| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aUWa8LOEJ6JeczJz@google.com>
Date: Fri, 19 Dec 2025 10:35:28 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Dave Hansen <dave.hansen@...el.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
Kiryl Shutsemau <kas@...nel.org>, Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
linux-coco@...ts.linux.dev, kvm@...r.kernel.org,
Chao Gao <chao.gao@...el.com>, Dan Williams <dan.j.williams@...el.com>
Subject: Re: [PATCH v2 2/7] KVM: x86: Extract VMXON and EFER.SVME enablement
to kernel
On Fri, Dec 19, 2025, Dave Hansen wrote:
> On 12/5/25 17:10, Sean Christopherson wrote:
> > +static int x86_vmx_get_cpu(void)
> > +{
> > + int r;
> > +
> > + if (cr4_read_shadow() & X86_CR4_VMXE)
> > + return -EBUSY;
> > +
> > + intel_pt_handle_vmx(1);
> > +
> > + r = x86_virt_cpu_vmxon();
> > + if (r) {
> > + intel_pt_handle_vmx(0);
> > + return r;
> > + }
> > +
> > + return 0;
> > +}
> ...> +#define x86_virt_call(fn) \
> > +({ \
> > + int __r; \
> > + \
> > + if (IS_ENABLED(CONFIG_KVM_INTEL) && \
> > + cpu_feature_enabled(X86_FEATURE_VMX)) \
> > + __r = x86_vmx_##fn(); \
> > + else if (IS_ENABLED(CONFIG_KVM_AMD) && \
> > + cpu_feature_enabled(X86_FEATURE_SVM)) \
> > + __r = x86_svm_##fn(); \
> > + else \
> > + __r = -EOPNOTSUPP; \
> > + \
> > + __r; \
> > +})
>
> I'm not a super big fan of this. I know you KVM folks love your macros
> and wrapping function calls in them because you hate grep. ;)
Heh, kvm_x86_call() exists _because_ I like grep and search functionality. The
number of times I couldn't find something because I was searching for full words
and forgot about the kvm_x86_ prefix...
> I don't like a foo_get_cpu() call having such fundamentally different
> semantics than good old get_cpu() itself. *Especially* when the calls
> look like:
>
> r = x86_virt_call(get_cpu);
>
> and get_cpu() itself it not invovled one bit. This 100% looks like it's
> some kind of virt-specific call for get_cpu().
>
> I think it's probably OK to make this get_hw_ref() or inc_hw_ref() or
> something to get it away from getting confused with get_cpu().
Oof, yeah, didn't think about a collision with {get,put}_cpu(). How about
x86_virt_{get,put}_ref()? I like how the callers read, e.g. "get a reference to
VMX or SVM":
x86_virt_get_ref(X86_FEATURE_VMX);
x86_virt_put_ref(X86_FEATURE_VMX);
x86_virt_get_ref(X86_FEATURE_SVM);
x86_virt_put_ref(X86_FEATURE_SVM);
> IMNHO, the macro magic is overkill. A couple of global function pointers
> would probably be fine because none of this code is even remotely
> performance sensitive. A couple static_call()s would be fine too because
> those at least make it blatantly obvious that the thing being called is
> variable. A good ol' ops structure would also make things obvious, but
> are probably also overkill-adjecent for this.
Agreed. I'm not even entirely sure why I took this approach. I suspect I carried
over the basic concept from code that wanted to run before wiring up function
pointers, and never revisited the implementation once the dust settled.
I haven't tested yet, but I've got this:
struct x86_virt_ops {
int feature;
int (*enable_virtualization_cpu)(void);
int (*disable_virtualization_cpu)(void);
void (*emergency_disable_virtualization_cpu)(void);
};
static struct x86_virt_ops virt_ops __ro_after_init;
and then usage like:
int x86_virt_get_ref(int feat)
{
int r;
if (!virt_ops.feature || virt_ops.feature != feat)
return -EOPNOTSUPP;
if (this_cpu_inc_return(virtualization_nr_users) > 1)
return 0;
r = virt_ops.enable_virtualization_cpu();
if (r)
WARN_ON_ONCE(this_cpu_dec_return(virtualization_nr_users));
return r;
}
EXPORT_SYMBOL_GPL(x86_virt_get_ref);
void x86_virt_put_ref(int feat)
{
if (WARN_ON_ONCE(!this_cpu_read(virtualization_nr_users)) ||
this_cpu_dec_return(virtualization_nr_users))
return;
BUG_ON(virt_ops.disable_virtualization_cpu() && !virt_rebooting);
}
EXPORT_SYMBOL_GPL(x86_virt_put_ref);
> P.S. In a perfect world, the renames would also be in their own patches,
> but I think I can live with it as-is.
Ya, I'll chunk the patch up.
Powered by blists - more mailing lists