Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C118EC433FE for ; Tue, 7 Dec 2021 14:43:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238143AbhLGOrU (ORCPT ); Tue, 7 Dec 2021 09:47:20 -0500 Received: from mail-bn8nam11on2054.outbound.protection.outlook.com ([40.107.236.54]:61120 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S231565AbhLGOrS (ORCPT ); Tue, 7 Dec 2021 09:47:18 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NrkHczLFeIetTkfrbttll1mMggKV9lI10JqhYDCXvYzmwvo4LZwmW+J1CDCnYO4ihIDB7tNIeJBrp8YdacPvV4tgbr6fD/QzDfRddp7DI4fxMxhD+LgWSd5YPkh2zjRtuYDuF2sgIE4LYvk8kqz8/A3ZOLgf0Mnj162rMusBTpYNE0XTp23DBZQSSH4+o9/8QkCYUxQ8YwX5/1B5DyMfBt8iqAW52XwWLERqy7FRCWOmjD7vZvTJSMIb7PYL3Nee1w1WzoQ+xVVZ//QG4mFhLCJCnJDWzHSErUYdy/ZaDc/pb0OvMSboV/7gmW3mfoj9+ykKeAZm47QB1QLv20WiHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Wn4puSaM1Hqgt+Gtq2dTXypsp6rOpjrm5JxN63f2Upw=; b=IiolOeWuuziwNKErgtkuFbzNnMgvHGa1T8e0/xPMVbWCHZ2XfxVvpf/YZSVTNE3U6SUHG9XWnJWpL3blLg8FDt9BCzDoP/sAaq8IcNDDbj3QoCedv5/L6lAeTPM2xxJstJ5v2rM029+o9v+YiGx2uWdVDX+uVTIyQ8aFtA+GCt/Pkh/NrdO61RAU/3b2z348k/AkGbQsKdvP2J/PQYEKFyK2V7PhtcRUi/8ofuxnvDYiv+3zZ8v+fZco4duocHhxLsj0lTntW2ZfT1ko6jZkqsd8XwmgFoJMPdLPDl2+8SF8tmJhcE1yxhjanKf29vDNpnCcZjILXUdI00gOVdi6fA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Wn4puSaM1Hqgt+Gtq2dTXypsp6rOpjrm5JxN63f2Upw=; b=Vqge0doc67Dd64yzZV7qKvtshCqva6FtNOr0iJun1VnKADmH2gfmtPj0MuQvTNbr5En7v/PPu/FNZrxFXAW5kotzq+/Oc31Q8sMwLk+Y+k5Cn4H+qrhAongwB0dw3zDVL6rh04pl/Wh1AWLnUrNTzp04TnUeg0xfZD/xIV4iW2k= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM8PR12MB5495.namprd12.prod.outlook.com (2603:10b6:8:33::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21; Tue, 7 Dec 2021 14:43:46 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::1ddd:71e4:5803:e44a]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::1ddd:71e4:5803:e44a%3]) with mapi id 15.20.4734.028; Tue, 7 Dec 2021 14:43:46 +0000 Subject: Re: [PATCH] KVM: x86: Always set kvm_run->if_flag To: Marc Orr , pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org References: <20211207043100.3357474-1-marcorr@google.com> From: Tom Lendacky Message-ID: Date: Tue, 7 Dec 2021 08:43:43 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: <20211207043100.3357474-1-marcorr@google.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH2PR04CA0008.namprd04.prod.outlook.com (2603:10b6:610:52::18) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) MIME-Version: 1.0 Received: from [10.236.30.241] (165.204.77.1) by CH2PR04CA0008.namprd04.prod.outlook.com (2603:10b6:610:52::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.17 via Frontend Transport; Tue, 7 Dec 2021 14:43:44 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5a7dcb25-ad05-437b-0d60-08d9b98ff8f5 X-MS-TrafficTypeDiagnostic: DM8PR12MB5495:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: riGGlv6tGTNQpYDK9XytDxuqyt/M0GcV2nHp/GnKXK8x0HyT7au4EWnOU9FRknOAydQki11acyvTtGGOqwV8+Wk5h4o3ZURlKkp+PqRG3nTtm+4F+DGOfJka/3ctVLyxWUx2B3UBkPgEOK0nRgkBlv1L240LH7JR1g8v0/eAQr138547LvN7Eq/2pp7tDJJBRq5D7eV/wZjItWM2UGAlId2hlOne0b4rSAsXFPQnzZIS+b6OTLS7UVq94+UIY1KOcyAalSIm1B1gsYyPqdtkSFqVWqja+rqMvxHdzL8TyQ8bGY2McnTpDTFdBmezWGdXDBYeULV8qsCxYU/H+wX3SiiKYw202oBCloFITmka3BGtntqBcjxQh9LUNNwTfmVKphzPKvLb2tLXMLw/zHUUNlOwSLrdo9y7yBcD02dyQS95uV3nDSzGAOBAQ3aaBt6OTtUF0oYv2YuhnvHLBMv3VG0Nk0iUeUF3awBO79ZloecSHraFObGrX6Bo05zDmhYIp31VrPHz3798VApWMIABiNf0W8LcKICzazu6KGmT0zUGiK8jJAnafdetekL0yak4iylXQAydQaO6d5SSrLBVPqQSKI6wG/1Mqdyf/mVfDwmSjRkXWfxvaAGC2i1xcavEWRB+dvJI1QD3gYVqTmoWW5M6gbpMfBwaVRXQMx0FRVK3Jh7nRH19YjQE3vnLePyESTYO9pkfIoS7oxdHlSKIQmMODbwHTIDVUNKqzWLoo5OgutRyKVGchyAUDOpT0HwirpZkZwQkpt3nsTrEEfhehA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(921005)(38100700002)(508600001)(7416002)(8676002)(8936002)(6486002)(2616005)(956004)(86362001)(31686004)(316002)(66556008)(53546011)(36756003)(2906002)(66946007)(66476007)(31696002)(83380400001)(186003)(26005)(16576012)(5660300002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MkZkTzNaQUVDQ05GdVR1dVA3dVFab2xVdHlCQUpvV0x3TWlpTFg3NWhoZysv?= =?utf-8?B?T0VZbXlpdTZSSmxuS2hSM2p5eFdEVGs4NWtWaWxvZm5nRGpnNkdhazlYNisz?= =?utf-8?B?a0p6dnpoanVUVU9lK0VxcTg4aEZFbmpsVzUzWDVEcTJ6TS85V1RBcHBzUFls?= =?utf-8?B?bGVIcG5rWFNDVFVrKzhsNVpQRVZzZnNwbUVPNmZ2SVVOQS9QU1Z5R0lqRnlo?= =?utf-8?B?YVVXYXl5NVo0T3J2REU3ampnRi9XRHhVd3VxUXBlYzl1MFhjdWNXanh4UVM4?= =?utf-8?B?UUlkbThoU0NCVDk4RUN0Z3dzN0syY3ZlZ1Z2RE5TVUpjTUVmSWJaa0RwL0V0?= =?utf-8?B?dnpXdzBSUjlXWGpyUkorQTUwWnoxUmd4aFlDeU1wcGMvK09MM0JXNEl0UnVs?= =?utf-8?B?c1VGUW9Hc2o5Ry9ST3NIdXVKVzIrdk00YXMyYld2VVVkYmtkWjBoMXcyTzJV?= =?utf-8?B?OWF6elMwQ3ozMkgxZWhrMGU0Y2hlU3VEZm1oYWQrYzA2dk95VzgwV0Q5Ui92?= =?utf-8?B?S0xiY2l4TVY3bXc3MXhyaW10Z1BFYzROR3pTbDZlYkpnemU1MTN2NnJIVUxI?= =?utf-8?B?L0kveXhhand6bno4SUNJbVV3a0RtUmRLNnFZN0tOMTJqUkRieTM0a1hDK2ZF?= =?utf-8?B?azUvbitVdkdiU2l2TndRV3g2NEJYTi9YSCs4aGt3QjhJYU85dzl4b0JXeFcz?= =?utf-8?B?aEtaWVQ3SmRWWTZ4WDV1d21lOFpuVkw3SGlXVzFuUkRoY0JSc3lMUUJ2L1lL?= =?utf-8?B?WGYrUUlOYUZkWS81aDBseEE1bmpWTHFRZUNxSXdnenVxTFc5YnhZWHJKSmRD?= =?utf-8?B?STVXVk9abytGenJ5N0c5dGlzcVpIREFEanJkNnVaUEtwS1dZcWo5bXNCdXJ2?= =?utf-8?B?UG9qb2xIai9TRHhUMlBWSUxCd0duNE5hYkpoVDBXbjZ3ZWNvdFcydnRjaCs5?= =?utf-8?B?bEhHWlpXbUZhWlZLLzIvUS9JYWt6R2o4SE0rS1BxVnNOQjZ2aUwvaXBndnVZ?= =?utf-8?B?M2Vab1p5R0xCL2dmZ0piY25rUEwrck9CcExTaW00bTlKV1pxaTBGTVIwTklr?= =?utf-8?B?SkJab3FtVGhEN1dSOEtYS0JpejI5N1R1bnk2STlvL0I1TmdHVWw1ajFSVTRQ?= =?utf-8?B?QmZ3ckpwTXhOS1o0YmRVUTlFSnFzQzA1T2NDN1BIdDdPd1hkTStXa0lsMk9s?= =?utf-8?B?OVAzVDNPajFNeS8rVGdzWkgvR2UvdkhjaXBmQU83UEJXNTFPVnRIdWwxM1Fs?= =?utf-8?B?TUJiWFhOZG00YWhCQlZwL3J0RUlVRFZnZU9sSUZhMDNmTHpIUC9wYWpDNHdo?= =?utf-8?B?eEwxSWVJMEJTeFhvcVBqY3JzK2kzdVFjZ2t4Nm5MVHp0ZVJXUi8xQjFrV0Uy?= =?utf-8?B?WFFhU3BjcWpEVFpGRFhVdFJqeERwOHpYMjdFQ0tFekpjaW45dE9HZEwxbm1k?= =?utf-8?B?bmIyaC9HSXRTdDN5Z1RVUkJOaEcyUXpMK2JhZyt2ZjlEK0NsQ0FDQnN4YU9E?= =?utf-8?B?dVlTS2lKaWQ0MTBCSjBnY2M1cnprMExNTE16Z1FueHR6b0Nhcys5SFJNY2FO?= =?utf-8?B?REtYdWxTQlVJbjg1RkdrMTIxREVZM0l4dmpDS1R3bVRnRmZBa2NjRUlwaUlV?= =?utf-8?B?Z3ptYnlzQ0MvNjRhZExXOXVkR3dQZ2ZNQlNvbnQ3b2pTWnZoczJMUFB4SWZi?= =?utf-8?B?K20rQTkvZ3RlL3RFZzdnVzh3S1Q2dmNrVVZKaGY1TCsxZ2FjSVd4TmVWZ0RC?= =?utf-8?B?RVBDVi8zbGhQL3JYRVJTSzFSL3U4UWpjMVZ2Y2VnRFNmUElwU0tSeXV1ZXRq?= =?utf-8?B?bkJTaExBcjVTL3BxTnk1TG93eDlqUXVWbkRmcDFDSEJxc3h2U2VDS3llSmp0?= =?utf-8?B?RUgzRWcwcjdubWNPUS9aeHdIOWI5aEZVa0VDUm5OYk1PN09PWUZuMEY1OTNW?= =?utf-8?B?cVp2NXFLY051ekp2WFVZZEdMWUxlUEFTdHRNZnpqdUtUZmFqUml5ZG03bjVh?= =?utf-8?B?V2RpS1lsN3VJQ0RaQWl3SmY4QldWa2JGMU5nS3c1RU80S1VVUDRTYkhiT0I1?= =?utf-8?B?UUxHYmtWNktoM2o5WXpmS2MrL1VQMTJicFZwbEdFSVhPWks0QXgrKzkyZVUw?= =?utf-8?B?eEdid1QxNzQ2am9FYk1BRDdDTis2YnVMZHBLOTJ5T2loYWM1MW8vYUVMa0Jw?= =?utf-8?Q?TfTNlzz7gq1T9DYvlVbe4Hs=3D?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5a7dcb25-ad05-437b-0d60-08d9b98ff8f5 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Dec 2021 14:43:46.2427 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ddsmub7dlbF0GvVKVwoxtgB52Sk81iVFnBTHWGJBLBgZsnL06rApGzLzdyCGkYR2susUV9iDPHTUwYIj8DXtnw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR12MB5495 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/6/21 10:31 PM, Marc Orr wrote: > The kvm_run struct's if_flag is apart of the userspace/kernel API. The > SEV-ES patches failed to set this flag because it's no longer needed by > QEMU (according to the comment in the source code). However, other > hypervisors may make use of this flag. Therefore, set the flag for > guests with encrypted regiesters (i.e., with guest_state_protected set). > > Fixes: f1c6366e3043 ("KVM: SVM: Add required changes to support intercepts under SEV-ES") > Signed-off-by: Marc Orr > --- > arch/x86/include/asm/kvm-x86-ops.h | 1 + > arch/x86/include/asm/kvm_host.h | 1 + > arch/x86/kvm/svm/svm.c | 8 ++++++++ > arch/x86/kvm/vmx/vmx.c | 6 ++++++ > arch/x86/kvm/x86.c | 9 +-------- > 5 files changed, 17 insertions(+), 8 deletions(-) > > diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h > index cefe1d81e2e8..9e50da3ed01a 100644 > --- a/arch/x86/include/asm/kvm-x86-ops.h > +++ b/arch/x86/include/asm/kvm-x86-ops.h > @@ -47,6 +47,7 @@ KVM_X86_OP(set_dr7) > KVM_X86_OP(cache_reg) > KVM_X86_OP(get_rflags) > KVM_X86_OP(set_rflags) > +KVM_X86_OP(get_if_flag) > KVM_X86_OP(tlb_flush_all) > KVM_X86_OP(tlb_flush_current) > KVM_X86_OP_NULL(tlb_remote_flush) > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h > index 860ed500580c..a7f868ff23e7 100644 > --- a/arch/x86/include/asm/kvm_host.h > +++ b/arch/x86/include/asm/kvm_host.h > @@ -1349,6 +1349,7 @@ struct kvm_x86_ops { > void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg); > unsigned long (*get_rflags)(struct kvm_vcpu *vcpu); > void (*set_rflags)(struct kvm_vcpu *vcpu, unsigned long rflags); > + bool (*get_if_flag)(struct kvm_vcpu *vcpu); > > void (*tlb_flush_all)(struct kvm_vcpu *vcpu); > void (*tlb_flush_current)(struct kvm_vcpu *vcpu); > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index d0f68d11ec70..91608f8c0cde 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -1585,6 +1585,13 @@ static void svm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags) > to_svm(vcpu)->vmcb->save.rflags = rflags; > } > > +static bool svm_get_if_flag(struct kvm_vcpu *vcpu) > +{ > + struct vmcb *vmcb = to_svm(vcpu)->vmcb; > + > + return !!(vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK); I'm not sure if this is always valid to use for non SEV-ES guests. Maybe the better thing would be: return sev_es_guest(vcpu->kvm) ? vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK : kvm_get_rflags(vcpu) & X86_EFLAGS_IF; (Since this function returns a bool, I don't think you need the !!) Thanks, Tom > +} > + > static void svm_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg) > { > switch (reg) { > @@ -4621,6 +4628,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { > .cache_reg = svm_cache_reg, > .get_rflags = svm_get_rflags, > .set_rflags = svm_set_rflags, > + .get_if_flag = svm_get_if_flag, > > .tlb_flush_all = svm_flush_tlb, > .tlb_flush_current = svm_flush_tlb, > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index 9453743ce0c4..6056baa13977 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -1363,6 +1363,11 @@ void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags) > vmx->emulation_required = vmx_emulation_required(vcpu); > } > > +static bool vmx_get_if_flag(struct kvm_vcpu *vcpu) > +{ > + return !!(vmx_get_rflags(vcpu) & X86_EFLAGS_IF); > +} > + > u32 vmx_get_interrupt_shadow(struct kvm_vcpu *vcpu) > { > u32 interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO); > @@ -7575,6 +7580,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { > .cache_reg = vmx_cache_reg, > .get_rflags = vmx_get_rflags, > .set_rflags = vmx_set_rflags, > + .get_if_flag = vmx_get_if_flag, > > .tlb_flush_all = vmx_flush_tlb_all, > .tlb_flush_current = vmx_flush_tlb_current, > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index e0aa4dd53c7f..45e836db5bcd 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -8995,14 +8995,7 @@ static void post_kvm_run_save(struct kvm_vcpu *vcpu) > { > struct kvm_run *kvm_run = vcpu->run; > > - /* > - * if_flag is obsolete and useless, so do not bother > - * setting it for SEV-ES guests. Userspace can just > - * use kvm_run->ready_for_interrupt_injection. > - */ > - kvm_run->if_flag = !vcpu->arch.guest_state_protected > - && (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0; > - > + kvm_run->if_flag = static_call(kvm_x86_get_if_flag)(vcpu); > kvm_run->cr8 = kvm_get_cr8(vcpu); > kvm_run->apic_base = kvm_get_apic_base(vcpu); > >