| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250318-vverma7-cleanup_x86_ops-v2-0-701e82d6b779@intel.com>
Date: Tue, 18 Mar 2025 00:35:05 -0600
From: Vishal Verma <vishal.l.verma@...el.com>
To: Sean Christopherson <seanjc@...gle.com>,
Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Binbin Wu <binbin.wu@...xu.intel.com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
Vishal Verma <vishal.l.verma@...el.com>
Subject: [PATCH v2 0/4] KVM: TDX: Cleanup the kvm_x86_ops structure for
vmx/tdx
This is a cleanup that should follow the initial TDX base support (i.e.
not an immediate fix needed for kvm-coco-queue).
Patch 1 is a precursory fix for a build warning/error found when
manually testing the CONFIG_INTEL_TDX_HOST=n case.
For Patches 2-4:
In [1], Sean points out that the kvm_x86_ops structure and its
associated helpers and wrappers can be cleaned up a lot by -
1. Putting the wrappers under CONFIG_KVM_INTEL_TDX, and
2. Defining the helpers with macros that switch between the tdx and
non-tdx case, as well as NULL out the TDX-only stubs when needed.
This cleans up the generated code by completely removing trampolines
that would otherwise be left behind in the CONFIG_KVM_INTEL_TDX=n case.
[1]: https://lore.kernel.org/kvm/Z6v9yjWLNTU6X90d@google.com/
For example, looking at vt_refresh_apicv_exec_ctrl(), before this cleanup,
when CONFIG_KVM_INTEL_TDX=n, the following asm is generated:
0000000000036490 <vt_refresh_apicv_exec_ctrl>:
36490: f3 0f 1e fa endbr64
36494: e8 00 00 00 00 call 36499 <vt_refresh_apicv_exec_ctrl+0x9>
36495: R_X86_64_PLT32 __fentry__-0x4
36499: e9 00 00 00 00 jmp 3649e <vt_refresh_apicv_exec_ctrl+0xe>
3649a: R_X86_64_PLT32 vmx_refresh_apicv_exec_ctrl-0x4
3649e: 66 90 xchg %ax,%ax
But with these patches, it goes away completely.
These patches have been tested with TDX kvm-unit-tests, booting a Linux
TD, TDX enhanced KVM selftests, and building and examining the generated
assembly (or lack thereof) with both CONFIG_KVM_INTEL_TDX=y and
CONFIG_KVM_INTEL_TDX=n
Based on a patch by Sean Christopherson <seanjc@...gle.com>
Signed-off-by: Vishal Verma <vishal.l.verma@...el.com>
---
Changes in v2:
- Collect review tags (Binbin)
- Add a new patch (patch 1) as a precursor that fixes a build problem
- Squash the config change into patch 4 that converts ops to macros to
avoid breaking the build when CONFIG_KVM_INTEL_TDX=n (Binbin)
- Link to v1: https://lore.kernel.org/r/20250313-vverma7-cleanup_x86_ops-v1-0-0346c8211a0c@intel.com
---
Vishal Verma (4):
KVM: TDX: Fix definition of tdx_guest_nr_guest_keyids()
KVM: VMX: Move apicv_pre_state_restore to posted_intr.c
KVM: VMX: Make naming consistent for kvm_complete_insn_gp via define
KVM: VMX: Clean up and macrofy x86_ops
arch/x86/include/asm/tdx.h | 2 +-
arch/x86/kvm/vmx/posted_intr.h | 1 +
arch/x86/kvm/vmx/tdx.h | 2 +-
arch/x86/kvm/vmx/x86_ops.h | 68 +-------------
arch/x86/kvm/vmx/main.c | 204 ++++++++++++++++++++---------------------
arch/x86/kvm/vmx/posted_intr.c | 8 ++
6 files changed, 114 insertions(+), 171 deletions(-)
---
base-commit: 85c9490bbed74b006a614e542da404a55ff5938f
change-id: 20250311-vverma7-cleanup_x86_ops-c62e50e47126
Best regards,
--
Vishal Verma <vishal.l.verma@...el.com>
Powered by blists - more mailing lists