From nobody Thu Oct 2 07:48:25 2025 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF4282FE075 for ; Fri, 19 Sep 2025 22:33:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758321240; cv=none; b=jmdxqAYiFyC8jb2DQXiKAHL/73UvqTGASIg4oaHES9qgCzKgoXikLEl+R7or143OUupC0BppZeJRUZNJiO1nQMzfYOGtK6h4t6xZQvHJXyTtVnGyFth20txg1m481MBdi5sGCFuoNcf1wCjwVIUVMuftHKKL1aNQ4WGsR1toi54= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758321240; c=relaxed/simple; bh=WR4i1/hdD/UAQYUG4b+D0r37b5OVC230JQ21pAZcWyk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VmTP64DbPQh2Xa3lSxaa/LKnonRBVbJEkbRisy76C0XzkHeirIi8By2ec9CDCC0hTodAEKrK/M3is0zlRKKCgVzmxuZcrrNinLE1+/oFctDojJ/17gE4LVPymNDlp+tKXN3Zs3+M+kPFs9QQWOxbpg3P6sJgdNHokAmYmvInXNY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jUqeZECN; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jUqeZECN" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-77ecac44d33so891395b3a.1 for ; Fri, 19 Sep 2025 15:33:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1758321238; x=1758926038; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=mCZj1AprmeC+Fo0fgebUJJjVh7kTElMFVQRkgXXYJBc=; b=jUqeZECN7+FGCKK57puJdziSWrcYnyaQEIdI3PT6LnHzROaGDQOwdimwoxHrvk8vdp mLtOFWF2pDtYk1bq365bEwLMo9EBFsHQo9ZEKXAbFm6bbO0Lw6v0dA/Fe+V6yNgC/amq 2bUPcOR+NkOxZs/xs8zAJGlNEr7G76zd/Kaa9LQL7HFHURKdqg8TqWZntxjplcQouU0/ qnyCrlxdrxw5PZVUOxhDTfwGkmRJpo1h99Chh7VpxUxMa1xiplORRL+zKCr7h+RfLP9J Lll2MDjnFJLUggOGIuazEcIAZfDxMfXE6W3Z1nEVIe08+MKwLJDZytmM5favt/u984JH YYDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758321238; x=1758926038; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mCZj1AprmeC+Fo0fgebUJJjVh7kTElMFVQRkgXXYJBc=; b=JwVP9AmLi7mxHkIpNQk8KRIPj3SMgocoul1yH+gTUhM16zLhG+BPYnHgqeSRa2mzo/ pJIJ/6whJBLJLRjiwGJ7ljwl8oa/CNiPYxeyIVeJj0wAASZ2s121r3VX1X/RQAs6m444 TGhV8o2VplNA2aUQ96HXFDCjTem0EYpvWwDyk9aZ0USEibm9lnokmvnZYUmkA0QSpjpJ XCAxmmGq0teOvuzPsSHFawrS9xUGj8Kd5/BbB8NLAdLwSxArR2ZMKHx0EIAZGW0F2OXM CtVqdqNAf9pTor/A13YKLh9kyerSBZ5qbzmiboVf/JW8/0D+obrDCzFtfO2gGZokKU+o Ev6g== X-Forwarded-Encrypted: i=1; AJvYcCVg8BsaIJG1t7Ytv+BrqavimaJ91c7JdUk8pBW5hfO7Wi7vEozsUn6BtONyty/tpi5B4CMm3BsAk5KEafk=@vger.kernel.org X-Gm-Message-State: AOJu0YzTd2G4dGRmkLhpxr0qNqiBDTSXCvNpHdlAVWu0zoLQxAQz63pl dHoPG0gmSy+mAWDk+q14yiYH4kJ2ufzkOAoa6//z92xrlDRLCgKEuVOArzWleKsPHQ507N4Alak /E090AQ== X-Google-Smtp-Source: AGHT+IE08Knot0aER/MkKkj+clVf2474u3XY/LuEAkLxWcUdGc2j5TSeDcijAGM3iVwTU0f6XUf1HFNdKhE= X-Received: from pjuw14.prod.google.com ([2002:a17:90a:d60e:b0:32e:ddac:6ea5]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:939f:b0:262:9461:2e59 with SMTP id adf61e73a8af0-2926dcb867emr7398660637.39.1758321238233; Fri, 19 Sep 2025 15:33:58 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Sep 2025 15:32:37 -0700 In-Reply-To: <20250919223258.1604852-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250919223258.1604852-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.470.ga7dc726c21-goog Message-ID: <20250919223258.1604852-31-seanjc@google.com> Subject: [PATCH v16 30/51] KVM: nVMX: Virtualize NO_HW_ERROR_CODE_CC for L1 event injection to L2 From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Tom Lendacky , Mathias Krause , John Allen , Rick Edgecombe , Chao Gao , Binbin Wu , Xiaoyao Li , Maxim Levitsky , Zhang Yi Z , Xin Li Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Yang Weijiang Per SDM description(Vol.3D, Appendix A.1): "If bit 56 is read as 1, software can use VM entry to deliver a hardware exception with or without an error code, regardless of vector" Modify has_error_code check before inject events to nested guest. Only enforce the check when guest is in real mode, the exception is not hard exception and the platform doesn't enumerate bit56 in VMX_BASIC, in all other case ignore the check to make the logic consistent with SDM. Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky Reviewed-by: Chao Gao Tested-by: Mathias Krause Tested-by: John Allen Tested-by: Rick Edgecombe Signed-off-by: Chao Gao Signed-off-by: Sean Christopherson Reviewed-by: Binbin Wu --- arch/x86/kvm/vmx/nested.c | 27 ++++++++++++++++++--------- arch/x86/kvm/vmx/nested.h | 5 +++++ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 846c07380eac..b644f4599f70 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1272,9 +1272,10 @@ static int vmx_restore_vmx_basic(struct vcpu_vmx *vm= x, u64 data) { const u64 feature_bits =3D VMX_BASIC_DUAL_MONITOR_TREATMENT | VMX_BASIC_INOUT | - VMX_BASIC_TRUE_CTLS; + VMX_BASIC_TRUE_CTLS | + VMX_BASIC_NO_HW_ERROR_CODE_CC; =20 - const u64 reserved_bits =3D GENMASK_ULL(63, 56) | + const u64 reserved_bits =3D GENMASK_ULL(63, 57) | GENMASK_ULL(47, 45) | BIT_ULL(31); =20 @@ -2949,7 +2950,6 @@ static int nested_check_vm_entry_controls(struct kvm_= vcpu *vcpu, u8 vector =3D intr_info & INTR_INFO_VECTOR_MASK; u32 intr_type =3D intr_info & INTR_INFO_INTR_TYPE_MASK; bool has_error_code =3D intr_info & INTR_INFO_DELIVER_CODE_MASK; - bool should_have_error_code; bool urg =3D nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST); bool prot_mode =3D !urg || vmcs12->guest_cr0 & X86_CR0_PE; @@ -2966,12 +2966,19 @@ static int nested_check_vm_entry_controls(struct kv= m_vcpu *vcpu, CC(intr_type =3D=3D INTR_TYPE_OTHER_EVENT && vector !=3D 0)) return -EINVAL; =20 - /* VM-entry interruption-info field: deliver error code */ - should_have_error_code =3D - intr_type =3D=3D INTR_TYPE_HARD_EXCEPTION && prot_mode && - x86_exception_has_error_code(vector); - if (CC(has_error_code !=3D should_have_error_code)) - return -EINVAL; + /* + * Cannot deliver error code in real mode or if the interrupt + * type is not hardware exception. For other cases, do the + * consistency check only if the vCPU doesn't enumerate + * VMX_BASIC_NO_HW_ERROR_CODE_CC. + */ + if (!prot_mode || intr_type !=3D INTR_TYPE_HARD_EXCEPTION) { + if (CC(has_error_code)) + return -EINVAL; + } else if (!nested_cpu_has_no_hw_errcode_cc(vcpu)) { + if (CC(has_error_code !=3D x86_exception_has_error_code(vector))) + return -EINVAL; + } =20 /* VM-entry exception error code */ if (CC(has_error_code && @@ -7217,6 +7224,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_= msrs *msrs) msrs->basic |=3D VMX_BASIC_TRUE_CTLS; if (cpu_has_vmx_basic_inout()) msrs->basic |=3D VMX_BASIC_INOUT; + if (cpu_has_vmx_basic_no_hw_errcode_cc()) + msrs->basic |=3D VMX_BASIC_NO_HW_ERROR_CODE_CC; } =20 static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index 6eedcfc91070..983484d42ebf 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -309,6 +309,11 @@ static inline bool nested_cr4_valid(struct kvm_vcpu *v= cpu, unsigned long val) __kvm_is_valid_cr4(vcpu, val); } =20 +static inline bool nested_cpu_has_no_hw_errcode_cc(struct kvm_vcpu *vcpu) +{ + return to_vmx(vcpu)->nested.msrs.basic & VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + /* No difference in the restrictions on guest and host CR4 in VMX operatio= n. */ #define nested_guest_cr4_valid nested_cr4_valid #define nested_host_cr4_valid nested_cr4_valid --=20 2.51.0.470.ga7dc726c21-goog