Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp707278ybe; Wed, 4 Sep 2019 06:37:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqwruh4OajR/+Wg3bcVgcKtUZq4HcjUfUxVQGRLJW13pp/oAitiJEvWit6V7c8bP32uUu0Ao X-Received: by 2002:a65:644b:: with SMTP id s11mr25328359pgv.305.1567604279514; Wed, 04 Sep 2019 06:37:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567604279; cv=none; d=google.com; s=arc-20160816; b=hTz6ohI+AOKIKJzriQfRjbCNqogdsCG8v4QusZrHAUFF79/Vzuw6doHXsOLRx7H8bD MHv+aTzjpYbfuSXN/OG3wMKxEKWfaHl5ygz3y1pfpMJ/AYj/u+SJvt6b+qPKEVhTUpRs 2nRQEQ5ckqU75pgc/xBOkHwRGNEgoZ9nKxaPlCcr/Ls3+/PX3bjT/OZhEkVmykB5OwKd 0KYvP80NoRMn2YOVl/e5Jlmy4AoSa3uNp2O3kjzXiIQDoxHTx1+Prjz5bk1buipNbl6R mcW/3rd0XzomrvvqQCvtXNrvxRV1p9NYyF7k0NwE8X5GMw83B2p+svELea6oi1Qdy+7N ch+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=DvXyQ/caPYxtunrlbeZWX70rlOc+ISFPg6+8zaGxv5U=; b=Lajg67/ubMf6WJ31DoAhz1ti566XELEkozPabcbYMFnViI3/otFL34TbchIYzpd8/Y Ylsg4z+ZWiBPNRSxZxb/UmEKrb6H5pP5M/QLZFsRr8AbYha1Jw1NKgZ+rDmbFnU+U8/n Iexru9QnyQmkesfQx3n/u2HQqzEz19j/E6THOW9vru56TBTaI+nCbo1L2XemfWgZCGPB jkejLnhxJOpGMWeqWT47qwQIo5auyJBYuInqFMWFHK3khMqRk7ND4mTAy1NyERXd3agd BG40/ZoxjqeZpFeoxEeXw2jPK3vKr80KiLSX6kjFJzc3HllTAaMKnaDmeZvuncru72UF 0b/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=ekzGnjDV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u9si15020118plr.51.2019.09.04.06.37.43; Wed, 04 Sep 2019 06:37:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=ekzGnjDV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730485AbfIDNfz (ORCPT + 99 others); Wed, 4 Sep 2019 09:35:55 -0400 Received: from smtp-fw-33001.amazon.com ([207.171.190.10]:41964 "EHLO smtp-fw-33001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730142AbfIDNfy (ORCPT ); Wed, 4 Sep 2019 09:35:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1567604153; x=1599140153; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=DvXyQ/caPYxtunrlbeZWX70rlOc+ISFPg6+8zaGxv5U=; b=ekzGnjDVP7ivdpkxGC1jeSbxe2eE/JwHFydSJked49i4iZeraubOdmh/ FGaQ2JrPJwks87464YApw80gEV+I6coNR4KuT1mYEDaAuzegkhcdR5x3E b4ODJtAkHZR/ZAqx0ySx88q5RQi8nupSh8enKJQWh0guKHeLvcanAkjNx g=; X-IronPort-AV: E=Sophos;i="5.64,467,1559520000"; d="scan'208";a="827208758" Received: from sea3-co-svc-lb6-vlan2.sea.amazon.com (HELO email-inbound-relay-1a-821c648d.us-east-1.amazon.com) ([10.47.22.34]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 04 Sep 2019 13:35:34 +0000 Received: from EX13MTAUWC001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan3.iad.amazon.com [10.40.159.166]) by email-inbound-relay-1a-821c648d.us-east-1.amazon.com (Postfix) with ESMTPS id 77910A25E5; Wed, 4 Sep 2019 13:35:29 +0000 (UTC) Received: from EX13D20UWC001.ant.amazon.com (10.43.162.244) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 4 Sep 2019 13:35:29 +0000 Received: from u79c5a0a55de558.ant.amazon.com (10.43.160.160) by EX13D20UWC001.ant.amazon.com (10.43.162.244) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 4 Sep 2019 13:35:25 +0000 From: Alexander Graf To: CC: , , "H. Peter Anvin" , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Joerg Roedel , Jim Mattson , Wanpeng Li , Vitaly Kuznetsov , "Sean Christopherson" , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Paolo Bonzini , Liran Alon Subject: [PATCH v2 2/2] KVM: SVM: Disable posted interrupts for odd IRQs Date: Wed, 4 Sep 2019 15:35:11 +0200 Message-ID: <20190904133511.17540-3-graf@amazon.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190904133511.17540-1-graf@amazon.com> References: <20190904133511.17540-1-graf@amazon.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.43.160.160] X-ClientProxiedBy: EX13D31UWA002.ant.amazon.com (10.43.160.82) To EX13D20UWC001.ant.amazon.com (10.43.162.244) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We can easily route hardware interrupts directly into VM context when they target the "Fixed" or "LowPriority" delivery modes. However, on modes such as "SMI" or "Init", we need to go via KVM code to actually put the vCPU into a different mode of operation, so we can not post the interrupt Add code in the SVM PI logic to explicitly refuse to establish posted mappings for advanced IRQ deliver modes. This reflects the logic in __apic_accept_irq() which also only ever passes Fixed and LowPriority interrupts as posted interrupts into the guest. This fixes a bug I have with code which configures real hardware to inject virtual SMIs into my guest. Signed-off-by: Alexander Graf Reviewed-by: Liran Alon --- v1 -> v2: - Make error message more unique - Update commit message to point to __apic_accept_irq() --- arch/x86/kvm/svm.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 1f220a85514f..b86b45b85da8 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5266,6 +5266,21 @@ get_pi_vcpu_info(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e, return -1; } + switch (irq.delivery_mode) { + case dest_Fixed: + case dest_LowestPrio: + break; + default: + /* + * For non-trivial interrupt events, we need to go + * through the full KVM IRQ code, so refuse to take + * any direct PI assignments here. + */ + pr_debug("SVM: %s: use legacy intr mode for non-std irq %u\n", + __func__, irq.vector); + return -1; + } + pr_debug("SVM: %s: use GA mode for irq %u\n", __func__, irq.vector); *svm = to_svm(vcpu); @@ -5314,6 +5329,7 @@ static int svm_update_pi_irte(struct kvm *kvm, unsigned int host_irq, * 1. When cannot target interrupt to a specific vcpu. * 2. Unsetting posted interrupt. * 3. APIC virtialization is disabled for the vcpu. + * 4. IRQ has extended delivery mode (SMI, INIT, etc) */ if (!get_pi_vcpu_info(kvm, e, &vcpu_info, &svm) && set && kvm_vcpu_apicv_active(&svm->vcpu)) { -- 2.17.1 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879