Re: [PATCH 6/6] KVM: nVMX: support RDRAND and RDSEED exiting

Jim Mattson <jmattson@xxxxxxxxxx> · Mon, 13 Mar 2017 11:27:50 -0700

I would expect that any reasonable CPU will support "RDRAND exiting"
iff it supports RDRAND (i.e. CPUID.01H:ECX.RDRAND[bit 30]).
Similarly, any reasonable CPU will support "RDSEED exiting" iff it
supports RDSEED (i.e. CPUID.(EAX=07H, ECX=0H):EBX.RDSEED[bit 18]).

Shouldn't there be some code in vmx_cpuid_update to adjust the
vmx->nested.nested_vmx_secondary_ctls_high bits for "RDRAND exiting"
and "RDSEED exiting," as there already is for "enable RDTSCP"?

On Wed, Mar 8, 2017 at 10:03 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
>  arch/x86/include/asm/vmx.h | 2 ++
>  arch/x86/kvm/vmx.c         | 5 +++++
>  2 files changed, 7 insertions(+)
>
> diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
> index cc54b7026567..b2b6e5b1782b 100644
> --- a/arch/x86/include/asm/vmx.h
> +++ b/arch/x86/include/asm/vmx.h
> @@ -70,8 +70,10 @@
>  #define SECONDARY_EXEC_APIC_REGISTER_VIRT       0x00000100
>  #define SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY    0x00000200
>  #define SECONDARY_EXEC_PAUSE_LOOP_EXITING      0x00000400
> +#define SECONDARY_EXEC_RDRAND                  0x00000800
>  #define SECONDARY_EXEC_ENABLE_INVPCID          0x00001000
>  #define SECONDARY_EXEC_SHADOW_VMCS              0x00004000
> +#define SECONDARY_EXEC_RDSEED                  0x00010000
>  #define SECONDARY_EXEC_ENABLE_PML               0x00020000
>  #define SECONDARY_EXEC_XSAVES                  0x00100000
>  #define SECONDARY_EXEC_TSC_SCALING              0x02000000
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index a3395e23cf5a..23b304fc72ec 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -2749,6 +2749,7 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx)
>                 vmx->nested.nested_vmx_secondary_ctls_high);
>         vmx->nested.nested_vmx_secondary_ctls_low = 0;
>         vmx->nested.nested_vmx_secondary_ctls_high &=
> +               SECONDARY_EXEC_RDRAND | SECONDARY_EXEC_RDSEED |
>                 SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
>                 SECONDARY_EXEC_RDTSCP |
>                 SECONDARY_EXEC_DESC |
> @@ -8132,6 +8133,10 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
>                 return nested_cpu_has(vmcs12, CPU_BASED_INVLPG_EXITING);
>         case EXIT_REASON_RDPMC:
>                 return nested_cpu_has(vmcs12, CPU_BASED_RDPMC_EXITING);
> +       case EXIT_REASON_RDRAND:
> +               return nested_cpu_has2(vmcs12, SECONDARY_EXEC_RDRAND);
> +       case EXIT_REASON_RDSEED:
> +               return nested_cpu_has2(vmcs12, SECONDARY_EXEC_RDSEED);
>         case EXIT_REASON_RDTSC: case EXIT_REASON_RDTSCP:
>                 return nested_cpu_has(vmcs12, CPU_BASED_RDTSC_EXITING);
>         case EXIT_REASON_VMCALL: case EXIT_REASON_VMCLEAR:
> --
> 1.8.3.1
>