KVM: x86/pmu: Restrict advanced features based on module enable_pmu

Once vPMU is disabled, the KVM would not expose features like:
PEBS (via clear kvm_pmu_cap.pebs_ept), legacy LBR and ARCH_LBR,
CPUID 0xA leaf, PDCM bit and MSR_IA32_PERF_CAPABILITIES, plus
PT_MODE_HOST_GUEST mode.

What this group of features has in common is that their use
relies on the underlying PMU counter and the host perf_event as a
back-end resource requester or sharing part of the irq delivery path.

Signed-off-by: Like Xu <likexu@tencent.com>
Message-Id: <20220601031925.59693-2-likexu@tencent.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/pmu.h b/arch/x86/kvm/pmu.h
index 2c5b3c9f55310b5aea94f6a290553cf776fecc00..c1b61671ba1ef180c5692bb48ff688d182f351d2 100644 (file)
--- a/arch/x86/kvm/pmu.h
+++ b/arch/x86/kvm/pmu.h
@@ -170,9 +170,11 @@ static inline void kvm_init_pmu_capability(void)
          * For Intel, only support guest architectural pmu
          * on a host with architectural pmu.
          */
-       if ((is_intel && !kvm_pmu_cap.version) || !kvm_pmu_cap.num_counters_gp) {
-               memset(&kvm_pmu_cap, 0, sizeof(kvm_pmu_cap));
+       if ((is_intel && !kvm_pmu_cap.version) || !kvm_pmu_cap.num_counters_gp)
                enable_pmu = false;
+
+       if (!enable_pmu) {
+               memset(&kvm_pmu_cap, 0, sizeof(kvm_pmu_cap));
                return;
        }
 

diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
index 2d3f13b18714d84aa79c6a9add41a207e4ec315b..292e58679d95c0dae6350d17c4bf55d5fcc55158 100644 (file)
--- a/arch/x86/kvm/vmx/capabilities.h
+++ b/arch/x86/kvm/vmx/capabilities.h
@@ -7,6 +7,7 @@
 #include "lapic.h"
 #include "x86.h"
 #include "pmu.h"
+#include "cpuid.h"
 
 extern bool __read_mostly enable_vpid;
 extern bool __read_mostly flexpriority_enabled;
@@ -409,6 +410,9 @@ static inline u64 vmx_get_perf_capabilities(void)
        u64 perf_cap = PMU_CAP_FW_WRITES;
        u64 host_perf_cap = 0;
 
+       if (!enable_pmu)
+               return 0;
+
        if (boot_cpu_has(X86_FEATURE_PDCM))
                rdmsrl(MSR_IA32_PERF_CAPABILITIES, host_perf_cap);
 

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 2e00890d752a5a460d14bc53fc5c87d6e785deaf..83eeecb4c7f7a86d2a7791bd6199e1cf6fc948cb 100644 (file)
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7568,6 +7568,9 @@ static __init void vmx_set_cpu_caps(void)
                kvm_cpu_cap_check_and_set(X86_FEATURE_DTES64);
        }
 
+       if (!enable_pmu)
+               kvm_cpu_cap_clear(X86_FEATURE_PDCM);
+
        if (!enable_sgx) {
                kvm_cpu_cap_clear(X86_FEATURE_SGX);
                kvm_cpu_cap_clear(X86_FEATURE_SGX_LC);
@@ -8233,7 +8236,7 @@ static __init int hardware_setup(void)
 
        if (pt_mode != PT_MODE_SYSTEM && pt_mode != PT_MODE_HOST_GUEST)
                return -EINVAL;
-       if (!enable_ept || !cpu_has_vmx_intel_pt())
+       if (!enable_ept || !enable_pmu || !cpu_has_vmx_intel_pt())
                pt_mode = PT_MODE_SYSTEM;
        if (pt_mode == PT_MODE_HOST_GUEST)
                vmx_init_ops.handle_intel_pt_intr = vmx_handle_intel_pt_intr;