Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1104853lqo; Fri, 17 May 2024 10:45:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXS6wyl0O/jmHjy5qGFP0Rk3VVyDyyw6CehFrk9vdDQ/87W97N5lgGKvie6uYUe8glASxdFjAdTLM0ZEjJSGHcwlnv9L2klbfMdv/xuCQ== X-Google-Smtp-Source: AGHT+IHYRcu8Jv36+8QLcxFOEkUf0P957E3KpzpOBcZ+ZgtR+bqCxMn+ZN/eVuIgBcB6w/ue1Esj X-Received: by 2002:a05:6214:5a02:b0:6a0:5a6c:9c03 with SMTP id 6a1803df08f44-6a1682488a0mr306206666d6.61.1715967900433; Fri, 17 May 2024 10:45:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715967900; cv=pass; d=google.com; s=arc-20160816; b=y2TaS+f3Xv+c14LvNz+fNOI9/P9SRTdR0uJmxwmfu18YwAR28ywgZ6W5Q5xJjHy8wL mtjbcHK8pW2Vg4FKfJUuH51btcvaNYNPz0LFevCA6YL6+OQMhrz1choPkEdraCLW7X2W XzEczlbZf8BK9e12Vu3xGwSUaYRMIVtVNdvqW7iKFBziPAMrFZufQN4F0ajR74TAOa55 hgAEi/T9R6Xke/qZpLKaDNF6ESAlADZcmq01VwysNY8Rei+rtkW5yPkJ7QqK0zLVNib8 hKfGYIFJN5OMRyUdb3OObvZwZec3eRjGGItlQTzWHWysecYyRP6iM2JvAtyrZEieJVqE CtcQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :reply-to:dkim-signature; bh=uy/Z1Gc/com6+2iOEwxMfm4DvRtWwEY0F8XI68VC7ms=; fh=nNM7psseQhZdzTG78c23rQ/NOscn05HLzpHJkYEX6jA=; b=c7v4ZRtKcOr8PddohMD4in0PdtIRccAeRzR0TEFYc3bRnSfoR2QXoEPyhiCAWh9rGX o+3DpZGu/pte4JfpU0UGjrmoi8X0V3B7abzqCEP5W/zg0HRnI/ASBFiNRPMhCt7N4GqB JLC7UUPVcYkY/+Y5dLeFC6hKZ00uGjCgj1UPGWsrpWlZrqI/98fB7qOcv4IYSpuKr7nf pGiYUnAq3n7d1H78yVIzMVMQ6soPMOdrlybVGU/jIvl2PQiOkO7WR8UaowVLmlKUsAzS m7Rg2qhok1KiZIg5yT2GuwY0DNamedjFZopeKisg2GdaRzn32d61pvSOtq+c3l1c2q2w MPHg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=LAVKJbT1; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-182449-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182449-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id 6a1803df08f44-6a15f29a8d8si192315656d6.261.2024.05.17.10.45.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 May 2024 10:45:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-182449-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=LAVKJbT1; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-182449-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182449-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 1D5851C213D4 for ; Fri, 17 May 2024 17:45:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C9B561448F6; Fri, 17 May 2024 17:40:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LAVKJbT1" Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E589143C62 for ; Fri, 17 May 2024 17:40:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715967615; cv=none; b=fyoasXaYUfzkJeI4CYm1w8TOARxgG2zOAglx2xFmvjxgUN5/WIKFzm0Olizq6DQBX/dk7IR/SkrFnFaZcAPPOmJC/FcZvTgM6D4CdZzEQtqUIb1PEHFl2l6VuspmaHxxj8EQSPX3fg6bGoJl6oZQtQcFZKzM/GGLrT6zsdSYNwU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715967615; c=relaxed/simple; bh=iP0L4SxUVEyEbwSyTD2h0iJ+oHlybHZyrqWrfGMFfXY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pAZZ+QXAe5j5jY9Mi91gNZKpaeQhozkOVgf7qk9ydOqWtY9oQ58XEtlfFg+nBL9XKhbnNpD/BoKfYK8R6/zBciqx7l15XjbqFfYKhkk+KRsvdyMX+9uf1LCUP5rOXo+NPbgESsX/7ZjwLeIiYs9VyQ7/9J9HMo43vduL/UgY0sI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=LAVKJbT1; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2bd5f87a0e1so911a91.0 for ; Fri, 17 May 2024 10:40:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715967614; x=1716572414; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=uy/Z1Gc/com6+2iOEwxMfm4DvRtWwEY0F8XI68VC7ms=; b=LAVKJbT1eHVLkVVxsGftaK8XSm0CTM2GLhlz+tdUCTV1UOs16DHVHhUqzllBwM0CZQ qGpxbD/mt2Xj9uiHfLT7bQyASw9Mhl96/0cJYcM5ye6wXlbqz8YjiVrGEzHXLikoNj/0 capT9Iu9Dcq7dcIE6W9UuApm8Ub0B4NacWvFtFU199oWs3Kil7ngmRnpn60DFRS5EyHf 7LwqIyi58gpKab/3w0dR5VayN8NRWVShn1L1Hgvmhc5CPqCczfG4+DaYkMQf7/f5/Esv vhHX/yLqR11LCKLBmocOkKphAQrVk+Vm9sdQzZFDqwAyKsxrX7YVXFUgTfrb/3/m6VFe 2B4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715967614; x=1716572414; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uy/Z1Gc/com6+2iOEwxMfm4DvRtWwEY0F8XI68VC7ms=; b=PLqDvyiyPbbw+XuLaqOgIBhGxQGaLiQS29GaWlWR2bQuT5+319AKvoeiILmtt+iK2Z LP9kPtXttDaEyY+dNU7/d1XbdozmVceZByFd/9PBkYjyFnSI8B2LU+fgxqJSC1kIkbUx X2tuQbI/EmT6NJZF+CYUx+kIjkqIahCkYf+LT2HcGkXqrxVFSLYM8/9XG2R6WsMR3ePV tV9PQx/OdpDUMdG/8d4IWy2e5aqCJSAH6yrixayFTts3QEbk4wT5S4kFgpFuLh14y+dL hD3ASvBpZfpduVjdvLzJEpOrO00eCPHhNBf5ZjeUP4PvY7oIura/R26zeRaEjwVHa4GP i/pA== X-Forwarded-Encrypted: i=1; AJvYcCXr5nf+AVFt+Dd9c7RR2Yrq1h/FjN+eF85i6mOD4KPikdyBHcteS9dNT9DcaMR+eBaHP8cfz9rknVwR2xw6Pnu0wvCCWyG1VU5zgzqE X-Gm-Message-State: AOJu0YzeipL6W+L7AmVyD5gd5W4XW+9luC8xaNUopehZwVnM2vv45Ti9 M8CKyXteMunHk8trNvjgsbWNZLCAdHLrsEevKDomoIi5+o6tRSsWCgAJgxLrkn9oBQaNwAgpCUr yhw== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90b:3bcd:b0:2ab:b480:5019 with SMTP id 98e67ed59e1d1-2b6ccd85cfamr61647a91.5.1715967613719; Fri, 17 May 2024 10:40:13 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 17 May 2024 10:38:53 -0700 In-Reply-To: <20240517173926.965351-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240517173926.965351-1-seanjc@google.com> X-Mailer: git-send-email 2.45.0.215.g3402c0e53f-goog Message-ID: <20240517173926.965351-17-seanjc@google.com> Subject: [PATCH v2 16/49] KVM: x86: Don't update PV features caches when enabling enforcement capability From: Sean Christopherson To: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Hou Wenlong , Kechen Lu , Oliver Upton , Maxim Levitsky , Binbin Wu , Yang Weijiang , Robert Hoo Content-Type: text/plain; charset="UTF-8" Revert the chunk of commit 01b4f510b9f4 ("kvm: x86: ensure pv_cpuid.features is initialized when enabling cap") that forced a PV features cache refresh during KVM_CAP_ENFORCE_PV_FEATURE_CPUID, as whatever ioctl() ordering issue it alleged to have fixed never existed upstream, and likely never existed in any kernel. At the time of the commit, there was a tangentially related ioctl() ordering issue, as toggling KVM_X86_DISABLE_EXITS_HLT after KVM_SET_CPUID2 would have resulted in KVM potentially leaving KVM_FEATURE_PV_UNHALT set. But (a) that bug affected the entire guest CPUID, not just the cache, (b) commit 01b4f510b9f4 didn't address that bug, it only refreshed the cache (with the bad CPUID), and (c) setting KVM_X86_DISABLE_EXITS_HLT after vCPU creation is completely broken as KVM configures HLT-exiting only during vCPU creation, which is why KVM_CAP_X86_DISABLE_EXITS is now disallowed if vCPUs have been created. Another tangentially related bug was KVM's failure to clear the cache when handling KVM_SET_CPUID2, but again commit 01b4f510b9f4 did nothing to fix that bug. The most plausible explanation for the what commit 01b4f510b9f4 was trying to fix is a bug that existed in Google's internal kernel that was the source of commit 01b4f510b9f4. At the time, Google's internal kernel had not yet picked up commit 0d3b2ba16ba68 ("KVM: X86: Go on updating other CPUID leaves when leaf 1 is absent"), i.e. KVM would not initialize the PV features cache if KVM_SET_CPUID2 was called without a CPUID.0x1 entry. Of course, no sane real world VMM would omit CPUID.0x1, including the KVM selftest added by commit ac4a4d6de22e ("selftests: kvm: test enforcement of paravirtual cpuid features"). And the test didn't actually try to verify multiple orderings, nor did the selftest enter the guest without doing KVM_SET_CPUID2, so who knows what motivated the change. Regardless of why commit 01b4f510b9f4 ("kvm: x86: ensure pv_cpuid.features is initialized when enabling cap") was added, refreshing the cache during KVM_CAP_ENFORCE_PV_FEATURE_CPUID isn't necessary. Cc: Oliver Upton Signed-off-by: Sean Christopherson --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/cpuid.h | 1 - arch/x86/kvm/x86.c | 3 --- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index be1c8f43e090..a51e48663f53 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -242,7 +242,7 @@ static struct kvm_cpuid_entry2 *kvm_find_kvm_cpuid_features(struct kvm_vcpu *vcp vcpu->arch.cpuid_nent, base); } -void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) +static void kvm_update_pv_runtime(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best = kvm_find_kvm_cpuid_features(vcpu); diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h index 0a8b561b5434..7eb3d7318fc4 100644 --- a/arch/x86/kvm/cpuid.h +++ b/arch/x86/kvm/cpuid.h @@ -13,7 +13,6 @@ void kvm_set_cpu_caps(void); void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu); void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu); -void kvm_update_pv_runtime(struct kvm_vcpu *vcpu); struct kvm_cpuid_entry2 *kvm_find_cpuid_entry_index(struct kvm_vcpu *vcpu, u32 function, u32 index); struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c729227c6501..7160c5ab8e3e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5849,9 +5849,6 @@ static int kvm_vcpu_ioctl_enable_cap(struct kvm_vcpu *vcpu, case KVM_CAP_ENFORCE_PV_FEATURE_CPUID: vcpu->arch.pv_cpuid.enforce = cap->args[0]; - if (vcpu->arch.pv_cpuid.enforce) - kvm_update_pv_runtime(vcpu); - return 0; default: return -EINVAL; -- 2.45.0.215.g3402c0e53f-goog