Skip to content

Commit b3c9805

Browse files
bonzinibonzini
committed
Merge tag 'kvm-x86-vmx-6.4' of https://github.com/kvm-x86/linux into HEAD
KVM VMX changes for 6.4: - Fix a bug in emulation of ENCLS in compatibility mode - Allow emulation of NOP and PAUSE for L2 - Misc cleanups
2 parents 4a5fd41 + 4984563 commit b3c9805

3 files changed

Lines changed: 91 additions & 40 deletions

File tree

arch/x86/kvm/vmx/nested.c

Lines changed: 74 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -6756,36 +6756,9 @@ static u64 nested_vmx_calc_vmcs_enum_msr(void)
67566756
return (u64)max_idx << VMCS_FIELD_INDEX_SHIFT;
67576757
}
67586758

6759-
/*
6760-
* nested_vmx_setup_ctls_msrs() sets up variables containing the values to be
6761-
* returned for the various VMX controls MSRs when nested VMX is enabled.
6762-
* The same values should also be used to verify that vmcs12 control fields are
6763-
* valid during nested entry from L1 to L2.
6764-
* Each of these control msrs has a low and high 32-bit half: A low bit is on
6765-
* if the corresponding bit in the (32-bit) control field *must* be on, and a
6766-
* bit in the high half is on if the corresponding bit in the control field
6767-
* may be on. See also vmx_control_verify().
6768-
*/
6769-
void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
6759+
static void nested_vmx_setup_pinbased_ctls(struct vmcs_config *vmcs_conf,
6760+
struct nested_vmx_msrs *msrs)
67706761
{
6771-
struct nested_vmx_msrs *msrs = &vmcs_conf->nested;
6772-
6773-
/*
6774-
* Note that as a general rule, the high half of the MSRs (bits in
6775-
* the control fields which may be 1) should be initialized by the
6776-
* intersection of the underlying hardware's MSR (i.e., features which
6777-
* can be supported) and the list of features we want to expose -
6778-
* because they are known to be properly supported in our code.
6779-
* Also, usually, the low half of the MSRs (bits which must be 1) can
6780-
* be set to 0, meaning that L1 may turn off any of these bits. The
6781-
* reason is that if one of these bits is necessary, it will appear
6782-
* in vmcs01 and prepare_vmcs02, when it bitwise-or's the control
6783-
* fields of vmcs01 and vmcs02, will turn these bits off - and
6784-
* nested_vmx_l1_wants_exit() will not pass related exits to L1.
6785-
* These rules have exceptions below.
6786-
*/
6787-
6788-
/* pin-based controls */
67896762
msrs->pinbased_ctls_low =
67906763
PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR;
67916764

@@ -6798,8 +6771,11 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
67986771
msrs->pinbased_ctls_high |=
67996772
PIN_BASED_ALWAYSON_WITHOUT_TRUE_MSR |
68006773
PIN_BASED_VMX_PREEMPTION_TIMER;
6774+
}
68016775

6802-
/* exit controls */
6776+
static void nested_vmx_setup_exit_ctls(struct vmcs_config *vmcs_conf,
6777+
struct nested_vmx_msrs *msrs)
6778+
{
68036779
msrs->exit_ctls_low =
68046780
VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR;
68056781

@@ -6818,8 +6794,11 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
68186794

68196795
/* We support free control of debug control saving. */
68206796
msrs->exit_ctls_low &= ~VM_EXIT_SAVE_DEBUG_CONTROLS;
6797+
}
68216798

6822-
/* entry controls */
6799+
static void nested_vmx_setup_entry_ctls(struct vmcs_config *vmcs_conf,
6800+
struct nested_vmx_msrs *msrs)
6801+
{
68236802
msrs->entry_ctls_low =
68246803
VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR;
68256804

@@ -6835,8 +6814,11 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
68356814

68366815
/* We support free control of debug control loading. */
68376816
msrs->entry_ctls_low &= ~VM_ENTRY_LOAD_DEBUG_CONTROLS;
6817+
}
68386818

6839-
/* cpu-based controls */
6819+
static void nested_vmx_setup_cpubased_ctls(struct vmcs_config *vmcs_conf,
6820+
struct nested_vmx_msrs *msrs)
6821+
{
68406822
msrs->procbased_ctls_low =
68416823
CPU_BASED_ALWAYSON_WITHOUT_TRUE_MSR;
68426824

@@ -6868,12 +6850,12 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
68686850
/* We support free control of CR3 access interception. */
68696851
msrs->procbased_ctls_low &=
68706852
~(CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING);
6853+
}
68716854

6872-
/*
6873-
* secondary cpu-based controls. Do not include those that
6874-
* depend on CPUID bits, they are added later by
6875-
* vmx_vcpu_after_set_cpuid.
6876-
*/
6855+
static void nested_vmx_setup_secondary_ctls(u32 ept_caps,
6856+
struct vmcs_config *vmcs_conf,
6857+
struct nested_vmx_msrs *msrs)
6858+
{
68776859
msrs->secondary_ctls_low = 0;
68786860

68796861
msrs->secondary_ctls_high = vmcs_conf->cpu_based_2nd_exec_ctrl;
@@ -6951,16 +6933,22 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
69516933

69526934
if (enable_sgx)
69536935
msrs->secondary_ctls_high |= SECONDARY_EXEC_ENCLS_EXITING;
6936+
}
69546937

6955-
/* miscellaneous data */
6938+
static void nested_vmx_setup_misc_data(struct vmcs_config *vmcs_conf,
6939+
struct nested_vmx_msrs *msrs)
6940+
{
69566941
msrs->misc_low = (u32)vmcs_conf->misc & VMX_MISC_SAVE_EFER_LMA;
69576942
msrs->misc_low |=
69586943
MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS |
69596944
VMX_MISC_EMULATED_PREEMPTION_TIMER_RATE |
69606945
VMX_MISC_ACTIVITY_HLT |
69616946
VMX_MISC_ACTIVITY_WAIT_SIPI;
69626947
msrs->misc_high = 0;
6948+
}
69636949

6950+
static void nested_vmx_setup_basic(struct nested_vmx_msrs *msrs)
6951+
{
69646952
/*
69656953
* This MSR reports some information about VMX support. We
69666954
* should return information about the VMX we emulate for the
@@ -6975,7 +6963,10 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
69756963

69766964
if (cpu_has_vmx_basic_inout())
69776965
msrs->basic |= VMX_BASIC_INOUT;
6966+
}
69786967

6968+
static void nested_vmx_setup_cr_fixed(struct nested_vmx_msrs *msrs)
6969+
{
69796970
/*
69806971
* These MSRs specify bits which the guest must keep fixed on
69816972
* while L1 is in VMXON mode (in L1's root mode, or running an L2).
@@ -6992,6 +6983,51 @@ void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
69926983

69936984
if (vmx_umip_emulated())
69946985
msrs->cr4_fixed1 |= X86_CR4_UMIP;
6986+
}
6987+
6988+
/*
6989+
* nested_vmx_setup_ctls_msrs() sets up variables containing the values to be
6990+
* returned for the various VMX controls MSRs when nested VMX is enabled.
6991+
* The same values should also be used to verify that vmcs12 control fields are
6992+
* valid during nested entry from L1 to L2.
6993+
* Each of these control msrs has a low and high 32-bit half: A low bit is on
6994+
* if the corresponding bit in the (32-bit) control field *must* be on, and a
6995+
* bit in the high half is on if the corresponding bit in the control field
6996+
* may be on. See also vmx_control_verify().
6997+
*/
6998+
void nested_vmx_setup_ctls_msrs(struct vmcs_config *vmcs_conf, u32 ept_caps)
6999+
{
7000+
struct nested_vmx_msrs *msrs = &vmcs_conf->nested;
7001+
7002+
/*
7003+
* Note that as a general rule, the high half of the MSRs (bits in
7004+
* the control fields which may be 1) should be initialized by the
7005+
* intersection of the underlying hardware's MSR (i.e., features which
7006+
* can be supported) and the list of features we want to expose -
7007+
* because they are known to be properly supported in our code.
7008+
* Also, usually, the low half of the MSRs (bits which must be 1) can
7009+
* be set to 0, meaning that L1 may turn off any of these bits. The
7010+
* reason is that if one of these bits is necessary, it will appear
7011+
* in vmcs01 and prepare_vmcs02, when it bitwise-or's the control
7012+
* fields of vmcs01 and vmcs02, will turn these bits off - and
7013+
* nested_vmx_l1_wants_exit() will not pass related exits to L1.
7014+
* These rules have exceptions below.
7015+
*/
7016+
nested_vmx_setup_pinbased_ctls(vmcs_conf, msrs);
7017+
7018+
nested_vmx_setup_exit_ctls(vmcs_conf, msrs);
7019+
7020+
nested_vmx_setup_entry_ctls(vmcs_conf, msrs);
7021+
7022+
nested_vmx_setup_cpubased_ctls(vmcs_conf, msrs);
7023+
7024+
nested_vmx_setup_secondary_ctls(ept_caps, vmcs_conf, msrs);
7025+
7026+
nested_vmx_setup_misc_data(vmcs_conf, msrs);
7027+
7028+
nested_vmx_setup_basic(msrs);
7029+
7030+
nested_vmx_setup_cr_fixed(msrs);
69957031

69967032
msrs->vmcs_enum = nested_vmx_calc_vmcs_enum_msr();
69977033
}

arch/x86/kvm/vmx/sgx.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,14 +29,14 @@ static int sgx_get_encls_gva(struct kvm_vcpu *vcpu, unsigned long offset,
2929

3030
/* Skip vmcs.GUEST_DS retrieval for 64-bit mode to avoid VMREADs. */
3131
*gva = offset;
32-
if (!is_long_mode(vcpu)) {
32+
if (!is_64_bit_mode(vcpu)) {
3333
vmx_get_segment(vcpu, &s, VCPU_SREG_DS);
3434
*gva += s.base;
3535
}
3636

3737
if (!IS_ALIGNED(*gva, alignment)) {
3838
fault = true;
39-
} else if (likely(is_long_mode(vcpu))) {
39+
} else if (likely(is_64_bit_mode(vcpu))) {
4040
fault = is_noncanonical_address(*gva, vcpu);
4141
} else {
4242
*gva &= 0xffffffff;

arch/x86/kvm/vmx/vmx.c

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7900,6 +7900,21 @@ static int vmx_check_intercept(struct kvm_vcpu *vcpu,
79007900
/* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED. */
79017901
break;
79027902

7903+
case x86_intercept_pause:
7904+
/*
7905+
* PAUSE is a single-byte NOP with a REPE prefix, i.e. collides
7906+
* with vanilla NOPs in the emulator. Apply the interception
7907+
* check only to actual PAUSE instructions. Don't check
7908+
* PAUSE-loop-exiting, software can't expect a given PAUSE to
7909+
* exit, i.e. KVM is within its rights to allow L2 to execute
7910+
* the PAUSE.
7911+
*/
7912+
if ((info->rep_prefix != REPE_PREFIX) ||
7913+
!nested_cpu_has2(vmcs12, CPU_BASED_PAUSE_EXITING))
7914+
return X86EMUL_CONTINUE;
7915+
7916+
break;
7917+
79037918
/* TODO: check more intercepts... */
79047919
default:
79057920
break;

0 commit comments

Comments
 (0)