KVM: nVMX: Use macros and #defines in vmx_restore_vmx_basic()

Use macros in vmx_restore_vmx_basic() instead of open coding everything
using BIT_ULL() and GENMASK_ULL().  Opportunistically split feature bits
and reserved bits into separate variables, and add a comment explaining
the subset logic (it's not immediately obvious that the set of feature
bits is NOT the set of _supported_ feature bits).

Cc: Shan Kang <shan.kang@intel.com>
Cc: Kai Huang <kai.huang@intel.com>
Signed-off-by: Xin Li <xin3.li@intel.com>
[sean: split to separate patch, write changelog, drop #defines]
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Link: https://lore.kernel.org/r/20240605231918.2915961-7-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 504fe5ffd47b705e87aa882e6184e3a6b974b5ef..eba5e94a3c7c0d1151946fa1e06aaf625c5401cb 100644 (file)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -1251,21 +1251,32 @@ static bool is_bitwise_subset(u64 superset, u64 subset, u64 mask)
 
 static int vmx_restore_vmx_basic(struct vcpu_vmx *vmx, u64 data)
 {
-       const u64 feature_and_reserved =
-               /* feature (except bit 48; see below) */
-               BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) |
-               /* reserved */
-               BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56);
+       const u64 feature_bits = VMX_BASIC_DUAL_MONITOR_TREATMENT |
+                                VMX_BASIC_INOUT |
+                                VMX_BASIC_TRUE_CTLS;
+
+       const u64 reserved_bits = GENMASK_ULL(63, 56) |
+                                 GENMASK_ULL(47, 45) |
+                                 BIT_ULL(31);
+
        u64 vmx_basic = vmcs_config.nested.basic;
 
-       if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved))
+       BUILD_BUG_ON(feature_bits & reserved_bits);
+
+       /*
+        * Except for 32BIT_PHYS_ADDR_ONLY, which is an anti-feature bit (has
+        * inverted polarity), the incoming value must not set feature bits or
+        * reserved bits that aren't allowed/supported by KVM.  Fields, i.e.
+        * multi-bit values, are explicitly checked below.
+        */
+       if (!is_bitwise_subset(vmx_basic, data, feature_bits | reserved_bits))
                return -EINVAL;
 
        /*
         * KVM does not emulate a version of VMX that constrains physical
         * addresses of VMX structures (e.g. VMCS) to 32-bits.
         */
-       if (data & BIT_ULL(48))
+       if (data & VMX_BASIC_32BIT_PHYS_ADDR_ONLY)
                return -EINVAL;
 
        if (vmx_basic_vmcs_revision_id(vmx_basic) !=