* [PATCH] KVM: SVM: Add a dedicated INVD intercept routine
@ 2020-09-23 20:27 Tom Lendacky
2020-09-23 20:32 ` Sean Christopherson
2020-09-24 13:58 ` Vitaly Kuznetsov
0 siblings, 2 replies; 7+ messages in thread
From: Tom Lendacky @ 2020-09-23 20:27 UTC (permalink / raw)
To: kvm, x86, linux-kernel
Cc: Paolo Bonzini, Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li,
Jim Mattson, Joerg Roedel, Brijesh Singh, Thomas Gleixner,
Ingo Molnar, Borislav Petkov, H. Peter Anvin
From: Tom Lendacky <thomas.lendacky@amd.com>
The INVD instruction intercept performs emulation. Emulation can't be done
on an SEV guest because the guest memory is encrypted.
Provide a dedicated intercept routine for the INVD intercept. Within this
intercept routine just skip the instruction for an SEV guest, since it is
emulated as a NOP anyway.
Fixes: 1654efcbc431 ("KVM: SVM: Add KVM_SEV_INIT command")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/kvm/svm/svm.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index c91acabf18d0..332ec4425d89 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2183,6 +2183,17 @@ static int iret_interception(struct vcpu_svm *svm)
return 1;
}
+static int invd_interception(struct vcpu_svm *svm)
+{
+ /*
+ * Can't do emulation on an SEV guest and INVD is emulated
+ * as a NOP, so just skip the instruction.
+ */
+ return (sev_guest(svm->vcpu.kvm))
+ ? kvm_skip_emulated_instruction(&svm->vcpu)
+ : kvm_emulate_instruction(&svm->vcpu, 0);
+}
+
static int invlpg_interception(struct vcpu_svm *svm)
{
if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
@@ -2774,7 +2785,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
[SVM_EXIT_RDPMC] = rdpmc_interception,
[SVM_EXIT_CPUID] = cpuid_interception,
[SVM_EXIT_IRET] = iret_interception,
- [SVM_EXIT_INVD] = emulate_on_interception,
+ [SVM_EXIT_INVD] = invd_interception,
[SVM_EXIT_PAUSE] = pause_interception,
[SVM_EXIT_HLT] = halt_interception,
[SVM_EXIT_INVLPG] = invlpg_interception,
--
2.28.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: SVM: Add a dedicated INVD intercept routine
2020-09-23 20:27 [PATCH] KVM: SVM: Add a dedicated INVD intercept routine Tom Lendacky
@ 2020-09-23 20:32 ` Sean Christopherson
2020-09-23 20:40 ` Tom Lendacky
2020-09-24 13:58 ` Vitaly Kuznetsov
1 sibling, 1 reply; 7+ messages in thread
From: Sean Christopherson @ 2020-09-23 20:32 UTC (permalink / raw)
To: Tom Lendacky
Cc: kvm, x86, linux-kernel, Paolo Bonzini, Vitaly Kuznetsov,
Wanpeng Li, Jim Mattson, Joerg Roedel, Brijesh Singh,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, H. Peter Anvin
On Wed, Sep 23, 2020 at 03:27:39PM -0500, Tom Lendacky wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> The INVD instruction intercept performs emulation. Emulation can't be done
> on an SEV guest because the guest memory is encrypted.
>
> Provide a dedicated intercept routine for the INVD intercept. Within this
> intercept routine just skip the instruction for an SEV guest, since it is
> emulated as a NOP anyway.
>
> Fixes: 1654efcbc431 ("KVM: SVM: Add KVM_SEV_INIT command")
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> arch/x86/kvm/svm/svm.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index c91acabf18d0..332ec4425d89 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -2183,6 +2183,17 @@ static int iret_interception(struct vcpu_svm *svm)
> return 1;
> }
>
> +static int invd_interception(struct vcpu_svm *svm)
> +{
> + /*
> + * Can't do emulation on an SEV guest and INVD is emulated
> + * as a NOP, so just skip the instruction.
> + */
> + return (sev_guest(svm->vcpu.kvm))
> + ? kvm_skip_emulated_instruction(&svm->vcpu)
> + : kvm_emulate_instruction(&svm->vcpu, 0);
Is there any reason not to do kvm_skip_emulated_instruction() for both SEV
and legacy? VMX has the same odd kvm_emulate_instruction() call, but AFAICT
that's completely unecessary, i.e. VMX can also convert to a straight skip.
> +}
> +
> static int invlpg_interception(struct vcpu_svm *svm)
> {
> if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
> @@ -2774,7 +2785,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
> [SVM_EXIT_RDPMC] = rdpmc_interception,
> [SVM_EXIT_CPUID] = cpuid_interception,
> [SVM_EXIT_IRET] = iret_interception,
> - [SVM_EXIT_INVD] = emulate_on_interception,
> + [SVM_EXIT_INVD] = invd_interception,
> [SVM_EXIT_PAUSE] = pause_interception,
> [SVM_EXIT_HLT] = halt_interception,
> [SVM_EXIT_INVLPG] = invlpg_interception,
> --
> 2.28.0
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: SVM: Add a dedicated INVD intercept routine
2020-09-23 20:32 ` Sean Christopherson
@ 2020-09-23 20:40 ` Tom Lendacky
2020-09-24 6:51 ` Paolo Bonzini
0 siblings, 1 reply; 7+ messages in thread
From: Tom Lendacky @ 2020-09-23 20:40 UTC (permalink / raw)
To: Sean Christopherson
Cc: kvm, x86, linux-kernel, Paolo Bonzini, Vitaly Kuznetsov,
Wanpeng Li, Jim Mattson, Joerg Roedel, Brijesh Singh,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, H. Peter Anvin
On 9/23/20 3:32 PM, Sean Christopherson wrote:
> On Wed, Sep 23, 2020 at 03:27:39PM -0500, Tom Lendacky wrote:
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>
>> The INVD instruction intercept performs emulation. Emulation can't be done
>> on an SEV guest because the guest memory is encrypted.
>>
>> Provide a dedicated intercept routine for the INVD intercept. Within this
>> intercept routine just skip the instruction for an SEV guest, since it is
>> emulated as a NOP anyway.
>>
>> Fixes: 1654efcbc431 ("KVM: SVM: Add KVM_SEV_INIT command")
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>> arch/x86/kvm/svm/svm.c | 13 ++++++++++++-
>> 1 file changed, 12 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
>> index c91acabf18d0..332ec4425d89 100644
>> --- a/arch/x86/kvm/svm/svm.c
>> +++ b/arch/x86/kvm/svm/svm.c
>> @@ -2183,6 +2183,17 @@ static int iret_interception(struct vcpu_svm *svm)
>> return 1;
>> }
>>
>> +static int invd_interception(struct vcpu_svm *svm)
>> +{
>> + /*
>> + * Can't do emulation on an SEV guest and INVD is emulated
>> + * as a NOP, so just skip the instruction.
>> + */
>> + return (sev_guest(svm->vcpu.kvm))
>> + ? kvm_skip_emulated_instruction(&svm->vcpu)
>> + : kvm_emulate_instruction(&svm->vcpu, 0);
>
> Is there any reason not to do kvm_skip_emulated_instruction() for both SEV
> and legacy? VMX has the same odd kvm_emulate_instruction() call, but AFAICT
> that's completely unecessary, i.e. VMX can also convert to a straight skip.
You could, I just figured I'd leave the legacy behavior just in case. Not
that I can think of a reason that behavior would ever change.
Thanks,
Tom
>
>> +}
>> +
>> static int invlpg_interception(struct vcpu_svm *svm)
>> {
>> if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
>> @@ -2774,7 +2785,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
>> [SVM_EXIT_RDPMC] = rdpmc_interception,
>> [SVM_EXIT_CPUID] = cpuid_interception,
>> [SVM_EXIT_IRET] = iret_interception,
>> - [SVM_EXIT_INVD] = emulate_on_interception,
>> + [SVM_EXIT_INVD] = invd_interception,
>> [SVM_EXIT_PAUSE] = pause_interception,
>> [SVM_EXIT_HLT] = halt_interception,
>> [SVM_EXIT_INVLPG] = invlpg_interception,
>> --
>> 2.28.0
>>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: SVM: Add a dedicated INVD intercept routine
2020-09-23 20:40 ` Tom Lendacky
@ 2020-09-24 6:51 ` Paolo Bonzini
2020-09-24 13:33 ` Tom Lendacky
0 siblings, 1 reply; 7+ messages in thread
From: Paolo Bonzini @ 2020-09-24 6:51 UTC (permalink / raw)
To: Tom Lendacky, Sean Christopherson
Cc: kvm, x86, linux-kernel, Vitaly Kuznetsov, Wanpeng Li,
Jim Mattson, Joerg Roedel, Brijesh Singh, Thomas Gleixner,
Ingo Molnar, Borislav Petkov, H. Peter Anvin
On 23/09/20 22:40, Tom Lendacky wrote:
>>> +static int invd_interception(struct vcpu_svm *svm)
>>> +{
>>> + /*
>>> + * Can't do emulation on an SEV guest and INVD is emulated
>>> + * as a NOP, so just skip the instruction.
>>> + */
>>> + return (sev_guest(svm->vcpu.kvm))
>>> + ? kvm_skip_emulated_instruction(&svm->vcpu)
>>> + : kvm_emulate_instruction(&svm->vcpu, 0);
>>
>> Is there any reason not to do kvm_skip_emulated_instruction() for both SEV
>> and legacy? VMX has the same odd kvm_emulate_instruction() call, but AFAICT
>> that's completely unecessary, i.e. VMX can also convert to a straight skip.
>
> You could, I just figured I'd leave the legacy behavior just in case. Not
> that I can think of a reason that behavior would ever change.
Yeah, let's do skip for both SVM and VMX.
Paolo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: SVM: Add a dedicated INVD intercept routine
2020-09-24 6:51 ` Paolo Bonzini
@ 2020-09-24 13:33 ` Tom Lendacky
0 siblings, 0 replies; 7+ messages in thread
From: Tom Lendacky @ 2020-09-24 13:33 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: kvm, x86, linux-kernel, Vitaly Kuznetsov, Wanpeng Li,
Jim Mattson, Joerg Roedel, Brijesh Singh, Thomas Gleixner,
Ingo Molnar, Borislav Petkov, H. Peter Anvin
On 9/24/20 1:51 AM, Paolo Bonzini wrote:
> On 23/09/20 22:40, Tom Lendacky wrote:
>>>> +static int invd_interception(struct vcpu_svm *svm)
>>>> +{
>>>> + /*
>>>> + * Can't do emulation on an SEV guest and INVD is emulated
>>>> + * as a NOP, so just skip the instruction.
>>>> + */
>>>> + return (sev_guest(svm->vcpu.kvm))
>>>> + ? kvm_skip_emulated_instruction(&svm->vcpu)
>>>> + : kvm_emulate_instruction(&svm->vcpu, 0);
>>>
>>> Is there any reason not to do kvm_skip_emulated_instruction() for both SEV
>>> and legacy? VMX has the same odd kvm_emulate_instruction() call, but AFAICT
>>> that's completely unecessary, i.e. VMX can also convert to a straight skip.
>>
>> You could, I just figured I'd leave the legacy behavior just in case. Not
>> that I can think of a reason that behavior would ever change.
>
> Yeah, let's do skip for both SVM and VMX.
Ok, I'll submit a two patch series to change SVM and VMX. I'll do two
patches because of the fixes tag to get the SVM fix back to stable. But,
if you would prefer a single patch, let me know.
Thanks,
Tom
>
> Paolo
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: SVM: Add a dedicated INVD intercept routine
2020-09-23 20:27 [PATCH] KVM: SVM: Add a dedicated INVD intercept routine Tom Lendacky
2020-09-23 20:32 ` Sean Christopherson
@ 2020-09-24 13:58 ` Vitaly Kuznetsov
2020-09-24 14:06 ` Paolo Bonzini
1 sibling, 1 reply; 7+ messages in thread
From: Vitaly Kuznetsov @ 2020-09-24 13:58 UTC (permalink / raw)
To: Tom Lendacky
Cc: Paolo Bonzini, Sean Christopherson, Wanpeng Li, Jim Mattson,
Joerg Roedel, Brijesh Singh, Thomas Gleixner, Ingo Molnar,
Borislav Petkov, H. Peter Anvin, kvm, x86, linux-kernel
Tom Lendacky <thomas.lendacky@amd.com> writes:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> The INVD instruction intercept performs emulation. Emulation can't be done
> on an SEV guest because the guest memory is encrypted.
>
> Provide a dedicated intercept routine for the INVD intercept. Within this
> intercept routine just skip the instruction for an SEV guest, since it is
> emulated as a NOP anyway.
>
> Fixes: 1654efcbc431 ("KVM: SVM: Add KVM_SEV_INIT command")
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> arch/x86/kvm/svm/svm.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index c91acabf18d0..332ec4425d89 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -2183,6 +2183,17 @@ static int iret_interception(struct vcpu_svm *svm)
> return 1;
> }
>
> +static int invd_interception(struct vcpu_svm *svm)
> +{
> + /*
> + * Can't do emulation on an SEV guest and INVD is emulated
> + * as a NOP, so just skip the instruction.
> + */
> + return (sev_guest(svm->vcpu.kvm))
> + ? kvm_skip_emulated_instruction(&svm->vcpu)
> + : kvm_emulate_instruction(&svm->vcpu, 0);
> +}
> +
> static int invlpg_interception(struct vcpu_svm *svm)
> {
> if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
> @@ -2774,7 +2785,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
> [SVM_EXIT_RDPMC] = rdpmc_interception,
> [SVM_EXIT_CPUID] = cpuid_interception,
> [SVM_EXIT_IRET] = iret_interception,
> - [SVM_EXIT_INVD] = emulate_on_interception,
> + [SVM_EXIT_INVD] = invd_interception,
> [SVM_EXIT_PAUSE] = pause_interception,
> [SVM_EXIT_HLT] = halt_interception,
> [SVM_EXIT_INVLPG] = invlpg_interception,
Out of pure curiosity,
does it sill make sense to intercept INVD when we just skip it? Would it
rather make sense to disable INVD intercept for SEV guests completely?
--
Vitaly
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: SVM: Add a dedicated INVD intercept routine
2020-09-24 13:58 ` Vitaly Kuznetsov
@ 2020-09-24 14:06 ` Paolo Bonzini
0 siblings, 0 replies; 7+ messages in thread
From: Paolo Bonzini @ 2020-09-24 14:06 UTC (permalink / raw)
To: Vitaly Kuznetsov, Tom Lendacky
Cc: Sean Christopherson, Wanpeng Li, Jim Mattson, Joerg Roedel,
Brijesh Singh, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
H. Peter Anvin, kvm, x86, linux-kernel
On 24/09/20 15:58, Vitaly Kuznetsov wrote:
> does it sill make sense to intercept INVD when we just skip it? Would it
> rather make sense to disable INVD intercept for SEV guests completely?
If we don't intercept the processor would really invalidate the cache,
that is certainly not what we want.
Paolo
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-09-24 14:06 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-23 20:27 [PATCH] KVM: SVM: Add a dedicated INVD intercept routine Tom Lendacky
2020-09-23 20:32 ` Sean Christopherson
2020-09-23 20:40 ` Tom Lendacky
2020-09-24 6:51 ` Paolo Bonzini
2020-09-24 13:33 ` Tom Lendacky
2020-09-24 13:58 ` Vitaly Kuznetsov
2020-09-24 14:06 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).