On Thu, Aug 01, 2024, Mingwei Zhang wrote:
> Clear RDPMC_EXITING in vmcs when all counters on the host side are exposed
> to guest VM. This gives performance to passthrough PMU. However, when guest
> does not get all counters, intercept RDPMC to prevent access to unexposed
> counters. Make decision in vmx_vcpu_after_set_cpuid() when guest enables
> PMU and passthrough PMU is enabled.
>
> Co-developed-by: Xiong Zhang <xiong.y.zhang@xxxxxxxxxxxxxxx>
> Signed-off-by: Xiong Zhang <xiong.y.zhang@xxxxxxxxxxxxxxx>
> Signed-off-by: Mingwei Zhang <mizhang@xxxxxxxxxx>
> Signed-off-by: Dapeng Mi <dapeng1.mi@xxxxxxxxxxxxxxx>
> Tested-by: Yongwei Ma <yongwei.ma@xxxxxxxxx>
> ---
> arch/x86/kvm/pmu.c | 16 ++++++++++++++++
> arch/x86/kvm/pmu.h | 1 +
> arch/x86/kvm/vmx/vmx.c | 5 +++++
> 3 files changed, 22 insertions(+)
>
> diff --git a/arch/x86/kvm/pmu.c b/arch/x86/kvm/pmu.c
> index e656f72fdace..19104e16a986 100644
> --- a/arch/x86/kvm/pmu.c
> +++ b/arch/x86/kvm/pmu.c
> @@ -96,6 +96,22 @@ void kvm_pmu_ops_update(const struct kvm_pmu_ops *pmu_ops)
> #undef __KVM_X86_PMU_OP
> }
>
> +bool kvm_pmu_check_rdpmc_passthrough(struct kvm_vcpu *vcpu)
As suggested earlier, kvm_rdpmc_in_guest().
> +{
> + struct kvm_pmu *pmu = vcpu_to_pmu(vcpu);
> +
> + if (is_passthrough_pmu_enabled(vcpu) &&
> + !enable_vmware_backdoor &&
Please add a comment about the VMware backdoor, I doubt most folks know about
VMware's tweaks to RDPMC behavior. It's somewhat obvious from the code and
comment in check_rdpmc(), but I think it's worth calling out here too.
> + pmu->nr_arch_gp_counters == kvm_pmu_cap.num_counters_gp &&
> + pmu->nr_arch_fixed_counters == kvm_pmu_cap.num_counters_fixed &&
> + pmu->counter_bitmask[KVM_PMC_GP] == (((u64)1 << kvm_pmu_cap.bit_width_gp) - 1) &&
> + pmu->counter_bitmask[KVM_PMC_FIXED] == (((u64)1 << kvm_pmu_cap.bit_width_fixed) - 1))
BIT_ULL? GENMASK_ULL?
> + return true;
> +
> + return false;
Do this:
return <true>;
not:
if (<true>)
return true;
return false;
Short-circuiting on certain cases is fine, and I would probably vote for that so
it's easier to add comments, but that's obviously not what's done here. E.g. either
if (!enable_mediated_pmu)
return false;
/* comment goes here */
if (enable_vmware_backdoor)
return false;
return <counters checks>;
or
return <massive combined check>;
> +}
> +EXPORT_SYMBOL_GPL(kvm_pmu_check_rdpmc_passthrough);
Maybe just make this an inline in a header? enable_vmware_backdoor is exported,
and presumably enable_mediated_pmu will be too.
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 4d60a8cf2dd1..339742350b7a 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -7911,6 +7911,11 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
> vmx->msr_ia32_feature_control_valid_bits &=
> ~FEAT_CTL_SGX_LC_ENABLED;
>
> + if (kvm_pmu_check_rdpmc_passthrough(&vmx->vcpu))
No need to follow vmx->vcpu, @vcpu is readily available.
> + exec_controls_clearbit(vmx, CPU_BASED_RDPMC_EXITING);
> + else
> + exec_controls_setbit(vmx, CPU_BASED_RDPMC_EXITING);
I wonder if it makes sense to add a helper to change a bit. IIRC, the only reason
I didn't add one along with the set/clear helpers was because there weren't many
users and I couldn't think of good alternative to "set".
I still don't have a good name, but I think we're reaching the point where it's
worth forcing the issue to avoid common goofs, e.g. handling only the "clear"
case and no the "set" case.
Maybe changebit? E.g.
static __always_inline void lname##_controls_changebit(struct vcpu_vmx *vmx, u##bits val, \
bool set) \
{ \
if (set) \
lname##_controls_setbit(vmx, val); \
else \
lname##_controls_clearbit(vmx, val); \
}
and then vmx_refresh_apicv_exec_ctrl() can be:
secondary_exec_controls_changebit(vmx,
SECONDARY_EXEC_APIC_REGISTER_VIRT |
SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY,
kvm_vcpu_apicv_active(vcpu));
tertiary_exec_controls_changebit(vmx, TERTIARY_EXEC_IPI_VIRT,
kvm_vcpu_apicv_active(vcpu) && enable_ipiv);
and this can be:
exec_controls_changebit(vmx, CPU_BASED_RDPMC_EXITING,
!kvm_rdpmc_in_guest(vcpu));
