From: Xin Li Do not virtualize FRED if FRED consistency checks fail. Either on broken hardware, or when run KVM on top of another hypervisor before the underlying hypervisor implements nested FRED correctly. Suggested-by: Chao Gao Signed-off-by: Xin Li Signed-off-by: Xin Li (Intel) Reviewed-by: Chao Gao Tested-by: Shan Kang Tested-by: Xuelian Guo --- Changes in v5: * Drop the cpu_feature_enabled() in cpu_has_vmx_fred() (Sean). * Add TB from Xuelian Guo. Change in v4: * Call out the reason why not check FRED VM-exit controls in cpu_has_vmx_fred() (Chao Gao). --- arch/x86/kvm/vmx/capabilities.h | 10 ++++++++++ arch/x86/kvm/vmx/vmx.c | 3 +++ 2 files changed, 13 insertions(+) diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h index 7b9e306c359d..7fe95a601c9f 100644 --- a/arch/x86/kvm/vmx/capabilities.h +++ b/arch/x86/kvm/vmx/capabilities.h @@ -408,6 +408,16 @@ static inline bool vmx_pebs_supported(void) return boot_cpu_has(X86_FEATURE_PEBS) && kvm_pmu_cap.pebs_ept; } +static inline bool cpu_has_vmx_fred(void) +{ + /* + * setup_vmcs_config() guarantees FRED VM-entry/exit controls + * are either all set or none. So, no need to check FRED VM-exit + * controls. + */ + return (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_FRED); +} + static inline bool cpu_has_notify_vmexit(void) { return vmcs_config.cpu_based_2nd_exec_ctrl & diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 3b5e2805a06d..c8b95c215869 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7993,6 +7993,9 @@ static __init void vmx_set_cpu_caps(void) kvm_cpu_cap_check_and_set(X86_FEATURE_DTES64); } + if (!cpu_has_vmx_fred()) + kvm_cpu_cap_clear(X86_FEATURE_FRED); + if (!enable_pmu) kvm_cpu_cap_clear(X86_FEATURE_PDCM); kvm_caps.supported_perf_cap = vmx_get_perf_capabilities(); -- 2.50.1