* [PATCH] KVM: VMX: drop I/O permission bitmaps
@ 2017-12-08 10:22 Quan Xu
2017-12-08 16:18 ` David Hildenbrand
2017-12-08 17:31 ` Jim Mattson
0 siblings, 2 replies; 8+ messages in thread
From: Quan Xu @ 2017-12-08 10:22 UTC (permalink / raw)
To: kvm; +Cc: linux-kernel, rkrcmar, jmattson, pbonzini, Quan Xu
From: Quan Xu <quan.xu0@gmail.com>
Since KVM removes the only I/O port 0x80 bypass on Intel hosts,
clear CPU_BASED_USE_IO_BITMAPS and set CPU_BASED_UNCOND_IO_EXITING
bit. Then these I/O permission bitmaps are not used at all, so
drop I/O permission bitmaps.
Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Quan Xu <quan.xu0@gmail.com>
---
arch/x86/kvm/vmx.c | 17 +----------------
1 files changed, 1 insertions(+), 16 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 2fd9a8c..3e4f760 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -771,8 +771,6 @@ enum segment_cache_field {
FIELD(HOST_FS_SELECTOR, host_fs_selector),
FIELD(HOST_GS_SELECTOR, host_gs_selector),
FIELD(HOST_TR_SELECTOR, host_tr_selector),
- FIELD64(IO_BITMAP_A, io_bitmap_a),
- FIELD64(IO_BITMAP_B, io_bitmap_b),
FIELD64(MSR_BITMAP, msr_bitmap),
FIELD64(VM_EXIT_MSR_STORE_ADDR, vm_exit_msr_store_addr),
FIELD64(VM_EXIT_MSR_LOAD_ADDR, vm_exit_msr_load_addr),
@@ -943,8 +941,6 @@ static bool nested_vmx_is_page_fault_vmexit(struct vmcs12 *vmcs12,
static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock);
enum {
- VMX_IO_BITMAP_A,
- VMX_IO_BITMAP_B,
VMX_MSR_BITMAP_LEGACY,
VMX_MSR_BITMAP_LONGMODE,
VMX_MSR_BITMAP_LEGACY_X2APIC_APICV,
@@ -958,8 +954,6 @@ enum {
static unsigned long *vmx_bitmap[VMX_BITMAP_NR];
-#define vmx_io_bitmap_a (vmx_bitmap[VMX_IO_BITMAP_A])
-#define vmx_io_bitmap_b (vmx_bitmap[VMX_IO_BITMAP_B])
#define vmx_msr_bitmap_legacy (vmx_bitmap[VMX_MSR_BITMAP_LEGACY])
#define vmx_msr_bitmap_longmode (vmx_bitmap[VMX_MSR_BITMAP_LONGMODE])
#define vmx_msr_bitmap_legacy_x2apic_apicv (vmx_bitmap[VMX_MSR_BITMAP_LEGACY_X2APIC_APICV])
@@ -3632,7 +3626,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
#endif
CPU_BASED_CR3_LOAD_EXITING |
CPU_BASED_CR3_STORE_EXITING |
- CPU_BASED_USE_IO_BITMAPS |
+ CPU_BASED_UNCOND_IO_EXITING |
CPU_BASED_MOV_DR_EXITING |
CPU_BASED_USE_TSC_OFFSETING |
CPU_BASED_INVLPG_EXITING |
@@ -5445,10 +5439,6 @@ static void vmx_vcpu_setup(struct vcpu_vmx *vmx)
#endif
int i;
- /* I/O */
- vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap_a));
- vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap_b));
-
if (enable_shadow_vmcs) {
vmcs_write64(VMREAD_BITMAP, __pa(vmx_vmread_bitmap));
vmcs_write64(VMWRITE_BITMAP, __pa(vmx_vmwrite_bitmap));
@@ -6751,14 +6741,9 @@ static __init int hardware_setup(void)
goto out;
}
- vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL);
memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
- memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
-
- memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
-
memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
--
1.7.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] KVM: VMX: drop I/O permission bitmaps
2017-12-08 10:22 [PATCH] KVM: VMX: drop I/O permission bitmaps Quan Xu
@ 2017-12-08 16:18 ` David Hildenbrand
2017-12-11 5:15 ` Quan Xu
2017-12-12 8:29 ` Quan Xu
2017-12-08 17:31 ` Jim Mattson
1 sibling, 2 replies; 8+ messages in thread
From: David Hildenbrand @ 2017-12-08 16:18 UTC (permalink / raw)
To: Quan Xu, kvm; +Cc: linux-kernel, rkrcmar, jmattson, pbonzini
On 08.12.2017 11:22, Quan Xu wrote:
> From: Quan Xu <quan.xu0@gmail.com>
>
> Since KVM removes the only I/O port 0x80 bypass on Intel hosts,
> clear CPU_BASED_USE_IO_BITMAPS and set CPU_BASED_UNCOND_IO_EXITING
> bit. Then these I/O permission bitmaps are not used at all, so
> drop I/O permission bitmaps.
>
> Signed-off-by: Jim Mattson <jmattson@google.com>
> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
> Signed-off-by: Quan Xu <quan.xu0@gmail.com>
> ---
> arch/x86/kvm/vmx.c | 17 +----------------
> 1 files changed, 1 insertions(+), 16 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 2fd9a8c..3e4f760 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -771,8 +771,6 @@ enum segment_cache_field {
> FIELD(HOST_FS_SELECTOR, host_fs_selector),
> FIELD(HOST_GS_SELECTOR, host_gs_selector),
> FIELD(HOST_TR_SELECTOR, host_tr_selector),
> - FIELD64(IO_BITMAP_A, io_bitmap_a),
> - FIELD64(IO_BITMAP_B, io_bitmap_b),
> FIELD64(MSR_BITMAP, msr_bitmap),
> FIELD64(VM_EXIT_MSR_STORE_ADDR, vm_exit_msr_store_addr),
> FIELD64(VM_EXIT_MSR_LOAD_ADDR, vm_exit_msr_load_addr),
> @@ -943,8 +941,6 @@ static bool nested_vmx_is_page_fault_vmexit(struct vmcs12 *vmcs12,
> static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock);
>
> enum {
> - VMX_IO_BITMAP_A,
> - VMX_IO_BITMAP_B,
> VMX_MSR_BITMAP_LEGACY,
> VMX_MSR_BITMAP_LONGMODE,
> VMX_MSR_BITMAP_LEGACY_X2APIC_APICV,
> @@ -958,8 +954,6 @@ enum {
>
> static unsigned long *vmx_bitmap[VMX_BITMAP_NR];
>
> -#define vmx_io_bitmap_a (vmx_bitmap[VMX_IO_BITMAP_A])
> -#define vmx_io_bitmap_b (vmx_bitmap[VMX_IO_BITMAP_B])
> #define vmx_msr_bitmap_legacy (vmx_bitmap[VMX_MSR_BITMAP_LEGACY])
> #define vmx_msr_bitmap_longmode (vmx_bitmap[VMX_MSR_BITMAP_LONGMODE])
> #define vmx_msr_bitmap_legacy_x2apic_apicv (vmx_bitmap[VMX_MSR_BITMAP_LEGACY_X2APIC_APICV])
> @@ -3632,7 +3626,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
> #endif
> CPU_BASED_CR3_LOAD_EXITING |
> CPU_BASED_CR3_STORE_EXITING |
> - CPU_BASED_USE_IO_BITMAPS |
> + CPU_BASED_UNCOND_IO_EXITING |
> CPU_BASED_MOV_DR_EXITING |
> CPU_BASED_USE_TSC_OFFSETING |
> CPU_BASED_INVLPG_EXITING |
> @@ -5445,10 +5439,6 @@ static void vmx_vcpu_setup(struct vcpu_vmx *vmx)
> #endif
> int i;
>
> - /* I/O */
> - vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap_a));
> - vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap_b));
> -
> if (enable_shadow_vmcs) {
> vmcs_write64(VMREAD_BITMAP, __pa(vmx_vmread_bitmap));
> vmcs_write64(VMWRITE_BITMAP, __pa(vmx_vmwrite_bitmap));
> @@ -6751,14 +6741,9 @@ static __init int hardware_setup(void)
> goto out;
> }
>
> - vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL);
> memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
> memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
>
> - memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
> -
> - memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
> -
> memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
> memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
>
>
Looks good to me.
We could now also drop
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index a5d2856eb28b..732e93332f4c 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -10639,7 +10639,6 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu,
struct vmcs12 *vmcs12,
* Rather, exit every time.
*/
exec_control &= ~CPU_BASED_USE_IO_BITMAPS;
- exec_control |= CPU_BASED_UNCOND_IO_EXITING;
vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, exec_control);
As this will be implicitly set by vmx_exec_control()
--
Thanks,
David / dhildenb
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] KVM: VMX: drop I/O permission bitmaps
2017-12-08 10:22 [PATCH] KVM: VMX: drop I/O permission bitmaps Quan Xu
2017-12-08 16:18 ` David Hildenbrand
@ 2017-12-08 17:31 ` Jim Mattson
2017-12-11 5:37 ` Quan Xu
1 sibling, 1 reply; 8+ messages in thread
From: Jim Mattson @ 2017-12-08 17:31 UTC (permalink / raw)
To: Quan Xu; +Cc: kvm list, LKML, Radim Krčmář, Paolo Bonzini
On Fri, Dec 8, 2017 at 2:22 AM, Quan Xu <quan.xu0@gmail.com> wrote:
> From: Quan Xu <quan.xu0@gmail.com>
>
> Since KVM removes the only I/O port 0x80 bypass on Intel hosts,
> clear CPU_BASED_USE_IO_BITMAPS and set CPU_BASED_UNCOND_IO_EXITING
> bit. Then these I/O permission bitmaps are not used at all, so
> drop I/O permission bitmaps.
>
> Signed-off-by: Jim Mattson <jmattson@google.com>
> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
> Signed-off-by: Quan Xu <quan.xu0@gmail.com>
> ---
> arch/x86/kvm/vmx.c | 17 +----------------
> 1 files changed, 1 insertions(+), 16 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 2fd9a8c..3e4f760 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -771,8 +771,6 @@ enum segment_cache_field {
> FIELD(HOST_FS_SELECTOR, host_fs_selector),
> FIELD(HOST_GS_SELECTOR, host_gs_selector),
> FIELD(HOST_TR_SELECTOR, host_tr_selector),
> - FIELD64(IO_BITMAP_A, io_bitmap_a),
> - FIELD64(IO_BITMAP_B, io_bitmap_b),
These two lines should stay.
> FIELD64(MSR_BITMAP, msr_bitmap),
> FIELD64(VM_EXIT_MSR_STORE_ADDR, vm_exit_msr_store_addr),
> FIELD64(VM_EXIT_MSR_LOAD_ADDR, vm_exit_msr_load_addr),
> @@ -943,8 +941,6 @@ static bool nested_vmx_is_page_fault_vmexit(struct vmcs12 *vmcs12,
> static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock);
>
> enum {
> - VMX_IO_BITMAP_A,
> - VMX_IO_BITMAP_B,
> VMX_MSR_BITMAP_LEGACY,
> VMX_MSR_BITMAP_LONGMODE,
> VMX_MSR_BITMAP_LEGACY_X2APIC_APICV,
> @@ -958,8 +954,6 @@ enum {
>
> static unsigned long *vmx_bitmap[VMX_BITMAP_NR];
>
> -#define vmx_io_bitmap_a (vmx_bitmap[VMX_IO_BITMAP_A])
> -#define vmx_io_bitmap_b (vmx_bitmap[VMX_IO_BITMAP_B])
> #define vmx_msr_bitmap_legacy (vmx_bitmap[VMX_MSR_BITMAP_LEGACY])
> #define vmx_msr_bitmap_longmode (vmx_bitmap[VMX_MSR_BITMAP_LONGMODE])
> #define vmx_msr_bitmap_legacy_x2apic_apicv (vmx_bitmap[VMX_MSR_BITMAP_LEGACY_X2APIC_APICV])
> @@ -3632,7 +3626,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
> #endif
> CPU_BASED_CR3_LOAD_EXITING |
> CPU_BASED_CR3_STORE_EXITING |
> - CPU_BASED_USE_IO_BITMAPS |
> + CPU_BASED_UNCOND_IO_EXITING |
> CPU_BASED_MOV_DR_EXITING |
> CPU_BASED_USE_TSC_OFFSETING |
> CPU_BASED_INVLPG_EXITING |
> @@ -5445,10 +5439,6 @@ static void vmx_vcpu_setup(struct vcpu_vmx *vmx)
> #endif
> int i;
>
> - /* I/O */
> - vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap_a));
> - vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap_b));
> -
> if (enable_shadow_vmcs) {
> vmcs_write64(VMREAD_BITMAP, __pa(vmx_vmread_bitmap));
> vmcs_write64(VMWRITE_BITMAP, __pa(vmx_vmwrite_bitmap));
> @@ -6751,14 +6741,9 @@ static __init int hardware_setup(void)
> goto out;
> }
>
> - vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL);
> memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
> memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
>
> - memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
> -
> - memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
> -
> memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
> memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
>
> --
> 1.7.1
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] KVM: VMX: drop I/O permission bitmaps
2017-12-08 16:18 ` David Hildenbrand
@ 2017-12-11 5:15 ` Quan Xu
2017-12-12 8:29 ` Quan Xu
1 sibling, 0 replies; 8+ messages in thread
From: Quan Xu @ 2017-12-11 5:15 UTC (permalink / raw)
To: David Hildenbrand, kvm; +Cc: linux-kernel, rkrcmar, jmattson, pbonzini
On 2017/12/09 00:18, David Hildenbrand wrote:
> On 08.12.2017 11:22, Quan Xu wrote:
>> From: Quan Xu <quan.xu0@gmail.com>
>>
>> Since KVM removes the only I/O port 0x80 bypass on Intel hosts,
>> clear CPU_BASED_USE_IO_BITMAPS and set CPU_BASED_UNCOND_IO_EXITING
>> bit. Then these I/O permission bitmaps are not used at all, so
>> drop I/O permission bitmaps.
>>
>> Signed-off-by: Jim Mattson <jmattson@google.com>
>> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
>> Signed-off-by: Quan Xu <quan.xu0@gmail.com>
>> ---
>> arch/x86/kvm/vmx.c | 17 +----------------
>> 1 files changed, 1 insertions(+), 16 deletions(-)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 2fd9a8c..3e4f760 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -771,8 +771,6 @@ enum segment_cache_field {
>> FIELD(HOST_FS_SELECTOR, host_fs_selector),
>> FIELD(HOST_GS_SELECTOR, host_gs_selector),
>> FIELD(HOST_TR_SELECTOR, host_tr_selector),
>> - FIELD64(IO_BITMAP_A, io_bitmap_a),
>> - FIELD64(IO_BITMAP_B, io_bitmap_b),
>> FIELD64(MSR_BITMAP, msr_bitmap),
>> FIELD64(VM_EXIT_MSR_STORE_ADDR, vm_exit_msr_store_addr),
>> FIELD64(VM_EXIT_MSR_LOAD_ADDR, vm_exit_msr_load_addr),
>> @@ -943,8 +941,6 @@ static bool nested_vmx_is_page_fault_vmexit(struct vmcs12 *vmcs12,
>> static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock);
>>
>> enum {
>> - VMX_IO_BITMAP_A,
>> - VMX_IO_BITMAP_B,
>> VMX_MSR_BITMAP_LEGACY,
>> VMX_MSR_BITMAP_LONGMODE,
>> VMX_MSR_BITMAP_LEGACY_X2APIC_APICV,
>> @@ -958,8 +954,6 @@ enum {
>>
>> static unsigned long *vmx_bitmap[VMX_BITMAP_NR];
>>
>> -#define vmx_io_bitmap_a (vmx_bitmap[VMX_IO_BITMAP_A])
>> -#define vmx_io_bitmap_b (vmx_bitmap[VMX_IO_BITMAP_B])
>> #define vmx_msr_bitmap_legacy (vmx_bitmap[VMX_MSR_BITMAP_LEGACY])
>> #define vmx_msr_bitmap_longmode (vmx_bitmap[VMX_MSR_BITMAP_LONGMODE])
>> #define vmx_msr_bitmap_legacy_x2apic_apicv (vmx_bitmap[VMX_MSR_BITMAP_LEGACY_X2APIC_APICV])
>> @@ -3632,7 +3626,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
>> #endif
>> CPU_BASED_CR3_LOAD_EXITING |
>> CPU_BASED_CR3_STORE_EXITING |
>> - CPU_BASED_USE_IO_BITMAPS |
>> + CPU_BASED_UNCOND_IO_EXITING |
>> CPU_BASED_MOV_DR_EXITING |
>> CPU_BASED_USE_TSC_OFFSETING |
>> CPU_BASED_INVLPG_EXITING |
>> @@ -5445,10 +5439,6 @@ static void vmx_vcpu_setup(struct vcpu_vmx *vmx)
>> #endif
>> int i;
>>
>> - /* I/O */
>> - vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap_a));
>> - vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap_b));
>> -
>> if (enable_shadow_vmcs) {
>> vmcs_write64(VMREAD_BITMAP, __pa(vmx_vmread_bitmap));
>> vmcs_write64(VMWRITE_BITMAP, __pa(vmx_vmwrite_bitmap));
>> @@ -6751,14 +6741,9 @@ static __init int hardware_setup(void)
>> goto out;
>> }
>>
>> - vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL);
>> memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
>> memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
>>
>> - memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
>> -
>> - memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
>> -
>> memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
>> memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
>>
>>
> Looks good to me.
David, thanks for your review.
>
> We could now also drop
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index a5d2856eb28b..732e93332f4c 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -10639,7 +10639,6 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu,
> struct vmcs12 *vmcs12,
> * Rather, exit every time.
> */
> exec_control &= ~CPU_BASED_USE_IO_BITMAPS;
> - exec_control |= CPU_BASED_UNCOND_IO_EXITING;
>
> vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, exec_control);
>
> As this will be implicitly set by vmx_exec_control()
>
good catch.
yes, L0 merge vmcs01 with vmcsl2 to create vmcs02 and run L2.
however as this code is related to nested virtualization, I better
introduce it in another new patch
with "KVM: NVMX" prefix subject after this patch is applied.
furthermore, I think I could drop these tow lines in another new patch:
- exec_control &= ~CPU_BASED_USE_IO_BITMAPS;
- exec_control |= CPU_BASED_UNCOND_IO_EXITING;
as the CPU_BASED_USE_IO_BITMAPS is clear after this patch.
Quan
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] KVM: VMX: drop I/O permission bitmaps
2017-12-08 17:31 ` Jim Mattson
@ 2017-12-11 5:37 ` Quan Xu
2017-12-11 18:08 ` Jim Mattson
0 siblings, 1 reply; 8+ messages in thread
From: Quan Xu @ 2017-12-11 5:37 UTC (permalink / raw)
To: Jim Mattson
Cc: kvm list, LKML, Radim Krčmář,
Paolo Bonzini, David Hildenbrand
On 2017/12/09 01:31, Jim Mattson wrote:
> On Fri, Dec 8, 2017 at 2:22 AM, Quan Xu <quan.xu0@gmail.com> wrote:
>> From: Quan Xu <quan.xu0@gmail.com>
>>
>> Since KVM removes the only I/O port 0x80 bypass on Intel hosts,
>> clear CPU_BASED_USE_IO_BITMAPS and set CPU_BASED_UNCOND_IO_EXITING
>> bit. Then these I/O permission bitmaps are not used at all, so
>> drop I/O permission bitmaps.
>>
>> Signed-off-by: Jim Mattson <jmattson@google.com>
>> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
>> Signed-off-by: Quan Xu <quan.xu0@gmail.com>
>> ---
>> arch/x86/kvm/vmx.c | 17 +----------------
>> 1 files changed, 1 insertions(+), 16 deletions(-)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 2fd9a8c..3e4f760 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -771,8 +771,6 @@ enum segment_cache_field {
>> FIELD(HOST_FS_SELECTOR, host_fs_selector),
>> FIELD(HOST_GS_SELECTOR, host_gs_selector),
>> FIELD(HOST_TR_SELECTOR, host_tr_selector),
>> - FIELD64(IO_BITMAP_A, io_bitmap_a),
>> - FIELD64(IO_BITMAP_B, io_bitmap_b),
> These two lines should stay.
Jim, could you explain why these two lines should stay?
IIUC, the main concern is from nested virtualization, which still uses
io_bitmap_a/io_bitmap_b..
if so, we really need to further clean up these code, as
CPU_BASED_USE_IO_BITMAPS is clear, and CPU_BASED_UNCOND_IO_EXITING is set for both L0/L2. after new patches which I mentioned
in this thread.
right?
Alibaba Cloud
Quan
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] KVM: VMX: drop I/O permission bitmaps
2017-12-11 5:37 ` Quan Xu
@ 2017-12-11 18:08 ` Jim Mattson
2017-12-12 8:39 ` Quan Xu
0 siblings, 1 reply; 8+ messages in thread
From: Jim Mattson @ 2017-12-11 18:08 UTC (permalink / raw)
To: Quan Xu
Cc: kvm list, LKML, Radim Krčmář,
Paolo Bonzini, David Hildenbrand
Removing these two lines from the initialization of
field_to_offset_table[] means that vmcs_field_to_offset() will return
-ENOENT for IO_BITMAP_A or IO_BITMAP_B. Hence, handle_vmread and
handle_vmwrite will incorrectly report these fields as unsupported
VMCS components if an L1 hypervisor tries to access them.
On Sun, Dec 10, 2017 at 9:37 PM, Quan Xu <quan.xu0@gmail.com> wrote:
>
>
> On 2017/12/09 01:31, Jim Mattson wrote:
>>
>> On Fri, Dec 8, 2017 at 2:22 AM, Quan Xu <quan.xu0@gmail.com> wrote:
>>>
>>> From: Quan Xu <quan.xu0@gmail.com>
>>>
>>> Since KVM removes the only I/O port 0x80 bypass on Intel hosts,
>>> clear CPU_BASED_USE_IO_BITMAPS and set CPU_BASED_UNCOND_IO_EXITING
>>> bit. Then these I/O permission bitmaps are not used at all, so
>>> drop I/O permission bitmaps.
>>>
>>> Signed-off-by: Jim Mattson <jmattson@google.com>
>>> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
>>> Signed-off-by: Quan Xu <quan.xu0@gmail.com>
>>> ---
>>> arch/x86/kvm/vmx.c | 17 +----------------
>>> 1 files changed, 1 insertions(+), 16 deletions(-)
>>>
>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> index 2fd9a8c..3e4f760 100644
>>> --- a/arch/x86/kvm/vmx.c
>>> +++ b/arch/x86/kvm/vmx.c
>>> @@ -771,8 +771,6 @@ enum segment_cache_field {
>>> FIELD(HOST_FS_SELECTOR, host_fs_selector),
>>> FIELD(HOST_GS_SELECTOR, host_gs_selector),
>>> FIELD(HOST_TR_SELECTOR, host_tr_selector),
>>> - FIELD64(IO_BITMAP_A, io_bitmap_a),
>>> - FIELD64(IO_BITMAP_B, io_bitmap_b),
>>
>> These two lines should stay.
>
> Jim, could you explain why these two lines should stay?
>
>
> IIUC, the main concern is from nested virtualization, which still uses
> io_bitmap_a/io_bitmap_b..
> if so, we really need to further clean up these code, as
>
> CPU_BASED_USE_IO_BITMAPS is clear, and CPU_BASED_UNCOND_IO_EXITING is set
> for both L0/L2. after new patches which I mentioned
> in this thread.
>
> right?
>
> Alibaba Cloud
> Quan
>
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] KVM: VMX: drop I/O permission bitmaps
2017-12-08 16:18 ` David Hildenbrand
2017-12-11 5:15 ` Quan Xu
@ 2017-12-12 8:29 ` Quan Xu
1 sibling, 0 replies; 8+ messages in thread
From: Quan Xu @ 2017-12-12 8:29 UTC (permalink / raw)
To: David Hildenbrand, kvm; +Cc: linux-kernel, rkrcmar, jmattson, pbonzini
On 2017/12/09 00:18, David Hildenbrand wrote:
> On 08.12.2017 11:22, Quan Xu wrote:
>> From: Quan Xu <quan.xu0@gmail.com>
>>
>> Since KVM removes the only I/O port 0x80 bypass on Intel hosts,
>> clear CPU_BASED_USE_IO_BITMAPS and set CPU_BASED_UNCOND_IO_EXITING
>> bit. Then these I/O permission bitmaps are not used at all, so
>> drop I/O permission bitmaps.
>>
>> Signed-off-by: Jim Mattson <jmattson@google.com>
>> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
>> Signed-off-by: Quan Xu <quan.xu0@gmail.com>
>> ---
>> arch/x86/kvm/vmx.c | 17 +----------------
>> 1 files changed, 1 insertions(+), 16 deletions(-)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 2fd9a8c..3e4f760 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -771,8 +771,6 @@ enum segment_cache_field {
>> FIELD(HOST_FS_SELECTOR, host_fs_selector),
>> FIELD(HOST_GS_SELECTOR, host_gs_selector),
>> FIELD(HOST_TR_SELECTOR, host_tr_selector),
>> - FIELD64(IO_BITMAP_A, io_bitmap_a),
>> - FIELD64(IO_BITMAP_B, io_bitmap_b),
>> FIELD64(MSR_BITMAP, msr_bitmap),
>> FIELD64(VM_EXIT_MSR_STORE_ADDR, vm_exit_msr_store_addr),
>> FIELD64(VM_EXIT_MSR_LOAD_ADDR, vm_exit_msr_load_addr),
>> @@ -943,8 +941,6 @@ static bool nested_vmx_is_page_fault_vmexit(struct vmcs12 *vmcs12,
>> static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock);
>>
>> enum {
>> - VMX_IO_BITMAP_A,
>> - VMX_IO_BITMAP_B,
>> VMX_MSR_BITMAP_LEGACY,
>> VMX_MSR_BITMAP_LONGMODE,
>> VMX_MSR_BITMAP_LEGACY_X2APIC_APICV,
>> @@ -958,8 +954,6 @@ enum {
>>
>> static unsigned long *vmx_bitmap[VMX_BITMAP_NR];
>>
>> -#define vmx_io_bitmap_a (vmx_bitmap[VMX_IO_BITMAP_A])
>> -#define vmx_io_bitmap_b (vmx_bitmap[VMX_IO_BITMAP_B])
>> #define vmx_msr_bitmap_legacy (vmx_bitmap[VMX_MSR_BITMAP_LEGACY])
>> #define vmx_msr_bitmap_longmode (vmx_bitmap[VMX_MSR_BITMAP_LONGMODE])
>> #define vmx_msr_bitmap_legacy_x2apic_apicv (vmx_bitmap[VMX_MSR_BITMAP_LEGACY_X2APIC_APICV])
>> @@ -3632,7 +3626,7 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
>> #endif
>> CPU_BASED_CR3_LOAD_EXITING |
>> CPU_BASED_CR3_STORE_EXITING |
>> - CPU_BASED_USE_IO_BITMAPS |
>> + CPU_BASED_UNCOND_IO_EXITING |
>> CPU_BASED_MOV_DR_EXITING |
>> CPU_BASED_USE_TSC_OFFSETING |
>> CPU_BASED_INVLPG_EXITING |
>> @@ -5445,10 +5439,6 @@ static void vmx_vcpu_setup(struct vcpu_vmx *vmx)
>> #endif
>> int i;
>>
>> - /* I/O */
>> - vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap_a));
>> - vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap_b));
>> -
>> if (enable_shadow_vmcs) {
>> vmcs_write64(VMREAD_BITMAP, __pa(vmx_vmread_bitmap));
>> vmcs_write64(VMWRITE_BITMAP, __pa(vmx_vmwrite_bitmap));
>> @@ -6751,14 +6741,9 @@ static __init int hardware_setup(void)
>> goto out;
>> }
>>
>> - vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL);
>> memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
>> memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
>>
>> - memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
>> -
>> - memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
>> -
>> memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
>> memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
>>
>>
> Looks good to me.
>
> We could now also drop
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index a5d2856eb28b..732e93332f4c 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -10639,7 +10639,6 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu,
> struct vmcs12 *vmcs12,
> * Rather, exit every time.
> */
> exec_control &= ~CPU_BASED_USE_IO_BITMAPS;
> - exec_control |= CPU_BASED_UNCOND_IO_EXITING;
>
> vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, exec_control);
>
> As this will be implicitly set by vmx_exec_control()
David, I find some nVMX code is still using vmcs12 (.e.g.
nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS))
dropping it would make these logic error handling..
we better leave it as is..
Quan
Alibaba Cloud
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] KVM: VMX: drop I/O permission bitmaps
2017-12-11 18:08 ` Jim Mattson
@ 2017-12-12 8:39 ` Quan Xu
0 siblings, 0 replies; 8+ messages in thread
From: Quan Xu @ 2017-12-12 8:39 UTC (permalink / raw)
To: Jim Mattson
Cc: kvm list, LKML, Radim Krčmář,
Paolo Bonzini, David Hildenbrand
On 2017/12/12 02:08, Jim Mattson wrote:
> Removing these two lines from the initialization of
> field_to_offset_table[] means that vmcs_field_to_offset() will return
> -ENOENT for IO_BITMAP_A or IO_BITMAP_B. Hence, handle_vmread and
> handle_vmwrite will incorrectly report these fields as unsupported
> VMCS components if an L1 hypervisor tries to access them.
I will fix in v2.
Quan
Alibaba Cloud
> On Sun, Dec 10, 2017 at 9:37 PM, Quan Xu <quan.xu0@gmail.com> wrote:
>>
>> On 2017/12/09 01:31, Jim Mattson wrote:
>>> On Fri, Dec 8, 2017 at 2:22 AM, Quan Xu <quan.xu0@gmail.com> wrote:
>>>> From: Quan Xu <quan.xu0@gmail.com>
>>>>
>>>> Since KVM removes the only I/O port 0x80 bypass on Intel hosts,
>>>> clear CPU_BASED_USE_IO_BITMAPS and set CPU_BASED_UNCOND_IO_EXITING
>>>> bit. Then these I/O permission bitmaps are not used at all, so
>>>> drop I/O permission bitmaps.
>>>>
>>>> Signed-off-by: Jim Mattson <jmattson@google.com>
>>>> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
>>>> Signed-off-by: Quan Xu <quan.xu0@gmail.com>
>>>> ---
>>>> arch/x86/kvm/vmx.c | 17 +----------------
>>>> 1 files changed, 1 insertions(+), 16 deletions(-)
>>>>
>>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>>> index 2fd9a8c..3e4f760 100644
>>>> --- a/arch/x86/kvm/vmx.c
>>>> +++ b/arch/x86/kvm/vmx.c
>>>> @@ -771,8 +771,6 @@ enum segment_cache_field {
>>>> FIELD(HOST_FS_SELECTOR, host_fs_selector),
>>>> FIELD(HOST_GS_SELECTOR, host_gs_selector),
>>>> FIELD(HOST_TR_SELECTOR, host_tr_selector),
>>>> - FIELD64(IO_BITMAP_A, io_bitmap_a),
>>>> - FIELD64(IO_BITMAP_B, io_bitmap_b),
>>> These two lines should stay.
>> Jim, could you explain why these two lines should stay?
>>
>>
>> IIUC, the main concern is from nested virtualization, which still uses
>> io_bitmap_a/io_bitmap_b..
>> if so, we really need to further clean up these code, as
>>
>> CPU_BASED_USE_IO_BITMAPS is clear, and CPU_BASED_UNCOND_IO_EXITING is set
>> for both L0/L2. after new patches which I mentioned
>> in this thread.
>>
>> right?
>>
>> Alibaba Cloud
>> Quan
>>
>>
>>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-12-12 8:39 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-08 10:22 [PATCH] KVM: VMX: drop I/O permission bitmaps Quan Xu
2017-12-08 16:18 ` David Hildenbrand
2017-12-11 5:15 ` Quan Xu
2017-12-12 8:29 ` Quan Xu
2017-12-08 17:31 ` Jim Mattson
2017-12-11 5:37 ` Quan Xu
2017-12-11 18:08 ` Jim Mattson
2017-12-12 8:39 ` Quan Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).