Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp664633rdd; Tue, 9 Jan 2024 16:23:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IGdeuMKZpweyHT9E4LK3RtKGA1b5wiWzHv8+iUKMFsqvfCXc0zxHwkL3xIYecx4AuOFW7pq X-Received: by 2002:aa7:d60f:0:b0:554:35b4:60 with SMTP id c15-20020aa7d60f000000b0055435b40060mr108025edr.28.1704846238480; Tue, 09 Jan 2024 16:23:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704846238; cv=none; d=google.com; s=arc-20160816; b=B5RXnnGzXuGJFQYtRtDo2la+zFB3yTsnBb58F3N8ahyu/2hojNwCGzTHnaE2q3v0fS jUYFctzizLvrgWJlP4HRU7IITCtHJgWhwtLChD6hpLDon95Aw9wJUkBStZIArMzvklaX 1P8GtnsGeS1/nmAe7gK9oIw1ncfqQa49eEWAZEgGEteu5cmV+O+5s9G8h3wussjCL2P1 +HIRpDmVNG6sm8o2yCHkOYV+apKU7Wq+8+AAk19zYlMUwTmXOt1t3Xpx1se4hNfjVDSZ bTvkmP4Xx1yQkfSylkMUEWYe1g+8PyixyA71dx5YHdKt4LkRPSXGrpSgZZERZpz/7N/h WSRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:reply-to:dkim-signature; bh=jX94VLx9ltQFhw3V1qWJ4WPVt8m5uqFAZ74Ysuxim9g=; fh=LBIRQNrNyDNI+FyrHUDoYY2qSXKx0FDnjL2IJvNmQKQ=; b=v6X38kvNNVrVKs2UuayCY148MMMQgQ1qouvWH0M3SFmzFpMi6mJFy4fBvXkOKuUkih I6exVKp+HV70hqshlt4Xi5Y7uN9PKa5P0h0HWl8CF7SJW0MnAMSDOn3lzgI4tBB2kEm8 /u3su394tLvgcDQyvl5hQP47/5GysL/v9s2EOQYz+llgfYnxT+sk0AkM6pW/FFpm74CN x9H/YS+YvZcBCE4a7Qxtrr1Vn0fD2ZoIq3nFt5PSZ+N3c3QSOMcD7qzKi59cFpbPHc0k Yp793tSN0WI+X0F2fXj+Auv2t//YHurferMIQY2GamJU+kwvNjEPk9a3vi6ax1KR9Xmi qHlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=kFRcYVr4; spf=pass (google.com: domain of linux-kernel+bounces-21565-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21565-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id df26-20020a05640230ba00b00557c1279077si1206352edb.114.2024.01.09.16.23.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 16:23:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21565-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=kFRcYVr4; spf=pass (google.com: domain of linux-kernel+bounces-21565-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21565-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 3A1E71F260BC for ; Wed, 10 Jan 2024 00:23:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2B233A59; Wed, 10 Jan 2024 00:23:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kFRcYVr4" Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D736A7ED for ; Wed, 10 Jan 2024 00:23:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-dbea05a6de5so4030595276.3 for ; Tue, 09 Jan 2024 16:23:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1704846224; x=1705451024; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc :subject:date:message-id:reply-to; bh=jX94VLx9ltQFhw3V1qWJ4WPVt8m5uqFAZ74Ysuxim9g=; b=kFRcYVr4x7Dxd59Xv69YEpk3apcb8vZ1CoC9RxzK+dpPy/ESW2833ogW/GcaiP9o7h Z3B7Qd1VbJMy65sF2kTmLO5GXCcAAX1v6sBT8y6aMs0nORsf3t4YrGIKEDjXi9O1qdcu r13kBhRmREvqJowZD7VMWipNwnGA4aBmRppmQpZcQ5RJRhaNNFGpbr+WkvVojekL3/FU FmlFXdavfWxypeq5EbREi0wEAbh4ZZVoGMwILYW2vNRoiQv1JmIYmDSpmdP/NE/GKn9O QyCK7Ro2m0eaISThu70U1e68f4xuI/rtFPWAF7CFDOB8kMxlCkhtRoeHhdZW2QNvK9tg 8sAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704846224; x=1705451024; h=cc:to:from:subject:message-id:mime-version:date:reply-to :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jX94VLx9ltQFhw3V1qWJ4WPVt8m5uqFAZ74Ysuxim9g=; b=aLKqrbIz3JOwl2lghrywR4VKomma8XUMc3AAkcD02O6GnNnYio/65NMLrcs7XV9bVK EQxz/QFGXGgUcHEYvMe/it/4uZ54+/1fIv+SJKGWolxqeRv3O+xbtk3w+/H7YfFmKbvy p44QNZqetraCSEbOyKPQj8afXkGhPUPDvzcLq8Y8Pd6TVUfX/CPKp9cEPY/kmKSzPMiA PJoOETHuR+SceVeL5YJg/QwVskQjloIrSzUs8kPU9dzXkqEtc8fYO3L2uWa7s7NPigF7 ibnY4eft62JfOou7o4D02jgvRf5OVhjxtTegGlaBAy42ORaaYYBbpSuGVpvOLgQhOUen A+6A== X-Gm-Message-State: AOJu0YwslvwYojLng/qvCd7z3rsz5ifMZrsimkZ9Osf1L3LrIT8QE3Uj gGw14o4mCcmFajovPlVAgNfxAGtTfbG8jy/gbw== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:8686:0:b0:dbe:111b:8875 with SMTP id z6-20020a258686000000b00dbe111b8875mr6564ybk.12.1704846223913; Tue, 09 Jan 2024 16:23:43 -0800 (PST) Reply-To: Sean Christopherson Date: Tue, 9 Jan 2024 16:23:40 -0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.43.0.472.g3155946c3a-goog Message-ID: <20240110002340.485595-1-seanjc@google.com> Subject: [PATCH] x86/cpu: Add a VMX flag to enumerate 5-level EPT support to userspace From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yi Lai , Tao Su , Xudong Hao Content-Type: text/plain; charset="UTF-8" Add a VMX flag in /proc/cpuinfo, ept_5level, so that userspace can query whether or not the CPU supports 5-level EPT paging. EPT capabilities are enumerated via MSR, i.e. aren't accessible to userspace without help from the kernel, and knowing whether or not 5-level EPT is supported is sadly necessary for userspace to correctly configure KVM VMs. When EPT is enabled, bits 51:49 of guest physical addresses are consumed if and only if 5-level EPT is enabled. For CPUs with MAXPHYADDR > 48, KVM *can't* map all legal guest memory if 5-level EPT is unsupported, e.g. creating a VM with RAM (or anything that gets stuffed into KVM's memslots) above bit 48 will be completely broken. Having KVM enumerate guest.MAXPHYADDR=48 in this scenario doesn't work either, as architecturally guest accesses to illegal addresses generate RSVD #PF, i.e. advertising guest.MAXPHYADDR < host.MAXPHYADDR when EPT is enabled would also result in broken guests. KVM does provide a knob, allow_smaller_maxphyaddr, to let userspace opt-in to such setups, but that support is firmly best-effort, i.e. not something KVM wants to force upon userspace. While it's decidedly odd for a CPU to support a 52-bit MAXPHYADDR but not 5-level EPT, the combination is architecturally legal and such CPUs do exist (and can easily be "created" with nested virtualization). Reported-by: Yi Lai Cc: Tao Su Cc: Xudong Hao Signed-off-by: Sean Christopherson --- tip-tree folks, this is obviously not technically KVM code, but I'd like to take this through the KVM tree so that we can use the information to fix KVM selftests (hopefully this cycle). arch/x86/include/asm/vmxfeatures.h | 1 + arch/x86/kernel/cpu/feat_ctl.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/arch/x86/include/asm/vmxfeatures.h b/arch/x86/include/asm/vmxfeatures.h index c6a7eed03914..266daf5b5b84 100644 --- a/arch/x86/include/asm/vmxfeatures.h +++ b/arch/x86/include/asm/vmxfeatures.h @@ -25,6 +25,7 @@ #define VMX_FEATURE_EPT_EXECUTE_ONLY ( 0*32+ 17) /* "ept_x_only" EPT entries can be execute only */ #define VMX_FEATURE_EPT_AD ( 0*32+ 18) /* EPT Accessed/Dirty bits */ #define VMX_FEATURE_EPT_1GB ( 0*32+ 19) /* 1GB EPT pages */ +#define VMX_FEATURE_EPT_5LEVEL ( 0*32+ 20) /* 5-level EPT paging */ /* Aggregated APIC features 24-27 */ #define VMX_FEATURE_FLEXPRIORITY ( 0*32+ 24) /* TPR shadow + virt APIC */ diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c index 03851240c3e3..1640ae76548f 100644 --- a/arch/x86/kernel/cpu/feat_ctl.c +++ b/arch/x86/kernel/cpu/feat_ctl.c @@ -72,6 +72,8 @@ static void init_vmx_capabilities(struct cpuinfo_x86 *c) c->vmx_capability[MISC_FEATURES] |= VMX_F(EPT_AD); if (ept & VMX_EPT_1GB_PAGE_BIT) c->vmx_capability[MISC_FEATURES] |= VMX_F(EPT_1GB); + if (ept & VMX_EPT_PAGE_WALK_5_BIT) + c->vmx_capability[MISC_FEATURES] |= VMX_F(EPT_5LEVEL); /* Synthetic APIC features that are aggregates of multiple features. */ if ((c->vmx_capability[PRIMARY_CTLS] & VMX_F(VIRTUAL_TPR)) && base-commit: 1c6d984f523f67ecfad1083bb04c55d91977bb15 -- 2.43.0.472.g3155946c3a-goog