All of lore.kernel.org
 help / color / mirror / Atom feed
From: Sean Christopherson <seanjc@google.com>
To: Babu Moger <babu.moger@amd.com>
Cc: pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com,
	bp@alien8.de, fenghua.yu@intel.com, tony.luck@intel.com,
	wanpengli@tencent.com, kvm@vger.kernel.org,
	thomas.lendacky@amd.com, peterz@infradead.org, joro@8bytes.org,
	x86@kernel.org, kyung.min.park@intel.com,
	linux-kernel@vger.kernel.org, krish.sadhukhan@oracle.com,
	hpa@zytor.com, mgross@linux.intel.com, vkuznets@redhat.com,
	kim.phillips@amd.com, wei.huang2@amd.com, jmattson@google.com
Subject: Re: [PATCH v3 2/2] KVM: SVM: Add support for Virtual SPEC_CTRL
Date: Tue, 19 Jan 2021 10:31:05 -0800	[thread overview]
Message-ID: <YAclaWCL20at/0n+@google.com> (raw)
In-Reply-To: <161073130040.13848.4508590528993822806.stgit@bmoger-ubuntu>

On Fri, Jan 15, 2021, Babu Moger wrote:
> ---
>  arch/x86/include/asm/svm.h |    4 +++-
>  arch/x86/kvm/svm/sev.c     |    4 ++++
>  arch/x86/kvm/svm/svm.c     |   19 +++++++++++++++----
>  3 files changed, 22 insertions(+), 5 deletions(-)
> 
> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
> index 1c561945b426..772e60efe243 100644
> --- a/arch/x86/include/asm/svm.h
> +++ b/arch/x86/include/asm/svm.h
> @@ -269,7 +269,9 @@ struct vmcb_save_area {
>  	 * SEV-ES guests when referenced through the GHCB or for
>  	 * saving to the host save area.
>  	 */
> -	u8 reserved_7[80];
> +	u8 reserved_7[72];
> +	u32 spec_ctrl;		/* Guest version of SPEC_CTRL at 0x2E0 */
> +	u8 reserved_7b[4];

Don't nested_prepare_vmcb_save() and nested_vmcb_checks() need to be updated to
handle the new field, too?

>  	u32 pkru;
>  	u8 reserved_7a[20];
>  	u64 reserved_8;		/* rax already available at 0x01f8 */
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index c8ffdbc81709..959d6e47bd84 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -546,6 +546,10 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm)
>  	save->pkru = svm->vcpu.arch.pkru;
>  	save->xss  = svm->vcpu.arch.ia32_xss;
>  
> +	/* Update the guest SPEC_CTRL value in the save area */
> +	if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
> +		save->spec_ctrl = svm->spec_ctrl;

I think this can be dropped if svm->spec_ctrl is unused when V_SPEC_CTRL is
supported (see below).  IIUC, the memcpy() that's just out of sight would do
the propgation to the VMSA.

> +
>  	/*
>  	 * SEV-ES will use a VMSA that is pointed to by the VMCB, not
>  	 * the traditional VMSA that is part of the VMCB. Copy the
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 7ef171790d02..a0cb01a5c8c5 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -1244,6 +1244,9 @@ static void init_vmcb(struct vcpu_svm *svm)
>  
>  	svm_check_invpcid(svm);
>  
> +	if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL))
> +		save->spec_ctrl = svm->spec_ctrl;
> +
>  	if (kvm_vcpu_apicv_active(&svm->vcpu))
>  		avic_init_vmcb(svm);
>  
> @@ -3789,7 +3792,10 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
>  	 * is no need to worry about the conditional branch over the wrmsr
>  	 * being speculatively taken.
>  	 */
> -	x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);
> +	if (static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
> +		svm->vmcb->save.spec_ctrl = svm->spec_ctrl;
> +	else
> +		x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);

Can't we avoid functional code in svm_vcpu_run() entirely when V_SPEC_CTRL is
supported?  Make this code a nop, disable interception from time zero, and
read/write the VMBC field in svm_{get,set}_msr().  I.e. don't touch
svm->spec_ctrl if V_SPEC_CTRL is supported.  

	if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
		x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);

	svm_vcpu_enter_exit(vcpu, svm);

	if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL) &&
	    unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
		svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);

>  	svm_vcpu_enter_exit(vcpu, svm);
>  
> @@ -3808,13 +3814,18 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
>  	 * If the L02 MSR bitmap does not intercept the MSR, then we need to
>  	 * save it.
>  	 */
> -	if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
> -		svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
> +	if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) {
> +		if (static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
> +			svm->spec_ctrl = svm->vmcb->save.spec_ctrl;
> +		else
> +			svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
> +	}
>  
>  	if (!sev_es_guest(svm->vcpu.kvm))
>  		reload_tss(vcpu);
>  
> -	x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl);
> +	if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
> +		x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl);
>  
>  	if (!sev_es_guest(svm->vcpu.kvm)) {
>  		vcpu->arch.cr2 = svm->vmcb->save.cr2;
> 

  reply	other threads:[~2021-01-19 18:42 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-15 17:21 [PATCH v3 0/2] x86: Add the feature Virtual SPEC_CTRL Babu Moger
2021-01-15 17:21 ` [PATCH v3 1/2] x86/cpufeatures: Add the Virtual SPEC_CTRL feature Babu Moger
2021-01-15 17:21 ` [PATCH v3 2/2] KVM: SVM: Add support for Virtual SPEC_CTRL Babu Moger
2021-01-19 18:31   ` Sean Christopherson [this message]
2021-01-19 22:29     ` Babu Moger
2021-01-19 23:45       ` Sean Christopherson
2021-01-20 22:09         ` Babu Moger
2021-01-27  0:13           ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YAclaWCL20at/0n+@google.com \
    --to=seanjc@google.com \
    --cc=babu.moger@amd.com \
    --cc=bp@alien8.de \
    --cc=fenghua.yu@intel.com \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=joro@8bytes.org \
    --cc=kim.phillips@amd.com \
    --cc=krish.sadhukhan@oracle.com \
    --cc=kvm@vger.kernel.org \
    --cc=kyung.min.park@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mgross@linux.intel.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=tony.luck@intel.com \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=wei.huang2@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.