Received: by 10.223.176.5 with SMTP id f5csp1823947wra;
        Thu, 8 Feb 2018 04:10:46 -0800 (PST)
X-Google-Smtp-Source: AH8x224SPaVePUAczXkAy7K/L3AvfXWa0YVWxE6a6WCCTAtJgOAw/pVdHJqUSQJ5CDobSz35pYrg
X-Received: by 10.98.76.141 with SMTP id e13mr507023pfj.160.1518091845936;
        Thu, 08 Feb 2018 04:10:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518091845; cv=none;
        d=google.com; s=arc-20160816;
        b=VNVXHsh0k0UK87gZ/WE48+gkPUCEQ6fegSrzH7LrSIHcC1TXMyQMDgRLfXNM3SbznZ
         /nPezi1ot9XZOG6boNHMRRd1fzUOGV46RUcXVjRP3JKt9OmR3qFa4dyqmFyUq7wmguS6
         kt5LvpSAXCoktZLvhBtc2/3S97wiTA74Lx7iIq5SQa4BzzTq1PGXoZT+Kw1719+fBS48
         iNh/r7VZAK+arMzCQMe97/9dDVSN5YqWpB4zqtwbdpzAUVAj61JH/EIYSakvW7mgtfRo
         mZdnaBr0AcurNu9BaG8k+JLuEyYDpQ2hc9tRb6IqQxv95y/6hi1BLa6VN6gCNtTDpcGV
         zjTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-disposition
         :content-transfer-encoding:subject:cc:to:from:date:message-id
         :mime-version:dkim-signature:arc-authentication-results;
        bh=kUXrc/NiRwtCJ0JXp3Qb2H6y8+cGLCxMG1gUI06WOuQ=;
        b=rjvFSgaG8D3JvEj/6uov8pzDQK9Ik/SkRSgPhpt8ndJXtozmDqAt3k90oFguKuTiy1
         bpy7WEhQ2et1Ks8/ee/zpSywrMHRC80aloV5KoFREBE+r2EN3dfDAiojae3ue1tbRWIN
         NpvAFy8vl0i2WfYIzBJx4k/0rtPVkJOp6t2DoDRrf7e5L9q9z4HVMCmcVHLgm4+kRm0s
         0zxpHRPRVY1ALQ0sgndN0g7yKuHh+hN8GugfJTUebOrLYJx67dCXY4gEOzscvYeOAqqH
         pokp5ALX/wEOU1m0dmdUe8SDeMJuIUqIeiX1NQAfgJZsNYsknLj2MRWGF+tyc+gCnVX2
         qUSQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=mXJwwQlW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y7-v6si2703136plh.806.2018.02.08.04.10.32;
        Thu, 08 Feb 2018 04:10:45 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=mXJwwQlW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752331AbeBHMJw (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Thu, 8 Feb 2018 07:09:52 -0500
Received: from aserp2120.oracle.com ([141.146.126.78]:50030 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750881AbeBHMJu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Feb 2018 07:09:50 -0500
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
        by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w18C73NJ110798;
        Thu, 8 Feb 2018 12:09:37 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=mime-version :
 message-id : date : from : to : cc : subject : content-type :
 content-transfer-encoding; s=corp-2017-10-26;
 bh=kUXrc/NiRwtCJ0JXp3Qb2H6y8+cGLCxMG1gUI06WOuQ=;
 b=mXJwwQlW1SQrsjY/iUrq1O3mTp5cSyz/B0H6087gcwY0HXcWoMIqAtspEmCTI+tI2Kh8
 tQeV3dPmy6Vr63NQNuZS8FqfgHV7EfgmqbpI+V6J6sAKLW5TvKomkLp6k/jD6q57Oqli
 FgZcrYTm8lDebFz2gA7QE/WYxnOOlcixcpth8jtlvm/hDGK7yXKtL5DTiS3uktL147Dr
 kD4qBrv9zJjba4/yXrrI7tAHT8pxgJe4BjOMNuQxvYMAi2XsF3F+z9uqKe601jgHHaFH
 vXos5mRVNjtPpCjZgXY2+CyNXSfjEdgUC7lt5WlOLLtGN1IkvNN7wftG/DX6VK/i6haX Lg== 
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233])
        by aserp2120.oracle.com with ESMTP id 2g0ncb0a7s-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Thu, 08 Feb 2018 12:09:37 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
        by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w18C9aWw024443
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Thu, 8 Feb 2018 12:09:36 GMT
Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21])
        by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w18C9ac1029385;
        Thu, 8 Feb 2018 12:09:36 GMT
MIME-Version: 1.0
Message-ID: <94d2625d-5055-4834-ba3c-b1a25117b762@default>
Date:   Thu, 8 Feb 2018 04:09:36 -0800 (PST)
From:   Liran Alon <liran.alon@oracle.com>
To:     <pbonzini@redhat.com>
Cc:     <chao.gao@intel.com>, <mingo@redhat.com>, <x86@kernel.org>,
        <tglx@linutronix.de>, <rkrcmar@redhat.com>,
        <linux-kernel@vger.kernel.org>, <hpa@zytor.com>,
        <kvm@vger.kernel.org>
Subject: Re: [PATCH] x86/kvm/vmx: Don't halt vcpu when L1 is injecting events
 to L2
X-Mailer: Zimbra on Oracle Beehive
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8798 signatures=668663
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1802080139
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


----- pbonzini@redhat.com wrote:

> On 08/02/2018 06:13, Chao Gao wrote:
> > Although L2 is in halt state, it will be in the active state after
> > VM entry if the VM entry is vectoring. Halting the vcpu here means
> > the event won't be injected to L2 and this decision isn't reported
> > to L1. Thus L0 drops an event that should be injected to L2.
> >=20
> > Because virtual interrupt delivery may wake L2 vcpu, if VID is
> enabled,
> > do the same thing -- don't halt L2.
>=20
> This second part seems wrong to me, or at least overly general.=20
> Perhaps
> you mean if RVI>0?
>=20
> Thanks,
>=20
> Paolo

I would first recommend to split this commit.
The first commit should handle only the case of vectoring VM entry.
It should also specify in commit message it is based on Intel SDM 26.6.2 Ac=
tivity State:
("If the VM entry is vectoring, the logical processor is in the active stat=
e after VM entry.")
That part in code seems correct to me.

The second commit seems wrong to me as-well.
(I would also mention here it is based on Intel SDM 26.6.5
Interrupt-Window Exiting and Virtual-Interrupt Delivery:
"These events wake the logical processor if it just entered the HLT state b=
ecause of a VM entry")

Paolo, I think that your suggestion is not sufficient as well.
Consider the case that APIC's TPR blocks interrupt specified in RVI.

I think that we should just remove the check for VID from commit,
and instead fix another bug which I describe below.

If lapic_in_kernel()=3D=3Dfalse, then APICv is not active and VID is not ex=
posed to L1
(In current KVM code. Jim already criticize that this is wrong.).

Otherwise, kvm_vcpu_halt() will change mp_state to KVM_MP_STATE_HALTED.
Eventually, vcpu_run() will call vcpu_block() which will reach kvm_vcpu_has=
_events().
That function is responsible for checking if there is any pending interrupt=
s.
Including, pending interrupts as a result of VID enabled and RVI>0
(While also taking into account the APIC's TPR).
The logic that checks for pending interrupts is kvm_cpu_has_interrupt()
which eventually reach apic_has_interrupt_for_ppr().
If APICv is enabled, apic_has_interrupt_for_ppr() will call vmx_sync_pir_to=
_irr()
which calls vmx_hwapic_irr_update().

However, max_irr returned to apic_has_interrupt_for_ppr() does not consider=
 the interrupt
pending in RVI. Which I think is the real bug to fix here.
In the non-nested case, RVI can never be larger than max_irr because that i=
s how L0 KVM manages RVI.
However, in the nested case, L1 can set RVI in VMCS arbitrary
(we just copy GUEST_INTR_STATUS from vmcs01 into vmcs02).

A possible patch to fix this is to change vmx_hwapic_irr_update() such that
if is_guest_mode(vcpu)=3D=3Dtrue, we should return max(max_irr, rvi) and re=
turn
that value into apic_has_interrupt_for_ppr().
Need to verify that it doesn't break other flows but I think it makes sense=
.
What do you think?

Regards,
-Liran

>=20
> > Signed-off-by: Chao Gao <chao.gao@intel.com>
> > ---
> >  arch/x86/kvm/vmx.c | 10 ++++++++--
> >  1 file changed, 8 insertions(+), 2 deletions(-)
> >=20
> > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> > index bb5b488..e1fe4e4 100644
> > --- a/arch/x86/kvm/vmx.c
> > +++ b/arch/x86/kvm/vmx.c
> > @@ -10985,8 +10985,14 @@ static int nested_vmx_run(struct kvm_vcpu
> *vcpu, bool launch)
> >  =09if (ret)
> >  =09=09return ret;
> > =20
> > -=09if (vmcs12->guest_activity_state =3D=3D GUEST_ACTIVITY_HLT)
> > -=09=09return kvm_vcpu_halt(vcpu);
> > +=09if (vmcs12->guest_activity_state =3D=3D GUEST_ACTIVITY_HLT) {
> > +=09=09u32 intr_info =3D vmcs_read32(VM_ENTRY_INTR_INFO_FIELD);
> > +=09=09u32 exec_control =3D vmcs_read32(SECONDARY_VM_EXEC_CONTROL);
> > +
> > +=09=09if (!(intr_info & VECTORING_INFO_VALID_MASK) &&
> > +=09=09=09!(exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY))
> > +=09=09=09return kvm_vcpu_halt(vcpu);
> > +=09}
>=20
> >  =09vmx->nested.nested_run_pending =3D 1;
> > =20
> >