Re: [PATCH v10 7/8] KVM: VMX: Enable CET support for nested VM

From: kbuild test robot
Date: Fri Mar 20 2020 - 07:02:51 EST


Hi Yang,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on kvm/linux-next]
[also build test ERROR on next-20200319]
[cannot apply to vhost/linux-next tip/auto-latest linux/master linus/master v5.6-rc6]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]

url: https://github.com/0day-ci/linux/commits/Yang-Weijiang/Introduce-support-for-guest-CET-feature/20200320-155517
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next
config: i386-allyesconfig (attached as .config)
compiler: gcc-7 (Debian 7.5.0-5) 7.5.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@xxxxxxxxx>

All errors (new ones prefixed by >>):

arch/x86/kvm/vmx/nested.c: In function 'nested_vmx_prepare_msr_bitmap':
>> arch/x86/kvm/vmx/nested.c:630:39: error: 'MSR_IA32_U_CET' undeclared (first use in this function); did you mean 'MSR_IA32_TSC'?
if (!msr_write_intercepted_l01(vcpu, MSR_IA32_U_CET))
^~~~~~~~~~~~~~
MSR_IA32_TSC
arch/x86/kvm/vmx/nested.c:630:39: note: each undeclared identifier is reported only once for each function it appears in
>> arch/x86/kvm/vmx/nested.c:635:39: error: 'MSR_IA32_PL3_SSP' undeclared (first use in this function); did you mean 'MSR_IA32_MCG_ESP'?
if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL3_SSP))
^~~~~~~~~~~~~~~~
MSR_IA32_MCG_ESP
>> arch/x86/kvm/vmx/nested.c:640:39: error: 'MSR_IA32_S_CET' undeclared (first use in this function); did you mean 'MSR_IA32_U_CET'?
if (!msr_write_intercepted_l01(vcpu, MSR_IA32_S_CET))
^~~~~~~~~~~~~~
MSR_IA32_U_CET
>> arch/x86/kvm/vmx/nested.c:645:39: error: 'MSR_IA32_PL0_SSP' undeclared (first use in this function); did you mean 'MSR_IA32_PL3_SSP'?
if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL0_SSP))
^~~~~~~~~~~~~~~~
MSR_IA32_PL3_SSP
>> arch/x86/kvm/vmx/nested.c:650:39: error: 'MSR_IA32_PL1_SSP' undeclared (first use in this function); did you mean 'MSR_IA32_PL0_SSP'?
if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL1_SSP))
^~~~~~~~~~~~~~~~
MSR_IA32_PL0_SSP
>> arch/x86/kvm/vmx/nested.c:655:39: error: 'MSR_IA32_PL2_SSP' undeclared (first use in this function); did you mean 'MSR_IA32_PL1_SSP'?
if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL2_SSP))
^~~~~~~~~~~~~~~~
MSR_IA32_PL1_SSP
>> arch/x86/kvm/vmx/nested.c:660:39: error: 'MSR_IA32_INT_SSP_TAB' undeclared (first use in this function); did you mean 'MSR_IA32_PL2_SSP'?
if (!msr_write_intercepted_l01(vcpu, MSR_IA32_INT_SSP_TAB))
^~~~~~~~~~~~~~~~~~~~
MSR_IA32_PL2_SSP

vim +630 arch/x86/kvm/vmx/nested.c

557
558 /*
559 * Merge L0's and L1's MSR bitmap, return false to indicate that
560 * we do not use the hardware.
561 */
562 static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu,
563 struct vmcs12 *vmcs12)
564 {
565 int msr;
566 unsigned long *msr_bitmap_l1;
567 unsigned long *msr_bitmap_l0 = to_vmx(vcpu)->nested.vmcs02.msr_bitmap;
568 struct kvm_host_map *map = &to_vmx(vcpu)->nested.msr_bitmap_map;
569
570 /* Nothing to do if the MSR bitmap is not in use. */
571 if (!cpu_has_vmx_msr_bitmap() ||
572 !nested_cpu_has(vmcs12, CPU_BASED_USE_MSR_BITMAPS))
573 return false;
574
575 if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->msr_bitmap), map))
576 return false;
577
578 msr_bitmap_l1 = (unsigned long *)map->hva;
579
580 /*
581 * To keep the control flow simple, pay eight 8-byte writes (sixteen
582 * 4-byte writes on 32-bit systems) up front to enable intercepts for
583 * the x2APIC MSR range and selectively disable them below.
584 */
585 enable_x2apic_msr_intercepts(msr_bitmap_l0);
586
587 if (nested_cpu_has_virt_x2apic_mode(vmcs12)) {
588 if (nested_cpu_has_apic_reg_virt(vmcs12)) {
589 /*
590 * L0 need not intercept reads for MSRs between 0x800
591 * and 0x8ff, it just lets the processor take the value
592 * from the virtual-APIC page; take those 256 bits
593 * directly from the L1 bitmap.
594 */
595 for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) {
596 unsigned word = msr / BITS_PER_LONG;
597
598 msr_bitmap_l0[word] = msr_bitmap_l1[word];
599 }
600 }
601
602 nested_vmx_disable_intercept_for_msr(
603 msr_bitmap_l1, msr_bitmap_l0,
604 X2APIC_MSR(APIC_TASKPRI),
605 MSR_TYPE_R | MSR_TYPE_W);
606
607 if (nested_cpu_has_vid(vmcs12)) {
608 nested_vmx_disable_intercept_for_msr(
609 msr_bitmap_l1, msr_bitmap_l0,
610 X2APIC_MSR(APIC_EOI),
611 MSR_TYPE_W);
612 nested_vmx_disable_intercept_for_msr(
613 msr_bitmap_l1, msr_bitmap_l0,
614 X2APIC_MSR(APIC_SELF_IPI),
615 MSR_TYPE_W);
616 }
617 }
618
619 /* KVM unconditionally exposes the FS/GS base MSRs to L1. */
620 nested_vmx_disable_intercept_for_msr(msr_bitmap_l1, msr_bitmap_l0,
621 MSR_FS_BASE, MSR_TYPE_RW);
622
623 nested_vmx_disable_intercept_for_msr(msr_bitmap_l1, msr_bitmap_l0,
624 MSR_GS_BASE, MSR_TYPE_RW);
625
626 nested_vmx_disable_intercept_for_msr(msr_bitmap_l1, msr_bitmap_l0,
627 MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
628
629 /* Pass CET MSRs to nested VM if L0 and L1 are set to pass-through. */
> 630 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_U_CET))
631 nested_vmx_disable_intercept_for_msr(
632 msr_bitmap_l1, msr_bitmap_l0,
633 MSR_IA32_U_CET, MSR_TYPE_RW);
634
> 635 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL3_SSP))
636 nested_vmx_disable_intercept_for_msr(
637 msr_bitmap_l1, msr_bitmap_l0,
638 MSR_IA32_PL3_SSP, MSR_TYPE_RW);
639
> 640 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_S_CET))
641 nested_vmx_disable_intercept_for_msr(
642 msr_bitmap_l1, msr_bitmap_l0,
643 MSR_IA32_S_CET, MSR_TYPE_RW);
644
> 645 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL0_SSP))
646 nested_vmx_disable_intercept_for_msr(
647 msr_bitmap_l1, msr_bitmap_l0,
648 MSR_IA32_PL0_SSP, MSR_TYPE_RW);
649
> 650 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL1_SSP))
651 nested_vmx_disable_intercept_for_msr(
652 msr_bitmap_l1, msr_bitmap_l0,
653 MSR_IA32_PL1_SSP, MSR_TYPE_RW);
654
> 655 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PL2_SSP))
656 nested_vmx_disable_intercept_for_msr(
657 msr_bitmap_l1, msr_bitmap_l0,
658 MSR_IA32_PL2_SSP, MSR_TYPE_RW);
659
> 660 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_INT_SSP_TAB))
661 nested_vmx_disable_intercept_for_msr(
662 msr_bitmap_l1, msr_bitmap_l0,
663 MSR_IA32_INT_SSP_TAB, MSR_TYPE_RW);
664 /*
665 * Checking the L0->L1 bitmap is trying to verify two things:
666 *
667 * 1. L0 gave a permission to L1 to actually passthrough the MSR. This
668 * ensures that we do not accidentally generate an L02 MSR bitmap
669 * from the L12 MSR bitmap that is too permissive.
670 * 2. That L1 or L2s have actually used the MSR. This avoids
671 * unnecessarily merging of the bitmap if the MSR is unused. This
672 * works properly because we only update the L01 MSR bitmap lazily.
673 * So even if L0 should pass L1 these MSRs, the L01 bitmap is only
674 * updated to reflect this when L1 (or its L2s) actually write to
675 * the MSR.
676 */
677 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_SPEC_CTRL))
678 nested_vmx_disable_intercept_for_msr(
679 msr_bitmap_l1, msr_bitmap_l0,
680 MSR_IA32_SPEC_CTRL,
681 MSR_TYPE_R | MSR_TYPE_W);
682
683 if (!msr_write_intercepted_l01(vcpu, MSR_IA32_PRED_CMD))
684 nested_vmx_disable_intercept_for_msr(
685 msr_bitmap_l1, msr_bitmap_l0,
686 MSR_IA32_PRED_CMD,
687 MSR_TYPE_W);
688
689 kvm_vcpu_unmap(vcpu, &to_vmx(vcpu)->nested.msr_bitmap_map, false);
690
691 return true;
692 }
693

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip