Re: [PATCH v4 15/25] KVM: VMX: Extend VMX controls macro shenanigans

From: Sean Christopherson
Date: Fri Jul 22 2022 - 14:33:40 EST

Next message: Mike Snitzer: "Re: [PATCH 0/3] dm-verity: optionally use tasklets in dm-verity"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 1/3] dt-bindings: net: cdns,macb: Add versal compatible string"
In reply to: Sean Christopherson: "Re: [PATCH v4 15/25] KVM: VMX: Extend VMX controls macro shenanigans"
Next in thread: Nathan Chancellor: "Re: [PATCH v4 15/25] KVM: VMX: Extend VMX controls macro shenanigans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 14, 2022, Vitaly Kuznetsov wrote:
> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> index 286c88e285ea..89eaab3495a6 100644
> --- a/arch/x86/kvm/vmx/vmx.h
> +++ b/arch/x86/kvm/vmx/vmx.h
> @@ -467,6 +467,113 @@ static inline u8 vmx_get_rvi(void)
> return vmcs_read16(GUEST_INTR_STATUS) & 0xff;
> }
>
> +#define __KVM_REQ_VMX_VM_ENTRY_CONTROLS \
> + (VM_ENTRY_LOAD_DEBUG_CONTROLS)
> +#ifdef CONFIG_X86_64
> + #define KVM_REQ_VMX_VM_ENTRY_CONTROLS \
> + (__KVM_REQ_VMX_VM_ENTRY_CONTROLS | \
> + VM_ENTRY_IA32E_MODE)

This breaks 32-bit builds, but at least we know the assert works!

vmx_set_efer() toggles VM_ENTRY_IA32E_MODE without a CONFIG_X86_64 guard. That
should be easy enough to fix since KVM should never allow EFER_LMA. Compile
tested patch at the bottom.

More problematic is that clang-13 doesn't like the new asserts, and even worse gives
a very cryptic error. I don't have bandwidth to look into this at the moment, and
probably won't next week either.

ERROR: modpost: "__compiletime_assert_533" [arch/x86/kvm/kvm-intel.ko] undefined!
ERROR: modpost: "__compiletime_assert_531" [arch/x86/kvm/kvm-intel.ko] undefined!
ERROR: modpost: "__compiletime_assert_532" [arch/x86/kvm/kvm-intel.ko] undefined!
ERROR: modpost: "__compiletime_assert_530" [arch/x86/kvm/kvm-intel.ko] undefined!
make[2]: *** [scripts/Makefile.modpost:128: modules-only.symvers] Error 1
make[1]: *** [Makefile:1753: modules] Error 2
make[1]: *** Waiting for unfinished jobs....

> +#else
> + #define KVM_REQ_VMX_VM_ENTRY_CONTROLS \
> + __KVM_REQ_VMX_VM_ENTRY_CONTROLS
> +#endif

EFER.LMA patch, compile tested only.

---
From: Sean Christopherson <seanjc@xxxxxxxxxx>
Date: Fri, 22 Jul 2022 18:26:21 +0000
Subject: [PATCH] KVM: VMX: Don't toggle VM_ENTRY_IA32E_MODE for 32-bit
kernels/KVM

Don't toggle VM_ENTRY_IA32E_MODE in 32-bit kernels/KVM and instead bug
the VM if KVM attempts to run the guest with EFER.LMA=1. KVM doesn't
support running 64-bit guests with 32-bit hosts.

Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/vmx/vmx.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index bff97babf381..8623607e596d 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2894,10 +2894,15 @@ int vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer)
return 0;

vcpu->arch.efer = efer;
+#ifdef CONFIG_X86_64
if (efer & EFER_LMA)
vm_entry_controls_setbit(vmx, VM_ENTRY_IA32E_MODE);
else
vm_entry_controls_clearbit(vmx, VM_ENTRY_IA32E_MODE);
+#else
+ if (KVM_BUG_ON(efer & EFER_LMA, vcpu->kvm))
+ return 1;
+#endif

vmx_setup_uret_msrs(vmx);
return 0;

base-commit: e22e2665637151a321433b2bb705f5c3b8da40bc
--

Next message: Mike Snitzer: "Re: [PATCH 0/3] dm-verity: optionally use tasklets in dm-verity"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 1/3] dt-bindings: net: cdns,macb: Add versal compatible string"
In reply to: Sean Christopherson: "Re: [PATCH v4 15/25] KVM: VMX: Extend VMX controls macro shenanigans"
Next in thread: Nathan Chancellor: "Re: [PATCH v4 15/25] KVM: VMX: Extend VMX controls macro shenanigans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]