Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp898531rdh; Fri, 24 Nov 2023 00:06:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IExMcxc9VhTYwGD7n9bNUeGa1YjGYNAn7ih7s2yoWMdkegyRkCh8ynTyutZ01UPGu+7BG9f X-Received: by 2002:a17:902:ea05:b0:1cf:a70b:39cd with SMTP id s5-20020a170902ea0500b001cfa70b39cdmr598540plg.39.1700813167595; Fri, 24 Nov 2023 00:06:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700813167; cv=none; d=google.com; s=arc-20160816; b=XVzoekuERiCQSv3owexnOAKc7OG0v30J63BBnsqhppWip8MsdzaCiJtJ0e3SlangU1 oVXZzligjrqJkIx680uGrtmP9I2waDV4yOhtieawv7F+PNkkahcEQ6a8Ad4qtPRmJe+W Ymg+93d7ytdgUGHStZ+iam01QqonUDKpONrqwGcL5HiLPUiAjfJjdQNS3v4lzE8iW6TN Jop1aP2ktyIfp3u6Nh7yTR5Em748bl5hntpd8M8RTOzGMG/WCPPSXmxasETK4Bsn5lDb x00Ja+Br5SH7grMc7EPnL8mf8XftKkKnh7KeTg1ya+lvdCyIRgeAvNg9ELFI5S2M50FF Gq4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WjvOqn8fU+Gfo38vtjZnPHLutCyKXsU7713yVMyc7aw=; fh=uy0EBGgYIm8+MgsxUvKHUXUo3s9z4H9hdLwRv8YoeJU=; b=l/DolE9UbBtnZNGQ/tQA2VKR4TMkN3GxD4wEBCl8E5hS30Ol9wpOh2EZ4kmHXlGpCd nR9KwEKRqhsUIF2Ou/7G8JTfs1DepaBvFdVyyQYCyWwrX0eOQbA/1knrVGM5FfzAmDYN 2lOs4k576NTASGS9+gouSBhcJ8ojoZk44oGWpPvxfwLdXgKN8jR8ZCgHtUBzgHnuWedB HzGFgPPfk2KpcBQajSK6K4OevNoRRmA8wxltJ0bs8cPoqkajlRefuSeXzvbcp2oO9D80 SCI2PIh6GBmTOvH0dYmYrgKl23rKt/9Ju/eSY75ZVMHAa5SPmJ+ONq/HFF7qUxmoH7Cc YktQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SoeaDXTF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id be10-20020a170902aa0a00b001cf5d0d1cacsi2784461plb.53.2023.11.24.00.06.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 00:06:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SoeaDXTF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 8ACB680958BD; Fri, 24 Nov 2023 00:01:31 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345342AbjKXIAw (ORCPT + 99 others); Fri, 24 Nov 2023 03:00:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344842AbjKXH6o (ORCPT ); Fri, 24 Nov 2023 02:58:44 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1ED810C2; Thu, 23 Nov 2023 23:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1700812730; x=1732348730; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RdU5cdmOWwDYJkBHGCqgfVnW0sGc8i9GJIHnqSwTU9U=; b=SoeaDXTFx+BCEJ6apEWzdpJMAg2qbylyNSDeMlwf0Nt+7WhUykVUk6S1 ApfgpWhkDj/S+iVP12J0LRG7N3aY0jcUzCck2fUn2g81aIgaXMEAceH0L 6BRS5Irbi35nuJigys44PCfnhOFftaU6HIIrTvltGcrJ2A7p5QXMhtouZ H9H9b74b4N5aNXHRxM/Am60p/86UvpSZv3jZXCPs0PqNCfbwYz6sJuucG GVuMZxlfJnm0+x2tOINrIu9Fps5ZZfvPR8Clj6tSfn6/gfcz60Gnf+P2W pZ3h1oLdaD1KEm+tMIvvqh4SKOnsd0UrR8eCO3yIbxMDAxdYE5CwvFJiT g==; X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="458872417" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="458872417" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10902"; a="833629869" X-IronPort-AV: E=Sophos;i="6.04,223,1695711600"; d="scan'208";a="833629869" Received: from unknown (HELO embargo.jf.intel.com) ([10.165.9.183]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Nov 2023 23:58:44 -0800 From: Yang Weijiang To: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: peterz@infradead.org, chao.gao@intel.com, rick.p.edgecombe@intel.com, mlevitsk@redhat.com, john.allen@amd.com, weijiang.yang@intel.com Subject: [PATCH v7 25/26] KVM: nVMX: Introduce new VMX_BASIC bit for event error_code delivery to L1 Date: Fri, 24 Nov 2023 00:53:29 -0500 Message-Id: <20231124055330.138870-26-weijiang.yang@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20231124055330.138870-1-weijiang.yang@intel.com> References: <20231124055330.138870-1-weijiang.yang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Fri, 24 Nov 2023 00:01:31 -0800 (PST) Per SDM description(Vol.3D, Appendix A.1): "If bit 56 is read as 1, software can use VM entry to deliver a hardware exception with or without an error code, regardless of vector" Modify has_error_code check before inject events to nested guest. Only enforce the check when guest is in real mode, the exception is not hard exception and the platform doesn't enumerate bit56 in VMX_BASIC, in all other case ignore the check to make the logic consistent with SDM. Suggested-by: Chao Gao Signed-off-by: Yang Weijiang Reviewed-by: Maxim Levitsky --- arch/x86/kvm/vmx/nested.c | 27 ++++++++++++++++++--------- arch/x86/kvm/vmx/nested.h | 5 +++++ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 2034337681f9..d8c32682ca76 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -1205,9 +1205,9 @@ static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data) { const u64 feature_and_reserved = /* feature (except bit 48; see below) */ - BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | + BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) | BIT_ULL(56) | /* reserved */ - BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56); + BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 57); u64 vmx_basic = vmcs_config.nested.basic; if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved)) @@ -2829,7 +2829,6 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, u8 vector = intr_info & INTR_INFO_VECTOR_MASK; u32 intr_type = intr_info & INTR_INFO_INTR_TYPE_MASK; bool has_error_code = intr_info & INTR_INFO_DELIVER_CODE_MASK; - bool should_have_error_code; bool urg = nested_cpu_has2(vmcs12, SECONDARY_EXEC_UNRESTRICTED_GUEST); bool prot_mode = !urg || vmcs12->guest_cr0 & X86_CR0_PE; @@ -2846,12 +2845,20 @@ static int nested_check_vm_entry_controls(struct kvm_vcpu *vcpu, CC(intr_type == INTR_TYPE_OTHER_EVENT && vector != 0)) return -EINVAL; - /* VM-entry interruption-info field: deliver error code */ - should_have_error_code = - intr_type == INTR_TYPE_HARD_EXCEPTION && prot_mode && - x86_exception_has_error_code(vector); - if (CC(has_error_code != should_have_error_code)) - return -EINVAL; + /* + * Cannot deliver error code in real mode or if the interrupt + * type is not hardware exception. For other cases, do the + * consistency check only if the vCPU doesn't enumerate + * VMX_BASIC_NO_HW_ERROR_CODE_CC. + */ + if (!prot_mode || intr_type != INTR_TYPE_HARD_EXCEPTION) { + if (CC(has_error_code)) + return -EINVAL; + } else if (!nested_cpu_has_no_hw_errcode_cc(vcpu)) { + if (CC(has_error_code != + x86_exception_has_error_code(vector))) + return -EINVAL; + } /* VM-entry exception error code */ if (CC(has_error_code && @@ -6969,6 +6976,8 @@ static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs) if (cpu_has_vmx_basic_inout()) msrs->basic |= VMX_BASIC_INOUT; + if (cpu_has_vmx_basic_no_hw_errcode()) + msrs->basic |= VMX_BASIC_NO_HW_ERROR_CODE_CC; } static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs) diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h index b4b9d51438c6..26842da6857d 100644 --- a/arch/x86/kvm/vmx/nested.h +++ b/arch/x86/kvm/vmx/nested.h @@ -284,6 +284,11 @@ static inline bool nested_cr4_valid(struct kvm_vcpu *vcpu, unsigned long val) __kvm_is_valid_cr4(vcpu, val); } +static inline bool nested_cpu_has_no_hw_errcode_cc(struct kvm_vcpu *vcpu) +{ + return to_vmx(vcpu)->nested.msrs.basic & VMX_BASIC_NO_HW_ERROR_CODE_CC; +} + /* No difference in the restrictions on guest and host CR4 in VMX operation. */ #define nested_guest_cr4_valid nested_cr4_valid #define nested_host_cr4_valid nested_cr4_valid -- 2.27.0