From: Xin Li <xin3.li@xxxxxxxxx>
Do not virtualize FRED if FRED consistency checks fail.
Either on broken hardware, or when run KVM on top of another hypervisor
before the underlying hypervisor implements nested FRED correctly.
Suggested-by: Chao Gao <chao.gao@xxxxxxxxx>
Signed-off-by: Xin Li <xin3.li@xxxxxxxxx>
Signed-off-by: Xin Li (Intel) <xin@xxxxxxxxx>
Reviewed-by: Chao Gao <chao.gao@xxxxxxxxx>
Tested-by: Shan Kang <shan.kang@xxxxxxxxx>
Tested-by: Xuelian Guo <xuelian.guo@xxxxxxxxx>
---
Changes in v5:
* Drop the cpu_feature_enabled() in cpu_has_vmx_fred() (Sean).
* Add TB from Xuelian Guo.
Change in v4:
* Call out the reason why not check FRED VM-exit controls in
cpu_has_vmx_fred() (Chao Gao).
---
arch/x86/kvm/vmx/capabilities.h | 10 ++++++++++
arch/x86/kvm/vmx/vmx.c | 3 +++
2 files changed, 13 insertions(+)
diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
index 7b9e306c359d..7fe95a601c9f 100644
--- a/arch/x86/kvm/vmx/capabilities.h
+++ b/arch/x86/kvm/vmx/capabilities.h
@@ -408,6 +408,16 @@ static inline bool vmx_pebs_supported(void)
return boot_cpu_has(X86_FEATURE_PEBS) && kvm_pmu_cap.pebs_ept;
}
+static inline bool cpu_has_vmx_fred(void)
+{
+ /*
+ * setup_vmcs_config() guarantees FRED VM-entry/exit controls
+ * are either all set or none. So, no need to check FRED VM-exit
+ * controls.
+ */
+ return (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_FRED);
+}
+
static inline bool cpu_has_notify_vmexit(void)
{
return vmcs_config.cpu_based_2nd_exec_ctrl &
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 3b5e2805a06d..c8b95c215869 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7993,6 +7993,9 @@ static __init void vmx_set_cpu_caps(void)
kvm_cpu_cap_check_and_set(X86_FEATURE_DTES64);
}
+ if (!cpu_has_vmx_fred())
+ kvm_cpu_cap_clear(X86_FEATURE_FRED);
+
if (!enable_pmu)
kvm_cpu_cap_clear(X86_FEATURE_PDCM);
kvm_caps.supported_perf_cap = vmx_get_perf_capabilities();
--
2.50.1
