Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp3314051pxb; Tue, 12 Jan 2021 11:22:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJz+VRTnfAWZgVdkP4G2XoDDz/QoqLZl2/7kmBs6icvcuOs0YgkIJsybyt9nsYqgL6wpG/vn X-Received: by 2002:a17:906:fc3:: with SMTP id c3mr252516ejk.474.1610479376339; Tue, 12 Jan 2021 11:22:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610479376; cv=none; d=google.com; s=arc-20160816; b=h3Wjib+7/wrQDPUUSEtfBYIOsDiY2PQrq4uP8OKQW7UkYIZDXZFWs3Cp9i6yXLXS1v Lic0i1Auz1OE+rgDfHzT5UAN0GfjZFxmpfAUMVpwtohy4L0f0m5QFXMqGjRLTGLQvEHB Juf/VYlCArXsqZ3ZWpMyCHB1aBfz5gw/zkR7JfBjfz5TQKZ8pbX2dpmc9umkXZCysU9y /VmN/6h5HylYIQRtqzG0ZUVf9SVXtRxFM2dTLzQKUHJqNtlpo6No5Km9lIiGQ41G3G66 OAtrh9UJ1411Gngh2JJ9ECHaVKNftBpwPYhOzyx8UFNceJqrLNsUmztxvL4qDV5XsOjS hLrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=y3BN6cdHxTPioMesR4FBydVJOaDJxTOw5Es7yLBlgtQ=; b=bqwTrOh9JSV/QpJ8oQO/Qk2neRQIjCf094mmOXENYJUYWUumODbKMUWPCAZW5ROcL5 lWZnD0uzM9E5Twk2uMFM+QfeFiEyC75ycVcRGMS4FWgT+R1hFxWRGC36eE41rfUnESH1 hddadVujfIiqrD2vu0FK85QzqRzz3BkQ+v4a5eZ4iNJ5CGDiOsKvuJ+TbLIV3KCD/GHE AS/I9R9nmTTE2Cv8mfgzJDsN3boiCVI7MnQZGBOe3UmkFCB0jRk2lW3bQBpKCLOjCCle +PCxoh4JL1c5bMkufvb20Ix57MponIq6uKeNcO4isZ67DV6F4Zp3ne44a/Yy0S0yy4Px CL6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Bjo+TQpW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gl20si419304ejb.295.2021.01.12.11.22.20; Tue, 12 Jan 2021 11:22:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Bjo+TQpW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2436498AbhALTSv (ORCPT + 99 others); Tue, 12 Jan 2021 14:18:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2436478AbhALTSu (ORCPT ); Tue, 12 Jan 2021 14:18:50 -0500 Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85B0CC06179F for ; Tue, 12 Jan 2021 11:18:10 -0800 (PST) Received: by mail-pf1-x42b.google.com with SMTP id w2so1947485pfc.13 for ; Tue, 12 Jan 2021 11:18:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=y3BN6cdHxTPioMesR4FBydVJOaDJxTOw5Es7yLBlgtQ=; b=Bjo+TQpWX3cDqpcuJkY96UOghaTmpGhXsI+LVtsfjQ6+BGjFmU06v1fGF9UcFMlPBz cExL1+MMhC2VIRF2TbJJTVcTx3bDc0tXzyjtUq2FAZTrDTZkRv8Netu3/zmUvbgfGoDH 8AJVAUh9EUHvhqCdaQ6uA2V5efeqP1dK6U9TAQ92hqmHVFE8f1iIUKJzF/AmBc8LmGmD kVTDW9Lc+CF9eYTWLAUrrpUWAlr00YeIuqbRRtdCIZjFIuo+49ZCd4ScgIkb3D7mqrvr fhFRDZoP81lqG4HeWPalex0+TgKjrW2O5VN4Y6ucoUdDHE7peJwqXc3AWy3l1XdZr6Gx t3Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=y3BN6cdHxTPioMesR4FBydVJOaDJxTOw5Es7yLBlgtQ=; b=Ywgp08QkXXGRjZs+AGpPKA2Vy4Toh14v3B0n/Eigu8zq4dne+f7Hi5UhOfe5KMJ58S lik2NdATh1Opc4nbM36rzb9AnhA9TCwlYeZBSI3JFnGimKb6SkmeQYhCIbhUXblH+vBy Z75Hu4xPjOk9CxRN5dQSZwZnENpMldCtxt97WXRbCTmnqBxlHFnwi+zbjtMPiQx1Bx+Q HEX9Jx3KdAJGVWT27kFdC6Xcr2GTgq9NppviitQRn/V6FWmundAYh0HOIzIIvR7qCKbs e2p7aulR4fE2G1SnAkVYvZctqW7E5VG64FMeTANptCPcJXIIv8zhMfTv5VPdLSXhDoue SxeA== X-Gm-Message-State: AOAM530IqKGA4tCFg0Z6mYHdXHih9oAejMNysZj6txgAK/4ZkeXOtxUp VMwGhJWtJxEjl0+TldqjGR/vlQ== X-Received: by 2002:a62:5e44:0:b029:1a4:daae:e765 with SMTP id s65-20020a625e440000b02901a4daaee765mr757856pfb.8.1610479089830; Tue, 12 Jan 2021 11:18:09 -0800 (PST) Received: from google.com ([2620:15c:f:10:1ea0:b8ff:fe73:50f5]) by smtp.gmail.com with ESMTPSA id g26sm3995862pfo.35.2021.01.12.11.18.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Jan 2021 11:18:09 -0800 (PST) Date: Tue, 12 Jan 2021 11:18:02 -0800 From: Sean Christopherson To: Wei Huang Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, joro@8bytes.org, bp@alien8.de, tglx@linutronix.de, mingo@redhat.com, x86@kernel.org, jmattson@google.com, wanpengli@tencent.com, bsd@redhat.com, dgilbert@redhat.com, mlevitsk@redhat.com Subject: Re: [PATCH 2/2] KVM: SVM: Add support for VMCB address check change Message-ID: References: <20210112063703.539893-1-wei.huang2@amd.com> <20210112063703.539893-2-wei.huang2@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210112063703.539893-2-wei.huang2@amd.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 12, 2021, Wei Huang wrote: > New AMD CPUs have a change that checks VMEXIT intercept on special SVM > instructions before checking their EAX against reserved memory region. > This change is indicated by CPUID_0x8000000A_EDX[28]. If it is 1, KVM > doesn't need to intercept and emulate #GP faults for such instructions > because #GP isn't supposed to be triggered. > > Co-developed-by: Bandan Das > Signed-off-by: Bandan Das > Signed-off-by: Wei Huang > --- > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/kvm/svm/svm.c | 2 +- > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 84b887825f12..ea89d6fdd79a 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -337,6 +337,7 @@ > #define X86_FEATURE_AVIC (15*32+13) /* Virtual Interrupt Controller */ > #define X86_FEATURE_V_VMSAVE_VMLOAD (15*32+15) /* Virtual VMSAVE VMLOAD */ > #define X86_FEATURE_VGIF (15*32+16) /* Virtual GIF */ > +#define X86_FEATURE_SVME_ADDR_CHK (15*32+28) /* "" SVME addr check */ Heh, KVM should advertise this to userspace by setting the kvm_cpu_cap bit. KVM KVM forwards relevant VM-Exits to L1 without checking if rAX points at an invalid L1 GPA. > /* Intel-defined CPU features, CPUID level 0x00000007:0 (ECX), word 16 */ > #define X86_FEATURE_AVX512VBMI (16*32+ 1) /* AVX512 Vector Bit Manipulation instructions*/ > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index 74620d32aa82..451b82df2eab 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -311,7 +311,7 @@ int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer) > svm->vmcb->save.efer = efer | EFER_SVME; > vmcb_mark_dirty(svm->vmcb, VMCB_CR); > /* Enable GP interception for SVM instructions if needed */ > - if (efer & EFER_SVME) > + if ((efer & EFER_SVME) && !boot_cpu_has(X86_FEATURE_SVME_ADDR_CHK)) > set_exception_intercept(svm, GP_VECTOR); > > return 0; > -- > 2.27.0 >