[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7f8a8ccbd0a8325b5a1e756d5c55a5fc5992908d.camel@redhat.com>
Date: Tue, 17 Dec 2024 20:13:45 -0500
From: Maxim Levitsky <mlevitsk@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini
<pbonzini@...hat.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, Jarkko
Sakkinen <jarkko@...nel.org>
Cc: kvm@...r.kernel.org, linux-sgx@...r.kernel.org,
linux-kernel@...r.kernel.org, Hou Wenlong <houwenlong.hwl@...group.com>,
Xiaoyao Li <xiaoyao.li@...el.com>, Kechen Lu <kechenl@...dia.com>, Oliver
Upton <oliver.upton@...ux.dev>, Binbin Wu <binbin.wu@...ux.intel.com>,
Yang Weijiang <weijiang.yang@...el.com>, Robert Hoo
<robert.hoo.linux@...il.com>
Subject: Re: [PATCH v3 00/57] KVM: x86: CPUID overhaul, fixes, and caching
On Wed, 2024-11-27 at 17:33 -0800, Sean Christopherson wrote:
> The super short TL;DR: snapshot all X86_FEATURE_* flags that KVM cares
> about so that all queries against guest capabilities are "fast", e.g. don't
> require manual enabling or judgment calls as to where a feature needs to be
> fast.
>
> The guest_cpu_cap_* nomenclature follows the existing kvm_cpu_cap_*
> except for a few (maybe just one?) cases where guest cpu_caps need APIs
> that kvm_cpu_caps don't. In theory, the similar names will make this
> approach more intuitive.
>
> This series also adds more hardening, e.g. to assert at compile-time if a
> feature flag is passed to the wrong word. It also sets the stage for even
> more hardening in the future, as tracking all KVM-supported features allows
> shoving known vs. used features into arrays at compile time, which can then
> be checked for consistency irrespective of hardware support. E.g. allows
> detecting if KVM is checking a feature without advertising it to userspace.
> This extra hardening is future work; I have it mostly working, but it's ugly
> and requires a runtime check to process the generated arrays.
>
> There are *multiple* potentially breaking changes in this series (in for a
> penny, in for a pound). However, I don't expect any fallout for real world
> VMMs because the ABI changes either disallow things that couldn't possibly
> have worked in the first place, or are following in the footsteps of other
> behaviors, e.g. KVM advertises x2APIC, which is 100% dependent on an in-kernel
> local APIC.
>
> * Disallow stuffing CPUID-dependent guest CR4 features before setting guest
> CPUID.
> * Disallow KVM_CAP_X86_DISABLE_EXITS after vCPU creation
> * Reject disabling of MWAIT/HLT interception when not allowed
> * Advertise TSC_DEADLINE_TIMER in KVM_GET_SUPPORTED_CPUID.
> * Advertise HYPERVISOR in KVM_GET_SUPPORTED_CPUID
>
> Validated the flag rework by comparing the output of KVM_GET_SUPPORTED_CPUID
> (and the emulated version) at the beginning and end of the series, on AMD
> and Intel hosts that should support almost every feature known to KVM.
>
> Maxim, I did my best to incorporate all of your feedback, and when we
> disagreed, I tried to find an approach that I we can hopefully both live
> with, at least until someone comes up with a better idea.
>
> I _think_ the only suggestion that I "rejected" entirely is the existence
> of ALIASED_1_EDX_F. I responded to the previous thread, definitely feel
> free to continue the conversation there (or here).
>
> If I missed something you care strongly about, please holler!
Hi,
I did go over this patch series, I don't think I have anything to add,
there are still things I disagree, especially the F* macros, IMHO this
makes the code less readable.
So if you want to merge this, I won't object.
Thanks,
Best regards,
Maxim Levitsky
>
> v3:
> - Collect more reviews.
> - Too many to list.
>
> v2:
> - Collect a few reviews (though I dropped several due to the patches changing
> significantly).
> - Incorporate KVM's support into the vCPU's cpu_caps. [Maxim]
> - A massive pile of new patches.
>
> Sean Christopherson (57):
> KVM: x86: Use feature_bit() to clear CONSTANT_TSC when emulating CPUID
> KVM: x86: Limit use of F() and SF() to
> kvm_cpu_cap_{mask,init_kvm_defined}()
> KVM: x86: Do all post-set CPUID processing during vCPU creation
> KVM: x86: Explicitly do runtime CPUID updates "after" initial setup
> KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4
> on VMX
> KVM: selftests: Update x86's set_sregs_test to match KVM's CPUID
> enforcement
> KVM: selftests: Assert that vcpu->cpuid is non-NULL when getting CPUID
> entries
> KVM: selftests: Refresh vCPU CPUID cache in __vcpu_get_cpuid_entry()
> KVM: selftests: Verify KVM stuffs runtime CPUID OS bits on CR4 writes
> KVM: x86: Move __kvm_is_valid_cr4() definition to x86.h
> KVM: x86/pmu: Drop now-redundant refresh() during init()
> KVM: x86: Drop now-redundant MAXPHYADDR and GPA rsvd bits from vCPU
> creation
> KVM: x86: Disallow KVM_CAP_X86_DISABLE_EXITS after vCPU creation
> KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed
> KVM: x86: Drop the now unused KVM_X86_DISABLE_VALID_EXITS
> KVM: selftests: Fix a bad TEST_REQUIRE() in x86's KVM PV test
> KVM: selftests: Update x86's KVM PV test to match KVM's disabling
> exits behavior
> KVM: x86: Zero out PV features cache when the CPUID leaf is not
> present
> KVM: x86: Don't update PV features caches when enabling enforcement
> capability
> KVM: x86: Do reverse CPUID sanity checks in __feature_leaf()
> KVM: x86: Account for max supported CPUID leaf when getting raw host
> CPUID
> KVM: x86: Unpack F() CPUID feature flag macros to one flag per line of
> code
> KVM: x86: Rename kvm_cpu_cap_mask() to kvm_cpu_cap_init()
> KVM: x86: Add a macro to init CPUID features that are 64-bit only
> KVM: x86: Add a macro to precisely handle aliased 0x1.EDX CPUID
> features
> KVM: x86: Handle kernel- and KVM-defined CPUID words in a single
> helper
> KVM: x86: #undef SPEC_CTRL_SSBD in cpuid.c to avoid macro collisions
> KVM: x86: Harden CPU capabilities processing against out-of-scope
> features
> KVM: x86: Add a macro to init CPUID features that ignore host kernel
> support
> KVM: x86: Add a macro to init CPUID features that KVM emulates in
> software
> KVM: x86: Swap incoming guest CPUID into vCPU before massaging in
> KVM_SET_CPUID2
> KVM: x86: Clear PV_UNHALT for !HLT-exiting only when userspace sets
> CPUID
> KVM: x86: Remove unnecessary caching of KVM's PV CPUID base
> KVM: x86: Always operate on kvm_vcpu data in cpuid_entry2_find()
> KVM: x86: Move kvm_find_cpuid_entry{,_index}() up near
> cpuid_entry2_find()
> KVM: x86: Remove all direct usage of cpuid_entry2_find()
> KVM: x86: Advertise TSC_DEADLINE_TIMER in KVM_GET_SUPPORTED_CPUID
> KVM: x86: Advertise HYPERVISOR in KVM_GET_SUPPORTED_CPUID
> KVM: x86: Rename "governed features" helpers to use "guest_cpu_cap"
> KVM: x86: Replace guts of "governed" features with comprehensive
> cpu_caps
> KVM: x86: Initialize guest cpu_caps based on guest CPUID
> KVM: x86: Extract code for generating per-entry emulated CPUID
> information
> KVM: x86: Treat MONTIOR/MWAIT as a "partially emulated" feature
> KVM: x86: Initialize guest cpu_caps based on KVM support
> KVM: x86: Avoid double CPUID lookup when updating MWAIT at runtime
> KVM: x86: Drop unnecessary check that cpuid_entry2_find() returns
> right leaf
> KVM: x86: Update OS{XSAVE,PKE} bits in guest CPUID irrespective of
> host support
> KVM: x86: Update guest cpu_caps at runtime for dynamic CPUID-based
> features
> KVM: x86: Shuffle code to prepare for dropping guest_cpuid_has()
> KVM: x86: Replace (almost) all guest CPUID feature queries with
> cpu_caps
> KVM: x86: Drop superfluous host XSAVE check when adjusting guest
> XSAVES caps
> KVM: x86: Add a macro for features that are synthesized into
> boot_cpu_data
> KVM: x86: Pull CPUID capabilities from boot_cpu_data only as needed
> KVM: x86: Rename "SF" macro to "SCATTERED_F"
> KVM: x86: Explicitly track feature flags that require vendor enabling
> KVM: x86: Explicitly track feature flags that are enabled at runtime
> KVM: x86: Use only local variables (no bitmask) to init kvm_cpu_caps
>
> Documentation/virt/kvm/api.rst | 10 +-
> arch/x86/include/asm/kvm_host.h | 47 +-
> arch/x86/kvm/cpuid.c | 967 ++++++++++++------
> arch/x86/kvm/cpuid.h | 128 +--
> arch/x86/kvm/governed_features.h | 22 -
> arch/x86/kvm/hyperv.c | 2 +-
> arch/x86/kvm/lapic.c | 4 +-
> arch/x86/kvm/mmu.h | 2 +-
> arch/x86/kvm/mmu/mmu.c | 4 +-
> arch/x86/kvm/pmu.c | 1 -
> arch/x86/kvm/reverse_cpuid.h | 23 +-
> arch/x86/kvm/smm.c | 10 +-
> arch/x86/kvm/svm/nested.c | 22 +-
> arch/x86/kvm/svm/pmu.c | 8 +-
> arch/x86/kvm/svm/sev.c | 21 +-
> arch/x86/kvm/svm/svm.c | 46 +-
> arch/x86/kvm/svm/svm.h | 4 +-
> arch/x86/kvm/vmx/hyperv.h | 2 +-
> arch/x86/kvm/vmx/nested.c | 18 +-
> arch/x86/kvm/vmx/pmu_intel.c | 4 +-
> arch/x86/kvm/vmx/sgx.c | 14 +-
> arch/x86/kvm/vmx/vmx.c | 61 +-
> arch/x86/kvm/x86.c | 153 ++-
> arch/x86/kvm/x86.h | 6 +-
> include/uapi/linux/kvm.h | 4 -
> .../selftests/kvm/include/x86_64/processor.h | 18 +-
> .../selftests/kvm/x86_64/kvm_pv_test.c | 38 +-
> .../selftests/kvm/x86_64/set_sregs_test.c | 63 +-
> 28 files changed, 1017 insertions(+), 685 deletions(-)
> delete mode 100644 arch/x86/kvm/governed_features.h
>
>
> base-commit: 4d911c7abee56771b0219a9fbf0120d06bdc9c14
Powered by blists - more mailing lists