[GIT PULL] KVM: x86 pull requests for 6.8

[GIT PULL] KVM: x86 pull requests for 6.8

[Sean Christopherson]

Pull requests for 6.8.  My apologies for not getting some of these sent earlier.
Between travel, time off, and end-of-year reviews, December was a bit of a
disaster.

  [GIT PULL] KVM: non-x86 changes for 6.8
  [GIT PULL] KVM: x86: Hyper-V changes for 6.8
  [GIT PULL] KVM: x86: LAM support for 6.8
  [GIT PULL] KVM: x86: Misc changes for 6.8
  [GIT PULL] KVM: x86: MMU changes for 6.8
  [GIT PULL] KVM: x86: PMU changes for 6.8
  [GIT PULL] KVM: x86: SVM changes for 6.8
  [GIT PULL] KVM: x86: Xen change for 6.8

[GIT PULL] KVM: non-x86 changes for 6.8

[Sean Christopherson]

Please pull a few minor changes that aren't (just) x86.  The
vmemdup_array_user() patches were sent as a series, and the s390 folks were
quick on the draw with acks, so it was easiest for all involved to just grab
everything in one shot.

The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:

  selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.8

for you to fetch changes up to 1f829359c8c37f77a340575957686ca8c4bca317:

  KVM: Harden copying of userspace-array against overflow (2023-12-01 08:00:53 -0800)

----------------------------------------------------------------
Common KVM changes for 6.8:

 - Use memdup_array_user() to harden against overflow.

 - Unconditionally advertise KVM_CAP_DEVICE_CTRL for all architectures.

----------------------------------------------------------------
Philipp Stanner (3):
      KVM: x86: Harden copying of userspace-array against overflow
      KVM: s390: Harden copying of userspace-array against overflow
      KVM: Harden copying of userspace-array against overflow

Wei Wang (1):
      KVM: move KVM_CAP_DEVICE_CTRL to the generic check

 arch/arm64/kvm/arm.c       | 1 -
 arch/powerpc/kvm/powerpc.c | 1 -
 arch/riscv/kvm/vm.c        | 1 -
 arch/s390/kvm/guestdbg.c   | 4 ++--
 arch/s390/kvm/kvm-s390.c   | 1 -
 arch/x86/kvm/cpuid.c       | 4 ++--
 virt/kvm/kvm_main.c        | 6 +++---
 7 files changed, 7 insertions(+), 11 deletions(-)

[GIT PULL] KVM: x86: Hyper-V changes for 6.8

[Sean Christopherson]

This is essentially Vitaly's series to add CONFIG_KVM_HYPERV, along with a
one-off patch to clean up the range-based TLB flush APIs.  While it's not super
obvious that adding CONFIG_KVM_HYPERV is worth the churn, e.g. very few setups
can actually disable CONFIG_KVM_HYPERV in practice, the end result is nice and
at the very least makes it easier for non-HyperV gurus to follow along.

The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:

  selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-hyperv-6.8

for you to fetch changes up to 017a99a966f1183e611f0b0fa6bec40160c81813:

  KVM: nSVM: Hide more stuff under CONFIG_KVM_HYPERV/CONFIG_HYPERV (2023-12-07 09:35:26 -0800)

----------------------------------------------------------------
KVM x86 Hyper-V changes for 6.8:

 - Guard KVM-on-HyperV's range-based TLB flush hooks with an #ifdef on
   CONFIG_HYPERV as a minor optimization, and to self-document the code.

 - Add CONFIG_KVM_HYPERV to allow disabling KVM support for HyperV "emulation"
   at build time.

----------------------------------------------------------------
Sean Christopherson (1):
      KVM: x86/mmu: Declare flush_remote_tlbs{_range}() hooks iff HYPERV!=n

Vitaly Kuznetsov (16):
      KVM: x86/xen: Remove unneeded xen context from kvm_arch when !CONFIG_KVM_XEN
      KVM: x86: Move Hyper-V partition assist page out of Hyper-V emulation context
      KVM: VMX: Split off vmx_onhyperv.{ch} from hyperv.{ch}
      KVM: x86: Introduce helper to check if auto-EOI is set in Hyper-V SynIC
      KVM: x86: Introduce helper to check if vector is set in Hyper-V SynIC
      KVM: VMX: Split off hyperv_evmcs.{ch}
      KVM: x86: Introduce helper to handle Hyper-V paravirt TLB flush requests
      KVM: nVMX: Split off helper for emulating VMCLEAR on Hyper-V eVMCS
      KVM: selftests: Make Hyper-V tests explicitly require KVM Hyper-V support
      KVM: selftests: Fix vmxon_pa == vmcs12_pa == -1ull nVMX testcase for !eVMCS
      KVM: nVMX: Move guest_cpuid_has_evmcs() to hyperv.h
      KVM: x86: Make Hyper-V emulation optional
      KVM: nVMX: Introduce helpers to check if Hyper-V evmptr12 is valid/set
      KVM: nVMX: Introduce accessor to get Hyper-V eVMCS pointer
      KVM: nVMX: Hide more stuff under CONFIG_KVM_HYPERV
      KVM: nSVM: Hide more stuff under CONFIG_KVM_HYPERV/CONFIG_HYPERV

 arch/x86/include/asm/kvm-x86-ops.h                 |   2 +
 arch/x86/include/asm/kvm_host.h                    |  25 +-
 arch/x86/kvm/Kconfig                               |  14 +
 arch/x86/kvm/Makefile                              |  16 +-
 arch/x86/kvm/cpuid.c                               |   6 +
 arch/x86/kvm/hyperv.h                              |  85 +++-
 arch/x86/kvm/irq.c                                 |   2 +
 arch/x86/kvm/irq_comm.c                            |   9 +-
 arch/x86/kvm/kvm_onhyperv.h                        |  20 +
 arch/x86/kvm/lapic.c                               |   5 +-
 arch/x86/kvm/mmu/mmu.c                             |  12 +-
 arch/x86/kvm/svm/hyperv.h                          |   9 +
 arch/x86/kvm/svm/nested.c                          |  30 +-
 arch/x86/kvm/svm/svm.h                             |   2 +
 arch/x86/kvm/svm/svm_onhyperv.c                    |  10 +-
 arch/x86/kvm/vmx/hyperv.c                          | 447 ---------------------
 arch/x86/kvm/vmx/hyperv.h                          | 238 +++--------
 arch/x86/kvm/vmx/hyperv_evmcs.c                    | 315 +++++++++++++++
 arch/x86/kvm/vmx/hyperv_evmcs.h                    | 166 ++++++++
 arch/x86/kvm/vmx/nested.c                          | 149 ++++---
 arch/x86/kvm/vmx/nested.h                          |   3 +-
 arch/x86/kvm/vmx/vmx.c                             |  20 +-
 arch/x86/kvm/vmx/vmx.h                             |  12 +-
 arch/x86/kvm/vmx/vmx_onhyperv.c                    |  36 ++
 arch/x86/kvm/vmx/vmx_onhyperv.h                    | 125 ++++++
 arch/x86/kvm/vmx/vmx_ops.h                         |   2 +-
 arch/x86/kvm/x86.c                                 |  66 ++-
 tools/testing/selftests/kvm/x86_64/hyperv_clock.c  |   2 +
 tools/testing/selftests/kvm/x86_64/hyperv_evmcs.c  |   5 +-
 .../kvm/x86_64/hyperv_extended_hypercalls.c        |   2 +
 .../testing/selftests/kvm/x86_64/hyperv_features.c |   2 +
 tools/testing/selftests/kvm/x86_64/hyperv_ipi.c    |   2 +
 .../testing/selftests/kvm/x86_64/hyperv_svm_test.c |   1 +
 .../selftests/kvm/x86_64/hyperv_tlb_flush.c        |   2 +
 .../kvm/x86_64/vmx_set_nested_state_test.c         |  16 +-
 35 files changed, 1091 insertions(+), 767 deletions(-)
 create mode 100644 arch/x86/kvm/vmx/hyperv_evmcs.c
 create mode 100644 arch/x86/kvm/vmx/hyperv_evmcs.h
 create mode 100644 arch/x86/kvm/vmx/vmx_onhyperv.c
 create mode 100644 arch/x86/kvm/vmx/vmx_onhyperv.h

[GIT PULL] KVM: x86: LAM support for 6.8

[Sean Christopherson]

LAM virtualization support.  FWIW, I intended to send this in early-ish
December as you've asked in the past, but December was basically a lost cause
for me in terms of doing upstream work.  :-/

The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:

  selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-lam-6.8

for you to fetch changes up to 183bdd161c2b773a62f01d1c030f5a3a5b7c33b5:

  KVM: x86: Use KVM-governed feature framework to track "LAM enabled" (2023-11-28 17:54:09 -0800)

----------------------------------------------------------------
KVM x86 support for virtualizing Linear Address Masking (LAM)

Add KVM support for Linear Address Masking (LAM).  LAM tweaks the canonicality
checks for most virtual address usage in 64-bit mode, such that only the most
significant bit of the untranslated address bits must match the polarity of the
last translated address bit.  This allows software to use ignored, untranslated
address bits for metadata, e.g. to efficiently tag pointers for address
sanitization.

LAM can be enabled separately for user pointers and supervisor pointers, and
for userspace LAM can be select between 48-bit and 57-bit masking

 - 48-bit LAM: metadata bits 62:48, i.e. LAM width of 15.
 - 57-bit LAM: metadata bits 62:57, i.e. LAM width of 6.

For user pointers, LAM enabling utilizes two previously-reserved high bits from
CR3 (similar to how PCID_NOFLUSH uses bit 63): LAM_U48 and LAM_U57, bits 62 and
61 respectively.  Note, if LAM_57 is set, LAM_U48 is ignored, i.e.:

 - CR3.LAM_U48=0 && CR3.LAM_U57=0 == LAM disabled for user pointers
 - CR3.LAM_U48=1 && CR3.LAM_U57=0 == LAM-48 enabled for user pointers
 - CR3.LAM_U48=x && CR3.LAM_U57=1 == LAM-57 enabled for user pointers

For supervisor pointers, LAM is controlled by a single bit, CR4.LAM_SUP, with
the 48-bit versus 57-bit LAM behavior following the current paging mode, i.e.:

 - CR4.LAM_SUP=0 && CR4.LA57=x == LAM disabled for supervisor pointers
 - CR4.LAM_SUP=1 && CR4.LA57=0 == LAM-48 enabled for supervisor pointers
 - CR4.LAM_SUP=1 && CR4.LA57=1 == LAM-57 enabled for supervisor pointers

The modified LAM canonicality checks:
 - LAM_S48                : [ 1 ][ metadata ][ 1 ]
                              63               47
 - LAM_U48                : [ 0 ][ metadata ][ 0 ]
                              63               47
 - LAM_S57                : [ 1 ][ metadata ][ 1 ]
                              63               56
 - LAM_U57 + 5-lvl paging : [ 0 ][ metadata ][ 0 ]
                              63               56
 - LAM_U57 + 4-lvl paging : [ 0 ][ metadata ][ 0...0 ]
                              63               56..47

The bulk of KVM support for LAM is to emulate LAM's modified canonicality
checks.  The approach taken by KVM is to "fill" the metadata bits using the
highest bit of the translated address, e.g. for LAM-48, bit 47 is sign-extended
to bits 62:48.  The most significant bit, 63, is *not* modified, i.e. its value
from the raw, untagged virtual address is kept for the canonicality check. This
untagging allows

Aside from emulating LAM's canonical checks behavior, LAM has the usual KVM
touchpoints for selectable features: enumeration (CPUID.7.1:EAX.LAM[bit 26],
enabling via CR3 and CR4 bits, etc.

----------------------------------------------------------------
Binbin Wu (9):
      KVM: x86: Consolidate flags for __linearize()
      KVM: x86: Add an emulation flag for implicit system access
      KVM: x86: Add X86EMUL_F_INVLPG and pass it in em_invlpg()
      KVM: x86/mmu: Drop non-PA bits when getting GFN for guest's PGD
      KVM: x86: Add & use kvm_vcpu_is_legal_cr3() to check CR3's legality
      KVM: x86: Remove kvm_vcpu_is_illegal_gpa()
      KVM: x86: Introduce get_untagged_addr() in kvm_x86_ops and call it in emulator
      KVM: x86: Untag addresses for LAM emulation where applicable
      KVM: x86: Use KVM-governed feature framework to track "LAM enabled"

Robert Hoo (3):
      KVM: x86: Virtualize LAM for supervisor pointer
      KVM: x86: Virtualize LAM for user pointer
      KVM: x86: Advertise and enable LAM (user and supervisor)

 arch/x86/include/asm/kvm-x86-ops.h |  1 +
 arch/x86/include/asm/kvm_host.h    |  5 +++-
 arch/x86/kvm/cpuid.c               |  2 +-
 arch/x86/kvm/cpuid.h               | 13 +++++----
 arch/x86/kvm/emulate.c             | 27 ++++++++++---------
 arch/x86/kvm/governed_features.h   |  1 +
 arch/x86/kvm/kvm_emulate.h         |  9 +++++++
 arch/x86/kvm/mmu.h                 |  8 ++++++
 arch/x86/kvm/mmu/mmu.c             |  2 +-
 arch/x86/kvm/mmu/mmu_internal.h    |  1 +
 arch/x86/kvm/mmu/paging_tmpl.h     |  2 +-
 arch/x86/kvm/svm/nested.c          |  4 +--
 arch/x86/kvm/vmx/nested.c          | 11 +++++---
 arch/x86/kvm/vmx/sgx.c             |  1 +
 arch/x86/kvm/vmx/vmx.c             | 55 ++++++++++++++++++++++++++++++++++++--
 arch/x86/kvm/vmx/vmx.h             |  2 ++
 arch/x86/kvm/x86.c                 | 18 +++++++++++--
 arch/x86/kvm/x86.h                 |  2 ++
 18 files changed, 134 insertions(+), 30 deletions(-)

[GIT PULL] KVM: x86: Misc changes for 6.8

[Sean Christopherson]

A variety of one-off changes...

The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:

  selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.8

for you to fetch changes up to 15223c4f973a6120665ece9ce1ad17aec0be0e6c:

  KVM: SVM,VMX: Use %rip-relative addressing to access kvm_rebooting (2023-11-30 12:51:54 -0800)

----------------------------------------------------------------
KVM x86 misc changes for 6.8:

 - Turn off KVM_WERROR by default for all configs so that it's not
   inadvertantly enabled by non-KVM developers, which can be problematic for
   subsystems that require no regressions for W=1 builds.

 - Advertise all of the host-supported CPUID bits that enumerate IA32_SPEC_CTRL
   "features".

 - Don't force a masterclock update when a vCPU synchronizes to the current TSC
   generation, as updating the masterclock can cause kvmclock's time to "jump"
   unexpectedly, e.g. when userspace hotplugs a pre-created vCPU.

 - Use RIP-relative address to read kvm_rebooting in the VM-Enter fault paths,
   partly as a super minor optimization, but mostly to make KVM play nice with
   position independent executable builds.

----------------------------------------------------------------
Jim Mattson (2):
      KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
      KVM: x86: Use a switch statement and macros in __feature_translate()

Sean Christopherson (2):
      KVM: x86: Turn off KVM_WERROR by default for all configs
      KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug

Uros Bizjak (1):
      KVM: SVM,VMX: Use %rip-relative addressing to access kvm_rebooting

 arch/x86/kvm/Kconfig         | 14 +++++++-------
 arch/x86/kvm/cpuid.c         | 21 ++++++++++++++++++---
 arch/x86/kvm/reverse_cpuid.h | 33 ++++++++++++++++++++++-----------
 arch/x86/kvm/svm/vmenter.S   | 10 +++++-----
 arch/x86/kvm/vmx/vmenter.S   |  2 +-
 arch/x86/kvm/x86.c           | 29 ++++++++++++++++-------------
 6 files changed, 69 insertions(+), 40 deletions(-)

[GIT PULL] KVM: x86: MMU changes for 6.8

[Sean Christopherson]

Two minor fixes from David, plus your series to clean up the "bool shared" mess.

The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:

  selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-mmu-6.8

for you to fetch changes up to e59f75de4e501e87de7743fec29dd247a6ae6cd3:

  KVM: x86/mmu: fix comment about mmu_unsync_pages_lock (2023-12-01 07:52:09 -0800)

----------------------------------------------------------------
KVM x86 MMU changes for 6.8:

 - Fix a relatively benign off-by-one error when splitting huge pages during
   CLEAR_DIRTY_LOG.

 - Fix a bug where KVM could incorrectly test-and-clear dirty bits in non-leaf
   TDP MMU SPTEs if a racing thread replaces a huge SPTE with a non-huge SPTE.

 - Relax the TDP MMU's lockdep assertions related to holding mmu_lock for read
   versus write so that KVM doesn't pass "bool shared" all over the place just
   to have precise assertions in paths that don't actually care about whether
   the caller is a reader or a writer.

----------------------------------------------------------------
David Matlack (2):
      KVM: x86/mmu: Fix off-by-1 when splitting huge pages during CLEAR
      KVM: x86/mmu: Check for leaf SPTE when clearing dirty bit in the TDP MMU

Paolo Bonzini (4):
      KVM: x86/mmu: remove unnecessary "bool shared" argument from functions
      KVM: x86/mmu: remove unnecessary "bool shared" argument from iterators
      KVM: x86/mmu: always take tdp_mmu_pages_lock
      KVM: x86/mmu: fix comment about mmu_unsync_pages_lock

 Documentation/virt/kvm/locking.rst |  7 ++-
 arch/x86/include/asm/kvm_host.h    | 11 +++--
 arch/x86/kvm/mmu/mmu.c             |  8 ++--
 arch/x86/kvm/mmu/tdp_mmu.c         | 95 +++++++++++++++++---------------------
 arch/x86/kvm/mmu/tdp_mmu.h         |  3 +-
 5 files changed, 57 insertions(+), 67 deletions(-)

[GIT PULL] KVM: x86: PMU changes for 6.8

[Sean Christopherson]

PMU fixes and cleanups.  The highlight is a fix for a double-overflow PMI bug
when KVM manually emulates counter events, which was made mostly benign by
commit a16eb25b09c0 ("KVM: x86: Mask LVTPC when handling a PMI"), but is still
a bug.

Note, the "Track emulated counter events instead of previous counter" fix
breaks the PMU KVM-Unit-Test due to a long-standing "bug" in perf[*].  If need
be, it's trivial to fudge around the shortcomings in the KUT code, I just
haven't carved out time to push things along.

[*] https://lore.kernel.org/all/20231107183605.409588-1-seanjc@google.com

The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:

  selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-pmu-6.8

for you to fetch changes up to fd89499a5151d197ba30f7b801f6d8f4646cf446:

  KVM: x86/pmu: Track emulated counter events instead of previous counter (2023-11-30 12:52:55 -0800)

----------------------------------------------------------------
KVM x86 PMU changes for 6.8:

 - Fix a variety of bugs where KVM fail to stop/reset counters and other state
   prior to refreshing the vPMU model.

 - Fix a double-overflow PMU bug by tracking emulated counter events using a
   dedicated field instead of snapshotting the "previous" counter.  If the
   hardware PMC count triggers overflow that is recognized in the same VM-Exit
   that KVM manually bumps an event count, KVM would pend PMIs for both the
   hardware-triggered overflow and for KVM-triggered overflow.

----------------------------------------------------------------
Sean Christopherson (6):
      KVM: x86/pmu: Move PMU reset logic to common x86 code
      KVM: x86/pmu: Reset the PMU, i.e. stop counters, before refreshing
      KVM: x86/pmu: Stop calling kvm_pmu_reset() at RESET (it's redundant)
      KVM: x86/pmu: Remove manual clearing of fields in kvm_pmu_init()
      KVM: x86/pmu: Update sample period in pmc_write_counter()
      KVM: x86/pmu: Track emulated counter events instead of previous counter

 arch/x86/include/asm/kvm-x86-pmu-ops.h |   2 +-
 arch/x86/include/asm/kvm_host.h        |  17 +++-
 arch/x86/kvm/pmu.c                     | 140 +++++++++++++++++++++++++++------
 arch/x86/kvm/pmu.h                     |  47 +----------
 arch/x86/kvm/svm/pmu.c                 |  17 ----
 arch/x86/kvm/vmx/pmu_intel.c           |  22 ------
 arch/x86/kvm/x86.c                     |   1 -
 7 files changed, 137 insertions(+), 109 deletions(-)

[GIT PULL] KVM: x86: SVM changes for 6.8

[Sean Christopherson]

A few minor fixes and cleanups, along with feature "enabling" for flush-by-ASID
to play nice with newer versions of VMware Workstation that require it.

The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:

  selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.8

for you to fetch changes up to 72046d0a077a8f70d4d1e5bdeed324c1a310da8c:

  KVM: SVM: Don't intercept IRET when injecting NMI and vNMI is enabled (2023-11-30 12:51:22 -0800)

----------------------------------------------------------------
KVM SVM changes for 6.8:

 - Revert a bogus, made-up nested SVM consistency check for TLB_CONTROL.

 - Advertise flush-by-ASID support for nSVM unconditionally, as KVM always
   flushes on nested transitions, i.e. always satisfies flush requests.  This
   allows running bleeding edge versions of VMware Workstation on top of KVM.

 - Sanity check that the CPU supports flush-by-ASID when enabling SEV support.

 - Fix a benign NMI virtualization bug where KVM would unnecessarily intercept
   IRET when manually injecting an NMI, e.g. when KVM pends an NMI and injects
   a second, "simultaneous" NMI.

----------------------------------------------------------------
Sean Christopherson (4):
      Revert "nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB"
      KVM: nSVM: Advertise support for flush-by-ASID
      KVM: SVM: Explicitly require FLUSHBYASID to enable SEV support
      KVM: SVM: Don't intercept IRET when injecting NMI and vNMI is enabled

 arch/x86/kvm/svm/nested.c | 15 ---------------
 arch/x86/kvm/svm/sev.c    |  7 +++++--
 arch/x86/kvm/svm/svm.c    | 18 ++++++++++++++++--
 3 files changed, 21 insertions(+), 19 deletions(-)

[GIT PULL] KVM: x86: Xen change for 6.8

[Sean Christopherson]

A single Xen fix (of sorts) to let userspace workaround buggy guests that don't
react well to KVM setting the "stable TSC" bit in Xen PV clocks.

The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:

  selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-xen-6.8

for you to fetch changes up to 6d72283526090850274d065cd5d60af732cc5fc8:

  KVM x86/xen: add an override for PVCLOCK_TSC_STABLE_BIT (2023-12-07 15:52:57 -0800)

----------------------------------------------------------------
KVM Xen change for 6.8:

To workaround Xen guests that don't expect Xen PV clocks to be marked as being
based on a stable TSC, add a Xen config knob to allow userspace to opt out of
KVM setting the "TSC stable" bit in Xen PV clocks.  Note, the "TSC stable" bit
was added to the PVCLOCK ABI by KVM without an ack from Xen, i.e. KVM isn't
entirely blameless for the buggy guest behavior.

----------------------------------------------------------------
Paul Durrant (1):
      KVM x86/xen: add an override for PVCLOCK_TSC_STABLE_BIT

 Documentation/virt/kvm/api.rst |  6 ++++++
 arch/x86/kvm/x86.c             | 28 +++++++++++++++++++++++-----
 arch/x86/kvm/xen.c             |  9 ++++++++-
 include/uapi/linux/kvm.h       |  1 +
 4 files changed, 38 insertions(+), 6 deletions(-)

Re: [GIT PULL] KVM: non-x86 changes for 6.8

[Paolo Bonzini]

On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@google.com> wrote:
>
> Please pull a few minor changes that aren't (just) x86.  The
> vmemdup_array_user() patches were sent as a series, and the s390 folks were
> quick on the draw with acks, so it was easiest for all involved to just grab
> everything in one shot.
>
> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>
>   selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.8
>
> for you to fetch changes up to 1f829359c8c37f77a340575957686ca8c4bca317:
>
>   KVM: Harden copying of userspace-array against overflow (2023-12-01 08:00:53 -0800)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> Common KVM changes for 6.8:
>
>  - Use memdup_array_user() to harden against overflow.
>
>  - Unconditionally advertise KVM_CAP_DEVICE_CTRL for all architectures.
>
> ----------------------------------------------------------------

Re: [GIT PULL] KVM: x86: Hyper-V changes for 6.8

[Paolo Bonzini]

On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@google.com> wrote:
>
> This is essentially Vitaly's series to add CONFIG_KVM_HYPERV, along with a
> one-off patch to clean up the range-based TLB flush APIs.  While it's not super
> obvious that adding CONFIG_KVM_HYPERV is worth the churn, e.g. very few setups
> can actually disable CONFIG_KVM_HYPERV in practice, the end result is nice and
> at the very least makes it easier for non-HyperV gurus to follow along.
>
> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>
>   selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-hyperv-6.8
>
> for you to fetch changes up to 017a99a966f1183e611f0b0fa6bec40160c81813:
>
>   KVM: nSVM: Hide more stuff under CONFIG_KVM_HYPERV/CONFIG_HYPERV (2023-12-07 09:35:26 -0800)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM x86 Hyper-V changes for 6.8:
>
>  - Guard KVM-on-HyperV's range-based TLB flush hooks with an #ifdef on
>    CONFIG_HYPERV as a minor optimization, and to self-document the code.
>
>  - Add CONFIG_KVM_HYPERV to allow disabling KVM support for HyperV "emulation"
>    at build time.
>
> ----------------------------------------------------------------
> Sean Christopherson (1):
>       KVM: x86/mmu: Declare flush_remote_tlbs{_range}() hooks iff HYPERV!=n
>
> Vitaly Kuznetsov (16):
>       KVM: x86/xen: Remove unneeded xen context from kvm_arch when !CONFIG_KVM_XEN
>       KVM: x86: Move Hyper-V partition assist page out of Hyper-V emulation context
>       KVM: VMX: Split off vmx_onhyperv.{ch} from hyperv.{ch}
>       KVM: x86: Introduce helper to check if auto-EOI is set in Hyper-V SynIC
>       KVM: x86: Introduce helper to check if vector is set in Hyper-V SynIC
>       KVM: VMX: Split off hyperv_evmcs.{ch}
>       KVM: x86: Introduce helper to handle Hyper-V paravirt TLB flush requests
>       KVM: nVMX: Split off helper for emulating VMCLEAR on Hyper-V eVMCS
>       KVM: selftests: Make Hyper-V tests explicitly require KVM Hyper-V support
>       KVM: selftests: Fix vmxon_pa == vmcs12_pa == -1ull nVMX testcase for !eVMCS
>       KVM: nVMX: Move guest_cpuid_has_evmcs() to hyperv.h
>       KVM: x86: Make Hyper-V emulation optional
>       KVM: nVMX: Introduce helpers to check if Hyper-V evmptr12 is valid/set
>       KVM: nVMX: Introduce accessor to get Hyper-V eVMCS pointer
>       KVM: nVMX: Hide more stuff under CONFIG_KVM_HYPERV
>       KVM: nSVM: Hide more stuff under CONFIG_KVM_HYPERV/CONFIG_HYPERV
>
>  arch/x86/include/asm/kvm-x86-ops.h                 |   2 +
>  arch/x86/include/asm/kvm_host.h                    |  25 +-
>  arch/x86/kvm/Kconfig                               |  14 +
>  arch/x86/kvm/Makefile                              |  16 +-
>  arch/x86/kvm/cpuid.c                               |   6 +
>  arch/x86/kvm/hyperv.h                              |  85 +++-
>  arch/x86/kvm/irq.c                                 |   2 +
>  arch/x86/kvm/irq_comm.c                            |   9 +-
>  arch/x86/kvm/kvm_onhyperv.h                        |  20 +
>  arch/x86/kvm/lapic.c                               |   5 +-
>  arch/x86/kvm/mmu/mmu.c                             |  12 +-
>  arch/x86/kvm/svm/hyperv.h                          |   9 +
>  arch/x86/kvm/svm/nested.c                          |  30 +-
>  arch/x86/kvm/svm/svm.h                             |   2 +
>  arch/x86/kvm/svm/svm_onhyperv.c                    |  10 +-
>  arch/x86/kvm/vmx/hyperv.c                          | 447 ---------------------
>  arch/x86/kvm/vmx/hyperv.h                          | 238 +++--------
>  arch/x86/kvm/vmx/hyperv_evmcs.c                    | 315 +++++++++++++++
>  arch/x86/kvm/vmx/hyperv_evmcs.h                    | 166 ++++++++
>  arch/x86/kvm/vmx/nested.c                          | 149 ++++---
>  arch/x86/kvm/vmx/nested.h                          |   3 +-
>  arch/x86/kvm/vmx/vmx.c                             |  20 +-
>  arch/x86/kvm/vmx/vmx.h                             |  12 +-
>  arch/x86/kvm/vmx/vmx_onhyperv.c                    |  36 ++
>  arch/x86/kvm/vmx/vmx_onhyperv.h                    | 125 ++++++
>  arch/x86/kvm/vmx/vmx_ops.h                         |   2 +-
>  arch/x86/kvm/x86.c                                 |  66 ++-
>  tools/testing/selftests/kvm/x86_64/hyperv_clock.c  |   2 +
>  tools/testing/selftests/kvm/x86_64/hyperv_evmcs.c  |   5 +-
>  .../kvm/x86_64/hyperv_extended_hypercalls.c        |   2 +
>  .../testing/selftests/kvm/x86_64/hyperv_features.c |   2 +
>  tools/testing/selftests/kvm/x86_64/hyperv_ipi.c    |   2 +
>  .../testing/selftests/kvm/x86_64/hyperv_svm_test.c |   1 +
>  .../selftests/kvm/x86_64/hyperv_tlb_flush.c        |   2 +
>  .../kvm/x86_64/vmx_set_nested_state_test.c         |  16 +-
>  35 files changed, 1091 insertions(+), 767 deletions(-)
>  create mode 100644 arch/x86/kvm/vmx/hyperv_evmcs.c
>  create mode 100644 arch/x86/kvm/vmx/hyperv_evmcs.h
>  create mode 100644 arch/x86/kvm/vmx/vmx_onhyperv.c
>  create mode 100644 arch/x86/kvm/vmx/vmx_onhyperv.h
>

Re: [GIT PULL] KVM: x86: PMU changes for 6.8

[Paolo Bonzini]

On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@google.com> wrote:
>
> PMU fixes and cleanups.  The highlight is a fix for a double-overflow PMI bug
> when KVM manually emulates counter events, which was made mostly benign by
> commit a16eb25b09c0 ("KVM: x86: Mask LVTPC when handling a PMI"), but is still
> a bug.
>
> Note, the "Track emulated counter events instead of previous counter" fix
> breaks the PMU KVM-Unit-Test due to a long-standing "bug" in perf[*].  If need
> be, it's trivial to fudge around the shortcomings in the KUT code, I just
> haven't carved out time to push things along.
>
> [*] https://lore.kernel.org/all/20231107183605.409588-1-seanjc@google.com
>
> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>
>   selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-pmu-6.8
>
> for you to fetch changes up to fd89499a5151d197ba30f7b801f6d8f4646cf446:
>
>   KVM: x86/pmu: Track emulated counter events instead of previous counter (2023-11-30 12:52:55 -0800)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM x86 PMU changes for 6.8:
>
>  - Fix a variety of bugs where KVM fail to stop/reset counters and other state
>    prior to refreshing the vPMU model.
>
>  - Fix a double-overflow PMU bug by tracking emulated counter events using a
>    dedicated field instead of snapshotting the "previous" counter.  If the
>    hardware PMC count triggers overflow that is recognized in the same VM-Exit
>    that KVM manually bumps an event count, KVM would pend PMIs for both the
>    hardware-triggered overflow and for KVM-triggered overflow.
>
> ----------------------------------------------------------------
> Sean Christopherson (6):
>       KVM: x86/pmu: Move PMU reset logic to common x86 code
>       KVM: x86/pmu: Reset the PMU, i.e. stop counters, before refreshing
>       KVM: x86/pmu: Stop calling kvm_pmu_reset() at RESET (it's redundant)
>       KVM: x86/pmu: Remove manual clearing of fields in kvm_pmu_init()
>       KVM: x86/pmu: Update sample period in pmc_write_counter()
>       KVM: x86/pmu: Track emulated counter events instead of previous counter
>
>  arch/x86/include/asm/kvm-x86-pmu-ops.h |   2 +-
>  arch/x86/include/asm/kvm_host.h        |  17 +++-
>  arch/x86/kvm/pmu.c                     | 140 +++++++++++++++++++++++++++------
>  arch/x86/kvm/pmu.h                     |  47 +----------
>  arch/x86/kvm/svm/pmu.c                 |  17 ----
>  arch/x86/kvm/vmx/pmu_intel.c           |  22 ------
>  arch/x86/kvm/x86.c                     |   1 -
>  7 files changed, 137 insertions(+), 109 deletions(-)
>

Re: [GIT PULL] KVM: x86: Misc changes for 6.8

[Paolo Bonzini]

On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@google.com> wrote:
>
> A variety of one-off changes...
>
> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>
>   selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.8
>
> for you to fetch changes up to 15223c4f973a6120665ece9ce1ad17aec0be0e6c:
>
>   KVM: SVM,VMX: Use %rip-relative addressing to access kvm_rebooting (2023-11-30 12:51:54 -0800)
>
> ----------------------------------------------------------------
> KVM x86 misc changes for 6.8:
>
>  - Turn off KVM_WERROR by default for all configs so that it's not
>    inadvertantly enabled by non-KVM developers, which can be problematic for
>    subsystems that require no regressions for W=1 builds.
>
>  - Advertise all of the host-supported CPUID bits that enumerate IA32_SPEC_CTRL
>    "features".
>
>  - Don't force a masterclock update when a vCPU synchronizes to the current TSC
>    generation, as updating the masterclock can cause kvmclock's time to "jump"
>    unexpectedly, e.g. when userspace hotplugs a pre-created vCPU.
>
>  - Use RIP-relative address to read kvm_rebooting in the VM-Enter fault paths,
>    partly as a super minor optimization, but mostly to make KVM play nice with
>    position independent executable builds.
>
> ----------------------------------------------------------------

Pulled, thanks.

Paolo

> Jim Mattson (2):
>       KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
>       KVM: x86: Use a switch statement and macros in __feature_translate()
>
> Sean Christopherson (2):
>       KVM: x86: Turn off KVM_WERROR by default for all configs
>       KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug
>
> Uros Bizjak (1):
>       KVM: SVM,VMX: Use %rip-relative addressing to access kvm_rebooting
>
>  arch/x86/kvm/Kconfig         | 14 +++++++-------
>  arch/x86/kvm/cpuid.c         | 21 ++++++++++++++++++---
>  arch/x86/kvm/reverse_cpuid.h | 33 ++++++++++++++++++++++-----------
>  arch/x86/kvm/svm/vmenter.S   | 10 +++++-----
>  arch/x86/kvm/vmx/vmenter.S   |  2 +-
>  arch/x86/kvm/x86.c           | 29 ++++++++++++++++-------------
>  6 files changed, 69 insertions(+), 40 deletions(-)
>

Re: [GIT PULL] KVM: x86: LAM support for 6.8

[Paolo Bonzini]

On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@google.com> wrote:
>
> LAM virtualization support.  FWIW, I intended to send this in early-ish
> December as you've asked in the past, but December was basically a lost cause
> for me in terms of doing upstream work.  :-/
>
> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>
>   selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-lam-6.8
>
> for you to fetch changes up to 183bdd161c2b773a62f01d1c030f5a3a5b7c33b5:
>
>   KVM: x86: Use KVM-governed feature framework to track "LAM enabled" (2023-11-28 17:54:09 -0800)

Patches are surprisingly small for this. What's the state of tests
(https://www.spinics.net/lists/kvm/msg313712.html) though?

Thanks,

Paolo

> ----------------------------------------------------------------
> KVM x86 support for virtualizing Linear Address Masking (LAM)
>
> Add KVM support for Linear Address Masking (LAM).  LAM tweaks the canonicality
> checks for most virtual address usage in 64-bit mode, such that only the most
> significant bit of the untranslated address bits must match the polarity of the
> last translated address bit.  This allows software to use ignored, untranslated
> address bits for metadata, e.g. to efficiently tag pointers for address
> sanitization.
>
> LAM can be enabled separately for user pointers and supervisor pointers, and
> for userspace LAM can be select between 48-bit and 57-bit masking
>
>  - 48-bit LAM: metadata bits 62:48, i.e. LAM width of 15.
>  - 57-bit LAM: metadata bits 62:57, i.e. LAM width of 6.
>
> For user pointers, LAM enabling utilizes two previously-reserved high bits from
> CR3 (similar to how PCID_NOFLUSH uses bit 63): LAM_U48 and LAM_U57, bits 62 and
> 61 respectively.  Note, if LAM_57 is set, LAM_U48 is ignored, i.e.:
>
>  - CR3.LAM_U48=0 && CR3.LAM_U57=0 == LAM disabled for user pointers
>  - CR3.LAM_U48=1 && CR3.LAM_U57=0 == LAM-48 enabled for user pointers
>  - CR3.LAM_U48=x && CR3.LAM_U57=1 == LAM-57 enabled for user pointers
>
> For supervisor pointers, LAM is controlled by a single bit, CR4.LAM_SUP, with
> the 48-bit versus 57-bit LAM behavior following the current paging mode, i.e.:
>
>  - CR4.LAM_SUP=0 && CR4.LA57=x == LAM disabled for supervisor pointers
>  - CR4.LAM_SUP=1 && CR4.LA57=0 == LAM-48 enabled for supervisor pointers
>  - CR4.LAM_SUP=1 && CR4.LA57=1 == LAM-57 enabled for supervisor pointers
>
> The modified LAM canonicality checks:
>  - LAM_S48                : [ 1 ][ metadata ][ 1 ]
>                               63               47
>  - LAM_U48                : [ 0 ][ metadata ][ 0 ]
>                               63               47
>  - LAM_S57                : [ 1 ][ metadata ][ 1 ]
>                               63               56
>  - LAM_U57 + 5-lvl paging : [ 0 ][ metadata ][ 0 ]
>                               63               56
>  - LAM_U57 + 4-lvl paging : [ 0 ][ metadata ][ 0...0 ]
>                               63               56..47
>
> The bulk of KVM support for LAM is to emulate LAM's modified canonicality
> checks.  The approach taken by KVM is to "fill" the metadata bits using the
> highest bit of the translated address, e.g. for LAM-48, bit 47 is sign-extended
> to bits 62:48.  The most significant bit, 63, is *not* modified, i.e. its value
> from the raw, untagged virtual address is kept for the canonicality check. This
> untagging allows
>
> Aside from emulating LAM's canonical checks behavior, LAM has the usual KVM
> touchpoints for selectable features: enumeration (CPUID.7.1:EAX.LAM[bit 26],
> enabling via CR3 and CR4 bits, etc.
>
> ----------------------------------------------------------------
> Binbin Wu (9):
>       KVM: x86: Consolidate flags for __linearize()
>       KVM: x86: Add an emulation flag for implicit system access
>       KVM: x86: Add X86EMUL_F_INVLPG and pass it in em_invlpg()
>       KVM: x86/mmu: Drop non-PA bits when getting GFN for guest's PGD
>       KVM: x86: Add & use kvm_vcpu_is_legal_cr3() to check CR3's legality
>       KVM: x86: Remove kvm_vcpu_is_illegal_gpa()
>       KVM: x86: Introduce get_untagged_addr() in kvm_x86_ops and call it in emulator
>       KVM: x86: Untag addresses for LAM emulation where applicable
>       KVM: x86: Use KVM-governed feature framework to track "LAM enabled"
>
> Robert Hoo (3):
>       KVM: x86: Virtualize LAM for supervisor pointer
>       KVM: x86: Virtualize LAM for user pointer
>       KVM: x86: Advertise and enable LAM (user and supervisor)
>
>  arch/x86/include/asm/kvm-x86-ops.h |  1 +
>  arch/x86/include/asm/kvm_host.h    |  5 +++-
>  arch/x86/kvm/cpuid.c               |  2 +-
>  arch/x86/kvm/cpuid.h               | 13 +++++----
>  arch/x86/kvm/emulate.c             | 27 ++++++++++---------
>  arch/x86/kvm/governed_features.h   |  1 +
>  arch/x86/kvm/kvm_emulate.h         |  9 +++++++
>  arch/x86/kvm/mmu.h                 |  8 ++++++
>  arch/x86/kvm/mmu/mmu.c             |  2 +-
>  arch/x86/kvm/mmu/mmu_internal.h    |  1 +
>  arch/x86/kvm/mmu/paging_tmpl.h     |  2 +-
>  arch/x86/kvm/svm/nested.c          |  4 +--
>  arch/x86/kvm/vmx/nested.c          | 11 +++++---
>  arch/x86/kvm/vmx/sgx.c             |  1 +
>  arch/x86/kvm/vmx/vmx.c             | 55 ++++++++++++++++++++++++++++++++++++--
>  arch/x86/kvm/vmx/vmx.h             |  2 ++
>  arch/x86/kvm/x86.c                 | 18 +++++++++++--
>  arch/x86/kvm/x86.h                 |  2 ++
>  18 files changed, 134 insertions(+), 30 deletions(-)
>

Re: [GIT PULL] KVM: x86: SVM changes for 6.8

[Paolo Bonzini]

On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@google.com> wrote:
>
> A few minor fixes and cleanups, along with feature "enabling" for flush-by-ASID
> to play nice with newer versions of VMware Workstation that require it.
>
> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>
>   selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.8
>
> for you to fetch changes up to 72046d0a077a8f70d4d1e5bdeed324c1a310da8c:
>
>   KVM: SVM: Don't intercept IRET when injecting NMI and vNMI is enabled (2023-11-30 12:51:22 -0800)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM SVM changes for 6.8:
>
>  - Revert a bogus, made-up nested SVM consistency check for TLB_CONTROL.
>
>  - Advertise flush-by-ASID support for nSVM unconditionally, as KVM always
>    flushes on nested transitions, i.e. always satisfies flush requests.  This
>    allows running bleeding edge versions of VMware Workstation on top of KVM.
>
>  - Sanity check that the CPU supports flush-by-ASID when enabling SEV support.
>
>  - Fix a benign NMI virtualization bug where KVM would unnecessarily intercept
>    IRET when manually injecting an NMI, e.g. when KVM pends an NMI and injects
>    a second, "simultaneous" NMI.
>
> ----------------------------------------------------------------
> Sean Christopherson (4):
>       Revert "nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB"
>       KVM: nSVM: Advertise support for flush-by-ASID
>       KVM: SVM: Explicitly require FLUSHBYASID to enable SEV support
>       KVM: SVM: Don't intercept IRET when injecting NMI and vNMI is enabled
>
>  arch/x86/kvm/svm/nested.c | 15 ---------------
>  arch/x86/kvm/svm/sev.c    |  7 +++++--
>  arch/x86/kvm/svm/svm.c    | 18 ++++++++++++++++--
>  3 files changed, 21 insertions(+), 19 deletions(-)
>

Re: [GIT PULL] KVM: x86: Xen change for 6.8

[Paolo Bonzini]

On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@google.com> wrote:
>
> A single Xen fix (of sorts) to let userspace workaround buggy guests that don't
> react well to KVM setting the "stable TSC" bit in Xen PV clocks.
>
> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>
>   selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-xen-6.8
>
> for you to fetch changes up to 6d72283526090850274d065cd5d60af732cc5fc8:
>
>   KVM x86/xen: add an override for PVCLOCK_TSC_STABLE_BIT (2023-12-07 15:52:57 -0800)

Pulled, thanks.

Paolo



> ----------------------------------------------------------------
> KVM Xen change for 6.8:
>
> To workaround Xen guests that don't expect Xen PV clocks to be marked as being
> based on a stable TSC, add a Xen config knob to allow userspace to opt out of
> KVM setting the "TSC stable" bit in Xen PV clocks.  Note, the "TSC stable" bit
> was added to the PVCLOCK ABI by KVM without an ack from Xen, i.e. KVM isn't
> entirely blameless for the buggy guest behavior.
>
> ----------------------------------------------------------------
> Paul Durrant (1):
>       KVM x86/xen: add an override for PVCLOCK_TSC_STABLE_BIT
>
>  Documentation/virt/kvm/api.rst |  6 ++++++
>  arch/x86/kvm/x86.c             | 28 +++++++++++++++++++++++-----
>  arch/x86/kvm/xen.c             |  9 ++++++++-
>  include/uapi/linux/kvm.h       |  1 +
>  4 files changed, 38 insertions(+), 6 deletions(-)
>

Re: [GIT PULL] KVM: x86: LAM support for 6.8

[Binbin Wu]

On 1/8/2024 9:04 PM, Paolo Bonzini wrote:
> On Thu, Jan 4, 2024 at 8:33 PM Sean Christopherson <seanjc@google.com> wrote:
>> LAM virtualization support.  FWIW, I intended to send this in early-ish
>> December as you've asked in the past, but December was basically a lost cause
>> for me in terms of doing upstream work.  :-/
>>
>> The following changes since commit e9e60c82fe391d04db55a91c733df4a017c28b2f:
>>
>>    selftests/kvm: fix compilation on non-x86_64 platforms (2023-11-21 11:58:25 -0500)
>>
>> are available in the Git repository at:
>>
>>    https://github.com/kvm-x86/linux.git tags/kvm-x86-lam-6.8
>>
>> for you to fetch changes up to 183bdd161c2b773a62f01d1c030f5a3a5b7c33b5:
>>
>>    KVM: x86: Use KVM-governed feature framework to track "LAM enabled" (2023-11-28 17:54:09 -0800)
> Patches are surprisingly small for this. What's the state of tests
> (https://www.spinics.net/lists/kvm/msg313712.html) though?

The patch series is tested by the LAM kselftest cases as well as
a set of test cases[1] in kvm-unit-tests.

[1] 
https://lore.kernel.org/kvm/20230530024356.24870-1-binbin.wu@linux.intel.com/
Will send a new version with minor change to resolve a feedback soon.


>
> Thanks,
>
> Paolo
>
>> ----------------------------------------------------------------
>> KVM x86 support for virtualizing Linear Address Masking (LAM)
>>
>> Add KVM support for Linear Address Masking (LAM).  LAM tweaks the canonicality
>> checks for most virtual address usage in 64-bit mode, such that only the most
>> significant bit of the untranslated address bits must match the polarity of the
>> last translated address bit.  This allows software to use ignored, untranslated
>> address bits for metadata, e.g. to efficiently tag pointers for address
>> sanitization.
>>
>> LAM can be enabled separately for user pointers and supervisor pointers, and
>> for userspace LAM can be select between 48-bit and 57-bit masking
>>
>>   - 48-bit LAM: metadata bits 62:48, i.e. LAM width of 15.
>>   - 57-bit LAM: metadata bits 62:57, i.e. LAM width of 6.
>>
>> For user pointers, LAM enabling utilizes two previously-reserved high bits from
>> CR3 (similar to how PCID_NOFLUSH uses bit 63): LAM_U48 and LAM_U57, bits 62 and
>> 61 respectively.  Note, if LAM_57 is set, LAM_U48 is ignored, i.e.:
>>
>>   - CR3.LAM_U48=0 && CR3.LAM_U57=0 == LAM disabled for user pointers
>>   - CR3.LAM_U48=1 && CR3.LAM_U57=0 == LAM-48 enabled for user pointers
>>   - CR3.LAM_U48=x && CR3.LAM_U57=1 == LAM-57 enabled for user pointers
>>
>> For supervisor pointers, LAM is controlled by a single bit, CR4.LAM_SUP, with
>> the 48-bit versus 57-bit LAM behavior following the current paging mode, i.e.:
>>
>>   - CR4.LAM_SUP=0 && CR4.LA57=x == LAM disabled for supervisor pointers
>>   - CR4.LAM_SUP=1 && CR4.LA57=0 == LAM-48 enabled for supervisor pointers
>>   - CR4.LAM_SUP=1 && CR4.LA57=1 == LAM-57 enabled for supervisor pointers
>>
>> The modified LAM canonicality checks:
>>   - LAM_S48                : [ 1 ][ metadata ][ 1 ]
>>                                63               47
>>   - LAM_U48                : [ 0 ][ metadata ][ 0 ]
>>                                63               47
>>   - LAM_S57                : [ 1 ][ metadata ][ 1 ]
>>                                63               56
>>   - LAM_U57 + 5-lvl paging : [ 0 ][ metadata ][ 0 ]
>>                                63               56
>>   - LAM_U57 + 4-lvl paging : [ 0 ][ metadata ][ 0...0 ]
>>                                63               56..47
>>
>> The bulk of KVM support for LAM is to emulate LAM's modified canonicality
>> checks.  The approach taken by KVM is to "fill" the metadata bits using the
>> highest bit of the translated address, e.g. for LAM-48, bit 47 is sign-extended
>> to bits 62:48.  The most significant bit, 63, is *not* modified, i.e. its value
>> from the raw, untagged virtual address is kept for the canonicality check. This
>> untagging allows
>>
>> Aside from emulating LAM's canonical checks behavior, LAM has the usual KVM
>> touchpoints for selectable features: enumeration (CPUID.7.1:EAX.LAM[bit 26],
>> enabling via CR3 and CR4 bits, etc.
>>
>> ----------------------------------------------------------------
>> Binbin Wu (9):
>>        KVM: x86: Consolidate flags for __linearize()
>>        KVM: x86: Add an emulation flag for implicit system access
>>        KVM: x86: Add X86EMUL_F_INVLPG and pass it in em_invlpg()
>>        KVM: x86/mmu: Drop non-PA bits when getting GFN for guest's PGD
>>        KVM: x86: Add & use kvm_vcpu_is_legal_cr3() to check CR3's legality
>>        KVM: x86: Remove kvm_vcpu_is_illegal_gpa()
>>        KVM: x86: Introduce get_untagged_addr() in kvm_x86_ops and call it in emulator
>>        KVM: x86: Untag addresses for LAM emulation where applicable
>>        KVM: x86: Use KVM-governed feature framework to track "LAM enabled"
>>
>> Robert Hoo (3):
>>        KVM: x86: Virtualize LAM for supervisor pointer
>>        KVM: x86: Virtualize LAM for user pointer
>>        KVM: x86: Advertise and enable LAM (user and supervisor)
>>
>>   arch/x86/include/asm/kvm-x86-ops.h |  1 +
>>   arch/x86/include/asm/kvm_host.h    |  5 +++-
>>   arch/x86/kvm/cpuid.c               |  2 +-
>>   arch/x86/kvm/cpuid.h               | 13 +++++----
>>   arch/x86/kvm/emulate.c             | 27 ++++++++++---------
>>   arch/x86/kvm/governed_features.h   |  1 +
>>   arch/x86/kvm/kvm_emulate.h         |  9 +++++++
>>   arch/x86/kvm/mmu.h                 |  8 ++++++
>>   arch/x86/kvm/mmu/mmu.c             |  2 +-
>>   arch/x86/kvm/mmu/mmu_internal.h    |  1 +
>>   arch/x86/kvm/mmu/paging_tmpl.h     |  2 +-
>>   arch/x86/kvm/svm/nested.c          |  4 +--
>>   arch/x86/kvm/vmx/nested.c          | 11 +++++---
>>   arch/x86/kvm/vmx/sgx.c             |  1 +
>>   arch/x86/kvm/vmx/vmx.c             | 55 ++++++++++++++++++++++++++++++++++++--
>>   arch/x86/kvm/vmx/vmx.h             |  2 ++
>>   arch/x86/kvm/x86.c                 | 18 +++++++++++--
>>   arch/x86/kvm/x86.h                 |  2 ++
>>   18 files changed, 134 insertions(+), 30 deletions(-)
>>
>