Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp2666652imb; Mon, 4 Mar 2019 10:51:31 -0800 (PST) X-Google-Smtp-Source: APXvYqxjjW8NM6Y38iKDhFbBFyWYIawAieVEe1guuV9gNPyGnzKssBKWcUhICi0V0LzxFaA2Wb6T X-Received: by 2002:a17:902:b60c:: with SMTP id b12mr21607563pls.261.1551725491455; Mon, 04 Mar 2019 10:51:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551725491; cv=none; d=google.com; s=arc-20160816; b=Q3iDV5Yi0YntyWdo7tKKtgthJVPNmpfvFwFYcDAEpJ3/InAyyZZXMZvaM0/iWxCvNq anm+oH4kwHXfpGo+QgDwlvWTrkMEJbnS+FAiyKhbJE9PdawxXyRFWEEBV7rxzrA5rkTE OjlOzWcaweyan2L3SHaokcCvcKyffDSYkUbtvKTgpAFIACl5PZmVEGHHbrG6ww/9tBMo gdgfDAzW3owDoXaQuC8T7CUDYpco/fsDebg2AvsrZ92okb9o3MlNgWpzzLBwQSu+iv3+ 0iPUQBsDquUtXfidynGJOWVQQdd007GEkbM56muJHNrCvAgiKg+tfaGoJQqAt2DSBC3Y arjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:mime-version:user-agent:date:message-id :subject:cc:to:from:dkim-signature; bh=mgZk5sUW457YGdjqHfSipY+wTqvY7YRe2DQUcfr8AlM=; b=q6OvHPnT8PcWZLgHtM/eloL/FgwcDrOa6UEUN5cNrPd81wHiaIy5Xd13to/l7DNQNj d8rdDiIpYBY3rJF5My6yV1bi1Tb8SjG5AVrkGzPRQWC/g2n09m5THOH0Odo6zdKqHOOF /rRZowapD+Jzm58b9yBKUM7yFtcgOePGdUKs2dO51sPO++gElpG6OVY7ik44SrSo4z6X 2RSeMX1UZKRRdljOjVQr9E10OEzcGeubas4EzHLhbf65otQSgfAv4C6A8BSluqH9HwXX LnGQs7WZEYQMjNBXGtbH6l9jiK8kC8GN5YTXCQ0EB9POtSUq8jjBp9ZrT4OfHngB41Rn twvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@scalemp.com header.s=default header.b=ah33a+TW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=scalemp.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h85si6101927pfj.88.2019.03.04.10.51.15; Mon, 04 Mar 2019 10:51:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@scalemp.com header.s=default header.b=ah33a+TW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=scalemp.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727544AbfCDSoH (ORCPT + 99 others); Mon, 4 Mar 2019 13:44:07 -0500 Received: from www.scalemp.com ([169.44.78.149]:59088 "EHLO scalemp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726073AbfCDSoH (ORCPT ); Mon, 4 Mar 2019 13:44:07 -0500 X-Greylist: delayed 1726 seconds by postgrey-1.27 at vger.kernel.org; Mon, 04 Mar 2019 13:44:06 EST DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=scalemp.com ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date: Message-ID:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=mgZk5sUW457YGdjqHfSipY+wTqvY7YRe2DQUcfr8AlM=; b=ah33a+TWKaAmK3rH9snL7GjmMj HtzkVcv2RIhtqhjPIMY2hb0giDhW2RErZPEfvtkzXaHm00STA9GgZoMxVBVnbqUWo9B9tqKVaMnIL UXqFGuZ9RrLZqr9n8lWsjzkNliY811UH9oa3/yCvCm1Ia0QqTEa+SxFAb4ukI3/4IA7s=; Received: from 109-186-230-3.bb.netvision.net.il ([109.186.230.3]:49184 helo=[192.168.2.7]) by hosting.virtualsmp.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from ) id 1h0s7T-000S6w-Cf; Mon, 04 Mar 2019 13:15:19 -0500 From: Oren Twaig To: suravee.suthikulpanit@amd.com Cc: kvm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Subject: re: [PATCH] svm: Fix AVIC incomplete IPI emulation Message-ID: Date: Mon, 4 Mar 2019 20:15:17 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - hosting.virtualsmp.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - scalemp.com X-Get-Message-Sender-Via: hosting.virtualsmp.com: authenticated_id: oren@scalemp.com X-Authenticated-Sender: hosting.virtualsmp.com: oren@scalemp.com X-Source: X-Source-Args: X-Source-Dir: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Suravee, According to AMD's SDM, the target-not-running incomplete ipi exit is only received if any of the destination cpus had the not-running bit set in the avic backing page. However, not before the CPU _already_ set the relevant IRR bit in all these cpus. In this change, the patch forces KVM to send another interrupt to the vcpu whether SVM already did that or not. Which means the vcpu/s, under some conditions, can get an EXTRA interrupt it never intended to get. Example:   1. vcpu B: Is in "not-running" state.   2. vcpu A: Writes to the ICR to send vector 80 to vcpu B   3. vcpu A: SVM updates vcpu B IRR with bit 80   4. vcpu A: SVM exits on incomplete IPI target-not-running exit.   5. vcpu A: Now stops executing any code @ hypervisor level.   6. vcpu B: Due to another interrupt (like lapic timer)      resumes running the guest. While handling interrupts,      it also handles interrupt vector 80 (as it's in his IRR)   7. vcpu A: resumes executing the below code and sends      an _additional_interrupt to vcpu B. Overall, vcpu B got two interrupts. The second is unwanted and not documented in the system architecture. Can you please elaborate more to why the implementation below conflict with the specifications (which was the code before this commit) ? Thanks, Oren Twaig > From    "Suthikulpanit, Suravee" <> > Subject    [PATCH] svm: Fix AVIC incomplete IPI emulation > Date    Tue, 22 Jan 2019 10:25:13 +0000 > share > From: Suravee Suthikulpanit > > In case of incomplete IPI with invalid interrupt type, the current > SVM driver does not properly emulate the IPI, and fails to boot > FreeBSD guests with multiple vcpus when enabling AVIC. > > Fix this by update APIC ICR high/low registers, which also > emulate sending the IPI. > > Signed-off-by: Suravee Suthikulpanit > --- > arch/x86/kvm/svm.c | 19 ++++--------------- > 1 file changed, 4 insertions(+), 15 deletions(-) > > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c > index 2aff835a65ed..8a0c9a1f6ac8 100644 > --- a/arch/x86/kvm/svm.c > +++ b/arch/x86/kvm/svm.c > @@ -4504,25 +4504,14 @@ static int avic_incomplete_ipi_interception(struct vcpu_svm *svm) >          kvm_lapic_reg_write(apic, APIC_ICR, icrl); >          break; >      case AVIC_IPI_FAILURE_TARGET_NOT_RUNNING: { > -        int i; > -        struct kvm_vcpu *vcpu; > -        struct kvm *kvm = svm->vcpu.kvm; >          struct kvm_lapic *apic = svm->vcpu.arch.apic; >          /* > -         * At this point, we expect that the AVIC HW has already > -         * set the appropriate IRR bits on the valid target > -         * vcpus. So, we just need to kick the appropriate vcpu. > +         * Update ICR high and low, then emulate sending IPI, > +         * which is handled when writing APIC_ICR. >           */ > -        kvm_for_each_vcpu(i, vcpu, kvm) { > -            bool m = kvm_apic_match_dest(vcpu, apic, > -                             icrl & KVM_APIC_SHORT_MASK, > - GET_APIC_DEST_FIELD(icrh), > -      icrl & KVM_APIC_DEST_MASK); > - > -            if (m && !avic_vcpu_is_running(vcpu)) > - kvm_vcpu_wake_up(vcpu); > -        } > +        kvm_lapic_reg_write(apic, APIC_ICR2, icrh); > +        kvm_lapic_reg_write(apic, APIC_ICR, icrl); >          break; >      } >      case AVIC_IPI_FAILURE_INVALID_TARGET: > -- > 2.17.1