From: Xin Li <xin3.li@xxxxxxxxx>
Do not virtualize FRED if FRED consistency checks fail.
Either on broken hardware, or when run KVM on top of another hypervisor
before the underlying hypervisor implements nested FRED correctly.
Suggested-by: Chao Gao <chao.gao@xxxxxxxxx>
Signed-off-by: Xin Li <xin3.li@xxxxxxxxx>
Signed-off-by: Xin Li (Intel) <xin@xxxxxxxxx>
Tested-by: Shan Kang <shan.kang@xxxxxxxxx>
Reviewed-by: Chao Gao <chao.gao@xxxxxxxxx>
---
Change in v4:
* Call out the reason why not check FRED VM-exit controls in
cpu_has_vmx_fred() (Chao Gao).
---
arch/x86/kvm/vmx/capabilities.h | 11 +++++++++++
arch/x86/kvm/vmx/vmx.c | 3 +++
2 files changed, 14 insertions(+)
diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
index b2aefee59395..b4f49a4690ca 100644
--- a/arch/x86/kvm/vmx/capabilities.h
+++ b/arch/x86/kvm/vmx/capabilities.h
@@ -400,6 +400,17 @@ static inline bool vmx_pebs_supported(void)
return boot_cpu_has(X86_FEATURE_PEBS) && kvm_pmu_cap.pebs_ept;
}
+static inline bool cpu_has_vmx_fred(void)
+{
+ /*
+ * setup_vmcs_config() guarantees FRED VM-entry/exit controls
+ * are either all set or none. So, no need to check FRED VM-exit
+ * controls.
+ */
+ return cpu_feature_enabled(X86_FEATURE_FRED) &&
+ (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_FRED);
+}
+
static inline bool cpu_has_notify_vmexit(void)
{
return vmcs_config.cpu_based_2nd_exec_ctrl &
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e38545d0dd17..ab84939ace96 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -8052,6 +8052,9 @@ static __init void vmx_set_cpu_caps(void)
kvm_cpu_cap_check_and_set(X86_FEATURE_DTES64);
}
+ if (!cpu_has_vmx_fred())
+ kvm_cpu_cap_clear(X86_FEATURE_FRED);
+
if (!enable_pmu)
kvm_cpu_cap_clear(X86_FEATURE_PDCM);
kvm_caps.supported_perf_cap = vmx_get_perf_capabilities();
--
2.48.1
