Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3325783lqo; Tue, 21 May 2024 13:31:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWOuAylbXParI7p/uL/5eoab6lDFBBMJSKUqF4pgqIm8KODwACX1hEdZrgYel0ycmwUpDGmyKQ2qVhO5VI72OtlsSUTR+LuvjKsgAoEYg== X-Google-Smtp-Source: AGHT+IECeDhcTEbAYOOAZkMbQcNqCF27HnfIKe9Yz9MMMvxBVzMwkw6QCLg46O71xnPi8Fr+Lt1U X-Received: by 2002:a05:6512:4003:b0:522:221:d19d with SMTP id 2adb3069b0e04-5220fd7bfccmr31031965e87.15.1716323515970; Tue, 21 May 2024 13:31:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716323515; cv=pass; d=google.com; s=arc-20160816; b=en8rK+7qMJHyKdVbPHjRCECAiSPJuhgirNqbQCm1YwE6q+Wd97At+tqDVIMSBus1j9 Vtmm6wDf27OX4V/8HkLO/KpBk1sP6ow15lGk0HvXsmz9F4fLrgKdz3NaAHeJpj+98/y6 WhyumpieuhAEbLmloYaaWPNl0764WqvYlaH286bdaE4k6JcCZMgkIbDcJ5Od6fiVVrXa dGEJnRAYz+oDjYfj5Tnkei2XbN7eshxK4Ah9CEifmSL8s3dnLDo0qzqXc4R0Zt54I9Vp qrbKM9D4Yq4eAS9NEswVBLrpaSdMBYJJ6+w/Lqb931zS0KU/B6GN6NpNeBAh1JyZx0tB Zbdw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=RIxYIUY6xfa0Z61X8hb/LG8bYVX3fiRC8Zg5CcwCluY=; fh=AAKTEolMPSlBYUEVruNnL5Wp/7ZTVGV2hoH9PKdUb6U=; b=yJmUX2W0V5FASvFJEtlFRyJHBU+O/oTgfEy/U/7wicSxra68LvFp4voS+GwoH0q5jK 0eevwVTZRrYJV0aTj0ATyec3OlRtAu73Yz6ipuxfVcLu7z7VoRGPGhvyfv1E4sXbpUeN LyRBA1ainZFTtysQ09ugciC+PGWzU0fwBWbDabMCKBlEg1Le2rSsd6ramGRgnqpqsoR+ 8sphlDtLvg0fV4vruNedZ7Y1HDH9l4BGUa65n0KyCLrR3cveAGRj1gkac6UXEKO6d8DX J8EcdG+K/nKOrG9w0NPzjoWtXw38ILoozx43GT99G5Wzg5uL2WsQ+W0XDubOQLt3VLhI tsaQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Q8xTUZJh; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-185421-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185421-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a62196cca86si59019666b.583.2024.05.21.13.31.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 13:31:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-185421-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Q8xTUZJh; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-185421-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185421-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 78C0A1F22C0B for ; Tue, 21 May 2024 20:31:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 299341494D8; Tue, 21 May 2024 20:31:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Q8xTUZJh" Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D734547A5C for ; Tue, 21 May 2024 20:31:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716323505; cv=none; b=ThTWEPMK8OlmtH4e8f7tYCtgXHOHku66PyhSjxJrVAaZTZ0+f6/5lVqnQyg7mu8jTZmkQ6+davfsXV13zIwVcqXRuyszZUWforHBIk8cnkiEB24+xg90u6StoMKpPkXSJ5uilL7v3N9YKR4lO98s+D6BWsgIiDaTWlDuOVI6Sag= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716323505; c=relaxed/simple; bh=QuUd2WIszBgiRLRMwosQW3GxJBwnIuQ7/If73ZyYbfA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=TTnMwaL6F8UB2E5Q4H/HdqjofHp2Ond8pXMe1Nh62Fy5klcN5GeOaiJw25EE/6db/FVFGn0nziqWeg8hJMNa6dhwdLIIOpN5i02ObaSGwwasz5UaXQUXs8woL4LOUtgfcvnBk0Xl7QpyhIcsK/Bm+Sidxuqr/v0Uqd72ugGnzlk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Q8xTUZJh; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-6f46eb81892so12712913b3a.0 for ; Tue, 21 May 2024 13:31:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1716323503; x=1716928303; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=RIxYIUY6xfa0Z61X8hb/LG8bYVX3fiRC8Zg5CcwCluY=; b=Q8xTUZJhveLvXkoO/x1fUOd7lVkYsmwGekVBSXOGvD7dOcNFBllInms6rwOKzACnzl ET+wZ0hm5g0QORofywxELACZAF6GOVfvKiNobkumnvSLli7p2gMJh2qrrA5fULNzAdNK gjqK4k11nClvwgtd2jHOeGYkurDSlZwJGoqhQPsViubV612do1xo1vGTSMKwvVsnJWSs 3f0Dw1VZwLPzH4QyfnNx0WSE221vP0WW3x9cagaa8raPCearALdajpMK7fIR7NpY/Ts3 jP8ruxTOZEoMVIXIKYJMFS4aAganq5VtCZNdcpCQ6iWwkIhMpRz4JhZqiOWqbnpXiKql m6Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716323503; x=1716928303; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=RIxYIUY6xfa0Z61X8hb/LG8bYVX3fiRC8Zg5CcwCluY=; b=g+DHo1wFsc0QGVSgj6NZVFgNxAQ5IJprYNbWwoL1/3b+fEE/AqQBWQ4iOumZPFdppx w4qUGLIxUWnSkvEfm24eX8AV/xQ6tYD3lUIuAKqT0spaQsEq3bK8Xf6cZt/BtQ3wCzJZ 0SM1oQJIVyuys2KAiXWXVqUvTobrYgy4+dchra1hj+HgLSEnLv+G/51xdCMBlvMjRvhg sH2CRJ+ZCAAOJYXfK+mjw+OJX5DWhR52nFwZapS5oMhnF31sFrz3WXcTS7nCjPFgz757 Lq7aVpF/Z2cdhGwUPYbMBNDHJ9D0ZCQYNUyBKqOQGWrI/bEMHQks25Jk9S0Eyl3lHJ8C RjBQ== X-Forwarded-Encrypted: i=1; AJvYcCWFjreq9kixVVtumcZ9ytZ6n5qLPelXZlaRUa6U+HLatdpALEJYisMKAOmUosEVk8xmkuDnVzq4DZu09WgQI1RZyP80mzX6yMYgNxBv X-Gm-Message-State: AOJu0Yx34wVyLM7030A3Rn7BWih6Xz7Sblb6kHgPUWiQzj3rCfYW/5/X +issYmzSYtVf1HK9nR/pi7A89bX0OHG0Bt+/C9Ad20MH5IujqliEKr3b68XZpNA8W3OVKBpMiZg KNg== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:2e8f:b0:6f3:f447:57e1 with SMTP id d2e1a72fcca58-6f6d6002b65mr392b3a.1.1716323502715; Tue, 21 May 2024 13:31:42 -0700 (PDT) Date: Tue, 21 May 2024 13:31:41 -0700 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240416050338.517-1-ravi.bangoria@amd.com> <9252b68e-2b6a-6173-2e13-20154903097d@amd.com> <305b84aa-3897-40f4-873b-dc512a2da61f@amd.com> Message-ID: Subject: Re: [PATCH v2] KVM: SEV-ES: Don't intercept MSR_IA32_DEBUGCTLMSR for SEV-ES guests From: Sean Christopherson To: Ravi Bangoria Cc: pbonzini@redhat.com, thomas.lendacky@amd.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, michael.roth@amd.com, nikunj.dadhania@amd.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, santosh.shukla@amd.com Content-Type: text/plain; charset="us-ascii" On Mon, May 20, 2024, Ravi Bangoria wrote: > On 17-May-24 8:01 PM, Sean Christopherson wrote: > > On Fri, May 17, 2024, Ravi Bangoria wrote: > >> On 08-May-24 12:37 AM, Sean Christopherson wrote: > >>> So unless I'm missing something, the only reason to ever disable LBRV would be > >>> for performance reasons. Indeed the original commits more or less says as much: > >>> > >>> commit 24e09cbf480a72f9c952af4ca77b159503dca44b > >>> Author: Joerg Roedel > >>> AuthorDate: Wed Feb 13 18:58:47 2008 +0100 > >>> > >>> KVM: SVM: enable LBR virtualization > >>> > >>> This patch implements the Last Branch Record Virtualization (LBRV) feature of > >>> the AMD Barcelona and Phenom processors into the kvm-amd module. It will only > >>> be enabled if the guest enables last branch recording in the DEBUG_CTL MSR. So > >>> there is no increased world switch overhead when the guest doesn't use these > >>> MSRs. > >>> > >>> but what it _doesn't_ say is what the world switch overhead is when LBRV is > >>> enabled. If the overhead is small, e.g. 20 cycles?, then I see no reason to > >>> keep the dynamically toggling. > >>> > >>> And if we ditch the dynamic toggling, then this patch is unnecessary to fix the > >>> LBRV issue. It _is_ necessary to actually let the guest use the LBRs, but that's > >>> a wildly different changelog and justification. > >> > >> The overhead might be less for legacy LBR. But upcoming hw also supports > >> LBR Stack Virtualization[1]. LBR Stack has total 34 MSRs (two control and > >> 16*2 stack). Also, Legacy and Stack LBR virtualization both are controlled > >> through the same VMCB bit. So I think I still need to keep the dynamic > >> toggling for LBR Stack virtualization. > > > > Please get performance number so that we can make an informed decision. I don't > > want to carry complexity because we _think_ the overhead would be too high. > > LBR Virtualization overhead for guest entry + exit roundtrip is ~450 cycles* on Ouch. Just to clearify, that's for LBR Stack Virtualization, correct? Ugh, I was going to say that we could always enable "legacy" LBR virtualization, and do the dynamic toggling iff DebugExtnCtl.LBRS=1, but they share an enabling flag. What a mess. > a Genoa machine. Also, LBR MSRs (except MSR_AMD_DBG_EXTN_CFG) are of swap type > C so this overhead is only for guest MSR save/restore. Lovely. Have I mentioned that the SEV-ES behavior of force-enabling every feature under the sun is really, really annoying? Anyways, I agree that we need to keep the dynamic toggling. But I still think we should delete the "lbrv" module param. LBR Stack support has a CPUID feature flag, i.e. userspace can disable LBR support via CPUID in order to avoid the overhead on CPUs with LBR Stack. The logic for MSR_IA32_DEBUGCTLMSR will be bizarre, but I don't see a way around that since legacy LBR virtualization and LBR Stack virtualization share a control. E.g. I think we'll want to end up with something like this? case MSR_IA32_DEBUGCTLMSR: if (data & DEBUGCTL_RESERVED_BITS) return 1; if (kvm_cpu_cap_has(X86_FEATURE_LBR_STACK) && !guest_cpuid_has(vcpu, X86_FEATURE_LBR_STACK)) { kvm_pr_unimpl_wrmsr(vcpu, ecx, data); break; } svm_get_lbr_vmcb(svm)->save.dbgctl = data; svm_update_lbrv(vcpu); break;