* [RFC v3 0/2] add bus lock VM exit support
@ 2020-09-10 8:37 Chenyi Qiang
2020-09-10 8:37 ` [RFC v3 1/2] KVM: VMX: Convert vcpu_vmx.exit_reason to a union Chenyi Qiang
2020-09-10 8:37 ` [RFC v3 2/2] KVM: VMX: Enable bus lock VM exit Chenyi Qiang
0 siblings, 2 replies; 5+ messages in thread
From: Chenyi Qiang @ 2020-09-10 8:37 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li,
Jim Mattson, Joerg Roedel, Xiaoyao Li
Cc: kvm, linux-kernel
v2->v3 changelogs:
- use a bitmap to get/set the capability of bus lock detection. we support
exit and off mode currently.
- put the handle of exiting to userspace in vmx.c, thus no need to
define a shadow to track vmx->exit_reason.bus_lock_detected.
- remove the vcpu->stats.bus_locks since every bus lock exits to userspace.
---
Add the support for bus lock VM exit in KVM. It is a sub-feature of bus
lock detection and the detailed info can be found in the patch 2/2.
In this patch series, the first patch applies Sean's refactor to
vcpu_vmx.exit_reason available at
https://patchwork.kernel.org/patch/11500659.
It is necessary as bus lock VM exit adds a new modifier bit(bit 26) in
exit_reason field in VMCS.
The second patch is the enabling work for bus lock VM exit. Add the
support to set the capability to enable bus lock vm exit. The current
implementation just exit to user space when handling the bus lock
detected in guest.
The concrete throttling policy in user space still needs to be
discussed. We can enforce ratelimit on bus lock in guest, just inject
some sleep time, or maybe other ideas.
Document for Bus Lock Detection is now available at the latest "Intel
Architecture Instruction Set Extensions Programming Reference" (see
below). Note that the section 9.1 for Bus Lock Debug Exception requires
modification due to the feedback from kernel community:
https://lore.kernel.org/lkml/87r1stmi1x.fsf@nanos.tec.linutronix.de/
Document Link:
https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html
Chenyi Qiang (1):
KVM: VMX: Enable bus lock VM exit
Sean Christopherson (1):
KVM: VMX: Convert vcpu_vmx.exit_reason to a union
arch/x86/include/asm/kvm_host.h | 5 ++
arch/x86/include/asm/vmx.h | 1 +
arch/x86/include/asm/vmxfeatures.h | 1 +
arch/x86/include/uapi/asm/kvm.h | 1 +
arch/x86/include/uapi/asm/vmx.h | 4 +-
arch/x86/kvm/vmx/capabilities.h | 6 ++
arch/x86/kvm/vmx/nested.c | 42 ++++++++----
arch/x86/kvm/vmx/vmx.c | 106 ++++++++++++++++++++---------
arch/x86/kvm/vmx/vmx.h | 25 ++++++-
arch/x86/kvm/x86.c | 27 +++++++-
arch/x86/kvm/x86.h | 5 ++
include/uapi/linux/kvm.h | 7 ++
12 files changed, 179 insertions(+), 51 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [RFC v3 1/2] KVM: VMX: Convert vcpu_vmx.exit_reason to a union
2020-09-10 8:37 [RFC v3 0/2] add bus lock VM exit support Chenyi Qiang
@ 2020-09-10 8:37 ` Chenyi Qiang
2020-09-10 8:37 ` [RFC v3 2/2] KVM: VMX: Enable bus lock VM exit Chenyi Qiang
1 sibling, 0 replies; 5+ messages in thread
From: Chenyi Qiang @ 2020-09-10 8:37 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li,
Jim Mattson, Joerg Roedel, Xiaoyao Li
Cc: kvm, linux-kernel
From: Sean Christopherson <sean.j.christopherson@intel.com>
Convert vcpu_vmx.exit_reason from a u32 to a union (of size u32). The
full VM_EXIT_REASON field is comprised of a 16-bit basic exit reason in
bits 15:0, and single-bit modifiers in bits 31:16.
Historically, KVM has only had to worry about handling the "failed
VM-Entry" modifier, which could only be set in very specific flows and
required dedicated handling. I.e. manually stripping the FAILED_VMENTRY
bit was a somewhat viable approach. But even with only a single bit to
worry about, KVM has had several bugs related to comparing a basic exit
reason against the full exit reason store in vcpu_vmx.
Upcoming Intel features, e.g. SGX, will add new modifier bits that can
be set on more or less any VM-Exit, as opposed to the significantly more
restricted FAILED_VMENTRY, i.e. correctly handling everything in one-off
flows isn't scalable. Tracking exit reason in a union forces code to
explicitly choose between consuming the full exit reason and the basic
exit, and is a convenient way to document and access the modifiers.
No functional change intended.
Cc: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
arch/x86/kvm/vmx/nested.c | 42 ++++++++++++++++---------
arch/x86/kvm/vmx/vmx.c | 64 ++++++++++++++++++++-------------------
arch/x86/kvm/vmx/vmx.h | 25 ++++++++++++++-
3 files changed, 84 insertions(+), 47 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 23b58c28a1c9..0262111e5821 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3304,7 +3304,11 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
enum vm_entry_failure_code entry_failure_code;
bool evaluate_pending_interrupts;
- u32 exit_reason, failed_index;
+ union vmx_exit_reason exit_reason = {
+ .basic = EXIT_REASON_INVALID_STATE,
+ .failed_vmentry = 1,
+ };
+ u32 failed_index;
if (kvm_check_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu))
kvm_vcpu_flush_tlb_current(vcpu);
@@ -3354,7 +3358,7 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
if (nested_vmx_check_guest_state(vcpu, vmcs12,
&entry_failure_code)) {
- exit_reason = EXIT_REASON_INVALID_STATE;
+ exit_reason.basic = EXIT_REASON_INVALID_STATE;
vmcs12->exit_qualification = entry_failure_code;
goto vmentry_fail_vmexit;
}
@@ -3365,7 +3369,7 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
vcpu->arch.tsc_offset += vmcs12->tsc_offset;
if (prepare_vmcs02(vcpu, vmcs12, &entry_failure_code)) {
- exit_reason = EXIT_REASON_INVALID_STATE;
+ exit_reason.basic = EXIT_REASON_INVALID_STATE;
vmcs12->exit_qualification = entry_failure_code;
goto vmentry_fail_vmexit_guest_mode;
}
@@ -3375,7 +3379,7 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
vmcs12->vm_entry_msr_load_addr,
vmcs12->vm_entry_msr_load_count);
if (failed_index) {
- exit_reason = EXIT_REASON_MSR_LOAD_FAIL;
+ exit_reason.basic = EXIT_REASON_MSR_LOAD_FAIL;
vmcs12->exit_qualification = failed_index;
goto vmentry_fail_vmexit_guest_mode;
}
@@ -3443,7 +3447,7 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
return NVMX_VMENTRY_VMEXIT;
load_vmcs12_host_state(vcpu, vmcs12);
- vmcs12->vm_exit_reason = exit_reason | VMX_EXIT_REASONS_FAILED_VMENTRY;
+ vmcs12->vm_exit_reason = exit_reason.full;
if (enable_shadow_vmcs || vmx->nested.hv_evmcs)
vmx->nested.need_vmcs12_to_shadow_sync = true;
return NVMX_VMENTRY_VMEXIT;
@@ -5488,7 +5492,12 @@ static int handle_vmfunc(struct kvm_vcpu *vcpu)
return kvm_skip_emulated_instruction(vcpu);
fail:
- nested_vmx_vmexit(vcpu, vmx->exit_reason,
+ /*
+ * This is effectively a reflected VM-Exit, as opposed to a synthesized
+ * nested VM-Exit. Pass the original exit reason, i.e. don't hardcode
+ * EXIT_REASON_VMFUNC as the exit reason.
+ */
+ nested_vmx_vmexit(vcpu, vmx->exit_reason.full,
vmx_get_intr_info(vcpu),
vmx_get_exit_qual(vcpu));
return 1;
@@ -5556,7 +5565,8 @@ static bool nested_vmx_exit_handled_io(struct kvm_vcpu *vcpu,
* MSR bitmap. This may be the case even when L0 doesn't use MSR bitmaps.
*/
static bool nested_vmx_exit_handled_msr(struct kvm_vcpu *vcpu,
- struct vmcs12 *vmcs12, u32 exit_reason)
+ struct vmcs12 *vmcs12,
+ union vmx_exit_reason exit_reason)
{
u32 msr_index = kvm_rcx_read(vcpu);
gpa_t bitmap;
@@ -5570,7 +5580,7 @@ static bool nested_vmx_exit_handled_msr(struct kvm_vcpu *vcpu,
* First we need to figure out which of the four to use:
*/
bitmap = vmcs12->msr_bitmap;
- if (exit_reason == EXIT_REASON_MSR_WRITE)
+ if (exit_reason.basic == EXIT_REASON_MSR_WRITE)
bitmap += 2048;
if (msr_index >= 0xc0000000) {
msr_index -= 0xc0000000;
@@ -5707,11 +5717,12 @@ static bool nested_vmx_exit_handled_mtf(struct vmcs12 *vmcs12)
* Return true if L0 wants to handle an exit from L2 regardless of whether or not
* L1 wants the exit. Only call this when in is_guest_mode (L2).
*/
-static bool nested_vmx_l0_wants_exit(struct kvm_vcpu *vcpu, u32 exit_reason)
+static bool nested_vmx_l0_wants_exit(struct kvm_vcpu *vcpu,
+ union vmx_exit_reason exit_reason)
{
u32 intr_info;
- switch ((u16)exit_reason) {
+ switch ((u16)exit_reason.basic) {
case EXIT_REASON_EXCEPTION_NMI:
intr_info = vmx_get_intr_info(vcpu);
if (is_nmi(intr_info))
@@ -5767,12 +5778,13 @@ static bool nested_vmx_l0_wants_exit(struct kvm_vcpu *vcpu, u32 exit_reason)
* Return 1 if L1 wants to intercept an exit from L2. Only call this when in
* is_guest_mode (L2).
*/
-static bool nested_vmx_l1_wants_exit(struct kvm_vcpu *vcpu, u32 exit_reason)
+static bool nested_vmx_l1_wants_exit(struct kvm_vcpu *vcpu,
+ union vmx_exit_reason exit_reason)
{
struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
u32 intr_info;
- switch ((u16)exit_reason) {
+ switch ((u16)exit_reason.basic) {
case EXIT_REASON_EXCEPTION_NMI:
intr_info = vmx_get_intr_info(vcpu);
if (is_nmi(intr_info))
@@ -5891,7 +5903,7 @@ static bool nested_vmx_l1_wants_exit(struct kvm_vcpu *vcpu, u32 exit_reason)
bool nested_vmx_reflect_vmexit(struct kvm_vcpu *vcpu)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
- u32 exit_reason = vmx->exit_reason;
+ union vmx_exit_reason exit_reason = vmx->exit_reason;
unsigned long exit_qual;
u32 exit_intr_info;
@@ -5913,7 +5925,7 @@ bool nested_vmx_reflect_vmexit(struct kvm_vcpu *vcpu)
exit_intr_info = vmx_get_intr_info(vcpu);
exit_qual = vmx_get_exit_qual(vcpu);
- trace_kvm_nested_vmexit(kvm_rip_read(vcpu), exit_reason, exit_qual,
+ trace_kvm_nested_vmexit(kvm_rip_read(vcpu), exit_reason.full, exit_qual,
vmx->idt_vectoring_info, exit_intr_info,
vmcs_read32(VM_EXIT_INTR_ERROR_CODE),
KVM_ISA_VMX);
@@ -5942,7 +5954,7 @@ bool nested_vmx_reflect_vmexit(struct kvm_vcpu *vcpu)
}
reflect_vmexit:
- nested_vmx_vmexit(vcpu, exit_reason, exit_intr_info, exit_qual);
+ nested_vmx_vmexit(vcpu, exit_reason.full, exit_intr_info, exit_qual);
return true;
}
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 819c185adf09..adc59cf9036d 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1574,7 +1574,7 @@ static int skip_emulated_instruction(struct kvm_vcpu *vcpu)
* i.e. we end up advancing IP with some random value.
*/
if (!static_cpu_has(X86_FEATURE_HYPERVISOR) ||
- to_vmx(vcpu)->exit_reason != EXIT_REASON_EPT_MISCONFIG) {
+ to_vmx(vcpu)->exit_reason.basic != EXIT_REASON_EPT_MISCONFIG) {
orig_rip = kvm_rip_read(vcpu);
rip = orig_rip + vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
#ifdef CONFIG_X86_64
@@ -5982,8 +5982,9 @@ void dump_vmcs(void)
static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
- u32 exit_reason = vmx->exit_reason;
+ union vmx_exit_reason exit_reason = vmx->exit_reason;
u32 vectoring_info = vmx->idt_vectoring_info;
+ u16 exit_handler_index;
/*
* Flush logged GPAs PML buffer, this will make dirty_bitmap more
@@ -6025,11 +6026,11 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
return 1;
}
- if (exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY) {
+ if (exit_reason.failed_vmentry) {
dump_vmcs();
vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY;
vcpu->run->fail_entry.hardware_entry_failure_reason
- = exit_reason;
+ = exit_reason.full;
vcpu->run->fail_entry.cpu = vcpu->arch.last_vmentry_cpu;
return 0;
}
@@ -6051,17 +6052,17 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
* will cause infinite loop.
*/
if ((vectoring_info & VECTORING_INFO_VALID_MASK) &&
- (exit_reason != EXIT_REASON_EXCEPTION_NMI &&
- exit_reason != EXIT_REASON_EPT_VIOLATION &&
- exit_reason != EXIT_REASON_PML_FULL &&
- exit_reason != EXIT_REASON_TASK_SWITCH)) {
+ (exit_reason.basic != EXIT_REASON_EXCEPTION_NMI &&
+ exit_reason.basic != EXIT_REASON_EPT_VIOLATION &&
+ exit_reason.basic != EXIT_REASON_PML_FULL &&
+ exit_reason.basic != EXIT_REASON_TASK_SWITCH)) {
vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_DELIVERY_EV;
vcpu->run->internal.ndata = 3;
vcpu->run->internal.data[0] = vectoring_info;
- vcpu->run->internal.data[1] = exit_reason;
+ vcpu->run->internal.data[1] = exit_reason.full;
vcpu->run->internal.data[2] = vcpu->arch.exit_qualification;
- if (exit_reason == EXIT_REASON_EPT_MISCONFIG) {
+ if (exit_reason.basic == EXIT_REASON_EPT_MISCONFIG) {
vcpu->run->internal.ndata++;
vcpu->run->internal.data[3] =
vmcs_read64(GUEST_PHYSICAL_ADDRESS);
@@ -6093,38 +6094,39 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
if (exit_fastpath != EXIT_FASTPATH_NONE)
return 1;
- if (exit_reason >= kvm_vmx_max_exit_handlers)
+ if (exit_reason.basic >= kvm_vmx_max_exit_handlers)
goto unexpected_vmexit;
#ifdef CONFIG_RETPOLINE
- if (exit_reason == EXIT_REASON_MSR_WRITE)
+ if (exit_reason.basic == EXIT_REASON_MSR_WRITE)
return kvm_emulate_wrmsr(vcpu);
- else if (exit_reason == EXIT_REASON_PREEMPTION_TIMER)
+ else if (exit_reason.basic == EXIT_REASON_PREEMPTION_TIMER)
return handle_preemption_timer(vcpu);
- else if (exit_reason == EXIT_REASON_INTERRUPT_WINDOW)
+ else if (exit_reason.basic == EXIT_REASON_INTERRUPT_WINDOW)
return handle_interrupt_window(vcpu);
- else if (exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT)
+ else if (exit_reason.basic == EXIT_REASON_EXTERNAL_INTERRUPT)
return handle_external_interrupt(vcpu);
- else if (exit_reason == EXIT_REASON_HLT)
+ else if (exit_reason.basic == EXIT_REASON_HLT)
return kvm_emulate_halt(vcpu);
- else if (exit_reason == EXIT_REASON_EPT_MISCONFIG)
+ else if (exit_reason.basic == EXIT_REASON_EPT_MISCONFIG)
return handle_ept_misconfig(vcpu);
#endif
- exit_reason = array_index_nospec(exit_reason,
- kvm_vmx_max_exit_handlers);
- if (!kvm_vmx_exit_handlers[exit_reason])
+ exit_handler_index = array_index_nospec((u16)exit_reason.basic,
+ kvm_vmx_max_exit_handlers);
+ if (!kvm_vmx_exit_handlers[exit_handler_index])
goto unexpected_vmexit;
- return kvm_vmx_exit_handlers[exit_reason](vcpu);
+ return kvm_vmx_exit_handlers[exit_handler_index](vcpu);
unexpected_vmexit:
- vcpu_unimpl(vcpu, "vmx: unexpected exit reason 0x%x\n", exit_reason);
+ vcpu_unimpl(vcpu, "vmx: unexpected exit reason 0x%x\n",
+ exit_reason.full);
dump_vmcs();
vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
vcpu->run->internal.suberror =
KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
vcpu->run->internal.ndata = 2;
- vcpu->run->internal.data[0] = exit_reason;
+ vcpu->run->internal.data[0] = exit_reason.full;
vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu;
return 0;
}
@@ -6478,9 +6480,9 @@ static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
- if (vmx->exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT)
+ if (vmx->exit_reason.basic == EXIT_REASON_EXTERNAL_INTERRUPT)
handle_external_interrupt_irqoff(vcpu);
- else if (vmx->exit_reason == EXIT_REASON_EXCEPTION_NMI)
+ else if (vmx->exit_reason.basic == EXIT_REASON_EXCEPTION_NMI)
handle_exception_nmi_irqoff(vmx);
}
@@ -6668,7 +6670,7 @@ void noinstr vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp)
static fastpath_t vmx_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
{
- switch (to_vmx(vcpu)->exit_reason) {
+ switch (to_vmx(vcpu)->exit_reason.basic) {
case EXIT_REASON_MSR_WRITE:
return handle_fastpath_set_msr_irqoff(vcpu);
case EXIT_REASON_PREEMPTION_TIMER:
@@ -6869,17 +6871,17 @@ static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu)
vmx->idt_vectoring_info = 0;
if (unlikely(vmx->fail)) {
- vmx->exit_reason = 0xdead;
+ vmx->exit_reason.full = 0xdead;
return EXIT_FASTPATH_NONE;
}
- vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
- if (unlikely((u16)vmx->exit_reason == EXIT_REASON_MCE_DURING_VMENTRY))
+ vmx->exit_reason.full = vmcs_read32(VM_EXIT_REASON);
+ if (unlikely((u16)vmx->exit_reason.basic == EXIT_REASON_MCE_DURING_VMENTRY))
kvm_machine_check();
- trace_kvm_exit(vmx->exit_reason, vcpu, KVM_ISA_VMX);
+ trace_kvm_exit(vmx->exit_reason.full, vcpu, KVM_ISA_VMX);
- if (unlikely(vmx->exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY))
+ if (unlikely(vmx->exit_reason.failed_vmentry))
return EXIT_FASTPATH_NONE;
vmx->loaded_vmcs->launched = 1;
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 26175a4759fa..8bf97a81affd 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -92,6 +92,29 @@ struct pt_desc {
struct pt_ctx guest;
};
+union vmx_exit_reason {
+ struct {
+ u32 basic : 16;
+ u32 reserved16 : 1;
+ u32 reserved17 : 1;
+ u32 reserved18 : 1;
+ u32 reserved19 : 1;
+ u32 reserved20 : 1;
+ u32 reserved21 : 1;
+ u32 reserved22 : 1;
+ u32 reserved23 : 1;
+ u32 reserved24 : 1;
+ u32 reserved25 : 1;
+ u32 reserved26 : 1;
+ u32 enclave_mode : 1;
+ u32 smi_pending_mtf : 1;
+ u32 smi_from_vmx_root : 1;
+ u32 reserved30 : 1;
+ u32 failed_vmentry : 1;
+ };
+ u32 full;
+};
+
/*
* The nested_vmx structure is part of vcpu_vmx, and holds information we need
* for correct emulation of VMX (i.e., nested VMX) on this vcpu.
@@ -266,7 +289,7 @@ struct vcpu_vmx {
int vpid;
bool emulation_required;
- u32 exit_reason;
+ union vmx_exit_reason exit_reason;
/* Posted interrupt descriptor */
struct pi_desc pi_desc;
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [RFC v3 2/2] KVM: VMX: Enable bus lock VM exit
2020-09-10 8:37 [RFC v3 0/2] add bus lock VM exit support Chenyi Qiang
2020-09-10 8:37 ` [RFC v3 1/2] KVM: VMX: Convert vcpu_vmx.exit_reason to a union Chenyi Qiang
@ 2020-09-10 8:37 ` Chenyi Qiang
2020-09-11 17:27 ` Sean Christopherson
1 sibling, 1 reply; 5+ messages in thread
From: Chenyi Qiang @ 2020-09-10 8:37 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li,
Jim Mattson, Joerg Roedel, Xiaoyao Li
Cc: kvm, linux-kernel
Virtual Machine can exploit bus locks to degrade the performance of
system. Bus lock can be caused by split locked access to writeback(WB)
memory or by using locks on uncacheable(UC) memory. The bus lock is
typically >1000 cycles slower than an atomic operation within a cache
line. It also disrupts performance on other cores (which must wait for
the bus lock to be released before their memory operations can
complete).
To address the threat, bus lock VM exit is introduced to notify the VMM
when a bus lock was acquired, allowing it to enforce throttling or other
policy based mitigations.
A VMM can enable VM exit due to bus locks by setting a new "Bus Lock
Detection" VM-execution control(bit 30 of Secondary Processor-based VM
execution controls). If delivery of this VM exit was preempted by a
higher priority VM exit (e.g. EPT misconfiguration, EPT violation, APIC
access VM exit, APIC write VM exit, exception bitmap exiting), bit 26 of
exit reason in vmcs field is set to 1.
In current implementation, the KVM exposes this capability through
KVM_CAP_X86_BUS_LOCK_EXIT. The user can get the supported mode bitmap
(i.e. off and exit) and enable it explicitly (disabled by default). If
bus locks in guest are detected by KVM, exit to user space even when
current exit reason is handled by KVM internally. Set a new field
KVM_RUN_BUS_LOCK in vcpu->run->flags to inform the user space that there
is a bus lock in guest and it is preempted by a higher prioriy VM exit.
Document for Bus Lock VM exit is now available at the latest "Intel
Architecture Instruction Set Extensions Programming Reference".
Document Link:
https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html
Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
---
arch/x86/include/asm/kvm_host.h | 5 ++++
arch/x86/include/asm/vmx.h | 1 +
arch/x86/include/asm/vmxfeatures.h | 1 +
arch/x86/include/uapi/asm/kvm.h | 1 +
arch/x86/include/uapi/asm/vmx.h | 4 ++-
arch/x86/kvm/vmx/capabilities.h | 6 +++++
arch/x86/kvm/vmx/vmx.c | 42 ++++++++++++++++++++++++++++--
arch/x86/kvm/vmx/vmx.h | 2 +-
arch/x86/kvm/x86.c | 27 ++++++++++++++++++-
arch/x86/kvm/x86.h | 5 ++++
include/uapi/linux/kvm.h | 7 +++++
11 files changed, 96 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 5303dbc5c9bc..8059b8b21ecd 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -961,6 +961,9 @@ struct kvm_arch {
bool guest_can_read_msr_platform_info;
bool exception_payload_enabled;
+ /* Set when bus lock vm exit is enabled by user */
+ bool bus_lock_exit;
+
struct kvm_pmu_event_filter *pmu_event_filter;
struct task_struct *nx_lpage_recovery_thread;
};
@@ -1347,6 +1350,8 @@ extern u8 kvm_tsc_scaling_ratio_frac_bits;
extern u64 kvm_max_tsc_scaling_ratio;
/* 1ull << kvm_tsc_scaling_ratio_frac_bits */
extern u64 kvm_default_tsc_scaling_ratio;
+/* bus lock detection supported */
+extern bool kvm_has_bus_lock_exit;
extern u64 kvm_mce_cap_supported;
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index cd7de4b401fe..93a880bc31a7 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -73,6 +73,7 @@
#define SECONDARY_EXEC_PT_USE_GPA VMCS_CONTROL_BIT(PT_USE_GPA)
#define SECONDARY_EXEC_TSC_SCALING VMCS_CONTROL_BIT(TSC_SCALING)
#define SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE VMCS_CONTROL_BIT(USR_WAIT_PAUSE)
+#define SECONDARY_EXEC_BUS_LOCK_DETECTION VMCS_CONTROL_BIT(BUS_LOCK_DETECTION)
#define PIN_BASED_EXT_INTR_MASK VMCS_CONTROL_BIT(INTR_EXITING)
#define PIN_BASED_NMI_EXITING VMCS_CONTROL_BIT(NMI_EXITING)
diff --git a/arch/x86/include/asm/vmxfeatures.h b/arch/x86/include/asm/vmxfeatures.h
index 9915990fd8cf..e80523346274 100644
--- a/arch/x86/include/asm/vmxfeatures.h
+++ b/arch/x86/include/asm/vmxfeatures.h
@@ -83,5 +83,6 @@
#define VMX_FEATURE_TSC_SCALING ( 2*32+ 25) /* Scale hardware TSC when read in guest */
#define VMX_FEATURE_USR_WAIT_PAUSE ( 2*32+ 26) /* Enable TPAUSE, UMONITOR, UMWAIT in guest */
#define VMX_FEATURE_ENCLV_EXITING ( 2*32+ 28) /* "" VM-Exit on ENCLV (leaf dependent) */
+#define VMX_FEATURE_BUS_LOCK_DETECTION ( 2*32+ 30) /* VM-Exit when bus lock caused */
#endif /* _ASM_X86_VMXFEATURES_H */
diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
index 0780f97c1850..a1471c05f7f9 100644
--- a/arch/x86/include/uapi/asm/kvm.h
+++ b/arch/x86/include/uapi/asm/kvm.h
@@ -111,6 +111,7 @@ struct kvm_ioapic_state {
#define KVM_NR_IRQCHIPS 3
#define KVM_RUN_X86_SMM (1 << 0)
+#define KVM_RUN_BUS_LOCK (1 << 1)
/* for KVM_GET_REGS and KVM_SET_REGS */
struct kvm_regs {
diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h
index b8ff9e8ac0d5..14c177c4afd5 100644
--- a/arch/x86/include/uapi/asm/vmx.h
+++ b/arch/x86/include/uapi/asm/vmx.h
@@ -88,6 +88,7 @@
#define EXIT_REASON_XRSTORS 64
#define EXIT_REASON_UMWAIT 67
#define EXIT_REASON_TPAUSE 68
+#define EXIT_REASON_BUS_LOCK 74
#define VMX_EXIT_REASONS \
{ EXIT_REASON_EXCEPTION_NMI, "EXCEPTION_NMI" }, \
@@ -148,7 +149,8 @@
{ EXIT_REASON_XSAVES, "XSAVES" }, \
{ EXIT_REASON_XRSTORS, "XRSTORS" }, \
{ EXIT_REASON_UMWAIT, "UMWAIT" }, \
- { EXIT_REASON_TPAUSE, "TPAUSE" }
+ { EXIT_REASON_TPAUSE, "TPAUSE" }, \
+ { EXIT_REASON_BUS_LOCK, "BUS_LOCK" }
#define VMX_EXIT_REASON_FLAGS \
{ VMX_EXIT_REASONS_FAILED_VMENTRY, "FAILED_VMENTRY" }
diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
index 4bbd8b448d22..aa94535e6705 100644
--- a/arch/x86/kvm/vmx/capabilities.h
+++ b/arch/x86/kvm/vmx/capabilities.h
@@ -262,6 +262,12 @@ static inline bool cpu_has_vmx_tsc_scaling(void)
SECONDARY_EXEC_TSC_SCALING;
}
+static inline bool cpu_has_vmx_bus_lock_detection(void)
+{
+ return vmcs_config.cpu_based_2nd_exec_ctrl &
+ SECONDARY_EXEC_BUS_LOCK_DETECTION;
+}
+
static inline bool cpu_has_vmx_apicv(void)
{
return cpu_has_vmx_apic_register_virt() &&
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index adc59cf9036d..5dbfee639375 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2461,7 +2461,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf,
SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE |
SECONDARY_EXEC_PT_USE_GPA |
SECONDARY_EXEC_PT_CONCEAL_VMX |
- SECONDARY_EXEC_ENABLE_VMFUNC;
+ SECONDARY_EXEC_ENABLE_VMFUNC |
+ SECONDARY_EXEC_BUS_LOCK_DETECTION;
if (cpu_has_sgx())
opt2 |= SECONDARY_EXEC_ENCLS_EXITING;
if (adjust_vmx_controls(min2, opt2,
@@ -4244,6 +4245,9 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx)
}
}
+ if (!kvm_bus_lock_exit_enabled(vmx->vcpu.kvm))
+ exec_control &= ~SECONDARY_EXEC_BUS_LOCK_DETECTION;
+
vmx->secondary_exec_control = exec_control;
}
@@ -5685,6 +5689,14 @@ static int handle_encls(struct kvm_vcpu *vcpu)
return 1;
}
+static int handle_bus_lock(struct kvm_vcpu *vcpu)
+{
+ struct kvm_run *kvm_run = vcpu->run;
+
+ kvm_run->exit_reason = KVM_EXIT_BUS_LOCK;
+ return 0;
+}
+
/*
* The exit handlers return 1 if the exit was handled fully and guest execution
* may resume. Otherwise they set the kvm_run parameter to indicate what needs
@@ -5741,6 +5753,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
[EXIT_REASON_VMFUNC] = handle_vmx_instruction,
[EXIT_REASON_PREEMPTION_TIMER] = handle_preemption_timer,
[EXIT_REASON_ENCLS] = handle_encls,
+ [EXIT_REASON_BUS_LOCK] = handle_bus_lock,
};
static const int kvm_vmx_max_exit_handlers =
@@ -5979,7 +5992,7 @@ void dump_vmcs(void)
* The guest has exited. See if we can fix it or if we need userspace
* assistance.
*/
-static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
+static int __vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
union vmx_exit_reason exit_reason = vmx->exit_reason;
@@ -6131,6 +6144,28 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
return 0;
}
+static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ int ret = __vmx_handle_exit(vcpu, exit_fastpath);
+
+ /*
+ * Even when current exit reason is handled by KVM
+ * internally, we still needs to exit to user space
+ * when bus lock detected to inform that there is a
+ * bus lock in guest.
+ */
+ if (vmx->exit_reason.bus_lock_detected) {
+ if (ret > 0)
+ vcpu->run->exit_reason = KVM_EXIT_BUS_LOCK;
+ else
+ vcpu->run->flags |= KVM_RUN_BUS_LOCK;
+ return 0;
+ }
+ vcpu->run->flags &= ~KVM_RUN_BUS_LOCK;
+ return ret;
+}
+
/*
* Software based L1D cache flush which is used when microcode providing
* the cache control MSR is not loaded.
@@ -8097,6 +8132,9 @@ static __init int hardware_setup(void)
kvm_tsc_scaling_ratio_frac_bits = 48;
}
+ if (cpu_has_vmx_bus_lock_detection())
+ kvm_has_bus_lock_exit = true;
+
set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
if (enable_ept)
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 8bf97a81affd..779ea3b15134 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -105,7 +105,7 @@ union vmx_exit_reason {
u32 reserved23 : 1;
u32 reserved24 : 1;
u32 reserved25 : 1;
- u32 reserved26 : 1;
+ u32 bus_lock_detected : 1;
u32 enclave_mode : 1;
u32 smi_pending_mtf : 1;
u32 smi_from_vmx_root : 1;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d39d6cf1d473..d96619ce7f66 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -134,6 +134,8 @@ u64 __read_mostly kvm_max_tsc_scaling_ratio;
EXPORT_SYMBOL_GPL(kvm_max_tsc_scaling_ratio);
u64 __read_mostly kvm_default_tsc_scaling_ratio;
EXPORT_SYMBOL_GPL(kvm_default_tsc_scaling_ratio);
+bool __read_mostly kvm_has_bus_lock_exit;
+EXPORT_SYMBOL_GPL(kvm_has_bus_lock_exit);
/* tsc tolerance in parts per million - default to 1/2 of the NTP threshold */
static u32 __read_mostly tsc_tolerance_ppm = 250;
@@ -3578,6 +3580,11 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
case KVM_CAP_SMALLER_MAXPHYADDR:
r = (int) allow_smaller_maxphyaddr;
break;
+ case KVM_CAP_X86_BUS_LOCK_EXIT:
+ r |= KVM_BUS_LOCK_DETECTION_OFF;
+ if (kvm_has_bus_lock_exit)
+ r |= KVM_BUS_LOCK_DETECTION_EXIT;
+ break;
default:
break;
}
@@ -5030,6 +5037,20 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
kvm->arch.exception_payload_enabled = cap->args[0];
r = 0;
break;
+ case KVM_CAP_X86_BUS_LOCK_EXIT:
+ r = -EINVAL;
+ if (cap->args[0] & ~KVM_BUS_LOCK_DETECTION_VALID_MODE)
+ break;
+
+ if ((cap->args[0] & KVM_BUS_LOCK_DETECTION_OFF) &&
+ (cap->args[0] & KVM_BUS_LOCK_DETECTION_EXIT))
+ break;
+
+ if (kvm_has_bus_lock_exit &&
+ cap->args[0] & KVM_BUS_LOCK_DETECTION_EXIT)
+ kvm->arch.bus_lock_exit = true;
+ r = 0;
+ break;
default:
r = -EINVAL;
break;
@@ -7772,12 +7793,16 @@ static void post_kvm_run_save(struct kvm_vcpu *vcpu)
struct kvm_run *kvm_run = vcpu->run;
kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
- kvm_run->flags = is_smm(vcpu) ? KVM_RUN_X86_SMM : 0;
kvm_run->cr8 = kvm_get_cr8(vcpu);
kvm_run->apic_base = kvm_get_apic_base(vcpu);
kvm_run->ready_for_interrupt_injection =
pic_in_kernel(vcpu->kvm) ||
kvm_vcpu_ready_for_interrupt_injection(vcpu);
+
+ if (is_smm(vcpu))
+ kvm_run->flags |= KVM_RUN_X86_SMM;
+ else
+ kvm_run->flags &= ~KVM_RUN_X86_SMM;
}
static void update_cr8_intercept(struct kvm_vcpu *vcpu)
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 995ab696dcf0..54aa7712cb52 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -335,6 +335,11 @@ static inline bool kvm_cstate_in_guest(struct kvm *kvm)
return kvm->arch.cstate_in_guest;
}
+static inline bool kvm_bus_lock_exit_enabled(struct kvm *kvm)
+{
+ return kvm->arch.bus_lock_exit;
+}
+
DECLARE_PER_CPU(struct kvm_vcpu *, current_vcpu);
static inline void kvm_before_interrupt(struct kvm_vcpu *vcpu)
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index f6d86033c4fa..3f0176733622 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -248,6 +248,7 @@ struct kvm_hyperv_exit {
#define KVM_EXIT_IOAPIC_EOI 26
#define KVM_EXIT_HYPERV 27
#define KVM_EXIT_ARM_NISV 28
+#define KVM_EXIT_BUS_LOCK 29
/* For KVM_EXIT_INTERNAL_ERROR */
/* Emulate instruction failed. */
@@ -1035,6 +1036,7 @@ struct kvm_ppc_resize_hpt {
#define KVM_CAP_LAST_CPU 184
#define KVM_CAP_SMALLER_MAXPHYADDR 185
#define KVM_CAP_S390_DIAG318 186
+#define KVM_CAP_X86_BUS_LOCK_EXIT 187
#ifdef KVM_CAP_IRQ_ROUTING
@@ -1689,4 +1691,9 @@ struct kvm_hyperv_eventfd {
#define KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE (1 << 0)
#define KVM_DIRTY_LOG_INITIALLY_SET (1 << 1)
+#define KVM_BUS_LOCK_DETECTION_OFF (1 << 0)
+#define KVM_BUS_LOCK_DETECTION_EXIT (1 << 1)
+#define KVM_BUS_LOCK_DETECTION_VALID_MODE (KVM_BUS_LOCK_DETECTION_OFF | \
+ KVM_BUS_LOCK_DETECTION_EXIT)
+
#endif /* __LINUX_KVM_H */
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [RFC v3 2/2] KVM: VMX: Enable bus lock VM exit
2020-09-10 8:37 ` [RFC v3 2/2] KVM: VMX: Enable bus lock VM exit Chenyi Qiang
@ 2020-09-11 17:27 ` Sean Christopherson
2020-09-14 9:32 ` Chenyi Qiang
0 siblings, 1 reply; 5+ messages in thread
From: Sean Christopherson @ 2020-09-11 17:27 UTC (permalink / raw)
To: Chenyi Qiang
Cc: Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, Xiaoyao Li, kvm, linux-kernel
On Thu, Sep 10, 2020 at 04:37:51PM +0800, Chenyi Qiang wrote:
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> index 5303dbc5c9bc..8059b8b21ecd 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -961,6 +961,9 @@ struct kvm_arch {
> bool guest_can_read_msr_platform_info;
> bool exception_payload_enabled;
>
> + /* Set when bus lock vm exit is enabled by user */
> + bool bus_lock_exit;
Maybe bus_lock_detection_enabled? Then you don't need the comment or the
accessor.
> +
> struct kvm_pmu_event_filter *pmu_event_filter;
> struct task_struct *nx_lpage_recovery_thread;
> };
> @@ -1347,6 +1350,8 @@ extern u8 kvm_tsc_scaling_ratio_frac_bits;
> extern u64 kvm_max_tsc_scaling_ratio;
> /* 1ull << kvm_tsc_scaling_ratio_frac_bits */
> extern u64 kvm_default_tsc_scaling_ratio;
> +/* bus lock detection supported */
> +extern bool kvm_has_bus_lock_exit;
Hrm, it'd be nice to somehow squeeze this into kvm_cpu_caps, but I can't
think of a clever/clean way to do so.
> extern u64 kvm_mce_cap_supported;
>
> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> index cd7de4b401fe..93a880bc31a7 100644
> --- a/arch/x86/include/asm/vmx.h
> +++ b/arch/x86/include/asm/vmx.h
> @@ -73,6 +73,7 @@
> #define SECONDARY_EXEC_PT_USE_GPA VMCS_CONTROL_BIT(PT_USE_GPA)
> #define SECONDARY_EXEC_TSC_SCALING VMCS_CONTROL_BIT(TSC_SCALING)
> #define SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE VMCS_CONTROL_BIT(USR_WAIT_PAUSE)
> +#define SECONDARY_EXEC_BUS_LOCK_DETECTION VMCS_CONTROL_BIT(BUS_LOCK_DETECTION)
>
> #define PIN_BASED_EXT_INTR_MASK VMCS_CONTROL_BIT(INTR_EXITING)
> #define PIN_BASED_NMI_EXITING VMCS_CONTROL_BIT(NMI_EXITING)
> diff --git a/arch/x86/include/asm/vmxfeatures.h b/arch/x86/include/asm/vmxfeatures.h
> index 9915990fd8cf..e80523346274 100644
> --- a/arch/x86/include/asm/vmxfeatures.h
> +++ b/arch/x86/include/asm/vmxfeatures.h
> @@ -83,5 +83,6 @@
> #define VMX_FEATURE_TSC_SCALING ( 2*32+ 25) /* Scale hardware TSC when read in guest */
> #define VMX_FEATURE_USR_WAIT_PAUSE ( 2*32+ 26) /* Enable TPAUSE, UMONITOR, UMWAIT in guest */
> #define VMX_FEATURE_ENCLV_EXITING ( 2*32+ 28) /* "" VM-Exit on ENCLV (leaf dependent) */
> +#define VMX_FEATURE_BUS_LOCK_DETECTION ( 2*32+ 30) /* VM-Exit when bus lock caused */
>
> #endif /* _ASM_X86_VMXFEATURES_H */
> diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> index 0780f97c1850..a1471c05f7f9 100644
> --- a/arch/x86/include/uapi/asm/kvm.h
> +++ b/arch/x86/include/uapi/asm/kvm.h
> @@ -111,6 +111,7 @@ struct kvm_ioapic_state {
> #define KVM_NR_IRQCHIPS 3
>
> #define KVM_RUN_X86_SMM (1 << 0)
> +#define KVM_RUN_BUS_LOCK (1 << 1)
>
> /* for KVM_GET_REGS and KVM_SET_REGS */
> struct kvm_regs {
> diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h
> index b8ff9e8ac0d5..14c177c4afd5 100644
> --- a/arch/x86/include/uapi/asm/vmx.h
> +++ b/arch/x86/include/uapi/asm/vmx.h
> @@ -88,6 +88,7 @@
> #define EXIT_REASON_XRSTORS 64
> #define EXIT_REASON_UMWAIT 67
> #define EXIT_REASON_TPAUSE 68
> +#define EXIT_REASON_BUS_LOCK 74
>
> #define VMX_EXIT_REASONS \
> { EXIT_REASON_EXCEPTION_NMI, "EXCEPTION_NMI" }, \
> @@ -148,7 +149,8 @@
> { EXIT_REASON_XSAVES, "XSAVES" }, \
> { EXIT_REASON_XRSTORS, "XRSTORS" }, \
> { EXIT_REASON_UMWAIT, "UMWAIT" }, \
> - { EXIT_REASON_TPAUSE, "TPAUSE" }
> + { EXIT_REASON_TPAUSE, "TPAUSE" }, \
> + { EXIT_REASON_BUS_LOCK, "BUS_LOCK" }
>
> #define VMX_EXIT_REASON_FLAGS \
> { VMX_EXIT_REASONS_FAILED_VMENTRY, "FAILED_VMENTRY" }
> diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
> index 4bbd8b448d22..aa94535e6705 100644
> --- a/arch/x86/kvm/vmx/capabilities.h
> +++ b/arch/x86/kvm/vmx/capabilities.h
> @@ -262,6 +262,12 @@ static inline bool cpu_has_vmx_tsc_scaling(void)
> SECONDARY_EXEC_TSC_SCALING;
> }
>
> +static inline bool cpu_has_vmx_bus_lock_detection(void)
> +{
> + return vmcs_config.cpu_based_2nd_exec_ctrl &
> + SECONDARY_EXEC_BUS_LOCK_DETECTION;
> +}
> +
> static inline bool cpu_has_vmx_apicv(void)
> {
> return cpu_has_vmx_apic_register_virt() &&
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index adc59cf9036d..5dbfee639375 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -2461,7 +2461,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf,
> SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE |
> SECONDARY_EXEC_PT_USE_GPA |
> SECONDARY_EXEC_PT_CONCEAL_VMX |
> - SECONDARY_EXEC_ENABLE_VMFUNC;
> + SECONDARY_EXEC_ENABLE_VMFUNC |
> + SECONDARY_EXEC_BUS_LOCK_DETECTION;
> if (cpu_has_sgx())
> opt2 |= SECONDARY_EXEC_ENCLS_EXITING;
> if (adjust_vmx_controls(min2, opt2,
> @@ -4244,6 +4245,9 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx)
> }
> }
>
> + if (!kvm_bus_lock_exit_enabled(vmx->vcpu.kvm))
> + exec_control &= ~SECONDARY_EXEC_BUS_LOCK_DETECTION;
> +
> vmx->secondary_exec_control = exec_control;
> }
>
> @@ -5685,6 +5689,14 @@ static int handle_encls(struct kvm_vcpu *vcpu)
> return 1;
> }
>
> +static int handle_bus_lock(struct kvm_vcpu *vcpu)
> +{
> + struct kvm_run *kvm_run = vcpu->run;
> +
> + kvm_run->exit_reason = KVM_EXIT_BUS_LOCK;
No need for kvm_run, "vcpu->run->exit_reason = KVM_EXIT_BUS_LOCK" will do.
> + return 0;
> +}
> +
> /*
> * The exit handlers return 1 if the exit was handled fully and guest execution
> * may resume. Otherwise they set the kvm_run parameter to indicate what needs
> @@ -5741,6 +5753,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
> [EXIT_REASON_VMFUNC] = handle_vmx_instruction,
> [EXIT_REASON_PREEMPTION_TIMER] = handle_preemption_timer,
> [EXIT_REASON_ENCLS] = handle_encls,
> + [EXIT_REASON_BUS_LOCK] = handle_bus_lock,
> };
>
> static const int kvm_vmx_max_exit_handlers =
> @@ -5979,7 +5992,7 @@ void dump_vmcs(void)
> * The guest has exited. See if we can fix it or if we need userspace
> * assistance.
> */
> -static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
> +static int __vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
> {
> struct vcpu_vmx *vmx = to_vmx(vcpu);
> union vmx_exit_reason exit_reason = vmx->exit_reason;
> @@ -6131,6 +6144,28 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
> return 0;
> }
>
> +static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
> +{
> + struct vcpu_vmx *vmx = to_vmx(vcpu);
Personal preference, but I'd probably skip the local 'vmx' variable since
there's only a single user, i.e. "to_vmx(vcpu)->exit_reason....".
> + int ret = __vmx_handle_exit(vcpu, exit_fastpath);
> +
> + /*
> + * Even when current exit reason is handled by KVM
> + * internally, we still needs to exit to user space
> + * when bus lock detected to inform that there is a
> + * bus lock in guest.
Run these lines out to the edge of 80 chars, wrapping this aggressively just
adds extra lines.
> + */
> + if (vmx->exit_reason.bus_lock_detected) {
> + if (ret > 0)
> + vcpu->run->exit_reason = KVM_EXIT_BUS_LOCK;
> + else
> + vcpu->run->flags |= KVM_RUN_BUS_LOCK;
> + return 0;
> + }
> + vcpu->run->flags &= ~KVM_RUN_BUS_LOCK;
> + return ret;
> +}
> +
> /*
> * Software based L1D cache flush which is used when microcode providing
> * the cache control MSR is not loaded.
> @@ -8097,6 +8132,9 @@ static __init int hardware_setup(void)
> kvm_tsc_scaling_ratio_frac_bits = 48;
> }
>
> + if (cpu_has_vmx_bus_lock_detection())
> + kvm_has_bus_lock_exit = true;
Or simply:
kvm_has_bus_lock_exit = cpu_has_vmx_bus_lock_detection();
> +
> set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
>
> if (enable_ept)
> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> index 8bf97a81affd..779ea3b15134 100644
> --- a/arch/x86/kvm/vmx/vmx.h
> +++ b/arch/x86/kvm/vmx/vmx.h
> @@ -105,7 +105,7 @@ union vmx_exit_reason {
> u32 reserved23 : 1;
> u32 reserved24 : 1;
> u32 reserved25 : 1;
> - u32 reserved26 : 1;
> + u32 bus_lock_detected : 1;
> u32 enclave_mode : 1;
> u32 smi_pending_mtf : 1;
> u32 smi_from_vmx_root : 1;
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index d39d6cf1d473..d96619ce7f66 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -134,6 +134,8 @@ u64 __read_mostly kvm_max_tsc_scaling_ratio;
> EXPORT_SYMBOL_GPL(kvm_max_tsc_scaling_ratio);
> u64 __read_mostly kvm_default_tsc_scaling_ratio;
> EXPORT_SYMBOL_GPL(kvm_default_tsc_scaling_ratio);
> +bool __read_mostly kvm_has_bus_lock_exit;
> +EXPORT_SYMBOL_GPL(kvm_has_bus_lock_exit);
>
> /* tsc tolerance in parts per million - default to 1/2 of the NTP threshold */
> static u32 __read_mostly tsc_tolerance_ppm = 250;
> @@ -3578,6 +3580,11 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
> case KVM_CAP_SMALLER_MAXPHYADDR:
> r = (int) allow_smaller_maxphyaddr;
> break;
> + case KVM_CAP_X86_BUS_LOCK_EXIT:
Hmm, it might make more sense to do:
if (kvm_has_bus_lock_exit)
r = KVM_BUS_LOCK_DETECTION_OFF |
KVM_BUS_LOCK_DETECTION_EXIT;
else
r = 0;
On the other hand I can see it being useful for userspace to know that
KVM itself supports bus lock detection, but hardware does not.
> + r |= KVM_BUS_LOCK_DETECTION_OFF;
> + if (kvm_has_bus_lock_exit)
> + r |= KVM_BUS_LOCK_DETECTION_EXIT;
> + break;
> default:
> break;
> }
> @@ -5030,6 +5037,20 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
> kvm->arch.exception_payload_enabled = cap->args[0];
> r = 0;
> break;
> + case KVM_CAP_X86_BUS_LOCK_EXIT:
> + r = -EINVAL;
> + if (cap->args[0] & ~KVM_BUS_LOCK_DETECTION_VALID_MODE)
> + break;
> +
> + if ((cap->args[0] & KVM_BUS_LOCK_DETECTION_OFF) &&
> + (cap->args[0] & KVM_BUS_LOCK_DETECTION_EXIT))
> + break;
> +
> + if (kvm_has_bus_lock_exit &&
> + cap->args[0] & KVM_BUS_LOCK_DETECTION_EXIT)
> + kvm->arch.bus_lock_exit = true;
> + r = 0;
> + break;
> default:
> r = -EINVAL;
> break;
> @@ -7772,12 +7793,16 @@ static void post_kvm_run_save(struct kvm_vcpu *vcpu)
> struct kvm_run *kvm_run = vcpu->run;
>
> kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
> - kvm_run->flags = is_smm(vcpu) ? KVM_RUN_X86_SMM : 0;
> kvm_run->cr8 = kvm_get_cr8(vcpu);
> kvm_run->apic_base = kvm_get_apic_base(vcpu);
> kvm_run->ready_for_interrupt_injection =
> pic_in_kernel(vcpu->kvm) ||
> kvm_vcpu_ready_for_interrupt_injection(vcpu);
> +
> + if (is_smm(vcpu))
> + kvm_run->flags |= KVM_RUN_X86_SMM;
> + else
> + kvm_run->flags &= ~KVM_RUN_X86_SMM;
> }
>
> static void update_cr8_intercept(struct kvm_vcpu *vcpu)
> diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
> index 995ab696dcf0..54aa7712cb52 100644
> --- a/arch/x86/kvm/x86.h
> +++ b/arch/x86/kvm/x86.h
> @@ -335,6 +335,11 @@ static inline bool kvm_cstate_in_guest(struct kvm *kvm)
> return kvm->arch.cstate_in_guest;
> }
>
> +static inline bool kvm_bus_lock_exit_enabled(struct kvm *kvm)
I don't see any point in adding an accessor for a bool.
> +{
> + return kvm->arch.bus_lock_exit;
> +}
> +
> DECLARE_PER_CPU(struct kvm_vcpu *, current_vcpu);
>
> static inline void kvm_before_interrupt(struct kvm_vcpu *vcpu)
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index f6d86033c4fa..3f0176733622 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -248,6 +248,7 @@ struct kvm_hyperv_exit {
> #define KVM_EXIT_IOAPIC_EOI 26
> #define KVM_EXIT_HYPERV 27
> #define KVM_EXIT_ARM_NISV 28
> +#define KVM_EXIT_BUS_LOCK 29
>
> /* For KVM_EXIT_INTERNAL_ERROR */
> /* Emulate instruction failed. */
> @@ -1035,6 +1036,7 @@ struct kvm_ppc_resize_hpt {
> #define KVM_CAP_LAST_CPU 184
> #define KVM_CAP_SMALLER_MAXPHYADDR 185
> #define KVM_CAP_S390_DIAG318 186
> +#define KVM_CAP_X86_BUS_LOCK_EXIT 187
>
> #ifdef KVM_CAP_IRQ_ROUTING
>
> @@ -1689,4 +1691,9 @@ struct kvm_hyperv_eventfd {
> #define KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE (1 << 0)
> #define KVM_DIRTY_LOG_INITIALLY_SET (1 << 1)
>
> +#define KVM_BUS_LOCK_DETECTION_OFF (1 << 0)
> +#define KVM_BUS_LOCK_DETECTION_EXIT (1 << 1)
> +#define KVM_BUS_LOCK_DETECTION_VALID_MODE (KVM_BUS_LOCK_DETECTION_OFF | \
> + KVM_BUS_LOCK_DETECTION_EXIT)
I don't think we want to define KVM_BUS_LOCK_DETECTION_VALID_MODE in the
uapi header, that should be kernel only.
> +
> #endif /* __LINUX_KVM_H */
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC v3 2/2] KVM: VMX: Enable bus lock VM exit
2020-09-11 17:27 ` Sean Christopherson
@ 2020-09-14 9:32 ` Chenyi Qiang
0 siblings, 0 replies; 5+ messages in thread
From: Chenyi Qiang @ 2020-09-14 9:32 UTC (permalink / raw)
To: Sean Christopherson
Cc: Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, Xiaoyao Li, kvm, linux-kernel
Thank you for comments. Will clean up my code.
On 9/12/2020 1:27 AM, Sean Christopherson wrote:
> On Thu, Sep 10, 2020 at 04:37:51PM +0800, Chenyi Qiang wrote:
>> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
>> index 5303dbc5c9bc..8059b8b21ecd 100644
>> --- a/arch/x86/include/asm/kvm_host.h
>> +++ b/arch/x86/include/asm/kvm_host.h
>> @@ -961,6 +961,9 @@ struct kvm_arch {
>> bool guest_can_read_msr_platform_info;
>> bool exception_payload_enabled;
>>
>> + /* Set when bus lock vm exit is enabled by user */
>> + bool bus_lock_exit;
>
> Maybe bus_lock_detection_enabled? Then you don't need the comment or the
> accessor.
>
>> +
>> struct kvm_pmu_event_filter *pmu_event_filter;
>> struct task_struct *nx_lpage_recovery_thread;
>> };
>> @@ -1347,6 +1350,8 @@ extern u8 kvm_tsc_scaling_ratio_frac_bits;
>> extern u64 kvm_max_tsc_scaling_ratio;
>> /* 1ull << kvm_tsc_scaling_ratio_frac_bits */
>> extern u64 kvm_default_tsc_scaling_ratio;
>> +/* bus lock detection supported */
>> +extern bool kvm_has_bus_lock_exit;
>
> Hrm, it'd be nice to somehow squeeze this into kvm_cpu_caps, but I can't
> think of a clever/clean way to do so.
>
>> extern u64 kvm_mce_cap_supported;
>>
>> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
>> index cd7de4b401fe..93a880bc31a7 100644
>> --- a/arch/x86/include/asm/vmx.h
>> +++ b/arch/x86/include/asm/vmx.h
>> @@ -73,6 +73,7 @@
>> #define SECONDARY_EXEC_PT_USE_GPA VMCS_CONTROL_BIT(PT_USE_GPA)
>> #define SECONDARY_EXEC_TSC_SCALING VMCS_CONTROL_BIT(TSC_SCALING)
>> #define SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE VMCS_CONTROL_BIT(USR_WAIT_PAUSE)
>> +#define SECONDARY_EXEC_BUS_LOCK_DETECTION VMCS_CONTROL_BIT(BUS_LOCK_DETECTION)
>>
>> #define PIN_BASED_EXT_INTR_MASK VMCS_CONTROL_BIT(INTR_EXITING)
>> #define PIN_BASED_NMI_EXITING VMCS_CONTROL_BIT(NMI_EXITING)
>> diff --git a/arch/x86/include/asm/vmxfeatures.h b/arch/x86/include/asm/vmxfeatures.h
>> index 9915990fd8cf..e80523346274 100644
>> --- a/arch/x86/include/asm/vmxfeatures.h
>> +++ b/arch/x86/include/asm/vmxfeatures.h
>> @@ -83,5 +83,6 @@
>> #define VMX_FEATURE_TSC_SCALING ( 2*32+ 25) /* Scale hardware TSC when read in guest */
>> #define VMX_FEATURE_USR_WAIT_PAUSE ( 2*32+ 26) /* Enable TPAUSE, UMONITOR, UMWAIT in guest */
>> #define VMX_FEATURE_ENCLV_EXITING ( 2*32+ 28) /* "" VM-Exit on ENCLV (leaf dependent) */
>> +#define VMX_FEATURE_BUS_LOCK_DETECTION ( 2*32+ 30) /* VM-Exit when bus lock caused */
>>
>> #endif /* _ASM_X86_VMXFEATURES_H */
>> diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
>> index 0780f97c1850..a1471c05f7f9 100644
>> --- a/arch/x86/include/uapi/asm/kvm.h
>> +++ b/arch/x86/include/uapi/asm/kvm.h
>> @@ -111,6 +111,7 @@ struct kvm_ioapic_state {
>> #define KVM_NR_IRQCHIPS 3
>>
>> #define KVM_RUN_X86_SMM (1 << 0)
>> +#define KVM_RUN_BUS_LOCK (1 << 1)
>>
>> /* for KVM_GET_REGS and KVM_SET_REGS */
>> struct kvm_regs {
>> diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h
>> index b8ff9e8ac0d5..14c177c4afd5 100644
>> --- a/arch/x86/include/uapi/asm/vmx.h
>> +++ b/arch/x86/include/uapi/asm/vmx.h
>> @@ -88,6 +88,7 @@
>> #define EXIT_REASON_XRSTORS 64
>> #define EXIT_REASON_UMWAIT 67
>> #define EXIT_REASON_TPAUSE 68
>> +#define EXIT_REASON_BUS_LOCK 74
>>
>> #define VMX_EXIT_REASONS \
>> { EXIT_REASON_EXCEPTION_NMI, "EXCEPTION_NMI" }, \
>> @@ -148,7 +149,8 @@
>> { EXIT_REASON_XSAVES, "XSAVES" }, \
>> { EXIT_REASON_XRSTORS, "XRSTORS" }, \
>> { EXIT_REASON_UMWAIT, "UMWAIT" }, \
>> - { EXIT_REASON_TPAUSE, "TPAUSE" }
>> + { EXIT_REASON_TPAUSE, "TPAUSE" }, \
>> + { EXIT_REASON_BUS_LOCK, "BUS_LOCK" }
>>
>> #define VMX_EXIT_REASON_FLAGS \
>> { VMX_EXIT_REASONS_FAILED_VMENTRY, "FAILED_VMENTRY" }
>> diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
>> index 4bbd8b448d22..aa94535e6705 100644
>> --- a/arch/x86/kvm/vmx/capabilities.h
>> +++ b/arch/x86/kvm/vmx/capabilities.h
>> @@ -262,6 +262,12 @@ static inline bool cpu_has_vmx_tsc_scaling(void)
>> SECONDARY_EXEC_TSC_SCALING;
>> }
>>
>> +static inline bool cpu_has_vmx_bus_lock_detection(void)
>> +{
>> + return vmcs_config.cpu_based_2nd_exec_ctrl &
>> + SECONDARY_EXEC_BUS_LOCK_DETECTION;
>> +}
>> +
>> static inline bool cpu_has_vmx_apicv(void)
>> {
>> return cpu_has_vmx_apic_register_virt() &&
>> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
>> index adc59cf9036d..5dbfee639375 100644
>> --- a/arch/x86/kvm/vmx/vmx.c
>> +++ b/arch/x86/kvm/vmx/vmx.c
>> @@ -2461,7 +2461,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf,
>> SECONDARY_EXEC_ENABLE_USR_WAIT_PAUSE |
>> SECONDARY_EXEC_PT_USE_GPA |
>> SECONDARY_EXEC_PT_CONCEAL_VMX |
>> - SECONDARY_EXEC_ENABLE_VMFUNC;
>> + SECONDARY_EXEC_ENABLE_VMFUNC |
>> + SECONDARY_EXEC_BUS_LOCK_DETECTION;
>> if (cpu_has_sgx())
>> opt2 |= SECONDARY_EXEC_ENCLS_EXITING;
>> if (adjust_vmx_controls(min2, opt2,
>> @@ -4244,6 +4245,9 @@ static void vmx_compute_secondary_exec_control(struct vcpu_vmx *vmx)
>> }
>> }
>>
>> + if (!kvm_bus_lock_exit_enabled(vmx->vcpu.kvm))
>> + exec_control &= ~SECONDARY_EXEC_BUS_LOCK_DETECTION;
>> +
>> vmx->secondary_exec_control = exec_control;
>> }
>>
>> @@ -5685,6 +5689,14 @@ static int handle_encls(struct kvm_vcpu *vcpu)
>> return 1;
>> }
>>
>> +static int handle_bus_lock(struct kvm_vcpu *vcpu)
>> +{
>> + struct kvm_run *kvm_run = vcpu->run;
>> +
>> + kvm_run->exit_reason = KVM_EXIT_BUS_LOCK;
>
> No need for kvm_run, "vcpu->run->exit_reason = KVM_EXIT_BUS_LOCK" will do.
>
>> + return 0;
>> +}
>> +
>> /*
>> * The exit handlers return 1 if the exit was handled fully and guest execution
>> * may resume. Otherwise they set the kvm_run parameter to indicate what needs
>> @@ -5741,6 +5753,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
>> [EXIT_REASON_VMFUNC] = handle_vmx_instruction,
>> [EXIT_REASON_PREEMPTION_TIMER] = handle_preemption_timer,
>> [EXIT_REASON_ENCLS] = handle_encls,
>> + [EXIT_REASON_BUS_LOCK] = handle_bus_lock,
>> };
>>
>> static const int kvm_vmx_max_exit_handlers =
>> @@ -5979,7 +5992,7 @@ void dump_vmcs(void)
>> * The guest has exited. See if we can fix it or if we need userspace
>> * assistance.
>> */
>> -static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
>> +static int __vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
>> {
>> struct vcpu_vmx *vmx = to_vmx(vcpu);
>> union vmx_exit_reason exit_reason = vmx->exit_reason;
>> @@ -6131,6 +6144,28 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
>> return 0;
>> }
>>
>> +static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
>> +{
>> + struct vcpu_vmx *vmx = to_vmx(vcpu);
>
> Personal preference, but I'd probably skip the local 'vmx' variable since
> there's only a single user, i.e. "to_vmx(vcpu)->exit_reason....".
>
>> + int ret = __vmx_handle_exit(vcpu, exit_fastpath);
>> +
>> + /*
>> + * Even when current exit reason is handled by KVM
>> + * internally, we still needs to exit to user space
>> + * when bus lock detected to inform that there is a
>> + * bus lock in guest.
>
> Run these lines out to the edge of 80 chars, wrapping this aggressively just
> adds extra lines.
>
>> + */
>> + if (vmx->exit_reason.bus_lock_detected) {
>> + if (ret > 0)
>> + vcpu->run->exit_reason = KVM_EXIT_BUS_LOCK;
>> + else
>> + vcpu->run->flags |= KVM_RUN_BUS_LOCK;
>> + return 0;
>> + }
>> + vcpu->run->flags &= ~KVM_RUN_BUS_LOCK;
>> + return ret;
>> +}
>> +
>> /*
>> * Software based L1D cache flush which is used when microcode providing
>> * the cache control MSR is not loaded.
>> @@ -8097,6 +8132,9 @@ static __init int hardware_setup(void)
>> kvm_tsc_scaling_ratio_frac_bits = 48;
>> }
>>
>> + if (cpu_has_vmx_bus_lock_detection())
>> + kvm_has_bus_lock_exit = true;
>
> Or simply:
>
> kvm_has_bus_lock_exit = cpu_has_vmx_bus_lock_detection();
>
>
>> +
>> set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
>>
>> if (enable_ept)
>> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
>> index 8bf97a81affd..779ea3b15134 100644
>> --- a/arch/x86/kvm/vmx/vmx.h
>> +++ b/arch/x86/kvm/vmx/vmx.h
>> @@ -105,7 +105,7 @@ union vmx_exit_reason {
>> u32 reserved23 : 1;
>> u32 reserved24 : 1;
>> u32 reserved25 : 1;
>> - u32 reserved26 : 1;
>> + u32 bus_lock_detected : 1;
>> u32 enclave_mode : 1;
>> u32 smi_pending_mtf : 1;
>> u32 smi_from_vmx_root : 1;
>> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
>> index d39d6cf1d473..d96619ce7f66 100644
>> --- a/arch/x86/kvm/x86.c
>> +++ b/arch/x86/kvm/x86.c
>> @@ -134,6 +134,8 @@ u64 __read_mostly kvm_max_tsc_scaling_ratio;
>> EXPORT_SYMBOL_GPL(kvm_max_tsc_scaling_ratio);
>> u64 __read_mostly kvm_default_tsc_scaling_ratio;
>> EXPORT_SYMBOL_GPL(kvm_default_tsc_scaling_ratio);
>> +bool __read_mostly kvm_has_bus_lock_exit;
>> +EXPORT_SYMBOL_GPL(kvm_has_bus_lock_exit);
>>
>> /* tsc tolerance in parts per million - default to 1/2 of the NTP threshold */
>> static u32 __read_mostly tsc_tolerance_ppm = 250;
>> @@ -3578,6 +3580,11 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
>> case KVM_CAP_SMALLER_MAXPHYADDR:
>> r = (int) allow_smaller_maxphyaddr;
>> break;
>> + case KVM_CAP_X86_BUS_LOCK_EXIT:
>
> Hmm, it might make more sense to do:
>
> if (kvm_has_bus_lock_exit)
> r = KVM_BUS_LOCK_DETECTION_OFF |
> KVM_BUS_LOCK_DETECTION_EXIT;
> else
> r = 0;
>
> On the other hand I can see it being useful for userspace to know that
> KVM itself supports bus lock detection, but hardware does not.
>
>> + r |= KVM_BUS_LOCK_DETECTION_OFF;
>> + if (kvm_has_bus_lock_exit)
>> + r |= KVM_BUS_LOCK_DETECTION_EXIT;
>> + break;
>> default:
>> break;
>> }
>> @@ -5030,6 +5037,20 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
>> kvm->arch.exception_payload_enabled = cap->args[0];
>> r = 0;
>> break;
>> + case KVM_CAP_X86_BUS_LOCK_EXIT:
>> + r = -EINVAL;
>> + if (cap->args[0] & ~KVM_BUS_LOCK_DETECTION_VALID_MODE)
>> + break;
>> +
>> + if ((cap->args[0] & KVM_BUS_LOCK_DETECTION_OFF) &&
>> + (cap->args[0] & KVM_BUS_LOCK_DETECTION_EXIT))
>> + break;
>> +
>> + if (kvm_has_bus_lock_exit &&
>> + cap->args[0] & KVM_BUS_LOCK_DETECTION_EXIT)
>> + kvm->arch.bus_lock_exit = true;
>> + r = 0;
>> + break;
>> default:
>> r = -EINVAL;
>> break;
>> @@ -7772,12 +7793,16 @@ static void post_kvm_run_save(struct kvm_vcpu *vcpu)
>> struct kvm_run *kvm_run = vcpu->run;
>>
>> kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
>> - kvm_run->flags = is_smm(vcpu) ? KVM_RUN_X86_SMM : 0;
>> kvm_run->cr8 = kvm_get_cr8(vcpu);
>> kvm_run->apic_base = kvm_get_apic_base(vcpu);
>> kvm_run->ready_for_interrupt_injection =
>> pic_in_kernel(vcpu->kvm) ||
>> kvm_vcpu_ready_for_interrupt_injection(vcpu);
>> +
>> + if (is_smm(vcpu))
>> + kvm_run->flags |= KVM_RUN_X86_SMM;
>> + else
>> + kvm_run->flags &= ~KVM_RUN_X86_SMM;
>> }
>>
>> static void update_cr8_intercept(struct kvm_vcpu *vcpu)
>> diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
>> index 995ab696dcf0..54aa7712cb52 100644
>> --- a/arch/x86/kvm/x86.h
>> +++ b/arch/x86/kvm/x86.h
>> @@ -335,6 +335,11 @@ static inline bool kvm_cstate_in_guest(struct kvm *kvm)
>> return kvm->arch.cstate_in_guest;
>> }
>>
>> +static inline bool kvm_bus_lock_exit_enabled(struct kvm *kvm)
>
> I don't see any point in adding an accessor for a bool.
>
>> +{
>> + return kvm->arch.bus_lock_exit;
>> +}
>> +
>> DECLARE_PER_CPU(struct kvm_vcpu *, current_vcpu);
>>
>> static inline void kvm_before_interrupt(struct kvm_vcpu *vcpu)
>> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
>> index f6d86033c4fa..3f0176733622 100644
>> --- a/include/uapi/linux/kvm.h
>> +++ b/include/uapi/linux/kvm.h
>> @@ -248,6 +248,7 @@ struct kvm_hyperv_exit {
>> #define KVM_EXIT_IOAPIC_EOI 26
>> #define KVM_EXIT_HYPERV 27
>> #define KVM_EXIT_ARM_NISV 28
>> +#define KVM_EXIT_BUS_LOCK 29
>>
>> /* For KVM_EXIT_INTERNAL_ERROR */
>> /* Emulate instruction failed. */
>> @@ -1035,6 +1036,7 @@ struct kvm_ppc_resize_hpt {
>> #define KVM_CAP_LAST_CPU 184
>> #define KVM_CAP_SMALLER_MAXPHYADDR 185
>> #define KVM_CAP_S390_DIAG318 186
>> +#define KVM_CAP_X86_BUS_LOCK_EXIT 187
>>
>> #ifdef KVM_CAP_IRQ_ROUTING
>>
>> @@ -1689,4 +1691,9 @@ struct kvm_hyperv_eventfd {
>> #define KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE (1 << 0)
>> #define KVM_DIRTY_LOG_INITIALLY_SET (1 << 1)
>>
>> +#define KVM_BUS_LOCK_DETECTION_OFF (1 << 0)
>> +#define KVM_BUS_LOCK_DETECTION_EXIT (1 << 1)
>> +#define KVM_BUS_LOCK_DETECTION_VALID_MODE (KVM_BUS_LOCK_DETECTION_OFF | \
>> + KVM_BUS_LOCK_DETECTION_EXIT)
>
> I don't think we want to define KVM_BUS_LOCK_DETECTION_VALID_MODE in the
> uapi header, that should be kernel only.
>
>> +
>> #endif /* __LINUX_KVM_H */
>> --
>> 2.17.1
>>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-09-14 9:33 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-10 8:37 [RFC v3 0/2] add bus lock VM exit support Chenyi Qiang
2020-09-10 8:37 ` [RFC v3 1/2] KVM: VMX: Convert vcpu_vmx.exit_reason to a union Chenyi Qiang
2020-09-10 8:37 ` [RFC v3 2/2] KVM: VMX: Enable bus lock VM exit Chenyi Qiang
2020-09-11 17:27 ` Sean Christopherson
2020-09-14 9:32 ` Chenyi Qiang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.