lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 18 May 2022 11:26:35 -0500
From:   Suravee Suthikulpanit <suravee.suthikulpanit@....com>
To:     <linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org>
CC:     <pbonzini@...hat.com>, <mlevitsk@...hat.com>, <seanjc@...gle.com>,
        <joro@...tes.org>, <jon.grimm@....com>, <wei.huang2@....com>,
        <terry.bowman@....com>,
        Suravee Suthikulpanit <suravee.suthikulpanit@....com>
Subject: [PATCH v5 00/17] Introducing AMD x2AVIC and hybrid-AVIC modes

Introducing support for AMD x2APIC virtualization. This feature is
indicated by the CPUID Fn8000_000A EDX[14], and it can be activated
by setting bit 31 (enable AVIC) and bit 30 (x2APIC mode) of VMCB
offset 60h.

With x2AVIC support, the guest local APIC can be fully virtualized in
both xAPIC and x2APIC modes, and the mode can be changed during runtime.
For example, when AVIC is enabled, the hypervisor set VMCB bit 31
to activate AVIC for each vCPU. Then, it keeps track of each vCPU's
APIC mode, and updates VMCB bit 30 to enable/disable x2APIC
virtualization mode accordingly.

Besides setting bit VMCB bit 30 and 31, for x2AVIC, kvm_amd driver needs
to disable interception for the x2APIC MSR range to allow AVIC hardware
to virtualize register accesses.

This series also introduce a partial APIC virtualization (hybrid-AVIC)
mode, where APIC register accesses are trapped (i.e. not virtualized
by hardware), but leverage AVIC doorbell for interrupt injection.
This eliminates need to disable x2APIC in the guest on system without
x2AVIC support. (Note: suggested by Maxim)

Testing for v5:
  * Test partial AVIC mode by launching a VM with x2APIC mode
  * Tested booting a Linux VM with x2APIC physical and logical modes upto 512 vCPUs.
  * Test the following nested SVM test use cases:

             L0     |    L1   |   L2
       ----------------------------------
               AVIC |    APIC |    APIC
               AVIC |    APIC |  x2APIC
        hybrid-AVIC |  x2APIC |    APIC
        hybrid-AVIC |  x2APIC |  x2APIC
             x2AVIC |    APIC |    APIC
             x2AVIC |    APIC |  x2APIC
             x2AVIC |  x2APIC |    APIC
             x2AVIC |  x2APIC |  x2APIC

Changes from v4:
(https://lore.kernel.org/lkml/20220508023930.12881-5-suravee.suthikulpanit@amd.com/T/)
  * Patch  3: Move enum_avic_modes definition to svm.h
  * Patch 10: Rename avic_set_x2apic_msr_interception to
              svm_set_x2apic_msr_interception and move it to svm.c
              to simplify the struct svm_direct_access_msrs declaration.
  * Patch 16: New from Maxim 
  * Patch 17: New from Maxim 

Best Regards,
Suravee

Maxim Levitsky (2):
  KVM: x86: nSVM: always intercept x2apic msrs
  KVM: x86: nSVM: optimize svm_set_x2apic_msr_interception

Suravee Suthikulpanit (15):
  x86/cpufeatures: Introduce x2AVIC CPUID bit
  KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to
    [GET/SET]_XAPIC_DEST_FIELD
  KVM: SVM: Detect X2APIC virtualization (x2AVIC) support
  KVM: SVM: Update max number of vCPUs supported for x2AVIC mode
  KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID
  KVM: SVM: Do not support updating APIC ID when in x2APIC mode
  KVM: SVM: Adding support for configuring x2APIC MSRs interception
  KVM: x86: Deactivate APICv on vCPU with APIC disabled
  KVM: SVM: Refresh AVIC configuration when changing APIC mode
  KVM: SVM: Introduce helper functions to (de)activate AVIC and x2AVIC
  KVM: SVM: Do not throw warning when calling avic_vcpu_load on a
    running vcpu
  KVM: SVM: Introduce hybrid-AVIC mode
  KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is
    valid
  KVM: SVM: Use target APIC ID to complete x2AVIC IRQs when possible
  KVM: SVM: Add AVIC doorbell tracepoint

 arch/x86/hyperv/hv_apic.c          |   2 +-
 arch/x86/include/asm/apicdef.h     |   4 +-
 arch/x86/include/asm/cpufeatures.h |   1 +
 arch/x86/include/asm/kvm_host.h    |   1 -
 arch/x86/include/asm/svm.h         |  16 ++-
 arch/x86/kernel/apic/apic.c        |   2 +-
 arch/x86/kernel/apic/ipi.c         |   2 +-
 arch/x86/kvm/lapic.c               |   6 +-
 arch/x86/kvm/svm/avic.c            | 178 ++++++++++++++++++++++++++---
 arch/x86/kvm/svm/nested.c          |   5 +
 arch/x86/kvm/svm/svm.c             |  75 ++++++++----
 arch/x86/kvm/svm/svm.h             |  25 +++-
 arch/x86/kvm/trace.h               |  18 +++
 arch/x86/kvm/x86.c                 |   8 +-
 14 files changed, 291 insertions(+), 52 deletions(-)

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ