Commit 508f0c7b authored by Carlos López's avatar Carlos López Committed by Sean Christopherson

KVM: x86: Improve documentation for KVM_CAP_X86_BUS_LOCK_EXIT

Improve the description for the KVM_CAP_X86_BUS_LOCK_EXIT capability to
fix a few typos and grammar issues, and to clarify the purpose of the
capability.
Signed-off-by: default avatarCarlos López <clopez@suse.de>
Link: https://lore.kernel.org/r/20240424105616.29596-1-clopez@suse.de
[sean: massage changelog]
Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
parent 1028893a
...@@ -6418,7 +6418,7 @@ affect the device's behavior. Current defined flags:: ...@@ -6418,7 +6418,7 @@ affect the device's behavior. Current defined flags::
/* x86, set if the VCPU is in system management mode */ /* x86, set if the VCPU is in system management mode */
#define KVM_RUN_X86_SMM (1 << 0) #define KVM_RUN_X86_SMM (1 << 0)
/* x86, set if bus lock detected in VM */ /* x86, set if bus lock detected in VM */
#define KVM_RUN_BUS_LOCK (1 << 1) #define KVM_RUN_X86_BUS_LOCK (1 << 1)
/* arm64, set for KVM_EXIT_DEBUG */ /* arm64, set for KVM_EXIT_DEBUG */
#define KVM_DEBUG_ARCH_HSR_HIGH_VALID (1 << 0) #define KVM_DEBUG_ARCH_HSR_HIGH_VALID (1 << 0)
...@@ -7764,29 +7764,31 @@ Valid bits in args[0] are:: ...@@ -7764,29 +7764,31 @@ Valid bits in args[0] are::
#define KVM_BUS_LOCK_DETECTION_OFF (1 << 0) #define KVM_BUS_LOCK_DETECTION_OFF (1 << 0)
#define KVM_BUS_LOCK_DETECTION_EXIT (1 << 1) #define KVM_BUS_LOCK_DETECTION_EXIT (1 << 1)
Enabling this capability on a VM provides userspace with a way to select Enabling this capability on a VM provides userspace with a way to select a
a policy to handle the bus locks detected in guest. Userspace can obtain policy to handle the bus locks detected in guest. Userspace can obtain the
the supported modes from the result of KVM_CHECK_EXTENSION and define it supported modes from the result of KVM_CHECK_EXTENSION and define it through
through the KVM_ENABLE_CAP. the KVM_ENABLE_CAP. The supported modes are mutually-exclusive.
KVM_BUS_LOCK_DETECTION_OFF and KVM_BUS_LOCK_DETECTION_EXIT are supported This capability allows userspace to force VM exits on bus locks detected in the
currently and mutually exclusive with each other. More bits can be added in guest, irrespective whether or not the host has enabled split-lock detection
the future. (which triggers an #AC exception that KVM intercepts). This capability is
intended to mitigate attacks where a malicious/buggy guest can exploit bus
With KVM_BUS_LOCK_DETECTION_OFF set, bus locks in guest will not cause vm exits locks to degrade the performance of the whole system.
so that no additional actions are needed. This is the default mode.
If KVM_BUS_LOCK_DETECTION_OFF is set, KVM doesn't force guest bus locks to VM
With KVM_BUS_LOCK_DETECTION_EXIT set, vm exits happen when bus lock detected exit, although the host kernel's split-lock #AC detection still applies, if
in VM. KVM just exits to userspace when handling them. Userspace can enforce enabled.
its own throttling or other policy based mitigations.
If KVM_BUS_LOCK_DETECTION_EXIT is set, KVM enables a CPU feature that ensures
This capability is aimed to address the thread that VM can exploit bus locks to bus locks in the guest trigger a VM exit, and KVM exits to userspace for all
degree the performance of the whole system. Once the userspace enable this such VM exits, e.g. to allow userspace to throttle the offending guest and/or
capability and select the KVM_BUS_LOCK_DETECTION_EXIT mode, KVM will set the apply some other policy-based mitigation. When exiting to userspace, KVM sets
KVM_RUN_BUS_LOCK flag in vcpu-run->flags field and exit to userspace. Concerning KVM_RUN_X86_BUS_LOCK in vcpu-run->flags, and conditionally sets the exit_reason
the bus lock vm exit can be preempted by a higher priority VM exit, the exit to KVM_EXIT_X86_BUS_LOCK.
notifications to userspace can be KVM_EXIT_BUS_LOCK or other reasons.
KVM_RUN_BUS_LOCK flag is used to distinguish between them. Note! Detected bus locks may be coincident with other exits to userspace, i.e.
KVM_RUN_X86_BUS_LOCK should be checked regardless of the primary exit reason if
userspace wants to take action on all detected bus locks.
7.23 KVM_CAP_PPC_DAWR1 7.23 KVM_CAP_PPC_DAWR1
---------------------- ----------------------
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment