From patchwork Wed Sep 23 18:57:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 1370057 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=kvm-ppc-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4BxS9m2Mmvz9sTM for ; Thu, 24 Sep 2020 04:58:04 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726810AbgIWS6D (ORCPT ); Wed, 23 Sep 2020 14:58:03 -0400 Received: from mga03.intel.com ([134.134.136.65]:49884 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726703AbgIWS6D (ORCPT ); Wed, 23 Sep 2020 14:58:03 -0400 IronPort-SDR: rmoKL4TAEmrTdEmJfp7uNXhbdy0Fk4yTAu6sdqA0tsRz1StnLsxi6hhA9vE/r/PERcPAcKvQ0j i1QvBR5AOL6g== X-IronPort-AV: E=McAfee;i="6000,8403,9753"; a="161072561" X-IronPort-AV: E=Sophos;i="5.77,293,1596524400"; d="scan'208";a="161072561" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Sep 2020 11:58:02 -0700 IronPort-SDR: kz7/UhdqfQR7kPq/UutKfm67dCkSO0dRSAPU6xHrzv6Gh4iZ9RoV4ILoENHljI/FS+ll6XOVeH kxkn4Ig0AyyQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,293,1596524400"; d="scan'208";a="338759550" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.160]) by orsmga008.jf.intel.com with ESMTP; 23 Sep 2020 11:58:02 -0700 From: Sean Christopherson To: Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Zyngier , James Morse , Julien Thierry , Suzuki K Poulose , linux-arm-kernel@lists.infradead.org, Huacai Chen , Aleksandar Markovic , linux-mips@vger.kernel.org, Paul Mackerras , kvm-ppc@vger.kernel.org, Christian Borntraeger , Janosch Frank , David Hildenbrand , Cornelia Huck , Claudio Imbrenda , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Sean Christopherson Subject: [PATCH] KVM: Enable hardware before doing arch VM initialization Date: Wed, 23 Sep 2020 11:57:57 -0700 Message-Id: <20200923185757.1806-1-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm-ppc@vger.kernel.org Swap the order of hardware_enable_all() and kvm_arch_init_vm() to accommodate Intel's Trust Domain Extension (TDX), which needs VMX to be fully enabled during VM init in order to make SEAMCALLs. This also provides consistent ordering between kvm_create_vm() and kvm_destroy_vm() with respect to calling kvm_arch_destroy_vm() and hardware_disable_all(). Cc: Marc Zyngier Cc: James Morse Cc: Julien Thierry Cc: Suzuki K Poulose Cc: linux-arm-kernel@lists.infradead.org Cc: Huacai Chen Cc: Aleksandar Markovic Cc: linux-mips@vger.kernel.org Cc: Paul Mackerras Cc: kvm-ppc@vger.kernel.org Cc: Christian Borntraeger Cc: Janosch Frank Cc: David Hildenbrand Cc: Cornelia Huck Cc: Claudio Imbrenda Cc: Vitaly Kuznetsov Cc: Wanpeng Li Cc: Jim Mattson Cc: Joerg Roedel Signed-off-by: Sean Christopherson Reviewed-by: Christian Borntraeger Reviewed-by: Huacai Chen --- Obviously not required until the TDX series comes along, but IMO KVM should be consistent with respect to enabling and disabling virt support in hardware. Tested only on Intel hardware. Unless I missed something, this only affects x86, Arm and MIPS as hardware enabling is a nop for s390 and PPC. Arm looks safe (based on my mostly clueless reading of the code), but I have no idea if this will cause problem for MIPS, which is doing all kinds of things in hardware_enable() that I don't pretend to fully understand. virt/kvm/kvm_main.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index cf88233b819a..58fa19bcfc90 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -766,7 +766,7 @@ static struct kvm *kvm_create_vm(unsigned long type) struct kvm_memslots *slots = kvm_alloc_memslots(); if (!slots) - goto out_err_no_arch_destroy_vm; + goto out_err_no_disable; /* Generations must be different for each address space. */ slots->generation = i; rcu_assign_pointer(kvm->memslots[i], slots); @@ -776,19 +776,19 @@ static struct kvm *kvm_create_vm(unsigned long type) rcu_assign_pointer(kvm->buses[i], kzalloc(sizeof(struct kvm_io_bus), GFP_KERNEL_ACCOUNT)); if (!kvm->buses[i]) - goto out_err_no_arch_destroy_vm; + goto out_err_no_disable; } kvm->max_halt_poll_ns = halt_poll_ns; - r = kvm_arch_init_vm(kvm, type); - if (r) - goto out_err_no_arch_destroy_vm; - r = hardware_enable_all(); if (r) goto out_err_no_disable; + r = kvm_arch_init_vm(kvm, type); + if (r) + goto out_err_no_arch_destroy_vm; + #ifdef CONFIG_HAVE_KVM_IRQFD INIT_HLIST_HEAD(&kvm->irq_ack_notifier_list); #endif @@ -815,10 +815,10 @@ static struct kvm *kvm_create_vm(unsigned long type) mmu_notifier_unregister(&kvm->mmu_notifier, current->mm); #endif out_err_no_mmu_notifier: - hardware_disable_all(); -out_err_no_disable: kvm_arch_destroy_vm(kvm); out_err_no_arch_destroy_vm: + hardware_disable_all(); +out_err_no_disable: WARN_ON_ONCE(!refcount_dec_and_test(&kvm->users_count)); for (i = 0; i < KVM_NR_BUSES; i++) kfree(kvm_get_bus(kvm, i));