On Thu, Dec 22, 2022 at 4:24 PM Sean Christopherson seanjc@google.com wrote:

... Though that's likely a moot point since manually checking the chunks (multiple times!) is rather heinous. Just store the CPUID output into an array and then use strncmp() to check the vendor. Performance isn't a priority for this code.

static void cache_cpu_vendor(void) { uint32_t ign, vendor[3]; static bool cached;

    if (cached)
            return;

    cpuid(0, &ign, &vendor[0], &vendor[2], &vendor[1]);

    is_cpu_vendor_intel = !strncmp((char *)vendor, "GenuineIntel", 12);
    is_cpu_vendor_amd = !strncmp((char *)vendor, "AuthenticAMD", 12);

    cached = true;

}

You probably mean to suggest using memcmp here since this section will get executed from the guest context (which may not have access to strncmp). Makes sense to structure the implementation this way as I get more comfortable using string_override.c.

That said, I like the v2 approach a lot more, we just need to better name the host variables to make it very clear that the info being cached is the _host_ vendor, and then provide separate helpers that bypass caching (though I don't think there would be any users?), again with better names.

The confidential VM use case, and really kvm_hypercall() in general, cares about the host vendor, i.e. which hypercall instruction won't fault. Actually, even fix_hypercall_test is in the same boat.

Ok, I misunderstood the earlier discussion [1] about using host cpuid to check the vendor type instead of the guest cpuid being problematic. If all the current and foreseeable users would be ok with native hypercall using host cpuid then I will fall back to approach in V2.

[1] https://lore.kernel.org/lkml/Y1Hhw40H58EmZ6lK@google.com/

I don't like auto-caching the guest info because unlike the host (assuming no shenanigans in a nested setup), the guest vendor string can be changed. I don't think it's likely that we'll have a test that wants to muck with the vendor string on the fly, but it's not impossible, e.g. fix_hypercall_test dances pretty close to that.

The independent guest vs. host caching in this version is also very subtle, though that can be solved with comments.

E.g. first make is_intel_cpu() and is_amd_cpu() wrappers to non-caching helpers that use "this_cpu_..." naming to match other selftests code. Then rename is_intel_cpu() and is_amd_cpu() to is_{intel,amd}_host(), with a blurb in the changelog calling out that fix_hypercall_test wants the host vendor and also passes through the host CPUID vendor. And then do the precomputation stuff like in v2.

E.g. for step #1

---

.../selftests/kvm/include/x86_64/processor.h | 22 +++++++++++++++++++ .../selftests/kvm/lib/x86_64/processor.c | 13 ++--------- 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h index b1a31de7108a..34523a876336 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -554,6 +554,28 @@ static inline uint32_t this_cpu_model(void) return x86_model(this_cpu_fms()); }

+static inline bool this_cpu_vendor_string_is(const char *vendor) +{

•   const uint32_t *chunk = (const uint32_t *)vendor;
  

•   uint32_t eax, ebx, ecx, edx;
  

•   cpuid(0, &eax, &ebx, &ecx, &edx);
  

•   return (ebx == chunk[0] && edx == chunk[1] && ecx == chunk[2]);
  

+}

+static inline bool this_cpu_is_intel(void) +{

•   return this_cpu_vendor_string_is("GenuineIntel");
  

+}

+/*

• • Exclude early K5 samples with a vendor string of "AMDisbetter!"
• */

+static inline bool this_cpu_is_amd(void) +{

•   return this_cpu_vendor_string_is("AuthenticAMD");
  

+}

static inline uint32_t __this_cpu_has(uint32_t function, uint32_t index, uint8_t reg, uint8_t lo, uint8_t hi) { diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index c4d368d56cfe..fae1a8a81652 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -1006,18 +1006,9 @@ void kvm_x86_state_cleanup(struct kvm_x86_state *state) free(state); }

-static bool cpu_vendor_string_is(const char *vendor) -{

•   const uint32_t *chunk = (const uint32_t *)vendor;
  

•   uint32_t eax, ebx, ecx, edx;
  

•   cpuid(0, &eax, &ebx, &ecx, &edx);
  

•   return (ebx == chunk[0] && edx == chunk[1] && ecx == chunk[2]);
  

-}

bool is_intel_cpu(void) {

•   return cpu_vendor_string_is("GenuineIntel");
  

•   return this_cpu_is_intel();
  

}

/* @@ -1025,7 +1016,7 @@ bool is_intel_cpu(void) */ bool is_amd_cpu(void) {

•   return cpu_vendor_string_is("AuthenticAMD");
  

•   return this_cpu_is_amd();
  

}

void kvm_get_cpu_address_width(unsigned int *pa_bits, unsigned int *va_bits)

base-commit: d70e740240a298d0ff54d26f48f2fb034e3cb172

Ack.

On Thu, Dec 22, 2022, Vishal Annapurve wrote:

Add an API to execute hypercall as per the cpu type by checking the underlying CPU. KVM emulates vmcall/vmmcall instruction by modifying guest memory contents with hypercall instruction as per the cpu type.

Confidential VMs need to execute hypercall instruction without it being emulated by KVM as KVM can not modify guest memory contents.

Signed-off-by: Vishal Annapurve vannapurve@google.com

.../selftests/kvm/include/x86_64/processor.h | 3 +++ .../selftests/kvm/lib/x86_64/processor.c | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+)

diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h index 4d5dd9a467e1..3617f83bb2e5 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -1039,6 +1039,9 @@ uint64_t *vm_get_page_table_entry(struct kvm_vm *vm, uint64_t vaddr); uint64_t kvm_hypercall(uint64_t nr, uint64_t a0, uint64_t a1, uint64_t a2, uint64_t a3); +uint64_t kvm_native_hypercall(uint64_t nr, uint64_t a0, uint64_t a1, uint64_t a2,

•        uint64_t a3);
  

void __vm_xsave_require_permission(int bit, const char *name); #define vm_xsave_require_permission(perm) \ diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index 1e93bb3cb058..429e55f2609f 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -1202,6 +1202,24 @@ uint64_t kvm_hypercall(uint64_t nr, uint64_t a0, uint64_t a1, uint64_t a2, return r; } +uint64_t kvm_native_hypercall(uint64_t nr, uint64_t a0, uint64_t a1, uint64_t a2,

Just do this in kvm_hypercall(). David didn't say "don't do that", he said "don't do that in a single patch". Except for fix_hypercall_test, selftests should always use the native hypercall instruction and not rely on KVM's patching, e.g. patching will go sideways if someone gets clever and makes guest code not-writable.

•        uint64_t a3)
  

Align parameters.

+{

• uint64_t r;
• if (is_amd_cpu()) {

Curly brace is unnecessary. Though I think I'd prefer to not duplicate the asm blob (too many darn inputs). It's a little ugly, but I prefer it over duplicating the entire blob. The approach could also likely be macrofied for other hypercall usage (future problem).

asm volatile("test %[use_vmmcall], %[use_vmmcall]\n\t" "jnz 1f\n\t" "vmcall\n\t" "jmp 2f\n\t" "1: vmmcall\n\t" "2:" : "=a"(r) : "a"(nr), "b"(a0), "c"(a1), "d"(a2), "S"(a3), [use_vmmcall] "r" (is_amd_cpu())); return r;