Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp882208iog; Wed, 29 Jun 2022 12:08:07 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vntVT6rb3PEjksBfLYPVwkDxdp0bFjvxAEcFM74sXMILKRGPbxCItqcmcFtlgqKAODTFBW X-Received: by 2002:a63:68c1:0:b0:408:8699:7be5 with SMTP id d184-20020a6368c1000000b0040886997be5mr4219462pgc.339.1656529687440; Wed, 29 Jun 2022 12:08:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656529687; cv=none; d=google.com; s=arc-20160816; b=vhJjhD41NS/6vk3C293MEoMZ1KrpXzpP87FX8B31aUxWUyBnB5DPQtoWFx9EsL8tk/ B0eqRIH3lxEHIokmkactZHnbxJXEFQG7w81osNAKPV4qiM1RZdLdCWgTFpi1+jdHZ10u MCpr9hMi4uQ4c9Ro9ulnFu6DTLPlv9FJHm+LBbepRCqViSGfFRPQfo1JFbn8N8ai5eEE MnFGHUQLYQjG/pOtaPmBh5Ai72XsUS2/XefeQoxpIFtrUHz1eOQtuq/5/ffpTdKt2eX0 JRAT8aqMQoA3uMNIOK1Z+pV/z+lT87lj0hcNaE3LQhlAzJvUUDDvAeJAIe0PV7/x8Mts lshQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=5p870x4sNIuh+XUc5mOSvBDrkyHrhB4Hd3tt75IAjfA=; b=ullwRxKJkrkv62IBft7BeeDoZqnD5AVfmIkSSHk5Z+dz2h6uoZERHxUplHLTXAKTjl tjqKh86S2ZD5H5BK1CAhFxgdSjGb/VJtJYTi5sRPcrIN3sXGn8BskmpYA+spXhUqTVrq czWlT0Y8t3nyjZOsc1An7ck8PJ62Xn5vQG2tvRryCa7ohalYxjnIBV6jiiK9TqyJeo2C brv89lsuGGXPUwYBa2K2N7QDnTQ5fGVnm/GlwzJNsBKDQhliB5Zbc6bE15Fm8d3kz8/A lESO156vTBx5k40YwjZbiJemKYvqFpZtMRUFqXhoTtVLN3cnf0xDJzXfQM7d42JsNj+y /SqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=UUooucx0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u14-20020a170902e80e00b0015d2ca1afcfsi391705plg.89.2022.06.29.12.07.48; Wed, 29 Jun 2022 12:08:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=UUooucx0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229798AbiF2S4y (ORCPT + 99 others); Wed, 29 Jun 2022 14:56:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230480AbiF2S4w (ORCPT ); Wed, 29 Jun 2022 14:56:52 -0400 Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com [IPv6:2001:4860:4864:20::33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC4C73586B for ; Wed, 29 Jun 2022 11:56:50 -0700 (PDT) Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-1048b8a38bbso22610370fac.12 for ; Wed, 29 Jun 2022 11:56:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5p870x4sNIuh+XUc5mOSvBDrkyHrhB4Hd3tt75IAjfA=; b=UUooucx0ccngcWB8VSsOa2u/k1LGuqvJP+libwKuXia3x3OyoLVO44bFMx/uxUeanz ZUGraFLwk5TmFGNbtWP/mAjU0r+M+xxAv8+3fm6gbEaSHM4pTKUad1dndi0LrotCdd9m AohEFOPScHRcLu0EqYCrgvdZoh4Eajoc76Rgvgvu+CacPIGaFGhbX5ScFozpyiK2lBu8 Wo01f3UwDb89mDvvGDR1zsx1iAvTYSZ7IjFrBtCNHA3QnAWNZuH2Ic1JV7dycIrhvC9J DCdMC6O/GGc1BygckQugPSiphL5P0cy3GAuJ7onw6ljJ70mg6RiiaCiOv601U5i5pNNe cFsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5p870x4sNIuh+XUc5mOSvBDrkyHrhB4Hd3tt75IAjfA=; b=VAqccKf1oHK0pigzJoeqs5tocw/gsYn6NjiyqxYLNc3EokB0AMonMgwK9j9V+0xBBx fvzx2ZUuNb9bjySeIpRiq3emIFXbQFeJHre57N1/vuIO4zkkIZAY14UIMm+N3Z58BQOW X31gVwXM/MgoRDKXASV8qYtuJxEwWsGZG/03cDMLlbRFFVRdLabbv2wrCl5uYHKyfu7V 4bPBSuKtUX1Kgk/v1CBHLDN4A4h7JSVtKpA/HvTINTNPiwdv8c4REuTf0voRm3IdB5pX 96+z35iBmwjnQznxuaziBZfDgAqKG+yJGjv/TX3uUGr1N7wTz6o3g1Z7qUY0O/7BEubJ Gxdg== X-Gm-Message-State: AJIora+hOHplRCX9vvbNuydS79ip6Nuq4ErsDwNaajMxVoScuozf0i4v xs75AMNW+TgJkdWBz3D16Or3M3vpz882C7eYCFF7iQ== X-Received: by 2002:a05:6870:c596:b0:101:6409:ae62 with SMTP id ba22-20020a056870c59600b001016409ae62mr3941507oab.112.1656529010120; Wed, 29 Jun 2022 11:56:50 -0700 (PDT) MIME-Version: 1.0 References: <20220629150625.238286-1-vkuznets@redhat.com> <20220629150625.238286-17-vkuznets@redhat.com> In-Reply-To: <20220629150625.238286-17-vkuznets@redhat.com> From: Jim Mattson Date: Wed, 29 Jun 2022 11:56:38 -0700 Message-ID: Subject: Re: [PATCH v2 16/28] KVM: VMX: Tweak the special handling of SECONDARY_EXEC_ENCLS_EXITING in setup_vmcs_config() To: Vitaly Kuznetsov Cc: kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson , Anirudh Rayabharam , Wanpeng Li , Maxim Levitsky , linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 29, 2022 at 8:07 AM Vitaly Kuznetsov wrote: > > SECONDARY_EXEC_ENCLS_EXITING is conditionally added to the 'optional' > checklist in setup_vmcs_config() but there's little value in doing so. > First, as the control is optional, we can always check for its > presence, no harm done. Second, the only real value cpu_has_sgx() check > gives is that on the CPUs which support SECONDARY_EXEC_ENCLS_EXITING but > don't support SGX, the control is not getting enabled. It's highly unlikely > such CPUs exist but it's possible that some hypervisors expose broken vCPU > models. > > Preserve cpu_has_sgx() check but filter the result of adjust_vmx_controls() > instead of the input. > > Signed-off-by: Vitaly Kuznetsov > --- > arch/x86/kvm/vmx/vmx.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index 89a3bbafa5af..e32d91006b80 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -2528,9 +2528,9 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf, > SECONDARY_EXEC_PT_CONCEAL_VMX | > SECONDARY_EXEC_ENABLE_VMFUNC | > SECONDARY_EXEC_BUS_LOCK_DETECTION | > - SECONDARY_EXEC_NOTIFY_VM_EXITING; > - if (cpu_has_sgx()) > - opt2 |= SECONDARY_EXEC_ENCLS_EXITING; > + SECONDARY_EXEC_NOTIFY_VM_EXITING | > + SECONDARY_EXEC_ENCLS_EXITING; > + > if (adjust_vmx_controls(min2, opt2, > MSR_IA32_VMX_PROCBASED_CTLS2, > &_cpu_based_2nd_exec_control) < 0) > @@ -2577,6 +2577,9 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf, > vmx_cap->vpid = 0; > } > > + if (!cpu_has_sgx()) > + _cpu_based_2nd_exec_control &= ~SECONDARY_EXEC_ENCLS_EXITING; NYC, but why is there a leading underscore here? > if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) { > u64 opt3 = TERTIARY_EXEC_IPI_VIRT; > > -- > 2.35.3 > Reviewed-by: Jim Mattson