Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3483332pxb; Mon, 4 Apr 2022 18:25:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxhZFCm6nA7GLpj8HDj3RKlq4Ie01fJ7OaQ5AGNxyGJjqeUkdRbzONBCsTxt9lGNkxLzJqp X-Received: by 2002:a17:902:ce05:b0:156:a7f7:aae1 with SMTP id k5-20020a170902ce0500b00156a7f7aae1mr1061783plg.166.1649121918333; Mon, 04 Apr 2022 18:25:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649121918; cv=none; d=google.com; s=arc-20160816; b=HmPshZUGoA/S29Ia1efsFJvpUArnQ2idMG/+5q+oOOGKQOxxyC7gCEym9MF+/dBxMH 1yL66exMjExgHTOEvIJtQ5D8COIxH4sc5jCq5tbyLOUho/dzPheiClivAeaGUeUxaQk5 aGdatC8cRS/BCdKvG0riHaoHW0K/l8N9HI2rTn7zjsBM3+Qcn8dRtvOSZseeTzjM03+U nN8bnL2I36RRDLbZMiQNtEQsEvQA1Vtd3iF6KIV+Lu1sRkAapBw++Gqx0b08lmN65Zig QDtCYq0ER3B5e0ZgTD/n/cPIPJGLPu8PqC+EXxsl+ugznpfIRLw4YLzQJa51hWXtSEp/ fVyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id; bh=YlWSpy8y+xvskFtnfs/kOC2xzaIHWUmmObycFarW7Io=; b=zGm6SIwyfJSswsx3EL2gM5DihBJ9mUE7iivM+/LLM5Z2ZrjGgZGvBJRqF4rrdKkId6 nXOBGI9sCWcneMdBNd9EPKHHTeuE7KhGgE01/JmBaSwixGwNtQOKaSKQ2eJm1bBdQOhJ v8cPk6uZfJUJ601x5JtM268OuM97GY8kS2E/SUTjgzI/kXHJXENSn3zhyM1leX2AeEub PhJ9J9W0oNMK1msptoB34yV4k2mFuQYo5R2racriGWqfuoEXL0JWQmHK3es8slxcgH+U 3mEu1cnFvvEea+rmpgyVcozG44bwhlSMC1KySw++JHtueb+OqQo441ZDx27ndgnPUdjJ 4ghQ== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id r9-20020a639b09000000b003816043ef57si11676959pgd.332.2022.04.04.18.25.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 18:25:18 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 95B9542EEF; Mon, 4 Apr 2022 17:16:00 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351507AbiDATLL (ORCPT + 99 others); Fri, 1 Apr 2022 15:11:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241780AbiDATLJ (ORCPT ); Fri, 1 Apr 2022 15:11:09 -0400 Received: from vps-vb.mhejs.net (vps-vb.mhejs.net [37.28.154.113]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2AD92617D; Fri, 1 Apr 2022 12:09:17 -0700 (PDT) Received: from MUA by vps-vb.mhejs.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1naMdl-00012l-6n; Fri, 01 Apr 2022 21:08:57 +0200 Message-ID: Date: Fri, 1 Apr 2022 21:08:51 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Content-Language: en-US To: Sean Christopherson Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Tom Lendacky , Brijesh Singh , Jon Grimm , David Kaplan , Boris Ostrovsky , Liam Merwick , kvm@vger.kernel.org, linux-kernel@vger.kernel.org References: <19c757487eeeff5344ff3684fe9c090235b07d05.1646944472.git.maciej.szmigiero@oracle.com> From: "Maciej S. Szmigiero" Subject: Re: [PATCH 1/5] KVM: nSVM: Sync next_rip field from vmcb12 to vmcb02 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1.04.2022 20:32, Sean Christopherson wrote: > On Thu, Mar 10, 2022, Maciej S. Szmigiero wrote: >> From: "Maciej S. Szmigiero" >> >> The next_rip field of a VMCB is *not* an output-only field for a VMRUN. >> This field value (instead of the saved guest RIP) in used by the CPU for >> the return address pushed on stack when injecting a software interrupt or >> INT3 or INTO exception. >> >> Make sure this field gets synced from vmcb12 to vmcb02 when entering L2 or >> loading a nested state. >> >> Signed-off-by: Maciej S. Szmigiero >> --- >> arch/x86/kvm/svm/nested.c | 4 ++++ >> arch/x86/kvm/svm/svm.h | 1 + >> 2 files changed, 5 insertions(+) >> >> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c >> index d736ec6514ca..9656f0d6815c 100644 >> --- a/arch/x86/kvm/svm/nested.c >> +++ b/arch/x86/kvm/svm/nested.c >> @@ -366,6 +366,7 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vcpu *vcpu, >> to->nested_ctl = from->nested_ctl; >> to->event_inj = from->event_inj; >> to->event_inj_err = from->event_inj_err; >> + to->next_rip = from->next_rip; >> to->nested_cr3 = from->nested_cr3; >> to->virt_ext = from->virt_ext; >> to->pause_filter_count = from->pause_filter_count; >> @@ -638,6 +639,8 @@ static void nested_vmcb02_prepare_control(struct vcpu_svm *svm) >> svm->vmcb->control.int_state = svm->nested.ctl.int_state; >> svm->vmcb->control.event_inj = svm->nested.ctl.event_inj; >> svm->vmcb->control.event_inj_err = svm->nested.ctl.event_inj_err; >> + /* The return address pushed on stack by the CPU for some injected events */ >> + svm->vmcb->control.next_rip = svm->nested.ctl.next_rip; > > This needs to be gated by nrips being enabled _and_ exposed to L1, i.e. > > if (svm->nrips_enabled) > vmcb02->control.next_rip = svm->nested.ctl.next_rip; It can be done, however what if we run on a nrips-capable CPU, but don't expose this capability to the L1? The CPU will then push whatever value was left in this field as the return address for some L1 injected events. Although without nrips feature the L1 shouldn't even attempt event injection, copying this field anyway will make it work if L1 just expects this capability based on the current CPU model rather than by checking specific CPUID feature bits. > though I don't see any reason to add the condition to the copy to/from cache flows. > >> if (!nested_vmcb_needs_vls_intercept(svm)) >> svm->vmcb->control.virt_ext |= VIRTUAL_VMLOAD_VMSAVE_ENABLE_MASK; >> @@ -1348,6 +1351,7 @@ static void nested_copy_vmcb_cache_to_control(struct vmcb_control_area *dst, >> dst->nested_ctl = from->nested_ctl; >> dst->event_inj = from->event_inj; >> dst->event_inj_err = from->event_inj_err; >> + dst->next_rip = from->next_rip; >> dst->nested_cr3 = from->nested_cr3; >> dst->virt_ext = from->virt_ext; >> dst->pause_filter_count = from->pause_filter_count; >> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h >> index 93502d2a52ce..f757400fc933 100644 >> --- a/arch/x86/kvm/svm/svm.h >> +++ b/arch/x86/kvm/svm/svm.h >> @@ -138,6 +138,7 @@ struct vmcb_ctrl_area_cached { >> u64 nested_ctl; >> u32 event_inj; >> u32 event_inj_err; >> + u64 next_rip; >> u64 nested_cr3; >> u64 virt_ext; >> u32 clean; > > I don't know why this struct has > > u8 reserved_sw[32]; > > but presumably it's for padding, i.e. probably should be reduced to 24 bytes. Apparently the "reserved_sw" field stores Hyper-V enlightenments state - see commit 66c03a926f18 ("KVM: nSVM: Implement Enlightened MSR-Bitmap feature") and nested_svm_vmrun_msrpm() in nested.c. Thanks, Maciej