lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20bb3005-bf6c-4fe1-bf0d-6d37e0ce1a77@zytor.com>
Date:   Thu, 19 Oct 2023 01:26:06 -0700
From:   Xin Li <xin@...or.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        pbonzini@...hat.com, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
        hpa@...or.com, weijiang.yang@...el.com
Subject: Re: [PATCH 1/1] KVM: VMX: Cleanup VMX basic information defines and
 usages

On 10/18/2023 2:08 PM, Sean Christopherson wrote:

>> Add IA32_VMX_BASIC MSR bitfield shift macros and use them to define VMX
>> basic information bitfields.
> 
> Why?  Unless something actually uses the shift independently, just define the
> BIT_ULL(...) straightaway.

Well, reading "BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) |" is hard.

But Lemme remove those shifts not being used now.

>> Add VMX_BASIC_FEATURES and VMX_BASIC_RESERVED_BITS to form a valid bitmask
>> of IA32_VMX_BASIC MSR. As a result, to add a new VMX basic feature bit,
>> just change the 2 new macros in the header file.
> 
> Not if a new feature bit lands in the middle of one of the reserved ranges, then
> the developer will have to update at least three macros, and add a new one. More
> below.

yes, it is the case for VMX nested exception feature bit.


> 
>> Also replace hardcoded VMX basic numbers with the new VMX basic macros.
>>
>> Tested-by: Shan Kang <shan.kang@...el.com>
>> Signed-off-by: Xin Li <xin3.li@...el.com>
>> ---
>>   arch/x86/include/asm/msr-index.h       | 31 ++++++++++++++++++++------
>>   arch/x86/kvm/vmx/nested.c              | 10 +++------
>>   arch/x86/kvm/vmx/vmx.c                 |  2 +-
>>   tools/arch/x86/include/asm/msr-index.h | 31 ++++++++++++++++++++------
> 
> Please drop the tools/ update, copying kernel headers into tools is a perf tools
> thing that I want no part of.
> 
> https://lore.kernel.org/all/Y8bZ%2FJ98V5i3wG%2Fv@google.com

why can't we simply remove tools/arch/x86/include/asm/msr-index.h?


> 
>>   4 files changed, 52 insertions(+), 22 deletions(-)
>>
>> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
>> index 1d111350197f..4607448ff805 100644
>> --- a/arch/x86/include/asm/msr-index.h
>> +++ b/arch/x86/include/asm/msr-index.h
>> @@ -1084,13 +1084,30 @@
>>   #define MSR_IA32_VMX_PROCBASED_CTLS3	0x00000492
>>   
>>   /* VMX_BASIC bits and bitmasks */
>> -#define VMX_BASIC_VMCS_SIZE_SHIFT	32
>> -#define VMX_BASIC_TRUE_CTLS		(1ULL << 55)
>> -#define VMX_BASIC_64		0x0001000000000000LLU
>> -#define VMX_BASIC_MEM_TYPE_SHIFT	50
>> -#define VMX_BASIC_MEM_TYPE_MASK	0x003c000000000000LLU
>> -#define VMX_BASIC_MEM_TYPE_WB	6LLU
>> -#define VMX_BASIC_INOUT		0x0040000000000000LLU
>> +#define VMX_BASIC_VMCS_SIZE_SHIFT		32
>> +#define VMX_BASIC_ALWAYS_0			BIT_ULL(31)
>> +#define VMX_BASIC_RESERVED_RANGE_1		GENMASK_ULL(47, 45)
>> +#define VMX_BASIC_32BIT_PHYS_ADDR_ONLY_SHIFT	48
>> +#define VMX_BASIC_32BIT_PHYS_ADDR_ONLY		BIT_ULL(VMX_BASIC_32BIT_PHYS_ADDR_ONLY_SHIFT)
>> +#define VMX_BASIC_DUAL_MONITOR_TREATMENT_SHIFT	49
>> +#define VMX_BASIC_DUAL_MONITOR_TREATMENT	BIT_ULL(VMX_BASIC_DUAL_MONITOR_TREATMENT_SHIFT)
>> +#define VMX_BASIC_MEM_TYPE_SHIFT		50
>> +#define VMX_BASIC_MEM_TYPE_WB			6LLU
>> +#define VMX_BASIC_INOUT_SHIFT			54
>> +#define VMX_BASIC_INOUT				BIT_ULL(VMX_BASIC_INOUT_SHIFT)
>> +#define VMX_BASIC_TRUE_CTLS_SHIFT		55
>> +#define VMX_BASIC_TRUE_CTLS			BIT_ULL(VMX_BASIC_TRUE_CTLS_SHIFT)
>> +#define VMX_BASIC_RESERVED_RANGE_2		GENMASK_ULL(63, 56)
>> +
>> +#define VMX_BASIC_FEATURES			\
> 
> Maybe VMX_BASIC_FEATURES_MASK to make it more obvious it's a mask of multiple
> bits?

This is better!


> 
>> +	(VMX_BASIC_DUAL_MONITOR_TREATMENT |	\
>> +	 VMX_BASIC_INOUT |			\
>> +	 VMX_BASIC_TRUE_CTLS)
>> +
>> +#define VMX_BASIC_RESERVED_BITS			\
>> +	(VMX_BASIC_ALWAYS_0 |			\
>> +	 VMX_BASIC_RESERVED_RANGE_1 |		\
>> +	 VMX_BASIC_RESERVED_RANGE_2)
> 
> I don't see any value in defining VMX_BASIC_RESERVED_RANGE_1 and
> VMX_BASIC_RESERVED_RANGE_2 separately.   Or VMX_BASIC_ALWAYS_0 for the matter.
> And I don't think these macros need to go in msr-index.h, e.g. just define them
> above vmx_restore_vmx_basic() as that's likely going to be the only user, ever.

hmm, I'm overusing macros, better do:
#define VMX_BASIC_RESERVED_BITS			\
	(BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56))

Probably should also move VMX MSR field defs from msr-index.h to
a vmx header file.

> 
> And what's really missing is a static_assert() or BUILD_BUG_ON() to ensure that
> VMX_BASIC_FEATURES doesn't overlap with VMX_BASIC_RESERVED_BITS.

good idea, human beings are not good at such jobs by staring at it.

> 
>>   /* Resctrl MSRs: */
>>   /* - Intel: */
>> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
>> index c5ec0ef51ff7..5280ba944c87 100644
>> --- a/arch/x86/kvm/vmx/nested.c
>> +++ b/arch/x86/kvm/vmx/nested.c
>> @@ -1203,21 +1203,17 @@ static bool is_bitwise_subset(u64 superset, u64 subset, u64 mask)
>>   
>>   static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data)
>>   {
>> -	const u64 feature_and_reserved =
>> -		/* feature (except bit 48; see below) */
>> -		BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) |
>> -		/* reserved */
>> -		BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56);
>>   	u64 vmx_basic = vmcs_config.nested.basic;
>>   
>> -	if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved))
>> +	if (!is_bitwise_subset(vmx_basic, data,
>> +			       VMX_BASIC_FEATURES | VMX_BASIC_RESERVED_BITS))
>>   		return -EINVAL;
>>   
>>   	/*
>>   	 * KVM does not emulate a version of VMX that constrains physical
>>   	 * addresses of VMX structures (e.g. VMCS) to 32-bits.
>>   	 */
>> -	if (data & BIT_ULL(48))
>> +	if (data & VMX_BASIC_32BIT_PHYS_ADDR_ONLY)
>>   		return -EINVAL;
>>   
>>   	if (vmx_basic_vmcs_revision_id(vmx_basic) !=
>> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
>> index 72e3943f3693..f597243d6a72 100644
>> --- a/arch/x86/kvm/vmx/vmx.c
>> +++ b/arch/x86/kvm/vmx/vmx.c
>> @@ -2701,7 +2701,7 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
>>   
>>   #ifdef CONFIG_X86_64
>>   	/* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */
>> -	if (vmx_msr_high & (1u<<16))
>> +	if (vmx_msr_high & (1u << (VMX_BASIC_32BIT_PHYS_ADDR_ONLY_SHIFT - 32)))
> 
> In all honestly, I find the existing code easier to read.  I'm definitely not
> saying the existing code is good, but IMO this is at best a wash.
> 
> I would much rather we do something like this and move away from the hi/lo crud
> entirely:

I ever saw a TDX patch does most of this cleanup.

> 
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 86ce9efe6c66..f103980c3d02 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -2693,28 +2693,28 @@ static int setup_vmcs_config(struct vmcs_config *vmcs_conf,
>                  _vmexit_control &= ~x_ctrl;
>          }
>   
> -       rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high);
> +       rdmsrl(MSR_IA32_VMX_BASIC, vmx_msr);
>   
>          /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */
> -       if ((vmx_msr_high & 0x1fff) > PAGE_SIZE)
> +       if ((VMX_BASIC_VMCS_SIZE(vmx_msr) > PAGE_SIZE)
>                  return -EIO;
>   
>   #ifdef CONFIG_X86_64
>          /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */
> -       if (vmx_msr_high & (1u<<16))
> +       if (vmx_msr & VMX_BASIC_32BIT_PHYS_ADDR_ONLY)
>                  return -EIO;
>   #endif
>   
>          /* Require Write-Back (WB) memory type for VMCS accesses. */
> -       if (((vmx_msr_high >> 18) & 15) != 6)
> +       if (VMX_BASIC_VMCS_MEMTYPE(vmx_msr) != VMX_BASIC_MEM_TYPE_WB)
>                  return -EIO;
>   
>          rdmsrl(MSR_IA32_VMX_MISC, misc_msr);
>   
> -       vmcs_conf->size = vmx_msr_high & 0x1fff;
> -       vmcs_conf->basic_cap = vmx_msr_high & ~0x1fff;
> +       vmcs_conf->size = VMX_BASIC_VMCS_SIZE(vmx_msr);
> +       vmcs_conf->basic_cap = ????(vmx_msr);
>   
> -       vmcs_conf->revision_id = vmx_msr_low;
> +       vmcs_conf->revision_id = (u32)vmx_msr;
>   
>          vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control;
>          vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control;
> 

-- 
Thanks!
     Xin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ