Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7343113rwb; Tue, 6 Dec 2022 04:41:58 -0800 (PST) X-Google-Smtp-Source: AA0mqf6NqPeYO6X6Wjt7qF0PaMicIk7ouE8+v15vrcpYn4jY+hQa9OM/e1g5PxDCC5PvlbGKG9bG X-Received: by 2002:a17:906:2785:b0:78d:98a7:2e7 with SMTP id j5-20020a170906278500b0078d98a702e7mr53987228ejc.535.1670330518745; Tue, 06 Dec 2022 04:41:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670330518; cv=none; d=google.com; s=arc-20160816; b=Lb4tW5FYCi2fXfA94NfkdlyGiOIF/VwwK5pCh5V/Nrt7U+Za0NZOpwPR2SEj7eicmD RSZ5QVEK6bCH682KsffsDxxPe1lNSHVCcMlBEmSi25bq3IE9LTr3BsRzCb7AuuPaEqVi WFbWppHn9ZIA6GMIXv8eypT9XEt9L5RSceGhAf13lTRYmmOXezO3EuEt2AFOvhUtOpwL QT61eEhzAyJdN6gttMdU+rbgHKfDgs3neEnUBPz+czxS/Q3wpOefd18O2gvsxwkozmEA +A14L5YRYcLk4MaGUqYkj3Ha6oQslxMC4/D2M13jIT95FgioqWR3iQMhM3t+l2j6KqPl 160A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=xfnsQkTVGKGVH3LJ5S/qrXgpnSxPTQM3pc2F7/mu5Uo=; b=RLA+O4PLx5cH8aP7XM0ZkOf/UR0z9oqkYyZZEkbmlfGVoM7QQKw0lJXqr7+sCPSeq2 09LOVOJa6KRbNLwxB8YnZgcRy0jlBPHhUgDqt6mBTLRunVdeN7oOeEhaW/PDOYEyvCsN fd60x3zxj9lqvuIEvGDE+GeBQSeQlm9VKSPDjtfSo/EdSQF5flpAj1ZBT/YNSJbawiXE TA7lz4SEFnROjBml6SInFvbXVVQOYduqGPrC452tGboINuznRFJd9jCDvBjEHoEqKSTA IvFOG+jOjMP5SuQrZFK7Xu677kfZtID3+fmZWfprysLxB2hbzrDhPwS9+J2HqLWPs1Gf Z2yQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RMRi2dVD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r19-20020a05640251d300b00467ad3f4426si2057391edd.312.2022.12.06.04.41.38; Tue, 06 Dec 2022 04:41:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RMRi2dVD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234569AbiLFMPj (ORCPT + 79 others); Tue, 6 Dec 2022 07:15:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234267AbiLFMPh (ORCPT ); Tue, 6 Dec 2022 07:15:37 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9935E28E0F for ; Tue, 6 Dec 2022 04:14:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670328879; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xfnsQkTVGKGVH3LJ5S/qrXgpnSxPTQM3pc2F7/mu5Uo=; b=RMRi2dVDNgzUSa7NABrJEIPt3YeSkTnLXX++S4viPO+wMv7aTaKeRjKwkT+YEeHiRMeYKk RXawCT3YGmSlFetClRQkVWM9wRu+xILB8T6QuTVX82YVn1SQjvVC9BfYcUheXmSmYKjzPR GkBl231+FkXBdx+dlfc4QkYrs/R7EvM= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-505-hbLXKov_MiOgF2jE2sm9KA-1; Tue, 06 Dec 2022 07:14:29 -0500 X-MC-Unique: hbLXKov_MiOgF2jE2sm9KA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BCBC385A588; Tue, 6 Dec 2022 12:14:27 +0000 (UTC) Received: from starship (unknown [10.35.206.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id F29C94EA61; Tue, 6 Dec 2022 12:14:23 +0000 (UTC) Message-ID: <181f437164296e19683f086c11bf64c11a3f380e.camel@redhat.com> Subject: Re: [PATCH v2 06/11] KVM: SVM: add wrappers to enable/disable IRET interception From: Maxim Levitsky To: Santosh Shukla , kvm@vger.kernel.org Cc: Sandipan Das , Paolo Bonzini , Jim Mattson , Peter Zijlstra , Dave Hansen , Borislav Petkov , Pawan Gupta , Thomas Gleixner , Ingo Molnar , Josh Poimboeuf , Daniel Sneddon , Jiaxi Chen , Babu Moger , linux-kernel@vger.kernel.org, Jing Liu , Wyes Karny , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson Date: Tue, 06 Dec 2022 14:14:23 +0200 In-Reply-To: <41abb37b-c74a-f2cf-c0ce-74d5d6487e92@amd.com> References: <20221129193717.513824-1-mlevitsk@redhat.com> <20221129193717.513824-7-mlevitsk@redhat.com> <41abb37b-c74a-f2cf-c0ce-74d5d6487e92@amd.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2022-12-05 at 21:11 +0530, Santosh Shukla wrote: > On 11/30/2022 1:07 AM, Maxim Levitsky wrote: > > SEV-ES guests don't use IRET interception for the detection of > > an end of a NMI. > > > > Therefore it makes sense to create a wrapper to avoid repeating > > the check for the SEV-ES. > > > > No functional change is intended. > > > > Suggested-by: Sean Christopherson > > Signed-off-by: Maxim Levitsky > > --- > > arch/x86/kvm/svm/svm.c | 28 +++++++++++++++++++--------- > > 1 file changed, 19 insertions(+), 9 deletions(-) > > > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > > index 512b2aa21137e2..cfed6ab29c839a 100644 > > --- a/arch/x86/kvm/svm/svm.c > > +++ b/arch/x86/kvm/svm/svm.c > > @@ -2468,16 +2468,29 @@ static int task_switch_interception(struct kvm_vcpu *vcpu) > > has_error_code, error_code); > > } > > > > +static void svm_disable_iret_interception(struct vcpu_svm *svm) > > +{ > > + if (!sev_es_guest(svm->vcpu.kvm)) > > + svm_clr_intercept(svm, INTERCEPT_IRET); > > +} > > + > > +static void svm_enable_iret_interception(struct vcpu_svm *svm) > > +{ > > + if (!sev_es_guest(svm->vcpu.kvm)) > > + svm_set_intercept(svm, INTERCEPT_IRET); > > +} > > + > > nits: > s/_iret_interception / _iret_intercept > does that make sense? Makes sense. I can also move this to svm.h near the svm_set_intercept(), I think it better a better place for this function there if no objections. Best regards, Maxim Levitsky > > Thanks, > Santosh > > > static int iret_interception(struct kvm_vcpu *vcpu) > > { > > struct vcpu_svm *svm = to_svm(vcpu); > > > > ++vcpu->stat.nmi_window_exits; > > svm->awaiting_iret_completion = true; > > - if (!sev_es_guest(vcpu->kvm)) { > > - svm_clr_intercept(svm, INTERCEPT_IRET); > > + > > + svm_disable_iret_interception(svm); > > + if (!sev_es_guest(vcpu->kvm)) > > svm->nmi_iret_rip = kvm_rip_read(vcpu); > > - } > > + > > kvm_make_request(KVM_REQ_EVENT, vcpu); > > return 1; > > } > > @@ -3470,8 +3483,7 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) > > return; > > > > svm->nmi_masked = true; > > - if (!sev_es_guest(vcpu->kvm)) > > - svm_set_intercept(svm, INTERCEPT_IRET); > > + svm_enable_iret_interception(svm); > > ++vcpu->stat.nmi_injections; > > } > > > > @@ -3614,12 +3626,10 @@ static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked) > > > > if (masked) { > > svm->nmi_masked = true; > > - if (!sev_es_guest(vcpu->kvm)) > > - svm_set_intercept(svm, INTERCEPT_IRET); > > + svm_enable_iret_interception(svm); > > } else { > > svm->nmi_masked = false; > > - if (!sev_es_guest(vcpu->kvm)) > > - svm_clr_intercept(svm, INTERCEPT_IRET); > > + svm_disable_iret_interception(svm); > > } > > } > >