Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp806179ybx; Fri, 1 Nov 2019 11:31:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqx/Gnhl6s0KXiC27OqAUUA2Va4CtMjpqXrw+xZi6iXkMmKYMnbyBtwjsxfgM+xTks8H/yaF X-Received: by 2002:a17:906:2cd4:: with SMTP id r20mr10965965ejr.307.1572633072596; Fri, 01 Nov 2019 11:31:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572633072; cv=none; d=google.com; s=arc-20160816; b=tPQuBuCE8yKho/+QTdNC9g6u1yFjiAMW4LRckDBDLgRGt38fCyUdwJNYXvZdk8oR9B T33AIobAQLqizYo+S/iBzAasc+5ED+r2jJr6rn1dudGurFl84b5xQw+uWFbPteHgQBB/ U+QafVxMjB5AhjLi3cuj94KAi6QmTVK6kVtXDgvV8Rk7NAvTPIxiMcP+OVjfIczH6yDy OI9H3/iN2+cp+7FsVUEsWQ3e5wfJmiBqLb5tn2BLzcnNRkGIwpiusO/xyjtHba5LnyWL UR6O2gS0tH2n8d85d/n8kdUs3cB35nJMNTtqatX/DWQo4E1Wpq7Xa1036idUGEW0u4aF +iXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=9TFUU0VzHDXJnyCpiU6F6S+f4IqiuMpQ1VoUi3wfR0c=; b=0DTilMgGOLjgYc1orXwVCATZni1T4VCvvejfbxbdU9gkIHu2sFzA6Q/SqSmKnEaPcx HuGtMgwr+QfNIBrB5lYYPfM2RXFTyZP3r422rYRhpE2eR9ba4QTGnRo0Ze/1QXbcLptd lgYTo8y51rXWIwhcvbKCxzZW+K3mhAqDJCte1gWffW/8l+hdyUf7+vCxHNTSCJAFkiKS vEWr2TkHBlyYIu1dvRR/2udPr+b7b1No47cJ0hpeZJz2JcoqsvVjr08M1CKKldOm0n6A TaWtpxsLrBtVQZvCtZ3XZdDnM8LlC3W9VfEU0de2oOkZGuVEakD2dQGBvleqPB1aYnfC rAEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="MaxHt/+m"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w30si1022265edd.137.2019.11.01.11.30.48; Fri, 01 Nov 2019 11:31:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="MaxHt/+m"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727401AbfKAS3f (ORCPT + 99 others); Fri, 1 Nov 2019 14:29:35 -0400 Received: from mail-io1-f67.google.com ([209.85.166.67]:42415 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726532AbfKAS3e (ORCPT ); Fri, 1 Nov 2019 14:29:34 -0400 Received: by mail-io1-f67.google.com with SMTP id k1so11872112iom.9 for ; Fri, 01 Nov 2019 11:29:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9TFUU0VzHDXJnyCpiU6F6S+f4IqiuMpQ1VoUi3wfR0c=; b=MaxHt/+mx78gQBGBk76n6MGcKzQD/d2Q//mL/eFBppnw/fSrPNexufzC/trzGpMows +NxstIC6SvnZoYWezP6XxWiIkGMuzmdIvVxi7TurEd4laj8KpnvVjYhM6kWx+CwVbiQg nb6VUf/cgygiG7jtOV8zbWD8D64Md/6xPzEOYve7x8YaiHo7cgpuHhP5PXo5Qh1DFpzn zvmPxvv9GtfDIk4zkyaw6iilTXIdBdeRf1WH4KTQKalfPuoUVikvDYCkId6S0hs9D2JN 1B5FCy+WJMm8ipl19rAxxRjJ/eZLBerMOSr9G2r7TOkTdY0QpG83DZeieQ7bb1N66DKF nNmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9TFUU0VzHDXJnyCpiU6F6S+f4IqiuMpQ1VoUi3wfR0c=; b=sgthMhue7kFHfGWWEthB0pubd5y19ailAjzm0QIk2313KKdKPYwSFT0RxVpUtGhCby U3wTSBAeeDbourXch/MkSc2NGvvLj4QuMHLWrrO45+mrPSaYAGKu1AwnY846hkCXo6Cc 8T6JS/puxq1RnbY1E7NmZLuD8Moe73Xy7HpQrr9tqMKnEKqiyOPL3hBi6//4qI7BYsMf 6TQffywjAQMPPebK4SLv2usQ7xQrW1OrdyPgl7lOsk5Y0Emkq+KhA4qjl6mErmNFVyv+ wrhoJOJD+lrNx18s0+kvbAyrqDcw1rAgBugDJrxttIOrzpo8Ox54ag4RZgSOxSoI6Sor ey+A== X-Gm-Message-State: APjAAAWJnpGDp+QWoC7cA6IOtijxRPkDvtaQiqf2qnn4osI+cJlDFOI3 TErTrOl9KIJK1+s8D0G16jnLHTNm7KiEdhQKWo5cpQ== X-Received: by 2002:a5d:8d8f:: with SMTP id b15mr11847661ioj.296.1572632973507; Fri, 01 Nov 2019 11:29:33 -0700 (PDT) MIME-Version: 1.0 References: <157262960837.2838.17520432516398899751.stgit@naples-babu.amd.com> <157262962352.2838.15656190309312238595.stgit@naples-babu.amd.com> In-Reply-To: <157262962352.2838.15656190309312238595.stgit@naples-babu.amd.com> From: Jim Mattson Date: Fri, 1 Nov 2019 11:29:22 -0700 Message-ID: Subject: Re: [PATCH 2/4] kvm: svm: Enable UMIP feature on AMD To: "Moger, Babu" Cc: "tglx@linutronix.de" , "mingo@redhat.com" , "bp@alien8.de" , "hpa@zytor.com" , "pbonzini@redhat.com" , "rkrcmar@redhat.com" , "sean.j.christopherson@intel.com" , "vkuznets@redhat.com" , "wanpengli@tencent.com" , "x86@kernel.org" , "joro@8bytes.org" , "luto@kernel.org" , "zohar@linux.ibm.com" , "yamada.masahiro@socionext.com" , "nayna@linux.ibm.com" , "linux-kernel@vger.kernel.org" , "kvm@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 1, 2019 at 10:33 AM Moger, Babu wrote: > > AMD 2nd generation EPYC processors support UMIP (User-Mode Instruction > Prevention) feature. The UMIP feature prevents the execution of certain > instructions if the Current Privilege Level (CPL) is greater than 0. > If any of these instructions are executed with CPL > 0 and UMIP > is enabled, then kernel reports a #GP exception. > > The idea is taken from articles: > https://lwn.net/Articles/738209/ > https://lwn.net/Articles/694385/ > > Enable the feature if supported on bare metal and emulate instructions > to return dummy values for certain cases. > > Signed-off-by: Babu Moger > --- > arch/x86/kvm/svm.c | 21 ++++++++++++++++----- > 1 file changed, 16 insertions(+), 5 deletions(-) > > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c > index 4153ca8cddb7..79abbdeca148 100644 > --- a/arch/x86/kvm/svm.c > +++ b/arch/x86/kvm/svm.c > @@ -2533,6 +2533,11 @@ static void svm_decache_cr4_guest_bits(struct kvm_vcpu *vcpu) > { > } > > +static bool svm_umip_emulated(void) > +{ > + return boot_cpu_has(X86_FEATURE_UMIP); > +} This makes no sense to me. If the hardware actually supports UMIP, then it doesn't have to be emulated. To the extent that kvm emulates UMIP on Intel CPUs without hardware UMIP (i.e. smsw is still allowed at CPL>0), we can always do the same emulation on AMD, because SVM has always offered intercepts of sgdt, sidt, sldt, and str. So, if you really want to offer this emulation on pre-EPYC 2 CPUs, this function should just return true. But, I have to ask, "why?" *Virtualization* of UMIP on EPYC 2 already works without any of these changes. > static void update_cr0_intercept(struct vcpu_svm *svm) > { > ulong gcr0 = svm->vcpu.arch.cr0; > @@ -4438,6 +4443,13 @@ static int interrupt_window_interception(struct vcpu_svm *svm) > return 1; > } > > +static int umip_interception(struct vcpu_svm *svm) > +{ > + struct kvm_vcpu *vcpu = &svm->vcpu; > + > + return kvm_emulate_instruction(vcpu, 0); > +} > + > static int pause_interception(struct vcpu_svm *svm) > { > struct kvm_vcpu *vcpu = &svm->vcpu; > @@ -4775,6 +4787,10 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { > [SVM_EXIT_SMI] = nop_on_interception, > [SVM_EXIT_INIT] = nop_on_interception, > [SVM_EXIT_VINTR] = interrupt_window_interception, > + [SVM_EXIT_IDTR_READ] = umip_interception, > + [SVM_EXIT_GDTR_READ] = umip_interception, > + [SVM_EXIT_LDTR_READ] = umip_interception, > + [SVM_EXIT_TR_READ] = umip_interception, > [SVM_EXIT_RDPMC] = rdpmc_interception, > [SVM_EXIT_CPUID] = cpuid_interception, > [SVM_EXIT_IRET] = iret_interception, > @@ -5976,11 +5992,6 @@ static bool svm_xsaves_supported(void) > return boot_cpu_has(X86_FEATURE_XSAVES); > } > > -static bool svm_umip_emulated(void) > -{ > - return false; > -} > - > static bool svm_pt_supported(void) > { > return false; >