From: Jim Mattson <jmattson@google.com>
To: Avi Kivity <avi@redhat.com>, Babu Moger <babu.moger@amd.com>,
Borislav Petkov <bp@alien8.de>,
"Chang S. Bae" <chang.seok.bae@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Joerg Roedel <joerg.roedel@amd.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Sean Christopherson <seanjc@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Wyes Karny <wyes.karny@amd.com>,
x86@kernel.org
Cc: Jim Mattson <jmattson@google.com>
Subject: [PATCH 0/5] KVM: EFER.LMSLE cleanup
Date: Thu, 15 Sep 2022 21:58:27 -0700 [thread overview]
Message-ID: <20220916045832.461395-1-jmattson@google.com> (raw)
KVM has never properly virtualized EFER.LMSLE. However, when the
"nested" module parameter is set, KVM lets the guest set EFER.LMSLE.
Ostensibly, this is so that SLES11 Xen 4.0 will boot as a nested
hypervisor.
KVM passes EFER.LMSLE to the hardware through the VMCB, so
the setting works most of the time, but the KVM instruction emulator
completely ignores the bit, so incorrect guest behavior is almost
certainly assured.
With Zen3, AMD has abandoned EFER.LMSLE. KVM still allows it, though, as
long as "nested" is set. However, since the hardware doesn't support it,
the next VMRUN after the emulated WRMSR will fail with "invalid VMCB."
My preference would be to simply scrub all references to LMSLE from the
Linux kernel, but I don't want to break any guests that rely in it (on
hardware that supports it).
So, here's a series to clean things up.
I have not been successful in getting new macros into cpufeatures.h in
the past, but I'm going to try again, because I am a glutton for
punishment.
Jim Mattson (5):
x86/cpufeatures: Introduce X86_FEATURE_NO_LMSLE
KVM: svm: Disallow EFER.LMSLE on hardware that doesn't support it
KVM: x86: Report host's X86_FEATURE_NO_LMSLE in
KVM_GET_SUPPORTED_CPUID
KVM: x86: Enforce X86_FEATURE_NO_LMSLE in guest cpuid
KVM: svm: Set X86_FEATURE_NO_LMSLE when !nested
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/kvm/cpuid.c | 2 +-
arch/x86/kvm/svm/svm.c | 6 +++++-
arch/x86/kvm/x86.c | 3 +++
4 files changed, 10 insertions(+), 2 deletions(-)
--
2.37.3.968.ga6b4b080e4-goog
next reply other threads:[~2022-09-16 4:58 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-16 4:58 Jim Mattson [this message]
2022-09-16 4:58 ` [PATCH 1/5] x86/cpufeatures: Introduce X86_FEATURE_NO_LMSLE Jim Mattson
2022-09-16 4:58 ` [PATCH 2/5] KVM: svm: Disallow EFER.LMSLE on hardware that doesn't support it Jim Mattson
2022-09-16 20:14 ` Sean Christopherson
2022-09-16 21:00 ` Jim Mattson
2022-09-16 22:09 ` Borislav Petkov
2022-09-16 22:33 ` Sean Christopherson
2022-09-18 19:04 ` Borislav Petkov
2022-09-19 18:09 ` Jim Mattson
2022-09-16 4:58 ` [PATCH 3/5] KVM: x86: Report host's X86_FEATURE_NO_LMSLE in KVM_GET_SUPPORTED_CPUID Jim Mattson
2022-09-16 4:58 ` [PATCH 4/5] KVM: x86: Enforce X86_FEATURE_NO_LMSLE in guest cpuid Jim Mattson
2022-09-16 4:58 ` [PATCH 5/5] KVM: svm: Set X86_FEATURE_NO_LMSLE when !nested Jim Mattson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220916045832.461395-1-jmattson@google.com \
--to=jmattson@google.com \
--cc=avi@redhat.com \
--cc=babu.moger@amd.com \
--cc=bp@alien8.de \
--cc=chang.seok.bae@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=joerg.roedel@amd.com \
--cc=jpoimboe@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=wyes.karny@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).