[PATCH v2 0/2] KVM: SVM: Virtual GIF

[PATCH v2 0/2] KVM: SVM: Virtual GIF

[Janakarajan Natarajan]

This patchset adds support for the Virtual GIF (vGIF) feature. This
feature allows the STGI and CLGI instructions to be executed in the
Guest Mode and not require a #VMEXIT. With this, virtual interrupts
can be controlled in the Guest Mode while still allowing physical
interrupts to be intercepted by the hypervisor.

In order to provide this ability, two new bits are added to the VMCB
at offset 60h:

* Bit 9	 - VGIF value
	 : 0 -> Virtual interrupts are masked
	 : 1 -> Virtual interrupts are unmasked

* Bit 25 - AMD Virtual GIF enabled for this guest
	 : 0 -> Disabled
	 : 1 -> Enabled

When a VMRUN is executed and Bit 25 is set, the processor uses Bit 9
as the starting value of the virtual GIF. It then provides masking
capability for when virtual interrupts are taken. Bit 9 is writeable
by the hypervisor and loaded on VMRUN and saved on #VMEXIT. STGI/CLGI
executed in the Guest Mode sets or clears the virtual GIF.

The advantage of this feature will be the greatly reduced number of
world switches to support the STGI and CLGI instructions by the
outermost hypervisor at Current Privilege Level (CPL) 0.

This has been tested with Xen, Hyper-V and KVM as the nested hypervisor.

v1->v2:

* Updated patch description and changed cpufeature definition to be similar
  to AMD documentation.

* Updated NMI logic. STGI intercept added to assit in opening NMI window.
  Suggested by Radim.

Janakarajan Natarajan (2):
  KVM: SVM: Add Virtual GIF feature definition
  KVM: SVM: Enable Virtual GIF feature

 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/include/asm/svm.h         |  6 ++++
 arch/x86/kvm/svm.c                 | 62 +++++++++++++++++++++++++++++++++-----
 3 files changed, 62 insertions(+), 7 deletions(-)

-- 
2.7.4

[PATCH v2 1/2] KVM: SVM: Add Virtual GIF feature definition

[Janakarajan Natarajan]

Add a new cpufeature definition for Virtual GIF.

Signed-off-by: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
---
 arch/x86/include/asm/cpufeatures.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index ca3c48c..0e25e7a 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -287,6 +287,7 @@
 #define X86_FEATURE_PFTHRESHOLD (15*32+12) /* pause filter threshold */
 #define X86_FEATURE_AVIC	(15*32+13) /* Virtual Interrupt Controller */
 #define X86_FEATURE_VIRTUAL_VMLOAD_VMSAVE (15*32+15) /* Virtual VMLOAD VMSAVE */
+#define X86_FEATURE_VGIF	(15*32+16) /* Virtual GIF */
 
 /* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 16 */
 #define X86_FEATURE_AVX512VBMI  (16*32+ 1) /* AVX512 Vector Bit Manipulation instructions*/
-- 
2.7.4

[PATCH v2 2/2] KVM: SVM: Enable Virtual GIF feature

[Janakarajan Natarajan]

Enable the Virtual GIF feature. This is done by setting bit 25 at position
60h in the vmcb.

With this feature enabled, the processor uses bit 9 at position 60h as the
virtual GIF when executing STGI/CLGI instructions.

Since the execution of STGI by the L1 hypervisor does not cause a return to
the outermost (L0) hypervisor, the enable_irq_window and enable_nmi_window
are modified.

The IRQ window will be opened even if GIF is not set, under the assumption
that on resuming the L1 hypervisor the IRQ will be held pending until the
processor executes the STGI instruction.

For the NMI window, the STGI intercept is set. This will assist in opening
the window only when GIF=1.

Signed-off-by: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
---
 arch/x86/include/asm/svm.h |  6 +++++
 arch/x86/kvm/svm.c         | 62 ++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 61 insertions(+), 7 deletions(-)

diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index 58fffe7..14835dd 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -107,6 +107,9 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
 #define V_IRQ_SHIFT 8
 #define V_IRQ_MASK (1 << V_IRQ_SHIFT)
 
+#define V_GIF_SHIFT 9
+#define V_GIF_MASK (1 << V_GIF_SHIFT)
+
 #define V_INTR_PRIO_SHIFT 16
 #define V_INTR_PRIO_MASK (0x0f << V_INTR_PRIO_SHIFT)
 
@@ -116,6 +119,9 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
 #define V_INTR_MASKING_SHIFT 24
 #define V_INTR_MASKING_MASK (1 << V_INTR_MASKING_SHIFT)
 
+#define V_GIF_ENABLE_SHIFT 25
+#define V_GIF_ENABLE_MASK (1 << V_GIF_ENABLE_SHIFT)
+
 #define AVIC_ENABLE_SHIFT 31
 #define AVIC_ENABLE_MASK (1 << AVIC_ENABLE_SHIFT)
 
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 1107626..492fe9a 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -280,6 +280,10 @@ module_param(avic, int, S_IRUGO);
 static int vls = true;
 module_param(vls, int, 0444);
 
+/* enable/disable Virtual GIF */
+static int vgif = true;
+module_param(vgif, int, 0444);
+
 /* AVIC VM ID bit masks and lock */
 static DECLARE_BITMAP(avic_vm_id_bitmap, AVIC_VM_ID_NR);
 static DEFINE_SPINLOCK(avic_vm_id_lock);
@@ -479,19 +483,33 @@ static inline void clr_intercept(struct vcpu_svm *svm, int bit)
 	recalc_intercepts(svm);
 }
 
+static inline bool vgif_enabled(struct vcpu_svm *svm)
+{
+	return !!(svm->vmcb->control.int_ctl & V_GIF_ENABLE_MASK);
+}
+
 static inline void enable_gif(struct vcpu_svm *svm)
 {
-	svm->vcpu.arch.hflags |= HF_GIF_MASK;
+	if (vgif_enabled(svm))
+		svm->vmcb->control.int_ctl |= V_GIF_MASK;
+	else
+		svm->vcpu.arch.hflags |= HF_GIF_MASK;
 }
 
 static inline void disable_gif(struct vcpu_svm *svm)
 {
-	svm->vcpu.arch.hflags &= ~HF_GIF_MASK;
+	if (vgif_enabled(svm))
+		svm->vmcb->control.int_ctl &= ~V_GIF_MASK;
+	else
+		svm->vcpu.arch.hflags &= ~HF_GIF_MASK;
 }
 
 static inline bool gif_set(struct vcpu_svm *svm)
 {
-	return !!(svm->vcpu.arch.hflags & HF_GIF_MASK);
+	if (vgif_enabled(svm))
+		return !!(svm->vmcb->control.int_ctl & V_GIF_MASK);
+	else
+		return !!(svm->vcpu.arch.hflags & HF_GIF_MASK);
 }
 
 static unsigned long iopm_base;
@@ -973,6 +991,7 @@ static void svm_disable_lbrv(struct vcpu_svm *svm)
 static void disable_nmi_singlestep(struct vcpu_svm *svm)
 {
 	svm->nmi_singlestep = false;
+
 	if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) {
 		/* Clear our flags if they were not set by the guest */
 		if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
@@ -1108,6 +1127,13 @@ static __init int svm_hardware_setup(void)
 		}
 	}
 
+	if (vgif) {
+		if (!boot_cpu_has(X86_FEATURE_VGIF))
+			vgif = false;
+		else
+			pr_info("Virtual GIF supported\n");
+	}
+
 	return 0;
 
 err:
@@ -1305,6 +1331,12 @@ static void init_vmcb(struct vcpu_svm *svm)
 		svm->vmcb->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK;
 	}
 
+	if (vgif) {
+		clr_intercept(svm, INTERCEPT_STGI);
+		clr_intercept(svm, INTERCEPT_CLGI);
+		svm->vmcb->control.int_ctl |= V_GIF_ENABLE_MASK;
+	}
+
 	mark_all_dirty(svm->vmcb);
 
 	enable_gif(svm);
@@ -3152,6 +3184,13 @@ static int stgi_interception(struct vcpu_svm *svm)
 	if (nested_svm_check_permissions(svm))
 		return 1;
 
+	/*
+	 * Remove STGI intercept that was added to assist
+	 * in opening NMI window.
+	 */
+	if (vgif_enabled(svm))
+		clr_intercept(svm, INTERCEPT_STGI);
+
 	svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
 	ret = kvm_skip_emulated_instruction(&svm->vcpu);
 	kvm_make_request(KVM_REQ_EVENT, &svm->vcpu);
@@ -4686,9 +4725,11 @@ static void enable_irq_window(struct kvm_vcpu *vcpu)
 	 * In case GIF=0 we can't rely on the CPU to tell us when GIF becomes
 	 * 1, because that's a separate STGI/VMRUN intercept.  The next time we
 	 * get that intercept, this function will be called again though and
-	 * we'll get the vintr intercept.
+	 * we'll get the vintr intercept. However, if the vGIF feature is
+	 * enabled, the STGI interception will not occur. Enable the irq
+	 * window under the assumption that the hardware will set the GIF.
 	 */
-	if (gif_set(svm) && nested_svm_intr(svm)) {
+	if ((vgif_enabled(svm) || gif_set(svm)) && nested_svm_intr(svm)) {
 		svm_set_vintr(svm);
 		svm_inject_irq(svm, 0x0);
 	}
@@ -4702,8 +4743,15 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
 	    == HF_NMI_MASK)
 		return; /* IRET will cause a vm exit */
 
-	if ((svm->vcpu.arch.hflags & HF_GIF_MASK) == 0)
-		return; /* STGI will cause a vm exit */
+	if (!gif_set(svm)) {
+
+		/*
+		 * Set STGI intercept, since it would have been removed
+		 * if vGIF enable bit was set.
+		 */
+		set_intercept(svm, INTERCEPT_STGI);
+		return; /* STGI will cause a vm exit*/
+	}
 
 	if (svm->nested.exit_required)
 		return; /* we're not going to run the guest yet */
-- 
2.7.4

Re: [PATCH v2 1/2] KVM: SVM: Add Virtual GIF feature definition

[Borislav Petkov]

On Wed, Aug 23, 2017 at 09:57:18AM -0500, Janakarajan Natarajan wrote:
> Add a new cpufeature definition for Virtual GIF.
> 
> Signed-off-by: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
> ---
>  arch/x86/include/asm/cpufeatures.h | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index ca3c48c..0e25e7a 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -287,6 +287,7 @@
>  #define X86_FEATURE_PFTHRESHOLD (15*32+12) /* pause filter threshold */
>  #define X86_FEATURE_AVIC	(15*32+13) /* Virtual Interrupt Controller */
>  #define X86_FEATURE_VIRTUAL_VMLOAD_VMSAVE (15*32+15) /* Virtual VMLOAD VMSAVE */
> +#define X86_FEATURE_VGIF	(15*32+16) /* Virtual GIF */
>  
>  /* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx), word 16 */
>  #define X86_FEATURE_AVX512VBMI  (16*32+ 1) /* AVX512 Vector Bit Manipulation instructions*/
> -- 

Reviewed-by: Borislav Petkov <bp@suse.de>

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
-- 

Re: [PATCH v2 0/2] KVM: SVM: Virtual GIF

[Paolo Bonzini]

On 23/08/2017 16:57, Janakarajan Natarajan wrote:
> This patchset adds support for the Virtual GIF (vGIF) feature. This
> feature allows the STGI and CLGI instructions to be executed in the
> Guest Mode and not require a #VMEXIT. With this, virtual interrupts
> can be controlled in the Guest Mode while still allowing physical
> interrupts to be intercepted by the hypervisor.
> 
> In order to provide this ability, two new bits are added to the VMCB
> at offset 60h:
> 
> * Bit 9	 - VGIF value
> 	 : 0 -> Virtual interrupts are masked
> 	 : 1 -> Virtual interrupts are unmasked
> 
> * Bit 25 - AMD Virtual GIF enabled for this guest
> 	 : 0 -> Disabled
> 	 : 1 -> Enabled
> 
> When a VMRUN is executed and Bit 25 is set, the processor uses Bit 9
> as the starting value of the virtual GIF. It then provides masking
> capability for when virtual interrupts are taken. Bit 9 is writeable
> by the hypervisor and loaded on VMRUN and saved on #VMEXIT. STGI/CLGI
> executed in the Guest Mode sets or clears the virtual GIF.
> 
> The advantage of this feature will be the greatly reduced number of
> world switches to support the STGI and CLGI instructions by the
> outermost hypervisor at Current Privilege Level (CPL) 0.
> 
> This has been tested with Xen, Hyper-V and KVM as the nested hypervisor.
> 
> v1->v2:
> 
> * Updated patch description and changed cpufeature definition to be similar
>   to AMD documentation.
> 
> * Updated NMI logic. STGI intercept added to assit in opening NMI window.
>   Suggested by Radim.

Applied, thanks.

Paolo

> Janakarajan Natarajan (2):
>   KVM: SVM: Add Virtual GIF feature definition
>   KVM: SVM: Enable Virtual GIF feature
> 
>  arch/x86/include/asm/cpufeatures.h |  1 +
>  arch/x86/include/asm/svm.h         |  6 ++++
>  arch/x86/kvm/svm.c                 | 62 +++++++++++++++++++++++++++++++++-----
>  3 files changed, 62 insertions(+), 7 deletions(-)
>