From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E43B5C48BDF for ; Tue, 22 Jun 2021 18:05:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CC4B46128E for ; Tue, 22 Jun 2021 18:05:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233015AbhFVSH6 (ORCPT ); Tue, 22 Jun 2021 14:07:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233005AbhFVSG7 (ORCPT ); Tue, 22 Jun 2021 14:06:59 -0400 Received: from mail-qt1-x849.google.com (mail-qt1-x849.google.com [IPv6:2607:f8b0:4864:20::849]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 806D5C03540E for ; Tue, 22 Jun 2021 11:00:00 -0700 (PDT) Received: by mail-qt1-x849.google.com with SMTP id a12-20020ac8108c0000b029023c90fba3dcso96298qtj.7 for ; Tue, 22 Jun 2021 11:00:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=IqH/coxPh0ByAAe8tc78x3ztmN8TTOQkDLtNWwfe75w=; b=DZs+osiJDshw77pcrc5vq2d1EvY10o5PpgQ80tI2x4sJk3l67+x33t6zY4B/q2ah3T 6FzcG+++e9Scl8IAVpYAsFQSiEgLoeS8Dj0RQbfreQ1j5lF/jGl0GIs/tde7hvZZJn/w Z5KOR/RHhRkCuKSc4gwR9d7E0gHMclLI19VWY8NOnd4co/3Wl5ESvIiLKMt2E7ZsJzyh s9tFz7fOAUk5Clxao2Sd2f1ochsswYBo5tNkKKkTOhr5o/jEjD/+Zmw8RVUHMLh/0egd hfmMQaa3KlGUyhZy3szAxfwNoGoBNzNy3/Wm7iOOX/fE5CqTHJcmKtWposnQ0oynuCNK zshw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=IqH/coxPh0ByAAe8tc78x3ztmN8TTOQkDLtNWwfe75w=; b=nRgYEtxxNMY/jFSYPh7Jp0G58fuMS/Vj6zIB4lsCYoHJLlxKKY+mBN23OPp7v5wqcy vCiI6gEuOWUwmBwQmOXfpmxV/dgDGYJ7pdBQTAV64Q4OdCbm2bMRdm3aHTfG5ROPwhrm igeB6E/0F3uWiaF6rHO8UN5Dmk9YufF3usE9mDDitkXVzeZT9MQn48qySIfs6r7EGbFW r7dnrrpwx1LAq7AJtsnxeUMCykfxr7Y+qcbw5NjfaaYrT5RVI1wTt4kzMCttmRAnb0H2 +z/wr+VQPuAfG2vQ6x7Ux+ZJOM/II6BDVWe3OEveHb6uKWK8U+boSXP/3z9tGtyqlF0r Ln5A== X-Gm-Message-State: AOAM532W3DAfI7UVuvFXTbKgb2R9J87byiOarXWrJpdQ9px1YAfJDYeh yMM80j/xbXwS7Nh59C8FSC9UX/WRnbM= X-Google-Smtp-Source: ABdhPJwP4Zh3alZPREoZIcweWAzgk0DTf86jxxhCnxkCnpRIQOV32EVth3C48VrQ1ng8hVQ2RwJSEKi9nK0= X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:f:10:5722:92ce:361f:3832]) (user=seanjc job=sendgmr) by 2002:a25:cf92:: with SMTP id f140mr5867665ybg.38.1624384799659; Tue, 22 Jun 2021 10:59:59 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 22 Jun 2021 10:57:39 -0700 In-Reply-To: <20210622175739.3610207-1-seanjc@google.com> Message-Id: <20210622175739.3610207-55-seanjc@google.com> Mime-Version: 1.0 References: <20210622175739.3610207-1-seanjc@google.com> X-Mailer: git-send-email 2.32.0.288.g62a8d224e6-goog Subject: [PATCH 54/54] KVM: x86/mmu: Let guest use GBPAGES if supported in hardware and TDP is on From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yu Zhang , Maxim Levitsky Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Let the guest use 1g hugepages if TDP is enabled and the host supports GBPAGES, KVM can't actively prevent the guest from using 1g pages in this case since they can't be disabled in the hardware page walker. While injecting a page fault if a bogus 1g page is encountered during a software page walk is perfectly reasonable since KVM is simply honoring userspace's vCPU model, doing so arguably doesn't provide any meaningful value, and at worst will be horribly confusing as the guest will see inconsistent behavior and seemingly spurious page faults. Signed-off-by: Sean Christopherson --- arch/x86/kvm/mmu/mmu.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index d4969ac98a4b..684255defb33 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4174,13 +4174,28 @@ __reset_rsvds_bits_mask(struct rsvd_bits_validate *rsvd_check, } } +static bool guest_can_use_gbpages(struct kvm_vcpu *vcpu) +{ + /* + * If TDP is enabled, let the guest use GBPAGES if they're supported in + * hardware. The hardware page walker doesn't let KVM disable GBPAGES, + * i.e. won't treat them as reserved, and KVM doesn't redo the GVA->GPA + * walk for performance and complexity reasons. Not to mention KVM + * _can't_ solve the problem because GVA->GPA walks aren't visible to + * KVM once a TDP translation is installed. Mimic hardware behavior so + * that KVM's is at least consistent, i.e. doesn't randomly inject #PF. + */ + return tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) : + guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES); +} + static void reset_rsvds_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context) { __reset_rsvds_bits_mask(&context->guest_rsvd_check, vcpu->arch.reserved_gpa_bits, context->root_level, is_efer_nx(context), - guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES), + guest_can_use_gbpages(vcpu), is_cr4_pse(context), guest_cpuid_is_amd_or_hygon(vcpu)); } @@ -4259,8 +4274,7 @@ static void reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, shadow_zero_check = &context->shadow_zero_check; __reset_rsvds_bits_mask(shadow_zero_check, reserved_hpa_bits(), context->shadow_root_level, uses_nx, - guest_cpuid_has(vcpu, X86_FEATURE_GBPAGES), - is_pse, is_amd); + guest_can_use_gbpages(vcpu), is_pse, is_amd); if (!shadow_me_mask) return; -- 2.32.0.288.g62a8d224e6-goog