From nobody Sun Oct 5 09:07:14 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 522DB2BE64A for ; Wed, 6 Aug 2025 19:58:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754510307; cv=none; b=GWUZUj4cjFxLiVx463YZ7deRptIZkujAzOyiuomnBaVqCnCTW4VJkgFc78uii8kq9Bng7So5T6KVM5EVvjbkaatV4ZMoX0XTHUvFSB1R792yIMMsve3vsFDo9hzu8EV29FluiUWbt6MEZGSDf/5ENFVT+8E3W9c2t/cqKXyUe/U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754510307; c=relaxed/simple; bh=meRueoJoecSOLM6U35RVopVJ4WkffubPgWqswgDoiXc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=lj82jX7WLnHTKgmGkErP8pxQCEjWELOPGnWPmKT0h+s6MKer2BlhLZ09VRFJQnBX5fS7JRqwpuYUSQvICw8MUMdHlD0JsrOpTGEbGfnNoJNoFXe8FFQwElLWo1DjplkPveqwbRvUS/c3xRLpbUS6M7nJhOaGGDRN1lSF0ytXa/s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=blGjs/vG; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="blGjs/vG" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-31f32271a1fso373195a91.0 for ; Wed, 06 Aug 2025 12:58:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1754510299; x=1755115099; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=YQRjFPIG4PmR+HjiezlmfcX2mvV34MtTdW3Bam7UEwE=; b=blGjs/vGrtFyGaNGCgcw6j3Om8nu7dp87YUljZdXgYGnDrrfsrjeGhlME6O9d1xhsR cuZLYbrGK/Gsmw+nk5NmyMx2TQ9K5ahCg/FbsJMVsUk1HGQX0AHU0nIeP9Cqwd1Y1wuP 7LHpsGJHO0VV8iXkOeIPN/LuuPtPh9U9SRA57DlGi+rquymwFx3fxqVnQkQ1sReSJx35 QAJAaOViJsSXfmzD9gIJHUEyb8l65yd69XsK3zZz/dTUXLxGfH2sIGZwgLB0u+CUoZ0e OCsGwpJFpbxN/1CYI07Kl1zmgocHtHBefEBM61GTq/P0AnhUVPRqCkamBXR7LC5yCq6A 0etQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754510299; x=1755115099; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YQRjFPIG4PmR+HjiezlmfcX2mvV34MtTdW3Bam7UEwE=; b=VOPYQciPwC8dJDr3DNn9JcYyNBDps5y1a+ejj4/qqMLdH1scXC61B5ruhuTfP3T/i4 kkwq1EI2+OHYLCurA32SbOcy8Eky00xnyD6gHuO7BducPOu0VJFRAb4crf2g4+6kVqaD lnVBxaKKTwcC0m04cVlBspRcrGAgwtx7wtxp5AzxpTt8ioZobSTiDJqTR+nftCeXvCK+ IQ3wNietzQqQGhvuz11hOUgDOo/jAbmhgmPKg6Vg45//kKg6xEOqAA2RriREMGqaTXj3 LEYmtXHgW0cEmQppvB6s+fZMk/YDsfvfKylO/EqOskaTannFMX53UwJlqlSPWqo+A5uN W3Gg== X-Forwarded-Encrypted: i=1; AJvYcCXkujuEAC0Ysvhd7CaW4NUUpA06FU7pjJPX4ilgYtIYeOHMVFtPWK51zroR2hyZCFwoqWqzmkAxKVcJL70=@vger.kernel.org X-Gm-Message-State: AOJu0Yxpx1zajEjD78pMbtlBQzOv+TEWYPeqX7YMTSfgMNVO5eh0s7bQ 53L+NlgEbBqH8OMoHWElDfjj9Wyso1+kDmPgUvI1LN4+grzYqnyESmoVxQQAamRtCOAyoe931Mp 2lKBUZQ== X-Google-Smtp-Source: AGHT+IEEL8MMMXuPjd0UTQ7B+xCdzayxBbFfQWod4bTn8hh+ljNhk+I3PdaJAFaKAxfSi5B+qkz2qkDbG+c= X-Received: from pjbqb13.prod.google.com ([2002:a17:90b:280d:b0:31f:61fc:b283]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:390f:b0:314:2cd2:595d with SMTP id 98e67ed59e1d1-321755de480mr997552a91.8.1754510298596; Wed, 06 Aug 2025 12:58:18 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 6 Aug 2025 12:56:49 -0700 In-Reply-To: <20250806195706.1650976-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250806195706.1650976-1-seanjc@google.com> X-Mailer: git-send-email 2.50.1.565.gc32cd1483b-goog Message-ID: <20250806195706.1650976-28-seanjc@google.com> Subject: [PATCH v5 27/44] KVM: x86/pmu: Disable RDPMC interception for compatible mediated vPMU From: Sean Christopherson To: Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Xin Li , "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim , Sean Christopherson , Paolo Bonzini Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, loongarch@lists.linux.dev, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Kan Liang , Yongwei Ma , Mingwei Zhang , Xiong Zhang , Sandipan Das , Dapeng Mi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Dapeng Mi Disable RDPMC interception for vCPUs with a mediated vPMU that is compatible with the host PMU, i.e. that doesn't require KVM emulation of RDPMC to honor the guest's vCPU model. With a mediated vPMU, all guest state accessible via RDPMC is loaded into hardware while the guest is running. Adust RDPMC interception only for non-TDX guests, as the TDX module is responsible for managing RDPMC intercepts based on the TD configuration. Co-developed-by: Mingwei Zhang Signed-off-by: Mingwei Zhang Co-developed-by: Sandipan Das Signed-off-by: Sandipan Das Signed-off-by: Dapeng Mi Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- arch/x86/kvm/pmu.c | 26 ++++++++++++++++++++++++++ arch/x86/kvm/pmu.h | 1 + arch/x86/kvm/svm/svm.c | 5 +++++ arch/x86/kvm/vmx/vmx.c | 7 +++++++ arch/x86/kvm/x86.c | 1 + 5 files changed, 40 insertions(+) diff --git a/arch/x86/kvm/pmu.c b/arch/x86/kvm/pmu.c index 680523e9d11e..674f42d083a9 100644 --- a/arch/x86/kvm/pmu.c +++ b/arch/x86/kvm/pmu.c @@ -712,6 +712,32 @@ int kvm_pmu_rdpmc(struct kvm_vcpu *vcpu, unsigned idx,= u64 *data) return 0; } =20 +bool kvm_need_rdpmc_intercept(struct kvm_vcpu *vcpu) +{ + struct kvm_pmu *pmu =3D vcpu_to_pmu(vcpu); + + if (!kvm_vcpu_has_mediated_pmu(vcpu)) + return true; + + /* + * VMware allows access to these Pseduo-PMCs even when read via RDPMC + * in Ring3 when CR4.PCE=3D0. + */ + if (enable_vmware_backdoor) + return true; + + /* + * Note! Check *host* PMU capabilities, not KVM's PMU capabilities, as + * KVM's capabilities are constrained based on KVM support, i.e. KVM's + * capabilities themselves may be a subset of hardware capabilities. + */ + return pmu->nr_arch_gp_counters !=3D kvm_host_pmu.num_counters_gp || + pmu->nr_arch_fixed_counters !=3D kvm_host_pmu.num_counters_fixed || + pmu->counter_bitmask[KVM_PMC_GP] !=3D (BIT_ULL(kvm_host_pmu.bit_wi= dth_gp) - 1) || + pmu->counter_bitmask[KVM_PMC_FIXED] !=3D (BIT_ULL(kvm_host_pmu.bit= _width_fixed) - 1); +} +EXPORT_SYMBOL_GPL(kvm_need_rdpmc_intercept); + void kvm_pmu_deliver_pmi(struct kvm_vcpu *vcpu) { if (lapic_in_kernel(vcpu)) { diff --git a/arch/x86/kvm/pmu.h b/arch/x86/kvm/pmu.h index e038bce76b9e..6b95e81c078c 100644 --- a/arch/x86/kvm/pmu.h +++ b/arch/x86/kvm/pmu.h @@ -238,6 +238,7 @@ void kvm_pmu_instruction_retired(struct kvm_vcpu *vcpu); void kvm_pmu_branch_retired(struct kvm_vcpu *vcpu); =20 bool is_vmware_backdoor_pmc(u32 pmc_idx); +bool kvm_need_rdpmc_intercept(struct kvm_vcpu *vcpu); =20 extern struct kvm_pmu_ops intel_pmu_ops; extern struct kvm_pmu_ops amd_pmu_ops; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index ef7dffc54dca..2d42962b47aa 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1075,6 +1075,11 @@ static void svm_recalc_instruction_intercepts(struct= kvm_vcpu *vcpu) svm->vmcb->control.virt_ext |=3D VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; } } + + if (kvm_need_rdpmc_intercept(vcpu)) + svm_set_intercept(svm, INTERCEPT_RDPMC); + else + svm_clr_intercept(svm, INTERCEPT_RDPMC); } =20 static void svm_recalc_intercepts(struct kvm_vcpu *vcpu) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index baea4a9cf74f..2f7db32710e3 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4121,8 +4121,15 @@ static void vmx_recalc_msr_intercepts(struct kvm_vcp= u *vcpu) */ } =20 +static void vmx_recalc_instruction_intercepts(struct kvm_vcpu *vcpu) +{ + exec_controls_changebit(to_vmx(vcpu), CPU_BASED_RDPMC_EXITING, + kvm_need_rdpmc_intercept(vcpu)); +} + void vmx_recalc_intercepts(struct kvm_vcpu *vcpu) { + vmx_recalc_instruction_intercepts(vcpu); vmx_recalc_msr_intercepts(vcpu); } =20 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 69f5d9deb75f..b8014435c988 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3793,6 +3793,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) =20 vcpu->arch.perf_capabilities =3D data; kvm_pmu_refresh(vcpu); + kvm_make_request(KVM_REQ_RECALC_INTERCEPTS, vcpu); break; case MSR_IA32_PRED_CMD: { u64 reserved_bits =3D ~(PRED_CMD_IBPB | PRED_CMD_SBPB); --=20 2.50.1.565.gc32cd1483b-goog