Re: [PATCH v9 3/6] KVM: x86: Virtualize CR3.LAM_{U48,U57}

From: Binbin Wu
Date: Mon Jul 03 2023 - 03:56:36 EST

Next message: Roberto Sassu: "Re: [QUESTION] Full user space process isolation?"
Previous message: Geert Uytterhoeven: "Re: [PATCH 20/21] ARM: dma-mapping: split out arch_dma_mark_clean() helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/29/2023 1:40 AM, Sean Christopherson wrote:

On Wed, Jun 28, 2023, Binbin Wu wrote:

On 6/28/2023 7:40 AM, Sean Christopherson wrote:

I think I'd prefer to drop this field and avoid bikeshedding the name entirely. The
only reason to effectively cache "X86_CR3_LAM_U48 | X86_CR3_LAM_U57" is because
guest_cpuid_has() is slow, and I'd rather solve that problem with the "governed
feature" framework.

Thanks for the suggestion.

Is the below patch the lastest patch of "governed feature" framework
support?
https://lore.kernel.org/kvm/20230217231022.816138-2-seanjc@xxxxxxxxxx/

Yes, I haven't refreshed it since the original posting.

Do you have plan to apply it to kvm-x86 repo?

I'm leaning more and more towards pushing it through sooner than later as this
isn't the first time in recent memory that a patch/series has done somewhat odd
things to workaround guest_cpuid_has() being slow. I was hoping to get feedback
before applying, but that's not looking likely at this point.

Hi Sean,

I plan to adopt the "KVM-governed feature framework" to track whether the guest can use LAM feature.
Because your patchset is not applied yet, there are two ways to do it. Which one do you prefer?

Option 1:
Make KVM LAM patchset base on your "KVM-governed feature framework" patchset.

Option 2:
Temporarily add a bool in kvm_vcpu_arch as following, and use the bool "can_use_lam" instead of guest_can_use(vcpu, X86_FEATURE_LAM).
And provide a cleanup patch to use "KVM-governed feature framework", which can be applied along with or after your patchset.

index fb9d1f2d6136..74c0c70b0a44 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -748,6 +748,7 @@ struct kvm_vcpu_arch {
        bool tpr_access_reporting;
        bool xsaves_enabled;
        bool xfd_no_write_intercept;
+       bool can_use_lam;
        u64 ia32_xss;
        u64 microcode_version;
        u64 arch_capabilities;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 2d9d155691a7..5b2db5daebb3 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7737,6 +7737,9 @@ static void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
                vmx->msr_ia32_feature_control_valid_bits &=
                        ~FEAT_CTL_SGX_LC_ENABLED;

+       vcpu->arch.can_use_lam = boot_cpu_has(X86_FEATURE_LAM) &&
+                                guest_cpuid_has(vcpu, X86_FEATURE_LAM);
+
        /* Refresh #PF interception to account for MAXPHYADDR changes. */
        vmx_update_exception_bitmap(vcpu);
}

[...]

Next message: Roberto Sassu: "Re: [QUESTION] Full user space process isolation?"
Previous message: Geert Uytterhoeven: "Re: [PATCH 20/21] ARM: dma-mapping: split out arch_dma_mark_clean() helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]