diff --git a/patches/kernel/0014-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch b/patches/kernel/0014-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch new file mode 100644 index 0000000..b275ce9 --- /dev/null +++ b/patches/kernel/0014-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch @@ -0,0 +1,49 @@ +From 379ad2e0326c55682d0bb9391f16f1072fe400d2 Mon Sep 17 00:00:00 2001 +From: Stefan Sterz +Date: Wed, 18 Oct 2023 10:45:45 +0200 +Subject: [PATCH 1/2] Revert "nSVM: Check for reserved encodings of TLB_CONTROL + in nested VMCB" + +This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1. + +Signed-off-by: Stefan Sterz +--- + arch/x86/kvm/svm/nested.c | 15 --------------- + 1 file changed, 15 deletions(-) + +diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c +index add65dd59756..61a6c0235519 100644 +--- a/arch/x86/kvm/svm/nested.c ++++ b/arch/x86/kvm/svm/nested.c +@@ -242,18 +242,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size) + kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1); + } + +-static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl) +-{ +- /* Nested FLUSHBYASID is not supported yet. */ +- switch(tlb_ctl) { +- case TLB_CONTROL_DO_NOTHING: +- case TLB_CONTROL_FLUSH_ALL_ASID: +- return true; +- default: +- return false; +- } +-} +- + static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu, + struct vmcb_ctrl_area_cached *control) + { +@@ -273,9 +261,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu, + IOPM_SIZE))) + return false; + +- if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl))) +- return false; +- + return true; + } + +-- +2.39.2 + diff --git a/patches/kernel/0015-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch b/patches/kernel/0015-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch new file mode 100644 index 0000000..8ae3a67 --- /dev/null +++ b/patches/kernel/0015-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch @@ -0,0 +1,39 @@ +From 42af81abf0b96ab661591d024aed55c05dd85b91 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 18 Oct 2023 12:41:04 -0700 +Subject: [PATCH 2/2] KVM: nSVM: Advertise support for flush-by-ASID + +Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can +always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2 +with a new, fresh ASID in vmcb02. Some modern hypervisors, e.g. VMWare +Workstation 17, require FLUSHBYASID support and will refuse to run if it's +not present. + +Punt on proper support, as "Honor L1's request to flush an ASID on nested +VMRUN" is one of the TODO items in the (incomplete) list of issues that +need to be addressed in order for KVM to NOT do a full TLB flush on every +nested SVM transition (see nested_svm_transition_tlb_flush()). + +Reported-by: Stefan Sterz +Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com +Signed-off-by: Sean Christopherson +Signed-off-by: Stefan Sterz +--- + arch/x86/kvm/svm/svm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c +index 9a194aa1a75a..0fde9b0c464b 100644 +--- a/arch/x86/kvm/svm/svm.c ++++ b/arch/x86/kvm/svm/svm.c +@@ -4880,6 +4880,7 @@ static __init void svm_set_cpu_caps(void) + if (nested) { + kvm_cpu_cap_set(X86_FEATURE_SVM); + kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN); ++ kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID); + + if (nrips) + kvm_cpu_cap_set(X86_FEATURE_NRIPS); +-- +2.39.2 +