Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp5469259imm; Tue, 16 Oct 2018 10:42:09 -0700 (PDT) X-Google-Smtp-Source: ACcGV61hsk0dHDIYuc8XpbaTslFX6C6TxTQUKhkOw7UxWyYHimmalc2oJkAZO8S6H1nhzL4uQI+B X-Received: by 2002:a62:454d:: with SMTP id s74-v6mr23713540pfa.136.1539711729226; Tue, 16 Oct 2018 10:42:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539711729; cv=none; d=google.com; s=arc-20160816; b=w7KlAchl6TvaqYH08c2qWQTFGFQaGjpk2HwKOSB5vu/zHSxS7kmRguP8IVkXyATrWb 0lqC9qURJ3JbAjKrEG7sDz7F4/IbIaLVUBXRzYwvqqOjShHJnYsf5LmIxIM87XXv12JM dSQGpxFIiKai36aRE1NLK79MdepBAyuDo+tgS3TtBAsHo/gkFfIPsGdQXKrY5oYZeTT5 Yxg2e/4nXA7GIOB/m+AYCwB6tO3X6YxKet9PbnDLS5rZVbJ9FPD3jXSXJsX+HmRt2HSo KRKt8kFeKHtEtJTRduT79gg9OIRqw846GUlfwwtFxZKOtTHsgV73MVYKgvdJZBozWzAK 4rDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/mRLlEvzShiR9lw/zMfXL5dF/jQX8fXxkYu96JCYPdE=; b=iweudYf1IaGvaTO2pqmgldZQUeiucYWzDFNGZIJjsHoJVGdUEOSNUyET+6dfEpnw5I r+R+m3MAu8ZT2Tp1RaD4QITuxn4Tspkm0RrG2kbKJoE9fdMak9/8uw+4V/FYTquHyq1J Aalm8U6wDV1kQa2pQNzC6lNUgEYn9v/lsDzxmtsoIx55JVUlzS08wZeAf2rGonKHahRE MZcx1Rp9CRmtJQQOG7LQneJxQ7pOdHYxK2vrh1/Erv+0w2ZDLmujZGqHFa+JGbizTfVH Uc1CDn12XB/cqQll+4LkgsTgZIyr9bEYyXsVaJPiUdBPZe1Imv7qF4DMtxc6b195/AVC lDoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IvTTAFHM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f2-v6si14233732plr.153.2018.10.16.10.41.53; Tue, 16 Oct 2018 10:42:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IvTTAFHM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729314AbeJQBGg (ORCPT + 99 others); Tue, 16 Oct 2018 21:06:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:50582 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727007AbeJQBGg (ORCPT ); Tue, 16 Oct 2018 21:06:36 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CCFAF20866; Tue, 16 Oct 2018 17:15:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539710112; bh=0ARc/MmnAbvYdrd1f+V0qQWWGwtQ6kVW8OttME7FMps=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IvTTAFHMA9eXEjBzxAN05V7kjiSjjOBNfgUipjzPECILTBWvtMl6b8skULq/W5lZV 7UcUmKw85uIhE+F9MX6rrVfoaSx5kM4rLIqtVwGYIu6UnAw8ESd6yfvLrBa/gFjh+V CATptH2XiwwaKaymTB7gtP3uvxp1pn3uplCZDRmA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vitaly Kuznetsov , Paolo Bonzini , Sasha Levin Subject: [PATCH 4.18 105/135] x86/kvm/lapic: always disable MMIO interface in x2APIC mode Date: Tue, 16 Oct 2018 19:05:35 +0200 Message-Id: <20181016170522.608115802@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181016170515.447235311@linuxfoundation.org> References: <20181016170515.447235311@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Vitaly Kuznetsov [ Upstream commit d1766202779e81d0f2a94c4650a6ba31497d369d ] When VMX is used with flexpriority disabled (because of no support or if disabled with module parameter) MMIO interface to lAPIC is still available in x2APIC mode while it shouldn't be (kvm-unit-tests): PASS: apic_disable: Local apic enabled in x2APIC mode PASS: apic_disable: CPUID.1H:EDX.APIC[bit 9] is set FAIL: apic_disable: *0xfee00030: 50014 The issue appears because we basically do nothing while switching to x2APIC mode when APIC access page is not used. apic_mmio_{read,write} only check if lAPIC is disabled before proceeding to actual write. When APIC access is virtualized we correctly manipulate with VMX controls in vmx_set_virtual_apic_mode() and we don't get vmexits from memory writes in x2APIC mode so there's no issue. Disabling MMIO interface seems to be easy. The question is: what do we do with these reads and writes? If we add apic_x2apic_mode() check to apic_mmio_in_range() and return -EOPNOTSUPP these reads and writes will go to userspace. When lAPIC is in kernel, Qemu uses this interface to inject MSIs only (see kvm_apic_mem_write() in hw/i386/kvm/apic.c). This somehow works with disabled lAPIC but when we're in xAPIC mode we will get a real injected MSI from every write to lAPIC. Not good. The simplest solution seems to be to just ignore writes to the region and return ~0 for all reads when we're in x2APIC mode. This is what this patch does. However, this approach is inconsistent with what currently happens when flexpriority is enabled: we allocate APIC access page and create KVM memory region so in x2APIC modes all reads and writes go to this pre-allocated page which is, btw, the same for all vCPUs. Signed-off-by: Vitaly Kuznetsov Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +++++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -377,5 +377,6 @@ struct kvm_sync_regs { #define KVM_X86_QUIRK_LINT0_REENABLED (1 << 0) #define KVM_X86_QUIRK_CD_NW_CLEARED (1 << 1) +#define KVM_X86_QUIRK_LAPIC_MMIO_HOLE (1 << 2) #endif /* _ASM_X86_KVM_H */ --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -1291,9 +1291,8 @@ EXPORT_SYMBOL_GPL(kvm_lapic_reg_read); static int apic_mmio_in_range(struct kvm_lapic *apic, gpa_t addr) { - return kvm_apic_hw_enabled(apic) && - addr >= apic->base_address && - addr < apic->base_address + LAPIC_MMIO_LENGTH; + return addr >= apic->base_address && + addr < apic->base_address + LAPIC_MMIO_LENGTH; } static int apic_mmio_read(struct kvm_vcpu *vcpu, struct kvm_io_device *this, @@ -1305,6 +1304,15 @@ static int apic_mmio_read(struct kvm_vcp if (!apic_mmio_in_range(apic, address)) return -EOPNOTSUPP; + if (!kvm_apic_hw_enabled(apic) || apic_x2apic_mode(apic)) { + if (!kvm_check_has_quirk(vcpu->kvm, + KVM_X86_QUIRK_LAPIC_MMIO_HOLE)) + return -EOPNOTSUPP; + + memset(data, 0xff, len); + return 0; + } + kvm_lapic_reg_read(apic, offset, len, data); return 0; @@ -1864,6 +1872,14 @@ static int apic_mmio_write(struct kvm_vc if (!apic_mmio_in_range(apic, address)) return -EOPNOTSUPP; + if (!kvm_apic_hw_enabled(apic) || apic_x2apic_mode(apic)) { + if (!kvm_check_has_quirk(vcpu->kvm, + KVM_X86_QUIRK_LAPIC_MMIO_HOLE)) + return -EOPNOTSUPP; + + return 0; + } + /* * APIC register must be aligned on 128-bits boundary. * 32/64/128 bits registers must be accessed thru 32 bits.