From patchwork Thu Nov 16 13:31:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13457910 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6CB3FC197A0 for ; Thu, 16 Nov 2023 13:31:25 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.634212.989559 (Exim 4.92) (envelope-from ) id 1r3cSd-00061T-Qs; Thu, 16 Nov 2023 13:31:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 634212.989559; Thu, 16 Nov 2023 13:31:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1r3cSd-00060N-O2; Thu, 16 Nov 2023 13:31:11 +0000 Received: by outflank-mailman (input) for mailman id 634212; Thu, 16 Nov 2023 13:31:10 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1r3cSc-0005TT-EY for xen-devel@lists.xenproject.org; Thu, 16 Nov 2023 13:31:10 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0611.outbound.protection.outlook.com [2a01:111:f400:fe0c::611]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 667b2455-8484-11ee-9b0e-b553b5be7939; Thu, 16 Nov 2023 14:31:08 +0100 (CET) Received: from DU2PR04MB8790.eurprd04.prod.outlook.com (2603:10a6:10:2e1::23) by AS8PR04MB8499.eurprd04.prod.outlook.com (2603:10a6:20b:342::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.9; Thu, 16 Nov 2023 13:31:06 +0000 Received: from DU2PR04MB8790.eurprd04.prod.outlook.com ([fe80::eb8e:fa24:44c1:5d44]) by DU2PR04MB8790.eurprd04.prod.outlook.com ([fe80::eb8e:fa24:44c1:5d44%3]) with mapi id 15.20.7002.019; Thu, 16 Nov 2023 13:31:06 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 667b2455-8484-11ee-9b0e-b553b5be7939 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M+qT3qKFT4xI5Fa5EbGBacr7u/6O/4gheezH0nQsCcY7V7KpSRsM5S0JsIxveS/JGlbgWbbwC4RegUgZDf0jy86GdCmESmtEZJk/mTV1rj1Mdfb8S6xa41tZ7p8Mj2BOEVimbjVIzgLY7FclDtvvJTDroPDQgpNp0OvkTNKUhyuiTFq5p9bIxtqDBVtltgGdC+NGaG4I6RCp6EbDgm699zmq0hqb5L8LVtvJJSVXt5iGB+e+02LSlMoa/wBPSynTzpJwV+X2CkjXLws5Y8Pnjd49pJvnPPK367Ai/+18p9b7UHQWhWhblq54e85S+NdFXaR00q8qYnM4sbL1g5OoEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xpmbzUYWRrR5ZbwtWXyVrKKEOLtrtSL96BWfS0R0oPQ=; b=PI58vr+BVyiFmBiN5viT13bG71XVj2UH0EQ3S+I3EmJ7c8/Ys01w5UWa25mPVdUp/zSdgPSAEvPIIhG1Zu3jKjTsdACP6a0+BlNt5qWWwFDDhK1Sqjykfuwa83cbUf4ebm1f/8PwYCIwPoBf6fKRfpo8xGx0KoaJQMkreys2eBgiGY4bOoiEZZj4TrItBycnaaFbr9aDo7BvPSA/Y734qpVAE+njpOQlCrDNJmo9H+8TJg5pgbfTMsMNOsVNZY+gp9LlzFmQINQpp9RyYyms4uTsqL8bEMCW982wYtn4KxnqKkfncXt/74I6l72JaJtPy75wSAeFmSbu34l++EFzpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xpmbzUYWRrR5ZbwtWXyVrKKEOLtrtSL96BWfS0R0oPQ=; b=vDouL9Dky6AwkWgmxhxE0dpXjJIKv+EdEx7b7zg7ByxELNMvK4Ia6CYOQD9SMYf+6zLC/bnO+pH72WZunsSTA61aKQQ18LpKtZNY9Fhvo+WoQERSjXeqbiEd+KCaKkov/JxoQY4IChnNIfueirVxGU3oMi+Z7X2NPQf+wPymazH+V/MTPK8SDy2EOjIxNgHW3av1LzfcVtVVgliydM7mgBlDobrMf4poTpUktFCvQFePU19LG/GUXG157d+FXA6C55kV9/h8KtbeYubwwH8wio8PUMFF/qtwuFF/UzuTeTd8urRkVGIhJC7DsVZLoatsXLkvNNzmJEr8e6qREl1Txw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: Date: Thu, 16 Nov 2023 14:31:05 +0100 User-Agent: Mozilla Thunderbird Subject: [PATCH 2/5] x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Kevin Tian , Jun Nakajima References: <791a9f45-2bed-48f9-af6a-9fbde65bcc71@suse.com> Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: <791a9f45-2bed-48f9-af6a-9fbde65bcc71@suse.com> X-ClientProxiedBy: FR4P281CA0106.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:bb::10) To DU2PR04MB8790.eurprd04.prod.outlook.com (2603:10a6:10:2e1::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8790:EE_|AS8PR04MB8499:EE_ X-MS-Office365-Filtering-Correlation-Id: eaed8d4e-8bc6-4d61-123b-08dbe6a8493a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: V1gWjRotTyF6/VNLNc42dhoMqtdx2ezKzQo1F4PsyfCucuED4bYo766KFtse8DfR3WkjbR3E6ktyL6x13Es4Q30MbaJyL4t8iAcYQt/YE/nr6mSICtySIoyMyZQiRCdaAagO+lPGLgQbRbYedPzjjX7zz8x8QDt73b6aX/ZBp27H0h5KRxos+aMwF5XyzTtVCWG8EEwgwj1GcpJIbPu80Nl4XM6tn7L281V6O2D2bRrAsrZl2NvKlMnA8vs7+3g6F+cqnr+OXEBIc88DNPxe12SxCmR/NvaLg4R4cpciDkH5XbNna2IUY3MZIdHQh/oRDw5axXLXKXqYNdCw557P1HpJIrpL8i4zspIRSPVjn+O50iq+914OoG5VIfmTdMANpoiCIiLijZkxl3vpXoUcAJJvhG7TjBSD4McR/H4FEOhd1NoCwZ7iNqLRX7qhg+85DMYPv1VaqYT2IqhWiylgVx6wktnARbajbg++zolgMBsy8F/C+imML4ukPLeCdxsOX4Yj5O3BKX4nhZbQus30cBPJ84CmqyJDzzMfT08yT8iF9KfInD0Pa5De+7aR2Q2mNJ8Bf0JBN4HfC4CaNM3QHSWdp9RXbV6olO7Xd88PUUGdMASfJWIE9WtMyc4paz99CYdfRW8syemvYAsP6MFXEQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8790.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(376002)(396003)(346002)(39860400002)(366004)(136003)(230922051799003)(64100799003)(1800799009)(186009)(451199024)(2906002)(31686004)(38100700002)(31696002)(86362001)(5660300002)(41300700001)(8936002)(8676002)(4326008)(6486002)(2616005)(6916009)(54906003)(36756003)(6512007)(66476007)(66556008)(316002)(26005)(66946007)(6506007)(966005)(478600001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?GfBJLgqS/MJ680fMU48YD3lznshH?= =?utf-8?q?ovbHH2ZGa+Uh+j9vNv6gvblIWp597DWBGd2sn9OXY2RVh4ph3nAfDiGosJ2jxEs69?= =?utf-8?q?IRyySYEIpq+nMJULCI4hhNxx9mIJ98H+Nc9dLBABZkQtL0FL29mHvjpzTVppvyuZa?= =?utf-8?q?bzHrSjEACXtJMC55kLx5WJKIntoWRdAg3NPZI/g/dX6Z/VmvQsjdbpGj0p9VwWHUX?= =?utf-8?q?w+nBA4A9ECNqLY8Oi5TTJdexlCaU62xo6Lf1bjZPY0IqtoayZriPnHkFbv8cztTzl?= =?utf-8?q?7b9tfP56YB412tFW2ZVH+XV8WeZzkXCYYqCxs8UsrCqem4CLgC8Zj3Zk9ZCEMW8Vv?= =?utf-8?q?FQEAINP+x5rIIpbtBprv9jAn0aA2FUkNd9X2Xxih5a8FdhV4fV709R5X6AYjpdl1L?= =?utf-8?q?1aQc4xncAsiwPAmQmgA95+tU4lLz5mK0z1w9+9FHM/DAhFuhYIH+McARoC8qkHjbT?= =?utf-8?q?jt7lHvtpTknJCwT9xEMddyRfL+qnFtErwVG1hIYH3hVkHGBLpiST5dLH1bjUpdUZh?= =?utf-8?q?lFYbF7B04ik+HXiOLguELqaJKsKQo9e2dgZfc/wTyQe7wY00pz6VXVd/F1bTOFTEL?= =?utf-8?q?gqF4z5Xuuo2VgM6mIsuANMnXgfACUAWok1+v70XiIXWHvUQfD5ZOvCVH7KT6tK9Ow?= =?utf-8?q?HeNG2Cz6YKD7bfQs9HigErYVtBi2ybjywhlre8xidadpBd4rqtVOdWyy0y0KpHBOR?= =?utf-8?q?wj0E/YKq8EmC/DX2VPpx0rs4Mre4RBdu7VmE0utcg0dRgUe6LSoSP7nPM6CH+vzhq?= =?utf-8?q?ANFEEFiS20JCvn9R1XdcIkiU0xbF+9PPRy0NPTsZ3wKXKhjzMI1W6cquXG0sTZZx7?= =?utf-8?q?f/+o5Wg+XeugC0ePCYumzSzVitIRUPSiCGOLRmetgXHgccRaQK0FigrIVcv/Yh8fW?= =?utf-8?q?wYx8c9+5Ef7K5hLu8Vt7FUx3FDAumPKHy7qEjsYEk1CoC15CHVKsXfEczukdZluT+?= =?utf-8?q?BXl9wOsnbXBqYrv9sEQhWjJmacR909kELeAXnNxmNBn5MdpphFNdQaKF57ONdEI2Y?= =?utf-8?q?bOQWuxeCuJRIULAkefz9NJpzTeuONWeuSmqtLA86ykMt6/T0g7nXhXGzg+MSa73Up?= =?utf-8?q?e+0/xtKCZ/WGeSlmzpNFlGVJcBqE3HgdPwzHmNl/BsP+0rzSw3iPXQhGKiWYK3yMg?= =?utf-8?q?aWasxdP74G6z+KUaKyKfYEIkE5NMC2c0EKfIUwqKfwMLhbgEVpnrJ/7x7rk/fby9P?= =?utf-8?q?9Zm180SCQ96DP4mYJRtO18opKO37KLszvARn+M2EzRq4Ptfut7X73Je2N/mqcbWva?= =?utf-8?q?ToAsjjNoJdIrcmZ0Pelkesjy2VBf8qfQOxpQPIU4Sw1D0g1PrRpXyL4AhjVJtlJAo?= =?utf-8?q?aFoeqglc9nMw9RRndR7d1/5N2L23W69PkJ5I2Z33K30wjtJ7eZlzsb/MBg+MDqBkV?= =?utf-8?q?NFGqUEvF28ewrB2FAVrItqC9yU9zddON4/ygwkS5MsAzOwEBdIFfIec7SWRBnn3+6?= =?utf-8?q?ip3cVBOqtpuQDZnv5ERvMLax7MY86emXG21dEvB//VWceBmsWJVcJ+GMJyl8rYVIC?= =?utf-8?q?drW4emqbP+BK?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: eaed8d4e-8bc6-4d61-123b-08dbe6a8493a X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8790.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Nov 2023 13:31:06.2234 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XvAeL1PH6+KGnl1LuUullXxE7e8Wbs1upMgo7sVHISegCeZy/f+GLBPu6MDYS0hU9ZFApneTeFeNZ0GP4xmHVw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8499 ... or we fail to enable the functionality on the BSP for other reasons. The only place where hardware announcing the feature is recorded is the raw CPU policy/featureset. Inspired by https://lore.kernel.org/all/20230921114940.957141-1-pbonzini@redhat.com/. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2543,6 +2543,7 @@ const struct hvm_function_table * __init if ( _svm_cpu_up(true) ) { + setup_clear_cpu_cap(X86_FEATURE_SVM); printk("SVM: failed to initialise.\n"); return NULL; } --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -2163,6 +2163,23 @@ int __init vmx_vmcs_init(void) if ( !ret ) register_keyhandler('v', vmcs_dump, "dump VT-x VMCSs", 1); + else + { + setup_clear_cpu_cap(X86_FEATURE_VMX); + + /* + * _vmx_vcpu_up() may have made it past feature identification. + * Make sure all dependent features are off as well. + */ + vmx_basic_msr = 0; + vmx_pin_based_exec_control = 0; + vmx_cpu_based_exec_control = 0; + vmx_secondary_exec_control = 0; + vmx_vmexit_control = 0; + vmx_vmentry_control = 0; + vmx_ept_vpid_cap = 0; + vmx_vmfunc = 0; + } return ret; }