Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp9247pxv;
        Thu, 24 Jun 2021 01:18:43 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxCaEBqkODnKm4+jfDjMTR+p2BysCaJ5kZAk0eTntOsYryg1T3pTPzOCgQk3vWThWr4irfk
X-Received: by 2002:a17:906:2513:: with SMTP id i19mr4014053ejb.164.1624522723604;
        Thu, 24 Jun 2021 01:18:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624522723; cv=none;
        d=google.com; s=arc-20160816;
        b=YL9DiNQL2OVXXUwOtyMZuxdvyQ0edGNp/zxSF7ahrbyUJ4zMVdy5sK6SjvVgvtqtQ8
         PaY3D1E03z/7sUMVsvS7/1MKogEfos3U+renKfdQ/nE7zmNuW87j3iUvDevDK0B4P9E9
         mnfoSE2bE4vI4uVGQME4x61QeEY8IWUn+qNwfzw7+QKm2XEFttAegLyg6XLzQBskt3OE
         vjlSpLf2hGdOA8+dEepaF3O5D2hqhFMR59DsFjCo6P4zYW7iqlJAB2gCgzHM69oSYMCy
         hW6YpSTMT1Tv771maalc+sA3ayG46VKdGNADONdIUSQEyxRIMasKLIDCx58C2sf8yTiJ
         F2Fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=DKQaOPGFJZZQ5vgX+LfD77sztyavfZnG8AS/L9awIW4=;
        b=Bah4l7Nzwptb6oLn+nvmMM8Qxl3H3rH15fLWaxe58X6iJJFq/p3IupNBy3q+KWgdSf
         coDte6qO/0WxrwyBfUchVndi7CuKgl216dQHAJwYQHQrwx86uw0kwTwj6HJ26R/OWzcI
         gB4Xolk/TvUiVZIax9+xB7bxC/pFg4Lvw2iDl09V29v7YftwBXwEqAHur6LZ+Uj0Lr7p
         PoMnPxG8I9/MN+yCTIuLSfVcgjY6FYym8pNZ3PZIt7DAaXmJLwfWYJj0NuNov5FZ2qG1
         7eXHY1ABpXWB5OPeB7RL4qy2zxHartphg/iwGRyYsQ8Wo2dVo8QfMi6JWEFY6jLv9MoB
         NvyA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=DnRt8Ux1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y13si2429326edq.315.2021.06.24.01.18.19;
        Thu, 24 Jun 2021 01:18:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=DnRt8Ux1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231854AbhFXISa (ORCPT <rfc822;mafatlaija@gmail.com> + 99 others);
        Thu, 24 Jun 2021 04:18:30 -0400
Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:53738 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S231740AbhFXISa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 Jun 2021 04:18:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1624522570;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=DKQaOPGFJZZQ5vgX+LfD77sztyavfZnG8AS/L9awIW4=;
        b=DnRt8Ux1YKZ9RbSALieNRKeSdewlu7k5UWI5+Vf4NXb09ccGJZedysMiQSuO70VP07mUvz
        qUgkM9wABc+b9v6YhchkAqSYoPPfzYff6YixLJ6iQVYlp/lvjX5VXqmaEARKl3gW+VnEzt
        uoHLUPqGFxYRQSEhCu7MFIJgLivUKVs=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-77-c72DeYBoNoeA8_C0maJpNw-1; Thu, 24 Jun 2021 04:16:07 -0400
X-MC-Unique: c72DeYBoNoeA8_C0maJpNw-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8B637A40C0;
        Thu, 24 Jun 2021 08:16:05 +0000 (UTC)
Received: from starship (unknown [10.40.192.10])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 013835D705;
        Thu, 24 Jun 2021 08:16:01 +0000 (UTC)
Message-ID: <d77c4792681bfc8cb7f13793b651b355ef6684de.camel@redhat.com>
Subject: Re: [PATCH 07/10] KVM: SVM: use vmcb01 in
 svm_refresh_apicv_exec_ctrl
From:   Maxim Levitsky <mlevitsk@redhat.com>
To:     Paolo Bonzini <pbonzini@redhat.com>, kvm@vger.kernel.org
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Sean Christopherson <seanjc@google.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Joerg Roedel <joro@8bytes.org>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" 
        <linux-kernel@vger.kernel.org>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@kernel.org>,
        Jim Mattson <jmattson@google.com>
Date:   Thu, 24 Jun 2021 11:16:00 +0300
In-Reply-To: <bd20da0f-eb20-48f7-3258-cd5949f12227@redhat.com>
References: <20210623113002.111448-1-mlevitsk@redhat.com>
         <20210623113002.111448-8-mlevitsk@redhat.com>
         <bd20da0f-eb20-48f7-3258-cd5949f12227@redhat.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2021-06-23 at 23:54 +0200, Paolo Bonzini wrote:
> On 23/06/21 13:29, Maxim Levitsky wrote:
> > AVIC is not supported for nesting but in some corner
> > cases it is possible to have it still be enabled,
> > after we entered nesting, and use vmcb02.
> > 
> > Fix this by always using vmcb01 in svm_refresh_apicv_exec_ctrl
> 
> Please be more verbose about the corner case (and then the second 
> paragraph should not be necessary anymore).

I will do it.
The issue can happen only after patch 8 is applied, because then AVIC disable on
the current vCPU is always deferred.
 
I think that currently the problem in this patch can't happen because 
kvm_request_apicv_update(..., APICV_INHIBIT_REASON_NESTED) is called on each vCPU
from svm_vcpu_after_set_cpuid, and since it disables it on current vCPU, the
AVIC is fully disabled on all vCPUs when we get to the first guest entry, even if nested
(after a migration the first guest entry can be already nested)
 
After patch 8, the AVIC disable is done at guest entry where we already are in
L2, thus we should toggle it in vmcb01, while vmcb02 shouldn't have AVIC enabled
in the first place.

Best regards,
	Maxim Levitsky


> 
> Paolo
> 
> > Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> > ---
> >   arch/x86/kvm/svm/avic.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
> > index 1d01da64c333..a8ad78a2faa1 100644
> > --- a/arch/x86/kvm/svm/avic.c
> > +++ b/arch/x86/kvm/svm/avic.c
> > @@ -646,7 +646,7 @@ static int svm_set_pi_irte_mode(struct kvm_vcpu *vcpu, bool activate)
> >   void svm_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu)
> >   {
> >   	struct vcpu_svm *svm = to_svm(vcpu);
> > -	struct vmcb *vmcb = svm->vmcb;
> > +	struct vmcb *vmcb = svm->vmcb01.ptr;
> >   	bool activated = kvm_vcpu_apicv_active(vcpu);
> >   
> >   	if (!enable_apicv)
> >