Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp2421787rdg; Mon, 14 Aug 2023 01:47:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE9HwY7o38FnjAdKaKJWh3exT8LjAIjHKtzGANkczLNlUQ0/+B+StQKqGNW2fW9HmjeS1JL X-Received: by 2002:a17:90a:ea97:b0:268:c29:52ad with SMTP id h23-20020a17090aea9700b002680c2952admr6239481pjz.13.1692002843059; Mon, 14 Aug 2023 01:47:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692002843; cv=none; d=google.com; s=arc-20160816; b=RefwjCiMemXodRIAjxtUkWDfP/n606N1fs+w4L0cfdP51vbeEKVsTFXU+O1sgqSSDm 6GYGCE4ziCxz0lXCZmQjCSfZ0Lr9oMkjcegvy3Lg7l2gryfXGcXpFNqjBplkdjziwVdY 1prZf/oLDFfiPN2jcp0orTOsItAHffSF8yu6v/HuAM9mBThjFv71GKbyonFcO1bHIrM2 MAU/0+HtVwyxgJ2Xo3oNltj4nRMv7PM5L5uTDAbO+3Q7cNi68BEHv03EsCGhf+1czYrq iGXcfGsUOhqkJlkIRiCLWzyESu2DVUrqWdds5xTL90EIzmGUw52UrDPspLEd04Zfw/z8 HYNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=0wFh8htUilslLT+swwkDruyxpTCai1gkU6v1L4T+iMs=; fh=+F6y1bsbEyF0XzZfdWa4BAFRpGIENEl45r/8F5jBW2g=; b=CyLV1q4cC8lRjL9OFdwulwG2q9WAPYe9kfDuT+74zP+aT7IAu0dN6BwZJuyX4gwupA PAO4biUB0QPdeJFrG8RsC26Hik3gWx1f7LbQH7ofNJfOXOXVsan62MWJKkGidgmDJSYF bbF8EiW84C8cYmlsgMlGYVAqB3MiskLOFLvFe3HPqyxzYa94IQkBIxRhOCTxBV2Gk//i 8Xvhlmq/2sWlZs9XfxbRgUCynIpLxYOyxIEqbA/a7pHPapAlZQ5Qd+wzAPrAibJ1A80d r8yCnTM/vUkdgGovHBrw7IQ5vk59kLKcrS8MOAILf2rFdk9Uje8/nOITcWbPtDFrmnQ2 Vu/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=f45T9bnQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kb18-20020a17090ae7d200b0025bf45ac365si10720473pjb.82.2023.08.14.01.47.11; Mon, 14 Aug 2023 01:47:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=f45T9bnQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229500AbjHNIMU (ORCPT + 99 others); Mon, 14 Aug 2023 04:12:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234784AbjHNILf (ORCPT ); Mon, 14 Aug 2023 04:11:35 -0400 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EDF571719; Mon, 14 Aug 2023 01:11:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1692000675; x=1723536675; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=oSgIdi+RSlbeWUJDGskccGgHISPirJiQabwtsdaIRR8=; b=f45T9bnQsmDdvkS2rB/aECdT7n9U9IVqwlbYx2m0f/7UC1RF8TPwkBa7 kaRPhvzKhLJRIjjPNMODm+BJ+ZyKSWmFpPF2Y7MtIotL5NGh5EvRJ5+Gg JdhhCy+OxQKceUn8HSfeBoJq1TEu6alUULLtQsc8zBb0LaiWy9AQvMf5S Uqnk0cSxQGBuz5ltBKog0Ul7whi8Q3lPKDPTjVnWhzLthiokNloeQpbce cmJFjtEgKk/oz3lwZ5iwYO4KWktPZ0CgatKssW19FlcdN5sqhIBhdsSa/ HNzCb+NzuRdubHt8HCwWpy1g+FuS3BE1q0wjL2f3BxU1udmGAzrO4+1ly g==; X-IronPort-AV: E=McAfee;i="6600,9927,10801"; a="438321522" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="438321522" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 01:11:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.01,202,1684825200"; d="scan'208";a="876869083" Received: from yy-desk-7060.sh.intel.com (HELO localhost) ([10.239.159.76]) by fmsmga001.fm.intel.com with ESMTP; 14 Aug 2023 01:11:10 -0700 Date: Mon, 14 Aug 2023 16:11:05 +0800 From: Yuan Yao To: Sean Christopherson Cc: Paolo Bonzini , Vitaly Kuznetsov , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Maxim Levitsky Subject: Re: [PATCH v2 13/21] KVM: nVMX: Use KVM-governed feature framework to track "nested VMX enabled" Message-ID: <20230814081105.yr6bamyoutijc36i@yy-desk-7060> References: <20230729011608.1065019-1-seanjc@google.com> <20230729011608.1065019-14-seanjc@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230729011608.1065019-14-seanjc@google.com> User-Agent: NeoMutt/20171215 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 28, 2023 at 06:16:00PM -0700, Sean Christopherson wrote: > Track "VMX exposed to L1" via a governed feature flag instead of using a > dedicated helper to provide the same functionality. The main goal is to > drive convergence between VMX and SVM with respect to querying features > that are controllable via module param (SVM likes to cache nested > features), avoiding the guest CPUID lookups at runtime is just a bonus > and unlikely to provide any meaningful performance benefits. > > No functional change intended. > > Signed-off-by: Sean Christopherson > --- > arch/x86/kvm/governed_features.h | 1 + > arch/x86/kvm/vmx/nested.c | 7 ++++--- > arch/x86/kvm/vmx/vmx.c | 21 ++++++--------------- > arch/x86/kvm/vmx/vmx.h | 1 - > 4 files changed, 11 insertions(+), 19 deletions(-) > > diff --git a/arch/x86/kvm/governed_features.h b/arch/x86/kvm/governed_features.h > index b896a64e4ac3..22446614bf49 100644 > --- a/arch/x86/kvm/governed_features.h > +++ b/arch/x86/kvm/governed_features.h > @@ -7,6 +7,7 @@ BUILD_BUG() > > KVM_GOVERNED_X86_FEATURE(GBPAGES) > KVM_GOVERNED_X86_FEATURE(XSAVES) > +KVM_GOVERNED_X86_FEATURE(VMX) > > #undef KVM_GOVERNED_X86_FEATURE > #undef KVM_GOVERNED_FEATURE > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c > index 22e08d30baef..c5ec0ef51ff7 100644 > --- a/arch/x86/kvm/vmx/nested.c > +++ b/arch/x86/kvm/vmx/nested.c > @@ -6426,7 +6426,7 @@ static int vmx_get_nested_state(struct kvm_vcpu *vcpu, > vmx = to_vmx(vcpu); > vmcs12 = get_vmcs12(vcpu); > > - if (nested_vmx_allowed(vcpu) && > + if (guest_can_use(vcpu, X86_FEATURE_VMX) && > (vmx->nested.vmxon || vmx->nested.smm.vmxon)) { > kvm_state.hdr.vmx.vmxon_pa = vmx->nested.vmxon_ptr; > kvm_state.hdr.vmx.vmcs12_pa = vmx->nested.current_vmptr; > @@ -6567,7 +6567,7 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, > if (kvm_state->flags & ~KVM_STATE_NESTED_EVMCS) > return -EINVAL; > } else { > - if (!nested_vmx_allowed(vcpu)) > + if (!guest_can_use(vcpu, X86_FEATURE_VMX)) > return -EINVAL; > > if (!page_address_valid(vcpu, kvm_state->hdr.vmx.vmxon_pa)) > @@ -6601,7 +6601,8 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, > return -EINVAL; > > if ((kvm_state->flags & KVM_STATE_NESTED_EVMCS) && > - (!nested_vmx_allowed(vcpu) || !vmx->nested.enlightened_vmcs_enabled)) > + (!guest_can_use(vcpu, X86_FEATURE_VMX) || > + !vmx->nested.enlightened_vmcs_enabled)) > return -EINVAL; > > vmx_leave_nested(vcpu); > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index 3100ed62615c..fdf932cfc64d 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -1894,17 +1894,6 @@ static void vmx_write_tsc_multiplier(struct kvm_vcpu *vcpu) > vmcs_write64(TSC_MULTIPLIER, vcpu->arch.tsc_scaling_ratio); > } > > -/* > - * nested_vmx_allowed() checks whether a guest should be allowed to use VMX > - * instructions and MSRs (i.e., nested VMX). Nested VMX is disabled for > - * all guests if the "nested" module option is off, and can also be disabled > - * for a single guest by disabling its VMX cpuid bit. > - */ > -bool nested_vmx_allowed(struct kvm_vcpu *vcpu) > -{ > - return nested && guest_cpuid_has(vcpu, X86_FEATURE_VMX); the removed nested here already covered by kvm_cpu_cap_set(X86_FEATURE_VMX) from vmx_set_cpu_caps(). Reviewed-by: Yuan Yao > -} > - > /* > * Userspace is allowed to set any supported IA32_FEATURE_CONTROL regardless of > * guest CPUID. Note, KVM allows userspace to set "VMX in SMX" to maintain > @@ -2032,7 +2021,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > [msr_info->index - MSR_IA32_SGXLEPUBKEYHASH0]; > break; > case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR: > - if (!nested_vmx_allowed(vcpu)) > + if (!guest_can_use(vcpu, X86_FEATURE_VMX)) > return 1; > if (vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index, > &msr_info->data)) > @@ -2340,7 +2329,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > case KVM_FIRST_EMULATED_VMX_MSR ... KVM_LAST_EMULATED_VMX_MSR: > if (!msr_info->host_initiated) > return 1; /* they are read-only */ > - if (!nested_vmx_allowed(vcpu)) > + if (!guest_can_use(vcpu, X86_FEATURE_VMX)) > return 1; > return vmx_set_vmx_msr(vcpu, msr_index, data); > case MSR_IA32_RTIT_CTL: > @@ -7727,13 +7716,15 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) > guest_cpuid_has(vcpu, X86_FEATURE_XSAVE)) > kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_XSAVES); > > + kvm_governed_feature_check_and_set(vcpu, X86_FEATURE_VMX); > + > vmx_setup_uret_msrs(vmx); > > if (cpu_has_secondary_exec_ctrls()) > vmcs_set_secondary_exec_control(vmx, > vmx_secondary_exec_control(vmx)); > > - if (nested_vmx_allowed(vcpu)) > + if (guest_can_use(vcpu, X86_FEATURE_VMX)) > vmx->msr_ia32_feature_control_valid_bits |= > FEAT_CTL_VMX_ENABLED_INSIDE_SMX | > FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX; > @@ -7742,7 +7733,7 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) > ~(FEAT_CTL_VMX_ENABLED_INSIDE_SMX | > FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX); > > - if (nested_vmx_allowed(vcpu)) > + if (guest_can_use(vcpu, X86_FEATURE_VMX)) > nested_vmx_cr_fixed1_bits_update(vcpu); > > if (boot_cpu_has(X86_FEATURE_INTEL_PT) && > diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h > index cde902b44d97..c2130d2c8e24 100644 > --- a/arch/x86/kvm/vmx/vmx.h > +++ b/arch/x86/kvm/vmx/vmx.h > @@ -374,7 +374,6 @@ struct kvm_vmx { > u64 *pid_table; > }; > > -bool nested_vmx_allowed(struct kvm_vcpu *vcpu); > void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, > struct loaded_vmcs *buddy); > int allocate_vpid(void); > -- > 2.41.0.487.g6d72f3e995-goog >