Xen project Mailing List

RE: [PATCH RESEND v9 33/36] KVM: VMX: Add VMX_DO_FRED_EVENT_IRQOFF for IRQ/NMI handling

To: "Christopherson,, Sean" <seanjc@xxxxxxxxxx>

Date: Tue, 1 Aug 2023 23:18:58 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S8XlHjVcyfKORPqwqUUtCNjTJnsqwsptu6fUDZ6EwMc=; b=h8Gx5TfTzNt1IIu4IBBZ1PsLgHJHdv5h06581B9Ptv37El2/n5d1c69T36NonHbCHd9u4utT71NF44OeLZtZakNvFOEM6OV1ro5AVqgH+sMnyZx3qtg/kxo1JhNIh6y3Leo+VF9RrQmwWDWteX1SYYyPNQrcvDCp00TCmWIUT2Dvd/dIKZqBbeePbgrGUFnt76ex1m+9GlCjwqTwCPcYXt6XtsgwActzeORHTm+wfJ8W3zwtJpYW/FnbUAcE2qT+RVzOORGY7fEdg/t6gugHbk/XN7HRodpZRICYsxa9DOH+Wjs+5S8w6SgUmym4iNGtQOn1pbowpYFRPGss64oqrQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H6OnvTlFB0Z4Az04FF2JP/OQPJXQARjUEk6tuZWuEzxwzNx1am73RzC4tRurLIPmOE0nAN5+MNDPh/hNYLcuBW+dampqcxvRaf4i+1vrmAdrZ6I4JSGdc0gYtOkKVVnAAsNrsAigNHYN+FECMc3qOuwOXTHFoRIkqspvkvpJ/aiLrD7ra5AfUR6YEyl+G1UQBKJWgLMQ1ifjQAttI4FinsaIYCHwzYcqMLuEiNQald+8WlgpqZEkKctJFJOOUxEPTLnjDaKu0KgItzPXmF6IbLYHelpeBt4Hy0ZkmfyYDeDW+SX+SWh9QxoB5k0pV2/lnoBI2ht/ekn3lBawsPTZOw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;

Cc: "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-edac@xxxxxxxxxxxxxxx" <linux-edac@xxxxxxxxxxxxxxx>, "linux-hyperv@xxxxxxxxxxxxxxx" <linux-hyperv@xxxxxxxxxxxxxxx>, "kvm@xxxxxxxxxxxxxxx" <kvm@xxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, "Thomas Gleixner" <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "Borislav Petkov" <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, "Lutomirski, Andy" <luto@xxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, "Luck, Tony" <tony.luck@xxxxxxxxx>, "K . Y . Srinivasan" <kys@xxxxxxxxxxxxx>, Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>, Wei Liu <wei.liu@xxxxxxxxxx>, "Cui, Dexuan" <decui@xxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, "Wanpeng Li" <wanpengli@xxxxxxxxxxx>, Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>, "Peter Zijlstra" <peterz@xxxxxxxxxxxxx>, "Gross, Jurgen" <jgross@xxxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, "Paul E . McKenney" <paulmck@xxxxxxxxxx>, Catalin Marinas <catalin.marinas@xxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Steven Rostedt" <rostedt@xxxxxxxxxxx>, Kim Phillips <kim.phillips@xxxxxxx>, Hyeonggon Yoo <42.hyeyoo@xxxxxxxxx>, "Liam R . Howlett" <Liam.Howlett@xxxxxxxxxx>, Sebastian Reichel <sebastian.reichel@xxxxxxxxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, Suren Baghdasaryan <surenb@xxxxxxxxxx>, Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>, Babu Moger <babu.moger@xxxxxxx>, Jim Mattson <jmattson@xxxxxxxxxx>, Sandipan Das <sandipan.das@xxxxxxx>, Lai Jiangshan <jiangshanlai@xxxxxxxxx>, Hans de Goede <hdegoede@xxxxxxxxxx>, "Chatre, Reinette" <reinette.chatre@xxxxxxxxx>, "Daniel Sneddon" <daniel.sneddon@xxxxxxxxxxxxxxx>, Breno Leitao <leitao@xxxxxxxxxx>, Nikunj A Dadhania <nikunj@xxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, "Sami Tolvanen" <samitolvanen@xxxxxxxxxx>, Alexander Potapenko <glider@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, "Eric W . Biederman" <ebiederm@xxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Masami Hiramatsu <mhiramat@xxxxxxxxxx>, "Masahiro Yamada" <masahiroy@xxxxxxxxxx>, Ze Gao <zegao2021@xxxxxxxxx>, "Li, Fei1" <fei1.li@xxxxxxxxx>, Conghui <conghui.chen@xxxxxxxxx>, "Raj, Ashok" <ashok.raj@xxxxxxxxx>, "Jason A . Donenfeld" <Jason@xxxxxxxxx>, Mark Rutland <mark.rutland@xxxxxxx>, Jacob Pan <jacob.jun.pan@xxxxxxxxxxxxxxx>, "Jiapeng Chong" <jiapeng.chong@xxxxxxxxxxxxxxxxx>, Jane Malalane <jane.malalane@xxxxxxxxxx>, "Woodhouse, David" <dwmw@xxxxxxxxxxxx>, "Ostrovsky, Boris" <boris.ostrovsky@xxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Yantengsi <siyanteng@xxxxxxxxxxx>, Christophe Leroy <christophe.leroy@xxxxxxxxxx>, Sathvika Vasireddy <sv@xxxxxxxxxxxxx>

Delivery-date: Tue, 01 Aug 2023 23:19:22 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHZxFc6Fm9A65hsiUKYksIzWWSQ5K/VzGiAgABBoTA=

Thread-topic: [PATCH RESEND v9 33/36] KVM: VMX: Add VMX_DO_FRED_EVENT_IRQOFF for IRQ/NMI handling

> > +#include "../../entry/calling.h" > > Rather than do the low level PUSH_REGS and POP_REGS, I vote to have core code > expose a FRED-specific wrapper for invoking external_interrupt(). More below. Nice idea! > > + /* > > + * A FRED stack frame has extra 16 bytes of information pushed at the > > + * regular stack top compared to an IDT stack frame. > > There is pretty much no chance that anyone remembers the layout of an IDT > stack > frame off the top of their head. I.e. saying "FRED has 16 bytes more" isn't > all > that useful. It also fails to capture the fact that FRED stuff a hell of a > lot > more information in those "common" 48 bytes. > > It'll be hard/impossible to capture all of the overload info in a comment, but > showing the actual layout of the frame would be super helpful, e.g. something > like > this > > /* > * FRED stack frames are always 64 bytes: > * > * ------------------------------ > * | Bytes | Usage | > * -----------------------------| > * | 63:56 | Reserved | > * | 55:48 | Event Data | > * | 47:40 | SS + Event Info | > * | 39:32 | RSP | > * | 31:24 | RFLAGS | > * | 23:16 | CS + Aux Info | > * | 15:8 | RIP | > * | 7:0 | Error Code | > * ------------------------------ > */ > * > * Use LEA to get the return RIP and push it, then push an error code. > * Note, only NMI handling does an ERETS to the target! IRQ handling > * doesn't need to unmask NMIs and so simply uses CALL+RET, i.e. the > * RIP pushed here is only truly consumed for NMIs! I take these as ASM code does need more love, i.e., nice comments :/ Otherwise only more confusion. > > Jumping way back to providing a wrapper for FRED, if we do that, then there's > no > need to include calling.h, and the weird wrinkle about the ERET target kinda > goes > away too. E.g. provide this in arch/x86/entry/entry_64_fred.S > > .section .text, "ax" > > /* Note, this is instrumentation safe, and returns via RET, not ERETS! */ > #if IS_ENABLED(CONFIG_KVM_INTEL) > SYM_CODE_START(fred_irq_entry_from_kvm) > FRED_ENTER > call external_interrupt > FRED_EXIT > RET > SYM_CODE_END(fred_irq_entry_from_kvm) > EXPORT_SYMBOL_GPL(fred_irq_entry_from_kvm); > #endif > > and then the KVM side for this particular chunk is more simply: > > lea 1f(%rip), %rax > push %rax > push $0 /* FRED error code, 0 for NMI and external > interrupts */ > > \branch_insn \branch_target > 1: > VMX_DO_EVENT_FRAME_END > RET > > > Alternatively, the whole thing could be shoved into > arch/x86/entry/entry_64_fred.S, > but at a glance I don't think that would be a net positive due to the need to > handle > IRQs vs. NMIs. > > > + \branch_insn \branch_target > > + > > + .if \nmi == 0 > > + POP_REGS > > + .endif > > + > > +1: > > + /* > > + * "Restore" RSP from RBP, even though IRET has already unwound RSP to > > As mentioned above, this is incorrect on two fronts. > > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > > index 0ecf4be2c6af..4e90c69a92bf 100644 > > --- a/arch/x86/kvm/vmx/vmx.c > > +++ b/arch/x86/kvm/vmx/vmx.c > > @@ -6890,6 +6890,14 @@ static void vmx_apicv_post_state_restore(struct > kvm_vcpu *vcpu) > > memset(vmx->pi_desc.pir, 0, sizeof(vmx->pi_desc.pir)); > > } > > > > +#ifdef CONFIG_X86_FRED > > +void vmx_do_fred_interrupt_irqoff(unsigned int vector); > > +void vmx_do_fred_nmi_irqoff(unsigned int vector); > > +#else > > +#define vmx_do_fred_interrupt_irqoff(x) BUG() > > +#define vmx_do_fred_nmi_irqoff(x) BUG() > > +#endif > > My slight preference is to open code the BUG() as a ud2 in assembly, purely to > avoid more #ifdefs. > > > + > > void vmx_do_interrupt_irqoff(unsigned long entry); > > void vmx_do_nmi_irqoff(void); > > > > @@ -6932,14 +6940,16 @@ static void handle_external_interrupt_irqoff(struct > kvm_vcpu *vcpu) > > { > > u32 intr_info = vmx_get_intr_info(vcpu); > > unsigned int vector = intr_info & INTR_INFO_VECTOR_MASK; > > - gate_desc *desc = (gate_desc *)host_idt_base + vector; > > > > if (KVM_BUG(!is_external_intr(intr_info), vcpu->kvm, > > "unexpected VM-Exit interrupt info: 0x%x", intr_info)) > > return; > > > > kvm_before_interrupt(vcpu, KVM_HANDLING_IRQ); > > - vmx_do_interrupt_irqoff(gate_offset(desc)); > > + if (cpu_feature_enabled(X86_FEATURE_FRED)) > > + vmx_do_fred_interrupt_irqoff(vector); /* Event type is 0 */ > > I strongly prefer to use code to document what's going on. E.g. the tail > comment > just left me wondering, what event type is 0? Whereas this makes it quite > clear > that KVM is signaling a hardware interrupt. The fact that it's a nop as far > as > code generation goes is irrelevant. > > vmx_do_fred_interrupt_irqoff((EVENT_TYPE_HWINT << 16) | vector); Better readability. > > > + else > > + vmx_do_interrupt_irqoff(gate_offset((gate_desc *)host_idt_base > + vector)); > > kvm_after_interrupt(vcpu); > > > > vcpu->arch.at_instruction_boundary = true; > > Here's a diff for (hopefully) everything I've suggested above. Thanks a lot! I will test it and update the patch in this mail thread. > > --- > arch/x86/entry/entry_64_fred.S | 17 ++++++- > arch/x86/kernel/traps.c | 5 -- > arch/x86/kvm/vmx/vmenter.S | 84 +++++++++++++++------------------- > arch/x86/kvm/vmx/vmx.c | 7 +-- > 4 files changed, 55 insertions(+), 58 deletions(-) > > diff --git a/arch/x86/entry/entry_64_fred.S b/arch/x86/entry/entry_64_fred.S > index 12063267d2ac..a973c0bd29f6 100644 > --- a/arch/x86/entry/entry_64_fred.S > +++ b/arch/x86/entry/entry_64_fred.S > @@ -10,7 +10,6 @@ > #include "calling.h" > > .code64 > - .section ".noinstr.text", "ax" > > .macro FRED_ENTER > UNWIND_HINT_END_OF_STACK > @@ -24,6 +23,22 @@ > POP_REGS > .endm > > + .section .text, "ax" > + > +/* Note, this is instrumentation safe, and returns via RET, not ERETS! */ > +#if IS_ENABLED(CONFIG_KVM_INTEL) > +SYM_CODE_START(fred_irq_entry_from_kvm) > + FRED_ENTER > + call external_interrupt > + FRED_EXIT > + RET > +SYM_CODE_END(fred_irq_entry_from_kvm) > +EXPORT_SYMBOL_GPL(fred_irq_entry_from_kvm); > +#endif > + > + .section ".noinstr.text", "ax" > + > + > /* > * The new RIP value that FRED event delivery establishes is > * IA32_FRED_CONFIG & ~FFFH for events that occur in ring 3. > diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c > index 21eeba7b188f..cbcb83c71dab 100644 > --- a/arch/x86/kernel/traps.c > +++ b/arch/x86/kernel/traps.c > @@ -1566,11 +1566,6 @@ int external_interrupt(struct pt_regs *regs) > return 0; > } > > -#if IS_ENABLED(CONFIG_KVM_INTEL) > -/* For KVM VMX to handle IRQs in IRQ induced VM exits. */ > -EXPORT_SYMBOL_GPL(external_interrupt); > -#endif > - > #endif /* CONFIG_X86_64 */ > > void __init trap_init(void) > diff --git a/arch/x86/kvm/vmx/vmenter.S b/arch/x86/kvm/vmx/vmenter.S > index 79a4c91d9434..e25df565c3f8 100644 > --- a/arch/x86/kvm/vmx/vmenter.S > +++ b/arch/x86/kvm/vmx/vmenter.S > @@ -9,7 +9,6 @@ > #include <asm/segment.h> > #include "kvm-asm-offsets.h" > #include "run_flags.h" > -#include "../../entry/calling.h" > > #define WORD_SIZE (BITS_PER_LONG / 8) > > @@ -33,15 +32,31 @@ > #define VCPU_R15 __VCPU_REGS_R15 * WORD_SIZE > #endif > > +.macro VMX_DO_EVENT_FRAME_BEGIN > + /* > + * Unconditionally create a stack frame, getting the correct RSP on the > + * stack (for x86-64) would take two instructions anyways, and RBP can > + * be used to restore RSP to make objtool happy (see below). > + */ > + push %_ASM_BP > + mov %_ASM_SP, %_ASM_BP > +.endm > + > +.macro VMX_DO_EVENT_FRAME_END > + /* > + * "Restore" RSP from RBP, even though {E,I}RET has already unwound RSP > + * to the correct value *in most cases*. KVM's IRQ handling with FRED > + * doesn't do ERETS, and objtool doesn't know the callee will IRET/ERET > + * and, without the explicit restore, thinks the stack is getting > walloped. > + * Using an unwind hint is problematic due to x86-64's dynamic > alignment. > + */ > + mov %_ASM_BP, %_ASM_SP > + pop %_ASM_BP > +.endm > + > #ifdef CONFIG_X86_FRED > .macro VMX_DO_FRED_EVENT_IRQOFF branch_insn branch_target nmi=0 > - /* > - * Unconditionally create a stack frame, getting the correct RSP on the > - * stack (for x86-64) would take two instructions anyways, and RBP can > - * be used to restore RSP to make objtool happy (see below). > - */ > - push %_ASM_BP > - mov %_ASM_SP, %_ASM_BP > + VMX_DO_EVENT_FRAME_BEGIN > > /* > * Don't check the FRED stack level, the call stack leading to this > @@ -78,43 +93,23 @@ > * push an error code before invoking the IRQ/NMI handler. > * > * Use LEA to get the return RIP and push it, then push an error code. > + * Note, only NMI handling does an ERETS to the target! IRQ handling > + * doesn't need to unmask NMIs and so simply uses CALL+RET, i.e. the > + * RIP pushed here is only truly consumed for NMIs! > */ > lea 1f(%rip), %rax > push %rax > push $0 /* FRED error code, 0 for NMI and external > interrupts */ > > - .if \nmi == 0 > - PUSH_REGS > - mov %rsp, %rdi > - .endif > - > \branch_insn \branch_target > - > - .if \nmi == 0 > - POP_REGS > - .endif > - > 1: > - /* > - * "Restore" RSP from RBP, even though IRET has already unwound RSP to > - * the correct value. objtool doesn't know the callee will IRET and, > - * without the explicit restore, thinks the stack is getting walloped. > - * Using an unwind hint is problematic due to x86-64's dynamic > alignment. > - */ > - mov %_ASM_BP, %_ASM_SP > - pop %_ASM_BP > + VMX_DO_EVENT_FRAME_END > RET > .endm > #endif > > .macro VMX_DO_EVENT_IRQOFF call_insn call_target > - /* > - * Unconditionally create a stack frame, getting the correct RSP on the > - * stack (for x86-64) would take two instructions anyways, and RBP can > - * be used to restore RSP to make objtool happy (see below). > - */ > - push %_ASM_BP > - mov %_ASM_SP, %_ASM_BP > + VMX_DO_EVENT_FRAME_BEGIN > > #ifdef CONFIG_X86_64 > /* > @@ -129,14 +124,7 @@ > push $__KERNEL_CS > \call_insn \call_target > > - /* > - * "Restore" RSP from RBP, even though IRET has already unwound RSP to > - * the correct value. objtool doesn't know the callee will IRET and, > - * without the explicit restore, thinks the stack is getting walloped. > - * Using an unwind hint is problematic due to x86-64's dynamic > alignment. > - */ > - mov %_ASM_BP, %_ASM_SP > - pop %_ASM_BP > + VMX_DO_EVENT_FRAME_END > RET > .endm > > @@ -375,11 +363,13 @@ SYM_INNER_LABEL_ALIGN(vmx_vmexit, > SYM_L_GLOBAL) > > SYM_FUNC_END(__vmx_vcpu_run) > > -#ifdef CONFIG_X86_FRED > SYM_FUNC_START(vmx_do_fred_nmi_irqoff) > +#ifdef CONFIG_X86_FRED > VMX_DO_FRED_EVENT_IRQOFF jmp fred_entrypoint_kernel nmi=1 > +#else > + ud2 > +#endif > SYM_FUNC_END(vmx_do_fred_nmi_irqoff) > -#endif > > SYM_FUNC_START(vmx_do_nmi_irqoff) > VMX_DO_EVENT_IRQOFF call asm_exc_nmi_kvm_vmx > @@ -438,11 +428,13 @@ SYM_FUNC_END(vmread_error_trampoline) > #endif > > .section .text, "ax" > -#ifdef CONFIG_X86_FRED > SYM_FUNC_START(vmx_do_fred_interrupt_irqoff) > - VMX_DO_FRED_EVENT_IRQOFF call external_interrupt > +#ifdef CONFIG_X86_FRED > + VMX_DO_FRED_EVENT_IRQOFF call fred_irq_entry_from_kvm > +#else > + ud2 > +#endif > SYM_FUNC_END(vmx_do_fred_interrupt_irqoff) > -#endif > > SYM_FUNC_START(vmx_do_interrupt_irqoff) > VMX_DO_EVENT_IRQOFF CALL_NOSPEC _ASM_ARG1 > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index bf757f5071e4..cb4675dd87df 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -6919,13 +6919,8 @@ static void vmx_apicv_post_state_restore(struct > kvm_vcpu *vcpu) > memset(vmx->pi_desc.pir, 0, sizeof(vmx->pi_desc.pir)); > } > > -#ifdef CONFIG_X86_FRED > void vmx_do_fred_interrupt_irqoff(unsigned int vector); > void vmx_do_fred_nmi_irqoff(unsigned int vector); > -#else > -#define vmx_do_fred_interrupt_irqoff(x) BUG() > -#define vmx_do_fred_nmi_irqoff(x) BUG() > -#endif > > void vmx_do_interrupt_irqoff(unsigned long entry); > void vmx_do_nmi_irqoff(void); > @@ -6976,7 +6971,7 @@ static void handle_external_interrupt_irqoff(struct > kvm_vcpu *vcpu) > > kvm_before_interrupt(vcpu, KVM_HANDLING_IRQ); > if (cpu_feature_enabled(X86_FEATURE_FRED)) > - vmx_do_fred_interrupt_irqoff(vector); /* Event type is 0 */ > + vmx_do_fred_interrupt_irqoff((EVENT_TYPE_HWINT << 16) | > vector); > else > vmx_do_interrupt_irqoff(gate_offset((gate_desc *)host_idt_base > + vector)); > kvm_after_interrupt(vcpu); > > base-commit: 8961078ffe509a97ec7803b17912e57c47b93fa2 > --

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.