Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1019092imm; Fri, 27 Jul 2018 09:50:33 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfhHR/ZpsPkML+5hXiaEf8UaCyiFKHdyhGveS03QOftFGH1LeH9tyMY4W+SLNuKcCp9Wkt4 X-Received: by 2002:a65:660a:: with SMTP id w10-v6mr6685680pgv.366.1532710233759; Fri, 27 Jul 2018 09:50:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532710233; cv=none; d=google.com; s=arc-20160816; b=YCXM+C5sC/Pg7uYcRAx/EqCdcQIp5r5nxvfkxv3Xr1h2QyJqSkB7sWxpW/0wH3sRaW VLMP4G9+F5A6N4uOIDkjbeh6FCERG5QdFiY5gn8UYbvNByraiS5DoztPaxlNybJLrz4a tjRt9IEjRmWdrod4MF5/mx6qOEFvLNRTqovIMSJx5BqIIGRFRnaEB7jZiCd6pdZkdVFR 64GhhLtsklPn3/5F0ahOLNjUSvcf8Zn7nChzf8tapkThW3XVWWpsIAvG2J+Hq03utZdc a7p+e+Xs4Eczi8foMDaoTeDWao1s8pkNahGHqSVJIFpB+AET3gGRkIcgYEk/3PmhVTlU 0e5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=H4AVs7yQK3Fje4Idjghzuyqnxdj6ef5yWWZM+MGxAtE=; b=nDuvXhNcharIgJyXB/mIk1Aqn7y4Zq9Lsga5HSTRL91yOCa9tKE9EqPG7dRpR9XRhM Z0vdiPcFaT08JkFYAmWPcaTiEz2csvA6b+Q80cLmWk++h/GnnNwLh6+LkcK4fTn5CTia muqxnqCoTgZmtfU864l7chmsEVBLAsTkkvz/Vw7cs/oigstHeVgey9bMLaKBqNsH3TgC ux9gcdt5QI0rtdvg+aMjDcWP1cQwvyHaFUU+mU5PEJV9PoBO1jp7XaMTK72tK/l6EIZ2 6JBAjdEDNHpDgvM65rtDv3AEIvGtaO/+Sq7jsWl23w90Pxe7l/gh9BTSMSwWrzqjhxLs cAuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=SYX51ACK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 13-v6si3879633ple.274.2018.07.27.09.50.19; Fri, 27 Jul 2018 09:50:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=SYX51ACK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388668AbeG0SL1 (ORCPT + 99 others); Fri, 27 Jul 2018 14:11:27 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:33223 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730510AbeG0SL0 (ORCPT ); Fri, 27 Jul 2018 14:11:26 -0400 Received: by mail-oi0-f66.google.com with SMTP id l10-v6so10196130oii.0 for ; Fri, 27 Jul 2018 09:48:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=H4AVs7yQK3Fje4Idjghzuyqnxdj6ef5yWWZM+MGxAtE=; b=SYX51ACKbKomoA+agiTLHjJaou0WXf9PrQQi/pFLGBTK31jmOcPX4RALlEFfa05x7O wNnfTtdgUnb+/WaX4aZrEoBW0xzV4dQjdxuMDdtlEkQI92K33dLyG92GR5BD4UkMICqf OK9hccnUWCKSiXUWyNcSobNneVC6J1m0SRvOXVpeDwPN6Tw/sTycKPcCqevLn19/4Edf PC+XsrRnbTyyc/uepzXx1wz6Z0rLhrJ8zK0PHWGddwN1j8kj3548yyFDTNqvrlvl1dAX FfPOnf10yJJW4FGKWtyknhO8y6LqFO7uHsabTjREV49JUmGbjivJe+hF0qYO0AKq0dOE rGIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=H4AVs7yQK3Fje4Idjghzuyqnxdj6ef5yWWZM+MGxAtE=; b=NRevVHyzglDvhR/vfdmhyJuQd8jzCazt4BVk3KIe4xKjsbnLT8lir8UOBe712bLV0j B/kfgibwC5AzE2jjGL8JanalbF+uPAjQx3hfvxq0JRwPqVdcKQOR+q0rfFY/l7oQ9j+i 3K7bqxdTrsHgczRGpFSe8AWaDt3JSwXWjPLXgZRtPUaXD+OGsecOhEJ8+74aMTyaYtXk lRzFBwRLnFIF9fJBzw/ZCu2IwBPttJyqqb+OgO+1JFWvmY5n60t7HJ3IYooyFiaHhfvD BkxtlB+50wDeyc+175gfmUe/H5JkyG9ywoQD6dujlyDPFPQlToWCrj4O47I8/mkpRKHD 1cTA== X-Gm-Message-State: AOUpUlFs0G6xL7poyhTtOasSvTqyeDYDOzco1MJ/peEtNsyjpMK2Qj4i 4gEMcBoEE83YnB4LYk8q89c7njBQX4pd2Ak2vsIKeQ== X-Received: by 2002:aca:efd7:: with SMTP id n206-v6mr7970033oih.70.1532710122930; Fri, 27 Jul 2018 09:48:42 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ac9:3404:0:0:0:0:0 with HTTP; Fri, 27 Jul 2018 09:48:42 -0700 (PDT) In-Reply-To: <20180727144448.9606-1-vkuznets@redhat.com> References: <20180727144448.9606-1-vkuznets@redhat.com> From: Jim Mattson Date: Fri, 27 Jul 2018 09:48:42 -0700 Message-ID: Subject: Re: [PATCH RFC] x86/kvm/lapic: always disable MMIO interface in x2APIC mode To: Vitaly Kuznetsov Cc: kvm list , Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , "the arch/x86 maintainers" , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On a physical machine, I would expect the default local APIC page to fall in the PCI hole, so it would be correct to sink writes and to return all ones for reads. Does qemu implement a PCI hole, and does this address fall into it? On Fri, Jul 27, 2018 at 7:44 AM, Vitaly Kuznetsov wrote: > When VMX is used with flexpriority disabled (because of no support or > if disabled with module parameter) MMIO interface to lAPIC is still > available in x2APIC mode while it shouldn't be (kvm-unit-tests): > > PASS: apic_disable: Local apic enabled in x2APIC mode > PASS: apic_disable: CPUID.1H:EDX.APIC[bit 9] is set > FAIL: apic_disable: *0xfee00030: 50014 > > The issue appears because we basically do nothing while switching to > x2APIC mode when APIC access page is not used. apic_mmio_{read,write} > only check if lAPIC is disabled before proceeding to actual write. > > When APIC access is virtualized we correctly manipulate with VMX controls > in vmx_set_virtual_apic_mode() and we don't get vmexits from memory writes > in x2APIC mode so there's no issue. > > Disabling MMIO interface seems to be easy. The question is: what do we > do with these reads and writes? If we add apic_x2apic_mode() check to > apic_mmio_in_range() and return -EOPNOTSUPP these reads and writes will > go to userspace. When lAPIC is in kernel, Qemu uses this interface to > inject MSIs only (see kvm_apic_mem_write() in hw/i386/kvm/apic.c). This > somehow works with disabled lAPIC but when we're in xAPIC mode we will > get a real injected MSI from every write to lAPIC. Not good. > > The simplest solution seems to be to just ignore writes to the region > and return ~0 for all reads when we're in x2APIC mode. This is what this > patch does. However, this approach is inconsistent with what currently > happens when flexpriority is enabled: we allocate APIC access page and > create KVM memory region so in x2APIC modes all reads and writes go to > this pre-allocated page which is, btw, the same for all vCPUs. > > The other solution would be to pre-allocate a 'shadow' page for lAPICs > in disabled/x2APIC mode and re-direct all reads and writes there. I'm, > however, not convinced this is a good thing to do. > > Signed-off-by: Vitaly Kuznetsov > --- > arch/x86/kvm/lapic.c | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c > index b5cd8465d44f..89b59d6410ae 100644 > --- a/arch/x86/kvm/lapic.c > +++ b/arch/x86/kvm/lapic.c > @@ -1291,9 +1291,8 @@ EXPORT_SYMBOL_GPL(kvm_lapic_reg_read); > > static int apic_mmio_in_range(struct kvm_lapic *apic, gpa_t addr) > { > - return kvm_apic_hw_enabled(apic) && > - addr >= apic->base_address && > - addr < apic->base_address + LAPIC_MMIO_LENGTH; > + return addr >= apic->base_address && > + addr < apic->base_address + LAPIC_MMIO_LENGTH; > } > > static int apic_mmio_read(struct kvm_vcpu *vcpu, struct kvm_io_device *this, > @@ -1305,6 +1304,11 @@ static int apic_mmio_read(struct kvm_vcpu *vcpu, struct kvm_io_device *this, > if (!apic_mmio_in_range(apic, address)) > return -EOPNOTSUPP; > > + if (!kvm_apic_hw_enabled(apic) || apic_x2apic_mode(apic)) { > + memset(data, 0xff, len); > + return 0; > + } > + > kvm_lapic_reg_read(apic, offset, len, data); > > return 0; > @@ -1864,6 +1868,9 @@ static int apic_mmio_write(struct kvm_vcpu *vcpu, struct kvm_io_device *this, > if (!apic_mmio_in_range(apic, address)) > return -EOPNOTSUPP; > > + if (!kvm_apic_hw_enabled(apic) || apic_x2apic_mode(apic)) > + return 0; > + > /* > * APIC register must be aligned on 128-bits boundary. > * 32/64/128 bits registers must be accessed thru 32 bits. > -- > 2.14.4 >