Re: [PATCH 5/7] x86/entry: KVM: Use dedicated VMX NMI entry for 32-bit kernels too

Lai Jiangshan <jiangshanlai@xxxxxxxxx> · Wed, 14 Dec 2022 16:05:55 +0800



On Tue, Dec 13, 2022 at 2:11 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> Use a dedicated entry for invoking the NMI handler from KVM VMX's VM-Exit
> path for 32-bit even though using a dedicated entry for 32-bit isn't
> strictly necessary.  Exposing a single symbol will allow KVM to reference
> the entry point in assembly code without having to resort to more #ifdefs
> (or #defines).  identry.h is intended to be included from asm files only
> once, and so simply including idtentry.h in KVM assembly isn't an option.
>
> Bypassing the ESP fixup and CR3 switching in the standard NMI entry code
> is safe as KVM always handles NMIs that occur in the guest on a kernel
> stack, with a kernel CR3.
>
> Cc: Andy Lutomirski <luto@xxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> ---
>  arch/x86/include/asm/idtentry.h | 16 ++++++----------
>  arch/x86/kernel/nmi.c           |  8 ++++----
>  arch/x86/kvm/vmx/vmx.c          |  4 ++--
>  3 files changed, 12 insertions(+), 16 deletions(-)
>
> diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h
> index 72184b0b2219..b241af4ce9b4 100644
> --- a/arch/x86/include/asm/idtentry.h
> +++ b/arch/x86/include/asm/idtentry.h
> @@ -582,18 +582,14 @@ DECLARE_IDTENTRY_RAW(X86_TRAP_MC, xenpv_exc_machine_check);
>
>  /* NMI */
>
> -#if defined(CONFIG_X86_64) && IS_ENABLED(CONFIG_KVM_INTEL)
> +#if IS_ENABLED(CONFIG_KVM_INTEL)
>  /*
> - * Special NOIST entry point for VMX which invokes this on the kernel
> - * stack. asm_exc_nmi() requires an IST to work correctly vs. the NMI
> - * 'executing' marker.
> - *
> - * On 32bit this just uses the regular NMI entry point because 32-bit does
> - * not have ISTs.
> + * Special entry point for VMX which invokes this on the kernel stack, even for
> + * 64-bit, i.e. without using an IST.  asm_exc_nmi() requires an IST to work
> + * correctly vs. the NMI 'executing' marker.  Used for 32-bit kernels as well
> + * to avoid more ifdeffery.
>   */
> -DECLARE_IDTENTRY(X86_TRAP_NMI,         exc_nmi_noist);
> -#else
> -#define asm_exc_nmi_noist              asm_exc_nmi
> +DECLARE_IDTENTRY(X86_TRAP_NMI,         exc_nmi_kvm_vmx);

Reviewed-by: Lai Jiangshan <jiangshanlai@xxxxxxxxx>