYAHR1EV7rjVsLv9lat0MA8NSsC93R6LuseaGyXumgOCHlF/wYin o5CA== X-Forwarded-Encrypted: i=1; AJvYcCVcVzYmsJHHmRH3ek1uH2l9uDLvQqeSgprOSjbFJzxx7oC4Vi23xKnJcY241ekcchb+aodA1oEoWvCjkcA=@vger.kernel.org X-Gm-Message-State: AOJu0YyO3vQimQfEgahppbFs4S5iD5f8RIDQwn6zJOdbDc84q7yXaE4J ZbDtjI1jFcBiJL3H33xATvvqkMrobFod5CKiyyfwG4UpGhkR9tG65tW8UKjH2RH6iusIe1oD329 4WQ== X-Google-Smtp-Source: AGHT+IGy2y8MpKFIGLJ8ugM1EARXHsNlb/10mHQIqOwMOmkAddSvnQGItxPJxpxt0LeckBq6k6OWrM3jSDs= X-Received: from pfaq7.prod.google.com ([2002:a05:6a00:a887:b0:724:ed04:1c85]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:891:b0:725:4109:5ac0 with SMTP id d2e1a72fcca58-72541095b4fmr1164009b3a.5.1732757677293; Wed, 27 Nov 2024 17:34:37 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:30 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-4-seanjc@google.com> Subject: [PATCH v3 03/57] KVM: x86: Do all post-set CPUID processing during vCPU creation From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" During vCPU creation, process KVM's default, empty CPUID as if userspace set an empty CPUID to ensure consistent and correct behavior with respect to guest CPUID. E.g. if userspace never sets guest CPUID, KVM will never configure cr4_guest_rsvd_bits, and thus create divergent, incorrect, guest- visible behavior due to letting the guest set any KVM-supported CR4 bits despite the features not being allowed per guest CPUID. Note! This changes KVM's ABI, as lack of full CPUID processing allowed userspace to stuff garbage vCPU state, e.g. userspace could set CR4 to a guest-unsupported value via KVM_SET_SREGS. But it's extremely unlikely that this is a breaking change, as KVM already has many flows that require userspace to set guest CPUID before loading vCPU state. E.g. multiple MSR flows consult guest CPUID on host writes, and KVM_SET_SREGS itself already relies on guest CPUID being up-to-date, as KVM's validity check on CR3 consumes CPUID.0x7.1 (for LAM) and CPUID.0x80000008 (for MAXPHYADDR). Furthermore, the plan is to commit to enforcing guest CPUID for userspace writes to MSRs, at which point bypassing sregs CPUID checks is even more nonsensical. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/cpuid.h | 1 + arch/x86/kvm/x86.c | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index eb4b32bcfa56..b9ad07e24160 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -338,7 +338,7 @@ static bool guest_cpuid_is_amd_or_hygon(struct kvm_vcpu= *vcpu) is_guest_vendor_hygon(entry->ebx, entry->ecx, entry->edx); } =20 -static void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) +void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic =3D vcpu->arch.apic; struct kvm_cpuid_entry2 *best; diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index c8dc66eddefd..e51b868e9d36 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -10,6 +10,7 @@ extern u32 kvm_cpu_caps[NR_KVM_CPU_CAPS] __read_mostly; void kvm_set_cpu_caps(void); =20 +void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu); void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu); void kvm_update_pv_runtime(struct kvm_vcpu *vcpu); struct kvm_cpuid_entry2 *kvm_find_cpuid_entry_index(struct kvm_vcpu *vcpu, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 2e713480933a..ca9b0a00cbcc 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12301,6 +12301,7 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) =20 kvm_xen_init_vcpu(vcpu); vcpu_load(vcpu); + kvm_vcpu_after_set_cpuid(vcpu); kvm_set_tsc_khz(vcpu, vcpu->kvm->arch.default_tsc_khz); kvm_vcpu_reset(vcpu, false); kvm_init_mmu(vcpu); --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DBF9126BF9 for ; Thu, 28 Nov 2024 01:34:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757681; cv=none; b=Vo93vhh//M7hA3lAunNL4wuSTo/nGhQ8vUmMJ7raVzVlt6NO43ntxaCpzCE+12I/HF3gBQhmu+xE3zwnBwhKYRgqjtNi+6psH0YOnJ/vPihSE/zydbXS0nVkpx9cDvbyA9D3ZBb0I7/UO8NmGfr2q2l7q9qtdd2Ah4j6AOcqYi0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757681; c=relaxed/simple; bh=xkgHLYKOgc9UOjDkFsxZNP4UICj4tKyQOB3cA2N7sag=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=R2FGUt8NhzYpLhpbpBSH5cgqqWMPDm13aKAapZXMYRpCwVdVR8nCKIjHrLDONc+IXtcVMfNMoTykeQl5EbmsabasELnthfMEHDPLJFbfKvU6OlLJdHisEtXmxjcW6YPv6wTPH3XrxTkdGcyb4oRmWnJQcBBZiB/Bx6gFUx4iDLM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sLkVuo8i; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sLkVuo8i" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2edba08c89bso388361a91.1 for ; Wed, 27 Nov 2024 17:34:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757679; x=1733362479; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=63aSip+cazQDf8K6M+lsqKQSUHfXVn0zrx6IJYV6OTo=; b=sLkVuo8i5Q4B5VLb2cTXJTIdk3JQGUGYxMhf9Yc1zQiPTG/k1YGrJDXipePSDT8ZJ4 oPkD2+8l+vlmopaG01wobMdLbOdUA6avTOttz+Ee8GZodI5m67lddPQllQjZ2I37tn2k 3PYhOrzEFQVeCNdsa4bk0+sKKDEApVS3CNlL9JKfC6JTmoAC8VVgm8neXg91ojAu7sgn FIKs513b0N25iiQPEjm3WZucrSWTcWqvfEFd99pBWcNwkUnC4EqqxHf4IBVbVZ+fgHvp LREcvQ5Dta5/OqbPJrdZ2PaOJLb8S/LM/td+tHkjvixmFFGjn6I7i8Zutr6UbDEoGxvL dEWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757679; x=1733362479; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=63aSip+cazQDf8K6M+lsqKQSUHfXVn0zrx6IJYV6OTo=; b=CWdKz1Qq+hPe4BBfcnc/8PwKRyYx+WGzLLXHSopgMULZu6xvDqBLf9baqQTB8tsHwk exv6TYATvaC82QPWfmVMLQ/9wWO7wHxW9YSsGbX1jkolBws7hUQCWSbCZ4FWIOkGcvBW jgcRtmTEdiydkMHdevrxyrUlXDZsXH5Iyr0jdF13lj6lmU1M6hbgpcLYMySN+75bwznb HXGSAnmvg2oqLVqdoWCieowxAmBKIzIQ38eqHlTDDuLQckx2M/VMx7tujgOZGqlV5Jyj y2I9nXnv1+dhwwq66Bhq0x9wMn2h+eSgE6fQHCIlBwfyya4+UDq5taVdhyyhXmLJNly6 BjAA== X-Forwarded-Encrypted: i=1; AJvYcCXLVsGNGaJT68MyPua9BOkkWiltZyxG2Wqw7cHXBbfl3t7wVszl/YpbxobgQZ2RPVrCybpCLFKr5aVJZ2U=@vger.kernel.org X-Gm-Message-State: AOJu0YzQSqiHvGXwkjLxYHeSlAcqzvHz0O/cIyzU/aaqnnN9nd1SAej3 +C8zerz7XCDHV0s+XhLCSBWC2CxuuSPhMxhQHOvxBgFyALUbpRJTQPpoydO0pDGuX1z7bnaOJYa Hxw== X-Google-Smtp-Source: AGHT+IHAKYyva2OQ2qZQzRH4TY78SgPHtJqed37fmibnibVOLNekS1q+MnqBaVU8gqhPocMC9s980/Kf1V4= X-Received: from pjd6.prod.google.com ([2002:a17:90b:54c6:b0:2ea:7174:2101]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3c42:b0:2ea:4480:e3e5 with SMTP id 98e67ed59e1d1-2ee08ed4488mr5835622a91.22.1732757679026; Wed, 27 Nov 2024 17:34:39 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:31 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-5-seanjc@google.com> Subject: [PATCH v3 04/57] KVM: x86: Explicitly do runtime CPUID updates "after" initial setup From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Explicitly perform runtime CPUID adjustments as part of the "after set CPUID" flow to guard against bugs where KVM consumes stale vCPU/CPUID state during kvm_update_cpuid_runtime(). E.g. see commit 4736d85f0d18 ("KVM: x86: Use actual kvm_cpuid.base for clearing KVM_FEATURE_PV_UNHALT"). Whacking each mole individually is not sustainable or robust, e.g. while the aforemention commit fixed KVM's PV features, the same issue lurks for Xen and Hyper-V features, Xen and Hyper-V simply don't have any runtime features (though spoiler alert, neither should KVM). Updating runtime features in the "full" path will also simplify adding a snapshot of the guest's capabilities, i.e. of caching the intersection of guest CPUID and kvm_cpu_caps (modulo a few edge cases). Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index b9ad07e24160..1944f9415672 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -157,6 +157,9 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu, return fpu_enable_guest_xfd_features(&vcpu->arch.guest_fpu, xfeatures); } =20 +static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_c= puid_entry2 *entries, + int nent); + /* Check whether the supplied CPUID data is equal to what is already set f= or the vCPU. */ static int kvm_cpuid_check_equal(struct kvm_vcpu *vcpu, struct kvm_cpuid_e= ntry2 *e2, int nent) @@ -164,6 +167,17 @@ static int kvm_cpuid_check_equal(struct kvm_vcpu *vcpu= , struct kvm_cpuid_entry2 struct kvm_cpuid_entry2 *orig; int i; =20 + /* + * Apply runtime CPUID updates to the incoming CPUID entries to avoid + * false positives due mismatches on KVM-owned feature flags. Note, + * runtime CPUID updates may consume other CPUID-driven vCPU state, + * e.g. KVM or Xen CPUID bases. Updating runtime state before full + * CPUID processing is functionally correct only because any change in + * CPUID is disallowed, i.e. using stale data is ok because the below + * checks will reject the change. + */ + __kvm_update_cpuid_runtime(vcpu, e2, nent); + if (nent !=3D vcpu->arch.cpuid_nent) return -EINVAL; =20 @@ -348,6 +362,8 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) bitmap_zero(vcpu->arch.governed_features.enabled, KVM_MAX_NR_GOVERNED_FEATURES); =20 + kvm_update_cpuid_runtime(vcpu); + /* * If TDP is enabled, let the guest use GBPAGES if they're supported in * hardware. The hardware page walker doesn't let KVM disable GBPAGES, @@ -429,8 +445,6 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct = kvm_cpuid_entry2 *e2, { int r; =20 - __kvm_update_cpuid_runtime(vcpu, e2, nent); - /* * KVM does not correctly handle changing guest CPUID after KVM_RUN, as * MAXPHYADDR, GBPAGES support, AMD reserved bit behavior, etc.. aren't --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64C9513B780 for ; Thu, 28 Nov 2024 01:34:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757683; cv=none; b=LDsylOHFCbc/BTYikA/a7rOqD52FhX7A0l3UKd7ujnAUahR4fP2BFc5Wx4WI5JKBDm1//keQBO33N29dkR/qw/0mi63uXB9g2olB5G5bVHR7B79jjeeXrQL80XkXyQoHeaVBzETheMmuMjwzVdp87TJG2XkvICvzUypoYspR2pU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757683; c=relaxed/simple; bh=0JfgxpdrupIaRnl7kC2dOFPwCk6+xhe6f1i1SPh5VQc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=LIoh94UOLT57hLoJMtJy6v5A7IphbP7MkJgXtIeRmQ5CGABlmLCyZBgZXPpHT8hmnWONApDICv1ZF/lM1TaoA/sibVYu4Klxs8XQRDKJpO561HjjSJkO5Va5iKIZT4Ank8uT1tQdU6CzsNl5glUYiXfV+zz17OSbsch2me4Ne2M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=B+1ZUj7n; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="B+1ZUj7n" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-7f71e2fc065so254831a12.3 for ; Wed, 27 Nov 2024 17:34:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757681; x=1733362481; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=jXmvhxEmqHLmptmFrlYapwE2GXQS0ioWcRCpjRVCiP4=; b=B+1ZUj7nxYcQPdPxX6cIe8EQZmv3QiuKpXyoF7gQ7jOPhRJpJQcFUAIjjeX0prayIJ LYPOanroS7dG26Wz/p7NKGz228o8PgyyrhRYOHvy/efs4oeqg5e1E6FcntQDmpzsOzFZ Quy/9m5jzpRO6drQ0TzB0/7IAWrMjLOydXfeFXFETlyEKpiUvwVR/6ZFZkRXrKTkkVdb 4wRYXrTfMLRVZrwVbn1hpLCbY4JKyvrjhydHaeNDAVt7AYrnWv2djd4qtU02mIjmOLSZ iIh5zRYyGKopORv1OL7GYdirYgzEH1oz50wNBXWSg9MFdRNnqEeCxSve1g6Wz61QlBc1 roGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757681; x=1733362481; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jXmvhxEmqHLmptmFrlYapwE2GXQS0ioWcRCpjRVCiP4=; b=nMNKtcC/Aeo1c0HffYbwx3jfB1GWXmV6r6sLelMG/jbOmveIEy8yDrN4nyWHGmSDc7 0GX6pqbthsgo+bEKlaHBlORRAxxS1duQLAcUmIFsuqWrj7K03JJT5XkYs6DJ6E+vM0rm 6csJlxMtQzAsaJg5SvZZ8Znq5iK1VmxwhWl71iJs1k43miwRFVXdFbH3Tt+aIJvgo6ai xDw8YghVW8n0BpN+gP0XfdhMp3vS3pINvAO8/Ymmods8s7h3bKHWP5BT9XyTi9z5j0Dx YjeDFhRX1Hb56sLgYJONwZ7R0OXsnNd24t0cK/nOgBaWjFYFmlPL4hjKod+onPjk+BQi r4Xg== X-Forwarded-Encrypted: i=1; AJvYcCXo3DUbGa/V9IL7wyvwvNSro1AoocYWVuY+Nn3TEHWjZHTSonk+PmfynYcLNYRvM+M72FaSXtLwNQTKL2Y=@vger.kernel.org X-Gm-Message-State: AOJu0Ywpfr0uXGW8jexZjB8pnivypqpjtAao14DZ6EhsqcgZ+1GlnnI9 9QGWWTVb++efE+d+4LK9KaRngwt9cCq79YtmxpERadCORRDhgnPVXO/f1Rw9T24Zb3i7pGrvIJ/ 8Nw== X-Google-Smtp-Source: AGHT+IFQhFinpFVGMQCaQ+dyl10TAppaguaY+VdZfxJxAIk1wFY127FX/WZeqzKczEacxeO44YgSxWQsq5s= X-Received: from pgbcv2.prod.google.com ([2002:a05:6a02:4202:b0:7fb:dc15:be43]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:39a:b0:1e0:c3bf:7909 with SMTP id adf61e73a8af0-1e0e0b8d0ecmr7963436637.41.1732757680762; Wed, 27 Nov 2024 17:34:40 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:32 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-6-seanjc@google.com> Subject: [PATCH v3 05/57] KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop x86.c's local pre-computed cr4_reserved bits and instead fold KVM's reserved bits into the guest's reserved bits. This fixes a bug where VMX's set_cr4_guest_host_mask() fails to account for KVM-reserved bits when deciding which bits can be passed through to the guest. In most cases, letting the guest directly write reserved CR4 bits is ok, i.e. attempting to set the bit(s) will still #GP, but not if a feature is available in hardware but explicitly disabled by the host, e.g. if FSGSBASE support is disabled via "nofsgsbase". Note, the extra overhead of computing host reserved bits every time userspace sets guest CPUID is negligible. The feature bits that are queried are packed nicely into a handful of words, and so checking and setting each reserved bit costs in the neighborhood of ~5 cycles, i.e. the total cost will be in the noise even if the number of checked CR4 bits doubles over the next few years. In other words, x86 will run out of CR4 bits long before the overhead becomes problematic. Note #2, __cr4_reserved_bits() starts from CR4_RESERVED_BITS, which is why the existing __kvm_cpu_cap_has() processing doesn't explicitly OR in CR4_RESERVED_BITS (and why the new code doesn't do so either). Fixes: 2ed41aa631fc ("KVM: VMX: Intercept guest reserved CR4 bits to inject= #GP fault") Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson Reviewed-by: Chao Gao --- arch/x86/kvm/cpuid.c | 7 +++++-- arch/x86/kvm/x86.c | 9 --------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 1944f9415672..27919c8f438b 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -400,8 +400,11 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vcpu->arch.reserved_gpa_bits =3D kvm_vcpu_reserved_gpa_bits_raw(vcpu); =20 kvm_pmu_refresh(vcpu); - vcpu->arch.cr4_guest_rsvd_bits =3D - __cr4_reserved_bits(guest_cpuid_has, vcpu); + +#define __kvm_cpu_cap_has(UNUSED_, f) kvm_cpu_cap_has(f) + vcpu->arch.cr4_guest_rsvd_bits =3D __cr4_reserved_bits(__kvm_cpu_cap_has,= UNUSED_) | + __cr4_reserved_bits(guest_cpuid_has, vcpu); +#undef __kvm_cpu_cap_has =20 kvm_hv_set_cpuid(vcpu, kvm_cpuid_has_hyperv(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent)); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ca9b0a00cbcc..5288d53fef5c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -119,8 +119,6 @@ u64 __read_mostly efer_reserved_bits =3D ~((u64)(EFER_S= CE | EFER_LME | EFER_LMA)); static u64 __read_mostly efer_reserved_bits =3D ~((u64)EFER_SCE); #endif =20 -static u64 __read_mostly cr4_reserved_bits =3D CR4_RESERVED_BITS; - #define KVM_EXIT_HYPERCALL_VALID_MASK (1 << KVM_HC_MAP_GPA_RANGE) =20 #define KVM_CAP_PMU_VALID_MASK KVM_PMU_CAP_DISABLE @@ -1285,9 +1283,6 @@ EXPORT_SYMBOL_GPL(kvm_emulate_xsetbv); =20 bool __kvm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) { - if (cr4 & cr4_reserved_bits) - return false; - if (cr4 & vcpu->arch.cr4_guest_rsvd_bits) return false; =20 @@ -9773,10 +9768,6 @@ int kvm_x86_vendor_init(struct kvm_x86_init_ops *ops) if (!kvm_cpu_cap_has(X86_FEATURE_XSAVES)) kvm_caps.supported_xss =3D 0; =20 -#define __kvm_cpu_cap_has(UNUSED_, f) kvm_cpu_cap_has(f) - cr4_reserved_bits =3D __cr4_reserved_bits(__kvm_cpu_cap_has, UNUSED_); -#undef __kvm_cpu_cap_has - if (kvm_caps.has_tsc_control) { /* * Make sure the user can only configure tsc_khz values that --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 451FF13CA9C for ; Thu, 28 Nov 2024 01:34:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757684; cv=none; b=pjqVMgzz++xhqzj2yciaYHbmFvoeWFK6sSO076klEuUjljR81b4rVuAqiVqAqiopeX3h6ZKA1lOaPvHG/812QNaektvq05F8Ajlx33Q0CAxkzeUkqbUF3kJGbr1Fh/iYlNHkEyo1zEbe0kWjOUwOptQ02nIlkwq1DQ5biZaJrqw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757684; c=relaxed/simple; bh=QJc+FEzXVeCAxPo80C8wrYU7+g82FcSuNFBiAoHtEhk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=WGX83dmwfeqK0I8j61rDXKLQjzug8hbc5eggh4Mu6QV6p1yzUoYJufs038B5S+KAMaP5F+/wlm3WH4xpZBFzJA03zE+bBeDWvP2rT6L/w9ahskVwPZ8fhUKkHpU1vD8lQgOJt08CwyYrMDYMTR+yM48N9my8R67okiKhJGg1SfY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=tUNwZTqV; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tUNwZTqV" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea50564395so1192739a91.0 for ; Wed, 27 Nov 2024 17:34:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757682; x=1733362482; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=MtJpTug2Xv1CVCtWJOgvfGfe/Mgf3AkZEgip1AXL4x0=; b=tUNwZTqVryPRkUDCMbJBYqxEe3MWO1vfkYjm4TOPzxEYsx47Dy624jNTjAWvOp4eWT KXtlEkEXBPwYB/GLB9mpRsGIRLJn3bECDtYki5HP9zP08FHuh659jnFZKfBKLohU23wQ 7bHXRAIDVdlGxk8xOpvqjbc6LArRY8eQygLXMbMOhkqcl2G8NUp0TWVInT/BnWXzq+QH 4b8rnKriLhjRD2uogCG4lvm4GtkQ99CGpcbkGcEvvpkgkSQ6ThnkMY9dBLEjUjxY/u3T AUi6sNjEwkU8mf50yM2StY/fIMCxjbzcBKqOhscFbDHVqWICfvB3Y/DqXhIcu6KSUjNM Z53g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757682; x=1733362482; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MtJpTug2Xv1CVCtWJOgvfGfe/Mgf3AkZEgip1AXL4x0=; b=EWoUKQcDfy+6v4im9B9GuJIIncFqmBf0fkqjpJpo87gnTxt0D8U0Va2zY4ErtxSMZP MQwYV6hhV2bVXooFopKNXRJE95z2hDMY2ly8kfnr9TVi6+GanF3bRxzxvd5j4xzNGONp g3/5ptaBk23vEXS550QzBXk+LUmqwgZ9T9K2VF2mhMmuYCvz9vSxQ7592jxDyQq51Qyp XWvGnhSWbmzwD2N/eSN07mEvPe2x/XmKmFmto/O0dfHyeh7Oijz0vx1yRZGtSBdXnKbh Zckl5RlNhADGB6vsulcWJFUpfj2cb2zQmxBF/Iw3RW1Mc6IIorB+hHXsRLRmP9yilGRE swmw== X-Forwarded-Encrypted: i=1; AJvYcCXboObPsjpxsgdpVw8+Iym+2vCX0Rs9PE19b0ei71BwdLtf+az0fJ//95ygw6nYVe6wJYU3kQbEUR8HBJA=@vger.kernel.org X-Gm-Message-State: AOJu0YxRj/GnAqZneIv63vTM+5dvkg2G1CGjgq3scz5WqEOQaCxu1ACb 7jalV/YhsA7AgpJbIVYp7DSfBRRO8oLN0f//oOo8BqayC5a1stvdw1wD+x4ufbRzlf8NWFohKx+ DQQ== X-Google-Smtp-Source: AGHT+IHs7YMO6bnbVTaHRci57mi0tZOsttWoO6yiCS1Zz6KI6+CuHBTdK+Spdw0gap5+9ulrrnY3jmx4M90= X-Received: from pjbst14.prod.google.com ([2002:a17:90b:1fce:b0:2ea:9d23:79a0]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3ec3:b0:2ee:2ce7:7996 with SMTP id 98e67ed59e1d1-2ee2ce77d98mr718912a91.17.1732757682565; Wed, 27 Nov 2024 17:34:42 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:33 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-7-seanjc@google.com> Subject: [PATCH v3 06/57] KVM: selftests: Update x86's set_sregs_test to match KVM's CPUID enforcement From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rework x86's set sregs test to verify that KVM enforces CPUID vs. CR4 features even if userspace hasn't explicitly set guest CPUID. KVM used to allow userspace to set any KVM-supported CR4 value prior to KVM_SET_CPUID2, and the test verified that behavior. However, the testcase was written purely to verify KVM's existing behavior, i.e. was NOT written to match the needs of real world VMMs. Opportunistically verify that KVM continues to reject unsupported features after KVM_SET_CPUID2 (using KVM_GET_SUPPORTED_CPUID). Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- .../selftests/kvm/x86_64/set_sregs_test.c | 53 +++++++++++-------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/set_sregs_test.c b/tools/te= sting/selftests/kvm/x86_64/set_sregs_test.c index c021c0795a96..96fd690d479a 100644 --- a/tools/testing/selftests/kvm/x86_64/set_sregs_test.c +++ b/tools/testing/selftests/kvm/x86_64/set_sregs_test.c @@ -41,13 +41,15 @@ do { \ TEST_ASSERT(!memcmp(&new, &orig, sizeof(new)), "KVM modified sregs"); \ } while (0) =20 +#define KVM_ALWAYS_ALLOWED_CR4 (X86_CR4_VME | X86_CR4_PVI | X86_CR4_TSD | \ + X86_CR4_DE | X86_CR4_PSE | X86_CR4_PAE | \ + X86_CR4_MCE | X86_CR4_PGE | X86_CR4_PCE | \ + X86_CR4_OSFXSR | X86_CR4_OSXMMEXCPT) + static uint64_t calc_supported_cr4_feature_bits(void) { - uint64_t cr4; + uint64_t cr4 =3D KVM_ALWAYS_ALLOWED_CR4; =20 - cr4 =3D X86_CR4_VME | X86_CR4_PVI | X86_CR4_TSD | X86_CR4_DE | - X86_CR4_PSE | X86_CR4_PAE | X86_CR4_MCE | X86_CR4_PGE | - X86_CR4_PCE | X86_CR4_OSFXSR | X86_CR4_OSXMMEXCPT; if (kvm_cpu_has(X86_FEATURE_UMIP)) cr4 |=3D X86_CR4_UMIP; if (kvm_cpu_has(X86_FEATURE_LA57)) @@ -72,28 +74,14 @@ static uint64_t calc_supported_cr4_feature_bits(void) return cr4; } =20 -int main(int argc, char *argv[]) +static void test_cr_bits(struct kvm_vcpu *vcpu, uint64_t cr4) { struct kvm_sregs sregs; - struct kvm_vcpu *vcpu; - struct kvm_vm *vm; - uint64_t cr4; int rc, i; =20 - /* - * Create a dummy VM, specifically to avoid doing KVM_SET_CPUID2, and - * use it to verify all supported CR4 bits can be set prior to defining - * the vCPU model, i.e. without doing KVM_SET_CPUID2. - */ - vm =3D vm_create_barebones(); - vcpu =3D __vm_vcpu_add(vm, 0); - vcpu_sregs_get(vcpu, &sregs); - - sregs.cr0 =3D 0; - sregs.cr4 |=3D calc_supported_cr4_feature_bits(); - cr4 =3D sregs.cr4; - + sregs.cr0 &=3D ~(X86_CR0_CD | X86_CR0_NW); + sregs.cr4 |=3D cr4; rc =3D _vcpu_sregs_set(vcpu, &sregs); TEST_ASSERT(!rc, "Failed to set supported CR4 bits (0x%lx)", cr4); =20 @@ -101,7 +89,6 @@ int main(int argc, char *argv[]) TEST_ASSERT(sregs.cr4 =3D=3D cr4, "sregs.CR4 (0x%llx) !=3D CR4 (0x%lx)", sregs.cr4, cr4); =20 - /* Verify all unsupported features are rejected by KVM. */ TEST_INVALID_CR_BIT(vcpu, cr4, sregs, X86_CR4_UMIP); TEST_INVALID_CR_BIT(vcpu, cr4, sregs, X86_CR4_LA57); TEST_INVALID_CR_BIT(vcpu, cr4, sregs, X86_CR4_VMXE); @@ -119,10 +106,28 @@ int main(int argc, char *argv[]) /* NW without CD is illegal, as is PG without PE. */ TEST_INVALID_CR_BIT(vcpu, cr0, sregs, X86_CR0_NW); TEST_INVALID_CR_BIT(vcpu, cr0, sregs, X86_CR0_PG); +} =20 +int main(int argc, char *argv[]) +{ + struct kvm_sregs sregs; + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + int rc; + + /* + * Create a dummy VM, specifically to avoid doing KVM_SET_CPUID2, and + * use it to verify KVM enforces guest CPUID even if *userspace* never + * sets CPUID. + */ + vm =3D vm_create_barebones(); + vcpu =3D __vm_vcpu_add(vm, 0); + test_cr_bits(vcpu, KVM_ALWAYS_ALLOWED_CR4); kvm_vm_free(vm); =20 - /* Create a "real" VM and verify APIC_BASE can be set. */ + /* Create a "real" VM with a fully populated guest CPUID and verify + * APIC_BASE and all supported CR4 can be set. + */ vm =3D vm_create_with_one_vcpu(&vcpu, NULL); =20 vcpu_sregs_get(vcpu, &sregs); @@ -135,6 +140,8 @@ int main(int argc, char *argv[]) TEST_ASSERT(!rc, "Couldn't set IA32_APIC_BASE to %llx (valid)", sregs.apic_base); =20 + test_cr_bits(vcpu, calc_supported_cr4_feature_bits()); + kvm_vm_free(vm); =20 return 0; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 12AEC13F42F for ; Thu, 28 Nov 2024 01:34:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757686; cv=none; b=n75gFdklMTDSjoVVPtAhD4sJ5dSHrJlQ49rpjQzYoBWPBtNd6+TmLp64faaW/rPUdrs/qxx0U7EKBg5JZj+0s4HAXmqq+fSUxHhhcpI1Ik3ArGzWqlfMl0Sx9gGXDluE6K8uqKZ8V3YVLOXj3Yc9ZKHj5r2i40Unj+MH5YtFF7s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757686; c=relaxed/simple; bh=SfTqWTXa8BKoYVN/v8dEJW0W+ZanJ5NwKZHbFFSkXUA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QoGyA7hHyfDoR7nsFiAWeedDiiM4gDMKx3qK6WOGjGznevpCCDNdQ+tMY6nUzMh5rF+xj1nQCsWQT+FIH41L+8xd1OhHnrTXKc0+e34/FK7STwgejkLlrZZFpvyHR6ZvrsdFjjNxf7xRne69dGv+xFOYQzpuC5Fq6LMne9gp0DI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2aUZ6RFw; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2aUZ6RFw" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea3c9178f6so359429a91.1 for ; Wed, 27 Nov 2024 17:34:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757684; x=1733362484; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=G70La0fxRWvS7O6Qk47ARCLzL+vhxpEYYaoXHV45TwU=; b=2aUZ6RFwCXBMpKeUusYBJ01/e2fzpimey+Hqxktx3CGpqbqOfYjq4wK9OjZY+HaTDU LyAETmWV89bGrzV0kq+PoSREPh0jUpTickq2K8qnTzHJVNgzMrIEjXFzWF5ogVP1d/T1 SYTdC0kRjpjKlhFAcCfI7kIVUv8c7faxEAxgn2qwhZlPd0UC0oCiRw4rv1bPK3uu9gh+ XWLsXAMhY7fBgExwQ43j3+rLVpOqdaDS2OEfPP90H+Ye6ZrYsqBtvHXsb3ozeHhYQYUU HRAwFoPImLMwS/YLnCwDH+rNsC+N7EbkY8rrfVh2lJD6438a28foNFNCpE6fyt0HSSf3 auvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757684; x=1733362484; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=G70La0fxRWvS7O6Qk47ARCLzL+vhxpEYYaoXHV45TwU=; b=ffHlQ7+3O2X6537oyQJlAUCCepiQiLMIHi+WWwSFHuXrPTDCXNot6qWAp2oM82ROyG n5Juw1350FdnN2mkfSTdMFpZlms6F8bfVQ3LuWWWlh2yI+GQX/pb7DS5Hxdg7HU9/j2M 2Udok0QAsWWidKpVP76bvSyOt5gupU7QrnmC3kqq0V4N5s1IK4tdbiohDxzHPaM50V6D GQLZpyYJvQ/X6QcYdkcD+0Go35K6SwiAyxPOmtoeeerCDf9QGLYjkS7xppADoZY+P8oD 1PX4yFHVup2UOCFrfEJX3u/uifmVvFJFpszsQ+3CAMUAV8rwBPJYgxmqc4r4+T1RSVcZ 7iAA== X-Forwarded-Encrypted: i=1; AJvYcCXELFWRj7qyaUzkYOzizcloOh+43mb163bWjpe/vQXrCH9e52G4/0BWxMwxYp4rekCWrKE0RznsBpJYNek=@vger.kernel.org X-Gm-Message-State: AOJu0YwX/vBOVpxcxDE1o/X8fzOmUNwrWy9RIEVyj7LNnsmYnc7CFGOK rj7BunxkXtccuK0rUotF/tb/tDI8c5BvpTHJSA7qTB6iSsryhbHF6o9/gaaroYopDX20Rv2AeN4 omA== X-Google-Smtp-Source: AGHT+IFToGV0nK6Lp298fFzAmw75HCs6XdDNudr1ZEVggFnYIEoMGXjFW2pcMaufdLz9kGjCHOkick7/ql4= X-Received: from pjbqn14.prod.google.com ([2002:a17:90b:3d4e:b0:2ea:83a6:9386]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4b8e:b0:2ea:8fee:508d with SMTP id 98e67ed59e1d1-2ee097bf308mr6780563a91.30.1732757684358; Wed, 27 Nov 2024 17:34:44 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:34 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-8-seanjc@google.com> Subject: [PATCH v3 07/57] KVM: selftests: Assert that vcpu->cpuid is non-NULL when getting CPUID entries From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a sanity check in __vcpu_get_cpuid_entry() to provide a friendlier error than a segfault when a test developer tries to use a vCPU CPUID helper on a barebones vCPU. Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/include/x86_64/processor.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools= /testing/selftests/kvm/include/x86_64/processor.h index 645200e95f89..bdc121ed4ce5 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -1016,6 +1016,8 @@ static inline struct kvm_cpuid_entry2 *__vcpu_get_cpu= id_entry(struct kvm_vcpu *v uint32_t function, uint32_t index) { + TEST_ASSERT(vcpu->cpuid, "Must do vcpu_init_cpuid() first (or equivalent)= "); + return (struct kvm_cpuid_entry2 *)get_cpuid_entry(vcpu->cpuid, function, index); } --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-oi1-f201.google.com (mail-oi1-f201.google.com [209.85.167.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF5E7146000 for ; Thu, 28 Nov 2024 01:34:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757689; cv=none; b=LhBFRRHkAKr7+Xc9Plt6HhbeA+uTMUtZHjhQytkJNgE90bwIe1cJxd3CrIAQS5ihAbsY/4snPvTOEUyyYcHk2M379wrKVOfqA4aazOiEzEm32s9IOzQy4h5PdYRTxR0Q8VZ155VgA+jwjNSnnQ/AdUSEDDIVjyj1ODaQLwIl/4A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757689; c=relaxed/simple; bh=IP6FeP/Qfbs9O9vKDhVKY/b0iY7igzrnofl4+537Dgc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=l7LcbvlACnT8lEfcluizGPiKvQ7YiD3ek41GhKMUDomXQDQFjBykKAbdYlpLtBam3imJLB2p/fwr3mvFdSQJUR77nYFOAm1A7U18EzWf1PcQh2ywWilZ4o2fBurcqts4uu6YcjCXat6fZaI8r5QBsSnm87RuM8nPmRYbHos0du0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=LjO9f2eg; arc=none smtp.client-ip=209.85.167.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LjO9f2eg" Received: by mail-oi1-f201.google.com with SMTP id 5614622812f47-3ea4bb4dcf5so279078b6e.3 for ; Wed, 27 Nov 2024 17:34:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757686; x=1733362486; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=TLrHqJ9mSX1ha7KdGJRhsd7odpGUfb16Qtx4XvpSUvg=; b=LjO9f2eg5wUPakoRfewmqrFUq6KLKizCSqUEExvqGPnThzMAG2xHFmlDoNx1BnXHos KfdoZwGhBhRbAmUExFmMopu5u8sBDxKVjwHOLcxmEgNA2EnNyWcQQlBhpCDttnMaK1Ty nKCSQR/EXm3tMaa/vquCCuR76hIHS9tbXZtxItI6482/L6NXKtI+lT7XRdNnn1NFCoD1 PH1WNP7UWCetJpUvfHM6hHSNl5qiNgGKY5YUpmmKxLpC+pZvUfHjYmaaF60zmfc8RMbw lj35k96JvZ5sBwBKZnR/DEpuNczJ1r00SdmaMx4rw6icIbIu3ALVrPoJ66aRE+Q89KEH ZP0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757686; x=1733362486; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TLrHqJ9mSX1ha7KdGJRhsd7odpGUfb16Qtx4XvpSUvg=; b=oC+OX92coxcQia4vmx4y423350qIZRrkCwPUxERXa/DHqxGGZyw5raGeIVa4dY+hcv ccauQwGJBqHPSSIhtWhY+MxF3A4xXAAXA45g/ua3B+JjYdDneW52DlOlKRyqPVqxiY3Y Y8iIAk0OHHdd2ClIXrawKw/rnNJOCewUI5bNkbc67oXnpouq1v64uQtIqMWVwI7wEolm mdbGXtdM5BRhJ+FHXIsxwYmwmANc1iQkaE7tuSylbShVbVpdKT+QSLZEmcGdfbDt5iOm 9tB1Rcyc2nivCOZZV/yXB/fS1pVo2v+dPupJvQuHQ2qWdKLvIc/btYPiU7FKdOa22xkp LUaw== X-Forwarded-Encrypted: i=1; AJvYcCWgmOmEU4wFrXc6Que9Q1yMRPGdr6luDGXU+goBT3TPD+DNU7qYxcCB/1JCAWMcOj0veBjyilUCrYn8fDk=@vger.kernel.org X-Gm-Message-State: AOJu0YzAGVsR43ciSeInzxsTjXBzV64VtE+1bOUpSy/QicgLMFe/AzPH PGBN3WmKJ/5niuzN+Uiqn5OfWELT8YuxsNRYeySr6LTtSjMRiQPzoxZLTaKqplfRe36Dp+GTS5k C1A== X-Google-Smtp-Source: AGHT+IESYf1Xyb6kiu6qaapevmHMlzjJhf6SnFuIJKZSplm0ut8EdBE9r/Jj1NvLogghKzziZST+VWuQPvc= X-Received: from pgbfe8.prod.google.com ([2002:a05:6a02:2888:b0:7fc:2ad4:6ecb]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6808:18a5:b0:3ea:556e:480d with SMTP id 5614622812f47-3ea6dd9c817mr5179869b6e.38.1732757686193; Wed, 27 Nov 2024 17:34:46 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:35 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-9-seanjc@google.com> Subject: [PATCH v3 08/57] KVM: selftests: Refresh vCPU CPUID cache in __vcpu_get_cpuid_entry() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Refresh selftests' CPUID cache in the vCPU structure when querying a CPUID entry so that tests don't consume stale data when KVM modifies CPUID as a side effect to a completely unrelated change. E.g. KVM adjusts OSXSAVE in response to CR4.OSXSAVE changes. Unnecessarily invoking KVM_GET_CPUID is suboptimal, but vcpu->cpuid exists to simplify selftests development, not for performance reasons. And, unfortunately, trying to handle the side effects in tests or other flows is unpleasant, e.g. selftests could manually refresh if KVM_SET_SREGS is successful, but that would still leave a gap with respect to guest CR4 changes. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- .../selftests/kvm/include/x86_64/processor.h | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools= /testing/selftests/kvm/include/x86_64/processor.h index bdc121ed4ce5..7d1ab2d2ddbb 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -1012,12 +1012,19 @@ static inline struct kvm_cpuid2 *allocate_kvm_cpuid= 2(int nr_entries) =20 void vcpu_init_cpuid(struct kvm_vcpu *vcpu, const struct kvm_cpuid2 *cpuid= ); =20 +static inline void vcpu_get_cpuid(struct kvm_vcpu *vcpu) +{ + vcpu_ioctl(vcpu, KVM_GET_CPUID2, vcpu->cpuid); +} + static inline struct kvm_cpuid_entry2 *__vcpu_get_cpuid_entry(struct kvm_v= cpu *vcpu, uint32_t function, uint32_t index) { TEST_ASSERT(vcpu->cpuid, "Must do vcpu_init_cpuid() first (or equivalent)= "); =20 + vcpu_get_cpuid(vcpu); + return (struct kvm_cpuid_entry2 *)get_cpuid_entry(vcpu->cpuid, function, index); } @@ -1038,7 +1045,7 @@ static inline int __vcpu_set_cpuid(struct kvm_vcpu *v= cpu) return r; =20 /* On success, refresh the cache to pick up adjustments made by KVM. */ - vcpu_ioctl(vcpu, KVM_GET_CPUID2, vcpu->cpuid); + vcpu_get_cpuid(vcpu); return 0; } =20 @@ -1048,12 +1055,7 @@ static inline void vcpu_set_cpuid(struct kvm_vcpu *v= cpu) vcpu_ioctl(vcpu, KVM_SET_CPUID2, vcpu->cpuid); =20 /* Refresh the cache to pick up adjustments made by KVM. */ - vcpu_ioctl(vcpu, KVM_GET_CPUID2, vcpu->cpuid); -} - -static inline void vcpu_get_cpuid(struct kvm_vcpu *vcpu) -{ - vcpu_ioctl(vcpu, KVM_GET_CPUID2, vcpu->cpuid); + vcpu_get_cpuid(vcpu); } =20 void vcpu_set_cpuid_property(struct kvm_vcpu *vcpu, --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C145D14658B for ; Thu, 28 Nov 2024 01:34:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757690; cv=none; b=S/pw4u9t/3uLlsgujKRLqSKzWJhgF+LPQqo8gxN5j/zPYUxU2jdSYRPxfhP2JDD8Kj1GmUtLranZ36HX5+p5cA3zvYuWfQso8r2cXBEnv8cary2Xvx5yOL9M8QzH/P0WocN7M51SYVhzdjj3iN5f/2c/1nT+Sz8o4yO/oPpKjrI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757690; c=relaxed/simple; bh=Zi6nLxvCtqg7sRDOs2S1uLN1ASc4dep+KLdJOASySug=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XsIByk3TReEeZtgS8g0+tFCr9IxJDO7UYHRBnphKrW2rSD2LH0zsFKh4DvBK4ZSvhXvGaq69LQA7SPcdaMbdnE4M6/e/psdl1QxEzbl5/sTEoPWAwroOoc5l7lTFUwGjYFwmOVawi9uOLL/ufJAMb5SNGd+lGaPywDscRlCYjBo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ZFJrUHej; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ZFJrUHej" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-7ea0069a8b0so180923a12.0 for ; Wed, 27 Nov 2024 17:34:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757688; x=1733362488; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=imzmUI4pwQd0UqeKMzmq2IeaU1wm8Js0tpOStaLC/Qo=; b=ZFJrUHejVILf6u/DVmbe5F9msgvE3HIzxoejbPPpD8Y51fg2D1tRYuU5xqjF8vsiMc 78/DSnhkaUEELbqqtPtDrCo3tA3wSYRNpUJB3oU1Si1sniJ+JxP4jBf4+ewivG37mQcf FPeFo8QWbsuPjyiGGesqg+lrWggZONOxCOvo+5mWJ6Qpmhk2VdTMojcfvjKMiiJRm2sm E3xZSPYrdwTpzeTLH3oujK4LXw7yPYN8jnZN+4dP15UJLWMsK2qYOg/8sS/ggJuEx9TO isvpUNHEz48WZD1am3H7ibYxza0hGRam8DOJU9JppMWUZV7WEpd0yy6Zo/zSwua/eM84 SLjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757688; x=1733362488; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=imzmUI4pwQd0UqeKMzmq2IeaU1wm8Js0tpOStaLC/Qo=; b=dRci36P6grCxjoqgyyw+ZDC6azM5qWvxlOT4NWxLiAvxq6IwE2wMG4/gjPM75AEpXu 8Y4Lj8/LvDRt4D3R4TcWlwU63huQzatYDA9MfF1H+dv0eQeROYQofHetLbvcm+dMMoyh MJO/WI59dNoCzn6GZuoGHiADjlt37hUVufQiCeMyJyQc69+ITJNmWS8My1lI0qUvSofP 7a779IHBRYwpEDvJouK9YGin7lANnxXOGIbosWLOgG7QQieoUwqKdFiCVAufUJ8cq4GV i0ypDlt16iclQCArV/lCmx+LBNjaH9UNEQVMCL1MMwn6CSHC5/K88E/E1UH/00BFvKmf iFkQ== X-Forwarded-Encrypted: i=1; AJvYcCVnUdAaJ0qehmyVPDiJwoidhRNRYgslMWXbTTFTmX1rawp5kfXuwKzlCdtkREnkVVCrRYdOcBAHAx+LmBk=@vger.kernel.org X-Gm-Message-State: AOJu0YzVXTvjL4+BxqtwO67XYPnqHIBnEzmeDyoXNPZCONqD3ZaJgETt Wc5yT+oR9y3O2qqqggFg1JmKZNhzeaR8m2kj/+yUudiLgdSc0C0Ye6L3nKwDLwvjpRT46Qk/6gc 4yw== X-Google-Smtp-Source: AGHT+IHaM60Lr29ZkEqvcH1kdwSyGKEW3crO+fz+1pKWqPQXY9T6XKATriFjHO+n6jho2+7tLHiRqiLxy1A= X-Received: from pgbfq20.prod.google.com ([2002:a05:6a02:2994:b0:7fc:2823:d6c4]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:3291:b0:1e0:dde9:f383 with SMTP id adf61e73a8af0-1e0e0ac69eamr10098846637.4.1732757687885; Wed, 27 Nov 2024 17:34:47 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:36 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-10-seanjc@google.com> Subject: [PATCH v3 09/57] KVM: selftests: Verify KVM stuffs runtime CPUID OS bits on CR4 writes From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Extend x86's set sregs test to verify that KVM sets/clears OSXSAVE and OSKPKE according to CR4.XSAVE and CR4.PKE respectively. For performance reasons, KVM is responsible for emulating the architectural behavior of the OS CPUID bits tracking CR4. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/x86_64/set_sregs_test.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/testing/selftests/kvm/x86_64/set_sregs_test.c b/tools/te= sting/selftests/kvm/x86_64/set_sregs_test.c index 96fd690d479a..f4095a3d1278 100644 --- a/tools/testing/selftests/kvm/x86_64/set_sregs_test.c +++ b/tools/testing/selftests/kvm/x86_64/set_sregs_test.c @@ -85,6 +85,16 @@ static void test_cr_bits(struct kvm_vcpu *vcpu, uint64_t= cr4) rc =3D _vcpu_sregs_set(vcpu, &sregs); TEST_ASSERT(!rc, "Failed to set supported CR4 bits (0x%lx)", cr4); =20 + TEST_ASSERT(!!(sregs.cr4 & X86_CR4_OSXSAVE) =3D=3D + (vcpu->cpuid && vcpu_cpuid_has(vcpu, X86_FEATURE_OSXSAVE)), + "KVM didn't %s OSXSAVE in CPUID as expected", + (sregs.cr4 & X86_CR4_OSXSAVE) ? "set" : "clear"); + + TEST_ASSERT(!!(sregs.cr4 & X86_CR4_PKE) =3D=3D + (vcpu->cpuid && vcpu_cpuid_has(vcpu, X86_FEATURE_OSPKE)), + "KVM didn't %s OSPKE in CPUID as expected", + (sregs.cr4 & X86_CR4_PKE) ? "set" : "clear"); + vcpu_sregs_get(vcpu, &sregs); TEST_ASSERT(sregs.cr4 =3D=3D cr4, "sregs.CR4 (0x%llx) !=3D CR4 (0x%lx)", sregs.cr4, cr4); --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C03C149C54 for ; Thu, 28 Nov 2024 01:34:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757691; cv=none; b=ZJzM7Z1olmrxoCy9QZEbuSWnyqsNLBWOHLwy+/7E60gydT/ZOVVQpQTz/43+BfGYOJ+gwIUZtz6EIx1Q3oQJ3tdCNc9J9JIAGRzphjKce4Fbj6Fu5J5HEHGailV1kxyzws2TB6SYaQTlOVECKCCi2envKmu8/eXvhQ4JY7EtzT8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757691; c=relaxed/simple; bh=XUJ82Rtg0dvNzftBjBgZdlUMYIOHxk/MRQT5EY38WoY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=fniT4KF1eoBH9eZp+5NZ+vVayeSEc8h9V/2hVRM7kzb+pA+3ylyswmw68M/uWfzPMxc2/qFFJNSAZp7NhoYuiNQTgT/zOL49KE0wgl7p81dNAYQ2SvLi1O4gXbpaPUer5DQ0GUZFhdTsuGstcrQX7SLFxJfEAzpytQJ1vGPlM78= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Nza6PhcQ; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Nza6PhcQ" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-214f976045dso3599255ad.0 for ; Wed, 27 Nov 2024 17:34:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757690; x=1733362490; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=QO1nbKSuw4xAHdvTKrWO+XAcBIQugd+Jc8EgRJlODfQ=; b=Nza6PhcQEXmZL+iho4fLgaJ6f3bq6o4OfIMQ6j5MzuOKBJ31D3s86/rzivsYIDNku0 iFJ9IpnZVmlGgKQu4QIzRPx3xCo4W3BzvB0RO8c6nmSPA7vrtyE5JWbyJozNUNTbg8xT KWuXNLbD0SokMV/EZ3WVpMwDZ6SgJzCyxmap3SsQeaRiyjMMUopnhIBWlvJ8o3tgybUn WCsITdV8l436hjOQIbo87xEObU5ertnnfwlB6Rd+6jywJ/siq2wean0YlmHt6YaKQbX2 u+2hDn/cQPkCAwjyp+3YqhIf3mBN9pQ+lZUHP13KRZnGagH0O3vpzvVgBPvW36aNK2fO IRIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757690; x=1733362490; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QO1nbKSuw4xAHdvTKrWO+XAcBIQugd+Jc8EgRJlODfQ=; b=SsAvn0O64cl8GyNdSXawkenaTq435L/QVX4ys59Ra2Qp6BQ0T3ETgW7GJ6h04fUVAs 5YkBp2iUHWd3naLl8Dj1OllBpeOyAKaf1MKgfaaQ/kNXULhDLK+fVfIq3ZCRGJ9Zk44E 9heODq6lGq2P519U1kPWNfjE/jr3foKq4Lt4v4AgkSlmy0K+8BRS/L3JAZTeCpUXpFM0 W7M3cmlhFu+KAPI0UbfwIcxhklMdv5254MdnmnVclluVXu198ajq7T0zKzJO2D1NJnFi yQRJTuzYG6TTkfAw5Jjo6npFQu/fZMQD46yjt7XgtvMWU20gKJQSbubgiwhWgmB0Oqg5 /JmQ== X-Forwarded-Encrypted: i=1; AJvYcCXoKT7MF0JuVcmKa4yAtLOOEx493TDESAxYmb2xiz5N9MoR0+Ko0x8L8FVM6oCXDSHJzKTE8hEtVHEcjQ8=@vger.kernel.org X-Gm-Message-State: AOJu0YwCaAEY03sx30dl9IAjhw8hp1sZTWmSvb5MPbcxrBzeZUTRMlVy 1y6a2eIqhbSYQE40476XoIi2CuNL8XB859dfdIaXRRMy2p8G2idPbbHWa+/OeyD99fNVKj/8YVN VAg== X-Google-Smtp-Source: AGHT+IFql/TwOfNwT9CVZ0WNulnEpsE+uGEyzsfAGgYdcC+q97T9HfG6pl6mZwpvJ0LoRod86oyPOYL8AVc= X-Received: from pllb7.prod.google.com ([2002:a17:902:e947:b0:212:4557:e89b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:d50f:b0:1fa:1dd8:947a with SMTP id d9443c01a7336-21501d58ac1mr60024385ad.46.1732757689708; Wed, 27 Nov 2024 17:34:49 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:37 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-11-seanjc@google.com> Subject: [PATCH v3 10/57] KVM: x86: Move __kvm_is_valid_cr4() definition to x86.h From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Let vendor code inline __kvm_is_valid_cr4() now x86.c's cr4_reserved_bits no longer exists, as keeping cr4_reserved_bits local to x86.c was the only reason for "hiding" the definition of __kvm_is_valid_cr4(). No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 9 --------- arch/x86/kvm/x86.h | 6 +++++- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5288d53fef5c..5c6ade1f976e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1281,15 +1281,6 @@ int kvm_emulate_xsetbv(struct kvm_vcpu *vcpu) } EXPORT_SYMBOL_GPL(kvm_emulate_xsetbv); =20 -bool __kvm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) -{ - if (cr4 & vcpu->arch.cr4_guest_rsvd_bits) - return false; - - return true; -} -EXPORT_SYMBOL_GPL(__kvm_is_valid_cr4); - static bool kvm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) { return __kvm_is_valid_cr4(vcpu, cr4) && diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h index ec623d23d13d..7a87c5fc57f1 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h @@ -550,7 +550,6 @@ static inline void kvm_machine_check(void) void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu); void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu); int kvm_spec_ctrl_test_value(u64 value); -bool __kvm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4); int kvm_handle_memory_failure(struct kvm_vcpu *vcpu, int r, struct x86_exception *e); int kvm_handle_invpcid(struct kvm_vcpu *vcpu, unsigned long type, gva_t gv= a); @@ -577,6 +576,11 @@ enum kvm_msr_access { #define KVM_MSR_RET_UNSUPPORTED 2 #define KVM_MSR_RET_FILTERED 3 =20 +static inline bool __kvm_is_valid_cr4(struct kvm_vcpu *vcpu, unsigned long= cr4) +{ + return !(cr4 & vcpu->arch.cr4_guest_rsvd_bits); +} + #define __cr4_reserved_bits(__cpu_has, __c) \ ({ \ u64 __reserved_bits =3D CR4_RESERVED_BITS; \ --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E95014AD2E for ; Thu, 28 Nov 2024 01:34:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757693; cv=none; b=ML/8+/KSY61YtnZ45IjGfq7gdBCidQJp+BPZO0gtsPWFMZaABqFNb6fUKixDwyAE/vBsZ+i+yRwGeQFSPrZcDwI7mtyzIhB2mRzNXtM01QKv00ZqoXktQdSJLSZBfXS5jaNZ8kdKFVldvuxEZB59ZAE1mYLMbNdgnYVhTPv9Tbg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757693; c=relaxed/simple; bh=8M4UbYKmp2Gh3Zl4jYlDZTt0BoGbSmn6dRyyLDCWFzs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=rc1geP1l70Jw1/4C+SDCLXH0mo5Dwq7IddPUqYLlq7xcQKWGmO4I62wJSKD7IvvtP1/0gj7/PB17hWtzfJyuLazeJPdG/A7W7utyunnMoCv6rjESEMWqh3TGMPKa1iu6PiFypMniZ5UVCsJIar3VKj/z64Vi8rfZs/j/rzz9MjY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MiKR/3qg; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MiKR/3qg" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2edba08c89bso388528a91.1 for ; Wed, 27 Nov 2024 17:34:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757691; x=1733362491; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=En/ebXFE7IQduzFpZQdCqb30HJiQ4lZcee0ytf8Ga+A=; b=MiKR/3qgJH4REfUoGPzlFpALpdIbgwl/ret7NLzLlKib7Wljca/iiqV4pPUpSaKbIt 8DmAkqMeZY1inyBOyyTz40jX/PsobyH/V+dvmNMubEsquz8dzxFd3kF4IBzxs0P/ID2s 44Rx5abNB77VoZJWa+2AQnlaqYpc2AhAr84Xer5rkhK0zS13bzdEtyh0+KZPE4eTn6NX N8obH6AQmv5dWVU6hiP+3rtv78P+2d4oAi+9+6T6GQSUW82LJLAkSBEQiNmjSN9SBMd3 TpPHbX00NZl9I/GSHKUSyKuBAnOqXo6ZZ8l8QPgYBzoPP0jyRNSABcgcoK6KhcZNWp72 WWoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757691; x=1733362491; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=En/ebXFE7IQduzFpZQdCqb30HJiQ4lZcee0ytf8Ga+A=; b=xP6Yh/jffOnMUCmKhbetpk4cRtxK5OILm/9zbqGT4615w8SjQg2+R/vfLtg7+8DrvD ZWjTEPoxMnPdACGNY9M9Kdfksc2r/mLRuMi5Havzw3krbxLubucztgvr+9oU4SDFCG7V MGn78qRI8gjZ/I7EmAyilBYI3rT4wD4PeLY8mX0D+8kqbuzFRtqFts4eTFThYpH2DAkP dGlQODXZ3cNipzdvP6IEI7tbFb18/ym1qljG366TUAhrW97rsfifBflOTio8e7QOgXim 49f2rhMp/7yt5Ag7CIhJFP66zyj4Y2RcT9auNH0s6sKk1GXwCAqKTowWQM5nILFiALpM BDhA== X-Forwarded-Encrypted: i=1; AJvYcCW1hMxZxPz+izFSOJ2SdjWtxk4AiJhlAiFS1+6NAGru4eTc7N4rkYMTdqicriaMVM9paQFvFDGHkjgN/ew=@vger.kernel.org X-Gm-Message-State: AOJu0YwH0TVA5yswiod5yuh2S5T6nh+2XHo+qsb7AVMeqMG8hGB54HtH 8v+gDFOma7o9HfMgCx43jWqKloxSrr8LTp+i5b6nbMz3FFLXhFGGb0b9qAh04StjHCaK7WxRjiA 1Jw== X-Google-Smtp-Source: AGHT+IEjLtBeoOk0kP8rZqlEKEWA2SUCicvERQLF5yyR4OIJCyQDVxB251zmH/KpQQb4kFZaHqyk1H0JDY0= X-Received: from pjbpl3.prod.google.com ([2002:a17:90b:2683:b0:2e9:5043:f55b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4b87:b0:2ea:8e42:c39 with SMTP id 98e67ed59e1d1-2ee08eb2a35mr6655972a91.11.1732757691529; Wed, 27 Nov 2024 17:34:51 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:38 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-12-seanjc@google.com> Subject: [PATCH v3 11/57] KVM: x86/pmu: Drop now-redundant refresh() during init() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop the manual kvm_pmu_refresh() from kvm_pmu_init() now that kvm_arch_vcpu_create() performs the refresh via kvm_vcpu_after_set_cpuid(). Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/pmu.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/kvm/pmu.c b/arch/x86/kvm/pmu.c index 47a46283c866..75e9cfc689f8 100644 --- a/arch/x86/kvm/pmu.c +++ b/arch/x86/kvm/pmu.c @@ -797,7 +797,6 @@ void kvm_pmu_init(struct kvm_vcpu *vcpu) =20 memset(pmu, 0, sizeof(*pmu)); kvm_pmu_call(init)(vcpu); - kvm_pmu_refresh(vcpu); } =20 /* Release perf_events for vPMCs that have been unused for a full time sli= ce. */ --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 231BA55896 for ; Thu, 28 Nov 2024 01:34:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757695; cv=none; b=SoWsZSD4Mj1gU+F7sRF/9PxcfqnzFgZVKqZrf0NfW7I9KgXMhgHKDHF7PdRWsSj3V+2ggX7WPjZ2tmy+i+EWLX5JtQNzX1hXDwDL0UEOVCYeiwYUxnihp+BhFkSlyD8e6Jiy3rkZLB4ydb/E8bRzgAN+eYiosl5K6BKTkUD7S9E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757695; c=relaxed/simple; bh=H6TgfpwEYnmKjksfoxthDptm8C+FoPabrsagLKg9WI4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=L4ZisZazfxkQyRzsBc1DFj1Jf0TPdUw/h6hTkEARkhMWU4WnwO0i2m6OS0rPwRFkq4GIzLAhdJo6sEYD3ZUdn4t9i0nyF9fW+UTM46TgHqwKdmuuHNcefgQHDGuY8fItXa6+YhklUDGco84Dt+JuwlCPlhcgAy7AknlwCyCds1k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4NkAnmkY; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4NkAnmkY" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-724e57da443so482080b3a.1 for ; Wed, 27 Nov 2024 17:34:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757693; x=1733362493; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=BuRB4e+BKWYqUslKZtGLdpJClrWdnWQipKEdNA7FnVs=; b=4NkAnmkYCt7CUsa5AQP4QfLztlobNsS6EoqEVEL9nwBSULLFwQPIeTRqzkYgznE93W yChG0T8U6Fk9tFkClsDni/lljHlzAlG10oGxopSAiHxlmEQ9kudBvnG+vKMJEBRybwRN 0y67J+MqNPN9BJgp/TrdjHFcSJDmg/3+VRtYuMPAGfDmRYOrPXyuEkkpGobOptW8Yiue xwreUkKHXyksOOUHMcoMU0tjYFlQ8k1owSOc2o2WPBII2URPjs67i0cdokSJiYbKo1tW DbyQsCltlx0TQln8kDXczVblTQ8LLidpuOV3bbpGYOxxhaHU1TV/xzEp8+InSX0X86LF UQNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757693; x=1733362493; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BuRB4e+BKWYqUslKZtGLdpJClrWdnWQipKEdNA7FnVs=; b=YFMWxN8x5JfjYpTNi0t5vM3D9OjV174XxNOph4LdiGl9wAMN+A8vNaqa/Yt5TtkwaL pmBh65Qbj4VjBKIM6vmcfbDa3QBMfuoxYnDnlZB4TDyEbC5je2HGBGhhpTa2f0m6/J9j JZIA9stKbFDeg54xAqIWGAs9fD2FFKbecf1HrrS7FShC9stKB61p1K9HodZhGpcsPgNS Uhu2rp3qHXrTW7arBeiCoNTiT+QMhED5RPffj5XXuH9ekeiLMtU8LWUUDKdFO/UQzYPe NmwxF3PigJmjNdarCw58BVsii8R0ZhPpVosBWYpOtK+oj+0YWjpMuW1gEOFSsfhIAFKv vo4w== X-Forwarded-Encrypted: i=1; AJvYcCWIx0xYDfNDgjk/vgfrqQVZUZNou5P7DxSaiepPIBdSPPyZyspmoQ46HSuTxUVXbDkrT9QPPIPpjz/qJr8=@vger.kernel.org X-Gm-Message-State: AOJu0YwqG3hPG4E9NooiZGBxlz3UZ3ZcINlosRi6iC/adFYnTO0c6FfY opyWXr40dY8DayLpOQgW1YPTh9QR4n4HvVXBO5PX7r1Jz0+JctC/8CxBcyOW6nUJYNx9SIGMFYh sNA== X-Google-Smtp-Source: AGHT+IFqVKIMc2zms0SLeFnndp4IUez32dpv4m6eZYt8umTpWMW5ImU5nw07yWuaWXpp5oat3E/hS7dsII8= X-Received: from pfbjc41.prod.google.com ([2002:a05:6a00:6ca9:b0:724:eb96:cf5c]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:2d20:b0:71d:f4ef:6b3a with SMTP id d2e1a72fcca58-7253013e407mr7248277b3a.21.1732757693288; Wed, 27 Nov 2024 17:34:53 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:39 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-13-seanjc@google.com> Subject: [PATCH v3 12/57] KVM: x86: Drop now-redundant MAXPHYADDR and GPA rsvd bits from vCPU creation From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop the manual initialization of maxphyaddr and reserved_gpa_bits during vCPU creation now that kvm_arch_vcpu_create() unconditionally invokes kvm_vcpu_after_set_cpuid(), which handles all such CPUID caching. None of the helpers between the existing code in kvm_arch_vcpu_create() and the call to kvm_vcpu_after_set_cpuid() consume maxphyaddr or reserved_gpa_bits (though auditing vmx_vcpu_create() and svm_vcpu_create() isn't exactly easy). Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5c6ade1f976e..d6a182d94c6f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12258,9 +12258,6 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu) goto free_emulate_ctxt; } =20 - vcpu->arch.maxphyaddr =3D cpuid_query_maxphyaddr(vcpu); - vcpu->arch.reserved_gpa_bits =3D kvm_vcpu_reserved_gpa_bits_raw(vcpu); - kvm_async_pf_hash_reset(vcpu); =20 if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_STUFF_FEATURE_MSRS)) { --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC64F149C54 for ; Thu, 28 Nov 2024 01:34:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757697; cv=none; b=s/qvZKU0yEZtN6ikMeROM1QZoSUrTH4kU4iDUERaYVSe5fOkYmqP2DFcjSxionRC24iKdCQK8du/GBYhcJnLqdsCHMSQi/+b2G9WlVf/QQ6/2tX+H6bsCMD4tVUBoNinvoQPDVJwgbNncsfdiyF1zPUXPPfgpK83XlbEjCMbfrc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757697; c=relaxed/simple; bh=cCzjC4QslD/KqAdNK1lM8kydPh8drtJSilkfvomxB/8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=TLgIzBiwYaiYPtM4gOMBl22TVCVLWUpcekZisdJflVarHUjSh/+9NIdPAH5k4ih3gjguNJ1OJmct/jxBAcwZwV9aka49ibhMs+Fw22ug35iue3jGPZrIBnL7SFa7hv46E1QNJSnbRjusKkE2r+hBzmnEkvernALdTaUr7SrbPTk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2iYahZLx; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2iYahZLx" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ee237d13b4so523974a91.1 for ; Wed, 27 Nov 2024 17:34:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757695; x=1733362495; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=sp9eOls36k21Hyc+rIhk8dMf6G4N5uopLTx46a/Tt/Q=; b=2iYahZLxGVrISXzfgvYlOjYNh12+C5zGT/ouXhYyV93ViL48KCf2d3k8KMjX/W/Ld0 yd0BhmAK849LMDWEKQ7xHGyu4iNmOS1UxIgkwaT0+3o5eTSMK6cyPtuQoVv5q63u2uXj alAXvPA+KMn8+7tpAxsRzKmJS5uhPoemE0oG91qPg3/312C/NzyVFdITYHxCJkyLPusC 2vhOAE7mr6zYp5a6VNEbWm41dVTgNwBi19iUdv143Fo7dSasaeF83obhLbFMBY2ticTM i3QeIhlvEQjxGLOXbNPW23C6UsWfL8R4GhafMjtDQRU5+dBq0+vHPRxbHB57witJNFhW M6/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757695; x=1733362495; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sp9eOls36k21Hyc+rIhk8dMf6G4N5uopLTx46a/Tt/Q=; b=UKxrpXi8JVJLyKUh6dns+y2HB2xolAdzdVT+96q2NGugVh95164gUZstFv9RsGPmpB jpyXrPeT/5NmCCUzrNmwB/+uBPydqQHQHG7hQps+qaJbktcFHc6q1hCmv+N24FNbs1oQ Wk5RJstQ1cjZcUZmXg+To6TmEEAz0p9P0qHk+i9/8rq8RXTPsyfw56vMABB1K9uyhkHr Whye1GrVJ88G8tHiEjJOh3w/PHv01CBUZ3oiypL67Esy3Wbku0zZQxXHtHxi5ceFc2es 6culanxcabTYeFyKdMjeofmuPYoR95apsMsYTJJ0hFUiyD8/SHcGsqGeqDv/rHV9RC32 ModQ== X-Forwarded-Encrypted: i=1; AJvYcCVScQ+yowEN3vcyxBgu2bRJSe+5/jdZjDbr9eTaGY8z9gFlQyyTauiX3c7EIGA0rxktvBr9JykZmwyuxFU=@vger.kernel.org X-Gm-Message-State: AOJu0YwEEhoRRXydJVAbOcT07ddYZCdogYe1xGKlJp8rgFkwCJMp7T2M 3EbZJrrNXJn+NZY77zo7HcjnEXtzcoNTiFV5s8fTZDxwTn5h9L0E0ROc6PX7n/rvEKHqCbF1Aqt C/A== X-Google-Smtp-Source: AGHT+IGO9Q3kCgpJXKULD4MEqTnIQSGE8dD295rZZOUbRTv4NavzTlV2QtpqP0cKFjK70el4RN+9Yiup058= X-Received: from pjbmf12.prod.google.com ([2002:a17:90b:184c:b0:2d8:8d32:2ea3]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:35c9:b0:2ea:4a6b:79d1 with SMTP id 98e67ed59e1d1-2ee08eb2bdfmr7008969a91.11.1732757695158; Wed, 27 Nov 2024 17:34:55 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:40 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-14-seanjc@google.com> Subject: [PATCH v3 13/57] KVM: x86: Disallow KVM_CAP_X86_DISABLE_EXITS after vCPU creation From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Reject KVM_CAP_X86_DISABLE_EXITS if vCPUs have been created, as disabling PAUSE/MWAIT/HLT exits after vCPUs have been created is broken and useless, e.g. except for PAUSE on SVM, the relevant intercepts aren't updated after vCPU creation. vCPUs may also end up with an inconsistent configuration if exits are disabled between creation of multiple vCPUs. Cc: Hou Wenlong Link: https://lore.kernel.org/all/9227068821b275ac547eb2ede09ec65d2281fe07.= 1680179693.git.houwenlong.hwl@antgroup.com Link: https://lore.kernel.org/all/20230121020738.2973-2-kechenl@nvidia.com Reviewed-by: Maxim Levitsky Reviewed-by: Xiaoyao Li Signed-off-by: Sean Christopherson --- Documentation/virt/kvm/api.rst | 1 + arch/x86/kvm/x86.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 454c2aaa155e..bbe445e6c113 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7670,6 +7670,7 @@ branch to guests' 0x200 interrupt vector. :Architectures: x86 :Parameters: args[0] defines which exits are disabled :Returns: 0 on success, -EINVAL when args[0] contains invalid exits + or if any vCPUs have already been created =20 Valid bits in args[0] are:: =20 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d6a182d94c6f..c517d26f2c5b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6531,6 +6531,10 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, if (cap->args[0] & ~KVM_X86_DISABLE_VALID_EXITS) break; =20 + mutex_lock(&kvm->lock); + if (kvm->created_vcpus) + goto disable_exits_unlock; + if (cap->args[0] & KVM_X86_DISABLE_EXITS_PAUSE) kvm->arch.pause_in_guest =3D true; =20 @@ -6552,6 +6556,8 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, } =20 r =3D 0; +disable_exits_unlock: + mutex_unlock(&kvm->lock); break; case KVM_CAP_MSR_PLATFORM_INFO: kvm->arch.guest_can_read_msr_platform_info =3D cap->args[0]; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A2B6155A4E for ; Thu, 28 Nov 2024 01:34:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757698; cv=none; b=fIpDFKjIX7gi0zoiQuMtlM8l8KEsbknZaD9nwCe3gEqV7NQv/1EaDHBgvI3mAB86mnJzZIsxXu4RYp4TTVs7D83sUNTOuuF2QXZmSLRK0qtX0bkELBYbgeBFDp2EyaI+TpjTgigLhI2FHnmEGNYUx4Ziqy876hnmH3Y+G6kp6dg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757698; c=relaxed/simple; bh=7zC5azkES26WfDq3Whxv3so2ietZ4rGRL4pkkJDTXTA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FuEwgUw6k+x6BS163JjO7Rs+o/cKOKNaYulPNe1TMti/Anf65low4kPVmNFJ6eY5HlsVrsb199mPq7s84lnSr6BsD2Y7Hwndp+c1r5edNNAaoXWGZCLOcbsQzoKRpZzR5C6l5iJa06Fbr2YaAVChB60E3TLwAKDdorrs7sZNkvM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=twr2Tlwz; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="twr2Tlwz" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea3c9178f6so359583a91.1 for ; Wed, 27 Nov 2024 17:34:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757697; x=1733362497; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=/roR1Tq2E8S3SFqc2nnkeKb7VjdwQvlBDUindkJvlFg=; b=twr2Tlwzb7VcawOW2OvLME1sgRnCJIMCqhNgCNQO2AnHaq5HyUDA7cKVbLUD4GPApo 3b79h1zdAlu610uNrEnrP7mQNd7f3Po8sUm1mtbAadg46M7nCI5NkU7C/C3W2O4dQb9r yFQP/ix8p02n4P71TxsWumFfm7fel5yxQyJ0Joei8lPcsb+sVG9Iz4d8CYk1qQaCBP3s c1qg2weRw3Y2f2ChcKCbhMkycLcaWQCpgeB6ZsXN4JhZFPmwPJCbEgiGCcUyJDvoOENn HbBIbWYjX3mxAkOldMje7imUDl3O4/QsCJ+tNT2ruVFFSOdsULJf5IqVSo2Ix1RDxuWZ zu1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757697; x=1733362497; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/roR1Tq2E8S3SFqc2nnkeKb7VjdwQvlBDUindkJvlFg=; b=EiwFn9e3suAQKRHE96JzVkSfcAHDs5VFk+VsvgIUutYm7yPPtfjg/IKXg1h/dFH3L5 i+rpjuzKpKfRs1q9h39ot18j4xg9olaRdQuSIYPBLp6kkcbChVIlVMh+M4Jeqe+Nlmvu Mi2W7V1bpssJEj5G1tVWneMrp0I1NL7/7GtsuaCom4N/VQnbT1TdyibBlVc2mNNlFrIE tdXTl7NMFM/MO9Lubs9y9cMtrxwh8dxiE4T3WGn4zOFkXMidFWG9H127gIxENC+feHcP lfStAfMlEsP2rks03X2oF4QhFiNXrReuk0CZdYNqSiWFeYWlZP8zjr3ukIATzwGKBJe8 4gFA== X-Forwarded-Encrypted: i=1; AJvYcCX9Ju2NKeYhRRTqIwTo9lafMZCWs8SS6lbUIps2grgR4tPTihizJJKQZYHLxdPpXumz2AF9drp8Cg7Ljf8=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+qK/ZNVA/C257yNUruMMplwsj5jIDbDOh7/TX3LT04eGn/Q4P b0gNrPb1K0imX9OFxU++U5krpr/C7XbtMDuT+lkW7g3jvrCkUVu4b3X0k2m2iarfPNKrKYY9tIp 8FQ== X-Google-Smtp-Source: AGHT+IF6wH28m3FYKRZIpAFfWy3k4UMceR/PxneksITg/V4r6c3bKfb6SNvvACyGYnuBjppIhRKxes+QUjM= X-Received: from pjbsw12.prod.google.com ([2002:a17:90b:2c8c:b0:2e9:2437:ab4b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1d10:b0:2ea:aa56:4b0 with SMTP id 98e67ed59e1d1-2ee08e99941mr6405613a91.3.1732757696965; Wed, 27 Nov 2024 17:34:56 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:41 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-15-seanjc@google.com> Subject: [PATCH v3 14/57] KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Reject KVM_CAP_X86_DISABLE_EXITS if userspace attempts to disable MWAIT or HLT exits and KVM previously reported (via KVM_CHECK_EXTENSION) that disabling the exit(s) is not allowed. E.g. because MWAIT isn't supported or the CPU doesn't have an always-running APIC timer, or because KVM is configured to mitigate cross-thread vulnerabilities. Cc: Kechen Lu Fixes: 4d5422cea3b6 ("KVM: X86: Provide a capability to disable MWAIT inter= cepts") Fixes: 6f0f2d5ef895 ("KVM: x86: Mitigate the cross-thread return address pr= edictions bug") Reviewed-by: Maxim Levitsky Reviewed-by: Xiaoyao Li Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 54 ++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c517d26f2c5b..9b7f8047f896 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4531,6 +4531,20 @@ static inline bool kvm_can_mwait_in_guest(void) boot_cpu_has(X86_FEATURE_ARAT); } =20 +static u64 kvm_get_allowed_disable_exits(void) +{ + u64 r =3D KVM_X86_DISABLE_EXITS_PAUSE; + + if (!mitigate_smt_rsb) { + r |=3D KVM_X86_DISABLE_EXITS_HLT | + KVM_X86_DISABLE_EXITS_CSTATE; + + if (kvm_can_mwait_in_guest()) + r |=3D KVM_X86_DISABLE_EXITS_MWAIT; + } + return r; +} + #ifdef CONFIG_KVM_HYPERV static int kvm_ioctl_get_supported_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 __user *cpuid_arg) @@ -4673,15 +4687,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, lo= ng ext) r =3D KVM_CLOCK_VALID_FLAGS; break; case KVM_CAP_X86_DISABLE_EXITS: - r =3D KVM_X86_DISABLE_EXITS_PAUSE; - - if (!mitigate_smt_rsb) { - r |=3D KVM_X86_DISABLE_EXITS_HLT | - KVM_X86_DISABLE_EXITS_CSTATE; - - if (kvm_can_mwait_in_guest()) - r |=3D KVM_X86_DISABLE_EXITS_MWAIT; - } + r =3D kvm_get_allowed_disable_exits(); break; case KVM_CAP_X86_SMM: if (!IS_ENABLED(CONFIG_KVM_SMM)) @@ -6528,33 +6534,29 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, break; case KVM_CAP_X86_DISABLE_EXITS: r =3D -EINVAL; - if (cap->args[0] & ~KVM_X86_DISABLE_VALID_EXITS) + if (cap->args[0] & ~kvm_get_allowed_disable_exits()) break; =20 mutex_lock(&kvm->lock); if (kvm->created_vcpus) goto disable_exits_unlock; =20 - if (cap->args[0] & KVM_X86_DISABLE_EXITS_PAUSE) - kvm->arch.pause_in_guest =3D true; - #define SMT_RSB_MSG "This processor is affected by the Cross-Thread Return= Predictions vulnerability. " \ "KVM_CAP_X86_DISABLE_EXITS should only be used with SMT disabled or = trusted guests." =20 - if (!mitigate_smt_rsb) { - if (boot_cpu_has_bug(X86_BUG_SMT_RSB) && cpu_smt_possible() && - (cap->args[0] & ~KVM_X86_DISABLE_EXITS_PAUSE)) - pr_warn_once(SMT_RSB_MSG); - - if ((cap->args[0] & KVM_X86_DISABLE_EXITS_MWAIT) && - kvm_can_mwait_in_guest()) - kvm->arch.mwait_in_guest =3D true; - if (cap->args[0] & KVM_X86_DISABLE_EXITS_HLT) - kvm->arch.hlt_in_guest =3D true; - if (cap->args[0] & KVM_X86_DISABLE_EXITS_CSTATE) - kvm->arch.cstate_in_guest =3D true; - } + if (!mitigate_smt_rsb && boot_cpu_has_bug(X86_BUG_SMT_RSB) && + cpu_smt_possible() && + (cap->args[0] & ~KVM_X86_DISABLE_EXITS_PAUSE)) + pr_warn_once(SMT_RSB_MSG); =20 + if (cap->args[0] & KVM_X86_DISABLE_EXITS_PAUSE) + kvm->arch.pause_in_guest =3D true; + if (cap->args[0] & KVM_X86_DISABLE_EXITS_MWAIT) + kvm->arch.mwait_in_guest =3D true; + if (cap->args[0] & KVM_X86_DISABLE_EXITS_HLT) + kvm->arch.hlt_in_guest =3D true; + if (cap->args[0] & KVM_X86_DISABLE_EXITS_CSTATE) + kvm->arch.cstate_in_guest =3D true; r =3D 0; disable_exits_unlock: mutex_unlock(&kvm->lock); --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA8FC158531 for ; Thu, 28 Nov 2024 01:34:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757700; cv=none; b=nzZW/FWuaXWqYoZ0M2n38DbYaAcmzajpu/T+wpojrK29DfkJrk2zY7AiZ/hRLR+3KFTPNMtWaA0uHmd9194cysrdutnzGfHqYYYuRPelhtmKr/w1XCIYhf4VFP8LEGcjuTI9HMuAlrdQqh6E7CAp8I8leynNAGU2hquW6GYBV+0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757700; c=relaxed/simple; bh=Tc8LIiOIRM3QxaxI7g2HZv8WVUrEZKdFo0OMioOb8C0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=iVCZmX/Fmn6Ozgmduh6tmGeOM6E2kpBAMeopd+DoT2m7vGXKWy/O4OhXVzCyMqD2qFQRK5cXc5d81OIJ7YWN9Muj0w5giOod9SufZH9Rt6IW3UOk85NuXT37x1frA8jl842whqX5kdHs8s73CB1t0DyiDBDFAQJbmM0foL0nA9o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=G5RgidBp; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="G5RgidBp" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-7f8af3950ecso259344a12.3 for ; Wed, 27 Nov 2024 17:34:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757698; x=1733362498; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=WU83/DfF7T0ds1+fthR3W+eEtQHUVkaSLt/xQXIjOoQ=; b=G5RgidBp4Smax495yQK+ifwCBDsN4yrGOEC52Es0bufU/SUSSj6idwevrovN2a+c8u 8tTc0XRtNKM+SzIza2vSN3PvngS4Cy4KLigW29+DdjoLBG5pYXr9hABkvISLKKcrzrQy ykTVmUEYVbAnGqyQ6CPr1jT989zDah7REOmF1ZEt3jQWwL19RZ5Ub5WAGVcCjgAj3Oz3 eB0Beef/GC5ebrUsgyzzAgaACrTg4vR/h1/lmxXWj0XwWbSGQLv8A04poAjxTnNHstrn hdzepW+cgjccw155Phtdf/scMeADxJy+cOgR1p+NbGrFfw0eEJ32kJ8VdTjYFGd3tIB4 cIDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757698; x=1733362498; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WU83/DfF7T0ds1+fthR3W+eEtQHUVkaSLt/xQXIjOoQ=; b=Y/gwOVFpUxGn8NUZ/lVCv/D802snlN6wOOL1gHGamVdOesS+fCTCHoiv6ftipvIX0y 6jJobuuf7XgkCWR5t3h9r6IQBXrmXdNtNwqrcGegXWHIOJGi5zUiu2n4GpXafsP7i5+I kdX6iVaZDYVMyL4gRN5i4ekYDP+W9aQtSJ+C31i1UXO5tJsYUtbK74taRswzcq40COzn o3tnSwS2UOWnhJJa85bHiR1Z76WSDyWS3vPBet9w7nLtgWTkx85+HJeBXzZoKuXLSQ1T z/DG0eRFB7+cey77oOeVEkJDlQSou+5K+4lFsEDepubvQPHyK78BMIsdS3RhXI0kAuAD o7cg== X-Forwarded-Encrypted: i=1; AJvYcCXnVYKHCc87eosV3OXg7TOJbVh597clxaxtPyQYusHgyLAmjIaIqLWcMg6YeC0v8PBBdIy5CJTz2tBmcYs=@vger.kernel.org X-Gm-Message-State: AOJu0Yx9OTAJzFzKF19sUzYZgamR3hQ70BoUxB1XXe16ARd9DGUTBYvk bN/P10FOcSi2YKW2SBK+H3VW5PiHpkQ+DBD4si2CzpxNRSaIVFoA1YU8aIoN26Tut70+3aQlET8 9WA== X-Google-Smtp-Source: AGHT+IEJCs9N2XclscA1jtpo8yGvgCHz9DiT6omS7XIoj+KtuSKV1V8k6WtPz+JiSgyWErvjoDkzmWslk0Q= X-Received: from plblk8.prod.google.com ([2002:a17:903:8c8:b0:212:45f:e087]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:a105:b0:1e0:c89c:1e04 with SMTP id adf61e73a8af0-1e0e0c5cc36mr7869843637.43.1732757698381; Wed, 27 Nov 2024 17:34:58 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:42 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-16-seanjc@google.com> Subject: [PATCH v3 15/57] KVM: x86: Drop the now unused KVM_X86_DISABLE_VALID_EXITS From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop the KVM_X86_DISABLE_VALID_EXITS definition, as it is misleading, and unused in KVM *because* it is misleading. The set of exits that can be disabled is dynamic, i.e. userspace (and KVM) must check KVM's actual capabilities. Suggested-by: Xiaoyao Li Signed-off-by: Sean Christopherson --- include/uapi/linux/kvm.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 502ea63b5d2e..206e3e6a78c6 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -617,10 +617,6 @@ struct kvm_ioeventfd { #define KVM_X86_DISABLE_EXITS_HLT (1 << 1) #define KVM_X86_DISABLE_EXITS_PAUSE (1 << 2) #define KVM_X86_DISABLE_EXITS_CSTATE (1 << 3) -#define KVM_X86_DISABLE_VALID_EXITS (KVM_X86_DISABLE_EXITS_MWAIT = | \ - KVM_X86_DISABLE_EXITS_HLT | \ - KVM_X86_DISABLE_EXITS_PAUSE = | \ - KVM_X86_DISABLE_EXITS_CSTATE) =20 /* for KVM_ENABLE_CAP */ struct kvm_enable_cap { --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 898A619049B for ; Thu, 28 Nov 2024 01:35:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757702; cv=none; b=E8RFvc0yd0bwKYHQoPWkbJWsw6cDmDVBZAVQ7ZJblPakfjp/onsj37n4f3gYI24hyymXPuJL90n5aGnuldUdjsv40OlvzcaWNszCa8XHjPaDLW/y2JPOqs4jZedOxlbigSjW+K1JBaUh38bYjVjpHa3ThxChFYkd0aH/d/xzJAU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757702; c=relaxed/simple; bh=cbbs+IW/NbNg8bOD1ExLdSHyieLi+4CBsRm7uNwsQy8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=d1MTqTED8HCZ/wJZrLN26heNvQL47FDpymYRGnn0QxZAXldubHCU1owVsFduDLJei1+oZ8Eoxf2xV1J+xZQYx3959GFcHQhNTReu+bzj/Wf8X/dhxnwh9VIKlsEUYNSnyReo5oOLlXwKZIL6+YhhoqXA8rVeGvpIpI3XW+2JoPM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=y3ASrgPh; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="y3ASrgPh" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea5447561bso337916a91.1 for ; Wed, 27 Nov 2024 17:35:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757700; x=1733362500; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=tkIRJi9hWBp1lddY87MgHAVSYrJKfSqjaHK6jf7PQL8=; b=y3ASrgPhyGBZqGT11pGYHcTavzPxvP/+RxcvCCpUZG5JSvIpBXrjy1llnSLzHnVx0k 8n4C/44pxBlSC3wr4jyrkeJWURApGJR+5dnDY3QopB49TRpnXIuK1H/UDDE73PFt0tXi zbGCOPO55e9vhU705cF/BSy2o3+HHtMz4+aJYZWMAu5+7uw6uThP6PSWpgK8wwcTH/oU AClydoJ95H4LCFYa6aaEGcKIg+CpXk35fvvhS5Bbaz+WcLdoUlWfYTmcRRUYgYb/URkd FivY0ybGIl3VuuT/2gBhkWHK2h13tNjGtNNBoZp4ouWAKMi0ldomO4QUPglJsMLlFA1x lrkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757700; x=1733362500; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tkIRJi9hWBp1lddY87MgHAVSYrJKfSqjaHK6jf7PQL8=; b=dJHMCH9Aqsn/nPSMzUtJxXVckkBob8UcbJSqrm3fLBMesO9gxOwUb9pKkq3430lPWg AMe50/hU+HHHQ0VURKoW/pCqh3owe/Za/DtO4oTYwUvzUGnYp+5DlyEPgeyAeo3+ToYu 9zVUd+u3F0Q96a/pqZg5oZmkdk4FBewOUYiJdG1n1mhlphJE7FgJmyf17Zew+wNOvtiw 05dKt+4PKlxRHka/Xw6gnvfR7WLwqu1pk9+dOYDWEr6VW6gTseJoICg/Vw3TG9hLcvwG HWoHjM7Qvrsb69fZnT5Kz+pTaocCKFmcSLA1BGiFKWINIo1BC/vsRbeBHauCvHdiVMK4 eyjg== X-Forwarded-Encrypted: i=1; AJvYcCWijoBjsG8vLNVQD3FqdSgdqwY2q2MCxI6g8RdmQ3XWGNUjk0WFE7J1sSADkVG53o8hzXxHqhr3uFYGjw4=@vger.kernel.org X-Gm-Message-State: AOJu0YwfYkgr9JqqMTBz8tlhdcf/pc/a9PjfYt68GwXL/7naqA8/34Lx hCECVnpIti/b8Qfro8JHYZLbsr4d9kPRbM0e3LtUGa7xqIaXXzs2JoEvrtAsHHNDmVpodbCJhJX 3Xg== X-Google-Smtp-Source: AGHT+IHj7bunZqsrMJqyJ0DOJh4l8WYWBGi8wZuUkIl5BQnppNnhNxCcsaMgndMNUNsLOrxgCJY9E8zR6MQ= X-Received: from pjbmf12.prod.google.com ([2002:a17:90b:184c:b0:2d8:8d32:2ea3]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4b91:b0:2ea:3d61:1848 with SMTP id 98e67ed59e1d1-2ee097e33d4mr5931840a91.34.1732757700100; Wed, 27 Nov 2024 17:35:00 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:43 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-17-seanjc@google.com> Subject: [PATCH v3 16/57] KVM: selftests: Fix a bad TEST_REQUIRE() in x86's KVM PV test From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Actually check for KVM support for disabling HLT-exiting instead of effectively checking that KVM_CAP_X86_DISABLE_EXITS is #defined to a non-zero value, and convert the TEST_REQUIRE() to a simple return so that only the sub-test is skipped if HLT-exiting is mandatory. The goof has likely gone unnoticed because all x86 CPUs support disabling HLT-exiting, only systems with the opt-in mitigate_smt_rsb KVM module param disallow HLT-exiting. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/x86_64/kvm_pv_test.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/kvm_pv_test.c b/tools/testi= ng/selftests/kvm/x86_64/kvm_pv_test.c index 78878b3a2725..2aee93108a54 100644 --- a/tools/testing/selftests/kvm/x86_64/kvm_pv_test.c +++ b/tools/testing/selftests/kvm/x86_64/kvm_pv_test.c @@ -140,10 +140,11 @@ static void test_pv_unhalt(void) struct kvm_cpuid_entry2 *ent; u32 kvm_sig_old; =20 + if (!(kvm_check_cap(KVM_CAP_X86_DISABLE_EXITS) & KVM_X86_DISABLE_EXITS_HL= T)) + return; + pr_info("testing KVM_FEATURE_PV_UNHALT\n"); =20 - TEST_REQUIRE(KVM_CAP_X86_DISABLE_EXITS); - /* KVM_PV_UNHALT test */ vm =3D vm_create_with_one_vcpu(&vcpu, guest_main); vcpu_set_cpuid_feature(vcpu, X86_FEATURE_KVM_PV_UNHALT); --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D8881946C8 for ; Thu, 28 Nov 2024 01:35:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757703; cv=none; b=feYYCcyUlnViIw4zR3DRrt29sg8XMKJyLSpkWbdMG3hhGQK0xpQLBMAFdYh42vFAtsUHJZLxJzgwfqvLbKBW145UPn8AXAdDBvYo0xV4cLfdMgFg/RUKWTHQZY+PdvPrdSzVhJdsqONUeg4TSVS7FjDgsW1ba/akuVojrhXACq0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757703; c=relaxed/simple; bh=j1lspzAZSnatGtAyYEzo99bnshmjMvNle264S7qnyEM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XeGrtktKtCo96IyD5n3guPc2w2XLa9CQ6qKJo4tOA3sj30+ARRSdZQQ8ug0Wf4N07pIFmsezqmkiXJNKyAyXAH/NUbVfcQzGaht0mpDeSwTGVwj5NPZIRkDfbad/Sab8YumCDY0N4V5TbgtaZfnog/tg0GT+e7eCtS74gn79Lq8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0RFTtWXD; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0RFTtWXD" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea3512feaeso443829a91.2 for ; Wed, 27 Nov 2024 17:35:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757702; x=1733362502; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=XLo8wdW1hY4DyAa14l4zhcQr5XZUx+Z57AoVSIEO6Vs=; b=0RFTtWXDiQ8MstnVWSEs4p4/r+aiqJ6FZuqnOhO9Dswp+JeuyCDmLALN6zfk2uQBoH mgNbFi8qmAiftWzaR5UYFq4HFbKZ4hRPd55fptenWBOpkHmvzOX6o0/hu7rXrMoKoaw6 6bbC5j1Bf/5L2UgxzJ2rRc9htu6WUYI6kGTYyBhwDIEFNpxDl8vf87a4wMSLPqdG0dEt sTTCMHYBNlKv9WEXX2VgURimzi5+we+IS7xpEG+LgN8EkS0DOXdh5/xxdlzWZt2ZikL9 uA+jpbSZ0qqFUtlehstvQ45cLPMmJ4EzuiOB60fX7aihyjrnCN/wX+/9NEPQl+DNV/UP ndbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757702; x=1733362502; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XLo8wdW1hY4DyAa14l4zhcQr5XZUx+Z57AoVSIEO6Vs=; b=aHvjYr8ew8ZiDZT2WqIltpCI4pCgdr4kdJT8pla5AKi8/nF948NODSTmQJRZij1FWn O3feU0YCUo+d/ld/cycNMmiJ5QsDP9x3WXkZi/beD7g5UUBXKzncUH6EK7D/fbGY3CQS Fi7bbDY4tBfFwDHjEOOmP4gCqTyLHvqutUfnQpKtff1UfFYC1ova94Fp9JCW3FqOlbq/ 3nlbaV9AF5gpSSVbl8RRn+l6w9u4UJlX3r89JipuIg2U6/iAdDvHP/ooQ4SmHdmPc48a n4PAO6akwKe5vsRb3FT4aP5wtBrxCtpW0/wLtvd5nc9o2bwNlBEi5qkESq0+4pYArsc/ h9bQ== X-Forwarded-Encrypted: i=1; AJvYcCWuKc2Bdr7IOtehxLJ4wYm+sakpeHCMtwAudM3gQMC8wrQqhc7ewZsD+lqUJOdXU/4RBWSjsvY+aWtpn/A=@vger.kernel.org X-Gm-Message-State: AOJu0YxQ8q6HCAxt43NqMxsW5m0N+IoxS9hgdLOVRgwY+bhhPYotzPNE Tp+jV0WcNpUMjSZogL0xaG9POnAUvhWO/JsFzg8d8xJGVaW4TPtunQvLBGHrFY1tTpFmDbHr9sv 1ew== X-Google-Smtp-Source: AGHT+IHyVZYklRIZXblHAU0wo0hjicXubUhgilAq45apylTWtGkdHw/j/lrE0oNG5NnvnHBwCmvn7YOyk/M= X-Received: from pjbnd11.prod.google.com ([2002:a17:90b:4ccb:b0:2e9:ee22:8881]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4b87:b0:2ea:6551:da5d with SMTP id 98e67ed59e1d1-2ee08eb2b6emr6361094a91.13.1732757701830; Wed, 27 Nov 2024 17:35:01 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:44 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-18-seanjc@google.com> Subject: [PATCH v3 17/57] KVM: selftests: Update x86's KVM PV test to match KVM's disabling exits behavior From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rework x86's KVM PV features test to align with KVM's new, fixed behavior of not allowing userspace to disable HLT-exiting after vCPUs have been created. Rework the core testcase to disable HLT-exiting before creating a vCPU, and opportunistically modify keep the paired VM+vCPU creation to verify that KVM rejects KVM_CAP_X86_DISABLE_EXITS as expected. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- .../selftests/kvm/x86_64/kvm_pv_test.c | 33 +++++++++++++++++-- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/kvm_pv_test.c b/tools/testi= ng/selftests/kvm/x86_64/kvm_pv_test.c index 2aee93108a54..1b805cbdb47b 100644 --- a/tools/testing/selftests/kvm/x86_64/kvm_pv_test.c +++ b/tools/testing/selftests/kvm/x86_64/kvm_pv_test.c @@ -139,6 +139,7 @@ static void test_pv_unhalt(void) struct kvm_vm *vm; struct kvm_cpuid_entry2 *ent; u32 kvm_sig_old; + int r; =20 if (!(kvm_check_cap(KVM_CAP_X86_DISABLE_EXITS) & KVM_X86_DISABLE_EXITS_HL= T)) return; @@ -152,19 +153,45 @@ static void test_pv_unhalt(void) TEST_ASSERT(vcpu_cpuid_has(vcpu, X86_FEATURE_KVM_PV_UNHALT), "Enabling X86_FEATURE_KVM_PV_UNHALT had no effect"); =20 - /* Make sure KVM clears vcpu->arch.kvm_cpuid */ + /* Verify KVM disallows disabling exits after vCPU creation. */ + r =3D __vm_enable_cap(vm, KVM_CAP_X86_DISABLE_EXITS, KVM_X86_DISABLE_EXIT= S_HLT); + TEST_ASSERT(r && errno =3D=3D EINVAL, + "Disabling exits after vCPU creation didn't fail as expected"); + + kvm_vm_free(vm); + + /* Verify that KVM clear PV_UNHALT from guest CPUID. */ + vm =3D vm_create(1); + vm_enable_cap(vm, KVM_CAP_X86_DISABLE_EXITS, KVM_X86_DISABLE_EXITS_HLT); + + vcpu =3D vm_vcpu_add(vm, 0, NULL); + TEST_ASSERT(!vcpu_cpuid_has(vcpu, X86_FEATURE_KVM_PV_UNHALT), + "vCPU created with PV_UNHALT set by default"); + + vcpu_set_cpuid_feature(vcpu, X86_FEATURE_KVM_PV_UNHALT); + TEST_ASSERT(!vcpu_cpuid_has(vcpu, X86_FEATURE_KVM_PV_UNHALT), + "PV_UNHALT set in guest CPUID when HLT-exiting is disabled"); + + /* + * Clobber the KVM PV signature and verify KVM does NOT clear PV_UNHALT + * when KVM PV is not present, and DOES clear PV_UNHALT when switching + * back to the correct signature.. + */ ent =3D vcpu_get_cpuid_entry(vcpu, KVM_CPUID_SIGNATURE); kvm_sig_old =3D ent->ebx; ent->ebx =3D 0xdeadbeef; vcpu_set_cpuid(vcpu); =20 - vm_enable_cap(vm, KVM_CAP_X86_DISABLE_EXITS, KVM_X86_DISABLE_EXITS_HLT); + vcpu_set_cpuid_feature(vcpu, X86_FEATURE_KVM_PV_UNHALT); + TEST_ASSERT(vcpu_cpuid_has(vcpu, X86_FEATURE_KVM_PV_UNHALT), + "PV_UNHALT cleared when using bogus KVM PV signature"); + ent =3D vcpu_get_cpuid_entry(vcpu, KVM_CPUID_SIGNATURE); ent->ebx =3D kvm_sig_old; vcpu_set_cpuid(vcpu); =20 TEST_ASSERT(!vcpu_cpuid_has(vcpu, X86_FEATURE_KVM_PV_UNHALT), - "KVM_FEATURE_PV_UNHALT is set with KVM_CAP_X86_DISABLE_EXITS"); + "PV_UNHALT set in guest CPUID when HLT-exiting is disabled"); =20 /* FIXME: actually test KVM_FEATURE_PV_UNHALT feature */ =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37E90198851 for ; Thu, 28 Nov 2024 01:35:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757705; cv=none; b=PBQ+yjJVLh/HkDwnTG5YnkghG4PI/xbR+wrmG0NNXV/rQbSsw8pw4KBZyFAZyGVkesEmITDi73pnNbCNf02+GUvLUqcE0IU8EH/NeaufHA6umIfO+ZRwiHLDAedYh8/QQw3RfmrOHTbrk+xsNsF82bsO2a5fB9GKIvzz3VUz8O4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757705; c=relaxed/simple; bh=21B9ts389TeEE9vha5UXItt4ArqBvD8PoHd8CLYe9JY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=INzkTBuR96SRIwapFImLMrUHUbxdbhyEhmg5ze5a34D7n0eMCfsky7/C/wn+sFDqRvmxy8CAavB/9gi8a3ZdGyZpjRlHTO7UcRI+qWvNZ+5zp1jACa9rnSvXlLbLmnm6uOtrk7aBwfyGW035N1tNx+AIK2nAg6QBiB9/HpkSOLc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=LPGsfbfb; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LPGsfbfb" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ee237d13b4so524054a91.1 for ; Wed, 27 Nov 2024 17:35:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757703; x=1733362503; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=a/9iAaldSIYNoaw8wlfvun5f6TVnKjV0yuck5Iu36H8=; b=LPGsfbfb5OX9lxevSNgFhBRQlUA3kV+qGbQ2VZGUVD3MozmTHLNLb1C8YqRtyEs27P knlVWeE4ypEWI41DZh/X42tWzHhNHNcQwABjhJYAqq38CsD8UZaPffp2mudi/FS/Jrg4 K+OETWdYacj9O9WbC9UC1St76sMhqHtyfRW2WLees8nrDU3qotbbxrfmiwAsTPVLjHRV iH2MpflAtRuLs1oNSSR5l0tDNTjwxYYtH3Vee1UuRLlKkpuhwqWex4zH1MIcELc4HaGN vluH60TxF2ssi3MW0A4SfGHnMdQ1CXaW/Z7PmsN80tBtCkpb/Tc5/ENgWli43nnPNFP+ 6aVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757703; x=1733362503; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=a/9iAaldSIYNoaw8wlfvun5f6TVnKjV0yuck5Iu36H8=; b=Qxdr92+eqn7FUqvod13KPlMYRCT6W2n6v5ONYe8sfmK8IVcBlbxXdgSZd44MdkBqK6 4XAW/A4SxK4lReTjrWFGn38fzxhiSZbG3UE8q+dlYH6N8lQPz93O99W5wPsQIaXDgcUB ofwqU+bU3ObD2R0TL0LydweeqFxhS+FCIOrhyXHQXXo+oQhW5YN/ih04Dqd4KG9wdIW3 FDxi/EH8/LbgZle78f3jE1RXys038l28VOwibSK9mXtsb4z9VFRKAmhHs7SvUv/BdiCP 7OcR8m9yYsk1lEPugZFKF3uYVXLxexOmifBEX03x4ikWFPfItAq3eknhFn6JknkY001g e9Gg== X-Forwarded-Encrypted: i=1; AJvYcCXynn5wkelT2B5KKZBZkq3BWEhGyeEYt0c6rrXvlCpS6qYMA9Q0HBCvL4leEPousAqXBdIL2J+3H5w2yn4=@vger.kernel.org X-Gm-Message-State: AOJu0YxpOOijCLry2BIpA5Wc0Rdxn3WR99xtNwMzeWBwTcRM2u/yZ0q9 w3Nfy24HEl9joOXjFeL1rwh0Evkp53FSigRXENQWt7n23Mp+Fr+tzW62m3jBnBqgV2UDcg7UWq6 8Ow== X-Google-Smtp-Source: AGHT+IEEgaZtWbIrOrUz2mxSm9EPBvK+IDwvuT3hAKykt6QoSkNbBU7y039G0akcnYFaBbsuxXcjj7GaWGw= X-Received: from pjbsp6.prod.google.com ([2002:a17:90b:52c6:b0:2ea:5dea:eafa]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2690:b0:2ea:7755:a0fa with SMTP id 98e67ed59e1d1-2ee08e9d433mr7018289a91.7.1732757703634; Wed, 27 Nov 2024 17:35:03 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:45 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-19-seanjc@google.com> Subject: [PATCH v3 18/57] KVM: x86: Zero out PV features cache when the CPUID leaf is not present From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Clear KVM's PV feature cache prior when processing a new guest CPUID so that KVM doesn't keep a stale cache entry if userspace does KVM_SET_CPUID2 multiple times, once with a PV features entry, and a second time without. Fixes: 66570e966dd9 ("kvm: x86: only provide PV features if enabled in gues= t's CPUID") Cc: Oliver Upton Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 27919c8f438b..a94234637e09 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -251,6 +251,8 @@ void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best =3D kvm_find_kvm_cpuid_features(vcpu); =20 + vcpu->arch.pv_cpuid.features =3D 0; + /* * save the feature bitmap to avoid cpuid lookup for every PV * operation --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E06301990C1 for ; Thu, 28 Nov 2024 01:35:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757707; cv=none; b=CMShwwwuX+RPHOtvU6NjZli/LY3Lp5/jitoBSZ6PfvmWZ8P/fn6nHg/KIqQXNoJIQPMnRqvx8wFpsI7tyCE+kFGgiESpGlaCI8f5q7Lv/p0SmmtWIeeb22imW7h3Mzm/j4NE90xL1CZRnYeyqJc6WSC6H5yvETXIojaQtI9k6aI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757707; c=relaxed/simple; bh=VseGUgryPcPTWZKlC0C2iibRsz1MHN1KsIK5nnX3zDs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=hZIAM1LrIHJ9BYuYPQB1cXpvjBx+sjdfUa+szL/qTsxTM0h5zsceAnaypRNX7Qlejx2RxWdwSR3RUFJy7bg8EIQ6v7XTlRaVzznUq8MnNQRAgMngcyz7Vsyk6GIN1jk0tQZtmL2COnxKMUVTEUANOZyTgjGZafVAWxvK+g0dH0c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=dWGtAEC6; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="dWGtAEC6" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-7fb966ee0cdso228980a12.1 for ; Wed, 27 Nov 2024 17:35:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757705; x=1733362505; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=GE+nsaGoUSmVv5bpLiK54rKpjY/C6noP2mbx374ZUDg=; b=dWGtAEC6+OEJUrNIGqvhKt0oucq7wDF4apoXW5+2RtlU/pjJh7CyDg6cHj3IDQvW/j MhnEpPJFfEPAk0Dmsf3ehl9rjxcjRl/ZVCyDFTrBethSjMjKWj2OmFdOBAsOyvcQOkdd 3mxhWo35e9fwW6LxhEeNGMeRWPyxJk0kK7quJuAfthGiSx03wo2Qc6+KfOvuoJ37QMqt ME9YWlXvt6qb2mdVOxlOiW/SFla1qtj8fl7jzAaIjJP4chOaXWa45JkckE+76wf3Gwf5 fJhuv81K6iC8zIFnPTRP8bonicBAWSQV/1XPqjUAB25ihpNmwPaS4YC+YrC8Bhs3zIOj 1XHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757705; x=1733362505; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GE+nsaGoUSmVv5bpLiK54rKpjY/C6noP2mbx374ZUDg=; b=xSHdHfJpaqQOiAy2NxPgWZ+Ydslxx6+577EwLxYxcBF+ckAOggVtrJmyVFOcyRixs1 rZOvEJAgjx6PCQ+WGPxsPBMbOXe3NQuBnBuKsACxBCJOHARPvM/NRuZRWco/LF7GY52d imS30siRa+27nuTXFvH3FhXgESmxEEhaOxNuGqcespcIRZGrPFhAw10Yl45pRAJytNIr eHLm8h28a3uyxZMIt1fyrHnxSwg0/ONEZjzC/PtSxIbQv6IURxylvlSicQ2DWvleqQFA za77+1CDwl1s1Om6/TWXcjYc2nrj6bB6zktINlJncMkNfNf2Ts6ifcvIrI6L7VMBzzko souw== X-Forwarded-Encrypted: i=1; AJvYcCU0Bwv3tZsXvORSWrbFC0k2c/F1jdhZ6jmQyaO/0F8P7kXoJMztnhHdLS2EaZvNY3A5Dh/EXDqYyhafShQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzHLwkjKka+gOFel6LRwhb+2bYbVNjUREKaBl88QVYjlDuHfh8f v+zlrPZ2pMCJcyLp9KkntLBCAksi4nOis8NyZFP3hzs8wUPIXpSWvFZHAp6GdvzeA0W+L96mG1y kbQ== X-Google-Smtp-Source: AGHT+IHQqUAb/mhLk8prNSdxsBoo+ncLhik/eNKYfwllWFEg2POmaoaDrC7hl3wM1A0yRlWY9WaUNR6d3Rc= X-Received: from pjbnd10.prod.google.com ([2002:a17:90b:4cca:b0:2ea:8715:5c92]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:d80d:b0:2ea:9f3a:7d9 with SMTP id 98e67ed59e1d1-2ee25abf591mr2226102a91.3.1732757705290; Wed, 27 Nov 2024 17:35:05 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:46 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-20-seanjc@google.com> Subject: [PATCH v3 19/57] KVM: x86: Don't update PV features caches when enabling enforcement capability From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Revert the chunk of commit 01b4f510b9f4 ("kvm: x86: ensure pv_cpuid.features is initialized when enabling cap") that forced a PV features cache refresh during KVM_CAP_ENFORCE_PV_FEATURE_CPUID, as whatever ioctl() ordering issue it alleged to have fixed never existed upstream, and likely never existed in any kernel. At the time of the commit, there was a tangentially related ioctl() ordering issue, as toggling KVM_X86_DISABLE_EXITS_HLT after KVM_SET_CPUID2 would have resulted in KVM potentially leaving KVM_FEATURE_PV_UNHALT set. But (a) that bug affected the entire guest CPUID, not just the cache, (b) commit 01b4f510b9f4 didn't address that bug, it only refreshed the cache (with the bad CPUID), and (c) setting KVM_X86_DISABLE_EXITS_HLT after vCPU creation is completely broken as KVM configures HLT-exiting only during vCPU creation, which is why KVM_CAP_X86_DISABLE_EXITS is now disallowed if vCPUs have been created. Another tangentially related bug was KVM's failure to clear the cache when handling KVM_SET_CPUID2, but again commit 01b4f510b9f4 did nothing to fix that bug. The most plausible explanation for the what commit 01b4f510b9f4 was trying to fix is a bug that existed in Google's internal kernel that was the source of commit 01b4f510b9f4. At the time, Google's internal kernel had not yet picked up commit 0d3b2ba16ba68 ("KVM: X86: Go on updating other CPUID leaves when leaf 1 is absent"), i.e. KVM would not initialize the PV features cache if KVM_SET_CPUID2 was called without a CPUID.0x1 entry. Of course, no sane real world VMM would omit CPUID.0x1, including the KVM selftest added by commit ac4a4d6de22e ("selftests: kvm: test enforcement of paravirtual cpuid features"). And the test didn't actually try to verify multiple orderings, nor did the selftest enter the guest without doing KVM_SET_CPUID2, so who knows what motivated the change. Regardless of why commit 01b4f510b9f4 ("kvm: x86: ensure pv_cpuid.features is initialized when enabling cap") was added, refreshing the cache during KVM_CAP_ENFORCE_PV_FEATURE_CPUID isn't necessary. Cc: Oliver Upton Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/cpuid.h | 1 - arch/x86/kvm/x86.c | 3 --- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index a94234637e09..bfb81e417bef 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -247,7 +247,7 @@ static struct kvm_cpuid_entry2 *kvm_find_kvm_cpuid_feat= ures(struct kvm_vcpu *vcp vcpu->arch.cpuid_nent, base); } =20 -void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) +static void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best =3D kvm_find_kvm_cpuid_features(vcpu); =20 diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index e51b868e9d36..d4ece5db7b46 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -12,7 +12,6 @@ void kvm_set_cpu_caps(void); =20 void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu); void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu); -void kvm_update_pv_runtime(struct kvm_vcpu *vcpu); struct kvm_cpuid_entry2 *kvm_find_cpuid_entry_index(struct kvm_vcpu *vcpu, u32 function, u32 index); struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9b7f8047f896..9f0ffc3289d2 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5814,9 +5814,6 @@ static int kvm_vcpu_ioctl_enable_cap(struct kvm_vcpu = *vcpu, =20 case KVM_CAP_ENFORCE_PV_FEATURE_CPUID: vcpu->arch.pv_cpuid.enforce =3D cap->args[0]; - if (vcpu->arch.pv_cpuid.enforce) - kvm_update_pv_runtime(vcpu); - return 0; default: return -EINVAL; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90530199236 for ; Thu, 28 Nov 2024 01:35:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757708; cv=none; b=gw9wzWcwITVGxnubTEQs3ZhY443JAYLF7UgKziEy9HfiZrXui/IxvjfzxBUETW50besMY9DAHRMOUsAEe+9PnYwsEja9a9F4XEOkvjJwww5i/jkcDLjbk2DBrtzIPmJXNEBpKgegGX2S6BkY6SJfG0eOOSQctVnaNTMz1VPSquw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757708; c=relaxed/simple; bh=2Q1kVrEyCnyB3DjsUNAWh7he2DHh+lSAwEDhcvm0RHc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pMBp80tG/j49y36C1ibuvS9zb04Cc6TNagy/jLDjB8twl0kBpYlvGtUtahMs8BcHoMaYhmddYwviKgHBW3LuRW5m8uf2x2jBnRPpeN16np8XExNvd220mPqe+hK93WdIItMpytuQ4GV4ujRgvdOwlhv8n8QXRBAIgQFUYev788w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=kj57NTTt; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kj57NTTt" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-6c8f99fef10so286647a12.3 for ; Wed, 27 Nov 2024 17:35:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757707; x=1733362507; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=sl6X5b0bxyRkVbn+G689ru052xqCH1IMhImemP9sZRw=; b=kj57NTTtd3xPYX+QUmYbH2dI45xf3uqtFUw1jR6NPFywnkEB7qMJbZCvFH/gqRjTIR uudzROw7hTQlYvVQcm03ZLm8SN+nQIgOyjo7xoNCxj5qJOgEXynyKGMJWuLwcjkdjPww XXEO9WMUWZM2OwQqpy9q6ZKTUtSkAVJYM9zmXoWsLXAxeO6V6zQOfZ1uuGdPfsRnifPv +Vci9jN/8DMrwTCf9Aiw8l5JXkFCquf0HHZZks961rla/B3qX2IRTn/niNp0RlrnVKlN J0ETxJLV6VvSUGRrW7bmFkspJwhqmeIZBjHqm9j+zeEisnYeVtpcnF5xX92Kkp66vpnf qheA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757707; x=1733362507; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sl6X5b0bxyRkVbn+G689ru052xqCH1IMhImemP9sZRw=; b=ccOdJ4/WLnKceajPpxhcNbTJa9bUAVZuPI1mDvZb5moDc62RUUQfcBKLcQ/3ZkkN2d x+N5Y1kpBsC4mSM/gzcSrjJlNHmKJHMkuWDpXIPIOS5n7YC1z6lYt4MjbHMGOw+QQOgu dtHy69il5AcdruaIS7hUCTLrbfMQWg+xarlHEAJTyByM+1DJ+22mLABs/4F4CbEv4Cg8 2KLlgs9BdC5ByNYDLvhw0mjJoFMjhKoWrbtD5R1P6H50x9tuQROMKXaVVyOxB/4SJdZv FY9sx0Zl+cVTF59kfvk2IJoegsTtBTTstBGRnT6oSVQyxPIisG/vj9QV2e4tSwi5Jzxl Pkxg== X-Forwarded-Encrypted: i=1; AJvYcCVRl2MYbmoqSdFB6xogYV2O9Duu+OGmaIHY81Dpx+yzJMoJqF7Ndaw4MR3lL7hIoa1+0u3u4vZHm6UbFT0=@vger.kernel.org X-Gm-Message-State: AOJu0YxWanySVo+rZjkqfftjV+uDnR6HzRfUPQZWN6MZrR9NzXOde560 3azVKGXZWDhBzsKuhGp8HdYY14XbH50x+3fSk4VwfCoMmqU9qlVKd160ILMoGMy9XU9sy11P2IB Q9A== X-Google-Smtp-Source: AGHT+IFDjKtecjGMKpdFToT37L1qnVgC6GL8sx1BJdKN0jqOJokIXOGEzKpUpCWGpaEd4aGPKFnXmjp1aMI= X-Received: from pgg4.prod.google.com ([2002:a05:6a02:4d84:b0:7fc:2241:1b32]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:2583:b0:1e0:c8d9:3382 with SMTP id adf61e73a8af0-1e0e0b8c5d1mr8141450637.45.1732757706780; Wed, 27 Nov 2024 17:35:06 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:47 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-21-seanjc@google.com> Subject: [PATCH v3 20/57] KVM: x86: Do reverse CPUID sanity checks in __feature_leaf() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Do the compile-time sanity checks on reverse_cpuid in __feature_leaf() so that higher level APIs don't need to "manually" perform the sanity checks. No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.h | 3 --- arch/x86/kvm/reverse_cpuid.h | 6 ++++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index d4ece5db7b46..5d0fe3793d75 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -179,7 +179,6 @@ static __always_inline void kvm_cpu_cap_clear(unsigned = int x86_feature) { unsigned int x86_leaf =3D __feature_leaf(x86_feature); =20 - reverse_cpuid_check(x86_leaf); kvm_cpu_caps[x86_leaf] &=3D ~__feature_bit(x86_feature); } =20 @@ -187,7 +186,6 @@ static __always_inline void kvm_cpu_cap_set(unsigned in= t x86_feature) { unsigned int x86_leaf =3D __feature_leaf(x86_feature); =20 - reverse_cpuid_check(x86_leaf); kvm_cpu_caps[x86_leaf] |=3D __feature_bit(x86_feature); } =20 @@ -195,7 +193,6 @@ static __always_inline u32 kvm_cpu_cap_get(unsigned int= x86_feature) { unsigned int x86_leaf =3D __feature_leaf(x86_feature); =20 - reverse_cpuid_check(x86_leaf); return kvm_cpu_caps[x86_leaf] & __feature_bit(x86_feature); } =20 diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index e46220ece83c..1d2db9d529ff 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -145,7 +145,10 @@ static __always_inline u32 __feature_translate(int x86= _feature) =20 static __always_inline u32 __feature_leaf(int x86_feature) { - return __feature_translate(x86_feature) / 32; + u32 x86_leaf =3D __feature_translate(x86_feature) / 32; + + reverse_cpuid_check(x86_leaf); + return x86_leaf; } =20 /* @@ -168,7 +171,6 @@ static __always_inline struct cpuid_reg x86_feature_cpu= id(unsigned int x86_featu { unsigned int x86_leaf =3D __feature_leaf(x86_feature); =20 - reverse_cpuid_check(x86_leaf); return reverse_cpuid[x86_leaf]; } =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35888199234 for ; Thu, 28 Nov 2024 01:35:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757710; cv=none; b=VFE/lIphmOLahtD9AoW9cpi10k4q4/+EPAfp40pHrMSkmgQ8jSF6ieqMz+3Mzu57CZGiteHB1mUhqQGoSC1WCKRhYSy2wgx11F0tVXp8rKmjYuFQy7SByljQFCyrQbJYJXJEHbT/sNQi/MKL8Vs516txXOvFIdLTZ2PUjtVYtKU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757710; c=relaxed/simple; bh=IjugnqL6ZQNQ/DIuDn2cFOEAl0DXrDDZbsV125OySxY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Tj7VD6mbAtfDzjgt4wLPPVtD+xw9g/JHcZjCe8NISTwq/3VW6JeHxLM2shcglfAPeO1rtQLewXuBPUJ7mvLVHIEi74rWbhxzOFS8jtYL0UvjKCNmEd8H2AZVzx1BIRARbv9H6jv40WpWWBAnLFJZAAnQaOrpbac38wZdnkCKXAs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=I+fbWs1v; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="I+fbWs1v" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea45ba6b9aso418708a91.0 for ; Wed, 27 Nov 2024 17:35:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757709; x=1733362509; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=w37cfii7duZUi8WZ7tHrDI2rMh9nkiFXWTR2nGRtjs8=; b=I+fbWs1vSyUqBdBUhs66v3Xk9thObT6JGQmLrWYWTgeey6NghSzr/AgJesSswdqRpD tpMI5uqqxwdP7ViYgNSJQA3Wn8bgUJto7HuGjn8gNp607xziZihGK3ZLoJNdJzc/N53f TrrLqiA6mFs0HNHRQfw3HHipp0/mKJBfsMX7/Jqb+3LooWOUKOuIbDeyl8dp9kHAN1b3 c4KwUH8OuJxHqSeJwOueNdeI9L6kfjfw/c6BGLkIKC46WVzdXLCbgSQEWWXQbtUplMs0 ha0WCU/MOz0ssWEopPLegbXOOZDEY18oLRUshsPu61HcwlMMTg25JMnFHs3/4EE3Y+sk 8eEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757709; x=1733362509; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w37cfii7duZUi8WZ7tHrDI2rMh9nkiFXWTR2nGRtjs8=; b=V8JVuCyOyeIM8RV/M9zVtaTjAET8YAIRhsTpPY6pYUIy+WAJ98e4PFaXHapUy2pRox z6N20HSxsNuHOWscdEwXcjbQo+HDBjdNWzw/NCVnkq5mGBez5xqQ2ji/B8Qog7ZikwY9 sJDz66o7DNGWQqTvhYBeNI+Zyp+DuZMnF4G3gNl2mv/mmA7/w9Yq5LKBUP8+H5ATCH1k hMT2M+S6jcBR8mtpL/Rhwre1WpNjKBf1vlRfvFsiERWjk74DGyrC+JoBLPXpDYUAyNFU pY8AvJ3Tkl41pvfWNL7CS5CmvpaztiTuCwZg6gdBrPCiLfQkItSRgyxUhvz74Bk6xKtT 4oaw== X-Forwarded-Encrypted: i=1; AJvYcCUJbb8ujJasv0YaebKFvkIp7du42zfoDKdV2fSHZMA6R+aapFPxX1pmiP4ij6d8KxkdNsLMxVPOErSsq0c=@vger.kernel.org X-Gm-Message-State: AOJu0YyuxD3HuCqKTaG/xb66nTyvcpbsyegK7NFDJafP2fWPWELP+NF1 ttu4DBK+Co1TyOs/qGwVZ3Ej3wclWNfww/lcx7ZiVw/QE3Reh1mhtRDv3Ed/DOJ3LJyFqlMB3mi B+g== X-Google-Smtp-Source: AGHT+IHGl1QQks3ar40WLUC+4/XZWej3Jj3cFtuTNS++ehK7wneav6FD4jzw8EYh26NVQsl0JaOaOMUeNXs= X-Received: from pjboh6.prod.google.com ([2002:a17:90b:3a46:b0:2ea:af4a:4c40]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:548f:b0:2ea:b564:4b31 with SMTP id 98e67ed59e1d1-2ee08eb7ca7mr6568390a91.19.1732757708647; Wed, 27 Nov 2024 17:35:08 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:48 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-22-seanjc@google.com> Subject: [PATCH v3 21/57] KVM: x86: Account for max supported CPUID leaf when getting raw host CPUID From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Explicitly zero out the feature word in kvm_cpu_caps if the word's associated CPUID function is greater than the max leaf supported by the CPU. For such unsupported functions, Intel CPUs return the output from the last supported leaf, not all zeros. Practically speaking, this is likely a benign bug, as KVM uses the raw host CPUID to mask the kernel's computed capabilities, and the kernel does perform max leaf checks when populating boot_cpu_data. The only way KVM's goof could be problematic is if the kernel force-set a feature in a leaf that is completely unsupported, _and_ the max supported leaf happened to return a value with '1' the same bit position. Which is theoretically possible, but extremely unlikely. And even if that did happen, it's entirely possible that KVM would still provide the correct functionality; the kernel did set the capability after all. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index bfb81e417bef..c7fb6b764075 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -579,18 +579,37 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, return 0; } =20 +static __always_inline u32 raw_cpuid_get(struct cpuid_reg cpuid) +{ + struct kvm_cpuid_entry2 entry; + u32 base; + + /* + * KVM only supports features defined by Intel (0x0), AMD (0x80000000), + * and Centaur (0xc0000000). WARN if a feature for new vendor base is + * defined, as this and other code would need to be updated. + */ + base =3D cpuid.function & 0xffff0000; + if (WARN_ON_ONCE(base && base !=3D 0x80000000 && base !=3D 0xc0000000)) + return 0; + + if (cpuid_eax(base) < cpuid.function) + return 0; + + cpuid_count(cpuid.function, cpuid.index, + &entry.eax, &entry.ebx, &entry.ecx, &entry.edx); + + return *__cpuid_entry_get_reg(&entry, cpuid.reg); +} + /* Mask kvm_cpu_caps for @leaf with the raw CPUID capabilities of this CPU= . */ static __always_inline void __kvm_cpu_cap_mask(unsigned int leaf) { const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); - struct kvm_cpuid_entry2 entry; =20 reverse_cpuid_check(leaf); =20 - cpuid_count(cpuid.function, cpuid.index, - &entry.eax, &entry.ebx, &entry.ecx, &entry.edx); - - kvm_cpu_caps[leaf] &=3D *__cpuid_entry_get_reg(&entry, cpuid.reg); + kvm_cpu_caps[leaf] &=3D raw_cpuid_get(cpuid); } =20 static __always_inline --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2D0C19ADBF for ; Thu, 28 Nov 2024 01:35:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757712; cv=none; b=dbtu3NIHHC7EuurHAgnngARFEZ5Ky26GizskpGEAT/vP/Z2qW9dSj27OzUUOJ0q7rcYcZs7a10Gi6Aal7wfe0KL3bUvPplWXJMetfYq1vJgtZniF7qhqQ9g6nm6B4Adl0Bq6qluq6Aufv4eF/Wb6kVKZGppzok7/cQe9Z/D4Zf0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757712; c=relaxed/simple; bh=seDlWAgaw351ZxlqRBGal9NJH4Rs+9UMeeH8rzIVrU8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=dW14UBiTU6Jq6+JeLjhEvP9xvhzdx9GC8KYVRT6Anb9yKc0ylTIkzAcL/j2lsBjgvimLiPWAqPbF9z3A/8lsiDWh4V0P+qjn8vgHFVS1fv+u660zPdjP10zCjLq3K86wBaNHx4FtFq8pJ+h6dx4BCt8YcFdkc1uQHIkq5xXs5as= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=OBaSTyxz; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OBaSTyxz" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-72524409ab8so363848b3a.2 for ; Wed, 27 Nov 2024 17:35:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757710; x=1733362510; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=YKeQqfQm6Ijzea2XkvtvAsPalXlucbBmc84Ws6ehmPM=; b=OBaSTyxzmcBI+54I7uAkE+vzUA+7QDHby6Pk5K6875+2aK5XQJEGYgiJ0JecWIbvS5 kiK9+n3Eq5xccLll5Gijmm1ifw8kdlykMhW+WJJVofcfBWsTsHxfUlAHrswq9eIbQnHI GGIpr4H+4rLsAMCoVZNRNojg/eQs80bYijteEXHDvQDQnSL8hi6wEXX3ZuQ7CHSkuri0 IqL+oRFYyPF1UE98oUEdWls50oBnuUB2Ujqu+sLERPgkYcAgq01irZ8d/KHVDYHSrBnh FmQ7hoZVfAnQis4pt/BmbFpppFt8BcaCKICGcKKALKmepFQF650Xv0+98s1499bFUEnd fynQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757710; x=1733362510; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YKeQqfQm6Ijzea2XkvtvAsPalXlucbBmc84Ws6ehmPM=; b=viGOZXA4k14txM9J3X2p+MnbqpF94bJUENiSZA8fidNzAZyEHtEFuer5U2ydO3GWbO wQtY9Ebr3Aq/wd3hPbieF5XYfcSNk+X4SLAG3cnRklu8entTkZ59dc6mI4bKR9CFrh9U XzI5yXA18FfJA274gJ8NPLhvNVYO00KFmouwWpqhLsAxNwx2wvYJU7iALKyIAyTV09Ut uDCIm9DbTnPFaK0sYhev+oq0xtm7y/SpwS7sbAaLgbXsNnopGQfupfz2kNzYpJAQWcNw 3CLuDHAkCJzmMJ2aaGbJMxXlPG+a2mwa/SSDL7V5UHNVR2cHExXlCEdDiGpjeH0lNea8 z2Ig== X-Forwarded-Encrypted: i=1; AJvYcCWcf2fVcaAtbUPmYWZye4JwSSegr3JrraURMgQ1WZd7jnmtgchvm2LW0moP+AP7xVfinJD4WYHhGFKqkFI=@vger.kernel.org X-Gm-Message-State: AOJu0Yz14y0aBZQ05oup2YEA+n/wnK9YzeqUqHBH6ycLPLBBm/IFz5UI uFJV0wKKgTwldbCZXCvPeX72rlIXaT4BFr1I2bGgOHBwZ7xeQkk6VTY6/rpeHZAPo6U4a5gvs8L aPg== X-Google-Smtp-Source: AGHT+IEAKDv4Kqf9/0cMqKIOwPUSkZfoWa3P1o8BkHtA6oDGTCOvnfbmr+zhciKsFfTD9XyQy1tWw5DCFvs= X-Received: from pjbpv18.prod.google.com ([2002:a17:90b:3c92:b0:2ea:4139:e72d]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:38c5:b0:2ea:5823:c150 with SMTP id 98e67ed59e1d1-2ee097bbec2mr6731674a91.30.1732757710458; Wed, 27 Nov 2024 17:35:10 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:49 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-23-seanjc@google.com> Subject: [PATCH v3 22/57] KVM: x86: Unpack F() CPUID feature flag macros to one flag per line of code From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Refactor kvm_set_cpu_caps() to express each supported (or not) feature flag on a separate line, modulo a handful of cases where KVM does not, and likely will not, support a sequence of flags. This will allow adding fancier macros with longer, more descriptive names without resulting in absurd line lengths and/or weird code. Isolating each flag also makes it far easier to review changes, reduces code conflicts, and generally makes it easier to resolve conflicts. Lastly, it allows co-locating comments for notable flags, e.g. MONITOR, precisely with the relevant flag. No functional change intended. Suggested-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 295 +++++++++++++++++++++++++++++++++---------- 1 file changed, 231 insertions(+), 64 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index c7fb6b764075..00b5b1a2a66f 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -662,48 +662,121 @@ void kvm_set_cpu_caps(void) sizeof(kvm_cpu_caps) - (NKVMCAPINTS * sizeof(*kvm_cpu_caps))); =20 kvm_cpu_cap_mask(CPUID_1_ECX, + F(XMM3) | + F(PCLMULQDQ) | + 0 /* DTES64 */ | /* * NOTE: MONITOR (and MWAIT) are emulated as NOP, but *not* * advertised to guests via CPUID! */ - F(XMM3) | F(PCLMULQDQ) | 0 /* DTES64, MONITOR */ | + 0 /* MONITOR */ | 0 /* DS-CPL, VMX, SMX, EST */ | - 0 /* TM2 */ | F(SSSE3) | 0 /* CNXT-ID */ | 0 /* Reserved */ | - F(FMA) | F(CX16) | 0 /* xTPR Update */ | F(PDCM) | - F(PCID) | 0 /* Reserved, DCA */ | F(XMM4_1) | - F(XMM4_2) | F(X2APIC) | F(MOVBE) | F(POPCNT) | - 0 /* Reserved*/ | F(AES) | F(XSAVE) | 0 /* OSXSAVE */ | F(AVX) | - F(F16C) | F(RDRAND) + 0 /* TM2 */ | + F(SSSE3) | + 0 /* CNXT-ID */ | + 0 /* Reserved */ | + F(FMA) | + F(CX16) | + 0 /* xTPR Update */ | + F(PDCM) | + F(PCID) | + 0 /* Reserved, DCA */ | + F(XMM4_1) | + F(XMM4_2) | + F(X2APIC) | + F(MOVBE) | + F(POPCNT) | + 0 /* Reserved*/ | + F(AES) | + F(XSAVE) | + 0 /* OSXSAVE */ | + F(AVX) | + F(F16C) | + F(RDRAND) ); /* KVM emulates x2apic in software irrespective of host support. */ kvm_cpu_cap_set(X86_FEATURE_X2APIC); =20 kvm_cpu_cap_mask(CPUID_1_EDX, - F(FPU) | F(VME) | F(DE) | F(PSE) | - F(TSC) | F(MSR) | F(PAE) | F(MCE) | - F(CX8) | F(APIC) | 0 /* Reserved */ | F(SEP) | - F(MTRR) | F(PGE) | F(MCA) | F(CMOV) | - F(PAT) | F(PSE36) | 0 /* PSN */ | F(CLFLUSH) | - 0 /* Reserved, DS, ACPI */ | F(MMX) | - F(FXSR) | F(XMM) | F(XMM2) | F(SELFSNOOP) | + F(FPU) | + F(VME) | + F(DE) | + F(PSE) | + F(TSC) | + F(MSR) | + F(PAE) | + F(MCE) | + F(CX8) | + F(APIC) | + 0 /* Reserved */ | + F(SEP) | + F(MTRR) | + F(PGE) | + F(MCA) | + F(CMOV) | + F(PAT) | + F(PSE36) | + 0 /* PSN */ | + F(CLFLUSH) | + 0 /* Reserved, DS, ACPI */ | + F(MMX) | + F(FXSR) | + F(XMM) | + F(XMM2) | + F(SELFSNOOP) | 0 /* HTT, TM, Reserved, PBE */ ); =20 kvm_cpu_cap_mask(CPUID_7_0_EBX, - F(FSGSBASE) | F(SGX) | F(BMI1) | F(HLE) | F(AVX2) | - F(FDP_EXCPTN_ONLY) | F(SMEP) | F(BMI2) | F(ERMS) | F(INVPCID) | - F(RTM) | F(ZERO_FCS_FDS) | 0 /*MPX*/ | F(AVX512F) | - F(AVX512DQ) | F(RDSEED) | F(ADX) | F(SMAP) | F(AVX512IFMA) | - F(CLFLUSHOPT) | F(CLWB) | 0 /*INTEL_PT*/ | F(AVX512PF) | - F(AVX512ER) | F(AVX512CD) | F(SHA_NI) | F(AVX512BW) | + F(FSGSBASE) | + F(SGX) | + F(BMI1) | + F(HLE) | + F(AVX2) | + F(FDP_EXCPTN_ONLY) | + F(SMEP) | + F(BMI2) | + F(ERMS) | + F(INVPCID) | + F(RTM) | + F(ZERO_FCS_FDS) | + 0 /*MPX*/ | + F(AVX512F) | + F(AVX512DQ) | + F(RDSEED) | + F(ADX) | + F(SMAP) | + F(AVX512IFMA) | + F(CLFLUSHOPT) | + F(CLWB) | + 0 /*INTEL_PT*/ | + F(AVX512PF) | + F(AVX512ER) | + F(AVX512CD) | + F(SHA_NI) | + F(AVX512BW) | F(AVX512VL)); =20 kvm_cpu_cap_mask(CPUID_7_ECX, - F(AVX512VBMI) | F(LA57) | F(PKU) | 0 /*OSPKE*/ | F(RDPID) | - F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) | - F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) | - F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/ | - F(SGX_LC) | F(BUS_LOCK_DETECT) + F(AVX512VBMI) | + F(LA57) | + F(PKU) | + 0 /*OSPKE*/ | + F(RDPID) | + F(AVX512_VPOPCNTDQ) | + F(UMIP) | + F(AVX512_VBMI2) | + F(GFNI) | + F(VAES) | + F(VPCLMULQDQ) | + F(AVX512_VNNI) | + F(AVX512_BITALG) | + F(CLDEMOTE) | + F(MOVDIRI) | + F(MOVDIR64B) | + 0 /*WAITPKG*/ | + F(SGX_LC) | + F(BUS_LOCK_DETECT) ); /* Set LA57 based on hardware capability. */ if (cpuid_ecx(7) & feature_bit(LA57)) @@ -717,11 +790,22 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_clear(X86_FEATURE_PKU); =20 kvm_cpu_cap_mask(CPUID_7_EDX, - F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) | - F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(INTEL_STIBP) | - F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | F(FSRM) | - F(SERIALIZE) | F(TSXLDTRK) | F(AVX512_FP16) | - F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) + F(AVX512_4VNNIW) | + F(AVX512_4FMAPS) | + F(SPEC_CTRL) | + F(SPEC_CTRL_SSBD) | + F(ARCH_CAPABILITIES) | + F(INTEL_STIBP) | + F(MD_CLEAR) | + F(AVX512_VP2INTERSECT) | + F(FSRM) | + F(SERIALIZE) | + F(TSXLDTRK) | + F(AVX512_FP16) | + F(AMX_TILE) | + F(AMX_INT8) | + F(AMX_BF16) | + F(FLUSH_L1D) ); =20 /* TSC_ADJUST and ARCH_CAPABILITIES are emulated in software. */ @@ -738,50 +822,110 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); =20 kvm_cpu_cap_mask(CPUID_7_1_EAX, - F(SHA512) | F(SM3) | F(SM4) | F(AVX_VNNI) | F(AVX512_BF16) | - F(CMPCCXADD) | F(FZRM) | F(FSRS) | F(FSRC) | F(AMX_FP16) | - F(AVX_IFMA) | F(LAM) + F(SHA512) | + F(SM3) | + F(SM4) | + F(AVX_VNNI) | + F(AVX512_BF16) | + F(CMPCCXADD) | + F(FZRM) | + F(FSRS) | + F(FSRC) | + F(AMX_FP16) | + F(AVX_IFMA) | + F(LAM) ); =20 kvm_cpu_cap_init_kvm_defined(CPUID_7_1_EDX, - F(AVX_VNNI_INT8) | F(AVX_NE_CONVERT) | F(AMX_COMPLEX) | - F(AVX_VNNI_INT16) | F(PREFETCHITI) | F(AVX10) + F(AVX_VNNI_INT8) | + F(AVX_NE_CONVERT) | + F(AMX_COMPLEX) | + F(AVX_VNNI_INT16) | + F(PREFETCHITI) | + F(AVX10) ); =20 kvm_cpu_cap_init_kvm_defined(CPUID_7_2_EDX, - F(INTEL_PSFD) | F(IPRED_CTRL) | F(RRSBA_CTRL) | F(DDPD_U) | - F(BHI_CTRL) | F(MCDT_NO) + F(INTEL_PSFD) | + F(IPRED_CTRL) | + F(RRSBA_CTRL) | + F(DDPD_U) | + F(BHI_CTRL) | + F(MCDT_NO) ); =20 kvm_cpu_cap_mask(CPUID_D_1_EAX, - F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | F(XSAVES) | f_xfd + F(XSAVEOPT) | + F(XSAVEC) | + F(XGETBV1) | + F(XSAVES) | + f_xfd ); =20 kvm_cpu_cap_init_kvm_defined(CPUID_12_EAX, - SF(SGX1) | SF(SGX2) | SF(SGX_EDECCSSA) + SF(SGX1) | + SF(SGX2) | + SF(SGX_EDECCSSA) ); =20 kvm_cpu_cap_init_kvm_defined(CPUID_24_0_EBX, - F(AVX10_128) | F(AVX10_256) | F(AVX10_512) + F(AVX10_128) | + F(AVX10_256) | + F(AVX10_512) ); =20 kvm_cpu_cap_mask(CPUID_8000_0001_ECX, - F(LAHF_LM) | F(CMP_LEGACY) | 0 /*SVM*/ | 0 /* ExtApicSpace */ | - F(CR8_LEGACY) | F(ABM) | F(SSE4A) | F(MISALIGNSSE) | - F(3DNOWPREFETCH) | F(OSVW) | 0 /* IBS */ | F(XOP) | - 0 /* SKINIT, WDT, LWP */ | F(FMA4) | F(TBM) | - F(TOPOEXT) | 0 /* PERFCTR_CORE */ + F(LAHF_LM) | + F(CMP_LEGACY) | + 0 /*SVM*/ | + 0 /* ExtApicSpace */ | + F(CR8_LEGACY) | + F(ABM) | + F(SSE4A) | + F(MISALIGNSSE) | + F(3DNOWPREFETCH) | + F(OSVW) | + 0 /* IBS */ | + F(XOP) | + 0 /* SKINIT, WDT, LWP */ | + F(FMA4) | + F(TBM) | + F(TOPOEXT) | + 0 /* PERFCTR_CORE */ ); =20 kvm_cpu_cap_mask(CPUID_8000_0001_EDX, - F(FPU) | F(VME) | F(DE) | F(PSE) | - F(TSC) | F(MSR) | F(PAE) | F(MCE) | - F(CX8) | F(APIC) | 0 /* Reserved */ | F(SYSCALL) | - F(MTRR) | F(PGE) | F(MCA) | F(CMOV) | - F(PAT) | F(PSE36) | 0 /* Reserved */ | - F(NX) | 0 /* Reserved */ | F(MMXEXT) | F(MMX) | - F(FXSR) | F(FXSR_OPT) | f_gbpages | F(RDTSCP) | - 0 /* Reserved */ | f_lm | F(3DNOWEXT) | F(3DNOW) + F(FPU) | + F(VME) | + F(DE) | + F(PSE) | + F(TSC) | + F(MSR) | + F(PAE) | + F(MCE) | + F(CX8) | + F(APIC) | + 0 /* Reserved */ | + F(SYSCALL) | + F(MTRR) | + F(PGE) | + F(MCA) | + F(CMOV) | + F(PAT) | + F(PSE36) | + 0 /* Reserved */ | + F(NX) | + 0 /* Reserved */ | + F(MMXEXT) | + F(MMX) | + F(FXSR) | + F(FXSR_OPT) | + f_gbpages | + F(RDTSCP) | + 0 /* Reserved */ | + f_lm | + F(3DNOWEXT) | + F(3DNOW) ); =20 if (!tdp_enabled && IS_ENABLED(CONFIG_X86_64)) @@ -792,10 +936,18 @@ void kvm_set_cpu_caps(void) ); =20 kvm_cpu_cap_mask(CPUID_8000_0008_EBX, - F(CLZERO) | F(XSAVEERPTR) | - F(WBNOINVD) | F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | F(VIRT_SSBD) | - F(AMD_SSB_NO) | F(AMD_STIBP) | F(AMD_STIBP_ALWAYS_ON) | - F(AMD_PSFD) | F(AMD_IBPB_RET) + F(CLZERO) | + F(XSAVEERPTR) | + F(WBNOINVD) | + F(AMD_IBPB) | + F(AMD_IBRS) | + F(AMD_SSBD) | + F(VIRT_SSBD) | + F(AMD_SSB_NO) | + F(AMD_STIBP) | + F(AMD_STIBP_ALWAYS_ON) | + F(AMD_PSFD) | + F(AMD_IBPB_RET) ); =20 /* @@ -832,12 +984,20 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_mask(CPUID_8000_000A_EDX, 0); =20 kvm_cpu_cap_mask(CPUID_8000_001F_EAX, - 0 /* SME */ | 0 /* SEV */ | 0 /* VM_PAGE_FLUSH */ | 0 /* SEV_ES */ | - F(SME_COHERENT)); + 0 /* SME */ | + 0 /* SEV */ | + 0 /* VM_PAGE_FLUSH */ | + 0 /* SEV_ES */ | + F(SME_COHERENT) + ); =20 kvm_cpu_cap_mask(CPUID_8000_0021_EAX, - F(NO_NESTED_DATA_BP) | F(LFENCE_RDTSC) | 0 /* SmmPgCfgLock */ | - F(NULL_SEL_CLR_BASE) | F(AUTOIBRS) | 0 /* PrefetchCtlMsr */ | + F(NO_NESTED_DATA_BP) | + F(LFENCE_RDTSC) | + 0 /* SmmPgCfgLock */ | + F(NULL_SEL_CLR_BASE) | + F(AUTOIBRS) | + 0 /* PrefetchCtlMsr */ | F(WRMSR_XX_BASE_NS) ); =20 @@ -866,9 +1026,16 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_NO_SMM_CTL_MSR); =20 kvm_cpu_cap_mask(CPUID_C000_0001_EDX, - F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) | - F(ACE2) | F(ACE2_EN) | F(PHE) | F(PHE_EN) | - F(PMM) | F(PMM_EN) + F(XSTORE) | + F(XSTORE_EN) | + F(XCRYPT) | + F(XCRYPT_EN) | + F(ACE2) | + F(ACE2_EN) | + F(PHE) | + F(PHE_EN) | + F(PMM) | + F(PMM_EN) ); =20 /* --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B99C819AD89 for ; Thu, 28 Nov 2024 01:35:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757714; cv=none; b=hI4od6zFIy164GfjuMwCQIjK7kkbG2DZjybIOxlt/OYoJfp/F8Gr73DYrDH7gmGFMoCwFVvfwIgmaf7qtQ2u0YEI6ooo1RhpMRxsI6rq+e+2busXgvZACxm2Wyi/bbTxlSrqV1aEQkXFgKROE+WGoGwuG9dQkM2Rj7JXa0tK+GM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757714; c=relaxed/simple; bh=mynEW5RY1CwrThe8+BS7bdNjNj2INsikDNcPtpDixYQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=F6BTj+gZoMGdT16Sgy32z03WVMkgjAh2e5f7sIXj1ZZF05t2QgIwXyaarJ8upXi5kiALRL8AZaFHdSn86vDj8fbaUU6+RIKQb6DFM7LWq3suVLouQl/rbfxqX45dntGA3fMtEOQFu7cRXh8jMxJmvy7ZS+Kbt0gXoTxSIytzbS8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ZKFQro03; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ZKFQro03" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2e95713327eso394385a91.1 for ; Wed, 27 Nov 2024 17:35:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757712; x=1733362512; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=OKbbnnzMcL1oSr/+1CYLrjR1YFBXMiCmkqIHxxio/uQ=; b=ZKFQro0310nziF4OdcL3kpzqLS7vtZjBAyWUmu50pBH5dWA/mq001crjxmgwn2Zz+/ 1ftwZnOdFF/sTJgVGe9QjcQB1o2JTYFJq7ikqLwO7QEHAIwBqdWr4QZX3k9WUfWC7/rt OdU2sEv+/h5Lbvg9E6Q4IXLqzK71F31bcXF4mpyw0Rdv847tFjbGiLPoBn0Z3Om/+R5R 3fEkEDRBWYmKRCFjRAFbXvFG8fBNuMccCgcECNqFa1DzIGxvYmia04yP2PnBAzB1da3H jCTXU2TMRnGnfstBy0JV2G1hb0/n6FbzJRb3b4xqyCovbLb43BpUvWEDZUxK+P6X0Vhp wu6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757712; x=1733362512; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OKbbnnzMcL1oSr/+1CYLrjR1YFBXMiCmkqIHxxio/uQ=; b=CB/Rgyh0NULoRxcAG9tNfVnGa6+8t2zmbir60ogR4Hc8qxmq5I5T0iKLSyeGxs43tZ 3LCnvVotMJSZbkCLpb5ADkunbJYnhdJp/AG5gKIwRqe95wZk0+JBb8q14VPEGwmKoLvp oRtnZmFiKQ8S7JJnj8Np8V9gZLTwu17TvGtqhjdQhqlqjLPmJCHn7gUJgMQgnWvHejL7 fKhtNE+nzmEipdtHeezY2V+1R9W6ITRahV/gx1GpK3xXOk/qJaAcThHvlHTaOp4E61le 4bh1puFZIlN/Ij07fYaTGWO0pFVtdVBjKAKQwbGVHWqn+yDEVFrNdbE3E3D0HIFzFSrR Sabw== X-Forwarded-Encrypted: i=1; AJvYcCUvOTCCxb6RD5a0ntx0TWH/UF+q0PhK+LCsia4jOsuxQinATe9qJ9FKxxTOYExI47VteYddUJcxtB77eCY=@vger.kernel.org X-Gm-Message-State: AOJu0Ywysv0r82iS+kuY+j8QMtzXXgohAkQrDUfJUBmmb8IkMs3gTKvp cVdqHx4+sOJc4+3deYsltRM2UsBbbEswOEDwNjCIfib1xMtXiCrIuSbpCtwrIh/SFhr4/j5rTRr BQQ== X-Google-Smtp-Source: AGHT+IGgz1Bucp0lNJaHliSwg1cWwVq633SYzDJy333XRXNKxI0aXMjY9gyGucM1+gACgTGSirkX6s0TBl0= X-Received: from pjbpq13.prod.google.com ([2002:a17:90b:3d8d:b0:2ea:3a1b:f493]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4d0d:b0:2ea:3f34:f194 with SMTP id 98e67ed59e1d1-2ee08eaea41mr6810063a91.10.1732757712311; Wed, 27 Nov 2024 17:35:12 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:50 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-24-seanjc@google.com> Subject: [PATCH v3 23/57] KVM: x86: Rename kvm_cpu_cap_mask() to kvm_cpu_cap_init() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rename kvm_cpu_cap_mask() to kvm_cpu_cap_init() in anticipation of merging it with kvm_cpu_cap_init_kvm_defined(), and in anticipation of _setting_ bits in the helper (a future commit will play macro games to set emulated feature flags via kvm_cpu_cap_init()). No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 00b5b1a2a66f..9bd8bac3cd52 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -615,7 +615,7 @@ static __always_inline void __kvm_cpu_cap_mask(unsigned= int leaf) static __always_inline void kvm_cpu_cap_init_kvm_defined(enum kvm_only_cpuid_leafs leaf, u32 mask) { - /* Use kvm_cpu_cap_mask for leafs that aren't KVM-only. */ + /* Use kvm_cpu_cap_init for leafs that aren't KVM-only. */ BUILD_BUG_ON(leaf < NCAPINTS); =20 kvm_cpu_caps[leaf] =3D mask; @@ -623,7 +623,7 @@ void kvm_cpu_cap_init_kvm_defined(enum kvm_only_cpuid_l= eafs leaf, u32 mask) __kvm_cpu_cap_mask(leaf); } =20 -static __always_inline void kvm_cpu_cap_mask(enum cpuid_leafs leaf, u32 ma= sk) +static __always_inline void kvm_cpu_cap_init(enum cpuid_leafs leaf, u32 ma= sk) { /* Use kvm_cpu_cap_init_kvm_defined for KVM-only leafs. */ BUILD_BUG_ON(leaf >=3D NCAPINTS); @@ -661,7 +661,7 @@ void kvm_set_cpu_caps(void) memcpy(&kvm_cpu_caps, &boot_cpu_data.x86_capability, sizeof(kvm_cpu_caps) - (NKVMCAPINTS * sizeof(*kvm_cpu_caps))); =20 - kvm_cpu_cap_mask(CPUID_1_ECX, + kvm_cpu_cap_init(CPUID_1_ECX, F(XMM3) | F(PCLMULQDQ) | 0 /* DTES64 */ | @@ -697,7 +697,7 @@ void kvm_set_cpu_caps(void) /* KVM emulates x2apic in software irrespective of host support. */ kvm_cpu_cap_set(X86_FEATURE_X2APIC); =20 - kvm_cpu_cap_mask(CPUID_1_EDX, + kvm_cpu_cap_init(CPUID_1_EDX, F(FPU) | F(VME) | F(DE) | @@ -727,7 +727,7 @@ void kvm_set_cpu_caps(void) 0 /* HTT, TM, Reserved, PBE */ ); =20 - kvm_cpu_cap_mask(CPUID_7_0_EBX, + kvm_cpu_cap_init(CPUID_7_0_EBX, F(FSGSBASE) | F(SGX) | F(BMI1) | @@ -757,7 +757,7 @@ void kvm_set_cpu_caps(void) F(AVX512BW) | F(AVX512VL)); =20 - kvm_cpu_cap_mask(CPUID_7_ECX, + kvm_cpu_cap_init(CPUID_7_ECX, F(AVX512VBMI) | F(LA57) | F(PKU) | @@ -789,7 +789,7 @@ void kvm_set_cpu_caps(void) if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE)) kvm_cpu_cap_clear(X86_FEATURE_PKU); =20 - kvm_cpu_cap_mask(CPUID_7_EDX, + kvm_cpu_cap_init(CPUID_7_EDX, F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) | @@ -821,7 +821,7 @@ void kvm_set_cpu_caps(void) if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); =20 - kvm_cpu_cap_mask(CPUID_7_1_EAX, + kvm_cpu_cap_init(CPUID_7_1_EAX, F(SHA512) | F(SM3) | F(SM4) | @@ -854,7 +854,7 @@ void kvm_set_cpu_caps(void) F(MCDT_NO) ); =20 - kvm_cpu_cap_mask(CPUID_D_1_EAX, + kvm_cpu_cap_init(CPUID_D_1_EAX, F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | @@ -874,7 +874,7 @@ void kvm_set_cpu_caps(void) F(AVX10_512) ); =20 - kvm_cpu_cap_mask(CPUID_8000_0001_ECX, + kvm_cpu_cap_init(CPUID_8000_0001_ECX, F(LAHF_LM) | F(CMP_LEGACY) | 0 /*SVM*/ | @@ -894,7 +894,7 @@ void kvm_set_cpu_caps(void) 0 /* PERFCTR_CORE */ ); =20 - kvm_cpu_cap_mask(CPUID_8000_0001_EDX, + kvm_cpu_cap_init(CPUID_8000_0001_EDX, F(FPU) | F(VME) | F(DE) | @@ -935,7 +935,7 @@ void kvm_set_cpu_caps(void) SF(CONSTANT_TSC) ); =20 - kvm_cpu_cap_mask(CPUID_8000_0008_EBX, + kvm_cpu_cap_init(CPUID_8000_0008_EBX, F(CLZERO) | F(XSAVEERPTR) | F(WBNOINVD) | @@ -981,9 +981,9 @@ void kvm_set_cpu_caps(void) * Hide all SVM features by default, SVM will set the cap bits for * features it emulates and/or exposes for L1. */ - kvm_cpu_cap_mask(CPUID_8000_000A_EDX, 0); + kvm_cpu_cap_init(CPUID_8000_000A_EDX, 0); =20 - kvm_cpu_cap_mask(CPUID_8000_001F_EAX, + kvm_cpu_cap_init(CPUID_8000_001F_EAX, 0 /* SME */ | 0 /* SEV */ | 0 /* VM_PAGE_FLUSH */ | @@ -991,7 +991,7 @@ void kvm_set_cpu_caps(void) F(SME_COHERENT) ); =20 - kvm_cpu_cap_mask(CPUID_8000_0021_EAX, + kvm_cpu_cap_init(CPUID_8000_0021_EAX, F(NO_NESTED_DATA_BP) | F(LFENCE_RDTSC) | 0 /* SmmPgCfgLock */ | @@ -1015,7 +1015,7 @@ void kvm_set_cpu_caps(void) * kernel. LFENCE_RDTSC was a Linux-defined synthetic feature long * before AMD joined the bandwagon, e.g. LFENCE is serializing on most * CPUs that support SSE2. On CPUs that don't support AMD's leaf, - * kvm_cpu_cap_mask() will unfortunately drop the flag due to ANDing + * kvm_cpu_cap_init() will unfortunately drop the flag due to ANDing * the mask with the raw host CPUID, and reporting support in AMD's * leaf can make it easier for userspace to detect the feature. */ @@ -1025,7 +1025,7 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE); kvm_cpu_cap_set(X86_FEATURE_NO_SMM_CTL_MSR); =20 - kvm_cpu_cap_mask(CPUID_C000_0001_EDX, + kvm_cpu_cap_init(CPUID_C000_0001_EDX, F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8463919E830 for ; Thu, 28 Nov 2024 01:35:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757716; cv=none; b=ua9D4mCDVtKtV35ttrxYjDIviVsJzU4HryjcYaRV+yT3BnSruHog7Ziqv1zFy2K2tppPisJtnndWueSnmUAEtCAoYY5Y7lxYG94CtvbeBURLRsnHZodMFjId91ucBrAM9e0+EP4jstVxQjAtQFLWbOOR5Y5hBWwUA/wVf3jWH8E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757716; c=relaxed/simple; bh=jTHw6WzG1L2ET0+uLOjxe98U/NZComyDwuqnLDwUK7Q=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CLWpykKeNjdkUDWaf+qbVhCiPGi46U5jvmjxPVYDvkDMqn16PE6fAsjInaLaSJ1mkHKE0XSJuqQf8lq2RcmwnuRNFJ6ZXBlW1Fh7Qmv0Pe8EUcx6zkaeAOo8Cp90lTAOj2iSYEimEKB3PL/UT9DWWQTRXVfI5zSuAg+as1wnxJU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=fZTT3Jpc; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fZTT3Jpc" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea3c9178f6so359852a91.1 for ; Wed, 27 Nov 2024 17:35:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757714; x=1733362514; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=pcqSghdFCh/ZctdAGuZ6xZDRZT1voItvL/TUvcMElMw=; b=fZTT3Jpc6K2+TuR6tKqAEsWBtp9uD4CCGK2XSmInd4hpiU2Pr0z20O76XfJHvYHz9i L31VLgnVZULe04zQqMePbmzx2Hsh5VnTcIz9o7+Hjux5gcv/iQ1j9epbv0LTwyO4eLRG BfSCxPYYfTH2fhlC1Ynkg/S82w5bM0tSVto51vPewH2dsr/hrXImPWY7/PzXzFksFoui VWWQ8Kcd6yRWe0JJFSi7zKH/urV29LuvDR1biDHFKhdcWn2+69E18D81R9Z3yEAv1rdt GqQQlAPiM7g3mjj3Y10aCYPXCnPMQ8rlobYiiBXqT4XPdAwvOcmpAgtJi1kxZURrC1g1 cYmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757714; x=1733362514; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pcqSghdFCh/ZctdAGuZ6xZDRZT1voItvL/TUvcMElMw=; b=OuXmXNTjf2N+9ML3scoB7L2CzY2Woz6sfZyxk1xVwMKguRkSXnCDB8xuE3n4L29ImU LJ6Iq9R9aw7SsW8Hoqrcf/nlL1uxBL8c+wDmRKYCH4yJvVHudvbYAkzUp9hKlpXtQb9w 3dpM+3LDWrQXgaoDxUsavzuNk2dhhYDt7gazFw1pWhAUgWzpPxlFEpBdu4iKL7/THQJX u90lWDDkpJClvOHi3VuP96QGApp4rSYUBsCwe/QKaJ9+w04WSUEZyGgd05Z12fcvT26M KbWvUk6Yq4tewtuUgaqSIQ4OO9wgHTHaiWwhLWL1P91WtEz/wZIPxRN39nIGk2YgwD56 bkeg== X-Forwarded-Encrypted: i=1; AJvYcCVa6D5JTDf9DUao3YBqmGTFnzjcFRenIOEvot6pcFvmNbBYk0W73dwZNVHF/ssG15ULtCI2DkXaf2ATlH8=@vger.kernel.org X-Gm-Message-State: AOJu0YylJxTfkhXfSZPw7UsXEntRIgue8r1rSM51gEKFcJlTWeM7DiQS kXZ9EeAUbQEF4gQTNP5PANTjf07IUQmoZNiuZBFf8PjgmBTVN39h9Tqk77PU392easE73eRTIjk +8w== X-Google-Smtp-Source: AGHT+IGUQlMTSKfuvU5bVfNlJaMTNUCCVb/DTfETxPEeuTtM1qtJCGgOOyXt1nJBI+ToBILywzlFBuJrkjk= X-Received: from pjbsj16.prod.google.com ([2002:a17:90b:2d90:b0:2ea:29de:af10]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:164d:b0:2ea:77c5:e877 with SMTP id 98e67ed59e1d1-2ee097bf31fmr7054546a91.24.1732757714077; Wed, 27 Nov 2024 17:35:14 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:51 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-25-seanjc@google.com> Subject: [PATCH v3 24/57] KVM: x86: Add a macro to init CPUID features that are 64-bit only From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a macro to mask-in feature flags that are supported only on 64-bit kernels/KVM. In addition to reducing overall #ifdeffery, using a macro will allow hardening the kvm_cpu_cap initialization sequences to assert that the features being advertised are indeed included in the word being initialized. And arguably using *F() macros through is more readable. No functional change intended. Reviewed-by: Maxim Levitsky Reviewed-by: Xiaoyao Li Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 9bd8bac3cd52..9219e164c810 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -642,17 +642,14 @@ static __always_inline void kvm_cpu_cap_init(enum cpu= id_leafs leaf, u32 mask) (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0); \ }) =20 +/* Features that KVM supports only on 64-bit kernels. */ +#define X86_64_F(name) \ +({ \ + (IS_ENABLED(CONFIG_X86_64) ? F(name) : 0); \ +}) + void kvm_set_cpu_caps(void) { -#ifdef CONFIG_X86_64 - unsigned int f_gbpages =3D F(GBPAGES); - unsigned int f_lm =3D F(LM); - unsigned int f_xfd =3D F(XFD); -#else - unsigned int f_gbpages =3D 0; - unsigned int f_lm =3D 0; - unsigned int f_xfd =3D 0; -#endif memset(kvm_cpu_caps, 0, sizeof(kvm_cpu_caps)); =20 BUILD_BUG_ON(sizeof(kvm_cpu_caps) - (NKVMCAPINTS * sizeof(*kvm_cpu_caps))= > @@ -859,7 +856,7 @@ void kvm_set_cpu_caps(void) F(XSAVEC) | F(XGETBV1) | F(XSAVES) | - f_xfd + X86_64_F(XFD) ); =20 kvm_cpu_cap_init_kvm_defined(CPUID_12_EAX, @@ -920,10 +917,10 @@ void kvm_set_cpu_caps(void) F(MMX) | F(FXSR) | F(FXSR_OPT) | - f_gbpages | + X86_64_F(GBPAGES) | F(RDTSCP) | 0 /* Reserved */ | - f_lm | + X86_64_F(LM) | F(3DNOWEXT) | F(3DNOW) ); @@ -1057,6 +1054,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); =20 #undef F #undef SF +#undef X86_64_F =20 struct kvm_cpuid_array { struct kvm_cpuid_entry2 *entries; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 236AD481B1 for ; Thu, 28 Nov 2024 01:35:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757717; cv=none; b=jVIXJBM2MgRK2eLDyOEyDfr+LDADLF3/mHjBcdDYJ3jke6S9TH7bYOGQr5yA9PebfvCc4KVzyrJQU/r5Z2jHM8kiy3dPpYNGfQQmbT1NWlW1gbPESXdw1VrjMmvbZ00NyWO/1vxChbzHDCdKx+St0VNPp5bcB0852TMq4GeIE24= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757717; c=relaxed/simple; bh=Wq5LM6NqLa3bJHEUV5BTVIFsmH63BQ1SZbZwRoHeBQQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MIwtXm7rRRABMYyRqHBYbxvX+HPdyirK8x/pxiqgobyc3HhY50G9u7y9JQmcMIC4SW64ulNtMN+fcYmxeaOsTqMz1GwnYs4B/QUtp44bALD0Z84dQ6658KBX8Cz5VThFIDko2Va2U7rbprAROOhZgev+pQ3dNVe6NPKqgOIMdHc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=tipgPEUP; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tipgPEUP" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea2dc1a51fso363346a91.2 for ; Wed, 27 Nov 2024 17:35:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757715; x=1733362515; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=4bBB0NQOkuxY/fMRl1/Z0GmdB3PHk1lvBMv7RHKM/5o=; b=tipgPEUPv4NrBSsd4AiteBFW7P/aWwAQiT29+mxuNuPntDECpNmfPud5HhL7Wrq02U IOsvzbNVO/S17IpniAieMucecdTM3o+mLIL50KxTXwFG+LdyqEkq2PqJTNFwk2bl6O/U 92fAm8ZLyoYWvI7AbHrhqaY1MZYCnsoqIwMeYiL0dorp86UJ8m+Q9ngTpsH/ugQH8arr b1g9GwUP/g3kvxB+9SihjBsPbcSQL7Q6uGLOhXzyfpg2UKdNLAyj6bVQ41epuW/Sp9Tr QFv24mVo+J1N8zk9IkP9kSFg3nRix6N4vARTZRYhb7kSvV0IcwSsttCx12TMii46goeD 473w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757715; x=1733362515; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4bBB0NQOkuxY/fMRl1/Z0GmdB3PHk1lvBMv7RHKM/5o=; b=R8Po9YZiPoXLcEITAL9bxy+b3iU8elwl3TfQbGX0E5DWFTSP7SzwCYw5s3QVt+L/+e vOavLvo3ZbdLv/qHF+IC2Fy9jyP9TBmKWGlqNlq2c0bDwAugMTS7OZ0UaX7gYF7I3UDE l7F3eYFwumpx3uzVM8ul0xwyzh5cyH6d2M30Cm+jTODzPfi+XTLfejwgkr4BcJ5FrPxA gJCm96HnpSKn103usyilf7UD56UkNEnIF0l4fERTQoBpklFjSAS4NqsbBunhOmPFjpm7 mYQyd3jDbOMz93sHMQv5OtRLCk5A1qWYA73YsyId1uF7WjLm5UKO/FMC7D6ejy053b3d K+Og== X-Forwarded-Encrypted: i=1; AJvYcCVZ1vJdDR101hrmcVk8sG0Kn6Q4HEppFhtlkAHGcvMSKkR6ToP8de1gc0nOy35Ea1J+yN0iGEQDHxrpbPI=@vger.kernel.org X-Gm-Message-State: AOJu0YxXiRpvLTmfODx2DjuDhg7R6QSdMLW4sMmAGti69VHxjOflunfY YdOB9OQbTNceiin/g7BOhgqpZzohCUkOrSM4c2FEcz+mw4xWVJZeMsyEHfCpNvjMAj4WccHz3Yi ojw== X-Google-Smtp-Source: AGHT+IGwrEfLn6hBewUj/il+Vfs6v5UsNGJgiFF2RXZQmzZ8b1U9q7mlrLEDaSRSfx3tH3diTdGghP34XRs= X-Received: from pjbqn7.prod.google.com ([2002:a17:90b:3d47:b0:2e0:a50e:a55e]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4c46:b0:2ea:aa69:1067 with SMTP id 98e67ed59e1d1-2ee08e5e389mr6492735a91.3.1732757715563; Wed, 27 Nov 2024 17:35:15 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:52 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-26-seanjc@google.com> Subject: [PATCH v3 25/57] KVM: x86: Add a macro to precisely handle aliased 0x1.EDX CPUID features From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a macro to precisely handle CPUID features that AMD duplicated from CPUID.0x1.EDX into CPUID.0x8000_0001.EDX. This will allow adding an assert that all features passed to kvm_cpu_cap_init() match the word being processed, e.g. to prevent passing a feature from CPUID 0x7 to CPUID 0x1. Because the kernel simply reuses the X86_FEATURE_* definitions from CPUID.0x1.EDX, KVM's use of the aliased features would result in false positives from such an assert. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 47 +++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 9219e164c810..ddff0c7c78b9 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -648,6 +648,16 @@ static __always_inline void kvm_cpu_cap_init(enum cpui= d_leafs leaf, u32 mask) (IS_ENABLED(CONFIG_X86_64) ? F(name) : 0); \ }) =20 +/* + * Aliased Features - For features in 0x8000_0001.EDX that are duplicates = of + * identical 0x1.EDX features, and thus are aliased from 0x1 to 0x8000_000= 1. + */ +#define ALIASED_1_EDX_F(name) \ +({ \ + BUILD_BUG_ON(__feature_leaf(X86_FEATURE_##name) !=3D CPUID_1_EDX); \ + feature_bit(name); \ +}) + void kvm_set_cpu_caps(void) { memset(kvm_cpu_caps, 0, sizeof(kvm_cpu_caps)); @@ -892,30 +902,30 @@ void kvm_set_cpu_caps(void) ); =20 kvm_cpu_cap_init(CPUID_8000_0001_EDX, - F(FPU) | - F(VME) | - F(DE) | - F(PSE) | - F(TSC) | - F(MSR) | - F(PAE) | - F(MCE) | - F(CX8) | - F(APIC) | + ALIASED_1_EDX_F(FPU) | + ALIASED_1_EDX_F(VME) | + ALIASED_1_EDX_F(DE) | + ALIASED_1_EDX_F(PSE) | + ALIASED_1_EDX_F(TSC) | + ALIASED_1_EDX_F(MSR) | + ALIASED_1_EDX_F(PAE) | + ALIASED_1_EDX_F(MCE) | + ALIASED_1_EDX_F(CX8) | + ALIASED_1_EDX_F(APIC) | 0 /* Reserved */ | F(SYSCALL) | - F(MTRR) | - F(PGE) | - F(MCA) | - F(CMOV) | - F(PAT) | - F(PSE36) | + ALIASED_1_EDX_F(MTRR) | + ALIASED_1_EDX_F(PGE) | + ALIASED_1_EDX_F(MCA) | + ALIASED_1_EDX_F(CMOV) | + ALIASED_1_EDX_F(PAT) | + ALIASED_1_EDX_F(PSE36) | 0 /* Reserved */ | F(NX) | 0 /* Reserved */ | F(MMXEXT) | - F(MMX) | - F(FXSR) | + ALIASED_1_EDX_F(MMX) | + ALIASED_1_EDX_F(FXSR) | F(FXSR_OPT) | X86_64_F(GBPAGES) | F(RDTSCP) | @@ -1055,6 +1065,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); #undef F #undef SF #undef X86_64_F +#undef ALIASED_1_EDX_F =20 struct kvm_cpuid_array { struct kvm_cpuid_entry2 *entries; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED6D71A00EE for ; Thu, 28 Nov 2024 01:35:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757719; cv=none; b=NglIL/sFuLSJvUs02q5JB3yJa+n9shMXgO0a+5U0w1MjxN+0/gIiZc+DM3+RS4zaXDOJUQ7SPGQXR3nO8xvniVzqUaH9J3IBS2qum3hUqKTa3I2lTsjxeYuftKv2Knn90knlNh0oeVoQwpWkzj6d/tv3ppCi975GQfCMlWLrxJA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757719; c=relaxed/simple; bh=03vFd+gOroODh8C9T2sGp7JBfixgtUjep2ou9I0cgFo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=W7CLFKcU6ASWND/2fxK++akkE5Y4tUYP57FVloild7xiePbQIQuLB4abspA+HX4riKuO8gdmj7RWltzXU6EorQ9vKJTFkkXhuo4UiyXAg5KeJS6slepjo0NMScGB8imzXbXGSIiCuW1J7PwF9irHXjvqiazn4TFautk3LKReFJE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=QOAbczJO; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QOAbczJO" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea5bf5354fso352521a91.3 for ; Wed, 27 Nov 2024 17:35:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757717; x=1733362517; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=aTsYQpwTexwHG3yKKxJkIwGG0dvQpQ9Ljw6Jssadn/0=; b=QOAbczJO1zMG+O0cl5abqtQwBU1I1kQeGDIjle4GWkCNfDpfXx4kx8mnJ6DOJ3/v/B jtjPY+60JF4IOEj8gRQotixdmfjLWoOocsF4AqWbpt5ye4k8g4NngjNx1QlwbLIuWOGy nXoT8NKyMPo4fcZQJVYP2mQByYIwAJES5h5BLjx80o0s0H1UJ4/w3cgH3I+qtbZxf/Yn MXjldkOzsomeenaNKZWo9Ugc027qWnb2wd+H6LfEPMpQrBcIadE8Nu7u4aAJ8mMbKT8O GThTYtSjKRO15DCDfBvj7CDTtI7UpjDzcphSikcZNrZuIsUGzgnb/r/yBdZqN9fQ+w2D DZkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757717; x=1733362517; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aTsYQpwTexwHG3yKKxJkIwGG0dvQpQ9Ljw6Jssadn/0=; b=SgtbxcBGE5IfZjGx4xGTkN73Ef3ViTcAZ79oKGT2zvTdF3s22K6kZ+pbUkw0Oe05va DshafqlstfDqHmKcydifsAKc15u/KjmpyTi1QlHO5n7hJP4LsyzqGyMtbRmAnJCRE14H XXZAsC3K8UnQl4HkA6b09hTBMYI77clNKTlossXe2TP9tQgF7m6rpun+L8v0wX4KDkaX lrnxCQXAUHueMRgsPAQ4iM7cMLbWZbfeHlf9CgFLiBfUbPwxhImvxRTUFe1uhmRwk3X1 6uBNXZJumbjWZQdR38dnTar2mNXTHHsC7uDCfn2mcess+c0/2Zpaet0Mp12wgWFaP9Q1 0CKQ== X-Forwarded-Encrypted: i=1; AJvYcCWJkd86BewcuZO1d3U1X4lfWsPgOnizSutEDPQdkCSJtawRHTuuua/tagNwqXAVWwD9skagKXmUxWZgdU8=@vger.kernel.org X-Gm-Message-State: AOJu0Yzvh1QGWDadHkIsRcE0FNW1VDPfq+rE0cvtO/ofitPiUoCiWwcS caa54PvfMoKNjBSDg0mZFyVR52V5JLLqS72IG9Qe7fCKcchLFJoKqRqKwje3BpEqRLBo+PZAHeI NRg== X-Google-Smtp-Source: AGHT+IF25yaZO9df1NGjMlKWj48Yvt3nBDt+80lXZmbLiOO/wECyYSxbM3ry8GaNmjsPc3OIt081rI5FNF4= X-Received: from pjbnd11.prod.google.com ([2002:a17:90b:4ccb:b0:2e9:ee22:8881]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3947:b0:2ea:61de:38ef with SMTP id 98e67ed59e1d1-2ee097bf33dmr5685347a91.28.1732757717375; Wed, 27 Nov 2024 17:35:17 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:53 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-27-seanjc@google.com> Subject: [PATCH v3 26/57] KVM: x86: Handle kernel- and KVM-defined CPUID words in a single helper From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Merge kvm_cpu_cap_init() and kvm_cpu_cap_init_kvm_defined() into a single helper. The only advantage of separating the two was to make it somewhat obvious that KVM directly initializes the KVM-defined words, whereas using a common helper will allow for hardening both kernel- and KVM-defined CPUID words without needing copy+paste. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 46 +++++++++++++++----------------------------- 1 file changed, 16 insertions(+), 30 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index ddff0c7c78b9..73e756d097e4 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -602,37 +602,23 @@ static __always_inline u32 raw_cpuid_get(struct cpuid= _reg cpuid) return *__cpuid_entry_get_reg(&entry, cpuid.reg); } =20 -/* Mask kvm_cpu_caps for @leaf with the raw CPUID capabilities of this CPU= . */ -static __always_inline void __kvm_cpu_cap_mask(unsigned int leaf) +static __always_inline void kvm_cpu_cap_init(u32 leaf, u32 mask) { const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); =20 - reverse_cpuid_check(leaf); + /* + * For kernel-defined leafs, mask the boot CPU's pre-populated value. + * For KVM-defined leafs, explicitly set the leaf, as KVM is the one + * and only authority. + */ + if (leaf < NCAPINTS) + kvm_cpu_caps[leaf] &=3D mask; + else + kvm_cpu_caps[leaf] =3D mask; =20 kvm_cpu_caps[leaf] &=3D raw_cpuid_get(cpuid); } =20 -static __always_inline -void kvm_cpu_cap_init_kvm_defined(enum kvm_only_cpuid_leafs leaf, u32 mask) -{ - /* Use kvm_cpu_cap_init for leafs that aren't KVM-only. */ - BUILD_BUG_ON(leaf < NCAPINTS); - - kvm_cpu_caps[leaf] =3D mask; - - __kvm_cpu_cap_mask(leaf); -} - -static __always_inline void kvm_cpu_cap_init(enum cpuid_leafs leaf, u32 ma= sk) -{ - /* Use kvm_cpu_cap_init_kvm_defined for KVM-only leafs. */ - BUILD_BUG_ON(leaf >=3D NCAPINTS); - - kvm_cpu_caps[leaf] &=3D mask; - - __kvm_cpu_cap_mask(leaf); -} - #define F feature_bit =20 /* Scattered Flag - For features that are scattered by cpufeatures.h. */ @@ -843,7 +829,7 @@ void kvm_set_cpu_caps(void) F(LAM) ); =20 - kvm_cpu_cap_init_kvm_defined(CPUID_7_1_EDX, + kvm_cpu_cap_init(CPUID_7_1_EDX, F(AVX_VNNI_INT8) | F(AVX_NE_CONVERT) | F(AMX_COMPLEX) | @@ -852,7 +838,7 @@ void kvm_set_cpu_caps(void) F(AVX10) ); =20 - kvm_cpu_cap_init_kvm_defined(CPUID_7_2_EDX, + kvm_cpu_cap_init(CPUID_7_2_EDX, F(INTEL_PSFD) | F(IPRED_CTRL) | F(RRSBA_CTRL) | @@ -869,13 +855,13 @@ void kvm_set_cpu_caps(void) X86_64_F(XFD) ); =20 - kvm_cpu_cap_init_kvm_defined(CPUID_12_EAX, + kvm_cpu_cap_init(CPUID_12_EAX, SF(SGX1) | SF(SGX2) | SF(SGX_EDECCSSA) ); =20 - kvm_cpu_cap_init_kvm_defined(CPUID_24_0_EBX, + kvm_cpu_cap_init(CPUID_24_0_EBX, F(AVX10_128) | F(AVX10_256) | F(AVX10_512) @@ -938,7 +924,7 @@ void kvm_set_cpu_caps(void) if (!tdp_enabled && IS_ENABLED(CONFIG_X86_64)) kvm_cpu_cap_set(X86_FEATURE_GBPAGES); =20 - kvm_cpu_cap_init_kvm_defined(CPUID_8000_0007_EDX, + kvm_cpu_cap_init(CPUID_8000_0007_EDX, SF(CONSTANT_TSC) ); =20 @@ -1012,7 +998,7 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_check_and_set(X86_FEATURE_IBPB_BRTYPE); kvm_cpu_cap_check_and_set(X86_FEATURE_SRSO_NO); =20 - kvm_cpu_cap_init_kvm_defined(CPUID_8000_0022_EAX, + kvm_cpu_cap_init(CPUID_8000_0022_EAX, F(PERFMON_V2) ); =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 976781A9B56 for ; Thu, 28 Nov 2024 01:35:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757721; cv=none; b=Cm/KTI3cYxpriMzcuIIrNP6E8sO+89HzAfo/nnugrINMS5hqm8LNpXNKNgvG5Wujm1wFEm8V2QRcM1wtO0HVkdy6WRno+0Q+56MmLk0u589G3WzkPTWr+FJ4vGsMUN0UpqwRRYuExhrXQfGozn2hUGin+IQfQV1sBuflwrSf3Ds= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757721; c=relaxed/simple; bh=p3CBzhkm6ujU4s52ZTEXum8M/Hl6dyxVOGgM/SCeLYc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=B91yF9wWda66nfAa6aWfcNjdVQ68zzn7k7II2LrF2piWRvjRXfZUY61Mwuk75t3Qv0H5mH80X/0gtWDCZqz8krdeJZZSZcB0BD6dGLK/HLbhvN6vUdEzBMMcj3uM7WPEMcI4TYhaCQjMtZ0SmCNg7eha+mzB2r+e6oB1xqD0RMk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=us+LS7wO; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="us+LS7wO" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea5447561bso338141a91.1 for ; Wed, 27 Nov 2024 17:35:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757719; x=1733362519; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=gZJBOmAP26+0yF/bEhrb3rRX/4R15M+YqMVdFmFdghQ=; b=us+LS7wOwWyTFD1Y0pQmV2cFsogvUO+pXs52ig6hkj2TxrGbDbRkLSiz4x+FwGfFUZ p8YD7vnr0zykd8tkovHP5QATnQeRDMiKLBCrNFzE/yV2R4+oGL2oYM7IFv2HGohZnEjJ B8b5FGBlkqdQ4tsP7901n3dTcNFm+OdUdw83ziYHnTP03A3PAnRoGBIOOWhoaLrmK+ah LV39KBO4yKfpVrhXGv+l2U0hJ8y8fc8CtU6jZqrxFyUm8KMWupq2K1OesGUuZpECkgvZ 34b/x2bVOXglwYAI4bkdcP5FICf/J5/0DcIGBzPzFY4okLai1aMXPhUnn29gLTzdMSKf j4tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757719; x=1733362519; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gZJBOmAP26+0yF/bEhrb3rRX/4R15M+YqMVdFmFdghQ=; b=jFCclBJGOSHu9Q9rd/kF5Rv6sHSWDz1+MHTw4czFeJnH2EAzDj3whkn9teKJRr1T+/ BoeD1swuHMekoKlYCqeXq0yKaipOdSsXiVqDIkLBDwRlIfynvmyQpSdT0T8nQME8YDyB lvKEJe0vpQ6tUlgGDAVyVItZb09cKcgsbakAENbwlvwg5wULdfBLJZhKD3UD1gUmPuzV KzFOfIWFMu98E2FBo4DxsJimnO3zQxVxg9yugmcAH0t/KxR4e60oO8+7RUzoUcA3bKuE WWwf+QVk9VqegLZ0ZoDYsno2qm6nVqfput9+OJQEaLlfreRiwgdJDCfYLMePk5PI0AuX Sv8Q== X-Forwarded-Encrypted: i=1; AJvYcCX2bbdoFSOs8BTePtTlOLy6p7Pd2ETEKP0AiKvWlN7UqoESNPwmi7/CLomvihuofy213oSUTYnN1JAXkP8=@vger.kernel.org X-Gm-Message-State: AOJu0YydDJF15P6MXfc5fu4kK5YszaqJjor3ssOntymR/N6h6Cc1eSYU S9tjEy3ZAHcXJcTL0u7BFCL67QTAIol7eJNZIaAfM6fPieSCCe5mf4eaY8opFnK/uIkvmoQ4fBq SlQ== X-Google-Smtp-Source: AGHT+IHoBRCOykd0M/JG0OnOX96GiVjTOBq+7QjcigybBzm1eoql7wNABr53Ji6d8itQZ8cWe3pKz5HSf/8= X-Received: from pjbli10.prod.google.com ([2002:a17:90b:48ca:b0:2e1:8750:2b46]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1bcb:b0:2ea:4e67:5638 with SMTP id 98e67ed59e1d1-2ee097e3b21mr6975530a91.35.1732757719107; Wed, 27 Nov 2024 17:35:19 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:54 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-28-seanjc@google.com> Subject: [PATCH v3 27/57] KVM: x86: #undef SPEC_CTRL_SSBD in cpuid.c to avoid macro collisions From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Undefine SPEC_CTRL_SSBD, which is #defined by msr-index.h to represent the enable flag in MSR_IA32_SPEC_CTRL, to avoid issues with the macro being unpacked into its raw value when passed to KVM's F() macro. This will allow using multiple layers of macros in F() and friends, e.g. to harden against incorrect usage of F(). No functional change intended (cpuid.c doesn't consume SPEC_CTRL_SSBD). Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 73e756d097e4..efff83da3df3 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -644,6 +644,12 @@ static __always_inline void kvm_cpu_cap_init(u32 leaf,= u32 mask) feature_bit(name); \ }) =20 +/* + * Undefine the MSR bit macro to avoid token concatenation issues when + * processing X86_FEATURE_SPEC_CTRL_SSBD. + */ +#undef SPEC_CTRL_SSBD + void kvm_set_cpu_caps(void) { memset(kvm_cpu_caps, 0, sizeof(kvm_cpu_caps)); --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-il1-f201.google.com (mail-il1-f201.google.com [209.85.166.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ABC951AA1FF for ; Thu, 28 Nov 2024 01:35:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757723; cv=none; b=gkhfZCrcDOuLKMB3+aPvKHSGTw36eSBd6nvX1tWTtsadW3I4G485bXA/1X18gq2xI4nzGmTyNUpljUtUDCO1GHVAjqO2LbPpaALWRuJY5Ci8KONKheCHaeEuN/IkDCEGfj7c7DwiIaYVF3J40awQEGJjAib+S9J46Dko+zqepJo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757723; c=relaxed/simple; bh=iscQsFl5jn+TPuQsDMETJQuayZSVqsIm4Yh6FwXeCHc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OAZ+sdjngXvSx8iQoAcsGmxRJl6II6I73J6f2XX8/duOolvB03US1xgfMD0BjA6O6HQXVRRQJeLp+e7QaYvNErZn28gO4ZDTHrFJncxpMlV3kL5sIrr/XO1jqw3AOY5tptZjjaLxjyhZYpHZj5vg6jxHIDgUhQNzeXvhDxFCWxA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=arhCNEIQ; arc=none smtp.client-ip=209.85.166.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="arhCNEIQ" Received: by mail-il1-f201.google.com with SMTP id e9e14a558f8ab-3a7c8259214so3445795ab.2 for ; Wed, 27 Nov 2024 17:35:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757721; x=1733362521; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=or4dfW5NPPoBHl83ebbhI2Kl40dJajWBKajgnr00qAI=; b=arhCNEIQWJxXVCjhwGHwEZ4aie/XqprDER+g+XnJ1elRm5ZDK2IgX+kBJZHMB1fVLi gjvUVpUhAWCMwhEPdoxkvzJci0SJpwDvIr1Ybn5NRNsPn1vwOI5f42lNGFUMMSW/AVjz vMvu/FOrDK1dGhU7NKMAI9alEf7qxLGY4eJTsSdMTULr2K1hjJGDp8xZGUor8sHKgv3j 1bG3Tc+SqowgCBEC3FnJqmQ8sy2pMUbq9SvjpQxcfqJu4oJN6c8eaWEgaobWLG3jm5QI 5qy2XsLpcXIkUP6SvIHiJcyMtjjuUJNzQehfU+/flipcYR9HH/NbS3sahHwhbq0inBKK nR4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757721; x=1733362521; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=or4dfW5NPPoBHl83ebbhI2Kl40dJajWBKajgnr00qAI=; b=Jb4mM8/ltFoT1A8Fb+N8WxsV/UX0ufEcZQYM7MuRcxO6JijTXkQxA9dzNIdBtvket/ MFP04l04XasUu3hhPOKpTSMcoEywJ678mOrYmX4+QcGUH5SMJ89lQYjJWeGXk9FVw450 HRMkUr7q6CGckBkP5Q2QdVtyCqK8zcgeOObtY9PSQ3DK0lmZXsMSk9O2HeJgBBbxqOr+ zL1UGh21aZFCHNkdGOWL1lsO/S1gq9FVOJsUztN8MB3ssddJ5/fcM7Vfw0XC/ZnUZ2Y5 fWHDwiWKB9YYizhR/NlaA5reA3gcKjja/nsCafo1okO8kiy5jxkPDtBjac2ZLAatpuLg skJg== X-Forwarded-Encrypted: i=1; AJvYcCWJ0D5+RgzFqLlFS/rQmpWUK32RtClH87SLVOgVrUOSRtnr3ROqdVYUTUHgepFCVJMpeeeJGXKovmY3s0E=@vger.kernel.org X-Gm-Message-State: AOJu0YzIfxu+XgbITfWkm80JYgQ3CNdzU0ocVUDocZNpCT464iaLesaC aEUmpCZYs2TanGvp6dcvFnXSs1BMIAOAgawBnH0ZBobmmQDn14+T+wzYOKazevOgQi0v9gqetZK rIA== X-Google-Smtp-Source: AGHT+IHqvArLP/DTLOy9MpelaMy9pJau/26PUrYe6mAmbmDCvrOFJgFkHYoGtDP5b19XPXc68OHJeJQvhkI= X-Received: from pgbdl2.prod.google.com ([2002:a05:6a02:d02:b0:7fc:219e:bdd9]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6e02:20e3:b0:3a7:87f2:b010 with SMTP id e9e14a558f8ab-3a7c552574bmr59060575ab.5.1732757720946; Wed, 27 Nov 2024 17:35:20 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:55 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-29-seanjc@google.com> Subject: [PATCH v3 28/57] KVM: x86: Harden CPU capabilities processing against out-of-scope features From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add compile-time assertions to verify that usage of F() and friends in kvm_set_cpu_caps() is scoped to the correct CPUID word, e.g. to detect bugs where KVM passes a feature bit from word X into word y. Add a one-off assertion in the aliased feature macro to ensure that only word 0x8000_0001.EDX aliased the features defined for 0x1.EDX. To do so, convert kvm_cpu_cap_init() to a macro and have it define a local variable to track which CPUID word is being initialized that is then used to validate usage of F() (all of the inputs are compile-time constants and thus can be fed into BUILD_BUG_ON()). Redefine KVM_VALIDATE_CPU_CAP_USAGE after kvm_set_cpu_caps() to be a nop so that F() can be used in other flows that aren't as easily hardened, e.g. __do_cpuid_func_emulated() and __do_cpuid_func(). Invoke KVM_VALIDATE_CPU_CAP_USAGE() in SF() and X86_64_F() to ensure the validation occurs, e.g. if the usage of F() is completely compiled out (which shouldn't happen for boot_cpu_has(), but could happen in the future, e.g. if KVM were to use cpu_feature_enabled()). Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 51 ++++++++++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 16 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index efff83da3df3..c9a8513dbc30 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -602,35 +602,53 @@ static __always_inline u32 raw_cpuid_get(struct cpuid= _reg cpuid) return *__cpuid_entry_get_reg(&entry, cpuid.reg); } =20 -static __always_inline void kvm_cpu_cap_init(u32 leaf, u32 mask) -{ - const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); +/* + * For kernel-defined leafs, mask the boot CPU's pre-populated value. For= KVM- + * defined leafs, explicitly set the leaf, as KVM is the one and only auth= ority. + */ +#define kvm_cpu_cap_init(leaf, mask) \ +do { \ + const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); \ + const u32 __maybe_unused kvm_cpu_cap_init_in_progress =3D leaf; \ + \ + if (leaf < NCAPINTS) \ + kvm_cpu_caps[leaf] &=3D (mask); \ + else \ + kvm_cpu_caps[leaf] =3D (mask); \ + \ + kvm_cpu_caps[leaf] &=3D raw_cpuid_get(cpuid); \ +} while (0) =20 - /* - * For kernel-defined leafs, mask the boot CPU's pre-populated value. - * For KVM-defined leafs, explicitly set the leaf, as KVM is the one - * and only authority. - */ - if (leaf < NCAPINTS) - kvm_cpu_caps[leaf] &=3D mask; - else - kvm_cpu_caps[leaf] =3D mask; +/* + * Assert that the feature bit being declared, e.g. via F(), is in the CPU= ID + * word that's being initialized. Exempt 0x8000_0001.EDX usage of 0x1.EDX + * features, as AMD duplicated many 0x1.EDX features into 0x8000_0001.EDX. + */ +#define KVM_VALIDATE_CPU_CAP_USAGE(name) \ +do { \ + u32 __leaf =3D __feature_leaf(X86_FEATURE_##name); \ + \ + BUILD_BUG_ON(__leaf !=3D kvm_cpu_cap_init_in_progress); \ +} while (0) =20 - kvm_cpu_caps[leaf] &=3D raw_cpuid_get(cpuid); -} - -#define F feature_bit +#define F(name) \ +({ \ + KVM_VALIDATE_CPU_CAP_USAGE(name); \ + feature_bit(name); \ +}) =20 /* Scattered Flag - For features that are scattered by cpufeatures.h. */ #define SF(name) \ ({ \ BUILD_BUG_ON(X86_FEATURE_##name >=3D MAX_CPU_FEATURES); \ + KVM_VALIDATE_CPU_CAP_USAGE(name); \ (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0); \ }) =20 /* Features that KVM supports only on 64-bit kernels. */ #define X86_64_F(name) \ ({ \ + KVM_VALIDATE_CPU_CAP_USAGE(name); \ (IS_ENABLED(CONFIG_X86_64) ? F(name) : 0); \ }) =20 @@ -641,6 +659,7 @@ static __always_inline void kvm_cpu_cap_init(u32 leaf, = u32 mask) #define ALIASED_1_EDX_F(name) \ ({ \ BUILD_BUG_ON(__feature_leaf(X86_FEATURE_##name) !=3D CPUID_1_EDX); \ + BUILD_BUG_ON(kvm_cpu_cap_init_in_progress !=3D CPUID_8000_0001_EDX); \ feature_bit(name); \ }) =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3076F1AE875 for ; Thu, 28 Nov 2024 01:35:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757724; cv=none; b=ZaAXk2bbqaAntK3zsuHnovkmJ6uEMqDDS5W2XY1oXr/UZutIXwvyOciLdmnoPgH7KCSWRr1LrswAuNhkrnkgEUG6qWKT93AyVbmtvdV6tKXw9uUb7yCcj9Ipaegwwo7WPcq8YZmn7b7Er9+PVeNx+AjQIaOVy4rErkQszTXNACw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757724; c=relaxed/simple; bh=iparbKkxMUF353Y34z4B10W301N08LqLmil1yvKSLkg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=teKqsUww15O4RqXldcbuF5286dwiUZwwCy9zNCu45ByEWuF0ApQFdnMDV3FXj7KnUIlk95otd8u+idqIuNnmBIp0nDTNM+8yF1G210eruYrLuSpmfibCt1JAgDvmFUcUURkeAMKPR8J0b5QXJUqEi+fvZPJEsjKM+GJGiIpCjA8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=IOiuxo7N; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IOiuxo7N" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2eaef95f0d8so443010a91.3 for ; Wed, 27 Nov 2024 17:35:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757723; x=1733362523; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=NZkn7uVX+fUFjolFig2q49G57BV4Dyx1JGLX/2AmIPM=; b=IOiuxo7NHB2mB4d7a+ycQxEb+dSKtToAGYncji8jgMfdMMlT17y3Ucg03qhJPymbka P9/Ii8q7WvMD1SG74dzuI9chLAflu3S0EBQjyk/OYIg95/Xgw4P8DHdTdHrHimSpE7Lf HiUrU+ekME8HtDo6+izv+jAgJO+hsttjHzP8MR6uQh6xipQ8ByZz4H0BMrihLWMqJsos eloD3UkUQYizf12KE7dVB5zBoOstFCB7wY82QjvU47ZHaHapGxiLpFfUVjtbbKCgE1rU 2QyP9owM0IhowW/kiy5d86f9P3UysthYKs9PDaexd8RBqDscxmPk5RqXqrGvJ+KN8WfT +OgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757723; x=1733362523; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NZkn7uVX+fUFjolFig2q49G57BV4Dyx1JGLX/2AmIPM=; b=E9ywHbuues0ufV+TxW15rIPoC6Hu3F0+RPd2yDXp+euLaXDFbTTJOeVIk1cp8M83U/ bHR9WMZcq7RwjJKb25y4j7HWhNsA3rvaHVMsXwCCNtHnPYR2Fl2Ea7bZ47eiRpQL8QX5 xYwoT2ceetsN2WzSJVfYjrevFVJsrtywun2moUEeA6xpQfzyJWjarkpYxlSReKT+F6yx GXEJ1ukNWta2V+k4hT3inErvwvAVhMU2NCdKa/Qyb4p2CT+plL2Vyc1cJMvkkiIIpH8q iyGTnDGeok/CVhR/inggDOBlNR1Nwpex4dt10o0ctMNJE8FU78OC4FU59fxOo6Oc6gYa 0MYA== X-Forwarded-Encrypted: i=1; AJvYcCWtfecjrkCJcjiugBPC3kMiVRVWwL3cmF5TDrYt/vcchRyDSUx3IN8y5kAb4+4dycZvzEl8/R2NCWHpy3U=@vger.kernel.org X-Gm-Message-State: AOJu0YzqtRq7l/Cu4JchRZIg6s/G07gAC0ebd6Jbf9T5G7v5GrtB/rbG Y1GdXQmCLGiEU4SZUbSQOJFG61jYez/wOeyDnlaDSMPM6IK3WX6lVN7ShfdoIHGaBxNQgobS7GV Lfg== X-Google-Smtp-Source: AGHT+IGI8ND2VVwlZdDGAoDzV/xv9Z/3t6LJP6qC1wVUcOLzFmIaXT+GVqHfCqi9L4txvklzgu6maR67WTs= X-Received: from pjbpq13.prod.google.com ([2002:a17:90b:3d8d:b0:2ea:3a1b:f493]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1d0e:b0:2ea:61ac:a50b with SMTP id 98e67ed59e1d1-2ee097e4795mr5918633a91.31.1732757722708; Wed, 27 Nov 2024 17:35:22 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:56 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-30-seanjc@google.com> Subject: [PATCH v3 29/57] KVM: x86: Add a macro to init CPUID features that ignore host kernel support From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a macro for use in kvm_set_cpu_caps() to automagically initialize features that KVM wants to support based solely on the CPU's capabilities, e.g. KVM advertises LA57 support if it's available in hardware, even if the host kernel isn't utilizing 57-bit virtual addresses. Track a features that are passed through to userspace (from hardware) in a local variable, and simply OR them in *after* adjusting the capabilities that came from boot_cpu_data. Note, eliminating the open-coded call to cpuid_ecx() also fixes a largely benign bug where KVM could incorrectly report LA57 support on Intel CPUs whose max supported CPUID is less than 7, i.e. if the max supported leaf (<7) happened to have bit 16 set. In practice, barring a funky virtual machine setup, the bug is benign as all known CPUs that support VMX also support leaf 7. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index c9a8513dbc30..9bf324aa5fae 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -610,12 +610,14 @@ static __always_inline u32 raw_cpuid_get(struct cpuid= _reg cpuid) do { \ const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); \ const u32 __maybe_unused kvm_cpu_cap_init_in_progress =3D leaf; \ + u32 kvm_cpu_cap_passthrough =3D 0; \ \ if (leaf < NCAPINTS) \ kvm_cpu_caps[leaf] &=3D (mask); \ else \ kvm_cpu_caps[leaf] =3D (mask); \ \ + kvm_cpu_caps[leaf] |=3D kvm_cpu_cap_passthrough; \ kvm_cpu_caps[leaf] &=3D raw_cpuid_get(cpuid); \ } while (0) =20 @@ -652,6 +654,18 @@ do { \ (IS_ENABLED(CONFIG_X86_64) ? F(name) : 0); \ }) =20 +/* + * Passthrough Feature - For features that KVM supports based purely on raw + * hardware CPUID, i.e. that KVM virtualizes even if the host kernel doesn= 't + * use the feature. Simply force set the feature in KVM's capabilities, r= aw + * CPUID support will be factored in by kvm_cpu_cap_mask(). + */ +#define PASSTHROUGH_F(name) \ +({ \ + kvm_cpu_cap_passthrough |=3D F(name); \ + F(name); \ +}) + /* * Aliased Features - For features in 0x8000_0001.EDX that are duplicates = of * identical 0x1.EDX features, and thus are aliased from 0x1 to 0x8000_000= 1. @@ -777,7 +791,7 @@ void kvm_set_cpu_caps(void) =20 kvm_cpu_cap_init(CPUID_7_ECX, F(AVX512VBMI) | - F(LA57) | + PASSTHROUGH_F(LA57) | F(PKU) | 0 /*OSPKE*/ | F(RDPID) | @@ -796,9 +810,6 @@ void kvm_set_cpu_caps(void) F(SGX_LC) | F(BUS_LOCK_DETECT) ); - /* Set LA57 based on hardware capability. */ - if (cpuid_ecx(7) & feature_bit(LA57)) - kvm_cpu_cap_set(X86_FEATURE_LA57); =20 /* * PKU not yet implemented for shadow paging and requires OSPKE @@ -1076,6 +1087,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); #undef F #undef SF #undef X86_64_F +#undef PASSTHROUGH_F #undef ALIASED_1_EDX_F =20 struct kvm_cpuid_array { --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 272A412F399 for ; Thu, 28 Nov 2024 01:35:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757726; cv=none; b=YpTmXWow8Qv3H48+t0hibqGWWGCi7tfw4WUyZcPC0Tq0CxaJo86xuiQOsqJOQGdzYeT/Cn/ldUMVnHiWXKCVUejpfvHvX7dawjOeKetycEX5tUZvK3viHm6tT8ZA4yHcKEpWkYfXQ88Rpy3fUwW/l9Pvql+8nDd/2xo+kteOLb0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757726; c=relaxed/simple; bh=CSENd+XJitOiA9fbDXgViErMh/qoyOHlWd7MfoxvW/o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FPZst6jRSh5g4fjQHspZBLQISaNNAJY8wxRBItBMSW2ZMVP3W1OIYiaqi0WpruEMN6/d9VT4yoh2sUIzNUj1o9DYZGjUqsdpsBpzhK88yYd03iEZzXVYXSQIxNErDgBmQJdyuq5cY2o3Avx3/kuYNQADZYdxb3uImglNhWgyUqM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pra0+OPq; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pra0+OPq" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-724f5009c7dso417382b3a.2 for ; Wed, 27 Nov 2024 17:35:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757724; x=1733362524; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=UvbZ1B4Wr5O7Bri/mKSYkZd6PGU5NXNueTFlSlg6Lwk=; b=pra0+OPqe7F+FUBMLxMqufrFvp7WhQnU/TKKxIvVAUVMnJWincFdZR4zwPivqYiguo B8jMKEIVahknr6anEmQA3GKOJDq1sfc0umn6oKzarqoi9TD5MtmGdlzWxiC1FQocI71M SVxwIx8vMCGaJp1cZmH6NirYYsNa3/DT8vkc+EuVzTiHB7Q13lvjAi163t/CU6V/4B2Q z4288UJvHBq6XTfngryItmQ13Pk7/kXyno7NZtdMWivxtcRPAjBz3sw9XKbXzmXsVvPC y6UpYpZIOigmJQUjSlAgmJv7u7xdH9f1h4QhXlgdBqJYZabOcjYczdp5l/W0ENNKwaMy kgQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757724; x=1733362524; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UvbZ1B4Wr5O7Bri/mKSYkZd6PGU5NXNueTFlSlg6Lwk=; b=T/MU+NQkAV9OWDpgL2Q3UIQfrIcAeC6cS/iBDs6M8kL7z+a5Yvg/aSlT3toHuLolk5 FZ/wq/xOlPvU43NWLjT3xagK8TlkW7wAjCI8dHPYsY6MzL9Jr1/3FHp8P+7/PZzub8ck eFTjXs9jTii3ipjEsiCZFTFMWl9OpBeNV+qiOPLbdnquP7tg1hlTya/D0++JhZ3vbZLU wly/s9QRJpxlv6pa9kQpz5QO15Owgb0xUbbkR/cwXGZDuqPIbyQSY7XB//h1rGXAxqSW zFk/2La9sq8z2iVyeCK16DzqDBLmtFDBue7IwkRHUvIdnnP/GYLZm6OK+4RnWfRCnJ5L Q1mA== X-Forwarded-Encrypted: i=1; AJvYcCWKU7oQzBsGJUJNXVx6iMAhH66n6MO9trMNE3ZQ8m0JkSTaeLl6/2eXipqryL4foTBJaxFM1n96L/QeVd8=@vger.kernel.org X-Gm-Message-State: AOJu0Ywv4EDCduVA48kdcuHowWrdR7iWs9O7BMokT/7voslgbzCAGb3k 2Ke1+EIjMLJdlzVOSHEWKR22GaxRc0LV98c1ZRJapDfHNzx10Gqu1DDEI3jpFMPLdc80cVY4NQO JPg== X-Google-Smtp-Source: AGHT+IHV9QmwuyRwYzciUV69VGm2dPXe4apxZvap0v2Nd6+2Be40FvYNy0RfWRQ/vYVt+tU6vHkhOz+mjxg= X-Received: from pfat12.prod.google.com ([2002:a05:6a00:aa0c:b0:724:eb4b:cd8f]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:3cc9:b0:724:e80a:330 with SMTP id d2e1a72fcca58-7252ffd85d9mr8200174b3a.5.1732757724495; Wed, 27 Nov 2024 17:35:24 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:57 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-31-seanjc@google.com> Subject: [PATCH v3 30/57] KVM: x86: Add a macro to init CPUID features that KVM emulates in software From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that kvm_cpu_cap_init() is a macro with its own scope, add EMUL_F() to OR-in features that KVM emulates in software, i.e. that don't depend on the feature being available in hardware. The contained scope of kvm_cpu_cap_init() allows using a local variable to track the set of emulated leaves, which in addition to avoiding confusing and/or unnecessary variables, helps prevent misuse of EMUL_F(). Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 9bf324aa5fae..83b29c5a0498 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -611,6 +611,7 @@ do { \ const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); \ const u32 __maybe_unused kvm_cpu_cap_init_in_progress =3D leaf; \ u32 kvm_cpu_cap_passthrough =3D 0; \ + u32 kvm_cpu_cap_emulated =3D 0; \ \ if (leaf < NCAPINTS) \ kvm_cpu_caps[leaf] &=3D (mask); \ @@ -619,6 +620,7 @@ do { \ \ kvm_cpu_caps[leaf] |=3D kvm_cpu_cap_passthrough; \ kvm_cpu_caps[leaf] &=3D raw_cpuid_get(cpuid); \ + kvm_cpu_caps[leaf] |=3D kvm_cpu_cap_emulated; \ } while (0) =20 /* @@ -654,6 +656,16 @@ do { \ (IS_ENABLED(CONFIG_X86_64) ? F(name) : 0); \ }) =20 +/* + * Emulated Feature - For features that KVM emulates in software irrespect= ive + * of host CPU/kernel support. + */ +#define EMULATED_F(name) \ +({ \ + kvm_cpu_cap_emulated |=3D F(name); \ + F(name); \ +}) + /* * Passthrough Feature - For features that KVM supports based purely on raw * hardware CPUID, i.e. that KVM virtualizes even if the host kernel doesn= 't @@ -715,7 +727,7 @@ void kvm_set_cpu_caps(void) 0 /* Reserved, DCA */ | F(XMM4_1) | F(XMM4_2) | - F(X2APIC) | + EMULATED_F(X2APIC) | F(MOVBE) | F(POPCNT) | 0 /* Reserved*/ | @@ -726,8 +738,6 @@ void kvm_set_cpu_caps(void) F(F16C) | F(RDRAND) ); - /* KVM emulates x2apic in software irrespective of host support. */ - kvm_cpu_cap_set(X86_FEATURE_X2APIC); =20 kvm_cpu_cap_init(CPUID_1_EDX, F(FPU) | @@ -761,6 +771,7 @@ void kvm_set_cpu_caps(void) =20 kvm_cpu_cap_init(CPUID_7_0_EBX, F(FSGSBASE) | + EMULATED_F(TSC_ADJUST) | F(SGX) | F(BMI1) | F(HLE) | @@ -823,7 +834,7 @@ void kvm_set_cpu_caps(void) F(AVX512_4FMAPS) | F(SPEC_CTRL) | F(SPEC_CTRL_SSBD) | - F(ARCH_CAPABILITIES) | + EMULATED_F(ARCH_CAPABILITIES) | F(INTEL_STIBP) | F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | @@ -837,10 +848,6 @@ void kvm_set_cpu_caps(void) F(FLUSH_L1D) ); =20 - /* TSC_ADJUST and ARCH_CAPABILITIES are emulated in software. */ - kvm_cpu_cap_set(X86_FEATURE_TSC_ADJUST); - kvm_cpu_cap_set(X86_FEATURE_ARCH_CAPABILITIES); - if (boot_cpu_has(X86_FEATURE_AMD_IBPB_RET) && boot_cpu_has(X86_FEATURE_AMD_IBPB) && boot_cpu_has(X86_FEATURE_AMD_IBRS)) @@ -1026,6 +1033,7 @@ void kvm_set_cpu_caps(void) 0 /* SmmPgCfgLock */ | F(NULL_SEL_CLR_BASE) | F(AUTOIBRS) | + EMULATED_F(NO_SMM_CTL_MSR) | 0 /* PrefetchCtlMsr */ | F(WRMSR_XX_BASE_NS) ); @@ -1052,7 +1060,6 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_LFENCE_RDTSC); if (!static_cpu_has_bug(X86_BUG_NULL_SEG)) kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE); - kvm_cpu_cap_set(X86_FEATURE_NO_SMM_CTL_MSR); =20 kvm_cpu_cap_init(CPUID_C000_0001_EDX, F(XSTORE) | @@ -1087,6 +1094,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); #undef F #undef SF #undef X86_64_F +#undef EMULATED_F #undef PASSTHROUGH_F #undef ALIASED_1_EDX_F =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CECDF1B85E1 for ; Thu, 28 Nov 2024 01:35:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757729; cv=none; b=sIX6RrHw8EXhgthHZq9XRUQo8HZq8vX4/NeKfvgIk08M1aZx4IHHtwesAo2tqD9ShTyJu6pO7Fg6S4doC/KKGC8XYVzkHCETKOADhR1sqmFIhHi5LY86+m14aRnjyP+knLk5meKm2439F7ItpXq/e8vNSJOqCnlJjYjevezXsQk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757729; c=relaxed/simple; bh=peSZjwp9N4GYyxZxJDmNcbV4lxAek6oYmW2aosAipq8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=A8aqkkN0ZWAYKt/HoltOmtrYrQnQZ8WvJ83eWdyjigHJqntTBp0tUvD6RJTx5cBNrgcRgOJb3kxqkBKowlpyYyos6GvB/uAy0rVvHLUhsDM+w9OufWADP7j17JZkL0O1rGYQ5ilV/9SI2+II6D88whFpnnwMAHy0FGQ0Ul45o2M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vbkrKUYo; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vbkrKUYo" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea42039766so386361a91.3 for ; Wed, 27 Nov 2024 17:35:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757726; x=1733362526; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=wsiqnlMyI9LsDoPx/20B2/eZF/hcCF3HsjWTeiF8Pvw=; b=vbkrKUYoYgyCc8QK9tUXR/MR1uXZ8wpqTxZcg3eYngNkAGT7NvWrcx4PSRgSUk0Jk9 /Zh4QfVueFnkwW9RlQt2srVdV7gE/8b2pHy4AFFo+UT5uzb9dQ9MJsaD0S8bXkZkjU2X caQsKZiwLSqYwK1HF92aW5AvinnVMuppKERCr2SB+26SGxws7Ky3uqosdfs3CXBGqaQP SLN/05jHWJJ632VrYqu8zYJKk/ASrF+k0v5fEp7PwkKpKk+z8vlB8S3rq4iqoLmrCAPO Ov7FkiBSo+rL5asYGv5IWm1tr5nGa6cLiLUswBk5DvseUE0T3NiDXH5zM/ZiA10rhVEp Cgdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757726; x=1733362526; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wsiqnlMyI9LsDoPx/20B2/eZF/hcCF3HsjWTeiF8Pvw=; b=EyqeB3QnOGkZbDF5zHCPInrqP6nmf7/KUqyir8fnJs0prRjOSs46uPvWSNMNi17VIf qH9ihVJK0CxLMZwQlBth3A8sobKRVRGG/jc+Yl8lKOL7Wq3TC7Wq5Bz4cq2RnjiUobLQ 86MPCanpiPNCXSFuYfBf7AmzZPLzr5MQ9jD77aR9pEaLuOn8MEh50stXYp4YKyPVJdhJ X3+xoUAZ0Zg10V9bUNfNRkBOBy1XwaP6TpIdavfY17OHTpYU0EC0CYk/RMcDS8EyvCoM NDH67MCCcO0ELQA8Y7RVRzKD4UAInVY5R46hl2Olj+7ehkl/IPPJBfzKCOHPzUfs1/4N HV6Q== X-Forwarded-Encrypted: i=1; AJvYcCUaY36TjXSQLRgLd8pf3eaG1eui4t138o6xR1d1qir9ZEob+7UKWIuGswdyBJBtidMyHBQY/xGwL8R9bMk=@vger.kernel.org X-Gm-Message-State: AOJu0Yzz3PzpDPDVj5Gn34wt0CFUr1VYOIe1m4WBcgmvjF+OqFPFAiMb mr+E7VcfgDqH8t6JHWOJrSbmOSdwZEozz+hVbkqjUSBQAT6TmcnRdwfopajPw3XBbknuHngMXRj uCw== X-Google-Smtp-Source: AGHT+IHNWaK/qErhB07E/52bf/qK2vcCbryuSp9yMaVb9Qldlu/FhFH2PFUyKXSVTHvAmvs9ISiqiOaumqA= X-Received: from pjbcz13.prod.google.com ([2002:a17:90a:d44d:b0:2e1:87e7:ede0]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:38cd:b0:2ea:adaa:1a46 with SMTP id 98e67ed59e1d1-2ee097e2045mr6112849a91.36.1732757726083; Wed, 27 Nov 2024 17:35:26 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:58 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-32-seanjc@google.com> Subject: [PATCH v3 31/57] KVM: x86: Swap incoming guest CPUID into vCPU before massaging in KVM_SET_CPUID2 From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When handling KVM_SET_CPUID{,2}, swap the old and new CPUID arrays and lengths before processing the new CPUID, and simply undo the swap if setting the new CPUID fails for whatever reason. To keep the diff reasonable, continue passing the entry array and length to most helpers, and defer the more complete cleanup to future commits. For any sane VMM, setting "bad" CPUID state is not a hot path (or even something that is surviable), and setting guest CPUID before it's known good will allow removing all of KVM's infrastructure for processing CPUID entries directly (as opposed to operating on vcpu->arch.cpuid_entries). Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 54 ++++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 83b29c5a0498..e8c30de2faa9 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -121,10 +121,10 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_f= ind( return NULL; } =20 -static int kvm_check_cpuid(struct kvm_vcpu *vcpu, - struct kvm_cpuid_entry2 *entries, - int nent) +static int kvm_check_cpuid(struct kvm_vcpu *vcpu) { + struct kvm_cpuid_entry2 *entries =3D vcpu->arch.cpuid_entries; + int nent =3D vcpu->arch.cpuid_nent; struct kvm_cpuid_entry2 *best; u64 xfeatures; =20 @@ -157,9 +157,6 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu, return fpu_enable_guest_xfd_features(&vcpu->arch.guest_fpu, xfeatures); } =20 -static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_c= puid_entry2 *entries, - int nent); - /* Check whether the supplied CPUID data is equal to what is already set f= or the vCPU. */ static int kvm_cpuid_check_equal(struct kvm_vcpu *vcpu, struct kvm_cpuid_e= ntry2 *e2, int nent) @@ -175,8 +172,10 @@ static int kvm_cpuid_check_equal(struct kvm_vcpu *vcpu= , struct kvm_cpuid_entry2 * CPUID processing is functionally correct only because any change in * CPUID is disallowed, i.e. using stale data is ok because the below * checks will reject the change. + * + * Note! @e2 and @nent track the _old_ CPUID entries! */ - __kvm_update_cpuid_runtime(vcpu, e2, nent); + kvm_update_cpuid_runtime(vcpu); =20 if (nent !=3D vcpu->arch.cpuid_nent) return -EINVAL; @@ -329,9 +328,11 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) } EXPORT_SYMBOL_GPL(kvm_update_cpuid_runtime); =20 -static bool kvm_cpuid_has_hyperv(struct kvm_cpuid_entry2 *entries, int nen= t) +static bool kvm_cpuid_has_hyperv(struct kvm_vcpu *vcpu) { #ifdef CONFIG_KVM_HYPERV + struct kvm_cpuid_entry2 *entries =3D vcpu->arch.cpuid_entries; + int nent =3D vcpu->arch.cpuid_nent; struct kvm_cpuid_entry2 *entry; =20 entry =3D cpuid_entry2_find(entries, nent, HYPERV_CPUID_INTERFACE, @@ -408,8 +409,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) __cr4_reserved_bits(guest_cpuid_has, vcpu); #undef __kvm_cpu_cap_has =20 - kvm_hv_set_cpuid(vcpu, kvm_cpuid_has_hyperv(vcpu->arch.cpuid_entries, - vcpu->arch.cpuid_nent)); + kvm_hv_set_cpuid(vcpu, kvm_cpuid_has_hyperv(vcpu)); =20 /* Invoke the vendor callback only after the above state is updated. */ kvm_x86_call(vcpu_after_set_cpuid)(vcpu); @@ -450,6 +450,15 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct= kvm_cpuid_entry2 *e2, { int r; =20 + /* + * Swap the existing (old) entries with the incoming (new) entries in + * order to massage the new entries, e.g. to account for dynamic bits + * that KVM controls, without clobbering the current guest CPUID, which + * KVM needs to preserve in order to unwind on failure. + */ + swap(vcpu->arch.cpuid_entries, e2); + swap(vcpu->arch.cpuid_nent, nent); + /* * KVM does not correctly handle changing guest CPUID after KVM_RUN, as * MAXPHYADDR, GBPAGES support, AMD reserved bit behavior, etc.. aren't @@ -464,27 +473,21 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struc= t kvm_cpuid_entry2 *e2, if (kvm_vcpu_has_run(vcpu)) { r =3D kvm_cpuid_check_equal(vcpu, e2, nent); if (r) - return r; - - kvfree(e2); - return 0; + goto err; + goto success; } =20 #ifdef CONFIG_KVM_HYPERV - if (kvm_cpuid_has_hyperv(e2, nent)) { + if (kvm_cpuid_has_hyperv(vcpu)) { r =3D kvm_hv_vcpu_init(vcpu); if (r) - return r; + goto err; } #endif =20 - r =3D kvm_check_cpuid(vcpu, e2, nent); + r =3D kvm_check_cpuid(vcpu); if (r) - return r; - - kvfree(vcpu->arch.cpuid_entries); - vcpu->arch.cpuid_entries =3D e2; - vcpu->arch.cpuid_nent =3D nent; + goto err; =20 vcpu->arch.kvm_cpuid =3D kvm_get_hypervisor_cpuid(vcpu, KVM_SIGNATURE); #ifdef CONFIG_KVM_XEN @@ -492,7 +495,14 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct= kvm_cpuid_entry2 *e2, #endif kvm_vcpu_after_set_cpuid(vcpu); =20 +success: + kvfree(e2); return 0; + +err: + swap(vcpu->arch.cpuid_entries, e2); + swap(vcpu->arch.cpuid_nent, nent); + return r; } =20 /* when an old userspace process fills a new kernel module */ --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3F9A01B9835 for ; Thu, 28 Nov 2024 01:35:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757730; cv=none; b=UN1mRkhLN6Xrjm6mohkZ8dQhzdeRpKZ81cvZMoVaDHgLZXY/FbO0olWr0rINj9Mtuxz0VIZrcku5cMI2I8v/BqO48x6gIhrOKyk6z5BXVaMllruanfTp7wyH3woSZUmeCdARUbe5aPHCgX7IMUySwdAmUY7NEG6agQPlQwqeJ8k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757730; c=relaxed/simple; bh=6DB4trFrbk9yBinrFJAMaiHYTeHNXaksqKnSo6VP/88=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OSC7ifWwXC+2QA21iJ6IBwjBYsaZ2ZL90O0BU3WlK58a8hicQyibQZtuv3Qe+EURLXtpCfwCxhvUydtlweDtCq6Mzok7RUSs5hn//qKXF1X64MJmNRIUtIhNIcarBWl2O+zmattptWu6qWYxMW9BJTm4QlglypERjtcxpz3CCvk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GP+108G6; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GP+108G6" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea41a5bfe7so382274a91.2 for ; Wed, 27 Nov 2024 17:35:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757728; x=1733362528; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=H4mMlNuJ9TX7gyN173237rpU6OTOfVXmiajFLJnFb4Y=; b=GP+108G6Lx4mfYJfbEUcjoCXR72RZCiNH/poX+lxAiVVudRaL0urxJVmRH88OuhYUK am7ujQq5RKVBao+YzZyvmmlbH/+Rfdfy+7LHMxqJ+XiCOsd2ntzfs81INv5PBVvAjxIG g+oPXVgqDn/TrNID1jvN0nNUEmJYYhllnJcbcAszYDxisUMtiLNnxwCKzlr7W2rnH+WC Kblvsl9aYviN3sP5Y/GYkk1DdPRM9mw6he9wGldbXx/kIdp1UBwmQJs6GzsK0OWm/9SR pr0DXfYrDOnh2h6MCsTPjEOr/vVd+yMnQICbdlrNjs/+4V7h/qLHGO/v3MFNc5TfmzQV miIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757728; x=1733362528; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=H4mMlNuJ9TX7gyN173237rpU6OTOfVXmiajFLJnFb4Y=; b=a+NI8Cvhw5EAwUHIvwJXhUDge54DGOAUE1sGGDd+cuXFXSY6h7fC5mhSII8kiRXlgh 619Aye6pDb+SY0FlqPz2QcrjjJvBX7rDpQuFSK4LGgvwgvlqSNhbEu5zux451dLZQWVL a1nwUh9XhRsNkNkfFEt7yJWG9QNEhepl6wTaT8fJZjfcmN68OyssaCm6aNTdiIA2QNEp 3vVzuBY5kX157sjexwCk/Kzg8vmuMZK1Geo1GH++ddLH/kqJNwplwMy8IEOLzFVM9bfB rSkl+Hl3V5zAvizeWHD2KGS3C0JNEhZn0vk13HFYo2n578Np/JyReppLCfq18XXQd7cp wA8A== X-Forwarded-Encrypted: i=1; AJvYcCVZfI2ylylVoYn/UwFJ/4KRf0k0nfCrphqYwU1WYZnAkHuzapCewJSmRRuFsUTIxZtrovMG0DZZDSk3+O8=@vger.kernel.org X-Gm-Message-State: AOJu0YytIleIyoso/QLidPA5JehEf+wfrxkeikfzciAYP2FeadP3Rjid wiFwLZuV0dmpVnW4qZKJejTrLn1Vo4q12ApiJl1+jji+O+YYiLHUt/mAb0V9alat44uXg1ahOI/ GtA== X-Google-Smtp-Source: AGHT+IFoRYZVgegQAj1HVnIpOo2eSCJNS5N/CF8iITVF/m1xuDHH3WwCi9qcJb1yo4fRCv1bgRo8QRagug4= X-Received: from pjbrr15.prod.google.com ([2002:a17:90b:2b4f:b0:2ea:adc3:8daa]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:d410:b0:2ea:a9ac:eedd with SMTP id 98e67ed59e1d1-2ee08eb1d90mr6910625a91.9.1732757727712; Wed, 27 Nov 2024 17:35:27 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:33:59 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-33-seanjc@google.com> Subject: [PATCH v3 32/57] KVM: x86: Clear PV_UNHALT for !HLT-exiting only when userspace sets CPUID From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that KVM disallows disabling HLT-exiting after vCPUs have been created, i.e. now that it's impossible for kvm_hlt_in_guest() to change while vCPUs are running, apply KVM's PV_UNHALT quirk only when userspace is setting guest CPUID. Opportunistically rename the helper to make it clear that KVM's behavior is a quirk that should never have been added. KVM's documentation explicitly states that userspace should not advertise PV_UNHALT if HLT-exiting is disabled, but for unknown reasons, commit caa057a2cad6 ("KVM: X86: Provide a capability to disable HLT intercepts") didn't stop at documenting the requirement and also massaged the incoming guest CPUID. Unfortunately, it's quite likely that userspace has come to rely on KVM's behavior, i.e. the code can't simply be deleted. The only reason KVM doesn't have an "official" quirk is that there is no known use case where disabling the quirk would make sense, i.e. letting userspace disable the quirk would further increase KVM's burden without any benefit. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index e8c30de2faa9..3ba0e6a67823 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -157,6 +157,8 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu) return fpu_enable_guest_xfd_features(&vcpu->arch.guest_fpu, xfeatures); } =20 +static u32 kvm_apply_cpuid_pv_features_quirk(struct kvm_vcpu *vcpu); + /* Check whether the supplied CPUID data is equal to what is already set f= or the vCPU. */ static int kvm_cpuid_check_equal(struct kvm_vcpu *vcpu, struct kvm_cpuid_e= ntry2 *e2, int nent) @@ -176,6 +178,7 @@ static int kvm_cpuid_check_equal(struct kvm_vcpu *vcpu,= struct kvm_cpuid_entry2 * Note! @e2 and @nent track the _old_ CPUID entries! */ kvm_update_cpuid_runtime(vcpu); + kvm_apply_cpuid_pv_features_quirk(vcpu); =20 if (nent !=3D vcpu->arch.cpuid_nent) return -EINVAL; @@ -246,18 +249,17 @@ static struct kvm_cpuid_entry2 *kvm_find_kvm_cpuid_fe= atures(struct kvm_vcpu *vcp vcpu->arch.cpuid_nent, base); } =20 -static void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) +static u32 kvm_apply_cpuid_pv_features_quirk(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best =3D kvm_find_kvm_cpuid_features(vcpu); =20 - vcpu->arch.pv_cpuid.features =3D 0; + if (!best) + return 0; =20 - /* - * save the feature bitmap to avoid cpuid lookup for every PV - * operation - */ - if (best) - vcpu->arch.pv_cpuid.features =3D best->eax; + if (kvm_hlt_in_guest(vcpu->kvm)) + best->eax &=3D ~(1 << KVM_FEATURE_PV_UNHALT); + + return best->eax; } =20 /* @@ -279,7 +281,6 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu = *vcpu, struct kvm_cpuid_e int nent) { struct kvm_cpuid_entry2 *best; - struct kvm_hypervisor_cpuid kvm_cpuid; =20 best =3D cpuid_entry2_find(entries, nent, 1, KVM_CPUID_INDEX_NOT_SIGNIFIC= ANT); if (best) { @@ -306,13 +307,6 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcpu= *vcpu, struct kvm_cpuid_e cpuid_entry_has(best, X86_FEATURE_XSAVEC))) best->ebx =3D xstate_required_size(vcpu->arch.xcr0, true); =20 - kvm_cpuid =3D __kvm_get_hypervisor_cpuid(entries, nent, KVM_SIGNATURE); - if (kvm_cpuid.base) { - best =3D __kvm_find_kvm_cpuid_features(entries, nent, kvm_cpuid.base); - if (kvm_hlt_in_guest(vcpu->kvm) && best) - best->eax &=3D ~(1 << KVM_FEATURE_PV_UNHALT); - } - if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT)) { best =3D cpuid_entry2_find(entries, nent, 0x1, KVM_CPUID_INDEX_NOT_SIGNI= FICANT); if (best) @@ -396,7 +390,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vcpu->arch.guest_supported_xcr0 =3D cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent= ); =20 - kvm_update_pv_runtime(vcpu); + vcpu->arch.pv_cpuid.features =3D kvm_apply_cpuid_pv_features_quirk(vcpu); =20 vcpu->arch.is_amd_compatible =3D guest_cpuid_is_amd_or_hygon(vcpu); vcpu->arch.maxphyaddr =3D cpuid_query_maxphyaddr(vcpu); --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36A2C1BCA0E for ; Thu, 28 Nov 2024 01:35:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757732; cv=none; b=RZmGS5mrVL3GMqM01KYXXbqB4gqwNt3hQ8/qQM5ivXk9Ontez+s9Fy/Aiz6cjLsDVuwWeC7ZDiNR3bkDMHMLaWcQvrpXYcRfgKySMM1abDPT3LVYrDBRFL9zaqx/Ndf4ZJxjFeqdcTgkQsKstt3IioVKu64aBKgu50wsiA+TbmM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757732; c=relaxed/simple; bh=BOHi8A/5hb/uwqJQxiyLaa5+Aw1vNkUaQHewXa+IN4g=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mWh1ii0fiHMQu355Bmj/F3koND1bkDYOCrXEa49LChZtLsqTZPIePjJz36JUp+5+jnW+10AHtPBNOv1Uabaj2HCSzQjT/6Q2tyHeYo0V949CQHQzb/Id0qcCPLGokU1f3EZ2BwGE3tVhrkRKuN7z1d2mIumTcBu+AiNIREychfU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0Bl9grH4; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0Bl9grH4" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2edba08c89bso389135a91.1 for ; Wed, 27 Nov 2024 17:35:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757729; x=1733362529; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=e4Pxe3blf9Y2K2ZdQ0svEc3rVQZBDN07Z0zGnrD9RNo=; b=0Bl9grH4YNcLs/dya1GuMGZrqv8AhOWUGUNIx73ybvuiRodJ/bi1DETbVHYogZf3fI MA9crns+zRWkCxng/Fn911ujByfjPhjpSmqVQNO5QhHRnChCqp1EsgqxEPGEG3BUWMDS 3rcVDL8J3gC/VjUIK3kmlNxxpmSbG8umiLSU7XSQe6vNrcU6UVYWhtvE6Q0RhsbvPvWn eWsyWNgBLSXfCLd9anDS78tUSA+HCJ2jWqa7IOoGwxtCdEWBqvuH23rPWKpLF6cub2h+ R+OY8vSyQOthbA+jBwsWmkDhTtXkDhkb5ZafelqYtYogc7PfxA+kFauRM4+YRqq0mpqe Kcdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757729; x=1733362529; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e4Pxe3blf9Y2K2ZdQ0svEc3rVQZBDN07Z0zGnrD9RNo=; b=JY88z3f96a3yioF/KKrYDw52AWknu9Dk3Rwff/HTsL3Qw+GrgoqZlMYA38nFghMW89 vB8e76mVy1yx6pY2jsuml+BWPxgpSE/FMV15pe1ZsWfqhDsCmfk80Eldpm1ez/0buDh6 HHFJbABrcyKlhned8n/3JRJ+N+sNq1FFunuIUZ7JVCfLwFJ3zdlKYpgGlAKHN0mJ0u+G 2weSxkGEuFKlSWd/wvzD1Fl/1V9EJ313BXk4EsnN6m/g5Dgre3NlCI8G+sVoGHxd3TSm qItr4GDLkOmRfTRyv+CEqb7tTy/qFGmnZtj68X8F9BySYznzUfCHA1WeHEzhIxHtOJPr FQOQ== X-Forwarded-Encrypted: i=1; AJvYcCV87BSCiFR40Gvb0fQnNG4xG4lxRcmUCN06NdybDosi9MtbXYhQ2+CYwxmJUQAptDW88xmB99ifDKqLM8w=@vger.kernel.org X-Gm-Message-State: AOJu0Yz6/Q9sGBC5FQcKJsDvc2EZCnGUM++941IYzVk+OO3CKcJIrKdt oKnIES9x1ccjRABbsIvMwI6qL23GV0yrmeDR6wbq2qMBEQHOqYiZekZ68g8yMLppibgOuCCGkNq Azw== X-Google-Smtp-Source: AGHT+IEnvoM381gdCbGWtUi0oTubctHex7MPrIE2lhUB8O05uWg05gWZ4NuG6KJ+kdgPCwTpqiqPkelQPuw= X-Received: from pjbee11.prod.google.com ([2002:a17:90a:fc4b:b0:2da:ac73:93dd]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4b51:b0:2ea:88d4:a0cb with SMTP id 98e67ed59e1d1-2ee08eb2f50mr7301304a91.16.1732757729231; Wed, 27 Nov 2024 17:35:29 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:00 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-34-seanjc@google.com> Subject: [PATCH v3 33/57] KVM: x86: Remove unnecessary caching of KVM's PV CPUID base From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that KVM only searches for KVM's PV CPUID base when userspace sets guest CPUID, drop the cache and simply do the search every time. Practically speaking, this is a nop except for situations where userspace sets CPUID _after_ running the vCPU, which is anything but a hot path, e.g. QEMU does so only when hotplugging a vCPU. And on the flip side, caching guest CPUID information, especially information that is used to query/modify _other_ CPUID state, is inherently dangerous as it's all too easy to use stale information, i.e. KVM should only cache CPUID state when the performance and/or programming benefits justify it. Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm_host.h | 1 - arch/x86/kvm/cpuid.c | 34 ++++++++------------------------- 2 files changed, 8 insertions(+), 27 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index e159e44a6a1b..f076df9f18be 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -854,7 +854,6 @@ struct kvm_vcpu_arch { =20 int cpuid_nent; struct kvm_cpuid_entry2 *cpuid_entries; - struct kvm_hypervisor_cpuid kvm_cpuid; bool is_amd_compatible; =20 /* diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3ba0e6a67823..b402b9f59cbb 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -168,12 +168,7 @@ static int kvm_cpuid_check_equal(struct kvm_vcpu *vcpu= , struct kvm_cpuid_entry2 =20 /* * Apply runtime CPUID updates to the incoming CPUID entries to avoid - * false positives due mismatches on KVM-owned feature flags. Note, - * runtime CPUID updates may consume other CPUID-driven vCPU state, - * e.g. KVM or Xen CPUID bases. Updating runtime state before full - * CPUID processing is functionally correct only because any change in - * CPUID is disallowed, i.e. using stale data is ok because the below - * checks will reject the change. + * false positives due mismatches on KVM-owned feature flags. * * Note! @e2 and @nent track the _old_ CPUID entries! */ @@ -231,28 +226,16 @@ static struct kvm_hypervisor_cpuid kvm_get_hypervisor= _cpuid(struct kvm_vcpu *vcp vcpu->arch.cpuid_nent, sig); } =20 -static struct kvm_cpuid_entry2 *__kvm_find_kvm_cpuid_features(struct kvm_c= puid_entry2 *entries, - int nent, u32 kvm_cpuid_base) -{ - return cpuid_entry2_find(entries, nent, kvm_cpuid_base | KVM_CPUID_FEATUR= ES, - KVM_CPUID_INDEX_NOT_SIGNIFICANT); -} - -static struct kvm_cpuid_entry2 *kvm_find_kvm_cpuid_features(struct kvm_vcp= u *vcpu) -{ - u32 base =3D vcpu->arch.kvm_cpuid.base; - - if (!base) - return NULL; - - return __kvm_find_kvm_cpuid_features(vcpu->arch.cpuid_entries, - vcpu->arch.cpuid_nent, base); -} - static u32 kvm_apply_cpuid_pv_features_quirk(struct kvm_vcpu *vcpu) { - struct kvm_cpuid_entry2 *best =3D kvm_find_kvm_cpuid_features(vcpu); + struct kvm_hypervisor_cpuid kvm_cpuid; + struct kvm_cpuid_entry2 *best; =20 + kvm_cpuid =3D kvm_get_hypervisor_cpuid(vcpu, KVM_SIGNATURE); + if (!kvm_cpuid.base) + return 0; + + best =3D kvm_find_cpuid_entry(vcpu, kvm_cpuid.base | KVM_CPUID_FEATURES); if (!best) return 0; =20 @@ -483,7 +466,6 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct = kvm_cpuid_entry2 *e2, if (r) goto err; =20 - vcpu->arch.kvm_cpuid =3D kvm_get_hypervisor_cpuid(vcpu, KVM_SIGNATURE); #ifdef CONFIG_KVM_XEN vcpu->arch.xen.cpuid =3D kvm_get_hypervisor_cpuid(vcpu, XEN_SIGNATURE); #endif --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C77FA12F399 for ; Thu, 28 Nov 2024 01:35:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757733; cv=none; b=WwK3wjdQ/U5QXO+BpL81YtLm56FF2B/OVyrxp6xENhHw7EFS1EZQ/48U45DN+zrPdO08XY/0UpJM7b0C+1AbvyahzgY7A5YhE/5X0vj8DRQD2k9hLecZ5lKxwZd5XBr70DmUzB11EwT4RNqLxDYS/e6otHi43CopUNJ94kz9IbA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757733; c=relaxed/simple; bh=9eO98SZn2mDFLD1a3Lz5wd31zTEPCDCMMncDFhOl7eI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=iNMrNshUOyYYKGeJxl9zqr2CQty0YwdmflnX/s/Bwll1Hq8lMQXlW0bJ7/0UTdEIIlLzLuqdwrFeHm1L3Zu8Fl2jlwnfqIrnwbLTES+oIk9Y3VDM/dwY/SXyhVOgPlM4fBWh0UFZBMDQyF8upxNuQAIvwiygmV8ZDd50VxdF0i0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=IezYaAlY; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IezYaAlY" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-212252f1dc0so2526515ad.3 for ; Wed, 27 Nov 2024 17:35:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757731; x=1733362531; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=OqeKjXj1sUTvQY70HXizSZvJm3WZ8z59TPWcZBFHU5k=; b=IezYaAlYnPIadFBByKkmzDcKk2oBBtACofkVtDBLBWuZMKKLIYr6Cfqig9KCmRr8JR rCPq7DUuhS2PEN6Zw9kEgb+UU5MXB934P659L/HXQkmkLn3x4BP0AmDCR9GfX9NG1dMK HcE4IA8IWUPLf/6U443XZAPDJyQTGeWoM6z3Rxd6DA79tA5l2I2bOd4JYvXLRXtOQwa6 eusEnbvZU/IRkh8e9tEIfkY4eaM82lNEzD5OYPsf//heZFTiaiRhdgf2ZL03p1XyEKlZ aD2rSLIRXZfPF1Jx5SfkNI4LZa5s6zN3uNj4jJf3FIeHRH95sMO+MsABo76EIYkT/IY5 jjNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757731; x=1733362531; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OqeKjXj1sUTvQY70HXizSZvJm3WZ8z59TPWcZBFHU5k=; b=adaPCOaHqMfcdk9yNsM9nZM0d3uHNUaH703suNS6sTNbTujQbT/cW5P1gkuFt7NlxW fOD2Ze7g2jaxeQgLSea0Kt8uoxbtyytxS9eL0MwBSZXiWm9xC4SwdIOwbO++gn6bNwf9 XDDJ7P6K3A5PtrarNB4W4bd+Oh0ZHwdW4Q9pT5skGUhl429V3dY4kwpLblmy3P6uyPYN MiljeRsWrfescaE0QzuexDNXim7JtRaC8MITA8jS5jfd/zQ55j9mV5Yzm12pUG4O0dp6 n+8lpjm6jD52zUTgKqzy9zyyxjUqm3poN6NVs4gqXNRZOfjA98UR0Hj6INwPBzTCMHig hJLw== X-Forwarded-Encrypted: i=1; AJvYcCUysYqHfPDjE8a/YETaxv50xLL/dbBg2WHFnasHy064k7UOK3hIGFo6do/4MB2iUJsj5YJJRewYCYZZJQo=@vger.kernel.org X-Gm-Message-State: AOJu0YxlM6OfEW6V0PoL3R7LRLreuxnsOGpHbbxitfcdlNuM/eD9JAxa xVKez8sCSwkuSONSeU5DmH3UNOrq4J15Xlwj8k21CkXHTxwnpps7FLYAbjxfi2diIoplFbtxj7H JnA== X-Google-Smtp-Source: AGHT+IEPTOpAoWzmwmNnAQ0v/L+7xK9RC0l6auKMFc9n+NhMbuz72rWokNPQIE61N4EBAXYYWy5nTfKjJIY= X-Received: from pfwz6.prod.google.com ([2002:a05:6a00:1d86:b0:725:301d:d8b3]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:990:b0:20c:a19b:8ddd with SMTP id d9443c01a7336-21501e68df9mr69619085ad.51.1732757731031; Wed, 27 Nov 2024 17:35:31 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:01 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-35-seanjc@google.com> Subject: [PATCH v3 34/57] KVM: x86: Always operate on kvm_vcpu data in cpuid_entry2_find() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that KVM sets vcpu->arch.cpuid_{entries,nent} before processing the incoming CPUID entries during KVM_SET_CPUID{,2}, drop the @entries and @nent params from cpuid_entry2_find() and unconditionally operate on the vCPU state. No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 62 +++++++++++++++----------------------------- 1 file changed, 21 insertions(+), 41 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index b402b9f59cbb..af5c66408c78 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -70,8 +70,8 @@ u32 xstate_required_size(u64 xstate_bv, bool compacted) */ #define KVM_CPUID_INDEX_NOT_SIGNIFICANT -1ull =20 -static inline struct kvm_cpuid_entry2 *cpuid_entry2_find( - struct kvm_cpuid_entry2 *entries, int nent, u32 function, u64 index) +static struct kvm_cpuid_entry2 *cpuid_entry2_find(struct kvm_vcpu *vcpu, + u32 function, u64 index) { struct kvm_cpuid_entry2 *e; int i; @@ -88,8 +88,8 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_find( */ lockdep_assert_irqs_enabled(); =20 - for (i =3D 0; i < nent; i++) { - e =3D &entries[i]; + for (i =3D 0; i < vcpu->arch.cpuid_nent; i++) { + e =3D &vcpu->arch.cpuid_entries[i]; =20 if (e->function !=3D function) continue; @@ -123,8 +123,6 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_fin= d( =20 static int kvm_check_cpuid(struct kvm_vcpu *vcpu) { - struct kvm_cpuid_entry2 *entries =3D vcpu->arch.cpuid_entries; - int nent =3D vcpu->arch.cpuid_nent; struct kvm_cpuid_entry2 *best; u64 xfeatures; =20 @@ -132,7 +130,7 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu) * The existing code assumes virtual address is 48-bit or 57-bit in the * canonical address checks; exit if it is ever changed. */ - best =3D cpuid_entry2_find(entries, nent, 0x80000008, + best =3D cpuid_entry2_find(vcpu, 0x80000008, KVM_CPUID_INDEX_NOT_SIGNIFICANT); if (best) { int vaddr_bits =3D (best->eax & 0xff00) >> 8; @@ -145,7 +143,7 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu) * Exposing dynamic xfeatures to the guest requires additional * enabling in the FPU, e.g. to expand the guest XSAVE state size. */ - best =3D cpuid_entry2_find(entries, nent, 0xd, 0); + best =3D cpuid_entry2_find(vcpu, 0xd, 0); if (!best) return 0; =20 @@ -191,15 +189,15 @@ static int kvm_cpuid_check_equal(struct kvm_vcpu *vcp= u, struct kvm_cpuid_entry2 return 0; } =20 -static struct kvm_hypervisor_cpuid __kvm_get_hypervisor_cpuid(struct kvm_c= puid_entry2 *entries, - int nent, const char *sig) +static struct kvm_hypervisor_cpuid kvm_get_hypervisor_cpuid(struct kvm_vcp= u *vcpu, + const char *sig) { struct kvm_hypervisor_cpuid cpuid =3D {}; struct kvm_cpuid_entry2 *entry; u32 base; =20 for_each_possible_hypervisor_cpuid_base(base) { - entry =3D cpuid_entry2_find(entries, nent, base, KVM_CPUID_INDEX_NOT_SIG= NIFICANT); + entry =3D cpuid_entry2_find(vcpu, base, KVM_CPUID_INDEX_NOT_SIGNIFICANT); =20 if (entry) { u32 signature[3]; @@ -219,13 +217,6 @@ static struct kvm_hypervisor_cpuid __kvm_get_hyperviso= r_cpuid(struct kvm_cpuid_e return cpuid; } =20 -static struct kvm_hypervisor_cpuid kvm_get_hypervisor_cpuid(struct kvm_vcp= u *vcpu, - const char *sig) -{ - return __kvm_get_hypervisor_cpuid(vcpu->arch.cpuid_entries, - vcpu->arch.cpuid_nent, sig); -} - static u32 kvm_apply_cpuid_pv_features_quirk(struct kvm_vcpu *vcpu) { struct kvm_hypervisor_cpuid kvm_cpuid; @@ -249,23 +240,22 @@ static u32 kvm_apply_cpuid_pv_features_quirk(struct k= vm_vcpu *vcpu) * Calculate guest's supported XCR0 taking into account guest CPUID data a= nd * KVM's supported XCR0 (comprised of host's XCR0 and KVM_SUPPORTED_XCR0). */ -static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int = nent) +static u64 cpuid_get_supported_xcr0(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best; =20 - best =3D cpuid_entry2_find(entries, nent, 0xd, 0); + best =3D cpuid_entry2_find(vcpu, 0xd, 0); if (!best) return 0; =20 return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } =20 -static void __kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu, struct kvm_c= puid_entry2 *entries, - int nent) +void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best; =20 - best =3D cpuid_entry2_find(entries, nent, 1, KVM_CPUID_INDEX_NOT_SIGNIFIC= ANT); + best =3D cpuid_entry2_find(vcpu, 1, KVM_CPUID_INDEX_NOT_SIGNIFICANT); if (best) { /* Update OSXSAVE bit */ if (boot_cpu_has(X86_FEATURE_XSAVE)) @@ -276,43 +266,36 @@ static void __kvm_update_cpuid_runtime(struct kvm_vcp= u *vcpu, struct kvm_cpuid_e vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE); } =20 - best =3D cpuid_entry2_find(entries, nent, 7, 0); + best =3D cpuid_entry2_find(vcpu, 7, 0); if (best && boot_cpu_has(X86_FEATURE_PKU) && best->function =3D=3D 0x7) cpuid_entry_change(best, X86_FEATURE_OSPKE, kvm_is_cr4_bit_set(vcpu, X86_CR4_PKE)); =20 - best =3D cpuid_entry2_find(entries, nent, 0xD, 0); + best =3D cpuid_entry2_find(vcpu, 0xD, 0); if (best) best->ebx =3D xstate_required_size(vcpu->arch.xcr0, false); =20 - best =3D cpuid_entry2_find(entries, nent, 0xD, 1); + best =3D cpuid_entry2_find(vcpu, 0xD, 1); if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) || cpuid_entry_has(best, X86_FEATURE_XSAVEC))) best->ebx =3D xstate_required_size(vcpu->arch.xcr0, true); =20 if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT)) { - best =3D cpuid_entry2_find(entries, nent, 0x1, KVM_CPUID_INDEX_NOT_SIGNI= FICANT); + best =3D cpuid_entry2_find(vcpu, 0x1, KVM_CPUID_INDEX_NOT_SIGNIFICANT); if (best) cpuid_entry_change(best, X86_FEATURE_MWAIT, vcpu->arch.ia32_misc_enable_msr & MSR_IA32_MISC_ENABLE_MWAIT); } } - -void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) -{ - __kvm_update_cpuid_runtime(vcpu, vcpu->arch.cpuid_entries, vcpu->arch.cpu= id_nent); -} EXPORT_SYMBOL_GPL(kvm_update_cpuid_runtime); =20 static bool kvm_cpuid_has_hyperv(struct kvm_vcpu *vcpu) { #ifdef CONFIG_KVM_HYPERV - struct kvm_cpuid_entry2 *entries =3D vcpu->arch.cpuid_entries; - int nent =3D vcpu->arch.cpuid_nent; struct kvm_cpuid_entry2 *entry; =20 - entry =3D cpuid_entry2_find(entries, nent, HYPERV_CPUID_INTERFACE, + entry =3D cpuid_entry2_find(vcpu, HYPERV_CPUID_INTERFACE, KVM_CPUID_INDEX_NOT_SIGNIFICANT); return entry && entry->eax =3D=3D HYPERV_CPUID_SIGNATURE_EAX; #else @@ -370,8 +353,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) kvm_apic_set_version(vcpu); } =20 - vcpu->arch.guest_supported_xcr0 =3D - cpuid_get_supported_xcr0(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent= ); + vcpu->arch.guest_supported_xcr0 =3D cpuid_get_supported_xcr0(vcpu); =20 vcpu->arch.pv_cpuid.features =3D kvm_apply_cpuid_pv_features_quirk(vcpu); =20 @@ -1756,16 +1738,14 @@ int kvm_dev_ioctl_get_cpuid(struct kvm_cpuid2 *cpui= d, struct kvm_cpuid_entry2 *kvm_find_cpuid_entry_index(struct kvm_vcpu *vcpu, u32 function, u32 index) { - return cpuid_entry2_find(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent, - function, index); + return cpuid_entry2_find(vcpu, function, index); } EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry_index); =20 struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu, u32 function) { - return cpuid_entry2_find(vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent, - function, KVM_CPUID_INDEX_NOT_SIGNIFICANT); + return cpuid_entry2_find(vcpu, function, KVM_CPUID_INDEX_NOT_SIGNIFICANT); } EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry); =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 908AC1C07D6 for ; Thu, 28 Nov 2024 01:35:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757736; cv=none; b=VIk48sWGZ0cENjOcT1k86oo/lj6MwQftw1nUoJ1PACSJJ+8umb1nad9e7fUo8wRThVKIW2kOoq+RUOiPWLMTXvomkwObGeK+9LKcriDwrIV6MJXAzta1mWTP6BTAN+8lhPYczt6nVyr58fT5/RlLRThUcSWDGsOrTG5X2uftpLE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757736; c=relaxed/simple; bh=dmANShCgt8TBaYCJdM9bvuNmFYoQV0bXx+2YV2AZHIY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mDGQBV+zZckytLENoAt/spCX3lWtrf1kpwd6d0RgfW0IU3oBheTRmQq4OghOa4NvnOp1cR9hFw0ofqoURyss3pYfVy48IP2+W/S4lNlUtbpxEhhxSm9CPrWWgD6+3rpt54kBJyzeThz+lNlRbHHWQ21ft4tPvQ8IYgnMkL+rT8s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=myU7Zt4J; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="myU7Zt4J" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea2dc1a51fso363559a91.2 for ; Wed, 27 Nov 2024 17:35:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757733; x=1733362533; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=d27fglAEZdmCFt7lZZWr0B6WUdudB3vEjO/vTpHdmOI=; b=myU7Zt4JPtvLg5f4HXY4JvSmGVA0hBshJV0A6kYJE8C6L19DEaUqcTwE0PuNJKfIrj h2cxc56ab1syygdvgst7j9q4H2EDSM3a6uUC9UcrrfNlS2nvazUwWEZmquI4gXo9qj9N 1agnPgJYnKgB01Iu7NMJr8ZcwWUUt4O4NlN1Y6QYVqRT+U+ruzWHR4MJVmkdqgYv+Imi zp4DvUn+V3KVQzPgOoh4lILxgJUtzZ3Absrl39GcYjFEzPhaFb82ihkNOmyLl+WSZvjm q0YDSajhFualvXlM+asigZyoj4cuTyPbhe8AV2PK9l0QpP7AyxozWRK3h4UplB61OEco r/+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757733; x=1733362533; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=d27fglAEZdmCFt7lZZWr0B6WUdudB3vEjO/vTpHdmOI=; b=w2M0dfCJzwlHCdrogysy9jsYsAkLBor5wBHzuNV5sO6uWUFap3FPBdnU9lVqzwOpzM FPKESLCDcdDhaDcfe3VQsB2bCJIDUIiiDOnFQwtZCdIKJwRLLWMSywJ+zwsV8MGBppsi l09Xp5vebNFJDAfJeNPldu/W2UTJ2u0CLxyol87ZjmTio8A+rEGp8Y0MuWRtUpF3EQOH jrKQ24seM3wmF6yBDQbJVfnZTadxRQ0RYSx6SV1Z4syBJ7O/Qd7WP7fQ1Q27QK8XKfFx Va0MzgTmtVJ0TL50iDl7rhWH51Owy5rMX+TJf9FExFyvxSI+SxSVRryJt4JYH3D4miD+ 5G5Q== X-Forwarded-Encrypted: i=1; AJvYcCWWcemHsctk62L+IuLsf/MGbRum8r5Gj1zUbuvfT3l2zf5X8/w7DrIWfl9Ey4hbzCpe4wjjU9pIKKMFaJA=@vger.kernel.org X-Gm-Message-State: AOJu0Yw+qQd3Kuy1zeS416Nf7kIAYHouwmc+GovcZZXOtjhr6ZqbXfPB GdEp7VMNwQ6CNJtwGPvMmF1OoCZuyHI2go1Tl/O8oKCTcx0TL7VVizx65qV8N3HeSl+CD0pf/91 lJg== X-Google-Smtp-Source: AGHT+IGnxVUWBO7YupB29jJ/tSdtlBsbs6lN4f+B3+fX3YxFu7CEBseh4FCdW27RJ5F2vsaKMBwJEbVHbjk= X-Received: from pjbsp6.prod.google.com ([2002:a17:90b:52c6:b0:2ea:5dea:eafa]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3c87:b0:2ea:3aeb:ecca with SMTP id 98e67ed59e1d1-2ee097c2965mr6144095a91.31.1732757732886; Wed, 27 Nov 2024 17:35:32 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:02 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-36-seanjc@google.com> Subject: [PATCH v3 35/57] KVM: x86: Move kvm_find_cpuid_entry{,_index}() up near cpuid_entry2_find() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move kvm_find_cpuid_entry{,_index}() "up" in cpuid.c so that they are colocated with cpuid_entry2_find(), e.g. to make it easier to see the effective guts of the helpers without having to bounce around cpuid.c. No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index af5c66408c78..fb9c105714e9 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -121,6 +121,20 @@ static struct kvm_cpuid_entry2 *cpuid_entry2_find(stru= ct kvm_vcpu *vcpu, return NULL; } =20 +struct kvm_cpuid_entry2 *kvm_find_cpuid_entry_index(struct kvm_vcpu *vcpu, + u32 function, u32 index) +{ + return cpuid_entry2_find(vcpu, function, index); +} +EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry_index); + +struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu, + u32 function) +{ + return cpuid_entry2_find(vcpu, function, KVM_CPUID_INDEX_NOT_SIGNIFICANT); +} +EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry); + static int kvm_check_cpuid(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best; @@ -1735,20 +1749,6 @@ int kvm_dev_ioctl_get_cpuid(struct kvm_cpuid2 *cpuid, return r; } =20 -struct kvm_cpuid_entry2 *kvm_find_cpuid_entry_index(struct kvm_vcpu *vcpu, - u32 function, u32 index) -{ - return cpuid_entry2_find(vcpu, function, index); -} -EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry_index); - -struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu, - u32 function) -{ - return cpuid_entry2_find(vcpu, function, KVM_CPUID_INDEX_NOT_SIGNIFICANT); -} -EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry); - /* * Intel CPUID semantics treats any query for an out-of-range leaf as if t= he * highest basic leaf (i.e. CPUID.0H:EAX) were requested. AMD CPUID seman= tics --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F07211C07E5 for ; Thu, 28 Nov 2024 01:35:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757736; cv=none; b=dWU2Gsg1/z4A7yJgfnov+mJzPpzZz4fcyycf3aHN2FOSiZ4I3mY2eNSiKq9DbeKgH/0vtdOj2cp7t2070XyJAAPiLNC6FrDN1ds3i/UC3vv5FsNq0lqKsMG5laUgpKXTh23dL6U8iycmPMT99EejKz2g6aVWTWJHpFT/Dt16RaU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757736; c=relaxed/simple; bh=jYievFQLmO0ZX/bL0PmetV/5+n0Jtb0BaFQ/3AUzG/M=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=LbVhG4Md4sdkaEjdxwTxGJIXMSLqfpUraNf1We9m4gB/l008U/M3qmXHuX5hhH/e5nrcumdU/81Xg9mMuOU7YFY4QykcIDXjzmh6AVdiniMTh7kk8UOLu52NjL+wjbDcZlgqJXO9eSnDtlVnNR66xyA3PUJ3CeFMN8eYgQdBL0E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=nLM7Wh+4; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nLM7Wh+4" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea764112f8so513419a91.3 for ; Wed, 27 Nov 2024 17:35:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757734; x=1733362534; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=zfhwkjabiK9i1U3++Dnns7vu53NPqBBvKZSCWfVqk6g=; b=nLM7Wh+4qqTDlqTHNwEqc/wIVpKmw9xgagxwvsMZW6exXLiQq3X1whX1l5mt2RK26N Li43kXIyp2+IgPSdnSXmZNJ6b4HXro0Ae+EDcrEZwE/9pCCd9vq/u2V5YXVfuHzP8hrU GvN74u/h9WeVmVvwo2fcJBCBTbped0psJhS2yTEIwnWNTaUiDGY2VpRF7lkARhowW1cA KGj1cdjPTyL0EsTo5pK2orX/+iAdjd2Bah3ca9aRCvx+pZCAH2J6IhGGz2HP97nXWe78 FqJ7RD9f4z33uTbRp4dUxUUduNVxHKBteIjHCpVuZ1Sj8scYRcYY78PxEgUnOsVifLRr t41w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757734; x=1733362534; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zfhwkjabiK9i1U3++Dnns7vu53NPqBBvKZSCWfVqk6g=; b=wiVlDscmxBzdDGbQP5oo4Tlne38UQ/ZzIVMGVa/8x4sve8j4iCa7F05r+3LogQq54U T84OIO2iVFqgjRFQflmczzTaquqvXyjWQnDkJk0t1oTdL/O9oUPAgHMN/Z6E6YIDgEJ3 W43KNqtzVt8KySqXDwAsiubTEFjSDF8oPDWOl1aSqb4XsGI8ge7AtNFYXj5R+oOLzvcX x7CuZRzTohu6lg1jQTAA5jz0vSpY13AegahFAJ9SMTp85pPg9Y5xiC8bP4O1fdea23u3 aJG5jFwb0xd16wbdeYNXy8JNQbWkVdEmihyaPPMoVHa3I5fHiZ0B9TeIMZBptG5Gsyil xOsA== X-Forwarded-Encrypted: i=1; AJvYcCUVnw+6Ng2WifM4eHzXZSA1kX3QoAMeBQC/11feS/MUi204iPJzdvc26Th4/TCkKuTsHcY/ijypomGTXD8=@vger.kernel.org X-Gm-Message-State: AOJu0YyQIYMFFp+TmqS/VvlGgH3cYNQU7s6RtgY8v9esHDSMxq62sEGs wzrO1zt0Lhxy+CIa2kdU3pU7M3dYl45/926mCV5JuO3gH4GBPMIqr1JstnI+habqwoCm2fuuEB7 wUA== X-Google-Smtp-Source: AGHT+IFxxUsXqKXde7ZelUqTghKoxGn+dhYam6XzQdK6/qbfWvV5DM6aYxLSeMquxqy1kR2q1AUWR13riCk= X-Received: from pjbsj16.prod.google.com ([2002:a17:90b:2d90:b0:2ea:29de:af10]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3b91:b0:2ea:4c8d:c7a2 with SMTP id 98e67ed59e1d1-2ee097bf314mr7300159a91.24.1732757734557; Wed, 27 Nov 2024 17:35:34 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:03 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-37-seanjc@google.com> Subject: [PATCH v3 36/57] KVM: x86: Remove all direct usage of cpuid_entry2_find() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Convert all use of cpuid_entry2_find() to kvm_find_cpuid_entry{,index}() now that cpuid_entry2_find() operates on the vCPU state, i.e. now that there is no need to use cpuid_entry2_find() directly in order to pass in non-vCPU state. To help prevent unwanted usage of cpuid_entry2_find(), #undef KVM_CPUID_INDEX_NOT_SIGNIFICANT, i.e. force KVM to use kvm_find_cpuid_entry(). No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index fb9c105714e9..150d397345d5 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -135,6 +135,12 @@ struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct k= vm_vcpu *vcpu, } EXPORT_SYMBOL_GPL(kvm_find_cpuid_entry); =20 +/* + * cpuid_entry2_find() and KVM_CPUID_INDEX_NOT_SIGNIFICANT should never be= used + * directly outside of kvm_find_cpuid_entry() and kvm_find_cpuid_entry_ind= ex(). + */ +#undef KVM_CPUID_INDEX_NOT_SIGNIFICANT + static int kvm_check_cpuid(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best; @@ -144,8 +150,7 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu) * The existing code assumes virtual address is 48-bit or 57-bit in the * canonical address checks; exit if it is ever changed. */ - best =3D cpuid_entry2_find(vcpu, 0x80000008, - KVM_CPUID_INDEX_NOT_SIGNIFICANT); + best =3D kvm_find_cpuid_entry(vcpu, 0x80000008); if (best) { int vaddr_bits =3D (best->eax & 0xff00) >> 8; =20 @@ -157,7 +162,7 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu) * Exposing dynamic xfeatures to the guest requires additional * enabling in the FPU, e.g. to expand the guest XSAVE state size. */ - best =3D cpuid_entry2_find(vcpu, 0xd, 0); + best =3D kvm_find_cpuid_entry_index(vcpu, 0xd, 0); if (!best) return 0; =20 @@ -211,7 +216,7 @@ static struct kvm_hypervisor_cpuid kvm_get_hypervisor_c= puid(struct kvm_vcpu *vcp u32 base; =20 for_each_possible_hypervisor_cpuid_base(base) { - entry =3D cpuid_entry2_find(vcpu, base, KVM_CPUID_INDEX_NOT_SIGNIFICANT); + entry =3D kvm_find_cpuid_entry(vcpu, base); =20 if (entry) { u32 signature[3]; @@ -258,7 +263,7 @@ static u64 cpuid_get_supported_xcr0(struct kvm_vcpu *vc= pu) { struct kvm_cpuid_entry2 *best; =20 - best =3D cpuid_entry2_find(vcpu, 0xd, 0); + best =3D kvm_find_cpuid_entry_index(vcpu, 0xd, 0); if (!best) return 0; =20 @@ -269,7 +274,7 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best; =20 - best =3D cpuid_entry2_find(vcpu, 1, KVM_CPUID_INDEX_NOT_SIGNIFICANT); + best =3D kvm_find_cpuid_entry(vcpu, 1); if (best) { /* Update OSXSAVE bit */ if (boot_cpu_has(X86_FEATURE_XSAVE)) @@ -280,22 +285,22 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE); } =20 - best =3D cpuid_entry2_find(vcpu, 7, 0); + best =3D kvm_find_cpuid_entry_index(vcpu, 7, 0); if (best && boot_cpu_has(X86_FEATURE_PKU) && best->function =3D=3D 0x7) cpuid_entry_change(best, X86_FEATURE_OSPKE, kvm_is_cr4_bit_set(vcpu, X86_CR4_PKE)); =20 - best =3D cpuid_entry2_find(vcpu, 0xD, 0); + best =3D kvm_find_cpuid_entry_index(vcpu, 0xD, 0); if (best) best->ebx =3D xstate_required_size(vcpu->arch.xcr0, false); =20 - best =3D cpuid_entry2_find(vcpu, 0xD, 1); + best =3D kvm_find_cpuid_entry_index(vcpu, 0xD, 1); if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) || cpuid_entry_has(best, X86_FEATURE_XSAVEC))) best->ebx =3D xstate_required_size(vcpu->arch.xcr0, true); =20 if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT)) { - best =3D cpuid_entry2_find(vcpu, 0x1, KVM_CPUID_INDEX_NOT_SIGNIFICANT); + best =3D kvm_find_cpuid_entry(vcpu, 0x1); if (best) cpuid_entry_change(best, X86_FEATURE_MWAIT, vcpu->arch.ia32_misc_enable_msr & @@ -309,8 +314,7 @@ static bool kvm_cpuid_has_hyperv(struct kvm_vcpu *vcpu) #ifdef CONFIG_KVM_HYPERV struct kvm_cpuid_entry2 *entry; =20 - entry =3D cpuid_entry2_find(vcpu, HYPERV_CPUID_INTERFACE, - KVM_CPUID_INDEX_NOT_SIGNIFICANT); + entry =3D kvm_find_cpuid_entry(vcpu, HYPERV_CPUID_INTERFACE); return entry && entry->eax =3D=3D HYPERV_CPUID_SIGNATURE_EAX; #else return false; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3D371C1AD0 for ; Thu, 28 Nov 2024 01:35:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757738; cv=none; b=svRN7KtGmPcGCjXl4Gr3QRh/fX3OiousIZo6MUb2lFehPXkD4joVD+mOqo8nwu2ojJ/kV/RsHnMf9pDgvEttaYZe63CpdgBf+WWzHU+GRd3Z79ZdBMMin61k0r0LeV70i/HyCOJRZRqM//reLbNvamAvfnxZISzgfKe2F6pjMyg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757738; c=relaxed/simple; bh=Yzxh32zMC9cuwCoV0mcDRBR5LUTqIY74e9pZtQNtQIA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=aOr16h4Kpv/3Mv4ljFC/XGtpoGCwjiqPIZpJnWKRDIWRLvnutlu+/mwyEqzl0WQ5deYH45SoeRpY977PHmAa1AYtBthvnYnC84aBNz54IMvOAop470LIF6Oq5qkFciuTNF5QFJSCwj0RLQEt8tnrYZSOwTowBEwgDG3dCYyYOs4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=tNkKa1Qc; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tNkKa1Qc" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea46465ce4so402896a91.2 for ; Wed, 27 Nov 2024 17:35:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757736; x=1733362536; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=+r3YaJVI8SArru6YzRyxshHYF9vDpkxkSnZ/zCtA4vg=; b=tNkKa1QcB36OvgQvQOGjE1vZqBes79dd/ZrAb2pBEU+9ldJwfoRpWo/yIeCGRBupoK VflFvpYP0BYn6nXjS2hFypq4nueuV96i1oNAbtP3Bsiavr+dwJgVsE4JKfM+vk17pQWz aIhSiRWUqvwqFwKiY6OPuQFwQDDitkerlbTaZ09lSFmjEJ5JfnFCgSUMV6KXZnKlkSb7 yt/lg8nvyvrR44D+q/YdIbqxE+r3yVTiB7wR7TT+IyXQwxeUYARW/p4FxslX1GZXa9fb OQhCrrrito5qex4hyOfqHYSTfx/GVGkYfOoiH7QsKMaQoBjb9w7NDbdgKcw1YTQTMHJo UYKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757736; x=1733362536; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+r3YaJVI8SArru6YzRyxshHYF9vDpkxkSnZ/zCtA4vg=; b=HBw+shO01BNN2l/ifYTsnKA5MtLxbogDLvMs8+HEwtX3M5SwyE8Nul2cPLnIga7obM ize3szp6a9GfLe8e2ry/WWM4OQo1IURdIJ4zxz1hTgPDugJ2qtuDx79Ox1SRD2e2oGdT OoSB0ODhk3jYU4w1UnEVvaEWviwgHw0MpQmB0vzMGREalkFiLps0jhNFAfzFYSsNzQYz VbuxMa63wuz1Np65vNp1KDH8sDSg8vcTDTffuANBECDL9lYv/6faePqG+unW7LcIdAkd wte9EltJYbwbhemmvBygxXjH2+6K6DO1N0z/RvX4Wkt4hls/icxxJ1KVvlXIhrQUImcz 1OXQ== X-Forwarded-Encrypted: i=1; AJvYcCUJQT0oPyj2KoVvaWGMMDMKTj+2xofNORVi5ePOd3nL1dQfwgVpq3xvv2rsTylyW+m0+LhQ1BUV6aKpo0U=@vger.kernel.org X-Gm-Message-State: AOJu0YzsIgtZj9/RtnjTnGwWe6fKqLOeyumDWCE3zHNJwStY2A9UwjL4 ZcMEoSX65q7qANaEPtF39jRaQwpxq7bkRmJvzIECXnfVD+7rgXCzYUuW8AK6JvuX80oZku9Y8Il faw== X-Google-Smtp-Source: AGHT+IHBjhGVoI3QpGx6LnIojWm/sC/X+Cwik3k+m9dhBlZ/JeQyiuq1m19KKA0Gh5+j9faOtyHPg9PbRso= X-Received: from pjbsy13.prod.google.com ([2002:a17:90b:2d0d:b0:2e2:8611:a2cb]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4b4f:b0:2ea:8aac:6aa9 with SMTP id 98e67ed59e1d1-2ee08eb7cb2mr6058336a91.21.1732757736300; Wed, 27 Nov 2024 17:35:36 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:04 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-38-seanjc@google.com> Subject: [PATCH v3 37/57] KVM: x86: Advertise TSC_DEADLINE_TIMER in KVM_GET_SUPPORTED_CPUID From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Unconditionally advertise TSC_DEADLINE_TIMER via KVM_GET_SUPPORTED_CPUID, as KVM always emulates deadline mode, *if* the VM has an in-kernel local APIC. The odds of a VMM emulating the local APIC in userspace, not emulating the TSC deadline timer, _and_ reflecting KVM_GET_SUPPORTED_CPUID back into KVM_SET_CPUID2, i.e. the risk of over-advertising and breaking any setups, is extremely low. KVM has _unconditionally_ advertised X2APIC via CPUID since commit 0d1de2d901f4 ("KVM: Always report x2apic as supported feature"), and it is completely impossible for userspace to emulate X2APIC as KVM doesn't support forwarding the MSR accesses to userspace. I.e. KVM has relied on userspace VMMs to not misreport local APIC capabilities for nearly 13 years. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- Documentation/virt/kvm/api.rst | 9 ++++++--- arch/x86/kvm/cpuid.c | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index bbe445e6c113..61bf1f693e2d 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -1825,15 +1825,18 @@ emulate them efficiently. The fields in each entry = are defined as follows: the values returned by the cpuid instruction for this function/index combination =20 -The TSC deadline timer feature (CPUID leaf 1, ecx[24]) is always returned -as false, since the feature depends on KVM_CREATE_IRQCHIP for local APIC -support. Instead it is reported via:: +x2APIC (CPUID leaf 1, ecx[21) and TSC deadline timer (CPUID leaf 1, ecx[24= ]) +may be returned as true, but they depend on KVM_CREATE_IRQCHIP for in-kern= el +emulation of the local APIC. TSC deadline timer support is also reported = via:: =20 ioctl(KVM_CHECK_EXTENSION, KVM_CAP_TSC_DEADLINE_TIMER) =20 if that returns true and you use KVM_CREATE_IRQCHIP, or if you emulate the feature in userspace, then you can enable the feature for KVM_SET_CPUID2. =20 +Enabling x2APIC in KVM_SET_CPUID2 requires KVM_CREATE_IRQCHIP as KVM doesn= 't +support forwarding x2APIC MSR accesses to userspace, i.e. KVM does not sup= port +emulating x2APIC in userspace. =20 4.47 KVM_PPC_GET_PVINFO ----------------------- diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 150d397345d5..51792cf48cd7 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -716,7 +716,7 @@ void kvm_set_cpu_caps(void) EMULATED_F(X2APIC) | F(MOVBE) | F(POPCNT) | - 0 /* Reserved*/ | + EMULATED_F(TSC_DEADLINE_TIMER) | F(AES) | F(XSAVE) | 0 /* OSXSAVE */ | --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D1651C1F31 for ; Thu, 28 Nov 2024 01:35:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757740; cv=none; b=pp8wuyYDZFONRnnKsOsHxMu9NT08XQdFWMEqY5UdphFpO58lx+yy3yCG2BpZN1K1yIE1UN4siiDkBoBAh090uRNvKY81cGDLpqXYej4ENNQMMMirCWzwwFH8mnb6eo7tgTE5yq9fFfNbCDGaCK8JdvGU1YTvC5tE7amhLmzMXT8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757740; c=relaxed/simple; bh=I/YDR3JStGxjrdjAITcHrtFRex6HHvT0+U3XKq8mm6M=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=sqZonszyBeDkJOc7hnX1ekS57RzlYym49U2Hq9XsTDYhyZJSt6GpLuHbCPw9rD66Jr74yT/5fzhjcwKI9C8W+CNHa/iVtmzUBB2rG/6MQX+D/RsysojKqWtqKRXRhMUyNbJPPXoFQWYWCVBmT3Eeau02hEu8JR+lxWEVGSHFgAE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=coHkjAS0; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="coHkjAS0" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-7ea0069a8b0so181375a12.0 for ; Wed, 27 Nov 2024 17:35:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757738; x=1733362538; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=iYvz2Rhm4HLNhXyImO2FrXh2iHX5TjPw17ql6ofDjOI=; b=coHkjAS0VE0Ntv9SpGYT+KmW5QivqO9hdzy/8Ax60ZfvF72ph+inLrr0cuanXV5l3f fNX2R4CobbCm+VghtCvZciydhfQpP1cxLQdf3aX72gFWbt46AD4wqbhnb4op3InCxZCb 98F6sD0OsuqrTRUv8BrtVJjKGNwTI1Zl1tkKjITkojEX7EWY4Jc00gwCQuBiydBco0eJ TwBlhlp3kGjpzVnfkOWQsTcZhFQj44bpe27d/Dn+egYGM+mzwXdYuJhsRh4Sw6O6czW9 ZmDygonrDlAOp2myVj2NFtDPX/QEjqXDaZ7g0hYTiV0ltVIs3rQSn3bk7bI3w8zIiTlV SMVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757738; x=1733362538; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iYvz2Rhm4HLNhXyImO2FrXh2iHX5TjPw17ql6ofDjOI=; b=kf3i+Fo2GZZW8SFToGQ2RXkDYVPp9xuHeAbZ1TUn98/wm2pWdDL6NfQ/DpwPA9Im9B YlPGN1IF2T2pr7JN31n8hyMY+AtYVv5HDFb91wmS3GbUwB/q2RSKj5osrcX38+IgWwIN mWU1zjjxjBxJECYXrcaLsT5cz2Pi3w+XF+/xVrGSif3KfGY+TuwFh9erzIhUb39PXymc H3Ke++mEKcYKAO48/1DVtttM6GjZeUISdwQeai0lYFq95EesvzeDflc8RoVrDwEvVRVW fPqMYZK7VgMXkbP/EI8oT4DVAZrzokz+IU6zYUMjjUFZ+fCVh923ZVUlkv6XdHfzQWV1 wxUw== X-Forwarded-Encrypted: i=1; AJvYcCX960uLYFm0elQyc1Afu1ERV68vqN/6lvW7bVSpHqaU6SAvfpHTwwrhtE7LExj60Ho6dmFlhzKv4jbQ/+M=@vger.kernel.org X-Gm-Message-State: AOJu0Yxt/at0n6rvkHicrFwEnQO0XeEtpRYpt3dNqt9JWyFCD0Y1tYt5 lTzXKzljbHLp2lNexb5pjkzvUph/FyUnuxSIOIaeeDk/zDDAvSTl8JS9m021JJvk6jkUCvLESR+ Vag== X-Google-Smtp-Source: AGHT+IEVvsXIduk+X8FhHtMD4fvZwF9esFmBYy1M6G4Vt/JFtxhh+BZnNYrS8WzpeGLVp9j7hfA8IMyyDBc= X-Received: from pfba4.prod.google.com ([2002:a05:6a00:ac04:b0:724:e712:5cbe]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:2451:b0:1e0:d45d:645f with SMTP id adf61e73a8af0-1e0e0b9a2fcmr9216517637.39.1732757738016; Wed, 27 Nov 2024 17:35:38 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:05 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-39-seanjc@google.com> Subject: [PATCH v3 38/57] KVM: x86: Advertise HYPERVISOR in KVM_GET_SUPPORTED_CPUID From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Unconditionally advertise "support" for the HYPERVISOR feature in CPUID, as the flag simply communicates to the guest that's it's running under a hypervisor. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 51792cf48cd7..a13bf0ab417d 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -722,7 +722,8 @@ void kvm_set_cpu_caps(void) 0 /* OSXSAVE */ | F(AVX) | F(F16C) | - F(RDRAND) + F(RDRAND) | + EMULATED_F(HYPERVISOR) ); =20 kvm_cpu_cap_init(CPUID_1_EDX, --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 677751C1AD1 for ; Thu, 28 Nov 2024 01:35:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757742; cv=none; b=jhako4NPt9CAzbipRY0MRM30xtWNdZIYllJ1xmxx+nakG0KLrXPYttmb6wjZzx7QI4+58oIAz1Q4NiIsrpzMUHZ0xbIdGkT5TQoXN1DvU69RbuyiAK7/lWqrXOC1pwGuQtIZV7zdS9EPUFc30TUaWfBLEs/0a8O22UcosPzhz8M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757742; c=relaxed/simple; bh=Ko09fGPg58d4gtJfds7nEOBmGJW6Eg8IeQg1lsy3f2o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kbRn1KPv0oEYoHZ9RQoq8s01vE3cCS0JdE4wSEYuOzi0XNnpw8kLzY02uqIeYWVLIBg0B1JjcC5knp31EPmdodMQ05uy6WLLnGhZDB/gm0qOD9rkY6YiEgJTlvWXi5u9dGdsc1cC3ZZlzb2CBs9saOAuwQiguxiIKHzFREJaqZI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HsWBrVXm; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HsWBrVXm" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-724e57da443so482808b3a.1 for ; Wed, 27 Nov 2024 17:35:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757740; x=1733362540; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Z5mz2m6kKCTZNuaJERJ/Wx466GNoCEl0lZqL6S7BoEo=; b=HsWBrVXmrEmSQcYCRScz/jpwkc61m4b0dBKBixl/YcZwgO1n0BA23Aw11lzzp8KWVP jmSwZ6G80V4mRVK2zYIHUK19+KRbbmpuCoV0DrH3GpX9PJfas0EYWRlcgNC8DGNeDwEZ tQNjrkEnO6r9I1G/Y//Got6495GXYDNkqQ+JaIZPZplWJwoaMPB7h/2s5ekNuWL7CfQj x6W4Vs+C3scLHQbSYZrwKvRm3PFq+q/Kq7HL8perud+RsNpjQj/UymFJLQINZE1fVAs2 alzyqXSTaHYCRf6wQvzCPGz2iCbMw6hGlyeTmf9GcctkwA7/BLlREB01+hmJTU7OFx+h r9CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757740; x=1733362540; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Z5mz2m6kKCTZNuaJERJ/Wx466GNoCEl0lZqL6S7BoEo=; b=ix0nHHoTL6X2DbNaOFqrs1Q45FsFA3JcyBhB2ozVxF2Bo3Rkf+iya+fIr2kEUGMuwG wl0Jbm+56Yg3xc4bIYDKvD8sadfCy8IeZfP+RMAR9xNJEBa86NMeKTt+QXDL+ikcoSSc odsar0ulv5JXungPr5udmQYd3dJOlcJNZvA8+1UF7GzNhH54oN2vChJizhFJng1R/bFQ nrhhMDKQ5+IMF1UN7/xLkRw0VUCN1gwZ+AUvZXKQJZF2l6eAzxvOEnqMkwaNfZ/GH+HU gi8Uzt45TbSnQ4HkgM8PC8c8VKZhpFRSOVqpTbL+KruYDFJ7Y9ysoTCGJKrf+z+2zwdB qANg== X-Forwarded-Encrypted: i=1; AJvYcCWrA34ZsIaEYVqBW8E6OW+kEMagQ0qYyX1534kaYxLr6CinMBS3+Mv/wpvcjpieLWxMCBE1vbpuBqnn0TY=@vger.kernel.org X-Gm-Message-State: AOJu0YyDD8tqzuYYAsJk4R31OmgSW3Ph06mbClBSnBIiu0dEOs4lBhKR u7UzdcttKpekYQOuISM1kdfmj7dNazKryUpuSCS5FJQPMbaZ8tMA6w2w/R/H4QomLv/32476p+s c3g== X-Google-Smtp-Source: AGHT+IGN4e81zTS4kP+Ofn5CIFNsE5y0+zMyIPOvoUHWGd1v+71bmhASJah3lNU3D6kLjpr/lMm+o7cK8nk= X-Received: from pjboe13.prod.google.com ([2002:a17:90b:394d:b0:2e5:8726:a956]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3d89:b0:2ea:61de:38ed with SMTP id 98e67ed59e1d1-2ee097c294emr5682516a91.26.1732757739814; Wed, 27 Nov 2024 17:35:39 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:06 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-40-seanjc@google.com> Subject: [PATCH v3 39/57] KVM: x86: Rename "governed features" helpers to use "guest_cpu_cap" From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" As the first step toward replacing KVM's so-called "governed features" framework with a more comprehensive, less poorly named implementation, replace the "kvm_governed_feature" function prefix with "guest_cpu_cap" and rename guest_can_use() to guest_cpu_cap_has(). The "guest_cpu_cap" naming scheme mirrors that of "kvm_cpu_cap", and provides a more clear distinction between guest capabilities, which are KVM controlled (heh, or one might say "governed"), and guest CPUID, which with few exceptions is fully userspace controlled. Opportunistically rewrite the comment about XSS passthrough for SEV-ES guests to avoid referencing so many functions, as such comments are prone to becoming stale (case in point...). No functional change intended. Reviewed-by: Maxim Levitsky Reviewed-by: Binbin Wu Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/cpuid.h | 16 ++++++++-------- arch/x86/kvm/mmu.h | 2 +- arch/x86/kvm/mmu/mmu.c | 4 ++-- arch/x86/kvm/svm/nested.c | 22 +++++++++++----------- arch/x86/kvm/svm/sev.c | 17 ++++++++--------- arch/x86/kvm/svm/svm.c | 26 +++++++++++++------------- arch/x86/kvm/svm/svm.h | 4 ++-- arch/x86/kvm/vmx/nested.c | 6 +++--- arch/x86/kvm/vmx/vmx.c | 16 ++++++++-------- arch/x86/kvm/x86.c | 4 ++-- 11 files changed, 59 insertions(+), 60 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index a13bf0ab417d..7b2fbb148661 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -359,7 +359,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) allow_gbpages =3D tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) : guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES); if (allow_gbpages) - kvm_governed_feature_set(vcpu, X86_FEATURE_GBPAGES); + guest_cpu_cap_set(vcpu, X86_FEATURE_GBPAGES); =20 best =3D kvm_find_cpuid_entry(vcpu, 1); if (best && apic) { diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index 5d0fe3793d75..e1b05da23cf2 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -237,8 +237,8 @@ static __always_inline bool kvm_is_governed_feature(uns= igned int x86_feature) return kvm_governed_feature_index(x86_feature) >=3D 0; } =20 -static __always_inline void kvm_governed_feature_set(struct kvm_vcpu *vcpu, - unsigned int x86_feature) +static __always_inline void guest_cpu_cap_set(struct kvm_vcpu *vcpu, + unsigned int x86_feature) { BUILD_BUG_ON(!kvm_is_governed_feature(x86_feature)); =20 @@ -246,15 +246,15 @@ static __always_inline void kvm_governed_feature_set(= struct kvm_vcpu *vcpu, vcpu->arch.governed_features.enabled); } =20 -static __always_inline void kvm_governed_feature_check_and_set(struct kvm_= vcpu *vcpu, - unsigned int x86_feature) +static __always_inline void guest_cpu_cap_check_and_set(struct kvm_vcpu *v= cpu, + unsigned int x86_feature) { if (kvm_cpu_cap_has(x86_feature) && guest_cpuid_has(vcpu, x86_feature)) - kvm_governed_feature_set(vcpu, x86_feature); + guest_cpu_cap_set(vcpu, x86_feature); } =20 -static __always_inline bool guest_can_use(struct kvm_vcpu *vcpu, - unsigned int x86_feature) +static __always_inline bool guest_cpu_cap_has(struct kvm_vcpu *vcpu, + unsigned int x86_feature) { BUILD_BUG_ON(!kvm_is_governed_feature(x86_feature)); =20 @@ -264,7 +264,7 @@ static __always_inline bool guest_can_use(struct kvm_vc= pu *vcpu, =20 static inline bool kvm_vcpu_is_legal_cr3(struct kvm_vcpu *vcpu, unsigned l= ong cr3) { - if (guest_can_use(vcpu, X86_FEATURE_LAM)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_LAM)) cr3 &=3D ~(X86_CR3_LAM_U48 | X86_CR3_LAM_U57); =20 return kvm_vcpu_is_legal_gpa(vcpu, cr3); diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index e9322358678b..caec3d11638d 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -126,7 +126,7 @@ static inline unsigned long kvm_get_active_pcid(struct = kvm_vcpu *vcpu) =20 static inline unsigned long kvm_get_active_cr3_lam_bits(struct kvm_vcpu *v= cpu) { - if (!guest_can_use(vcpu, X86_FEATURE_LAM)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_LAM)) return 0; =20 return kvm_read_cr3(vcpu) & (X86_CR3_LAM_U48 | X86_CR3_LAM_U57); diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 22e7ad235123..d138560a9320 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -5034,7 +5034,7 @@ static void reset_guest_rsvds_bits_mask(struct kvm_vc= pu *vcpu, __reset_rsvds_bits_mask(&context->guest_rsvd_check, vcpu->arch.reserved_gpa_bits, context->cpu_role.base.level, is_efer_nx(context), - guest_can_use(vcpu, X86_FEATURE_GBPAGES), + guest_cpu_cap_has(vcpu, X86_FEATURE_GBPAGES), is_cr4_pse(context), guest_cpuid_is_amd_compatible(vcpu)); } @@ -5111,7 +5111,7 @@ static void reset_shadow_zero_bits_mask(struct kvm_vc= pu *vcpu, __reset_rsvds_bits_mask(shadow_zero_check, reserved_hpa_bits(), context->root_role.level, context->root_role.efer_nx, - guest_can_use(vcpu, X86_FEATURE_GBPAGES), + guest_cpu_cap_has(vcpu, X86_FEATURE_GBPAGES), is_pse, is_amd); =20 if (!shadow_me_mask) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index b708bdf7eaff..d77b094d9a4d 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -111,7 +111,7 @@ static void nested_svm_uninit_mmu_context(struct kvm_vc= pu *vcpu) =20 static bool nested_vmcb_needs_vls_intercept(struct vcpu_svm *svm) { - if (!guest_can_use(&svm->vcpu, X86_FEATURE_V_VMSAVE_VMLOAD)) + if (!guest_cpu_cap_has(&svm->vcpu, X86_FEATURE_V_VMSAVE_VMLOAD)) return true; =20 if (!nested_npt_enabled(svm)) @@ -594,7 +594,7 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm = *svm, struct vmcb *vmcb12 vmcb_mark_dirty(vmcb02, VMCB_DR); } =20 - if (unlikely(guest_can_use(vcpu, X86_FEATURE_LBRV) && + if (unlikely(guest_cpu_cap_has(vcpu, X86_FEATURE_LBRV) && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { /* * Reserved bits of DEBUGCTL are ignored. Be consistent with @@ -651,7 +651,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, * exit_int_info, exit_int_info_err, next_rip, insn_len, insn_bytes. */ =20 - if (guest_can_use(vcpu, X86_FEATURE_VGIF) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_VGIF) && (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK)) int_ctl_vmcb12_bits |=3D (V_GIF_MASK | V_GIF_ENABLE_MASK); else @@ -689,7 +689,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, =20 vmcb02->control.tsc_offset =3D vcpu->arch.tsc_offset; =20 - if (guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_TSCRATEMSR) && svm->tsc_ratio_msr !=3D kvm_caps.default_tsc_scaling_ratio) nested_svm_update_tsc_ratio_msr(vcpu); =20 @@ -710,7 +710,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, * what a nrips=3D0 CPU would do (L1 is responsible for advancing RIP * prior to injecting the event). */ - if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_NRIPS)) vmcb02->control.next_rip =3D svm->nested.ctl.next_rip; else if (boot_cpu_has(X86_FEATURE_NRIPS)) vmcb02->control.next_rip =3D vmcb12_rip; @@ -720,7 +720,7 @@ static void nested_vmcb02_prepare_control(struct vcpu_s= vm *svm, svm->soft_int_injected =3D true; svm->soft_int_csbase =3D vmcb12_csbase; svm->soft_int_old_rip =3D vmcb12_rip; - if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_NRIPS)) svm->soft_int_next_rip =3D svm->nested.ctl.next_rip; else svm->soft_int_next_rip =3D vmcb12_rip; @@ -728,18 +728,18 @@ static void nested_vmcb02_prepare_control(struct vcpu= _svm *svm, =20 vmcb02->control.virt_ext =3D vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK; - if (guest_can_use(vcpu, X86_FEATURE_LBRV)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_LBRV)) vmcb02->control.virt_ext |=3D (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK); =20 if (!nested_vmcb_needs_vls_intercept(svm)) vmcb02->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; =20 - if (guest_can_use(vcpu, X86_FEATURE_PAUSEFILTER)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_PAUSEFILTER)) pause_count12 =3D svm->nested.ctl.pause_filter_count; else pause_count12 =3D 0; - if (guest_can_use(vcpu, X86_FEATURE_PFTHRESHOLD)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_PFTHRESHOLD)) pause_thresh12 =3D svm->nested.ctl.pause_filter_thresh; else pause_thresh12 =3D 0; @@ -1026,7 +1026,7 @@ int nested_svm_vmexit(struct vcpu_svm *svm) if (vmcb12->control.exit_code !=3D SVM_EXIT_ERR) nested_save_pending_event_to_vmcb12(svm, vmcb12); =20 - if (guest_can_use(vcpu, X86_FEATURE_NRIPS)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_NRIPS)) vmcb12->control.next_rip =3D vmcb02->control.next_rip; =20 vmcb12->control.int_ctl =3D svm->nested.ctl.int_ctl; @@ -1065,7 +1065,7 @@ int nested_svm_vmexit(struct vcpu_svm *svm) if (!nested_exit_on_intr(svm)) kvm_make_request(KVM_REQ_EVENT, &svm->vcpu); =20 - if (unlikely(guest_can_use(vcpu, X86_FEATURE_LBRV) && + if (unlikely(guest_cpu_cap_has(vcpu, X86_FEATURE_LBRV) && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK))) { svm_copy_lbrs(vmcb12, vmcb02); svm_update_lbrv(vcpu); diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 72674b8825c4..4e5aba3f86cd 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4458,16 +4458,15 @@ static void sev_es_vcpu_after_set_cpuid(struct vcpu= _svm *svm) * For SEV-ES, accesses to MSR_IA32_XSS should not be intercepted if * the host/guest supports its use. * - * guest_can_use() checks a number of requirements on the host/guest to - * ensure that MSR_IA32_XSS is available, but it might report true even - * if X86_FEATURE_XSAVES isn't configured in the guest to ensure host - * MSR_IA32_XSS is always properly restored. For SEV-ES, it is better - * to further check that the guest CPUID actually supports - * X86_FEATURE_XSAVES so that accesses to MSR_IA32_XSS by misbehaved - * guests will still get intercepted and caught in the normal - * kvm_emulate_rdmsr()/kvm_emulated_wrmsr() paths. + * KVM treats the guest as being capable of using XSAVES even if XSAVES + * isn't enabled in guest CPUID as there is no intercept for XSAVES, + * i.e. the guest can use XSAVES/XRSTOR to read/write XSS if XSAVE is + * exposed to the guest and XSAVES is supported in hardware. Condition + * full XSS passthrough on the guest being able to use XSAVES *and* + * XSAVES being exposed to the guest so that KVM can at least honor + * guest CPUID for RDMSR and WRMSR. */ - if (guest_can_use(vcpu, X86_FEATURE_XSAVES) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVES) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVES)) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_XSS, 1, 1); else diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index dd15cc635655..f96c62a9d2c2 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1049,7 +1049,7 @@ void svm_update_lbrv(struct kvm_vcpu *vcpu) struct vcpu_svm *svm =3D to_svm(vcpu); bool current_enable_lbrv =3D svm->vmcb->control.virt_ext & LBR_CTL_ENABLE= _MASK; bool enable_lbrv =3D (svm_get_lbr_vmcb(svm)->save.dbgctl & DEBUGCTLMSR_LB= R) || - (is_guest_mode(vcpu) && guest_can_use(vcpu, X86_FEATURE_LBRV) && + (is_guest_mode(vcpu) && guest_cpu_cap_has(vcpu, X86_FEATURE_LBRV) && (svm->nested.ctl.virt_ext & LBR_CTL_ENABLE_MASK)); =20 if (enable_lbrv =3D=3D current_enable_lbrv) @@ -2864,7 +2864,7 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) switch (msr_info->index) { case MSR_AMD64_TSC_RATIO: if (!msr_info->host_initiated && - !guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_TSCRATEMSR)) return 1; msr_info->data =3D svm->tsc_ratio_msr; break; @@ -3024,7 +3024,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr) switch (ecx) { case MSR_AMD64_TSC_RATIO: =20 - if (!guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR)) { + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_TSCRATEMSR)) { =20 if (!msr->host_initiated) return 1; @@ -3046,7 +3046,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr) =20 svm->tsc_ratio_msr =3D data; =20 - if (guest_can_use(vcpu, X86_FEATURE_TSCRATEMSR) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_TSCRATEMSR) && is_guest_mode(vcpu)) nested_svm_update_tsc_ratio_msr(vcpu); =20 @@ -4404,11 +4404,11 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcp= u *vcpu) if (boot_cpu_has(X86_FEATURE_XSAVE) && boot_cpu_has(X86_FEATURE_XSAVES) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) - kvm_governed_feature_set(vcpu, X86_FEATURE_XSAVES); + guest_cpu_cap_set(vcpu, X86_FEATURE_XSAVES); =20 - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_NRIPS); - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_TSCRATEMSR); - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_LBRV); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_NRIPS); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_TSCRATEMSR); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_LBRV); =20 /* * Intercept VMLOAD if the vCPU model is Intel in order to emulate that @@ -4416,12 +4416,12 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcp= u *vcpu) * SVM on Intel is bonkers and extremely unlikely to work). */ if (!guest_cpuid_is_intel_compatible(vcpu)) - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); =20 - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PAUSEFILTER); - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VGIF); - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VNMI); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_PAUSEFILTER); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_VGIF); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_VNMI); =20 svm_recalc_instruction_intercepts(vcpu, svm); =20 diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 43fa6a16eb19..6eff8c60d5eb 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -502,7 +502,7 @@ static inline bool svm_is_intercept(struct vcpu_svm *sv= m, int bit) =20 static inline bool nested_vgif_enabled(struct vcpu_svm *svm) { - return guest_can_use(&svm->vcpu, X86_FEATURE_VGIF) && + return guest_cpu_cap_has(&svm->vcpu, X86_FEATURE_VGIF) && (svm->nested.ctl.int_ctl & V_GIF_ENABLE_MASK); } =20 @@ -554,7 +554,7 @@ static inline bool nested_npt_enabled(struct vcpu_svm *= svm) =20 static inline bool nested_vnmi_enabled(struct vcpu_svm *svm) { - return guest_can_use(&svm->vcpu, X86_FEATURE_VNMI) && + return guest_cpu_cap_has(&svm->vcpu, X86_FEATURE_VNMI) && (svm->nested.ctl.int_ctl & V_NMI_ENABLE_MASK); } =20 diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index aa78b6f38dfe..9aaa703f5f98 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -6617,7 +6617,7 @@ static int vmx_get_nested_state(struct kvm_vcpu *vcpu, vmx =3D to_vmx(vcpu); vmcs12 =3D get_vmcs12(vcpu); =20 - if (guest_can_use(vcpu, X86_FEATURE_VMX) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_VMX) && (vmx->nested.vmxon || vmx->nested.smm.vmxon)) { kvm_state.hdr.vmx.vmxon_pa =3D vmx->nested.vmxon_ptr; kvm_state.hdr.vmx.vmcs12_pa =3D vmx->nested.current_vmptr; @@ -6758,7 +6758,7 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, if (kvm_state->flags & ~KVM_STATE_NESTED_EVMCS) return -EINVAL; } else { - if (!guest_can_use(vcpu, X86_FEATURE_VMX)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_VMX)) return -EINVAL; =20 if (!page_address_valid(vcpu, kvm_state->hdr.vmx.vmxon_pa)) @@ -6792,7 +6792,7 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, return -EINVAL; =20 if ((kvm_state->flags & KVM_STATE_NESTED_EVMCS) && - (!guest_can_use(vcpu, X86_FEATURE_VMX) || + (!guest_cpu_cap_has(vcpu, X86_FEATURE_VMX) || !vmx->nested.enlightened_vmcs_enabled)) return -EINVAL; =20 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 893366e53732..ccba522246c3 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2084,7 +2084,7 @@ int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) [msr_info->index - MSR_IA32_SGXLEPUBKEYHASH0]; break; case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR: - if (!guest_can_use(vcpu, X86_FEATURE_VMX)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_VMX)) return 1; if (vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index, &msr_info->data)) @@ -2394,7 +2394,7 @@ int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR: if (!msr_info->host_initiated) return 1; /* they are read-only */ - if (!guest_can_use(vcpu, X86_FEATURE_VMX)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_VMX)) return 1; return vmx_set_vmx_msr(vcpu, msr_index, data); case MSR_IA32_RTIT_CTL: @@ -4591,7 +4591,7 @@ vmx_adjust_secondary_exec_control(struct vcpu_vmx *vm= x, u32 *exec_control, \ if (cpu_has_vmx_##name()) { \ if (kvm_is_governed_feature(X86_FEATURE_##feat_name)) \ - __enabled =3D guest_can_use(__vcpu, X86_FEATURE_##feat_name); \ + __enabled =3D guest_cpu_cap_has(__vcpu, X86_FEATURE_##feat_name); \ else \ __enabled =3D guest_cpuid_has(__vcpu, X86_FEATURE_##feat_name); \ vmx_adjust_secondary_exec_control(vmx, exec_control, SECONDARY_EXEC_##ct= rl_name,\ @@ -7830,10 +7830,10 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) */ if (boot_cpu_has(X86_FEATURE_XSAVE) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_XSAVES); =20 - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX); - kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_LAM); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_VMX); + guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_LAM); =20 vmx_setup_uret_msrs(vmx); =20 @@ -7841,7 +7841,7 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vmcs_set_secondary_exec_control(vmx, vmx_secondary_exec_control(vmx)); =20 - if (guest_can_use(vcpu, X86_FEATURE_VMX)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_VMX)) vmx->msr_ia32_feature_control_valid_bits |=3D FEAT_CTL_VMX_ENABLED_INSIDE_SMX | FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; @@ -7850,7 +7850,7 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) ~(FEAT_CTL_VMX_ENABLED_INSIDE_SMX | FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX); =20 - if (guest_can_use(vcpu, X86_FEATURE_VMX)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_VMX)) nested_vmx_cr_fixed1_bits_update(vcpu); =20 if (boot_cpu_has(X86_FEATURE_INTEL_PT) && diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9f0ffc3289d2..1ee955cdb109 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1177,7 +1177,7 @@ void kvm_load_guest_xsave_state(struct kvm_vcpu *vcpu) if (vcpu->arch.xcr0 !=3D kvm_host.xcr0) xsetbv(XCR_XFEATURE_ENABLED_MASK, vcpu->arch.xcr0); =20 - if (guest_can_use(vcpu, X86_FEATURE_XSAVES) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVES) && vcpu->arch.ia32_xss !=3D kvm_host.xss) wrmsrl(MSR_IA32_XSS, vcpu->arch.ia32_xss); } @@ -1208,7 +1208,7 @@ void kvm_load_host_xsave_state(struct kvm_vcpu *vcpu) if (vcpu->arch.xcr0 !=3D kvm_host.xcr0) xsetbv(XCR_XFEATURE_ENABLED_MASK, kvm_host.xcr0); =20 - if (guest_can_use(vcpu, X86_FEATURE_XSAVES) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVES) && vcpu->arch.ia32_xss !=3D kvm_host.xss) wrmsrl(MSR_IA32_XSS, kvm_host.xss); } --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 483031C3314 for ; Thu, 28 Nov 2024 01:35:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757743; cv=none; b=ZQOyjCpaCchVlPI1g0yh1Wn1rwr/tWBYDYm7N1VKJ0fOHZoaqQuOex/UgwAXwpJsvDRPrSoeJP9kgTyK0twM60zPuG499yw6d7swop2l0RKJLOzifdzXAnPAYCtRujZZ4NpI1Xg3xP0wL+MJXj/kGNFaKy83+e9x+6POfDZrick= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757743; c=relaxed/simple; bh=7yVlsOTBLAkkQo4xOwkrBuGMo/VmEwmdVE8Il7w9k+c=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=X4rqgBwKuEXV5YEXo/LpU7xymfcQUnTYS3oBtsCEW3mRom5bQLklEqCJoFj6w0FnkCnQlb1gPcL540wEA2e93KiXe0LX2vuKrUx7rotydPO30+K4SyZy2qtyWHGstfKe40dMdU0IePsASq1cqTtG6U9MFeyiQfto0ByP4P0rTXw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YtHBAkpo; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YtHBAkpo" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ea9d209e75so330314a91.3 for ; Wed, 27 Nov 2024 17:35:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757741; x=1733362541; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Nb7G2zzp6/3qSRphNpLLt0E1AVgfUo5XQwnH4lz1CDQ=; b=YtHBAkpoy2S2AkYhbKSWrmEk23vcNjrKuc0DPrdok6opNpicScycbt9KWywvQF9x6p poMnjsoCAxYoBko9lPT/ylpFVciIblu4Jxfhbu+xe/+hbQkzqdSAZz4ekS82APRV1yo6 7pr0Xek36l0t4HMfXdHEN7ombom6ZqAEb77x99Zv/M6VjISUIBBU3NA4K4omUgWDOMIe 1h92i8DRb+jzr5ZUKwuZmYuP7pg3xQWT9D16umDqvFSYXANSJ/L6jLx/94WKldx19MkC Zh+nZZ73E6A6Tu8dICDBxv58G7di4kCcDKhlQPICo9/6tt7jWkDATuY4GQnZLbnW5rkC Dmcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757741; x=1733362541; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Nb7G2zzp6/3qSRphNpLLt0E1AVgfUo5XQwnH4lz1CDQ=; b=ZxbZ+b3N8/HN5xpsuy0pLUX7vaiDVSBFC70d0w5NKQvX+OM8E7ISEJgpssLnMNBVve mVThqB9uZoaTciW2ZGH6T2Z/tlLwLvmthSLd/rLw2AuP3rS/9iGV8LpdMRU62Ltsm+2P jxelTbWnXpFtg2INQ/UNG2F+cXKWNj8EVpMtj5pFbyLTayck8xiG933pWxcRzzVQuKsB MmwKTjGc+IVe4NIyMRttEUDUYvVKGFTdLV0nOM2GNdVXZlf7eJgv58tn4kB+8k8tsTYv lsKBs3kZaJo1v5Z6L+VK1thVo/63cVHXT+/Rb8yilrVrfGT1L3oLHU/FFrSPNpS1yBim tuNQ== X-Forwarded-Encrypted: i=1; AJvYcCWacxWFvehQk5ZXtArMuBuRWAYG15JMZJIzb3xv02oZA3xRExo8iU6jBbrNxeibF9FIDTjXGnhhvny1V1E=@vger.kernel.org X-Gm-Message-State: AOJu0YwSwCgRwYApcAYX5jJ2Z6HLOCa3nN1BQ6Jn6dRS5ml+/feFOiwk UDPnbLYRjsBIOGzvFWCLYJ4WwysPlF8FS8SvFNxLvmSNm6FI9+X05jRvinIndVn+8ZezgRxtyhN mGQ== X-Google-Smtp-Source: AGHT+IGSK7PbzdmQInzCnCBfifncNzfRI/Vyxv4K61WgkCjrM2hP/H3pxBFwKPVAVI2qFkB00qSkp7Lr8QU= X-Received: from pjbpt13.prod.google.com ([2002:a17:90b:3d0d:b0:2ea:6b84:3849]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3e85:b0:2ea:b564:4b35 with SMTP id 98e67ed59e1d1-2ee08eb2211mr6934255a91.9.1732757741638; Wed, 27 Nov 2024 17:35:41 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:07 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-41-seanjc@google.com> Subject: [PATCH v3 40/57] KVM: x86: Replace guts of "governed" features with comprehensive cpu_caps From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace the internals of the governed features framework with a more comprehensive "guest CPU capabilities" implementation, i.e. with a guest version of kvm_cpu_caps. Keep the skeleton of governed features around for now as vmx_adjust_sec_exec_control() relies on detecting governed features to do the right thing for XSAVES, and switching all guest feature queries to guest_cpu_cap_has() requires subtle and non-trivial changes, i.e. is best done as a standalone change. Tracking *all* guest capabilities that KVM cares will allow excising the poorly named "governed features" framework, and effectively optimizes all KVM queries of guest capabilities, i.e. doesn't require making a subjective decision as to whether or not a feature is worth "governing", and doesn't require adding the code to do so. The cost of tracking all features is currently 92 bytes per vCPU on 64-bit kernels: 100 bytes for cpu_caps versus 8 bytes for governed_features. That cost is well worth paying even if the only benefit was eliminating the "governed features" terminology. And practically speaking, the real cost is zero unless those 92 bytes pushes the size of vcpu_vmx or vcpu_svm into a new order-N allocation, and if that happens there are better ways to reduce the footprint of kvm_vcpu_arch, e.g. making the PMU and/or MTRR state separate allocations. Suggested-by: Maxim Levitsky Reviewed-by: Binbin Wu Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm_host.h | 46 +++++++++++++++++++++------------ arch/x86/kvm/cpuid.c | 14 +++++++--- arch/x86/kvm/cpuid.h | 10 +++---- arch/x86/kvm/reverse_cpuid.h | 17 ------------ 4 files changed, 45 insertions(+), 42 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index f076df9f18be..81ce8cd5814a 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -739,6 +739,23 @@ struct kvm_queued_exception { bool has_payload; }; =20 +/* + * Hardware-defined CPUID leafs that are either scattered by the kernel or= are + * unknown to the kernel, but need to be directly used by KVM. Note, these + * word values conflict with the kernel's "bug" caps, but KVM doesn't use = those. + */ +enum kvm_only_cpuid_leafs { + CPUID_12_EAX =3D NCAPINTS, + CPUID_7_1_EDX, + CPUID_8000_0007_EDX, + CPUID_8000_0022_EAX, + CPUID_7_2_EDX, + CPUID_24_0_EBX, + NR_KVM_CPU_CAPS, + + NKVMCAPINTS =3D NR_KVM_CPU_CAPS - NCAPINTS, +}; + struct kvm_vcpu_arch { /* * rip and regs accesses must go through @@ -857,23 +874,20 @@ struct kvm_vcpu_arch { bool is_amd_compatible; =20 /* - * FIXME: Drop this macro and use KVM_NR_GOVERNED_FEATURES directly - * when "struct kvm_vcpu_arch" is no longer defined in an - * arch/x86/include/asm header. The max is mostly arbitrary, i.e. - * can be increased as necessary. + * cpu_caps holds the effective guest capabilities, i.e. the features + * the vCPU is allowed to use. Typically, but not always, features can + * be used by the guest if and only if both KVM and userspace want to + * expose the feature to the guest. + * + * A common exception is for virtualization holes, i.e. when KVM can't + * prevent the guest from using a feature, in which case the vCPU "has" + * the feature regardless of what KVM or userspace desires. + * + * Note, features that don't require KVM involvement in any way are + * NOT enforced/sanitized by KVM, i.e. are taken verbatim from the + * guest CPUID provided by userspace. */ -#define KVM_MAX_NR_GOVERNED_FEATURES BITS_PER_LONG - - /* - * Track whether or not the guest is allowed to use features that are - * governed by KVM, where "governed" means KVM needs to manage state - * and/or explicitly enable the feature in hardware. Typically, but - * not always, governed features can be used by the guest if and only - * if both KVM and userspace want to expose the feature to the guest. - */ - struct { - DECLARE_BITMAP(enabled, KVM_MAX_NR_GOVERNED_FEATURES); - } governed_features; + u32 cpu_caps[NR_KVM_CPU_CAPS]; =20 u64 reserved_gpa_bits; int maxphyaddr; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 7b2fbb148661..f0721ad84a18 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -339,9 +339,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) struct kvm_cpuid_entry2 *best; bool allow_gbpages; =20 - BUILD_BUG_ON(KVM_NR_GOVERNED_FEATURES > KVM_MAX_NR_GOVERNED_FEATURES); - bitmap_zero(vcpu->arch.governed_features.enabled, - KVM_MAX_NR_GOVERNED_FEATURES); + memset(vcpu->arch.cpu_caps, 0, sizeof(vcpu->arch.cpu_caps)); =20 kvm_update_cpuid_runtime(vcpu); =20 @@ -425,6 +423,7 @@ u64 kvm_vcpu_reserved_gpa_bits_raw(struct kvm_vcpu *vcp= u) static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e= 2, int nent) { + u32 vcpu_caps[NR_KVM_CPU_CAPS]; int r; =20 /* @@ -432,10 +431,18 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struc= t kvm_cpuid_entry2 *e2, * order to massage the new entries, e.g. to account for dynamic bits * that KVM controls, without clobbering the current guest CPUID, which * KVM needs to preserve in order to unwind on failure. + * + * Similarly, save the vCPU's current cpu_caps so that the capabilities + * can be updated alongside the CPUID entries when performing runtime + * updates. Full initialization is done if and only if the vCPU hasn't + * run, i.e. only if userspace is potentially changing CPUID features. */ swap(vcpu->arch.cpuid_entries, e2); swap(vcpu->arch.cpuid_nent, nent); =20 + memcpy(vcpu_caps, vcpu->arch.cpu_caps, sizeof(vcpu_caps)); + BUILD_BUG_ON(sizeof(vcpu_caps) !=3D sizeof(vcpu->arch.cpu_caps)); + /* * KVM does not correctly handle changing guest CPUID after KVM_RUN, as * MAXPHYADDR, GBPAGES support, AMD reserved bit behavior, etc.. aren't @@ -476,6 +483,7 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct = kvm_cpuid_entry2 *e2, return 0; =20 err: + memcpy(vcpu->arch.cpu_caps, vcpu_caps, sizeof(vcpu_caps)); swap(vcpu->arch.cpuid_entries, e2); swap(vcpu->arch.cpuid_nent, nent); return r; diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index e1b05da23cf2..0a9c3086539b 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -240,10 +240,9 @@ static __always_inline bool kvm_is_governed_feature(un= signed int x86_feature) static __always_inline void guest_cpu_cap_set(struct kvm_vcpu *vcpu, unsigned int x86_feature) { - BUILD_BUG_ON(!kvm_is_governed_feature(x86_feature)); + unsigned int x86_leaf =3D __feature_leaf(x86_feature); =20 - __set_bit(kvm_governed_feature_index(x86_feature), - vcpu->arch.governed_features.enabled); + vcpu->arch.cpu_caps[x86_leaf] |=3D __feature_bit(x86_feature); } =20 static __always_inline void guest_cpu_cap_check_and_set(struct kvm_vcpu *v= cpu, @@ -256,10 +255,9 @@ static __always_inline void guest_cpu_cap_check_and_se= t(struct kvm_vcpu *vcpu, static __always_inline bool guest_cpu_cap_has(struct kvm_vcpu *vcpu, unsigned int x86_feature) { - BUILD_BUG_ON(!kvm_is_governed_feature(x86_feature)); + unsigned int x86_leaf =3D __feature_leaf(x86_feature); =20 - return test_bit(kvm_governed_feature_index(x86_feature), - vcpu->arch.governed_features.enabled); + return vcpu->arch.cpu_caps[x86_leaf] & __feature_bit(x86_feature); } =20 static inline bool kvm_vcpu_is_legal_cr3(struct kvm_vcpu *vcpu, unsigned l= ong cr3) diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index 1d2db9d529ff..fde0ae986003 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -6,23 +6,6 @@ #include #include =20 -/* - * Hardware-defined CPUID leafs that are either scattered by the kernel or= are - * unknown to the kernel, but need to be directly used by KVM. Note, these - * word values conflict with the kernel's "bug" caps, but KVM doesn't use = those. - */ -enum kvm_only_cpuid_leafs { - CPUID_12_EAX =3D NCAPINTS, - CPUID_7_1_EDX, - CPUID_8000_0007_EDX, - CPUID_8000_0022_EAX, - CPUID_7_2_EDX, - CPUID_24_0_EBX, - NR_KVM_CPU_CAPS, - - NKVMCAPINTS =3D NR_KVM_CPU_CAPS - NCAPINTS, -}; - /* * Define a KVM-only feature flag. * --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 381E813A868 for ; Thu, 28 Nov 2024 01:35:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757746; cv=none; b=l2BzPMYT9OD3I3Ie9hq812JSiYWMMxExZ++FROxHLu0bhxcrwwa4SvTqXoOMjNcyan1f3auaj/BXVpwuOHhKwkLTfkZ1vVc3KmEv5Zld25OvIf+jXjCzGdcOJHWADj5co4U2Mjvk888pZBVdKzZIARGlBbduEUr+j1BDh5+eUQY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757746; c=relaxed/simple; bh=92keq9rYVnfI72Sl5mEjMVDS+yT2LY6IoXcHRK65XJw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eQo9Qm+RVQeWCSlZKYStV1JjZZuDS4MIdenTqP+jcps1EfKG/MFueKSILbEeN5Ai+8n+peRsYtxU2gFFGuY3ZIHnhF1MQGBw/17digVsxN22N2tWrCSGxebnSHu6lholfysvMRyDxx2cXaYXypKnOf/P/YslRzW8bIGJnTH8pvk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1aPKCnRp; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1aPKCnRp" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea9d209e75so330335a91.3 for ; Wed, 27 Nov 2024 17:35:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757743; x=1733362543; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=u3faRSI22z3et+y5MURj5HjuZ7x9Q7bUTGIwT0EzhTI=; b=1aPKCnRp3J4tPis1iTU60GNjeMWJn7cpgLTLW5aklajNxzamX9F7php368JKHB/KS2 eAVyulxc00vlyXXDtw5yUFuNsCRSr+IsuMKxs52yRR1rBYrz2S8hecFVIUs/kWwGcQO5 isQJMZ0UTnpNGBu41/MmXGbewn+kz2lCsNVBCzGFHm+Lfl3IMU/fFruOvfaRyiwF/QK7 u8O9KibRTx+adkFLxKi9CD2PXydw76qI74IvNrgsB7cgudXZue2RkKdgvcZFeUGdYNHZ lCSpVTlnsN153060UUZvJTM9cL/Xu7itmGfuhnAUB20TZD4ESMFq6TPWQ0nZqHgdlxzZ 6iAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757743; x=1733362543; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u3faRSI22z3et+y5MURj5HjuZ7x9Q7bUTGIwT0EzhTI=; b=Xa5p6rcTWWUurysEK8Gu++nz1wOYvOB5Z6+j+pxh/A5SvzdMExdIwBwuZg4WAbJZzA zkSSM7s8yaRnB7Zu2XFNBkIUaoEqcg7JKzgM1u+jDl2u3cfQlCU+9keWYGY1pcon5lcP sg3+ZoEXit9ZSZODfnTQzIgktlVxi3v6HXqASfdNlda6tO3nEs2+nynaHd1KfAvtpeJG tgH2Pjuzk254XMjiNW/LI5DwYgbcCrA6/miNp68XjBgaAd6AStA+9lrPQLMOHiZyrKQM XiitMw5wf2TYb3pAb4DKC5iAPUHC+9nU/JeSRsiAJCAyaxP6RzvxYOJyNAQ4c+Tu9JI2 +dxA== X-Forwarded-Encrypted: i=1; AJvYcCWZRgkWx5Cjzp+ztzoEDYNrxOLETmUqY3OiSalrwV2u8Yz5BVCOvnFlb2aVpi39467Zd2guGFgnRJCDaQo=@vger.kernel.org X-Gm-Message-State: AOJu0Yzs7eu5R1q2GEFng3LC7DDMUAd4YHCoKU2JZRYhczZfjcktztvC mJDov29dbsK0pqu5HKQp2oNs+/YrUHVho7HOrlfryWg7I1kV31ImNQF6Wn11KbgJEmZ/9lcQYTL xag== X-Google-Smtp-Source: AGHT+IHkLD1IxGMjy6XNlloNCtxNSt5vSskTN6pRS/Udiozse6OwFa4oFe1yyMOUO29n6zTQXarZYRytAm8= X-Received: from pjbnd10.prod.google.com ([2002:a17:90b:4cca:b0:2ea:8715:5c92]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4c4a:b0:2ea:4578:46de with SMTP id 98e67ed59e1d1-2ee08ecf99emr6851103a91.20.1732757743531; Wed, 27 Nov 2024 17:35:43 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:08 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-42-seanjc@google.com> Subject: [PATCH v3 41/57] KVM: x86: Initialize guest cpu_caps based on guest CPUID From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Initialize a vCPU's capabilities based on the guest CPUID provided by userspace instead of simply zeroing the entire array. This is the first step toward using cpu_caps to query *all* CPUID-based guest capabilities, i.e. will allow converting all usage of guest_cpuid_has() to guest_cpu_cap_has(). Zeroing the array was the logical choice when using cpu_caps was opt-in, e.g. "unsupported" was generally a safer default, and the whole point of governed features is that KVM would need to check host and guest support, i.e. making everything unsupported by default didn't require more code. But requiring KVM to manually "enable" every CPUID-based feature in cpu_caps would require an absurd amount of boilerplate code. Follow existing CPUID/kvm_cpu_caps nomenclature where possible, e.g. for the change() and clear() APIs. Replace check_and_set() with constrain() to try and capture that KVM is constraining userspace's desired guest feature set based on KVM's capabilities. This is intended to be gigantic nop, i.e. should not have any impact on guest or KVM functionality. This is also an intermediate step; a future commit will also incorporate KVM support into the vCPU's cpu_caps before converting guest_cpuid_has() to guest_cpu_cap_has(). Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 46 ++++++++++++++++++++++++++++++++++++++++-- arch/x86/kvm/cpuid.h | 24 +++++++++++++++++++--- arch/x86/kvm/svm/svm.c | 28 +++++++++++++------------ arch/x86/kvm/vmx/vmx.c | 8 +++++--- 4 files changed, 85 insertions(+), 21 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index f0721ad84a18..803d89577e6f 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -333,13 +333,56 @@ static bool guest_cpuid_is_amd_or_hygon(struct kvm_vc= pu *vcpu) is_guest_vendor_hygon(entry->ebx, entry->ecx, entry->edx); } =20 +/* + * This isn't truly "unsafe", but except for the cpu_caps initialization c= ode, + * all register lookups should use __cpuid_entry_get_reg(), which provides + * compile-time validation of the input. + */ +static u32 cpuid_get_reg_unsafe(struct kvm_cpuid_entry2 *entry, u32 reg) +{ + switch (reg) { + case CPUID_EAX: + return entry->eax; + case CPUID_EBX: + return entry->ebx; + case CPUID_ECX: + return entry->ecx; + case CPUID_EDX: + return entry->edx; + default: + WARN_ON_ONCE(1); + return 0; + } +} + void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic =3D vcpu->arch.apic; struct kvm_cpuid_entry2 *best; + struct kvm_cpuid_entry2 *entry; bool allow_gbpages; + int i; =20 memset(vcpu->arch.cpu_caps, 0, sizeof(vcpu->arch.cpu_caps)); + BUILD_BUG_ON(ARRAY_SIZE(reverse_cpuid) !=3D NR_KVM_CPU_CAPS); + + /* + * Reset guest capabilities to userspace's guest CPUID definition, i.e. + * honor userspace's definition for features that don't require KVM or + * hardware management/support (or that KVM simply doesn't care about). + */ + for (i =3D 0; i < NR_KVM_CPU_CAPS; i++) { + const struct cpuid_reg cpuid =3D reverse_cpuid[i]; + + if (!cpuid.function) + continue; + + entry =3D kvm_find_cpuid_entry_index(vcpu, cpuid.function, cpuid.index); + if (!entry) + continue; + + vcpu->arch.cpu_caps[i] =3D cpuid_get_reg_unsafe(entry, cpuid.reg); + } =20 kvm_update_cpuid_runtime(vcpu); =20 @@ -356,8 +399,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) */ allow_gbpages =3D tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) : guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES); - if (allow_gbpages) - guest_cpu_cap_set(vcpu, X86_FEATURE_GBPAGES); + guest_cpu_cap_change(vcpu, X86_FEATURE_GBPAGES, allow_gbpages); =20 best =3D kvm_find_cpuid_entry(vcpu, 1); if (best && apic) { diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index 0a9c3086539b..8c9d6be8cb58 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -245,11 +245,29 @@ static __always_inline void guest_cpu_cap_set(struct = kvm_vcpu *vcpu, vcpu->arch.cpu_caps[x86_leaf] |=3D __feature_bit(x86_feature); } =20 -static __always_inline void guest_cpu_cap_check_and_set(struct kvm_vcpu *v= cpu, - unsigned int x86_feature) +static __always_inline void guest_cpu_cap_clear(struct kvm_vcpu *vcpu, + unsigned int x86_feature) { - if (kvm_cpu_cap_has(x86_feature) && guest_cpuid_has(vcpu, x86_feature)) + unsigned int x86_leaf =3D __feature_leaf(x86_feature); + + vcpu->arch.cpu_caps[x86_leaf] &=3D ~__feature_bit(x86_feature); +} + +static __always_inline void guest_cpu_cap_change(struct kvm_vcpu *vcpu, + unsigned int x86_feature, + bool guest_has_cap) +{ + if (guest_has_cap) guest_cpu_cap_set(vcpu, x86_feature); + else + guest_cpu_cap_clear(vcpu, x86_feature); +} + +static __always_inline void guest_cpu_cap_constrain(struct kvm_vcpu *vcpu, + unsigned int x86_feature) +{ + if (!kvm_cpu_cap_has(x86_feature)) + guest_cpu_cap_clear(vcpu, x86_feature); } =20 static __always_inline bool guest_cpu_cap_has(struct kvm_vcpu *vcpu, diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index f96c62a9d2c2..3b94cb6c2b7a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4401,27 +4401,29 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcp= u *vcpu) * XSS on VM-Enter/VM-Exit. Failure to do so would effectively give * the guest read/write access to the host's XSS. */ - if (boot_cpu_has(X86_FEATURE_XSAVE) && - boot_cpu_has(X86_FEATURE_XSAVES) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) - guest_cpu_cap_set(vcpu, X86_FEATURE_XSAVES); + guest_cpu_cap_change(vcpu, X86_FEATURE_XSAVES, + boot_cpu_has(X86_FEATURE_XSAVE) && + boot_cpu_has(X86_FEATURE_XSAVES) && + guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)); =20 - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_NRIPS); - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_TSCRATEMSR); - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_LBRV); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_NRIPS); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_TSCRATEMSR); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_LBRV); =20 /* * Intercept VMLOAD if the vCPU model is Intel in order to emulate that * VMLOAD drops bits 63:32 of SYSENTER (ignoring the fact that exposing * SVM on Intel is bonkers and extremely unlikely to work). */ - if (!guest_cpuid_is_intel_compatible(vcpu)) - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); + if (guest_cpuid_is_intel_compatible(vcpu)) + guest_cpu_cap_clear(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); + else + guest_cpu_cap_constrain(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); =20 - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_PAUSEFILTER); - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_PFTHRESHOLD); - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_VGIF); - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_VNMI); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_PAUSEFILTER); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_PFTHRESHOLD); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_VGIF); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_VNMI); =20 svm_recalc_instruction_intercepts(vcpu, svm); =20 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index ccba522246c3..8b95ba323a17 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7830,10 +7830,12 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) */ if (boot_cpu_has(X86_FEATURE_XSAVE) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_XSAVES); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_XSAVES); + else + guest_cpu_cap_clear(vcpu, X86_FEATURE_XSAVES); =20 - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_VMX); - guest_cpu_cap_check_and_set(vcpu, X86_FEATURE_LAM); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_VMX); + guest_cpu_cap_constrain(vcpu, X86_FEATURE_LAM); =20 vmx_setup_uret_msrs(vmx); =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8D2E1C4A1F for ; Thu, 28 Nov 2024 01:35:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757747; cv=none; b=flrwaXEP5mumus4lmoKfLgkF587p8d+G7mkFDV59wUKcGyWFnsYqiOd4Vnian8BrKqAHYPP9LltXiYgmupATy0fb2d2/4uFHEr8G1EOZYKG2f2uFB3s2PzXereL4SHUs+zNdSjFa7S9dp3LWuboHz8EEEmzxSDsaY9kSYABuJTo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757747; c=relaxed/simple; bh=N0jpzgpDVGDVdYSAga/+/UOxB/D8WpjPpvJqspM+rEM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tBI6O7hXy5x/0fQo6/PaCDmTlyuOqWHTto/exoJ3B+ADRibiMbB6vpm0PZxnCQMvIeMjwMD1fU077nPi7nG8cWA/Ve0PFBMRGmS/4/36Y1mJYBFRlMvOy+On6WEE7dsZPC+H2aKZRos8RgLEkFOiCcCt8FoaEQ1m+tGce5Tb5VM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bYU/UifD; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bYU/UifD" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ee0c9962daso354396a91.2 for ; Wed, 27 Nov 2024 17:35:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757745; x=1733362545; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=LQdNVoeKSGGjB98KPAh0ULz3SFWlc3gHAqK/jbG3+GY=; b=bYU/UifDwTvGWIc9DqcScSCbI5jH+S+5vz261dSr6Y1MkBY5jSB4NZ9E52gtwhfD34 ySI25sh1jJMk95UZal+4/Q2oJojJQJXOczToSeSQcJEsnyt2qwxeQtNWGQOZGCCD+6Zl gi/8bdq6qFS8/85thoNUDHcJoUuIT+UHaCHfgYbjzCsKgBOJW836peJJOdm/EshApZXl R3tmiA6iVJJrMhXkm4Oj/6J68SvP2H6ZkTH2Ec6T7HSHgJlfjdbypCCujsepjNTktMjd PIkMEeDY7AyCUpvm+5+g1FruOjMrHOyxfCvZUVASq2xH7RRqPFRU+rYRv32z0uDWWoWS LGnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757745; x=1733362545; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LQdNVoeKSGGjB98KPAh0ULz3SFWlc3gHAqK/jbG3+GY=; b=BabFT8fxGd3NHHIXfr4qcbGvdAm/2PPvQZLMrayL650SMJyr+snWkidH44OwKoA1nE DiOZvGnBLWzgPlxdlNBFDI4a/ZQrULQGXhLBDqXeRhFC8I/yoZXkyB4SGqKziSCXrL7E DTacg/sMUuzE4BbwRa15wLk+L/5EZNagHsFeXW8OpLxS4IdxQxg85xxw6qPZf1tGQfMb XO34FDQAwpVr6A/9I95iE9JVSykDiJhXR00Vijctu+mj4QA0ti0JmPofYT+6CPQpt04q XLaC9F6nz+OdyTH2HVB5mHRj8ZOGgifRfru03P8P2mv75Ax8pkFixbEzI62PtFcScPrm xmSQ== X-Forwarded-Encrypted: i=1; AJvYcCVjxqkt5+S0LCAKyWPc2EXr/VF4P3LMFFkcpDQusqhRQ3fy/jGwQs6/xCiyDcsEdMVLzkEWRdbFwXaohG0=@vger.kernel.org X-Gm-Message-State: AOJu0Yxez3Es7JPlgCz/9xeyd5QuXhyDbJpy1LgBdcCQx8C6Dn1NvNZC QWBQxbqixt5gaP8cl3GjWSllr2cJaXvKLC+7qhBJEHmxoq4kZAwzCNYr63al97GIGVnxgPQwLKj i1Q== X-Google-Smtp-Source: AGHT+IFlkq9MMdFSKUul4GQoN1KnM44hUUTz4mhw5LrBQTyUE/VFwuZ91Pk4S+UJWRbkromXKR6FuSHOEpY= X-Received: from pjbsc12.prod.google.com ([2002:a17:90b:510c:b0:2ea:479a:6016]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2b47:b0:2ea:49a8:917b with SMTP id 98e67ed59e1d1-2ee08dab307mr7739102a91.0.1732757745355; Wed, 27 Nov 2024 17:35:45 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:09 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-43-seanjc@google.com> Subject: [PATCH v3 42/57] KVM: x86: Extract code for generating per-entry emulated CPUID information From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Extract the meat of __do_cpuid_func_emulated() into a separate helper, cpuid_func_emulated(), so that cpuid_func_emulated() can be used with a single CPUID entry. This will allow marking emulated features as fully supported in the guest cpu_caps without needing to hardcode the set of emulated features in multiple locations. No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 803d89577e6f..153c4378b987 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1192,14 +1192,10 @@ static struct kvm_cpuid_entry2 *do_host_cpuid(struc= t kvm_cpuid_array *array, return entry; } =20 -static int __do_cpuid_func_emulated(struct kvm_cpuid_array *array, u32 fun= c) +static int cpuid_func_emulated(struct kvm_cpuid_entry2 *entry, u32 func) { - struct kvm_cpuid_entry2 *entry; + memset(entry, 0, sizeof(*entry)); =20 - if (array->nent >=3D array->maxnent) - return -E2BIG; - - entry =3D &array->entries[array->nent]; entry->function =3D func; entry->index =3D 0; entry->flags =3D 0; @@ -1207,23 +1203,27 @@ static int __do_cpuid_func_emulated(struct kvm_cpui= d_array *array, u32 func) switch (func) { case 0: entry->eax =3D 7; - ++array->nent; - break; + return 1; case 1: entry->ecx =3D feature_bit(MOVBE); - ++array->nent; - break; + return 1; case 7: entry->flags |=3D KVM_CPUID_FLAG_SIGNIFCANT_INDEX; entry->eax =3D 0; if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) entry->ecx =3D feature_bit(RDPID); - ++array->nent; - break; + return 1; default: - break; + return 0; } +} =20 +static int __do_cpuid_func_emulated(struct kvm_cpuid_array *array, u32 fun= c) +{ + if (array->nent >=3D array->maxnent) + return -E2BIG; + + array->nent +=3D cpuid_func_emulated(&array->entries[array->nent], func); return 0; } =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6AEB81C68A6 for ; Thu, 28 Nov 2024 01:35:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757749; cv=none; b=Ji7bqj9dl6nSNkzWJ0yDFeuj0+F7bnTOqSFPE83LhI0KNHwfKqzT5ouIfTY55kvESDGoNl13CV3qh7PhIx5CUP0ZdvoeNMZTC36vCQ8TvkGYB8/8dafKalyyU0MUELhEn4f4lU88ZmvLMnaOALiEUS0/OP1+GetzSwsUlaFYu2M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757749; c=relaxed/simple; bh=TB2Njr8V9gci+zAwKAzdTpYDyYSzzQCUHvTbCzkV3Hg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KyRVXVOwJMVExj43E4A+aNrejfx6l0eM19327Rloamy+PXWKkTc0SFDFxTj0tmfqwxVUJr+pZhAlkBWc7g4JQC23Jbon40IIj736SJTRfafVuoc3DBMez0XOdBxuuTQ7cB787m3fbug9UIqxNfhJbTDXCLsNRBb9HvP5sxhgF2M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NyqeEdNx; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NyqeEdNx" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-724e57da443so482982b3a.1 for ; Wed, 27 Nov 2024 17:35:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757747; x=1733362547; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Es0q4g30GZYN60Cs+30x4ZdeXkrOyT6BVfqdCAMrxSg=; b=NyqeEdNxr62JIS4wKhBkEYQfrYQNbJnMxePdve7093p+f5phOK5wxR2WWz0NnQZzJb qom2eTfHfVsuE8CIRxYc9XKVbWnFgttiyGWGVBNAz2m90wNJpfbTyi7agny9r55TLG94 LNBVpOxjGuRL1+gqbmmXIKNHSRSWkwnERuJg5SPvOfymQ5BX8TaDXm0DB+wp+ryS1/J1 A72lxqM7gCYQCtMEEBN8/SwumKyAtPMSyJR8hbX6ZLtnJ91AMMW6eGiOfsPo3XyqJgKg 3V17z3ykuf8QoJ7remgNyYz45fkeI8WTwm+GLzvCcUiHJh48MnQzLqRuTaLvL06vHmls 6wSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757747; x=1733362547; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Es0q4g30GZYN60Cs+30x4ZdeXkrOyT6BVfqdCAMrxSg=; b=YHG+W7f4VOKB2BbgX0spqiYtq1oIaOw2OW7VcdO1rpsrN3qW0OOBcAzFQGQCmCJAyk Ue3qyrgKquUekutGNr9vcLXOU2QibQrEKZyOPLK3GTbaczF63ubFur+GUfE8anm7pXpE qyH6ubOx7tn7M1Zf0bnHqSZrc8WppZimo9sp0g2eTkjSjrhevS52zauL8+KNweSTuEeu GHKWuoa6dq36UFGd67AT4/PEen4WtfSCqPHOEDjLORuktDWgGtcQBRKAdmLUT0i14R9J 7zngSpELMzzt+vewWiY2z3INwUkBUH9bj9LS5hcpYfVffeaCcMVlFXwLzeHamBsNh13A bPmw== X-Forwarded-Encrypted: i=1; AJvYcCVbNzEa9aZwoqPMo9VN2m9TDJVKSslRL+oihWPvOmFGPId6TCcj1v+z6xd8gKj8WnOXUkWRPKcgBvGxT14=@vger.kernel.org X-Gm-Message-State: AOJu0YzD62h0nHMySAAkuU/i/BYmnDp6m44El0SJpL3GQhg5+RGntVgh WD4eAVdIff29nrfN1EJ0IoECLOnueSj5aAPsHTz8xOrsZCq8xzk1f4vTaxXY5NWF+b8jH5KUzos HQQ== X-Google-Smtp-Source: AGHT+IEw6weSthxvIraAPD0rAOQgIGwIWRbZouQyB9Vwv1JsmLlIKy5a1yr3A2u3ZRRwqrGTZTdXmZekq60= X-Received: from pjbpd3.prod.google.com ([2002:a17:90b:1dc3:b0:2ea:543f:9b80]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:734a:b0:1e0:d1f7:9437 with SMTP id adf61e73a8af0-1e0e0b80369mr6780795637.38.1732757746942; Wed, 27 Nov 2024 17:35:46 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:10 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-44-seanjc@google.com> Subject: [PATCH v3 43/57] KVM: x86: Treat MONTIOR/MWAIT as a "partially emulated" feature From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Enumerate MWAIT in cpuid_func_emulated(), but only if the caller wants to include "partially emulated" features, i.e. features that KVM kinda sorta emulates, but with major caveats. This will allow initializing the guest cpu_caps based on the set of features that KVM virtualizes and/or emulates, without needing to handle things like MONITOR/MWAIT as one-off exceptions. Adding one-off handling for individual features is quite painful, especially when considering future hardening. It's very doable to verify, at compile time, that every CPUID-based feature that KVM queries when emulating guest behavior is actually known to KVM, e.g. to prevent KVM bugs where KVM emulates some feature but fails to advertise support to userspace. In other words, any features that are special cased, i.e. not handled generically in the CPUID framework, would also need to be special cased for any hardening efforts that build on said framework. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 153c4378b987..0c63492f119d 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1192,7 +1192,8 @@ static struct kvm_cpuid_entry2 *do_host_cpuid(struct = kvm_cpuid_array *array, return entry; } =20 -static int cpuid_func_emulated(struct kvm_cpuid_entry2 *entry, u32 func) +static int cpuid_func_emulated(struct kvm_cpuid_entry2 *entry, u32 func, + bool include_partially_emulated) { memset(entry, 0, sizeof(*entry)); =20 @@ -1206,6 +1207,16 @@ static int cpuid_func_emulated(struct kvm_cpuid_entr= y2 *entry, u32 func) return 1; case 1: entry->ecx =3D feature_bit(MOVBE); + /* + * KVM allows userspace to enumerate MONITOR+MWAIT support to + * the guest, but the MWAIT feature flag is never advertised + * to userspace because MONITOR+MWAIT aren't virtualized by + * hardware, can't be faithfully emulated in software (KVM + * emulates them as NOPs), and allowing the guest to execute + * them natively requires enabling a per-VM capability. + */ + if (include_partially_emulated) + entry->ecx |=3D feature_bit(MWAIT); return 1; case 7: entry->flags |=3D KVM_CPUID_FLAG_SIGNIFCANT_INDEX; @@ -1223,7 +1234,7 @@ static int __do_cpuid_func_emulated(struct kvm_cpuid_= array *array, u32 func) if (array->nent >=3D array->maxnent) return -E2BIG; =20 - array->nent +=3D cpuid_func_emulated(&array->entries[array->nent], func); + array->nent +=3D cpuid_func_emulated(&array->entries[array->nent], func, = false); return 0; } =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5CA831C9EC2 for ; Thu, 28 Nov 2024 01:35:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757751; cv=none; b=tQbCnNlQtowRaI2+OIZTya5OjTBYtrdHzhkpDsr8y3uczjA8uBLpKSmVoxQX8E98WN4FI0iR45m4id6yyCg+J1YdLo6AfrmREDrDMuZKzjgjL1dVwIE5q8Obd8/aO+s8/+EkSUHktBj4RayTvfMF4NY6cO+It4BNIu5hczdRT0o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757751; c=relaxed/simple; bh=AhzkXtmCCM2uzNkbc1wKogSBqvYhkXQzLU3RFLMop8Q=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=AX628dZOV6uBX0hKZzMdchK1Z6RhDnw4ti82VAOYqkQmSGHAFy0gbw3SfFqs5kPDoXXY7Ld0RHohW+6nrsPJjnWhvOrwNC+l+SmOVI88UNubbapYGg8s0mOBQDiAC1Re2+jyjWM67uVczJWWLyR9Raq/bQwIqeQuNGMtI8yNj2o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=zzjPRRjp; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="zzjPRRjp" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ee0c9962daso354441a91.2 for ; Wed, 27 Nov 2024 17:35:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757749; x=1733362549; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=oX4zoA92uX/TiwHEJXa6fKLIdOdEnfDXoZc1BynGc94=; b=zzjPRRjpb61nqCznY61COVXXsVjcVN59XMGGDgbHDtP3OeTLyw0KbV9DLWUZNvIAtc PxYWagO3mSXqeWxs/8ODv3eUkpI35pzX3EyXg/9nV53WNSdMNXFMzm3POy4VmnGcMN6U TU0FtsmRV9Tn6aUxOoaPomdRblcTaDsKbSRENMdKNSPnPuppw1cyR3zBU0Ff7kS41jl8 4wLGwcGVH1iWFYxW4Kmitj6/yYDVDyBpb3BabwQ9IYknaUbGRt89dfCvCUQAW6RZG09T rNVY8fiq/7ZJvGertMVxHM9d6A/BfsvblnOh5W2VpyBT9h+veUgQ4G6pAIrA0v7DwcW9 qxLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757749; x=1733362549; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oX4zoA92uX/TiwHEJXa6fKLIdOdEnfDXoZc1BynGc94=; b=j4DMH0dU19yT3LwDlbR5jRT6e2x/4u0y0tl+KqpVcehDAM6GZwHCiqOeI0J1viTHQu iPvQlERXv3ooOHCGV/TgFXkyOiQtkB4BAqV0aJs4LIWZU5XtA6z4XJSzJsJ0GJQFuGNq sMgIdbEf2ZgWIzqfIrQQFdTx+35P7SW9JkP8mp1encibhdvzeycbz/6zf5n2Y0Au38zY mf1Qo+BQJXKUtongIFhL6teMjrNTFbBAu9oMEOdi7t3VRuqQQL+6ca2/S+dYLpmjD3M0 2JDNDd33TZGhdARoLkJgIwoCn0T7VAlULFsE9exsQsYtRBAq+PeZ80l2kGvVA8CEPbbI F1mw== X-Forwarded-Encrypted: i=1; AJvYcCUn8aPI61iN+AjAJFdjkWziW4lr5tiTpTQruUokc/qFsSDu4usUXTMYE2yW/3l8gUT/g9W0LuC+6YKJYMM=@vger.kernel.org X-Gm-Message-State: AOJu0YyKwS4UbP7Q9OEJFbW0jOZS0yoXjpDfSZ1VUVU4eyKdUf7AcLDG huA2JmHMXIZ0OXRFXyZfsjn9V8w/Pf0qtqVGF8lITsS084n/Gp2nFWgEkhQEex2cwYHLrGR8cmW h/g== X-Google-Smtp-Source: AGHT+IHqiBW7ylFioQH9r/0FDeS4VWt48HcfPZ5KbrnqgDIhirizajDMmTT+yUaR52RQ2Ssu5wGSCgPDzk0= X-Received: from pjbqn15.prod.google.com ([2002:a17:90b:3d4f:b0:2e0:aba3:662a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4c04:b0:2ea:3a13:4916 with SMTP id 98e67ed59e1d1-2ee08e9980emr6733033a91.6.1732757748712; Wed, 27 Nov 2024 17:35:48 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:11 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-45-seanjc@google.com> Subject: [PATCH v3 44/57] KVM: x86: Initialize guest cpu_caps based on KVM support From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Constrain all guest cpu_caps based on KVM support instead of constraining only the few features that KVM _currently_ needs to verify are actually supported by KVM. The intent of cpu_caps is to track what the guest is actually capable of using, not the raw, unfiltered CPUID values that the guest sees. I.e. KVM should always consult it's only support when making decisions based on guest CPUID, and the only reason KVM has historically made the checks opt-in was due to lack of centralized tracking. Suggested-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 15 ++++++++++++++- arch/x86/kvm/cpuid.h | 7 ------- arch/x86/kvm/svm/svm.c | 11 ----------- arch/x86/kvm/vmx/vmx.c | 9 ++------- 4 files changed, 16 insertions(+), 26 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0c63492f119d..8015d6b52a69 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -355,6 +355,9 @@ static u32 cpuid_get_reg_unsafe(struct kvm_cpuid_entry2= *entry, u32 reg) } } =20 +static int cpuid_func_emulated(struct kvm_cpuid_entry2 *entry, u32 func, + bool include_partially_emulated); + void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic =3D vcpu->arch.apic; @@ -373,6 +376,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) */ for (i =3D 0; i < NR_KVM_CPU_CAPS; i++) { const struct cpuid_reg cpuid =3D reverse_cpuid[i]; + struct kvm_cpuid_entry2 emulated; =20 if (!cpuid.function) continue; @@ -381,7 +385,16 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) if (!entry) continue; =20 - vcpu->arch.cpu_caps[i] =3D cpuid_get_reg_unsafe(entry, cpuid.reg); + cpuid_func_emulated(&emulated, cpuid.function, true); + + /* + * A vCPU has a feature if it's supported by KVM and is enabled + * in guest CPUID. Note, this includes features that are + * supported by KVM but aren't advertised to userspace! + */ + vcpu->arch.cpu_caps[i] =3D kvm_cpu_caps[i] | + cpuid_get_reg_unsafe(&emulated, cpuid.reg); + vcpu->arch.cpu_caps[i] &=3D cpuid_get_reg_unsafe(entry, cpuid.reg); } =20 kvm_update_cpuid_runtime(vcpu); diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index 8c9d6be8cb58..27da0964355c 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -263,13 +263,6 @@ static __always_inline void guest_cpu_cap_change(struc= t kvm_vcpu *vcpu, guest_cpu_cap_clear(vcpu, x86_feature); } =20 -static __always_inline void guest_cpu_cap_constrain(struct kvm_vcpu *vcpu, - unsigned int x86_feature) -{ - if (!kvm_cpu_cap_has(x86_feature)) - guest_cpu_cap_clear(vcpu, x86_feature); -} - static __always_inline bool guest_cpu_cap_has(struct kvm_vcpu *vcpu, unsigned int x86_feature) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 3b94cb6c2b7a..0045fe474023 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4406,10 +4406,6 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu= *vcpu) boot_cpu_has(X86_FEATURE_XSAVES) && guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)); =20 - guest_cpu_cap_constrain(vcpu, X86_FEATURE_NRIPS); - guest_cpu_cap_constrain(vcpu, X86_FEATURE_TSCRATEMSR); - guest_cpu_cap_constrain(vcpu, X86_FEATURE_LBRV); - /* * Intercept VMLOAD if the vCPU model is Intel in order to emulate that * VMLOAD drops bits 63:32 of SYSENTER (ignoring the fact that exposing @@ -4417,13 +4413,6 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu= *vcpu) */ if (guest_cpuid_is_intel_compatible(vcpu)) guest_cpu_cap_clear(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); - else - guest_cpu_cap_constrain(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); - - guest_cpu_cap_constrain(vcpu, X86_FEATURE_PAUSEFILTER); - guest_cpu_cap_constrain(vcpu, X86_FEATURE_PFTHRESHOLD); - guest_cpu_cap_constrain(vcpu, X86_FEATURE_VGIF); - guest_cpu_cap_constrain(vcpu, X86_FEATURE_VNMI); =20 svm_recalc_instruction_intercepts(vcpu, svm); =20 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 8b95ba323a17..a7c2c36f2a4f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7828,15 +7828,10 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) * to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be * set if and only if XSAVE is supported. */ - if (boot_cpu_has(X86_FEATURE_XSAVE) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) - guest_cpu_cap_constrain(vcpu, X86_FEATURE_XSAVES); - else + if (!boot_cpu_has(X86_FEATURE_XSAVE) || + !guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) guest_cpu_cap_clear(vcpu, X86_FEATURE_XSAVES); =20 - guest_cpu_cap_constrain(vcpu, X86_FEATURE_VMX); - guest_cpu_cap_constrain(vcpu, X86_FEATURE_LAM); - vmx_setup_uret_msrs(vmx); =20 if (cpu_has_secondary_exec_ctrls()) --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2FC651CBA04 for ; Thu, 28 Nov 2024 01:35:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757752; cv=none; b=jh+I8PO8Rm2kiOXgBJO6lyzyWEyHUJJhXuC2Hxp3xiAxRgTDefbSBTogxiafU7mOArjjYm3kw8zr1EysKan16DhsKEQHEpPvxiRJhTDqivBHdHFNm4qqGcIVoK0FY0SBQ8prMsmLk/AOaJ3QBK+JLiZGuPEJvMIrkAQnnF/Mn6s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757752; c=relaxed/simple; bh=h1o6xxhiRsATofWeY4XS6nAFlEHdA1rnXtEd6OclfKY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=uo1oyyUsufDr4NyOzNycsmldlNpB/3Im4mqN9yuTuSQRHmz9MHCrSfHm1b412NKJiwHAgIEIKIbOLVikHL/KzVholuw+Z9nHeObDpJsKNlBZLsumSlzE/e6FzByqrrYSxabfLuWZHfTyBo5rRr/Ik18vh/v8LZrPWJE9nHgNrWY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Fy792BiM; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Fy792BiM" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2edeef8a994so388399a91.2 for ; Wed, 27 Nov 2024 17:35:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757750; x=1733362550; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=vAP/rVhh2wy/ZcCYWV8qgeX607Ed3+jPmDcr0A7awL4=; b=Fy792BiMDJZMRmKcdsu0qJrDRwm/llELagsCUuiCMpTpyNN/ldQe9bVND59wtVoWPN lSsuB/JV6S5D0N6YppCnutblHAXz2954bTN05ojcTSKHolRjOMHJpp6Lmf1cynRjGuh9 V13dHcyfulM/BVOD1wqLCfKNknBVhGnUWT7Gi1dBQoiW4KtKgEeLkciSad7FAJs7XBI4 ZWWU92rKEBxHNdy6FUBer13s16mqNQEKnQOOfhqMG+JzvzJIJXG6tPN+eUyzAqWSQLZf dJ0foxooMOq9EwKxHiERutv6ZHwNWe3jsSG2lwWupDQ16rn3gM+MqCPwHz4Zw4kVBORO olPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757750; x=1733362550; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vAP/rVhh2wy/ZcCYWV8qgeX607Ed3+jPmDcr0A7awL4=; b=FIYmfLR1u6FC0SqqvRgIyyFiiwpHvWueQFHlr6+B6i84OsyRA7Yecje7iaVkqpziJZ //yzM85shFmigQW+EehKn2EGKCgWrmMPm8V9nwBs04vvfZkAjOAeF3lEBQnyR2s8bZCu EJJuX/aoX9/LT7yDGMff0peUCWD32S6HRqDRxrfX33w/xhq0UILO8W0NAh78XkS5CARF b5SpjhU3g6eGBMyNXv/BjDCtw8Aoa/YQ0ZtQcmbxkOAAi3p2Tm/Xf7Xf9Hz5h+Bz8J4t 46Qflo97380qWz0WOjV6LM/H3YwBUcv+/3UE9h3RuhPyRS5uzKySsQ6kEx2mnpEqI40E NSrg== X-Forwarded-Encrypted: i=1; AJvYcCWuzg38ASLHLuBCm4Cj+Y966HQkzctt/pYKrP4UuDrwyCyn6AfNVVdO215U+USa8iY9sUXv7EOKGDSPYZM=@vger.kernel.org X-Gm-Message-State: AOJu0Yw/o+dzpBAFJ4SBveT5H5ftlqNzrzyq8sPdblsiNONz84r2hLhW Se3XcD8fNHtmMwGn19fpEsyAP5H2I2udqFYxTcfKMnVLBC05B+BzBvzUfRvEugh6ycGhqmmgp/o P1g== X-Google-Smtp-Source: AGHT+IH4S299/Qme5T+EzZT4W2pDSlPNgfKHdrqsbTxhkEGzPyX9GiJRIR7nFXLTy67066kc1KKNhDPc3pM= X-Received: from pjuj11.prod.google.com ([2002:a17:90a:d00b:b0:2ea:7d73:294e]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:380c:b0:2ea:c096:b738 with SMTP id 98e67ed59e1d1-2ee097bafaemr5779058a91.28.1732757750554; Wed, 27 Nov 2024 17:35:50 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:12 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-46-seanjc@google.com> Subject: [PATCH v3 45/57] KVM: x86: Avoid double CPUID lookup when updating MWAIT at runtime From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move the handling of X86_FEATURE_MWAIT during CPUID runtime updates to utilize the lookup done for other CPUID.0x1 features. No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 8015d6b52a69..16cfa839e734 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -283,6 +283,11 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) =20 cpuid_entry_change(best, X86_FEATURE_APIC, vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE); + + if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT)) + cpuid_entry_change(best, X86_FEATURE_MWAIT, + vcpu->arch.ia32_misc_enable_msr & + MSR_IA32_MISC_ENABLE_MWAIT); } =20 best =3D kvm_find_cpuid_entry_index(vcpu, 7, 0); @@ -298,14 +303,6 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) if (best && (cpuid_entry_has(best, X86_FEATURE_XSAVES) || cpuid_entry_has(best, X86_FEATURE_XSAVEC))) best->ebx =3D xstate_required_size(vcpu->arch.xcr0, true); - - if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT)) { - best =3D kvm_find_cpuid_entry(vcpu, 0x1); - if (best) - cpuid_entry_change(best, X86_FEATURE_MWAIT, - vcpu->arch.ia32_misc_enable_msr & - MSR_IA32_MISC_ENABLE_MWAIT); - } } EXPORT_SYMBOL_GPL(kvm_update_cpuid_runtime); =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FD4B1CC154 for ; Thu, 28 Nov 2024 01:35:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757754; cv=none; b=fVZ7u5rAwS5B4qB44jiWeqiQbCHxIVPQCeWgrsxVsordvuBlrhiPT2SWMkiDdy6Py1cf2zndVK7mboqyZrdyueCXKZI0V42pWxHfujm21u6EoLRZrEAQWXFmeb2qBOpq34sXjDU/bK3oqr+OV6UnBL1f82Psr+GGrghSSKWq2Bg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757754; c=relaxed/simple; bh=GusLaDboOc2Zwu/wHDpZ5mNIh6wjAzVVGs0J/ZdamGc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nS21LkwbAorJrtOpuKmBIEjwbh6bdB352ihp6hHsZ/pCIYagXgBrwoyohJSo313+pQbV6cQMVBIKN8tdQgAWW3OoxS6V1ZKC/wCABRKzm1z6FyijsvoCnkaGmDUpWROuepl7kqpTE0aOtkB1CXSsq5Oj0GUm8b0V0fQ2ONwqu1U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=P2o6rFoB; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="P2o6rFoB" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-7ea8baba60dso361458a12.3 for ; Wed, 27 Nov 2024 17:35:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757752; x=1733362552; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=TObQrL7LGuqxhzdSaJ7V+btqB2g4TzQqJQbV2qpDafg=; b=P2o6rFoB2NaaBoyZ8UxbYfcE0Lh88bl7vxCnxYKLXZ+b6xPUlvve92aA5he+TznqTQ OfVIUNUtCme7xKHIeZzD4yNpOKOKhsUnI4Ei7o3aP4D9MuB+Z/2B9gnWuMS8uau9jwaV UhnROrTMyp6r1JKnyhMi5gRPChFK/JqHh9vY/jKsfdRIUIbgDKyrrzX8GyW114DyE6vI Z59kAe5J/OCr7QA9IrkkEIsiU/mf83d4MmxAkHAQzJCQI2fWJ0gCYjru5TbWjTZKlAlm nb5u5agf/AMxgPDpSIhUBG6Sz8J/JbCX/c0VC+FI69W4RbEEh6gR8g0cPimPRNCdsppm mmlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757752; x=1733362552; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TObQrL7LGuqxhzdSaJ7V+btqB2g4TzQqJQbV2qpDafg=; b=M1s6lEgf2bUZER1qcvMjKnrqh8fTy3PG0gI4NCfQ18pTgNUSBJbZliO1N7bNYh25be jnVhQnkUOd8kub1cp+Nw9EElld5F07Wd+d9FCev5HTgL3LT3bSXoCGOU++aYm4WM9Osy 2QKAtepHXqkEVnXco51MN5iRnFoL7ELSAJFdcKRUZVMJOPd7KMqke0WjoEED7MMtvmUJ dUiT7AfD50xAlTHyDj+s3G3S9f9swl3tTgN/Se6LmDl59u5Q6w8H139JhN+Cg+SoMpSM WECldbleESmtRbTpLLvgwGTDt6gt6gXBvLr5Uv6yvPq4BNoizhubGOIiHeSQds0WwLZP DdlA== X-Forwarded-Encrypted: i=1; AJvYcCX4lhezBFzFZ5VrLe3j6KCagwVn1EeToIaxXPLhMO3Kck/n8C+IaGNV6iAQZwyh89FXNzqPB9q105Z4Y2g=@vger.kernel.org X-Gm-Message-State: AOJu0Yw8iXiHK7Djkv9bg55WwK+DnFZomaOcekQtcpKLzD08McrV6KwV bNkwF0EGjq3rhWmAAusHgfsMairYaDWGzDENozTDDV4xkQ0L3BHL9hqxqJeVPPKmGX9/Ii00cD1 0Aw== X-Google-Smtp-Source: AGHT+IFxVo5QhhnwvJ9ut/LfVQKAmUeRoyod7xZep582o0DXmEnoC8hsdWrEXWsjkKMXBel57MvjaXCxv1Y= X-Received: from pjbqj5.prod.google.com ([2002:a17:90b:28c5:b0:2ea:9f2f:2ad9]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:7349:b0:1e0:d1dc:753d with SMTP id adf61e73a8af0-1e0e0b3fa1bmr8265692637.27.1732757752308; Wed, 27 Nov 2024 17:35:52 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:13 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-47-seanjc@google.com> Subject: [PATCH v3 46/57] KVM: x86: Drop unnecessary check that cpuid_entry2_find() returns right leaf From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop an unnecessary check that kvm_find_cpuid_entry_index(), i.e. cpuid_entry2_find(), returns the correct leaf when getting CPUID.0x7.0x0 to update X86_FEATURE_OSPKE. cpuid_entry2_find() never returns an entry for the wrong function. And not that it matters, but cpuid_entry2_find() will always return a precise match for CPUID.0x7.0x0 since the index is significant. No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 16cfa839e734..7481926a0291 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -291,7 +291,7 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) } =20 best =3D kvm_find_cpuid_entry_index(vcpu, 7, 0); - if (best && boot_cpu_has(X86_FEATURE_PKU) && best->function =3D=3D 0x7) + if (best && boot_cpu_has(X86_FEATURE_PKU)) cpuid_entry_change(best, X86_FEATURE_OSPKE, kvm_is_cr4_bit_set(vcpu, X86_CR4_PKE)); =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC8E31CC899 for ; Thu, 28 Nov 2024 01:35:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757756; cv=none; b=SBbfd2vF/oixHAXNo5t4LqmnZHlzEj1+Jch8ZoaCHViUcGzTun5P9daCE95Kk7tU+0ixWZ0940+keps2X+xFl0dg7yDj28n0vRjtu9EOEFlpMdN/S2WBs72ozfdnazIDHs02KVJQP9I/xb0gp2MxFV0IYnnN7Ol1xPrPM1t14kw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757756; c=relaxed/simple; bh=abV0OpWUpY5+yBAXoMXrcOmrPhWTKywAMUS8bJBf5tc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=JdfxlqBw/Qglfrrva7g5hhtTbgmGWUK8yFv76eNFOk8SqeY1v/Forjr/5iphoEjoOVDImTmkb6FLow70rY7HW/Ph+x8P5nvuvToL1pKb92RNJ3B7SjDqyMZV3ZHT4PubZjwTLcKcXudNv52qdhURrGavLsZO+5RSZXth6S5upWw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=OpjOdGjB; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OpjOdGjB" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-7fbd9fd86d3so1092737a12.0 for ; Wed, 27 Nov 2024 17:35:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757754; x=1733362554; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=em2i6mSq/FSOswh2gZbHOe2+rj1ku/tF6R6GVHGz2Ss=; b=OpjOdGjBZgQj92uf/LUH4riGU4XxinF+ywWP4cNaFtc8UdEdQ3DjuAr67b4StyHrvK F6WF/7+UNJT2bH6eiT7J+caS5TgThNGs4b7T+5KT60Vx7qbAIOMIyOAiKpJFD84eFirp BunQJLh2/t5rCJPWyHW5L9Y2+eQkBk1qohjqYuL4FgZNhUGajZKtTi7GkGeg+N08Vo+o iLVHZfCKeOSqXCiJlPvJqzkP4bMrUKtlrXkSNcGEAIbNfV4v9mdYkTc/g+Z4JAW8/0lV JvcVbvNJEjwQICJwljaUZjZQ715j36OJl0xdV2Lc//QgpRomH8JLayb6sGb70OxOANmN 72HQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757754; x=1733362554; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=em2i6mSq/FSOswh2gZbHOe2+rj1ku/tF6R6GVHGz2Ss=; b=wnzxTJwCwzhF3FKHrG9lg58xWxTMvsxwGstRXVKJSA+gCZY/pQXQdhA7PbV9rQ3r2w dfZUNYN+PJimvtXLyAoPtxvv2o/KaSRSZm+2oXjFrAEKNoNq2iTl4ev/frJKNnaaO41N NJLz5aZ5YtpmxaCWfj+pwb0lFQCxUGO+uC8J4mnQPb4AH2eCXfGuz9Ns0A2XOiYxmH3H cTw76qXVyWpGIGxYtLu8NF6EaR0M+6C2CMtKiSKzDza98VcKdkhFBpA6C+MvxbZhGljs VoY7oTv4rUEAqOC4K3lE0DgmeG+no6vg8JSCML2xQdkrCDFyhWtuR/Ah/DUf2vrwQaxn 2asg== X-Forwarded-Encrypted: i=1; AJvYcCU+It+3P3gSrPmOEFgyyhqn502MnSFvP1P0iJNjfbkpZBhbTNfZ7KZqAJNoORRzIVv8PFNrVoQlwjHuDdc=@vger.kernel.org X-Gm-Message-State: AOJu0YxosznVD1zwb3msJk+rr9JURJVPNIt4BWc13ZN8qmJ36dRPaJ7W 74q5M4ojFkqHqwB0lzZpAotYHHPFMAjlVr7sQvw//7ixco146+VxP5o3T8+nsvd8TRU3mG8ybop cvA== X-Google-Smtp-Source: AGHT+IGGOzmJ2vI9VhH/NTQdD7nksABJ8Xh80dxB6NRhbDSMvvAWKI3TKxcmA3cvwGD6/f7BGRgkpyNTX64= X-Received: from pjbpb1.prod.google.com ([2002:a17:90b:3c01:b0:2e2:9021:cf53]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4d0d:b0:2ea:5fed:4a32 with SMTP id 98e67ed59e1d1-2ee25af2e0bmr2429796a91.11.1732757754067; Wed, 27 Nov 2024 17:35:54 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:14 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-48-seanjc@google.com> Subject: [PATCH v3 47/57] KVM: x86: Update OS{XSAVE,PKE} bits in guest CPUID irrespective of host support From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When making runtime CPUID updates, change OSXSAVE and OSPKE even if their respective base features (XSAVE, PKU) are not supported by the host. KVM already incorporates host support in the vCPU's effective reserved CR4 bits. I.e. OSXSAVE and OSPKE can be set if and only if the host supports them. And conversely, since KVM's ABI is that KVM owns the dynamic OS feature flags, clearing them when they obviously aren't supported and thus can't be enabled is arguably a fix. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 7481926a0291..be3357a408d4 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -276,10 +276,8 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) =20 best =3D kvm_find_cpuid_entry(vcpu, 1); if (best) { - /* Update OSXSAVE bit */ - if (boot_cpu_has(X86_FEATURE_XSAVE)) - cpuid_entry_change(best, X86_FEATURE_OSXSAVE, - kvm_is_cr4_bit_set(vcpu, X86_CR4_OSXSAVE)); + cpuid_entry_change(best, X86_FEATURE_OSXSAVE, + kvm_is_cr4_bit_set(vcpu, X86_CR4_OSXSAVE)); =20 cpuid_entry_change(best, X86_FEATURE_APIC, vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE); @@ -291,7 +289,7 @@ void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) } =20 best =3D kvm_find_cpuid_entry_index(vcpu, 7, 0); - if (best && boot_cpu_has(X86_FEATURE_PKU)) + if (best) cpuid_entry_change(best, X86_FEATURE_OSPKE, kvm_is_cr4_bit_set(vcpu, X86_CR4_PKE)); =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B46C1CCB3A for ; Thu, 28 Nov 2024 01:35:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757757; cv=none; b=TxbwgtQ+i+euORBpfU2+zb5mJ5OJ/XE4JT4fI9upmBSWSQ4aM+VjJe01iYG5B+RawpcLXg23Lp6EpWEDz0Tx0t5uTsHL/B9+ZS+lskrq6CmwbeNg+axR0fR1NA+laoMqz2eaigR84RKzeDoswkRB0DZdSYkKHuDKXPCdtynfOlY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757757; c=relaxed/simple; bh=G2lBHRid3/4PtvinjWp7apmL9dW9V1G0uvD3pQ009AE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=laK3bdDweMIkr9Umq18B2HjYgLA743bl4xiXViElxMOQ+WsDEEJZvM6xbcxjUEVqv8mqyOsgTqopLJjwCLoWyKYBRVHJs3YcaYwmVKJRQIVtc4T0BksGxSCX98NWeUJRRlGHPKOPeOeJEaRHCVsMEbzlboXNhO2s+h4r7xd28Pc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=z5mxKueN; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="z5mxKueN" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-7ea69eeb659so230406a12.0 for ; Wed, 27 Nov 2024 17:35:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757756; x=1733362556; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=q+2tj5qWfvzU/HpbeWp4U5fA1EnHQq5eiizkVcz8+0c=; b=z5mxKueNWyXHJWM59MSVLsWyfdugFOeKfhXvxI9Lb0GnPv7Nbxe+7V60/kqYMroiof jmmt4sKx4/Gcc06GYvEZFlweFMuQncjamE8GIUTZ59pgclIbFKUdQ73JWWbUJ9TSSOqv c9R0bM8NMldo5TmbRl0TJJCGTziVYEYfAzVi6MtuTcyFAlKQJQiFeHwUuDjM+/vQ3aW4 PXODVxxW//zrsKZE08D/yXHaw54WIvzx+p9iHC3jNHtFvk+/RdLGQO7qCpr/QbKWN8R2 0VRKFEObk/UwtpxhPIaVhQ3Y3axRqtzenoyfMzInjuMaZJkr+VaOOIsDJMI0rCevFEMH FMDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757756; x=1733362556; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=q+2tj5qWfvzU/HpbeWp4U5fA1EnHQq5eiizkVcz8+0c=; b=Q90idpiNVq0uwn5xK17E3OhrpN9XsAGQoNKfHYfS6lifjZc21DxCfRoC+cGY+gmDgi Q4Wwyn6VQ/Jhci7adLgD4/IdeoPeyo8QlBMcdCQkufYIAypAdhW3ky20iL4YMxOEbvZm 0+6pvy4ujAJCTmm/IDCEv/rZ16Pxz0ctclz/BQbd92o5N/RLwl7rqFq7P+wuhoQd9+kg 1fVyeq15xjx3B/NE7BTCA2eBEfW4N7hJIIxzeZV10oTK9nRbdD7mXkkAO7skH4L0RQR8 6rCDFgwC6KrjXadJd10V71mM07ZlL4OkT+KWGtX9s/FCeijvWoTAVQQ+/zS5w9jCgACP l34w== X-Forwarded-Encrypted: i=1; AJvYcCViPZmRsr7cYUYlLBTR6hsbOPj4+DybU1vGZ+SFDgp6x6E/p9n5pNZxuHBqtVDK3MCggcZLLbMn04Wx1z4=@vger.kernel.org X-Gm-Message-State: AOJu0YzlK8B+dXU5SAsoJX14+P69N0nScL8O6H+B0VNWGH2ijxYjZG2p zakkRfmOAA4yiIJ9qVbXnnVD1cA/3CvgJ62kPMnfFpczxAXIcCYKZ3nZM9HY19VRsC0s5ceCMae +dA== X-Google-Smtp-Source: AGHT+IHXcOjcRyaYqAsQ/WhFIeBd1rOxVK/Pjg6BAsmcNSYYFDZz/HBtaBNpLPxQAzICmeIHgQkvhjU8kiw= X-Received: from pgbfy18.prod.google.com ([2002:a05:6a02:2a92:b0:7fc:7dce:edb4]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:3944:b0:1e0:d632:b9e0 with SMTP id adf61e73a8af0-1e0e0b0f127mr8764148637.13.1732757755865; Wed, 27 Nov 2024 17:35:55 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:15 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-49-seanjc@google.com> Subject: [PATCH v3 48/57] KVM: x86: Update guest cpu_caps at runtime for dynamic CPUID-based features From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When updating guest CPUID entries to emulate runtime behavior, e.g. when the guest enables a CR4-based feature that is tied to a CPUID flag, also update the vCPU's cpu_caps accordingly. This will allow replacing all usage of guest_cpuid_has() with guest_cpu_cap_has(). Note, this relies on kvm_set_cpuid() taking a snapshot of cpu_caps before invoking kvm_update_cpuid_runtime(), i.e. when KVM is updating CPUID entries that *may* become the vCPU's CPUID, so that unwinding to the old cpu_caps is possible if userspace tries to set bogus CPUID information. Note #2, none of the features in question use guest_cpu_cap_has() at this time, i.e. aside from settings bits in cpu_caps, this is a glorified nop. Cc: Yang Weijiang Cc: Robert Hoo Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index be3357a408d4..d3c3e1327ca1 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -270,28 +270,38 @@ static u64 cpuid_get_supported_xcr0(struct kvm_vcpu *= vcpu) return (best->eax | ((u64)best->edx << 32)) & kvm_caps.supported_xcr0; } =20 +static __always_inline void kvm_update_feature_runtime(struct kvm_vcpu *vc= pu, + struct kvm_cpuid_entry2 *entry, + unsigned int x86_feature, + bool has_feature) +{ + cpuid_entry_change(entry, x86_feature, has_feature); + guest_cpu_cap_change(vcpu, x86_feature, has_feature); +} + void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best; =20 best =3D kvm_find_cpuid_entry(vcpu, 1); if (best) { - cpuid_entry_change(best, X86_FEATURE_OSXSAVE, - kvm_is_cr4_bit_set(vcpu, X86_CR4_OSXSAVE)); + kvm_update_feature_runtime(vcpu, best, X86_FEATURE_OSXSAVE, + kvm_is_cr4_bit_set(vcpu, X86_CR4_OSXSAVE)); =20 - cpuid_entry_change(best, X86_FEATURE_APIC, - vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE); + kvm_update_feature_runtime(vcpu, best, X86_FEATURE_APIC, + vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE); =20 if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT)) - cpuid_entry_change(best, X86_FEATURE_MWAIT, - vcpu->arch.ia32_misc_enable_msr & - MSR_IA32_MISC_ENABLE_MWAIT); + kvm_update_feature_runtime(vcpu, best, X86_FEATURE_MWAIT, + vcpu->arch.ia32_misc_enable_msr & + MSR_IA32_MISC_ENABLE_MWAIT); } =20 best =3D kvm_find_cpuid_entry_index(vcpu, 7, 0); if (best) - cpuid_entry_change(best, X86_FEATURE_OSPKE, - kvm_is_cr4_bit_set(vcpu, X86_CR4_PKE)); + kvm_update_feature_runtime(vcpu, best, X86_FEATURE_OSPKE, + kvm_is_cr4_bit_set(vcpu, X86_CR4_PKE)); + =20 best =3D kvm_find_cpuid_entry_index(vcpu, 0xD, 0); if (best) --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F8EA1CCED5 for ; Thu, 28 Nov 2024 01:35:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757759; cv=none; b=WQu8+2xgEvNFkt5ApOz7fgIAEk9VWqOfYlh7LM90e+4KeOAYOhPLotFYNqcvWLw77aYXwpO6rnoovD3aVX2qDkwDsckpcxxeCMyT91uuaAFiqd4LDrPv/b+sFApDBEsjUS74l45VYS4IdZmUOGW30f5u55ICUOuczEXtXabhrBs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757759; c=relaxed/simple; bh=X1KFY9JDaWm435e/48kpMrX7/Px0BLMN53pN+9kw0zE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VHRCjCXYaRIVx+iacrdWOxa0xNRbwsghRlGmyk1/Scne5YdUcgkLgDZZxVIe4DB4VeOSL82w0p7dpurrOfiyumb12cjf00FkNnfLoatredP64Yjsz8C6SZtMOdB88cogD+zthwKaOcSJL9uqcbC8HYjR5u7rDNu9nXMKxPj+iqA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=uZUD05qj; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uZUD05qj" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea4c541b61so399080a91.0 for ; Wed, 27 Nov 2024 17:35:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757758; x=1733362558; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=T/azVSgkTWzv8BfKxc6pAx4oV5kx86H9lfQ2pUatGZc=; b=uZUD05qjXCwzPlHFpelfZO9kyiNKkERzx5/4XBuwQ8B7uznlBJI/speX1P5RFoh9O9 2iLGrkMq+jzwhnJdUvBqggNIvEHZPE2rjEpb+HfGlhCF6IMVzkbW7SwTTpPJLi8s9oLX o80TZiXxFDBzUhM3j30JgYA9AnlsMMiBCF6oNlHgww5eDPMePIsowZXi7GJwAyobJIJy M7CpxeZc8TgCPXVmrKKFASOkd08lH8JVvjEkc29Cb5D9Nhm1eVi6Pirrb5zlF70t5WeS W0f0+CNxqDe51z5gWRxz/fq1qmRIsK7TjFa3D9P+EEjOQZSbQe/ONFTjdHm1oJvxwuo5 P5dA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757758; x=1733362558; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=T/azVSgkTWzv8BfKxc6pAx4oV5kx86H9lfQ2pUatGZc=; b=qw0+hf2GuXJpxKvKw/iyVsgOXt9izpuQf2lIMFKRVpIQbMQ/U2cp3rLMZYgTg3Quok 48Z10sZfS+x2Og18M8yY7ggFyrkJwCfI0/JIkPIdOHPyRMi7aJs+ClEi4eOYKLCwhPS1 S23K4aKCKv80YBa9r2R4WubWyb0/mOC72SWiy8g1D105LUr7XigMDPswyNn4MMcQCpM0 J1tCq5AFvAAjC9b6TKym6f8peVjyHS6WpFNSYn5JQmx+lrFzlJ1Gds8FSPOLOU60+hDo 6sKUrLRGMYrpzFg4BivLNxcVNMef7g6JkYbHrVzdZ01CAWHgxyNOPZ78VaEbPGrUh/Yz 03wA== X-Forwarded-Encrypted: i=1; AJvYcCVDJ2lujHjpIvZT/3ylZI7AZ0mA/LhZL5uiLRDcg7SmcZySWZTEieU7jsoheBwxuvApTyXDSeol3hfrb9U=@vger.kernel.org X-Gm-Message-State: AOJu0Yx2+AF0oR06Y+q2EfBuTrPdZ4J749jY+KOMYurv47BasmKZcqoj ew1PcgZMSk5PRnPKQirh5JUoVBvkJgPGEKdEOf0tMCfWWHPTf+M87pPBPK5qag/kRxeMnc3GRH1 H0g== X-Google-Smtp-Source: AGHT+IFdhHXXQ+hWXIP9ZWM5zz75noCfQ39mgDA87KnR6usRc7BuJxpaKOJmZEA1ozX7y4nqiAuKb26SQu4= X-Received: from pjuj3.prod.google.com ([2002:a17:90a:d003:b0:2e0:9fee:4b86]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2252:b0:2ea:8b06:ffcb with SMTP id 98e67ed59e1d1-2ee08eb2b91mr6591707a91.14.1732757757742; Wed, 27 Nov 2024 17:35:57 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:16 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-50-seanjc@google.com> Subject: [PATCH v3 49/57] KVM: x86: Shuffle code to prepare for dropping guest_cpuid_has() From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move the implementations of guest_has_{spec_ctrl,pred_cmd}_msr() down below guest_cpu_cap_has() so that their use of guest_cpuid_has() can be replaced with calls to guest_cpu_cap_has(). No functional change intended. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index 27da0964355c..4901145ba2dc 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -149,21 +149,6 @@ static inline int guest_cpuid_stepping(struct kvm_vcpu= *vcpu) return x86_stepping(best->eax); } =20 -static inline bool guest_has_spec_ctrl_msr(struct kvm_vcpu *vcpu) -{ - return (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) || - guest_cpuid_has(vcpu, X86_FEATURE_AMD_STIBP) || - guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS) || - guest_cpuid_has(vcpu, X86_FEATURE_AMD_SSBD)); -} - -static inline bool guest_has_pred_cmd_msr(struct kvm_vcpu *vcpu) -{ - return (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) || - guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBPB) || - guest_cpuid_has(vcpu, X86_FEATURE_SBPB)); -} - static inline bool supports_cpuid_fault(struct kvm_vcpu *vcpu) { return vcpu->arch.msr_platform_info & MSR_PLATFORM_INFO_CPUID_FAULT; @@ -279,4 +264,19 @@ static inline bool kvm_vcpu_is_legal_cr3(struct kvm_vc= pu *vcpu, unsigned long cr return kvm_vcpu_is_legal_gpa(vcpu, cr3); } =20 +static inline bool guest_has_spec_ctrl_msr(struct kvm_vcpu *vcpu) +{ + return (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) || + guest_cpuid_has(vcpu, X86_FEATURE_AMD_STIBP) || + guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS) || + guest_cpuid_has(vcpu, X86_FEATURE_AMD_SSBD)); +} + +static inline bool guest_has_pred_cmd_msr(struct kvm_vcpu *vcpu) +{ + return (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) || + guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBPB) || + guest_cpuid_has(vcpu, X86_FEATURE_SBPB)); +} + #endif --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3433C1CDA27 for ; Thu, 28 Nov 2024 01:36:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757764; cv=none; b=R4qnZmsSGFRScpZMA6lWwab4W7Zz62K4X6ARJ5x6Us1Qbq3ambOQ7jSLAZCstgWiGQIJJCr6//ClzflqJJxG59zDm1zT0QHCKCKaKmf8G8ATl3sSoo4f+KVn3AqdmY2qFSbXAPWojl1UsTHUu6nv+gGrftaKi3pibkjh4DKNg9A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757764; c=relaxed/simple; bh=Jhx7pM/VQK2f2ulPA1ip8KCk6xDGYv1qJ/+whmM2KDA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=bmD2m4gNPLGhKl8U3dtmNU+LcymFTpfmgftJ3M5OmQcosWq1OFyn4IHCo99y1h6oovOx+cgM+Jjsi3fMCZZ//UKITkhEwJO37seVqhRXtNBYFO1+fgOtsoL+rrCFGfCGBSzXvtjuJ6Z55z2TXUH8gHnKfybDjdqlHE4WKHOkBwk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=v6kq6Z6g; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="v6kq6Z6g" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea42039766so386812a91.3 for ; Wed, 27 Nov 2024 17:36:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757759; x=1733362559; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=xoLCpQV02u+vffNlVzw+q+WJT/W/UNuHGkdpoH9HecE=; b=v6kq6Z6glUTTG1SHNEDUbpCKBi0E7+R9aUYphQysgqw6xAGzJokIIvIyshOSizlPeH DB+FgkyGzke3/vJdsCEs8/TiAIyeHYoGZYZum5/KW5eklcXaPKIXQuVO/kZAUgnRMLpG n2m/yTalYh0/yHgv873r62ne9FEox0tqRQybx5iu+DMacha0Pu6AHFshNBP8amxQP3YM Opy4H/i/ewBX9xN/59t/PJrOGoe3QgVNAbPgnQ4RTIYrNz0clVIhd/8KdrHzimuUM/C5 Mh/WZSnO49XM4ysQ8DZ3ly6p6sz/++Gp3fU/XzbzYc6NEAb9p+41xfeg/hLhVBSJlQkQ 00xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757759; x=1733362559; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xoLCpQV02u+vffNlVzw+q+WJT/W/UNuHGkdpoH9HecE=; b=eypsqUBI6oaa81zx05sk9nA87g/Fz+Je/jArd6QqbYW6ZCeMtidh9ITnNwbVQXkRR9 2FnXqWYlqNGsPaVw0RECSR6seBUF05fjRILJEnWH7ajrzoufLJCINCf7vQJDR+kAP29+ 0iWG7a08l+k+57cmQDhLndFksZxHUTcPZCQ6fBa2Yufgvj7lIqxMCkfmi2swllCShXeK iFhP0PCJr13JgnHvXin9E2j1rI6wlKjJ1bwr/EFeC80H3vLYkhVCn21BrnqdGb2Q1wqz aOo1vDVl2tmTHJltHM/Z6f34zg1yX0eGN9ZvHHLQc3YQZzLvo4SdyFYkK9CBqQbmCi9L IT4w== X-Forwarded-Encrypted: i=1; AJvYcCUYARlDmuG9W36e7DM0tcukqd8javPkBykzjQMePEqCXyY0AxBoktYHuIN+2xh8sYsWBKNbCKlmFveEwJ0=@vger.kernel.org X-Gm-Message-State: AOJu0YysJN01I877SnmmPObTNRjIJj8snJuQlfWa0HtGOOKgDgydtvLB QK4runqAQwsiELXkvdtjTCabJZ4DD2YX2FQH3uBFMBYFRSxw9zPNv93UD8BoNDg0xedDoy6BjMD Iaw== X-Google-Smtp-Source: AGHT+IHsoRPDrcCP0kiR+VNR/YP5/pOhKOLGfzBxuzip5ngB3T7rnVQ0j4rdf1C4/qmpT3tQQuGTPxQ9tLA= X-Received: from pjboh4.prod.google.com ([2002:a17:90b:3a44:b0:2e7:6ea5:ab67]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1bd2:b0:2ea:4150:3f82 with SMTP id 98e67ed59e1d1-2ee08ecd374mr6068679a91.22.1732757759583; Wed, 27 Nov 2024 17:35:59 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:17 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-51-seanjc@google.com> Subject: [PATCH v3 50/57] KVM: x86: Replace (almost) all guest CPUID feature queries with cpu_caps From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Switch all queries (except XSAVES) of guest features from guest CPUID to guest capabilities, i.e. replace all calls to guest_cpuid_has() with calls to guest_cpu_cap_has(). Keep guest_cpuid_has() around for XSAVES, but subsume its helper guest_cpuid_get_register() and add a compile-time assertion to prevent using guest_cpuid_has() for any other feature. Add yet another comment for XSAVE to explain why KVM is allowed to query its raw guest CPUID. Opportunistically drop the unused guest_cpuid_clear(), as there should be no circumstance in which KVM needs to _clear_ a guest CPUID feature now that everything is tracked via cpu_caps. E.g. KVM may need to _change_ a feature to emulate dynamic CPUID flags, but KVM should never need to clear a feature in guest CPUID to prevent it from being used by the guest. Delete the last remnants of the governed features framework, as the lone holdout was vmx_adjust_secondary_exec_control()'s divergent behavior for governed vs. ungoverned features. Note, replacing guest_cpuid_has() checks with guest_cpu_cap_has() when computing reserved CR4 bits is a nop when viewed as a whole, as KVM's capabilities are already incorporated into the calculation, i.e. if a feature is present in guest CPUID but unsupported by KVM, its CR4 bit was already being marked as reserved, checking guest_cpu_cap_has() simply double-stamps that it's a reserved bit. Reviewed-by: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 4 +- arch/x86/kvm/cpuid.h | 76 ++++++++++++-------------------- arch/x86/kvm/governed_features.h | 22 --------- arch/x86/kvm/hyperv.c | 2 +- arch/x86/kvm/lapic.c | 4 +- arch/x86/kvm/smm.c | 10 ++--- arch/x86/kvm/svm/pmu.c | 8 ++-- arch/x86/kvm/svm/sev.c | 4 +- arch/x86/kvm/svm/svm.c | 20 ++++----- arch/x86/kvm/vmx/hyperv.h | 2 +- arch/x86/kvm/vmx/nested.c | 12 ++--- arch/x86/kvm/vmx/pmu_intel.c | 4 +- arch/x86/kvm/vmx/sgx.c | 14 +++--- arch/x86/kvm/vmx/vmx.c | 47 +++++++++----------- arch/x86/kvm/x86.c | 66 +++++++++++++-------------- 15 files changed, 124 insertions(+), 171 deletions(-) delete mode 100644 arch/x86/kvm/governed_features.h diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index d3c3e1327ca1..8d088a888a0d 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -416,7 +416,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) * and can install smaller shadow pages if the host lacks 1GiB support. */ allow_gbpages =3D tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) : - guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES); + guest_cpu_cap_has(vcpu, X86_FEATURE_GBPAGES); guest_cpu_cap_change(vcpu, X86_FEATURE_GBPAGES, allow_gbpages); =20 best =3D kvm_find_cpuid_entry(vcpu, 1); @@ -441,7 +441,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) =20 #define __kvm_cpu_cap_has(UNUSED_, f) kvm_cpu_cap_has(f) vcpu->arch.cr4_guest_rsvd_bits =3D __cr4_reserved_bits(__kvm_cpu_cap_has,= UNUSED_) | - __cr4_reserved_bits(guest_cpuid_has, vcpu); + __cr4_reserved_bits(guest_cpu_cap_has, vcpu); #undef __kvm_cpu_cap_has =20 kvm_hv_set_cpuid(vcpu, kvm_cpuid_has_hyperv(vcpu)); diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index 4901145ba2dc..3d69a0ef8268 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -66,41 +66,40 @@ static __always_inline void cpuid_entry_override(struct= kvm_cpuid_entry2 *entry, *reg =3D kvm_cpu_caps[leaf]; } =20 -static __always_inline u32 *guest_cpuid_get_register(struct kvm_vcpu *vcpu, - unsigned int x86_feature) +static __always_inline bool guest_cpuid_has(struct kvm_vcpu *vcpu, + unsigned int x86_feature) { const struct cpuid_reg cpuid =3D x86_feature_cpuid(x86_feature); struct kvm_cpuid_entry2 *entry; + u32 *reg; + + /* + * XSAVES is a special snowflake. Due to lack of a dedicated intercept + * on SVM, KVM must assume that XSAVES (and thus XRSTORS) is usable by + * the guest if the host supports XSAVES and *XSAVE* is exposed to the + * guest. Because the guest can execute XSAVES and XRSTORS, i.e. can + * indirectly consume XSS, KVM must ensure XSS is zeroed when running + * the guest, i.e. must set XSAVES in vCPU capabilities. But to reject + * direct XSS reads and writes (to minimize the virtualization hole and + * honor userspace's CPUID), KVM needs to check the raw guest CPUID, + * not KVM's view of guest capabilities. + * + * For all other features, guest capabilities are accurate. Expand + * this allowlist with extreme vigilance. + */ + BUILD_BUG_ON(x86_feature !=3D X86_FEATURE_XSAVES); =20 entry =3D kvm_find_cpuid_entry_index(vcpu, cpuid.function, cpuid.index); if (!entry) return NULL; =20 - return __cpuid_entry_get_reg(entry, cpuid.reg); -} - -static __always_inline bool guest_cpuid_has(struct kvm_vcpu *vcpu, - unsigned int x86_feature) -{ - u32 *reg; - - reg =3D guest_cpuid_get_register(vcpu, x86_feature); + reg =3D __cpuid_entry_get_reg(entry, cpuid.reg); if (!reg) return false; =20 return *reg & __feature_bit(x86_feature); } =20 -static __always_inline void guest_cpuid_clear(struct kvm_vcpu *vcpu, - unsigned int x86_feature) -{ - u32 *reg; - - reg =3D guest_cpuid_get_register(vcpu, x86_feature); - if (reg) - *reg &=3D ~__feature_bit(x86_feature); -} - static inline bool guest_cpuid_is_amd_compatible(struct kvm_vcpu *vcpu) { return vcpu->arch.is_amd_compatible; @@ -201,27 +200,6 @@ static __always_inline bool guest_pv_has(struct kvm_vc= pu *vcpu, return vcpu->arch.pv_cpuid.features & (1u << kvm_feature); } =20 -enum kvm_governed_features { -#define KVM_GOVERNED_FEATURE(x) KVM_GOVERNED_##x, -#include "governed_features.h" - KVM_NR_GOVERNED_FEATURES -}; - -static __always_inline int kvm_governed_feature_index(unsigned int x86_fea= ture) -{ - switch (x86_feature) { -#define KVM_GOVERNED_FEATURE(x) case x: return KVM_GOVERNED_##x; -#include "governed_features.h" - default: - return -1; - } -} - -static __always_inline bool kvm_is_governed_feature(unsigned int x86_featu= re) -{ - return kvm_governed_feature_index(x86_feature) >=3D 0; -} - static __always_inline void guest_cpu_cap_set(struct kvm_vcpu *vcpu, unsigned int x86_feature) { @@ -266,17 +244,17 @@ static inline bool kvm_vcpu_is_legal_cr3(struct kvm_v= cpu *vcpu, unsigned long cr =20 static inline bool guest_has_spec_ctrl_msr(struct kvm_vcpu *vcpu) { - return (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) || - guest_cpuid_has(vcpu, X86_FEATURE_AMD_STIBP) || - guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS) || - guest_cpuid_has(vcpu, X86_FEATURE_AMD_SSBD)); + return (guest_cpu_cap_has(vcpu, X86_FEATURE_SPEC_CTRL) || + guest_cpu_cap_has(vcpu, X86_FEATURE_AMD_STIBP) || + guest_cpu_cap_has(vcpu, X86_FEATURE_AMD_IBRS) || + guest_cpu_cap_has(vcpu, X86_FEATURE_AMD_SSBD)); } =20 static inline bool guest_has_pred_cmd_msr(struct kvm_vcpu *vcpu) { - return (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) || - guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBPB) || - guest_cpuid_has(vcpu, X86_FEATURE_SBPB)); + return (guest_cpu_cap_has(vcpu, X86_FEATURE_SPEC_CTRL) || + guest_cpu_cap_has(vcpu, X86_FEATURE_AMD_IBPB) || + guest_cpu_cap_has(vcpu, X86_FEATURE_SBPB)); } =20 #endif diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_featu= res.h deleted file mode 100644 index ad463b1ed4e4..000000000000 --- a/arch/x86/kvm/governed_features.h +++ /dev/null @@ -1,22 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -#if !defined(KVM_GOVERNED_FEATURE) || defined(KVM_GOVERNED_X86_FEATURE) -BUILD_BUG() -#endif - -#define KVM_GOVERNED_X86_FEATURE(x) KVM_GOVERNED_FEATURE(X86_FEATURE_##x) - -KVM_GOVERNED_X86_FEATURE(GBPAGES) -KVM_GOVERNED_X86_FEATURE(XSAVES) -KVM_GOVERNED_X86_FEATURE(VMX) -KVM_GOVERNED_X86_FEATURE(NRIPS) -KVM_GOVERNED_X86_FEATURE(TSCRATEMSR) -KVM_GOVERNED_X86_FEATURE(V_VMSAVE_VMLOAD) -KVM_GOVERNED_X86_FEATURE(LBRV) -KVM_GOVERNED_X86_FEATURE(PAUSEFILTER) -KVM_GOVERNED_X86_FEATURE(PFTHRESHOLD) -KVM_GOVERNED_X86_FEATURE(VGIF) -KVM_GOVERNED_X86_FEATURE(VNMI) -KVM_GOVERNED_X86_FEATURE(LAM) - -#undef KVM_GOVERNED_X86_FEATURE -#undef KVM_GOVERNED_FEATURE diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 4f0a94346d00..6a6dd5a84f22 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -1352,7 +1352,7 @@ static void __kvm_hv_xsaves_xsavec_maybe_warn(struct = kvm_vcpu *vcpu) return; =20 if (guest_cpuid_has(vcpu, X86_FEATURE_XSAVES) || - !guest_cpuid_has(vcpu, X86_FEATURE_XSAVEC)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVEC)) return; =20 pr_notice_ratelimited("Booting SMP Windows KVM VM with !XSAVES && XSAVEC.= " diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 3c83951c619e..ae81ae27d534 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -598,7 +598,7 @@ void kvm_apic_set_version(struct kvm_vcpu *vcpu) * version first and level-triggered interrupts never get EOIed in * IOAPIC. */ - if (guest_cpuid_has(vcpu, X86_FEATURE_X2APIC) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_X2APIC) && !ioapic_in_kernel(vcpu->kvm)) v |=3D APIC_LVR_DIRECTED_EOI; kvm_lapic_set_reg(apic, APIC_LVR, v); @@ -2634,7 +2634,7 @@ int kvm_apic_set_base(struct kvm_vcpu *vcpu, u64 valu= e, bool host_initiated) return 0; =20 u64 reserved_bits =3D kvm_vcpu_reserved_gpa_bits_raw(vcpu) | 0x2ff | - (guest_cpuid_has(vcpu, X86_FEATURE_X2APIC) ? 0 : X2APIC_ENABLE); + (guest_cpu_cap_has(vcpu, X86_FEATURE_X2APIC) ? 0 : X2APIC_ENABLE); =20 if ((value & reserved_bits) !=3D 0 || new_mode =3D=3D LAPIC_MODE_INVALID) return 1; diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index 85241c0c7f56..e0ab7df27b66 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -283,7 +283,7 @@ void enter_smm(struct kvm_vcpu *vcpu) memset(smram.bytes, 0, sizeof(smram.bytes)); =20 #ifdef CONFIG_X86_64 - if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) enter_smm_save_state_64(vcpu, &smram.smram64); else #endif @@ -353,7 +353,7 @@ void enter_smm(struct kvm_vcpu *vcpu) kvm_set_segment(vcpu, &ds, VCPU_SREG_SS); =20 #ifdef CONFIG_X86_64 - if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) if (kvm_x86_call(set_efer)(vcpu, 0)) goto error; #endif @@ -586,7 +586,7 @@ int emulator_leave_smm(struct x86_emulate_ctxt *ctxt) * supports long mode. */ #ifdef CONFIG_X86_64 - if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) { + if (guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) { struct kvm_segment cs_desc; unsigned long cr4; =20 @@ -609,7 +609,7 @@ int emulator_leave_smm(struct x86_emulate_ctxt *ctxt) kvm_set_cr0(vcpu, cr0 & ~(X86_CR0_PG | X86_CR0_PE)); =20 #ifdef CONFIG_X86_64 - if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) { + if (guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) { unsigned long cr4, efer; =20 /* Clear CR4.PAE before clearing EFER.LME. */ @@ -634,7 +634,7 @@ int emulator_leave_smm(struct x86_emulate_ctxt *ctxt) return X86EMUL_UNHANDLEABLE; =20 #ifdef CONFIG_X86_64 - if (guest_cpuid_has(vcpu, X86_FEATURE_LM)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) ret =3D rsm_load_state_64(ctxt, &smram.smram64); else #endif diff --git a/arch/x86/kvm/svm/pmu.c b/arch/x86/kvm/svm/pmu.c index 22d5a65b410c..288f7f2a46f2 100644 --- a/arch/x86/kvm/svm/pmu.c +++ b/arch/x86/kvm/svm/pmu.c @@ -46,7 +46,7 @@ static inline struct kvm_pmc *get_gp_pmc_amd(struct kvm_p= mu *pmu, u32 msr, =20 switch (msr) { case MSR_F15H_PERF_CTL0 ... MSR_F15H_PERF_CTR5: - if (!guest_cpuid_has(vcpu, X86_FEATURE_PERFCTR_CORE)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_PERFCTR_CORE)) return NULL; /* * Each PMU counter has a pair of CTL and CTR MSRs. CTLn @@ -109,7 +109,7 @@ static bool amd_is_valid_msr(struct kvm_vcpu *vcpu, u32= msr) case MSR_K7_EVNTSEL0 ... MSR_K7_PERFCTR3: return pmu->version > 0; case MSR_F15H_PERF_CTL0 ... MSR_F15H_PERF_CTR5: - return guest_cpuid_has(vcpu, X86_FEATURE_PERFCTR_CORE); + return guest_cpu_cap_has(vcpu, X86_FEATURE_PERFCTR_CORE); case MSR_AMD64_PERF_CNTR_GLOBAL_STATUS: case MSR_AMD64_PERF_CNTR_GLOBAL_CTL: case MSR_AMD64_PERF_CNTR_GLOBAL_STATUS_CLR: @@ -179,7 +179,7 @@ static void amd_pmu_refresh(struct kvm_vcpu *vcpu) union cpuid_0x80000022_ebx ebx; =20 pmu->version =3D 1; - if (guest_cpuid_has(vcpu, X86_FEATURE_PERFMON_V2)) { + if (guest_cpu_cap_has(vcpu, X86_FEATURE_PERFMON_V2)) { pmu->version =3D 2; /* * Note, PERFMON_V2 is also in 0x80000022.0x0, i.e. the guest @@ -189,7 +189,7 @@ static void amd_pmu_refresh(struct kvm_vcpu *vcpu) x86_feature_cpuid(X86_FEATURE_PERFMON_V2).index); ebx.full =3D kvm_find_cpuid_entry_index(vcpu, 0x80000022, 0)->ebx; pmu->nr_arch_gp_counters =3D ebx.split.num_core_pmc; - } else if (guest_cpuid_has(vcpu, X86_FEATURE_PERFCTR_CORE)) { + } else if (guest_cpu_cap_has(vcpu, X86_FEATURE_PERFCTR_CORE)) { pmu->nr_arch_gp_counters =3D AMD64_NUM_COUNTERS_CORE; } else { pmu->nr_arch_gp_counters =3D AMD64_NUM_COUNTERS; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 4e5aba3f86cd..09be12a44288 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4448,8 +4448,8 @@ static void sev_es_vcpu_after_set_cpuid(struct vcpu_s= vm *svm) struct kvm_vcpu *vcpu =3D &svm->vcpu; =20 if (boot_cpu_has(X86_FEATURE_V_TSC_AUX)) { - bool v_tsc_aux =3D guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP) || - guest_cpuid_has(vcpu, X86_FEATURE_RDPID); + bool v_tsc_aux =3D guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) || + guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID); =20 set_msr_interception(vcpu, svm->msrpm, MSR_TSC_AUX, v_tsc_aux, v_tsc_aux= ); } diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 0045fe474023..734b3ca40311 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1187,14 +1187,14 @@ static void svm_recalc_instruction_intercepts(struc= t kvm_vcpu *vcpu, */ if (kvm_cpu_cap_has(X86_FEATURE_INVPCID)) { if (!npt_enabled || - !guest_cpuid_has(&svm->vcpu, X86_FEATURE_INVPCID)) + !guest_cpu_cap_has(&svm->vcpu, X86_FEATURE_INVPCID)) svm_set_intercept(svm, INTERCEPT_INVPCID); else svm_clr_intercept(svm, INTERCEPT_INVPCID); } =20 if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP)) { - if (guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP)) svm_clr_intercept(svm, INTERCEPT_RDTSCP); else svm_set_intercept(svm, INTERCEPT_RDTSCP); @@ -2940,7 +2940,7 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) break; case MSR_AMD64_VIRT_SPEC_CTRL: if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_VIRT_SSBD)) return 1; =20 msr_info->data =3D svm->virt_spec_ctrl; @@ -3091,7 +3091,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr) break; case MSR_AMD64_VIRT_SPEC_CTRL: if (!msr->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_VIRT_SSBD)) return 1; =20 if (data & ~SPEC_CTRL_SSBD) @@ -3272,7 +3272,7 @@ static int invpcid_interception(struct kvm_vcpu *vcpu) unsigned long type; gva_t gva; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) { + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_INVPCID)) { kvm_queue_exception(vcpu, UD_VECTOR); return 1; } @@ -4404,7 +4404,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu = *vcpu) guest_cpu_cap_change(vcpu, X86_FEATURE_XSAVES, boot_cpu_has(X86_FEATURE_XSAVE) && boot_cpu_has(X86_FEATURE_XSAVES) && - guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)); + guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVE)); =20 /* * Intercept VMLOAD if the vCPU model is Intel in order to emulate that @@ -4422,7 +4422,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu = *vcpu) =20 if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) set_msr_interception(vcpu, svm->msrpm, MSR_IA32_FLUSH_CMD, 0, - !!guest_cpuid_has(vcpu, X86_FEATURE_FLUSH_L1D)); + !!guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); =20 if (sev_guest(vcpu->kvm)) sev_vcpu_after_set_cpuid(svm); @@ -4673,7 +4673,7 @@ static int svm_enter_smm(struct kvm_vcpu *vcpu, union= kvm_smram *smram) * responsible for ensuring nested SVM and SMIs are mutually exclusive. */ =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_LM)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) return 1; =20 smram->smram64.svm_guest_flag =3D 1; @@ -4720,14 +4720,14 @@ static int svm_leave_smm(struct kvm_vcpu *vcpu, con= st union kvm_smram *smram) =20 const struct kvm_smram_state_64 *smram64 =3D &smram->smram64; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_LM)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) return 0; =20 /* Non-zero if SMI arrived while vCPU was in guest mode. */ if (!smram64->svm_guest_flag) return 0; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_SVM)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_SVM)) return 1; =20 if (!(smram64->efer & EFER_SVME)) diff --git a/arch/x86/kvm/vmx/hyperv.h b/arch/x86/kvm/vmx/hyperv.h index a87407412615..11a339009781 100644 --- a/arch/x86/kvm/vmx/hyperv.h +++ b/arch/x86/kvm/vmx/hyperv.h @@ -42,7 +42,7 @@ static inline struct hv_enlightened_vmcs *nested_vmx_evmc= s(struct vcpu_vmx *vmx) return vmx->nested.hv_evmcs; } =20 -static inline bool guest_cpuid_has_evmcs(struct kvm_vcpu *vcpu) +static inline bool guest_cpu_cap_has_evmcs(struct kvm_vcpu *vcpu) { /* * eVMCS is exposed to the guest if Hyper-V is enabled in CPUID and diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 9aaa703f5f98..af2a8b021d0f 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -257,7 +257,7 @@ static bool nested_evmcs_handle_vmclear(struct kvm_vcpu= *vcpu, gpa_t vmptr) * state. It is possible that the area will stay mapped as * vmx->nested.hv_evmcs but this shouldn't be a problem. */ - if (!guest_cpuid_has_evmcs(vcpu) || + if (!guest_cpu_cap_has_evmcs(vcpu) || !evmptr_is_valid(nested_get_evmptr(vcpu))) return false; =20 @@ -2089,7 +2089,7 @@ static enum nested_evmptrld_status nested_vmx_handle_= enlightened_vmptrld( bool evmcs_gpa_changed =3D false; u64 evmcs_gpa; =20 - if (likely(!guest_cpuid_has_evmcs(vcpu))) + if (likely(!guest_cpu_cap_has_evmcs(vcpu))) return EVMPTRLD_DISABLED; =20 evmcs_gpa =3D nested_get_evmptr(vcpu); @@ -2992,7 +2992,7 @@ static int nested_vmx_check_controls(struct kvm_vcpu = *vcpu, return -EINVAL; =20 #ifdef CONFIG_KVM_HYPERV - if (guest_cpuid_has_evmcs(vcpu)) + if (guest_cpu_cap_has_evmcs(vcpu)) return nested_evmcs_check_controls(vmcs12); #endif =20 @@ -3287,7 +3287,7 @@ static bool nested_get_evmcs_page(struct kvm_vcpu *vc= pu) * L2 was running), map it here to make sure vmcs12 changes are * properly reflected. */ - if (guest_cpuid_has_evmcs(vcpu) && + if (guest_cpu_cap_has_evmcs(vcpu) && vmx->nested.hv_evmcs_vmptr =3D=3D EVMPTR_MAP_PENDING) { enum nested_evmptrld_status evmptrld_status =3D nested_vmx_handle_enlightened_vmptrld(vcpu, false); @@ -5015,7 +5015,7 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_= exit_reason, * doesn't isolate different VMCSs, i.e. in this case, doesn't provide * separate modes for L2 vs L1. */ - if (guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_SPEC_CTRL)) indirect_branch_prediction_barrier(); =20 /* Update any VMCS fields that might have changed while L2 ran */ @@ -6279,7 +6279,7 @@ static bool nested_vmx_exit_handled_encls(struct kvm_= vcpu *vcpu, { u32 encls_leaf; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_SGX) || + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_SGX) || !nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENCLS_EXITING)) return false; =20 diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c index 9c9d4a336166..77012b2eca0e 100644 --- a/arch/x86/kvm/vmx/pmu_intel.c +++ b/arch/x86/kvm/vmx/pmu_intel.c @@ -110,7 +110,7 @@ static struct kvm_pmc *intel_rdpmc_ecx_to_pmc(struct kv= m_vcpu *vcpu, =20 static inline u64 vcpu_get_perf_capabilities(struct kvm_vcpu *vcpu) { - if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_PDCM)) return 0; =20 return vcpu->arch.perf_capabilities; @@ -160,7 +160,7 @@ static bool intel_is_valid_msr(struct kvm_vcpu *vcpu, u= 32 msr) ret =3D vcpu_get_perf_capabilities(vcpu) & PERF_CAP_PEBS_FORMAT; break; case MSR_IA32_DS_AREA: - ret =3D guest_cpuid_has(vcpu, X86_FEATURE_DS); + ret =3D guest_cpu_cap_has(vcpu, X86_FEATURE_DS); break; case MSR_PEBS_DATA_CFG: perf_capabilities =3D vcpu_get_perf_capabilities(vcpu); diff --git a/arch/x86/kvm/vmx/sgx.c b/arch/x86/kvm/vmx/sgx.c index b352a3ba7354..9961e07cf071 100644 --- a/arch/x86/kvm/vmx/sgx.c +++ b/arch/x86/kvm/vmx/sgx.c @@ -122,7 +122,7 @@ static int sgx_inject_fault(struct kvm_vcpu *vcpu, gva_= t gva, int trapnr) * likely than a bad userspace address. */ if ((trapnr =3D=3D PF_VECTOR || !boot_cpu_has(X86_FEATURE_SGX2)) && - guest_cpuid_has(vcpu, X86_FEATURE_SGX2)) { + guest_cpu_cap_has(vcpu, X86_FEATURE_SGX2)) { memset(&ex, 0, sizeof(ex)); ex.vector =3D PF_VECTOR; ex.error_code =3D PFERR_PRESENT_MASK | PFERR_WRITE_MASK | @@ -365,7 +365,7 @@ static inline bool encls_leaf_enabled_in_guest(struct k= vm_vcpu *vcpu, u32 leaf) return true; =20 if (leaf >=3D EAUG && leaf <=3D EMODT) - return guest_cpuid_has(vcpu, X86_FEATURE_SGX2); + return guest_cpu_cap_has(vcpu, X86_FEATURE_SGX2); =20 return false; } @@ -381,8 +381,8 @@ int handle_encls(struct kvm_vcpu *vcpu) { u32 leaf =3D (u32)kvm_rax_read(vcpu); =20 - if (!enable_sgx || !guest_cpuid_has(vcpu, X86_FEATURE_SGX) || - !guest_cpuid_has(vcpu, X86_FEATURE_SGX1)) { + if (!enable_sgx || !guest_cpu_cap_has(vcpu, X86_FEATURE_SGX) || + !guest_cpu_cap_has(vcpu, X86_FEATURE_SGX1)) { kvm_queue_exception(vcpu, UD_VECTOR); } else if (!encls_leaf_enabled_in_guest(vcpu, leaf) || !sgx_enabled_in_guest_bios(vcpu) || !is_paging(vcpu)) { @@ -479,15 +479,15 @@ void vmx_write_encls_bitmap(struct kvm_vcpu *vcpu, st= ruct vmcs12 *vmcs12) if (!cpu_has_vmx_encls_vmexit()) return; =20 - if (guest_cpuid_has(vcpu, X86_FEATURE_SGX) && + if (guest_cpu_cap_has(vcpu, X86_FEATURE_SGX) && sgx_enabled_in_guest_bios(vcpu)) { - if (guest_cpuid_has(vcpu, X86_FEATURE_SGX1)) { + if (guest_cpu_cap_has(vcpu, X86_FEATURE_SGX1)) { bitmap &=3D ~GENMASK_ULL(ETRACK, ECREATE); if (sgx_intercept_encls_ecreate(vcpu)) bitmap |=3D (1 << ECREATE); } =20 - if (guest_cpuid_has(vcpu, X86_FEATURE_SGX2)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_SGX2)) bitmap &=3D ~GENMASK_ULL(EMODT, EAUG); =20 /* diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a7c2c36f2a4f..6e5edaa2ba3a 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1908,8 +1908,8 @@ static void vmx_setup_uret_msrs(struct vcpu_vmx *vmx) vmx_setup_uret_msr(vmx, MSR_EFER, update_transition_efer(vmx)); =20 vmx_setup_uret_msr(vmx, MSR_TSC_AUX, - guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDTSCP) || - guest_cpuid_has(&vmx->vcpu, X86_FEATURE_RDPID)); + guest_cpu_cap_has(&vmx->vcpu, X86_FEATURE_RDTSCP) || + guest_cpu_cap_has(&vmx->vcpu, X86_FEATURE_RDPID)); =20 /* * hle=3D0, rtm=3D0, tsx_ctrl=3D1 can be found with some combinations of = new @@ -2062,7 +2062,7 @@ int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) case MSR_IA32_BNDCFGS: if (!kvm_mpx_supported() || (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_MPX))) + !guest_cpu_cap_has(vcpu, X86_FEATURE_MPX))) return 1; msr_info->data =3D vmcs_read64(GUEST_BNDCFGS); break; @@ -2078,7 +2078,7 @@ int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) break; case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3: if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_SGX_LC)) return 1; msr_info->data =3D to_vmx(vcpu)->msr_ia32_sgxlepubkeyhash [msr_info->index - MSR_IA32_SGXLEPUBKEYHASH0]; @@ -2097,7 +2097,7 @@ int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) * sanity checking and refuse to boot. Filter all unsupported * features out. */ - if (!msr_info->host_initiated && guest_cpuid_has_evmcs(vcpu)) + if (!msr_info->host_initiated && guest_cpu_cap_has_evmcs(vcpu)) nested_evmcs_filter_control_msr(vcpu, msr_info->index, &msr_info->data); #endif @@ -2167,7 +2167,7 @@ static u64 nested_vmx_truncate_sysenter_addr(struct k= vm_vcpu *vcpu, u64 data) { #ifdef CONFIG_X86_64 - if (!guest_cpuid_has(vcpu, X86_FEATURE_LM)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) return (u32)data; #endif return (unsigned long)data; @@ -2178,7 +2178,7 @@ static u64 vmx_get_supported_debugctl(struct kvm_vcpu= *vcpu, bool host_initiated u64 debugctl =3D 0; =20 if (boot_cpu_has(X86_FEATURE_BUS_LOCK_DETECT) && - (host_initiated || guest_cpuid_has(vcpu, X86_FEATURE_BUS_LOCK_DETECT)= )) + (host_initiated || guest_cpu_cap_has(vcpu, X86_FEATURE_BUS_LOCK_DETEC= T))) debugctl |=3D DEBUGCTLMSR_BUS_LOCK_DETECT; =20 if ((kvm_caps.supported_perf_cap & PMU_CAP_LBR_FMT) && @@ -2282,7 +2282,7 @@ int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) case MSR_IA32_BNDCFGS: if (!kvm_mpx_supported() || (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_MPX))) + !guest_cpu_cap_has(vcpu, X86_FEATURE_MPX))) return 1; if (is_noncanonical_msr_address(data & PAGE_MASK, vcpu) || (data & MSR_IA32_BNDCFGS_RSVD)) @@ -2384,7 +2384,7 @@ int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) * behavior, but it's close enough. */ if (!msr_info->host_initiated && - (!guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC) || + (!guest_cpu_cap_has(vcpu, X86_FEATURE_SGX_LC) || ((vmx->msr_ia32_feature_control & FEAT_CTL_LOCKED) && !(vmx->msr_ia32_feature_control & FEAT_CTL_SGX_LC_ENABLED)))) return 1; @@ -2468,9 +2468,9 @@ int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_dat= a *msr_info) if ((data & PERF_CAP_PEBS_MASK) !=3D (kvm_caps.supported_perf_cap & PERF_CAP_PEBS_MASK)) return 1; - if (!guest_cpuid_has(vcpu, X86_FEATURE_DS)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_DS)) return 1; - if (!guest_cpuid_has(vcpu, X86_FEATURE_DTES64)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_DTES64)) return 1; if (!cpuid_model_is_consistent(vcpu)) return 1; @@ -4590,10 +4590,7 @@ vmx_adjust_secondary_exec_control(struct vcpu_vmx *v= mx, u32 *exec_control, bool __enabled; \ \ if (cpu_has_vmx_##name()) { \ - if (kvm_is_governed_feature(X86_FEATURE_##feat_name)) \ - __enabled =3D guest_cpu_cap_has(__vcpu, X86_FEATURE_##feat_name); \ - else \ - __enabled =3D guest_cpuid_has(__vcpu, X86_FEATURE_##feat_name); \ + __enabled =3D guest_cpu_cap_has(__vcpu, X86_FEATURE_##feat_name); \ vmx_adjust_secondary_exec_control(vmx, exec_control, SECONDARY_EXEC_##ct= rl_name,\ __enabled, exiting); \ } \ @@ -4669,8 +4666,8 @@ static u32 vmx_secondary_exec_control(struct vcpu_vmx= *vmx) */ if (cpu_has_vmx_rdtscp()) { bool rdpid_or_rdtscp_enabled =3D - guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP) || - guest_cpuid_has(vcpu, X86_FEATURE_RDPID); + guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) || + guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID); =20 vmx_adjust_secondary_exec_control(vmx, &exec_control, SECONDARY_EXEC_ENABLE_RDTSCP, @@ -5959,7 +5956,7 @@ static int handle_invpcid(struct kvm_vcpu *vcpu) } operand; int gpr_index; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_INVPCID)) { + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_INVPCID)) { kvm_queue_exception(vcpu, UD_VECTOR); return 1; } @@ -7829,7 +7826,7 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) * set if and only if XSAVE is supported. */ if (!boot_cpu_has(X86_FEATURE_XSAVE) || - !guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVE)) guest_cpu_cap_clear(vcpu, X86_FEATURE_XSAVES); =20 vmx_setup_uret_msrs(vmx); @@ -7851,21 +7848,21 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) nested_vmx_cr_fixed1_bits_update(vcpu); =20 if (boot_cpu_has(X86_FEATURE_INTEL_PT) && - guest_cpuid_has(vcpu, X86_FEATURE_INTEL_PT)) + guest_cpu_cap_has(vcpu, X86_FEATURE_INTEL_PT)) update_intel_pt_cfg(vcpu); =20 if (boot_cpu_has(X86_FEATURE_RTM)) { struct vmx_uret_msr *msr; msr =3D vmx_find_uret_msr(vmx, MSR_IA32_TSX_CTRL); if (msr) { - bool enabled =3D guest_cpuid_has(vcpu, X86_FEATURE_RTM); + bool enabled =3D guest_cpu_cap_has(vcpu, X86_FEATURE_RTM); vmx_set_guest_uret_msr(vmx, msr, enabled ? 0 : TSX_CTRL_RTM_DISABLE); } } =20 if (kvm_cpu_cap_has(X86_FEATURE_XFD)) vmx_set_intercept_for_msr(vcpu, MSR_IA32_XFD_ERR, MSR_TYPE_R, - !guest_cpuid_has(vcpu, X86_FEATURE_XFD)); + !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD)); =20 if (boot_cpu_has(X86_FEATURE_IBPB)) vmx_set_intercept_for_msr(vcpu, MSR_IA32_PRED_CMD, MSR_TYPE_W, @@ -7873,17 +7870,17 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) =20 if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) vmx_set_intercept_for_msr(vcpu, MSR_IA32_FLUSH_CMD, MSR_TYPE_W, - !guest_cpuid_has(vcpu, X86_FEATURE_FLUSH_L1D)); + !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)); =20 set_cr4_guest_host_mask(vmx); =20 vmx_write_encls_bitmap(vcpu, NULL); - if (guest_cpuid_has(vcpu, X86_FEATURE_SGX)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_SGX)) vmx->msr_ia32_feature_control_valid_bits |=3D FEAT_CTL_SGX_ENABLED; else vmx->msr_ia32_feature_control_valid_bits &=3D ~FEAT_CTL_SGX_ENABLED; =20 - if (guest_cpuid_has(vcpu, X86_FEATURE_SGX_LC)) + if (guest_cpu_cap_has(vcpu, X86_FEATURE_SGX_LC)) vmx->msr_ia32_feature_control_valid_bits |=3D FEAT_CTL_SGX_LC_ENABLED; else diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 1ee955cdb109..cc4563fb07d1 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1502,10 +1502,10 @@ static u64 kvm_dr6_fixed(struct kvm_vcpu *vcpu) { u64 fixed =3D DR6_FIXED_1; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_RTM)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_RTM)) fixed |=3D DR6_RTM; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_BUS_LOCK_DETECT)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_BUS_LOCK_DETECT)) fixed |=3D DR6_BUS_LOCK; return fixed; } @@ -1681,20 +1681,20 @@ static int do_get_feature_msr(struct kvm_vcpu *vcpu= , unsigned index, u64 *data) =20 static bool __kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer) { - if (efer & EFER_AUTOIBRS && !guest_cpuid_has(vcpu, X86_FEATURE_AUTOIBRS)) + if (efer & EFER_AUTOIBRS && !guest_cpu_cap_has(vcpu, X86_FEATURE_AUTOIBRS= )) return false; =20 - if (efer & EFER_FFXSR && !guest_cpuid_has(vcpu, X86_FEATURE_FXSR_OPT)) + if (efer & EFER_FFXSR && !guest_cpu_cap_has(vcpu, X86_FEATURE_FXSR_OPT)) return false; =20 - if (efer & EFER_SVME && !guest_cpuid_has(vcpu, X86_FEATURE_SVM)) + if (efer & EFER_SVME && !guest_cpu_cap_has(vcpu, X86_FEATURE_SVM)) return false; =20 if (efer & (EFER_LME | EFER_LMA) && - !guest_cpuid_has(vcpu, X86_FEATURE_LM)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_LM)) return false; =20 - if (efer & EFER_NX && !guest_cpuid_has(vcpu, X86_FEATURE_NX)) + if (efer & EFER_NX && !guest_cpu_cap_has(vcpu, X86_FEATURE_NX)) return false; =20 return true; @@ -1836,8 +1836,8 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 i= ndex, u64 data, return 1; =20 if (!host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP) && - !guest_cpuid_has(vcpu, X86_FEATURE_RDPID)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) && + !guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID)) return 1; =20 /* @@ -1894,8 +1894,8 @@ int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u= 64 *data, return 1; =20 if (!host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_RDTSCP) && - !guest_cpuid_has(vcpu, X86_FEATURE_RDPID)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_RDTSCP) && + !guest_cpu_cap_has(vcpu, X86_FEATURE_RDPID)) return 1; break; } @@ -2081,7 +2081,7 @@ EXPORT_SYMBOL_GPL(kvm_handle_invalid_op); static int kvm_emulate_monitor_mwait(struct kvm_vcpu *vcpu, const char *in= sn) { if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS) = && - !guest_cpuid_has(vcpu, X86_FEATURE_MWAIT)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_MWAIT)) return kvm_handle_invalid_op(vcpu); =20 pr_warn_once("%s instruction emulated as NOP!\n", insn); @@ -3753,13 +3753,13 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struc= t msr_data *msr_info) break; case MSR_IA32_ARCH_CAPABILITIES: if (!msr_info->host_initiated || - !guest_cpuid_has(vcpu, X86_FEATURE_ARCH_CAPABILITIES)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_ARCH_CAPABILITIES)) return KVM_MSR_RET_UNSUPPORTED; vcpu->arch.arch_capabilities =3D data; break; case MSR_IA32_PERF_CAPABILITIES: if (!msr_info->host_initiated || - !guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_PDCM)) return KVM_MSR_RET_UNSUPPORTED; =20 if (data & ~kvm_caps.supported_perf_cap) @@ -3783,11 +3783,11 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struc= t msr_data *msr_info) if ((!guest_has_pred_cmd_msr(vcpu))) return 1; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL) && - !guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBPB)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_SPEC_CTRL) && + !guest_cpu_cap_has(vcpu, X86_FEATURE_AMD_IBPB)) reserved_bits |=3D PRED_CMD_IBPB; =20 - if (!guest_cpuid_has(vcpu, X86_FEATURE_SBPB)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_SBPB)) reserved_bits |=3D PRED_CMD_SBPB; } =20 @@ -3808,7 +3808,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) } case MSR_IA32_FLUSH_CMD: if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_FLUSH_L1D)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_FLUSH_L1D)) return 1; =20 if (!boot_cpu_has(X86_FEATURE_FLUSH_L1D) || (data & ~L1D_FLUSH)) @@ -3859,7 +3859,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) kvm_set_lapic_tscdeadline_msr(vcpu, data); break; case MSR_IA32_TSC_ADJUST: - if (guest_cpuid_has(vcpu, X86_FEATURE_TSC_ADJUST)) { + if (guest_cpu_cap_has(vcpu, X86_FEATURE_TSC_ADJUST)) { if (!msr_info->host_initiated) { s64 adj =3D data - vcpu->arch.ia32_tsc_adjust_msr; adjust_tsc_offset_guest(vcpu, adj); @@ -3886,7 +3886,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) =20 if (!kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT) = && ((old_val ^ data) & MSR_IA32_MISC_ENABLE_MWAIT)) { - if (!guest_cpuid_has(vcpu, X86_FEATURE_XMM3)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_XMM3)) return 1; vcpu->arch.ia32_misc_enable_msr =3D data; kvm_update_cpuid_runtime(vcpu); @@ -4063,12 +4063,12 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struc= t msr_data *msr_info) kvm_pr_unimpl_wrmsr(vcpu, msr, data); break; case MSR_AMD64_OSVW_ID_LENGTH: - if (!guest_cpuid_has(vcpu, X86_FEATURE_OSVW)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_OSVW)) return 1; vcpu->arch.osvw.length =3D data; break; case MSR_AMD64_OSVW_STATUS: - if (!guest_cpuid_has(vcpu, X86_FEATURE_OSVW)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_OSVW)) return 1; vcpu->arch.osvw.status =3D data; break; @@ -4087,7 +4087,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) #ifdef CONFIG_X86_64 case MSR_IA32_XFD: if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_XFD)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD)) return 1; =20 if (data & ~kvm_guest_supported_xfd(vcpu)) @@ -4097,7 +4097,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) break; case MSR_IA32_XFD_ERR: if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_XFD)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD)) return 1; =20 if (data & ~kvm_guest_supported_xfd(vcpu)) @@ -4212,12 +4212,12 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struc= t msr_data *msr_info) msr_info->data =3D vcpu->arch.microcode_version; break; case MSR_IA32_ARCH_CAPABILITIES: - if (!guest_cpuid_has(vcpu, X86_FEATURE_ARCH_CAPABILITIES)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_ARCH_CAPABILITIES)) return KVM_MSR_RET_UNSUPPORTED; msr_info->data =3D vcpu->arch.arch_capabilities; break; case MSR_IA32_PERF_CAPABILITIES: - if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_PDCM)) return KVM_MSR_RET_UNSUPPORTED; msr_info->data =3D vcpu->arch.perf_capabilities; break; @@ -4418,12 +4418,12 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struc= t msr_data *msr_info) msr_info->data =3D 0xbe702111; break; case MSR_AMD64_OSVW_ID_LENGTH: - if (!guest_cpuid_has(vcpu, X86_FEATURE_OSVW)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_OSVW)) return 1; msr_info->data =3D vcpu->arch.osvw.length; break; case MSR_AMD64_OSVW_STATUS: - if (!guest_cpuid_has(vcpu, X86_FEATURE_OSVW)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_OSVW)) return 1; msr_info->data =3D vcpu->arch.osvw.status; break; @@ -4442,14 +4442,14 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struc= t msr_data *msr_info) #ifdef CONFIG_X86_64 case MSR_IA32_XFD: if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_XFD)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD)) return 1; =20 msr_info->data =3D vcpu->arch.guest_fpu.fpstate->xfd; break; case MSR_IA32_XFD_ERR: if (!msr_info->host_initiated && - !guest_cpuid_has(vcpu, X86_FEATURE_XFD)) + !guest_cpu_cap_has(vcpu, X86_FEATURE_XFD)) return 1; =20 msr_info->data =3D vcpu->arch.guest_fpu.xfd_err; @@ -8502,17 +8502,17 @@ static bool emulator_get_cpuid(struct x86_emulate_c= txt *ctxt, =20 static bool emulator_guest_has_movbe(struct x86_emulate_ctxt *ctxt) { - return guest_cpuid_has(emul_to_vcpu(ctxt), X86_FEATURE_MOVBE); + return guest_cpu_cap_has(emul_to_vcpu(ctxt), X86_FEATURE_MOVBE); } =20 static bool emulator_guest_has_fxsr(struct x86_emulate_ctxt *ctxt) { - return guest_cpuid_has(emul_to_vcpu(ctxt), X86_FEATURE_FXSR); + return guest_cpu_cap_has(emul_to_vcpu(ctxt), X86_FEATURE_FXSR); } =20 static bool emulator_guest_has_rdpid(struct x86_emulate_ctxt *ctxt) { - return guest_cpuid_has(emul_to_vcpu(ctxt), X86_FEATURE_RDPID); + return guest_cpu_cap_has(emul_to_vcpu(ctxt), X86_FEATURE_RDPID); } =20 static bool emulator_guest_cpuid_is_intel_compatible(struct x86_emulate_ct= xt *ctxt) --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D79501CEAA0 for ; Thu, 28 Nov 2024 01:36:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757763; cv=none; b=YP7dqr3zYrYZVHp132tINaJLltWo3VcOmSoRnbCzxdrRWK/+uUd7DDIybMlH6fDVqA2/oXS86/XWLGDPizmH+uPKZr6f1YUhOFPVyqGJbFgfOM7BAYEDNPCetWoeKg6ByFL/+oFhP4p09k1Ul49I38+I8RQwZYycw/H9al8/CrI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757763; c=relaxed/simple; bh=UGQtKvn16ZV/4C8CCLUFGRgLWpqSOYFX6Ot6ILNhdrg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XuFnXCTCgiy4J1xnJjDM9LzrEduKEVSUNIL6CxSyMXwAqqspQ5YztoFZJaDpczN+mpabxOF2oCIUJV5L5OwuHsD5LWX1mHmRn+ysxx3Q9GjyU8XipQdx7Epz5oyj1RNK5/3AFydM8UmC1gUEH0/EF53U5IrhxGhU3rlmoX/Yhkw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=BjBrcJ10; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="BjBrcJ10" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-7250da8a2a5so365535b3a.0 for ; Wed, 27 Nov 2024 17:36:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757761; x=1733362561; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=taMQEzcRa7YqlC/xz4BvUNJGPN3JpmMrop9avvyNBPs=; b=BjBrcJ10RV6dYNRXJR4KfiZ0jrm6gdYfUS3JYuLp+QQfvY8IYol1zYYxTA/K5L0v2Q jfD66CiWIfe7UZQ8bIc3jpBFkbPkDpZAkcI+9LV1J03jvG9RZW9S8OibuycLKxzRG7ns ipqeDKhgWbKYSl/YhH7fZYGhmojoYhseK8aTLdxc7zEXaz7w0JH1nobhxX3O08Fsfdie vP6aXf+Agy4L+zrZeulWfXlc0k4v7JNWTYK0fGo6EBAGG2iGk8ji4jh9F03hObfHNE49 Of8iUrvsKL8YsY4FKkbk3yDJcqDInCcJjnHXyMQi6fFuOj8p+qye7thMvsyU8bYoRy7h Lddw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757761; x=1733362561; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=taMQEzcRa7YqlC/xz4BvUNJGPN3JpmMrop9avvyNBPs=; b=l77GP+v7IMTpV3XO90Y09NyhOSU8ay3sdeyy3TfGW+IojAlWLaylfj/S0yd7i9S2fj DN65a1KrMcwSNGaMrpL5rNo+Yign6FU8qtd71vX5OcfsZBGZo+rG15UDcNwJmuzDu6Qe CSDedRZ8XcnHnpe682z59T0zln934enovAltxrcBvRa9R4ijBrdBwD/Fg0Hc6mUwWiBB cJVLI4bm1rtrL1qsmPSBHZntj7e3P7Eg/IOTVyepcIZVKZMQNjKkzHI/M08Yl/4TtAcH IedCsTiykoESFT4IJQVomVmX8sh5s1zLQhhS73IdBBgYLAUxz8ckwD5GG2A9XnxqHYCd +jSA== X-Forwarded-Encrypted: i=1; AJvYcCV2+LYC4neD9gO6eXLRaUVIH/pOk9Zqz4OXcovVY3KcGi3xQaBVzPwRv790kkTKylQICK0dIuj8J84jBFM=@vger.kernel.org X-Gm-Message-State: AOJu0Yyl2n0OxxlFP5v1xsj+eohBRXF04cX3mwiYpET1yyI9grcgzNdC xJxrOI5VP23jSnugay4UYVw8oSys3mRuHoo1OrxUP5ASjrDo5NpP8cgYMZ5LVyX7nJhXMA34kZY KFA== X-Google-Smtp-Source: AGHT+IFIVvp2w9dKtTRkfao6OgNQxbqBRKc/t7Il86/MlJOVJC006+/HRidtUDBBvGNaX9G3lBburcuABwE= X-Received: from pjtd1.prod.google.com ([2002:a17:90b:41:b0:2ed:f958:16e6]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:2583:b0:1e0:dd4d:1de4 with SMTP id adf61e73a8af0-1e0e0b3688emr9046630637.23.1732757761302; Wed, 27 Nov 2024 17:36:01 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:18 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-52-seanjc@google.com> Subject: [PATCH v3 51/57] KVM: x86: Drop superfluous host XSAVE check when adjusting guest XSAVES caps From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop the manual boot_cpu_has() checks on XSAVE when adjusting the guest's XSAVES capabilities now that guest cpu_caps incorporates KVM's support. The guest's cpu_caps are initialized from kvm_cpu_caps, which are in turn initialized from boot_cpu_data, i.e. checking guest_cpu_cap_has() also checks host/KVM capabilities (which is the entire point of cpu_caps). Cc: Maxim Levitsky Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 1 - arch/x86/kvm/vmx/vmx.c | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 734b3ca40311..07911ddf1efe 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4402,7 +4402,6 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu = *vcpu) * the guest read/write access to the host's XSS. */ guest_cpu_cap_change(vcpu, X86_FEATURE_XSAVES, - boot_cpu_has(X86_FEATURE_XSAVE) && boot_cpu_has(X86_FEATURE_XSAVES) && guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVE)); =20 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6e5edaa2ba3a..cf872d8691b5 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7825,8 +7825,7 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) * to the guest. XSAVES depends on CR4.OSXSAVE, and CR4.OSXSAVE can be * set if and only if XSAVE is supported. */ - if (!boot_cpu_has(X86_FEATURE_XSAVE) || - !guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVE)) + if (!guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVE)) guest_cpu_cap_clear(vcpu, X86_FEATURE_XSAVES); =20 vmx_setup_uret_msrs(vmx); --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CC441CEE88 for ; Thu, 28 Nov 2024 01:36:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757765; cv=none; b=PmYzXPlom0K/tshufltJneiOIJdoWFe/1o1WwpqnbPgr29kMQ+tJSMsTEySUb6x1RIn1qEfU2WZH9V37AHpnQurQjlpbprZb7Cxk1qD7pumZUlwhYGxnBEZIJbvPtK9SkErOsNOZtnWEDl7N8D1CvFUKkiGr714AvqSKFRBwnDE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757765; c=relaxed/simple; bh=R+Jy+4BCnS+JqaVrYJvT66a9YrgXyVUkAuexl3Wd8eo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pQ63ePZWdIU6FiNNsyy8mmSeYPLunjZFF8kCOsa5F0jlaFC18ELto5TGzoZcJlogAEsgFKJUaJ4DG4CHDAr63UbtBtBtincgsPuQ1sCSEbMfwtQiETqKwMZCcOz7HAdjTK0vg13Bjac3WoHvJgdllr5uI60NhUsAx0YnYk8YJWw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TrPJzA5U; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TrPJzA5U" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2e5efb04da7so380439a91.0 for ; Wed, 27 Nov 2024 17:36:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757763; x=1733362563; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=LnF7ynB4Px9kV74WJlG52B9/ebUeqESErE/aee+VqeA=; b=TrPJzA5U0yB9VEXElcPy9+ymvPZqo5yH4w4qRKGwkYF1czE0Ce7kCPT/FWitVrVZr7 UdIGiNFOWJfWHJ3OzexecauDjTo9muPHKK9VSuO6Ghv4cOjH6k4a93wJW5LltBqWVZN4 LFRIib2ntV8ADqpUmQ88/RE4Z6hJoxx6D7LT/e2qYm8Tq0Md/lPOCCIBgsAeZ4XkmPde 1ke7XpSuBmAojBIdNA5vi+vnBT5pY45KTN3DCPjvHfdfGBZuYxa/T1zEA/fgiM2UFqWM QkNSbdcW3jyMN3mRVBPsjmiSmBVVw2a3q5Tacqcrt+9Qf75GXNqeuZ5i5sK7/Gqindxs Yang== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757763; x=1733362563; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LnF7ynB4Px9kV74WJlG52B9/ebUeqESErE/aee+VqeA=; b=kREKWJRbH/qDAHAT6cMLvx7CiNndQ7p/ro6hBbWOr9eNAZ06hBZQ0KeWsi6tBFyadj ZVYCwGG8YSkCs/58a7rXCR1bWmA8RKvYbO6v0/TyxuLgAGC2Yxe5nVgG++0F9xpQ5Y3e Rg06Ua1lj8HVFxFPaqqrU847+63mFNQEe3w2p2yDsCAKS9BIsN9/z1kHRVQ7g6h40uQg Oe+TmeW1/Vw9MM+3x+WIM5nwRxWP2w1E9l34I/nJqxhHkcGBZSZHPspKbj03eqNMhYpU X7YscuthORAuT6s5iUlOatxOG8gxS5tZ2WO/i2f+uFRskL4vdA3+yqeAEAoyE1FLjV9w xg8Q== X-Forwarded-Encrypted: i=1; AJvYcCWDxtGilxxR2jwgfVFKZrnQrRkuw1QRr5HgZdQUsm9miYdh5M8p/tTkiIIKdgijrwKFDBS66T1b/+si06c=@vger.kernel.org X-Gm-Message-State: AOJu0YyPNqqnpVfJwUonSJ8ejpVgmwFNerqsoGZfnVwkVUY9pf4BAwtM 8IdCIZclH+pbTa6PTPoi54YJLSM9WpKu2ZizdaghKaEaL3cmKCMc2OSmqiS5fvq8iHexHtVfAA5 AAQ== X-Google-Smtp-Source: AGHT+IFaKmXX2SmUl85eulR6undd8wSLSTIU71ulzpYU7OrJRQuWYdazMGn7J2i6eG5vSRcVKgle9L91+VI= X-Received: from pjbpd3.prod.google.com ([2002:a17:90b:1dc3:b0:2ea:543f:9b80]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3147:b0:2ea:5e0c:2852 with SMTP id 98e67ed59e1d1-2ee08e9fd7bmr6856873a91.11.1732757763167; Wed, 27 Nov 2024 17:36:03 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:19 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-53-seanjc@google.com> Subject: [PATCH v3 52/57] KVM: x86: Add a macro for features that are synthesized into boot_cpu_data From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add yet another CPUID macro, this time for features that the host kernel synthesizes into boot_cpu_data, i.e. that the kernel force sets even in situations where the feature isn't reported by CPUID. Thanks to the macro shenanigans of kvm_cpu_cap_init(), such features can now be handled in the core CPUID framework, i.e. don't need to be handled out-of-band and thus without as many guardrails. Adding a dedicated macro also helps document what's going on, e.g. the calls to kvm_cpu_cap_check_and_set() are very confusing unless the reader knows exactly how kvm_cpu_cap_init() generates kvm_cpu_caps (and even then, it's far from obvious). Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 49 +++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 8d088a888a0d..2b05a7e61994 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -665,6 +665,7 @@ do { \ const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); \ const u32 __maybe_unused kvm_cpu_cap_init_in_progress =3D leaf; \ u32 kvm_cpu_cap_passthrough =3D 0; \ + u32 kvm_cpu_cap_synthesized =3D 0; \ u32 kvm_cpu_cap_emulated =3D 0; \ \ if (leaf < NCAPINTS) \ @@ -673,7 +674,8 @@ do { \ kvm_cpu_caps[leaf] =3D (mask); \ \ kvm_cpu_caps[leaf] |=3D kvm_cpu_cap_passthrough; \ - kvm_cpu_caps[leaf] &=3D raw_cpuid_get(cpuid); \ + kvm_cpu_caps[leaf] &=3D (raw_cpuid_get(cpuid) | \ + kvm_cpu_cap_synthesized); \ kvm_cpu_caps[leaf] |=3D kvm_cpu_cap_emulated; \ } while (0) =20 @@ -720,6 +722,17 @@ do { \ F(name); \ }) =20 +/* + * Synthesized Feature - For features that are synthesized into boot_cpu_d= ata, + * i.e. may not be present in the raw CPUID, but can still be advertised to + * userspace. Primarily used for mitigation related feature flags. + */ +#define SYNTHESIZED_F(name) \ +({ \ + kvm_cpu_cap_synthesized |=3D F(name); \ + F(name); \ +}) + /* * Passthrough Feature - For features that KVM supports based purely on raw * hardware CPUID, i.e. that KVM virtualizes even if the host kernel doesn= 't @@ -1084,35 +1097,32 @@ void kvm_set_cpu_caps(void) =20 kvm_cpu_cap_init(CPUID_8000_0021_EAX, F(NO_NESTED_DATA_BP) | - F(LFENCE_RDTSC) | + /* + * Synthesize "LFENCE is serializing" into the AMD-defined entry + * in KVM's supported CPUID, i.e. if the feature is reported as + * supported by the kernel. LFENCE_RDTSC was a Linux-defined + * synthetic feature long before AMD joined the bandwagon, e.g. + * LFENCE is serializing on most CPUs that support SSE2. On + * CPUs that don't support AMD's leaf, ANDing with the raw host + * CPUID will drop the flags, and reporting support in AMD's + * leaf can make it easier for userspace to detect the feature. + */ + SYNTHESIZED_F(LFENCE_RDTSC) | 0 /* SmmPgCfgLock */ | F(NULL_SEL_CLR_BASE) | F(AUTOIBRS) | EMULATED_F(NO_SMM_CTL_MSR) | 0 /* PrefetchCtlMsr */ | - F(WRMSR_XX_BASE_NS) + F(WRMSR_XX_BASE_NS) | + SYNTHESIZED_F(SBPB) | + SYNTHESIZED_F(IBPB_BRTYPE) | + SYNTHESIZED_F(SRSO_NO) ); =20 - kvm_cpu_cap_check_and_set(X86_FEATURE_SBPB); - kvm_cpu_cap_check_and_set(X86_FEATURE_IBPB_BRTYPE); - kvm_cpu_cap_check_and_set(X86_FEATURE_SRSO_NO); - kvm_cpu_cap_init(CPUID_8000_0022_EAX, F(PERFMON_V2) ); =20 - /* - * Synthesize "LFENCE is serializing" into the AMD-defined entry in - * KVM's supported CPUID if the feature is reported as supported by the - * kernel. LFENCE_RDTSC was a Linux-defined synthetic feature long - * before AMD joined the bandwagon, e.g. LFENCE is serializing on most - * CPUs that support SSE2. On CPUs that don't support AMD's leaf, - * kvm_cpu_cap_init() will unfortunately drop the flag due to ANDing - * the mask with the raw host CPUID, and reporting support in AMD's - * leaf can make it easier for userspace to detect the feature. - */ - if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC)) - kvm_cpu_cap_set(X86_FEATURE_LFENCE_RDTSC); if (!static_cpu_has_bug(X86_BUG_NULL_SEG)) kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE); =20 @@ -1150,6 +1160,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); #undef SF #undef X86_64_F #undef EMULATED_F +#undef SYNTHESIZED_F #undef PASSTHROUGH_F #undef ALIASED_1_EDX_F =20 --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86EF41CF2A6 for ; Thu, 28 Nov 2024 01:36:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757767; cv=none; b=QzSXrOxk7l/5VO7uSTBRTetB/pn/dbuabMpzFFiOHtDLUhbSIHD9ceHNCzQJxDd2Cz/gaSdUgSi3gGuZXE5CG94k5xO16D/Egs6ftKdbNsiOUACtEqqw3R2wpsZFID+YhmPOmFCUjn9ihIsZRne4suIJ/dKsgib/RnrEZ80Wu3M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757767; c=relaxed/simple; bh=MMiZl9iY/e+X4ElPn4IVVdodHF/M0Jd++AmXSEry4Kk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=RJfSUniZlMNdrW6HHlTpBiYWOZJ2nBOK2ZjArSR97d1b03wrQnsLHeytT8WGPfi2i3z23l5I0rM8jnwZU8M5eGQ0gg79vfmJ9tLlfwR0lrdnbNokXc26pT67gHDFME80a7FW/AoaGEgmEJTes7Go9ESVUq8a90JokLGm6XGH7c0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XWSTJS0v; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XWSTJS0v" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-724fc3f60c1so466019b3a.2 for ; Wed, 27 Nov 2024 17:36:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757765; x=1733362565; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=B//UkNeK73y2hzL0OUmcG/RbjTED96o4ACtsqb9F7d0=; b=XWSTJS0v1Kbj0+E0CGloAzU0TwicPl35VXAp4ZT2eX0RvlQrauuj9XQEzQONlyJyru TpNwLMUi9umZTNb5tUsi17e/0DzI21+57V494dcG/YmVXAHoPqAJvYoI6/3VKOoUxlE4 JaBx15PMUNZ215lQZ3tv1hq/Vu3R+UNAcZBSAcTp9lXEKbndYyzNxx5VHdIyvD+UG/g8 RBrbk76dCi+TLdmxgAzFUMJoOitCZEUBMu9Hlz0/GaQ+MoTuXerIfwQOFBoJ12WvXlYK xRa3pum0bmXvvbQTI4u5Q0JHtFWG8lG1VQQv8ZRrt43Z17whKjMUKhxLosWWEjcHsu7N +EWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757765; x=1733362565; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=B//UkNeK73y2hzL0OUmcG/RbjTED96o4ACtsqb9F7d0=; b=IsmpxrGMnMQgVsvccZ6URR3v9hdgWVqm2zzbNK1aMu6j6rvNleCqvT3RuQ6agRbNd2 2T5tCcBte9iiFaiWR/JdigithAR3sQ+3GcJvNIiy2Z7TGpZh3uOpz7YUFU5yo5Jf+bwM b70cyqhhyfb/UgcPO10moYsBAGJStpkAgmSrWuxhBlg/t8cxKBIPZJBb9TZ2luVar3Da a5y9ALpdmekjqJKHjA0kDB3EXRZuDZP12fdcGfofesh5t7z7/iVz4A3h+iL/k5nE8LY/ PLk4VN03AtkEbytnZVWTC3ROfk/+ibsTivRvaj+2lwA39hV6Awww4zeH4LH2RYc+tSB+ mvEQ== X-Forwarded-Encrypted: i=1; AJvYcCX8/fsLvDyqcoOkyGhJ4GALBEnYzmLRCVpWImfmDxtDjBQzGPKykMBsfO2FoxJFtUeLDl21gg4eDQPLwzE=@vger.kernel.org X-Gm-Message-State: AOJu0YxpoOyPe+wjaye7bV2ravp/Eu8c0gNfBduD5yI2POOCR7dWzdqZ VFRK0eQz7GmwJpaV2ksICxLFQ1S/2xAofl1AGrYEQA5cWdCaerOeEEw3DIVahYwpJImLXqvf3vt Qpg== X-Google-Smtp-Source: AGHT+IGav2YrMKCSsi0KLsriYCbteWLnwXMh9zd2luggfwwO3gPhoujBO8/44GnfWCNLBK+2ZL62U5efhiI= X-Received: from pjbpt17.prod.google.com ([2002:a17:90b:3d11:b0:2ea:5be5:da6]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:1192:b0:1e0:cd97:be with SMTP id adf61e73a8af0-1e0e0b8ce17mr7582568637.42.1732757764981; Wed, 27 Nov 2024 17:36:04 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:20 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-54-seanjc@google.com> Subject: [PATCH v3 53/57] KVM: x86: Pull CPUID capabilities from boot_cpu_data only as needed From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Don't memcpy() all of boot_cpu_data.x86_capability, and instead explicitly fill each kvm_cpu_cap_init leaf during kvm_cpu_cap_init(). While clever, copying all kernel capabilities risks over-reporting KVM capabilities, e.g. if KVM added support in __do_cpuid_func(), but neglected to init the supported set of capabilities. Note, explicitly grabbing leafs deliberately keeps Linux-defined leafs as 0! KVM should never advertise Linux-defined leafs; any relevant features that are "real", but scattered, must be gathered in their correct hardware- defined leaf. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 2b05a7e61994..3b8ec5e7e39a 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -657,21 +657,23 @@ static __always_inline u32 raw_cpuid_get(struct cpuid= _reg cpuid) } =20 /* - * For kernel-defined leafs, mask the boot CPU's pre-populated value. For= KVM- - * defined leafs, explicitly set the leaf, as KVM is the one and only auth= ority. + * For kernel-defined leafs, mask KVM's supported feature set with the ker= nel's + * capabilities as well as raw CPUID. For KVM-defined leafs, consult only= raw + * CPUID, as KVM is the one and only authority (in the kernel). */ #define kvm_cpu_cap_init(leaf, mask) \ do { \ const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); \ const u32 __maybe_unused kvm_cpu_cap_init_in_progress =3D leaf; \ + const u32 *kernel_cpu_caps =3D boot_cpu_data.x86_capability; \ u32 kvm_cpu_cap_passthrough =3D 0; \ u32 kvm_cpu_cap_synthesized =3D 0; \ u32 kvm_cpu_cap_emulated =3D 0; \ \ + kvm_cpu_caps[leaf] =3D (mask); \ + \ if (leaf < NCAPINTS) \ - kvm_cpu_caps[leaf] &=3D (mask); \ - else \ - kvm_cpu_caps[leaf] =3D (mask); \ + kvm_cpu_caps[leaf] &=3D kernel_cpu_caps[leaf]; \ \ kvm_cpu_caps[leaf] |=3D kvm_cpu_cap_passthrough; \ kvm_cpu_caps[leaf] &=3D (raw_cpuid_get(cpuid) | \ @@ -769,9 +771,6 @@ void kvm_set_cpu_caps(void) BUILD_BUG_ON(sizeof(kvm_cpu_caps) - (NKVMCAPINTS * sizeof(*kvm_cpu_caps))= > sizeof(boot_cpu_data.x86_capability)); =20 - memcpy(&kvm_cpu_caps, &boot_cpu_data.x86_capability, - sizeof(kvm_cpu_caps) - (NKVMCAPINTS * sizeof(*kvm_cpu_caps))); - kvm_cpu_cap_init(CPUID_1_ECX, F(XMM3) | F(PCLMULQDQ) | --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 403CD1CF5FE for ; Thu, 28 Nov 2024 01:36:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757768; cv=none; b=AMufXGJyLzb9+4BpC9OTr8xcm/PE2z/O+16i5QGeZjUfru6zSWL4eIXPlgsI/ZVmKJRFPmV2wBEytnOofsDx75p6Pv1DP/NshWQoJgX07X0LLON5np5VlIxEjhNFASkatcW2fwtrDFr4j7MxVwG3RIhvL4Kkx58SSu8Js4VfuvM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757768; c=relaxed/simple; bh=q5H8RZZerYPgdqEFcd8kT3tJYeAQ3CKuWYeZf9ZTiZs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KuJUMdAR260x2xtTMyRrz2nGGhn+HbILAyueyDIdafeELjbrLvVY3IYKFEFaNIxZKLCdR/Pm1nCaMb8/xFBH7WUij9YALkb/95v4i/F/glUQ86EKY4CrceMSGt6+Fa24noDq0uvyC8LvkbMdRIadEd3nP+ohdYc7oHtY1otxKuw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=hAj6xRB/; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="hAj6xRB/" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-7fb96d3a3a8so241457a12.1 for ; Wed, 27 Nov 2024 17:36:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757766; x=1733362566; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=xHYO12itxHcKJOUKglurMkGD35vhPyRkzhMBE6y2ZKM=; b=hAj6xRB/py3l6uvfAVFljn/QhtKKKbrX/tmvX0F8g3pmHm2B6TTHCs6avIOgwEiupv iNmA/44nDoTI05Bg8eOVsGqYgrLbiO5XQVp04/tfRQFVIxlM6RSPVNKxQcVYjRPVo9go FUqyxvBFvFczQkaq5zAyvvrsCq7h73czHmAN4pIHfMbAuNaYI0J8nQ0mwqfIflI9Tr5V +EsxNw1MfHxjmfM5OdXwYusaX2kagfp57M0yhMMGT8vgUq6nJBeJ6MMCphMlG6hMlqTC 00MB4CKtEAmtVBBzxzElo+dyQ48NiuCd7ytW1st87an/NtMWKwY6PLFUhVICN62AxVTs cD2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757766; x=1733362566; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xHYO12itxHcKJOUKglurMkGD35vhPyRkzhMBE6y2ZKM=; b=uoFJ/quXxGpVXKR5Fg6n1Fu1lavLw+DtvdNaQdev53FM6rhW7vpYhWMM1YhuR5rHfn FeXSmXSpKuDAhPXUXMbIUNtx3zTyoLI25qsZ9sHnd6cNzM+hqU2/oD2WqMg1g4fug//+ 43NeDeBiv+Jf0iP45JRQOvzjICSpNJh9V2AMffjpaMvTbCY6XU+gOMx2cxVblycV0upH P700izF6CAxGZ8CLcC1xL1twH7TJ6oiWaipAyXeOUwsDCq+/ESIzA4r2fjpdkHVs4GJv OS/o7vdQF5OH/9UYiQzuS9APrP6s/aLgCPlK4hcT5BQANvieAxFWG2n+hSA3zV1ksnNq r7Fg== X-Forwarded-Encrypted: i=1; AJvYcCXFFhaM4qGRuAR7xY34O17roJTdkxdn1/7kqdxsv7bBkDTe+zoGqKa3n0+v7czqqtiP4mCoDaHfBOvpjog=@vger.kernel.org X-Gm-Message-State: AOJu0YyKFxcD7RKhhaL4x6syWfZdhP0GjvDZf5mSVgrBJSnKgqQkx7xi YKgVhn9Jy3pHZ0n3jAJBQ2Frq9+ijQMD0O+5Uq/4LSVVCOHJVLCmVAVFxcb6JjLIAKdT4/5fW6g oGg== X-Google-Smtp-Source: AGHT+IFsZ7lUwr8xlH5j2a11OIwKwzMdkBSBsYNttISn1OXgnW6c5ZxkH8a1PS/+UB885szTzxPrrhkbuEE= X-Received: from pfbjc31.prod.google.com ([2002:a05:6a00:6c9f:b0:71e:5a11:d86]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:7485:b0:1e0:d8c1:4faf with SMTP id adf61e73a8af0-1e0e0b52b89mr8042361637.28.1732757766550; Wed, 27 Nov 2024 17:36:06 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:21 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-55-seanjc@google.com> Subject: [PATCH v3 54/57] KVM: x86: Rename "SF" macro to "SCATTERED_F" From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that each feature flag is on its own line, i.e. brevity isn't a major concern, drop the "SF" acronym and use the (almost) full name, SCATTERED_F. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3b8ec5e7e39a..a1a80f1f10ec 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -700,7 +700,7 @@ do { \ }) =20 /* Scattered Flag - For features that are scattered by cpufeatures.h. */ -#define SF(name) \ +#define SCATTERED_F(name) \ ({ \ BUILD_BUG_ON(X86_FEATURE_##name >=3D MAX_CPU_FEATURES); \ KVM_VALIDATE_CPU_CAP_USAGE(name); \ @@ -966,9 +966,9 @@ void kvm_set_cpu_caps(void) ); =20 kvm_cpu_cap_init(CPUID_12_EAX, - SF(SGX1) | - SF(SGX2) | - SF(SGX_EDECCSSA) + SCATTERED_F(SGX1) | + SCATTERED_F(SGX2) | + SCATTERED_F(SGX_EDECCSSA) ); =20 kvm_cpu_cap_init(CPUID_24_0_EBX, @@ -1035,7 +1035,7 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_GBPAGES); =20 kvm_cpu_cap_init(CPUID_8000_0007_EDX, - SF(CONSTANT_TSC) + SCATTERED_F(CONSTANT_TSC) ); =20 kvm_cpu_cap_init(CPUID_8000_0008_EBX, @@ -1156,7 +1156,7 @@ void kvm_set_cpu_caps(void) EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); =20 #undef F -#undef SF +#undef SCATTERED_F #undef X86_64_F #undef EMULATED_F #undef SYNTHESIZED_F --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1C6C1CFEA9 for ; Thu, 28 Nov 2024 01:36:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757770; cv=none; b=HQu/mLPeGPGzBVqTyxDg+Oa1h3BfC3iMuzDUwpkY4GkvWljQVu4oJy6AVjU3EgLUcHDdepktdYteCB8uOTOu/5d8eW5f+55+iieMlC4HQUZnTnx+u+pfwWoBk5bAK2YFsG3EMmoOnntssJO7PBPRIc67cafM5U8gai+eQKw4Tpk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757770; c=relaxed/simple; bh=R49XVj95vzRXKmLwQdP6oo0VVyehKxTCMWaAZazZJfA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=bgso/dFx3dWAg/wTbd1P8DXctH6FdA4+WAYP7r/hj7rOuhFcuDiMFKheSQDxYFxkjX3pgV5LO5p6orBe9h27Jadb/cTa1JhtwP7M6EvVStjtBAtlM60ByDLr0nRGmMHipJS3U2PvFfTHoFSbOWP+XxlmgU0sW7Qzb+Ys+vy+uq0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=aUAWzpyc; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="aUAWzpyc" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea45ba6b9aso419533a91.0 for ; Wed, 27 Nov 2024 17:36:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757768; x=1733362568; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=BbCzGtzIrTwyJgXyO8iEL18RFxRsVT7iWqurAFzR1X8=; b=aUAWzpyc7X3PSYZE9Xa3pqjBTHSUEt62Ra9zFd74EJwbH5hZ2RdnwED/5+K+3DZiYY /e8/nZ6p+sjp0eYPlliEfMYGzmslDn9BuCrLlWkPqirs1Uu3uyk7TlgbHyZ5IAEVYJ08 yUvO8TnUldqq9Z9r1PpSSVIcLFZVk8E2vu34TciSBqx0VoYvb9ogLE+fKgKYZoQcX7ej 9Y/CaNZZ3KoHocmTYwaM9TzlfIr9bld6og8T+8P1PsDqoJhD3M1UlHEO2UQgIXXElvyU e+5ilHH8fTMMNLGfczX52wNMdHiRJz8Is/Ev1zwlIHEZ8Dw5Se7+YCDq0ljAkjAuSrho gZBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757768; x=1733362568; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BbCzGtzIrTwyJgXyO8iEL18RFxRsVT7iWqurAFzR1X8=; b=h+nu7aVtlNHYk4orQ3pU0ptio83eMezqjapzUILjqacpLnKcYVNy74vNYko94Rzl45 p2dzqGW+1BNtYRzX7J2HeZZw27RHyeeMdY1mObXxz9BxXLMNxs7aeZvyRS0HaRmyFk11 UnIn80krPfTRFnqWqUtqx9AqbDvz4K8V1H69fQmD4gr2vabIvctx8uyYyubM33XsePAk 0As6iT/5GbRo+8BstzkUybMkvFh0GpqNn1SYMGFaZgwpW9/peu6iUf+LItDwNdHrnzks aHZMGKG9BoxjsaTWUpDWVR4xxBXeVWkPY5oTDLY1a7FcR8piT7XZTY8nGHs21dPLJGow HLHg== X-Forwarded-Encrypted: i=1; AJvYcCW72EL8eAKCTDIx/rCl5f0epbPrTNSXmuYtvVqy+M4sBSQZqyVd3FMpUyWiiedS9q2H2utVimOJrs3723M=@vger.kernel.org X-Gm-Message-State: AOJu0YwuFqHnVIgvqenPdSGOC3QgxKurpiXfmy37ysBteDE8m4H21SOK ok3wfmsHkb4/mpzv/jQeBMEPQBNk6Brors2mi+w73/ev+VuFr+8FIjfE+8GunTb53n9116d4dNj Zjw== X-Google-Smtp-Source: AGHT+IGANpzXQkLp25+HMAbiu14EmQkRHWfHHnr3gEjM9geytT/xBKhr7bm2r8T1054yxPvG8JKjq2RnVcg= X-Received: from pjbta13.prod.google.com ([2002:a17:90b:4ecd:b0:2ea:931d:7ced]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3148:b0:2ea:5083:6b6c with SMTP id 98e67ed59e1d1-2ee08e9fd86mr8134901a91.12.1732757768378; Wed, 27 Nov 2024 17:36:08 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:22 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-56-seanjc@google.com> Subject: [PATCH v3 55/57] KVM: x86: Explicitly track feature flags that require vendor enabling From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add another CPUID feature macro, VENDOR_F(), and use it to track features that KVM supports, but that need additional vendor support and so are conditionally enabled in vendor code. Currently, VENDOR_F() is mostly just documentation, but tracking all KVM-supported features will allow for asserting, at build time, take), that all features that are set, cleared, *or* checked by KVM are known to kvm_set_cpu_caps(). To fudge around a macro collision on 32-bit kernels, #undef DS to be able to get at X86_FEATURE_DS. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 59 ++++++++++++++++++++++++++++++++------------ 1 file changed, 43 insertions(+), 16 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index a1a80f1f10ec..5ac5fe2febf7 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -758,12 +758,25 @@ do { \ feature_bit(name); \ }) =20 +/* + * Vendor Features - For features that KVM supports, but are added in later + * because they require additional vendor enabling. + */ +#define VENDOR_F(name) \ +({ \ + KVM_VALIDATE_CPU_CAP_USAGE(name); \ + 0; \ +}) + /* * Undefine the MSR bit macro to avoid token concatenation issues when * processing X86_FEATURE_SPEC_CTRL_SSBD. */ #undef SPEC_CTRL_SSBD =20 +/* DS is defined by ptrace-abi.h on 32-bit builds. */ +#undef DS + void kvm_set_cpu_caps(void) { memset(kvm_cpu_caps, 0, sizeof(kvm_cpu_caps)); @@ -774,13 +787,14 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_init(CPUID_1_ECX, F(XMM3) | F(PCLMULQDQ) | - 0 /* DTES64 */ | + VENDOR_F(DTES64) | /* * NOTE: MONITOR (and MWAIT) are emulated as NOP, but *not* * advertised to guests via CPUID! */ 0 /* MONITOR */ | - 0 /* DS-CPL, VMX, SMX, EST */ | + VENDOR_F(VMX) | + 0 /* DS-CPL, SMX, EST */ | 0 /* TM2 */ | F(SSSE3) | 0 /* CNXT-ID */ | @@ -827,7 +841,9 @@ void kvm_set_cpu_caps(void) F(PSE36) | 0 /* PSN */ | F(CLFLUSH) | - 0 /* Reserved, DS, ACPI */ | + 0 /* Reserved */ | + VENDOR_F(DS) | + 0 /* ACPI */ | F(MMX) | F(FXSR) | F(XMM) | @@ -850,7 +866,7 @@ void kvm_set_cpu_caps(void) F(INVPCID) | F(RTM) | F(ZERO_FCS_FDS) | - 0 /*MPX*/ | + VENDOR_F(MPX) | F(AVX512F) | F(AVX512DQ) | F(RDSEED) | @@ -859,7 +875,7 @@ void kvm_set_cpu_caps(void) F(AVX512IFMA) | F(CLFLUSHOPT) | F(CLWB) | - 0 /*INTEL_PT*/ | + VENDOR_F(INTEL_PT) | F(AVX512PF) | F(AVX512ER) | F(AVX512CD) | @@ -884,7 +900,7 @@ void kvm_set_cpu_caps(void) F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | - 0 /*WAITPKG*/ | + VENDOR_F(WAITPKG) | F(SGX_LC) | F(BUS_LOCK_DETECT) ); @@ -980,7 +996,7 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_init(CPUID_8000_0001_ECX, F(LAHF_LM) | F(CMP_LEGACY) | - 0 /*SVM*/ | + VENDOR_F(SVM) | 0 /* ExtApicSpace */ | F(CR8_LEGACY) | F(ABM) | @@ -994,7 +1010,7 @@ void kvm_set_cpu_caps(void) F(FMA4) | F(TBM) | F(TOPOEXT) | - 0 /* PERFCTR_CORE */ + VENDOR_F(PERFCTR_CORE) ); =20 kvm_cpu_cap_init(CPUID_8000_0001_EDX, @@ -1080,17 +1096,27 @@ void kvm_set_cpu_caps(void) !boot_cpu_has(X86_FEATURE_AMD_SSBD)) kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD); =20 - /* - * Hide all SVM features by default, SVM will set the cap bits for - * features it emulates and/or exposes for L1. - */ - kvm_cpu_cap_init(CPUID_8000_000A_EDX, 0); + /* All SVM features required additional vendor module enabling. */ + kvm_cpu_cap_init(CPUID_8000_000A_EDX, + VENDOR_F(NPT) | + VENDOR_F(VMCBCLEAN) | + VENDOR_F(FLUSHBYASID) | + VENDOR_F(NRIPS) | + VENDOR_F(TSCRATEMSR) | + VENDOR_F(V_VMSAVE_VMLOAD) | + VENDOR_F(LBRV) | + VENDOR_F(PAUSEFILTER) | + VENDOR_F(PFTHRESHOLD) | + VENDOR_F(VGIF) | + VENDOR_F(VNMI) | + VENDOR_F(SVME_ADDR_CHK) + ); =20 kvm_cpu_cap_init(CPUID_8000_001F_EAX, - 0 /* SME */ | - 0 /* SEV */ | + VENDOR_F(SME) | + VENDOR_F(SEV) | 0 /* VM_PAGE_FLUSH */ | - 0 /* SEV_ES */ | + VENDOR_F(SEV_ES) | F(SME_COHERENT) ); =20 @@ -1162,6 +1188,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); #undef SYNTHESIZED_F #undef PASSTHROUGH_F #undef ALIASED_1_EDX_F +#undef VENDOR_F =20 struct kvm_cpuid_array { struct kvm_cpuid_entry2 *entries; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B4AE01D043C for ; Thu, 28 Nov 2024 01:36:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757772; cv=none; b=AySkL3PVHxRvKsILkUbPXfsJ9xpRWrki+Eh6ZKlrU+S0vs41/T+aY5aa45dYXVlzOkUAboo3iMJgPB62g+qXGmnGkphqb4mRuPCcri0PWbtyK2kq+QythRNHk0gHJIsbIITyqW6+3Sj1+6hd8GC9w+tKRRdzz4SAupfUezWRbTg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757772; c=relaxed/simple; bh=irc8Le9t/2+80quqPskqjkEtE694oI45PecCpS74YBg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=O79zdjD3MGJkhyJtEBOKqKbK+t4X9IOjdosdDFtWbQFu1cPGDgucfMH1X2FIoC+/wO8z2olNyUrZcCKdTq355hZz6YAxTUcsgJohOnDVc2xnIuUb6ZdGd5/vStJkmZWvYIPJXkug0LDFlKKbxZj5LGbDpKDj2S0Z9obH5skPNaw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=OIEvQn00; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OIEvQn00" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-212099b3f01so3172925ad.2 for ; Wed, 27 Nov 2024 17:36:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757770; x=1733362570; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=xiLgVENbF37xEr+aKdmhYet7DBz2tD95xIx77Ae2lio=; b=OIEvQn00827iLEQXgcIwh8NmxjnyWphh1J+qc7OFDnloylrYHz0nxSmg/UMCvwqh+g 8PIEmmp4gGiGHKNnbYeClBhxIQxyA4TXedJNJLQDUI3VbKCZG+7QqAenG19ZS4oEzzRw bIaAZCaF8IGCfhPX6QnX9wjLuGtF7lYXabM/qbRT1B6x56aNK038btG1T5N0clSprLRy 7W3JZ/f/sFK/u4XHQl0n/rEb2vG406uls/jN7VwbPzlmPNUynVoFqSpSHjWtj50TUDIh eRtpPDKUnMU8MpZ/QPVhVoeOAD66ykvi3/OnhTcEqezt+nl2L4AvHU4LBaneR6a+SSLq pAoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757770; x=1733362570; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xiLgVENbF37xEr+aKdmhYet7DBz2tD95xIx77Ae2lio=; b=oSXDr95yhDdE4WWD6CfHYJ9vjknV7FQiHKJKE8KsKWrpOmtuaJMWiDn8WlxAjstJCL DjB2lC7kYSkiI19qS4WpdSutaCyPHWhgMRr4VeydbOdVpx7Blxl4Xd7PQzpy3ZGsdn5d uc8CMERpGu/EVFRtVw65Ktv+nozmpYqXcKDcMLc52Sf2fbZf1qH1yGMP0Xm/oSbrCEtW pJnj7ZTi2ft48PWVPzM7l2lC8zqaVp88Vmz3KvQ7trzkUwkuSwf4jV3tsQUVExGZH9Dx 72o/hafmtgQcZWubDwinNsbX4LJTjqW2hAEbvepR/kjteVPLjUNU2CyfXzoveXGwWUKh 9xHQ== X-Forwarded-Encrypted: i=1; AJvYcCWHWcBpsMV53XYpWK8OVqTrWpGI/wsVJf/+3wfkjswwHLJRWsnW2/TCk8VN0XDo1JL9x0HkgV9nVwug1Vs=@vger.kernel.org X-Gm-Message-State: AOJu0Yyz/aiglJDqiVZpFG+YbDIq3l6RtlYyFD+idfeIaNSAD00zxaS6 gERMbPBiFQiL4Uqa6kNPn8xlkCV1qNgRYgSNuQKDLoKJtweWYpITyvOhPBRsfeJHC3fqVC6cVBt mNw== X-Google-Smtp-Source: AGHT+IEoKJQaztiJQlzcINhEIAOdgtyjmMRnP8Lc1kKByNnQDVZuqJkARQENGVuqU8UB1VFBKIBP49R5j7M= X-Received: from plrj13.prod.google.com ([2002:a17:903:28d:b0:212:3bf9:5eb6]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:f705:b0:212:4c71:fef1 with SMTP id d9443c01a7336-21501f77c44mr68213195ad.56.1732757770039; Wed, 27 Nov 2024 17:36:10 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:23 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-57-seanjc@google.com> Subject: [PATCH v3 56/57] KVM: x86: Explicitly track feature flags that are enabled at runtime From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add one last (hopefully) CPUID feature macro, RUNTIME_F(), and use it to track features that KVM supports, but that are only set at runtime (in response to other state), and aren't advertised to userspace via KVM_GET_SUPPORTED_CPUID. Currently, RUNTIME_F() is mostly just documentation, but tracking all KVM-supported features will allow for asserting, at build time, take), that all features that are set, cleared, *or* checked by KVM are known to kvm_set_cpu_caps(). No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 5ac5fe2febf7..e03154b9833f 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -768,6 +768,16 @@ do { \ 0; \ }) =20 +/* + * Runtime Features - For features that KVM dynamically sets/clears at run= time, + * e.g. when CR4 changes, but which are never advertised to userspace. + */ +#define RUNTIME_F(name) \ +({ \ + KVM_VALIDATE_CPU_CAP_USAGE(name); \ + 0; \ +}) + /* * Undefine the MSR bit macro to avoid token concatenation issues when * processing X86_FEATURE_SPEC_CTRL_SSBD. @@ -790,9 +800,11 @@ void kvm_set_cpu_caps(void) VENDOR_F(DTES64) | /* * NOTE: MONITOR (and MWAIT) are emulated as NOP, but *not* - * advertised to guests via CPUID! + * advertised to guests via CPUID! MWAIT is also technically a + * runtime flag thanks to IA32_MISC_ENABLES; mark it as such so + * that KVM is aware that it's a known, unadvertised flag. */ - 0 /* MONITOR */ | + RUNTIME_F(MWAIT) | VENDOR_F(VMX) | 0 /* DS-CPL, SMX, EST */ | 0 /* TM2 */ | @@ -813,7 +825,7 @@ void kvm_set_cpu_caps(void) EMULATED_F(TSC_DEADLINE_TIMER) | F(AES) | F(XSAVE) | - 0 /* OSXSAVE */ | + RUNTIME_F(OSXSAVE) | F(AVX) | F(F16C) | F(RDRAND) | @@ -887,7 +899,7 @@ void kvm_set_cpu_caps(void) F(AVX512VBMI) | PASSTHROUGH_F(LA57) | F(PKU) | - 0 /*OSPKE*/ | + RUNTIME_F(OSPKE) | F(RDPID) | F(AVX512_VPOPCNTDQ) | F(UMIP) | @@ -1189,6 +1201,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cpu_caps); #undef PASSTHROUGH_F #undef ALIASED_1_EDX_F #undef VENDOR_F +#undef RUNTIME_F =20 struct kvm_cpuid_array { struct kvm_cpuid_entry2 *entries; --=20 2.47.0.338.g60cca15819-goog From nobody Sat Feb 7 18:29:09 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 613811D0BA6 for ; Thu, 28 Nov 2024 01:36:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757774; cv=none; b=HSflaTSSY5LnBi737AQ8sAwTAo9gKv+wE2xZSgjYhkJz+AHeaQuq5li1Vl7cL/h598ONqS2uSxSm5IWKCouk0rFupmMRJ9ItJmD3RIZIPfaEDsG/2obOC1C7OWJVccLs6qKmxs96xRqsws5R/ydsVfqDXJEPzSY/7oWJdbycsHA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732757774; c=relaxed/simple; bh=QXiVgofEOC5+d++0Hy4KZ0nFVeGh7HhLS1QnnQ4HPG4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Ui3wrQGwFTSJ9Xz/rgrODS7rEvLnaEqrE3WcjZbjI0W69hU1at/W0k9JcR0BM0al2erlF8vWH8m5gt4TjbEDnOJ6PSvkT1l1Pm5/oWx+e9vTfLn1wW4Z7CwIJEu3D8za3j0YsYm+1uLJRxtB5otCnBAhdILe7kexGzs+yRVD1qc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pIh47QtV; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pIh47QtV" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ea3c9178f6so360905a91.1 for ; Wed, 27 Nov 2024 17:36:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732757772; x=1733362572; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=N92yrd6ibiwhVGbWmDI81B5t5iE79c6CGTpBzLJ/PUk=; b=pIh47QtVAjxvAJgs6gV/0pR6h4+YVoM48qIJhN4cW9JZmYydxa4d78eImWbywenmZJ fSf++T4WMhEKpNtQTqlO4EKFYfJ9ZMIIcSBQMWJM/CZUbp6peLL225S+NTH8130Vq1P0 H3iLpaO274lNWDTa0IZh7zmxSTt6hAYHXBBaozBxjzokNu3kg4cOawbaVLLe+5/6DRZ/ eRS0eBWT2WQW2VLP/PIGN0Ae35FWRAsh/6YDpPSyaE5xSRhf+ckYEm2JdftI9FRFVpv1 FPWVoKG3PgEeKXR2wgVMilgCHC7Hg0GEkacDUXKRzWEoZ4b874QblSceaLvU9lKtOM3Q EZpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732757772; x=1733362572; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=N92yrd6ibiwhVGbWmDI81B5t5iE79c6CGTpBzLJ/PUk=; b=TAhrVwlL/lXnTDUdsFWAH76G/MIwGUMvIlTzms/xgTZ18KyeeAaYrwyzkAw17ZemeQ izfs7Zq3MHlVYNjmOJi07EuxJ5VDH7pXWTApNERYK9qlzlPe79M0sv0rt0fqKtGf4GTB G3waiW0LX3JdccEt4Qk5MR9Dkn9hENSTYHFXGasnqxP49X/dQvKakQbC/ZznxpwQYjSp HiERXGR6qF6jXbvVTxSVpzGLFjamUtt31qF7aN9ysTRQu7iMwqCTIyNOUg6yEntB+PSi 7S5vILYqwK2inLOOdVrRKm88Wf+pa+tNccORgSkvE8hVlNYAY5N3P1/Itf3sGxoK7ESM ra1A== X-Forwarded-Encrypted: i=1; AJvYcCU/8j6Ss0SjTev7PILqkElDHtbhZbcwLKH5DRqy9KFObwCPS4DMg+OCryOfUzQA1CYHtAUQv3nBA7NQa1A=@vger.kernel.org X-Gm-Message-State: AOJu0Yzz5/Qp9jW3i5hUDbotcKTdc+opRZimjipnX3H5x8RwZEwcrbS9 H1GRgyvO74k7W1vi5Pa7bGUWJxq3mA1Q9lsOSqr1QwgFNIHnwhVMObeYkF6Yj5XHrvuvB2SYWLK CLA== X-Google-Smtp-Source: AGHT+IE3Ubt1FJBmHBFQWyCuDufvC5sJ8LXxeLht2Ljbx9QzWGCJryzyyFiqCqmLPS9zT8CasW3yTn2BNow= X-Received: from pjbsb15.prod.google.com ([2002:a17:90b:50cf:b0:2eb:12d7:fedd]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:54c4:b0:2ea:3f34:f18f with SMTP id 98e67ed59e1d1-2ee08ecd358mr6548081a91.19.1732757771755; Wed, 27 Nov 2024 17:36:11 -0800 (PST) Reply-To: Sean Christopherson Date: Wed, 27 Nov 2024 17:34:24 -0800 In-Reply-To: <20241128013424.4096668-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241128013424.4096668-1-seanjc@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241128013424.4096668-58-seanjc@google.com> Subject: [PATCH v3 57/57] KVM: x86: Use only local variables (no bitmask) to init kvm_cpu_caps From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jarkko Sakkinen Cc: kvm@vger.kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky , Hou Wenlong , Xiaoyao Li , Kechen Lu , Oliver Upton , Binbin Wu , Yang Weijiang , Robert Hoo Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Refactor the kvm_cpu_cap_init() macro magic to collect supported features in a local variable instead of passing them to the macro as a "mask". As pointed out by Maxim, relying on macros to "return" a value and set local variables is surprising, as the bitwise-OR logic suggests the macros are pure, i.e. have no side effects. Ideally, the feature initializers would have zero side effects, e.g. would take local variables as params, but there isn't a sane way to do so without either sacrificing the various compile-time assertions (basically a non-starter), or passing at least one variable, e.g. a struct, to each macro usage (adds a lot of noise and boilerplate code). Opportunistically force callers to emit a trailing comma by intentionally omitting a semicolon after invoking the feature initializers. Forcing a trailing comma isotales futures changes to a single line, i.e. doesn't cause churn for unrelated features/lines when adding/removing/modifying a feature. No functional change intended. Suggested-by: Maxim Levitsky Signed-off-by: Sean Christopherson Reviewed-by: Maxim Levitsky --- arch/x86/kvm/cpuid.c | 541 ++++++++++++++++++++++--------------------- 1 file changed, 273 insertions(+), 268 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index e03154b9833f..572dfa7e206e 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -661,7 +661,7 @@ static __always_inline u32 raw_cpuid_get(struct cpuid_r= eg cpuid) * capabilities as well as raw CPUID. For KVM-defined leafs, consult only= raw * CPUID, as KVM is the one and only authority (in the kernel). */ -#define kvm_cpu_cap_init(leaf, mask) \ +#define kvm_cpu_cap_init(leaf, feature_initializers...) \ do { \ const struct cpuid_reg cpuid =3D x86_feature_cpuid(leaf * 32); \ const u32 __maybe_unused kvm_cpu_cap_init_in_progress =3D leaf; \ @@ -669,8 +669,11 @@ do { \ u32 kvm_cpu_cap_passthrough =3D 0; \ u32 kvm_cpu_cap_synthesized =3D 0; \ u32 kvm_cpu_cap_emulated =3D 0; \ + u32 kvm_cpu_cap_features =3D 0; \ \ - kvm_cpu_caps[leaf] =3D (mask); \ + feature_initializers \ + \ + kvm_cpu_caps[leaf] =3D kvm_cpu_cap_features; \ \ if (leaf < NCAPINTS) \ kvm_cpu_caps[leaf] &=3D kernel_cpu_caps[leaf]; \ @@ -696,7 +699,7 @@ do { \ #define F(name) \ ({ \ KVM_VALIDATE_CPU_CAP_USAGE(name); \ - feature_bit(name); \ + kvm_cpu_cap_features |=3D feature_bit(name); \ }) =20 /* Scattered Flag - For features that are scattered by cpufeatures.h. */ @@ -704,14 +707,16 @@ do { \ ({ \ BUILD_BUG_ON(X86_FEATURE_##name >=3D MAX_CPU_FEATURES); \ KVM_VALIDATE_CPU_CAP_USAGE(name); \ - (boot_cpu_has(X86_FEATURE_##name) ? F(name) : 0); \ + if (boot_cpu_has(X86_FEATURE_##name)) \ + F(name); \ }) =20 /* Features that KVM supports only on 64-bit kernels. */ #define X86_64_F(name) \ ({ \ KVM_VALIDATE_CPU_CAP_USAGE(name); \ - (IS_ENABLED(CONFIG_X86_64) ? F(name) : 0); \ + if (IS_ENABLED(CONFIG_X86_64)) \ + F(name); \ }) =20 /* @@ -720,7 +725,7 @@ do { \ */ #define EMULATED_F(name) \ ({ \ - kvm_cpu_cap_emulated |=3D F(name); \ + kvm_cpu_cap_emulated |=3D feature_bit(name); \ F(name); \ }) =20 @@ -731,7 +736,7 @@ do { \ */ #define SYNTHESIZED_F(name) \ ({ \ - kvm_cpu_cap_synthesized |=3D F(name); \ + kvm_cpu_cap_synthesized |=3D feature_bit(name); \ F(name); \ }) =20 @@ -743,7 +748,7 @@ do { \ */ #define PASSTHROUGH_F(name) \ ({ \ - kvm_cpu_cap_passthrough |=3D F(name); \ + kvm_cpu_cap_passthrough |=3D feature_bit(name); \ F(name); \ }) =20 @@ -755,7 +760,7 @@ do { \ ({ \ BUILD_BUG_ON(__feature_leaf(X86_FEATURE_##name) !=3D CPUID_1_EDX); \ BUILD_BUG_ON(kvm_cpu_cap_init_in_progress !=3D CPUID_8000_0001_EDX); \ - feature_bit(name); \ + kvm_cpu_cap_features |=3D feature_bit(name); \ }) =20 /* @@ -765,7 +770,6 @@ do { \ #define VENDOR_F(name) \ ({ \ KVM_VALIDATE_CPU_CAP_USAGE(name); \ - 0; \ }) =20 /* @@ -775,7 +779,6 @@ do { \ #define RUNTIME_F(name) \ ({ \ KVM_VALIDATE_CPU_CAP_USAGE(name); \ - 0; \ }) =20 /* @@ -795,126 +798,128 @@ void kvm_set_cpu_caps(void) sizeof(boot_cpu_data.x86_capability)); =20 kvm_cpu_cap_init(CPUID_1_ECX, - F(XMM3) | - F(PCLMULQDQ) | - VENDOR_F(DTES64) | + F(XMM3), + F(PCLMULQDQ), + VENDOR_F(DTES64), /* * NOTE: MONITOR (and MWAIT) are emulated as NOP, but *not* * advertised to guests via CPUID! MWAIT is also technically a * runtime flag thanks to IA32_MISC_ENABLES; mark it as such so * that KVM is aware that it's a known, unadvertised flag. */ - RUNTIME_F(MWAIT) | - VENDOR_F(VMX) | - 0 /* DS-CPL, SMX, EST */ | - 0 /* TM2 */ | - F(SSSE3) | - 0 /* CNXT-ID */ | - 0 /* Reserved */ | - F(FMA) | - F(CX16) | - 0 /* xTPR Update */ | - F(PDCM) | - F(PCID) | - 0 /* Reserved, DCA */ | - F(XMM4_1) | - F(XMM4_2) | - EMULATED_F(X2APIC) | - F(MOVBE) | - F(POPCNT) | - EMULATED_F(TSC_DEADLINE_TIMER) | - F(AES) | - F(XSAVE) | - RUNTIME_F(OSXSAVE) | - F(AVX) | - F(F16C) | - F(RDRAND) | - EMULATED_F(HYPERVISOR) + RUNTIME_F(MWAIT), + /* DS-CPL */ + VENDOR_F(VMX), + /* SMX, EST */ + /* TM2 */ + F(SSSE3), + /* CNXT-ID */ + /* Reserved */ + F(FMA), + F(CX16), + /* xTPR Update */ + F(PDCM), + F(PCID), + /* Reserved, DCA */ + F(XMM4_1), + F(XMM4_2), + EMULATED_F(X2APIC), + F(MOVBE), + F(POPCNT), + EMULATED_F(TSC_DEADLINE_TIMER), + F(AES), + F(XSAVE), + RUNTIME_F(OSXSAVE), + F(AVX), + F(F16C), + F(RDRAND), + EMULATED_F(HYPERVISOR), ); =20 kvm_cpu_cap_init(CPUID_1_EDX, - F(FPU) | - F(VME) | - F(DE) | - F(PSE) | - F(TSC) | - F(MSR) | - F(PAE) | - F(MCE) | - F(CX8) | - F(APIC) | - 0 /* Reserved */ | - F(SEP) | - F(MTRR) | - F(PGE) | - F(MCA) | - F(CMOV) | - F(PAT) | - F(PSE36) | - 0 /* PSN */ | - F(CLFLUSH) | - 0 /* Reserved */ | - VENDOR_F(DS) | - 0 /* ACPI */ | - F(MMX) | - F(FXSR) | - F(XMM) | - F(XMM2) | - F(SELFSNOOP) | - 0 /* HTT, TM, Reserved, PBE */ + F(FPU), + F(VME), + F(DE), + F(PSE), + F(TSC), + F(MSR), + F(PAE), + F(MCE), + F(CX8), + F(APIC), + /* Reserved */ + F(SEP), + F(MTRR), + F(PGE), + F(MCA), + F(CMOV), + F(PAT), + F(PSE36), + /* PSN */ + F(CLFLUSH), + /* Reserved */ + VENDOR_F(DS), + /* ACPI */ + F(MMX), + F(FXSR), + F(XMM), + F(XMM2), + F(SELFSNOOP), + /* HTT, TM, Reserved, PBE */ ); =20 kvm_cpu_cap_init(CPUID_7_0_EBX, - F(FSGSBASE) | - EMULATED_F(TSC_ADJUST) | - F(SGX) | - F(BMI1) | - F(HLE) | - F(AVX2) | - F(FDP_EXCPTN_ONLY) | - F(SMEP) | - F(BMI2) | - F(ERMS) | - F(INVPCID) | - F(RTM) | - F(ZERO_FCS_FDS) | - VENDOR_F(MPX) | - F(AVX512F) | - F(AVX512DQ) | - F(RDSEED) | - F(ADX) | - F(SMAP) | - F(AVX512IFMA) | - F(CLFLUSHOPT) | - F(CLWB) | - VENDOR_F(INTEL_PT) | - F(AVX512PF) | - F(AVX512ER) | - F(AVX512CD) | - F(SHA_NI) | - F(AVX512BW) | - F(AVX512VL)); + F(FSGSBASE), + EMULATED_F(TSC_ADJUST), + F(SGX), + F(BMI1), + F(HLE), + F(AVX2), + F(FDP_EXCPTN_ONLY), + F(SMEP), + F(BMI2), + F(ERMS), + F(INVPCID), + F(RTM), + F(ZERO_FCS_FDS), + VENDOR_F(MPX), + F(AVX512F), + F(AVX512DQ), + F(RDSEED), + F(ADX), + F(SMAP), + F(AVX512IFMA), + F(CLFLUSHOPT), + F(CLWB), + VENDOR_F(INTEL_PT), + F(AVX512PF), + F(AVX512ER), + F(AVX512CD), + F(SHA_NI), + F(AVX512BW), + F(AVX512VL), + ); =20 kvm_cpu_cap_init(CPUID_7_ECX, - F(AVX512VBMI) | - PASSTHROUGH_F(LA57) | - F(PKU) | - RUNTIME_F(OSPKE) | - F(RDPID) | - F(AVX512_VPOPCNTDQ) | - F(UMIP) | - F(AVX512_VBMI2) | - F(GFNI) | - F(VAES) | - F(VPCLMULQDQ) | - F(AVX512_VNNI) | - F(AVX512_BITALG) | - F(CLDEMOTE) | - F(MOVDIRI) | - F(MOVDIR64B) | - VENDOR_F(WAITPKG) | - F(SGX_LC) | - F(BUS_LOCK_DETECT) + F(AVX512VBMI), + PASSTHROUGH_F(LA57), + F(PKU), + RUNTIME_F(OSPKE), + F(RDPID), + F(AVX512_VPOPCNTDQ), + F(UMIP), + F(AVX512_VBMI2), + F(GFNI), + F(VAES), + F(VPCLMULQDQ), + F(AVX512_VNNI), + F(AVX512_BITALG), + F(CLDEMOTE), + F(MOVDIRI), + F(MOVDIR64B), + VENDOR_F(WAITPKG), + F(SGX_LC), + F(BUS_LOCK_DETECT), ); =20 /* @@ -925,22 +930,22 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_clear(X86_FEATURE_PKU); =20 kvm_cpu_cap_init(CPUID_7_EDX, - F(AVX512_4VNNIW) | - F(AVX512_4FMAPS) | - F(SPEC_CTRL) | - F(SPEC_CTRL_SSBD) | - EMULATED_F(ARCH_CAPABILITIES) | - F(INTEL_STIBP) | - F(MD_CLEAR) | - F(AVX512_VP2INTERSECT) | - F(FSRM) | - F(SERIALIZE) | - F(TSXLDTRK) | - F(AVX512_FP16) | - F(AMX_TILE) | - F(AMX_INT8) | - F(AMX_BF16) | - F(FLUSH_L1D) + F(AVX512_4VNNIW), + F(AVX512_4FMAPS), + F(SPEC_CTRL), + F(SPEC_CTRL_SSBD), + EMULATED_F(ARCH_CAPABILITIES), + F(INTEL_STIBP), + F(MD_CLEAR), + F(AVX512_VP2INTERSECT), + F(FSRM), + F(SERIALIZE), + F(TSXLDTRK), + F(AVX512_FP16), + F(AMX_TILE), + F(AMX_INT8), + F(AMX_BF16), + F(FLUSH_L1D), ); =20 if (boot_cpu_has(X86_FEATURE_AMD_IBPB_RET) && @@ -953,132 +958,132 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); =20 kvm_cpu_cap_init(CPUID_7_1_EAX, - F(SHA512) | - F(SM3) | - F(SM4) | - F(AVX_VNNI) | - F(AVX512_BF16) | - F(CMPCCXADD) | - F(FZRM) | - F(FSRS) | - F(FSRC) | - F(AMX_FP16) | - F(AVX_IFMA) | - F(LAM) + F(SHA512), + F(SM3), + F(SM4), + F(AVX_VNNI), + F(AVX512_BF16), + F(CMPCCXADD), + F(FZRM), + F(FSRS), + F(FSRC), + F(AMX_FP16), + F(AVX_IFMA), + F(LAM), ); =20 kvm_cpu_cap_init(CPUID_7_1_EDX, - F(AVX_VNNI_INT8) | - F(AVX_NE_CONVERT) | - F(AMX_COMPLEX) | - F(AVX_VNNI_INT16) | - F(PREFETCHITI) | - F(AVX10) + F(AVX_VNNI_INT8), + F(AVX_NE_CONVERT), + F(AMX_COMPLEX), + F(AVX_VNNI_INT16), + F(PREFETCHITI), + F(AVX10), ); =20 kvm_cpu_cap_init(CPUID_7_2_EDX, - F(INTEL_PSFD) | - F(IPRED_CTRL) | - F(RRSBA_CTRL) | - F(DDPD_U) | - F(BHI_CTRL) | - F(MCDT_NO) + F(INTEL_PSFD), + F(IPRED_CTRL), + F(RRSBA_CTRL), + F(DDPD_U), + F(BHI_CTRL), + F(MCDT_NO), ); =20 kvm_cpu_cap_init(CPUID_D_1_EAX, - F(XSAVEOPT) | - F(XSAVEC) | - F(XGETBV1) | - F(XSAVES) | - X86_64_F(XFD) + F(XSAVEOPT), + F(XSAVEC), + F(XGETBV1), + F(XSAVES), + X86_64_F(XFD), ); =20 kvm_cpu_cap_init(CPUID_12_EAX, - SCATTERED_F(SGX1) | - SCATTERED_F(SGX2) | - SCATTERED_F(SGX_EDECCSSA) + SCATTERED_F(SGX1), + SCATTERED_F(SGX2), + SCATTERED_F(SGX_EDECCSSA), ); =20 kvm_cpu_cap_init(CPUID_24_0_EBX, - F(AVX10_128) | - F(AVX10_256) | - F(AVX10_512) + F(AVX10_128), + F(AVX10_256), + F(AVX10_512), ); =20 kvm_cpu_cap_init(CPUID_8000_0001_ECX, - F(LAHF_LM) | - F(CMP_LEGACY) | - VENDOR_F(SVM) | - 0 /* ExtApicSpace */ | - F(CR8_LEGACY) | - F(ABM) | - F(SSE4A) | - F(MISALIGNSSE) | - F(3DNOWPREFETCH) | - F(OSVW) | - 0 /* IBS */ | - F(XOP) | - 0 /* SKINIT, WDT, LWP */ | - F(FMA4) | - F(TBM) | - F(TOPOEXT) | - VENDOR_F(PERFCTR_CORE) + F(LAHF_LM), + F(CMP_LEGACY), + VENDOR_F(SVM), + /* ExtApicSpace */ + F(CR8_LEGACY), + F(ABM), + F(SSE4A), + F(MISALIGNSSE), + F(3DNOWPREFETCH), + F(OSVW), + /* IBS */ + F(XOP), + /* SKINIT, WDT, LWP */ + F(FMA4), + F(TBM), + F(TOPOEXT), + VENDOR_F(PERFCTR_CORE), ); =20 kvm_cpu_cap_init(CPUID_8000_0001_EDX, - ALIASED_1_EDX_F(FPU) | - ALIASED_1_EDX_F(VME) | - ALIASED_1_EDX_F(DE) | - ALIASED_1_EDX_F(PSE) | - ALIASED_1_EDX_F(TSC) | - ALIASED_1_EDX_F(MSR) | - ALIASED_1_EDX_F(PAE) | - ALIASED_1_EDX_F(MCE) | - ALIASED_1_EDX_F(CX8) | - ALIASED_1_EDX_F(APIC) | - 0 /* Reserved */ | - F(SYSCALL) | - ALIASED_1_EDX_F(MTRR) | - ALIASED_1_EDX_F(PGE) | - ALIASED_1_EDX_F(MCA) | - ALIASED_1_EDX_F(CMOV) | - ALIASED_1_EDX_F(PAT) | - ALIASED_1_EDX_F(PSE36) | - 0 /* Reserved */ | - F(NX) | - 0 /* Reserved */ | - F(MMXEXT) | - ALIASED_1_EDX_F(MMX) | - ALIASED_1_EDX_F(FXSR) | - F(FXSR_OPT) | - X86_64_F(GBPAGES) | - F(RDTSCP) | - 0 /* Reserved */ | - X86_64_F(LM) | - F(3DNOWEXT) | - F(3DNOW) + ALIASED_1_EDX_F(FPU), + ALIASED_1_EDX_F(VME), + ALIASED_1_EDX_F(DE), + ALIASED_1_EDX_F(PSE), + ALIASED_1_EDX_F(TSC), + ALIASED_1_EDX_F(MSR), + ALIASED_1_EDX_F(PAE), + ALIASED_1_EDX_F(MCE), + ALIASED_1_EDX_F(CX8), + ALIASED_1_EDX_F(APIC), + /* Reserved */ + F(SYSCALL), + ALIASED_1_EDX_F(MTRR), + ALIASED_1_EDX_F(PGE), + ALIASED_1_EDX_F(MCA), + ALIASED_1_EDX_F(CMOV), + ALIASED_1_EDX_F(PAT), + ALIASED_1_EDX_F(PSE36), + /* Reserved */ + F(NX), + /* Reserved */ + F(MMXEXT), + ALIASED_1_EDX_F(MMX), + ALIASED_1_EDX_F(FXSR), + F(FXSR_OPT), + X86_64_F(GBPAGES), + F(RDTSCP), + /* Reserved */ + X86_64_F(LM), + F(3DNOWEXT), + F(3DNOW), ); =20 if (!tdp_enabled && IS_ENABLED(CONFIG_X86_64)) kvm_cpu_cap_set(X86_FEATURE_GBPAGES); =20 kvm_cpu_cap_init(CPUID_8000_0007_EDX, - SCATTERED_F(CONSTANT_TSC) + SCATTERED_F(CONSTANT_TSC), ); =20 kvm_cpu_cap_init(CPUID_8000_0008_EBX, - F(CLZERO) | - F(XSAVEERPTR) | - F(WBNOINVD) | - F(AMD_IBPB) | - F(AMD_IBRS) | - F(AMD_SSBD) | - F(VIRT_SSBD) | - F(AMD_SSB_NO) | - F(AMD_STIBP) | - F(AMD_STIBP_ALWAYS_ON) | - F(AMD_PSFD) | - F(AMD_IBPB_RET) + F(CLZERO), + F(XSAVEERPTR), + F(WBNOINVD), + F(AMD_IBPB), + F(AMD_IBRS), + F(AMD_SSBD), + F(VIRT_SSBD), + F(AMD_SSB_NO), + F(AMD_STIBP), + F(AMD_STIBP_ALWAYS_ON), + F(AMD_PSFD), + F(AMD_IBPB_RET), ); =20 /* @@ -1110,30 +1115,30 @@ void kvm_set_cpu_caps(void) =20 /* All SVM features required additional vendor module enabling. */ kvm_cpu_cap_init(CPUID_8000_000A_EDX, - VENDOR_F(NPT) | - VENDOR_F(VMCBCLEAN) | - VENDOR_F(FLUSHBYASID) | - VENDOR_F(NRIPS) | - VENDOR_F(TSCRATEMSR) | - VENDOR_F(V_VMSAVE_VMLOAD) | - VENDOR_F(LBRV) | - VENDOR_F(PAUSEFILTER) | - VENDOR_F(PFTHRESHOLD) | - VENDOR_F(VGIF) | - VENDOR_F(VNMI) | - VENDOR_F(SVME_ADDR_CHK) + VENDOR_F(NPT), + VENDOR_F(VMCBCLEAN), + VENDOR_F(FLUSHBYASID), + VENDOR_F(NRIPS), + VENDOR_F(TSCRATEMSR), + VENDOR_F(V_VMSAVE_VMLOAD), + VENDOR_F(LBRV), + VENDOR_F(PAUSEFILTER), + VENDOR_F(PFTHRESHOLD), + VENDOR_F(VGIF), + VENDOR_F(VNMI), + VENDOR_F(SVME_ADDR_CHK), ); =20 kvm_cpu_cap_init(CPUID_8000_001F_EAX, - VENDOR_F(SME) | - VENDOR_F(SEV) | - 0 /* VM_PAGE_FLUSH */ | - VENDOR_F(SEV_ES) | - F(SME_COHERENT) + VENDOR_F(SME), + VENDOR_F(SEV), + /* VM_PAGE_FLUSH */ + VENDOR_F(SEV_ES), + F(SME_COHERENT), ); =20 kvm_cpu_cap_init(CPUID_8000_0021_EAX, - F(NO_NESTED_DATA_BP) | + F(NO_NESTED_DATA_BP), /* * Synthesize "LFENCE is serializing" into the AMD-defined entry * in KVM's supported CPUID, i.e. if the feature is reported as @@ -1144,36 +1149,36 @@ void kvm_set_cpu_caps(void) * CPUID will drop the flags, and reporting support in AMD's * leaf can make it easier for userspace to detect the feature. */ - SYNTHESIZED_F(LFENCE_RDTSC) | - 0 /* SmmPgCfgLock */ | - F(NULL_SEL_CLR_BASE) | - F(AUTOIBRS) | - EMULATED_F(NO_SMM_CTL_MSR) | - 0 /* PrefetchCtlMsr */ | - F(WRMSR_XX_BASE_NS) | - SYNTHESIZED_F(SBPB) | - SYNTHESIZED_F(IBPB_BRTYPE) | - SYNTHESIZED_F(SRSO_NO) + SYNTHESIZED_F(LFENCE_RDTSC), + /* SmmPgCfgLock */ + F(NULL_SEL_CLR_BASE), + F(AUTOIBRS), + EMULATED_F(NO_SMM_CTL_MSR), + /* PrefetchCtlMsr */ + F(WRMSR_XX_BASE_NS), + SYNTHESIZED_F(SBPB), + SYNTHESIZED_F(IBPB_BRTYPE), + SYNTHESIZED_F(SRSO_NO), ); =20 kvm_cpu_cap_init(CPUID_8000_0022_EAX, - F(PERFMON_V2) + F(PERFMON_V2), ); =20 if (!static_cpu_has_bug(X86_BUG_NULL_SEG)) kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE); =20 kvm_cpu_cap_init(CPUID_C000_0001_EDX, - F(XSTORE) | - F(XSTORE_EN) | - F(XCRYPT) | - F(XCRYPT_EN) | - F(ACE2) | - F(ACE2_EN) | - F(PHE) | - F(PHE_EN) | - F(PMM) | - F(PMM_EN) + F(XSTORE), + F(XSTORE_EN), + F(XCRYPT), + F(XCRYPT_EN), + F(ACE2), + F(ACE2_EN), + F(PHE), + F(PHE_EN), + F(PMM), + F(PMM_EN), ); =20 /* --=20 2.47.0.338.g60cca15819-goog