From: Tom Lendacky <[email protected]>
This series updates the INVD intercept support for both SVM and VMX to
skip the instruction rather than emulating it, since emulation of this
instruction is just a NOP.
For SVM, it requires creating a dedicated INVD intercept routine that
invokes kvm_skip_emulated_instruction(). The current support uses the
common emulate_on_interception() routine, which does not work for SEV
guests, and so a Fixes: tag is added.
For VMX, which already has a dedicated INVD intercept routine, it changes
kvm_emulate_instruction() into a call to kvm_skip_emulated_instruction().
Tom Lendacky (2):
KVM: SVM: Add a dedicated INVD intercept routine
KVM: VMX: Do not perform emulation for INVD intercept
arch/x86/kvm/svm/svm.c | 8 +++++++-
arch/x86/kvm/vmx/vmx.c | 3 ++-
2 files changed, 9 insertions(+), 2 deletions(-)
--
2.28.0
From: Tom Lendacky <[email protected]>
The INVD instruction is emulated as a NOP, just skip the instruction
instead.
Signed-off-by: Tom Lendacky <[email protected]>
---
arch/x86/kvm/vmx/vmx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 8646a797b7a8..f8075d3acf9c 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -5148,7 +5148,8 @@ static int handle_vmcall(struct kvm_vcpu *vcpu)
static int handle_invd(struct kvm_vcpu *vcpu)
{
- return kvm_emulate_instruction(vcpu, 0);
+ /* Treat an INVD instruction as a NOP and just skip it. */
+ return kvm_skip_emulated_instruction(vcpu);
}
static int handle_invlpg(struct kvm_vcpu *vcpu)
--
2.28.0
From: Tom Lendacky <[email protected]>
The INVD instruction intercept performs emulation. Emulation can't be done
on an SEV guest because the guest memory is encrypted.
Provide a dedicated intercept routine for the INVD intercept. And since
the instruction is emulated as a NOP, just skip it instead.
Fixes: 1654efcbc431 ("KVM: SVM: Add KVM_SEV_INIT command")
Signed-off-by: Tom Lendacky <[email protected]>
---
arch/x86/kvm/svm/svm.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index c91acabf18d0..66d225899781 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2183,6 +2183,12 @@ static int iret_interception(struct vcpu_svm *svm)
return 1;
}
+static int invd_interception(struct vcpu_svm *svm)
+{
+ /* Treat an INVD instruction as a NOP and just skip it. */
+ return kvm_skip_emulated_instruction(&svm->vcpu);
+}
+
static int invlpg_interception(struct vcpu_svm *svm)
{
if (!static_cpu_has(X86_FEATURE_DECODEASSISTS))
@@ -2774,7 +2780,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
[SVM_EXIT_RDPMC] = rdpmc_interception,
[SVM_EXIT_CPUID] = cpuid_interception,
[SVM_EXIT_IRET] = iret_interception,
- [SVM_EXIT_INVD] = emulate_on_interception,
+ [SVM_EXIT_INVD] = invd_interception,
[SVM_EXIT_PAUSE] = pause_interception,
[SVM_EXIT_HLT] = halt_interception,
[SVM_EXIT_INVLPG] = invlpg_interception,
--
2.28.0
On Thu, Sep 24, 2020 at 11:42 AM Tom Lendacky <[email protected]> wrote:
>
> From: Tom Lendacky <[email protected]>
>
> This series updates the INVD intercept support for both SVM and VMX to
> skip the instruction rather than emulating it, since emulation of this
> instruction is just a NOP.
Isn't INVD a serializing instruction, whereas NOP isn't? IIRC, Intel
doesn't architect VM-entry or VM-exit as serializing, though they
probably are in practice. I'm not sure what AMD's stance on this is.
On 24/09/20 23:20, Jim Mattson wrote:
> On Thu, Sep 24, 2020 at 11:42 AM Tom Lendacky <[email protected]> wrote:
>>
>> From: Tom Lendacky <[email protected]>
>>
>> This series updates the INVD intercept support for both SVM and VMX to
>> skip the instruction rather than emulating it, since emulation of this
>> instruction is just a NOP.
>
> Isn't INVD a serializing instruction, whereas NOP isn't? IIRC, Intel
> doesn't architect VM-entry or VM-exit as serializing, though they
> probably are in practice. I'm not sure what AMD's stance on this is.
Of course that isn't changed by this patch, though.
Queuing both, but a clarification would be useful. The same applies
even to CPUID.
Paolo