Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3362823pxb; Mon, 4 Apr 2022 14:43:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzVQkJrGT32m1cvqB4ue1w5x9ej1cETZjcGbrfDOo6Qq7XY1CA93fWvV4viWPBNIRm1zoqR X-Received: by 2002:a17:906:e110:b0:6e6:75e0:946c with SMTP id gj16-20020a170906e11000b006e675e0946cmr201343ejb.611.1649108600780; Mon, 04 Apr 2022 14:43:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649108600; cv=none; d=google.com; s=arc-20160816; b=nSyDWBtRjXKgU6KxWwTeJ/5CHGaIKQ+owmpe99jNZgnCqDi90zFW9FbZdwCd8ZJx0x HpXduzko0YyD+4Mv9m1erx61iQPnI+Li9HKRRWjAZ9SPwg5+ACLsXuie8joMIe/1Qpbi P1X3O5nWzFa+Nv1jabe3brOpfsAorXOneQgcLump1qJhnSYpLSsy9Q4RmbeSNBN4Hh13 hoQVHsM2jgVhawbHA9jp7vzysHRzZ5ugMwr+hQz/R8Uj4fsWwMqivQMuyBVISmRJwzrz 9EPn1V04OegeSqhaIyUh+DIG33u39FuNreJqoa8Ubwtp+RxLO43RjSxlKiW70PsFkaXd GQlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:reply-to:dkim-signature; bh=QQuySiCRGCJ6RvPIQ/BSFIhGVMRh766oWZ6w5lwsmv4=; b=HRidstYWF9noVVIuroAlJV7f2m4vO+5DAqLri7Lt7nRXIx2Bc6jkAkpSFI0tPFa67I QKOsPp6uZR447C4/8d2yLjvvn3PGlgoNmleg8R3hcWt+7/fAHpqpSKnAVJV9aFV+LlTF OPhNttXqHk13h/TnhnVaRo5EPe9Rb2Qed/0cdiVa0EsPMda9NWaRZGy7l1jgq3R08zzc 3uu7ou8S89IybnQwMrMp7IQ6haeM7z88aWpuqyk+d7vePPXvkEXWqCc1wmuSM7vIZZTi Ii1azA7uo5Zk1TrwrCa/WW4Rwkj3m0vZYsQj5d0EcYvPsj2689760Wv+Vr0KOcviV0Eg xuVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=HBsk46Ca; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ky5-20020a170907778500b006df76385b8csi7617881ejc.44.2022.04.04.14.42.55; Mon, 04 Apr 2022 14:43:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=HBsk46Ca; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353610AbiDBBLD (ORCPT + 99 others); Fri, 1 Apr 2022 21:11:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345558AbiDBBK7 (ORCPT ); Fri, 1 Apr 2022 21:10:59 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E15568A328 for ; Fri, 1 Apr 2022 18:09:07 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id 138-20020a621690000000b004fa807ac59aso2421061pfw.19 for ; Fri, 01 Apr 2022 18:09:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=QQuySiCRGCJ6RvPIQ/BSFIhGVMRh766oWZ6w5lwsmv4=; b=HBsk46CaOocW/1oIhQTdaU2YWrEICiKdWGKu4ZKgs7qvpVBmvildZd/bEgCiEKbqiO RPYXO+Ret09cI0WIspij5+anNJWHBVMruj+veU56AX1l7pHRbJl1bt6hq3X3C0yk8ema pZAj0YysYkR4F/fSdoGF1rC94qijWnVQ1PiDiZWrmBZXbPY3EBGGf7NW1p2KdGsDZ/ez uyRWg0eY1nOvK7E2k2YRd5M8lCQUg8gzdcwrjmlJ4snsL21qUAOrq63TrmrrOyo0uc/2 uKIur0FCevxRs4x5oT4sgQLPIxFvx9EdHiA93RdQY1sdz7SWnnl66RBxDPWlvVGVPNbq aZUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=QQuySiCRGCJ6RvPIQ/BSFIhGVMRh766oWZ6w5lwsmv4=; b=ZMCu73Ofj5h14RNkoMZxmnkvu2jcWui821lcwBwNPgUJTqtjMT8E9tHngJJ+f3mr9U Hpeyv6xXrRh0A8vqfABUN5TnqFK/3lP8MM4dHz7ORl2asryfy6HGSpdmj9bnqInMdoPJ /ahrH2s+/Q6hgVl/cUsMaNgyGHYWBCR9QWOcLsKfBd+Zkz8/T5jnZdBwy78iZd8hrM0Z POMg0qa2RvOvd4+uot3neHehX8LHj1KXOsgXJHo/AzTKIHbnNwRf0Kn/LDQQNqNbeqDk Qem90Vq/wud13g1+IeRajd0MVy+Eiqi1z7LOsv4b7+Qegc6Rwol1FJa4QullzSKVtHOT eqdw== X-Gm-Message-State: AOAM531gpzjuEbfdqehrPRtql3EtMtXq7SEd2rmKZMyp4Te/SYhxvHz0 YjofBYCyjpF+3iu81M99IJuYGYWSJRU= X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5]) (user=seanjc job=sendgmr) by 2002:a05:6a00:24c6:b0:4fd:9038:74f0 with SMTP id d6-20020a056a0024c600b004fd903874f0mr13594229pfv.63.1648861747326; Fri, 01 Apr 2022 18:09:07 -0700 (PDT) Reply-To: Sean Christopherson Date: Sat, 2 Apr 2022 01:08:56 +0000 In-Reply-To: <20220402010903.727604-1-seanjc@google.com> Message-Id: <20220402010903.727604-2-seanjc@google.com> Mime-Version: 1.0 References: <20220402010903.727604-1-seanjc@google.com> X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH 1/8] KVM: nSVM: Sync next_rip field from vmcb12 to vmcb02 From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, "Maciej S . Szmigiero" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Maciej S. Szmigiero The next_rip field of a VMCB is *not* an output-only field for a VMRUN. This field value (instead of the saved guest RIP) in used by the CPU for the return address pushed on stack when injecting a software interrupt or INT3 or INTO exception. Make sure this field gets synced from vmcb12 to vmcb02 when entering L2 or loading a nested state and NRIPS is exposed to L1. If NRIPS is supported in hardware but not exposed to L1 (nrips=0 or hidden by userspace), stuff vmcb02's next_rip from the new L2 RIP to emulate a !NRIPS CPU (which saves RIP on the stack as-is). Signed-off-by: Maciej S. Szmigiero Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/nested.c | 22 +++++++++++++++++++--- arch/x86/kvm/svm/svm.h | 1 + 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index 73b545278f5f..9a6dc2b38fcf 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -369,6 +369,7 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vcpu *vcpu, to->nested_ctl = from->nested_ctl; to->event_inj = from->event_inj; to->event_inj_err = from->event_inj_err; + to->next_rip = from->next_rip; to->nested_cr3 = from->nested_cr3; to->virt_ext = from->virt_ext; to->pause_filter_count = from->pause_filter_count; @@ -606,7 +607,8 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm, struct vmcb *vmcb12 } } -static void nested_vmcb02_prepare_control(struct vcpu_svm *svm) +static void nested_vmcb02_prepare_control(struct vcpu_svm *svm, + unsigned long vmcb12_rip) { u32 int_ctl_vmcb01_bits = V_INTR_MASKING_MASK; u32 int_ctl_vmcb12_bits = V_TPR_MASK | V_IRQ_INJECTION_BITS_MASK; @@ -660,6 +662,19 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm) vmcb02->control.event_inj = svm->nested.ctl.event_inj; vmcb02->control.event_inj_err = svm->nested.ctl.event_inj_err; + /* + * next_rip is consumed on VMRUN as the return address pushed on the + * stack for injected soft exceptions/interrupts. If nrips is exposed + * to L1, take it verbatim from vmcb12. If nrips is supported in + * hardware but not exposed to L1, stuff the actual L2 RIP to emulate + * what a nrips=0 CPU would do (L1 is responsible for advancing RIP + * prior to injecting the event). + */ + if (svm->nrips_enabled) + vmcb02->control.next_rip = svm->nested.ctl.next_rip; + else if (boot_cpu_has(X86_FEATURE_NRIPS)) + vmcb02->control.next_rip = vmcb12_rip; + vmcb02->control.virt_ext = vmcb01->control.virt_ext & LBR_CTL_ENABLE_MASK; if (svm->lbrv_enabled) @@ -743,7 +758,7 @@ int enter_svm_guest_mode(struct kvm_vcpu *vcpu, u64 vmcb12_gpa, nested_svm_copy_common_state(svm->vmcb01.ptr, svm->nested.vmcb02.ptr); svm_switch_vmcb(svm, &svm->nested.vmcb02); - nested_vmcb02_prepare_control(svm); + nested_vmcb02_prepare_control(svm, vmcb12->save.rip); nested_vmcb02_prepare_save(svm, vmcb12); ret = nested_svm_load_cr3(&svm->vcpu, svm->nested.save.cr3, @@ -1422,6 +1437,7 @@ static void nested_copy_vmcb_cache_to_control(struct vmcb_control_area *dst, dst->nested_ctl = from->nested_ctl; dst->event_inj = from->event_inj; dst->event_inj_err = from->event_inj_err; + dst->next_rip = from->next_rip; dst->nested_cr3 = from->nested_cr3; dst->virt_ext = from->virt_ext; dst->pause_filter_count = from->pause_filter_count; @@ -1606,7 +1622,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu, nested_copy_vmcb_control_to_cache(svm, ctl); svm_switch_vmcb(svm, &svm->nested.vmcb02); - nested_vmcb02_prepare_control(svm); + nested_vmcb02_prepare_control(svm, save->rip); /* * While the nested guest CR3 is already checked and set by diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index e246793cbeae..47e7427d0395 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -139,6 +139,7 @@ struct vmcb_ctrl_area_cached { u64 nested_ctl; u32 event_inj; u32 event_inj_err; + u64 next_rip; u64 nested_cr3; u64 virt_ext; u32 clean; -- 2.35.1.1094.g7c7d902a7c-goog