| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YxpysbHZb2G56K+f@google.com>
Date: Thu, 8 Sep 2022 15:54:41 -0700
From: David Matlack <dmatlack@...gle.com>
To: Vishal Annapurve <vannapurve@...gle.com>
Cc: x86@...nel.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, pbonzini@...hat.com,
shuah@...nel.org, bgardon@...gle.com, seanjc@...gle.com,
oupton@...gle.com, peterx@...hat.com, vkuznets@...hat.com,
drjones@...hat.com
Subject: Re: [V1 PATCH 3/5] selftests: kvm: x86: Execute vmcall/vmmcall
according to CPU type
Please use "KVM: selftest: ..." for the shortlog.
On Sat, Sep 03, 2022 at 01:28:47AM +0000, Vishal Annapurve wrote:
> Modify following APIs for x86 implementation:
> 1) kvm_arch_main : Query the cpu vendor and cache the value in advance.
> 2) kvm_arch_post_vm_load: Populate cpu type in the guest memory so that
> guest doesn't need to execute cpuid instruction again.
This commit message only describes a subset of the changes in this
commit, and does not provide any context on why the changes are being
made (other than a clue about avoiding CPUID).
I also think this could be split up into 2 separate commits.
I would suggest first patch changes is_{intel,amd}_cpu() to return a cached
result. e.g.
KVM: selftests: Precompute the result for is_{intel,amd}_cpu()
Cache the vendor CPU type in a global variable so that multiple calls
to is_intel_cpu() do not need to re-execute CPUID. This will be useful
in a follow-up commit to check if running on AMD or Intel from within
a selftest guest where executing CPUID requires a VM-exit.
Then add support for AMD to kvm_hypercall():
KVM: selftests: Add AMD support to kvm_hypercall()
Add support for AMD hypercalls to kvm_hypercall() so that it can be
used in selftests running on Intel or AMD hosts. This will be used in
a follow up commit to ...
As part of this change, sync the global variable is_cpu_amd into the
guest so the guest can determine which hypercall instruction to use
without needing to re-execute CPUID for every hypercall.
>
> Suggested-by: Sean Christopherson <seanjc@...gle.com>
> Signed-off-by: Vishal Annapurve <vannapurve@...gle.com>
> ---
> .../testing/selftests/kvm/lib/x86_64/processor.c | 15 ++++++++++++---
> 1 file changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c
> index e22cfc4bf284..ac104653ab43 100644
> --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c
> +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c
> @@ -19,6 +19,7 @@
> #define MAX_NR_CPUID_ENTRIES 100
>
> vm_vaddr_t exception_handlers;
> +static int is_cpu_amd = -1;
Should this just be a bool? Since you are initializing it before main(),
there is really no way for any code to observe it's pre-initialized
value. And nothing even checks if is_cpu_amd -1, it just silently
returns false from is_intel_cpu() and is_amd_cpu().
>
> static void regs_dump(FILE *stream, struct kvm_regs *regs, uint8_t indent)
> {
> @@ -1019,7 +1020,7 @@ static bool cpu_vendor_string_is(const char *vendor)
>
> bool is_intel_cpu(void)
> {
> - return cpu_vendor_string_is("GenuineIntel");
> + return (is_cpu_amd == 0);
> }
>
> /*
> @@ -1027,7 +1028,7 @@ bool is_intel_cpu(void)
> */
> bool is_amd_cpu(void)
> {
> - return cpu_vendor_string_is("AuthenticAMD");
> + return (is_cpu_amd == 1);
> }
>
> void kvm_get_cpu_address_width(unsigned int *pa_bits, unsigned int *va_bits)
> @@ -1182,9 +1183,15 @@ uint64_t kvm_hypercall(uint64_t nr, uint64_t a0, uint64_t a1, uint64_t a2,
> {
> uint64_t r;
>
> - asm volatile("vmcall"
> + if (is_amd_cpu())
> + asm volatile("vmmcall"
> : "=a"(r)
> : "a"(nr), "b"(a0), "c"(a1), "d"(a2), "S"(a3));
> + else
> + asm volatile("vmcall"
> + : "=a"(r)
> + : "a"(nr), "b"(a0), "c"(a1), "d"(a2), "S"(a3));
> +
> return r;
> }
>
> @@ -1314,8 +1321,10 @@ bool vm_is_unrestricted_guest(struct kvm_vm *vm)
>
> void kvm_arch_main(void)
> {
> + is_cpu_amd = cpu_vendor_string_is("AuthenticAMD") ? 1 : 0;
> }
>
> void kvm_arch_post_vm_load(struct kvm_vm *vm)
> {
> + sync_global_to_guest(vm, is_cpu_amd);
> }
> --
> 2.37.2.789.g6183377224-goog
>
Powered by blists - more mailing lists