Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp3573503pxm; Tue, 1 Mar 2022 00:42:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJxnHnUymK0F5xY5Yu3QJ2Fh3pob/GQTD5A2Xc1fxOOi3nuO4/dVuBp9Xd59gW4D1tENV3FM X-Received: by 2002:a17:903:310d:b0:151:6d4b:a274 with SMTP id w13-20020a170903310d00b001516d4ba274mr7797461plc.130.1646124139586; Tue, 01 Mar 2022 00:42:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646124139; cv=none; d=google.com; s=arc-20160816; b=WqwYK2429x8Hlw0fEEqmzRe3N0KYfxr1nUPJsSxMuAe8PdUWbFqszm3DslnSgJSwc9 0iNgiTGq2wYcOXU71OvDWmea01+DGF3fqLpDV7kTFtOqv+yrQQXZRX1LrwootqGnTv0K 4U9axnWe8bDFFR6SMuyz47STXFBOk3gCbc1XosE/CezhJTUBkZLPHL8egqM4AifPlDD5 ppoO6UzpTMWdL0TVXvDP9GPxdXL5lJ8YyUCGvLno9oiXxES81QDNf5Govf2k9y9oQD9h Fg6BdP23xsTEPaNULq8FtWnFtYrmTB0XDpp//l3VGmuhuwKrbNCZHAAzXHwX5yqFlaLs sqgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=XFU5hQGv5FIuesuyWQuKNX8CWjt1oYbapHVydkzX5uU=; b=yNfP1R4w1cDoauNmKRG1Ia7bpQ52EhSNFYfuOi5FfDdkeQU2x7YKxkbRO15znDWrq3 3vfYyOblO+p+T+sWAdWPyoKRjlasxQYlDYi2g13y50QzEW74OibM8dImMjR4inRRzkx0 UUZnaZElj6PVmgZRMYP+MRmqu90cG1r7SGZkYA689SHvYGrlEKRQEFeBCrgxhPeSFpfh QbFeLLijMJ9gUkudfV/F1jc1prDceIGDYS1oqG7ICC+AzH/OcPhXh1LljaJBUzfktAqA ReausXxgDxdvA2bHN2vQ/Vf0QZq9TNMy1txLpsmjia+7zOUQVhSLSeXuaux795pDyc14 Sa7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=bkc231YK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h11-20020a170902b94b00b0014f40ac475bsi10728054pls.387.2022.03.01.00.42.04; Tue, 01 Mar 2022 00:42:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=bkc231YK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233153AbiCAHxm (ORCPT + 99 others); Tue, 1 Mar 2022 02:53:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233146AbiCAHxg (ORCPT ); Tue, 1 Mar 2022 02:53:36 -0500 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8120B4993A; Mon, 28 Feb 2022 23:52:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646121176; x=1677657176; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=+Vw5wNB9mnCSXJ5OZ/ACGbxYZxQnrMA3CaBRMyS6k+k=; b=bkc231YKkPE4fHIp1hYMnFLL0KjsxHkS4ZBIrhkcSHUAt8qYxdI5p9kR LDBKBMsDQgeQP/7DW2qNxJmFU863v9eDFfMQC43eqm8aByQc/T09Amvai aSGsvWUahsUAaf9PWCHEb4Nc8fz/Y1tCVaR33kFgEtRNkcRAh5Q38wun/ ZNTKyj8CICjKN7dfUWBKmka4dihjvqbM1xHUlQKlvfrUZWa2LAgkxBdB0 qN63WWMVJLG2gNKeCou75/wtZny1oH9P/9W8h9YEUtdSacY6FlCciOMzP me3AGvrL8TeDPMDFVzpirAkIKAmmFjzrJmmEvhIm6jM73Wqagkp0QLYIB w==; X-IronPort-AV: E=McAfee;i="6200,9189,10272"; a="233050339" X-IronPort-AV: E=Sophos;i="5.90,145,1643702400"; d="scan'208";a="233050339" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2022 23:52:56 -0800 X-IronPort-AV: E=Sophos;i="5.90,145,1643702400"; d="scan'208";a="550609480" Received: from gao-cwp.sh.intel.com (HELO gao-cwp) ([10.239.159.105]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2022 23:52:50 -0800 Date: Tue, 1 Mar 2022 16:03:46 +0800 From: Chao Gao To: Maxim Levitsky Cc: Zeng Guang , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, Dave Hansen , Tony Luck , Kan Liang , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Kim Phillips , Jarkko Sakkinen , Jethro Beekman , Kai Huang , x86@kernel.org, linux-kernel@vger.kernel.org, Robert Hu Subject: Re: [PATCH v6 6/9] KVM: x86: lapic: don't allow to change APIC ID unconditionally Message-ID: <20220301080345.GA31557@gao-cwp> References: <20220225082223.18288-1-guang.zeng@intel.com> <20220225082223.18288-7-guang.zeng@intel.com> <79f5ce60c65280f4fb7cba0ceedaca0ff5595c48.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <79f5ce60c65280f4fb7cba0ceedaca0ff5595c48.camel@redhat.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 25, 2022 at 04:46:31PM +0200, Maxim Levitsky wrote: >On Fri, 2022-02-25 at 16:22 +0800, Zeng Guang wrote: >> From: Maxim Levitsky >> >> No normal guest has any reason to change physical APIC IDs, and >> allowing this introduces bugs into APIC acceleration code. >> >> And Intel recent hardware just ignores writes to APIC_ID in >> xAPIC mode. More background can be found at: >> https://lore.kernel.org/lkml/Yfw5ddGNOnDqxMLs@google.com/ >> >> Looks there is no much value to support writable xAPIC ID in >> guest except supporting some old and crazy use cases which >> probably would fail on real hardware. So, make xAPIC ID >> read-only for KVM guests. >> >> Signed-off-by: Maxim Levitsky >> Signed-off-by: Zeng Guang > >Assuming that this is approved and accepted upstream, >that is even better that my proposal of doing this >when APICv is enabled. Sean & Paolo what's your opinion? Shall we make xAPIC ID read-only unconditionally or just when enable_apicv is enabled or use a parameter to control it as Sean suggested at https://lore.kernel.org/lkml/Yfw5ddGNOnDqxMLs@google.com/ Intel SDM Vol3 10.4.6 Local APID ID says: In MP systems, the local APIC ID is also used as a processor ID by the BIOS and the operating system. Some processors permit software to modify the APIC ID. However, the ability of software to modify the APIC ID is processor model specific. Because of this, operating system software should avoid writing to the local APIC ID register. So, we think it is fine to make xAPIC ID always read-only. Instead of supporting writable xAPIC ID in KVM guest, it may be better to fix software that modify local APIC ID. Intel IPI virtualization and AVIC are two cases that requires special handling if xAPIC ID is writable. But it doesn't worth the effort and is error-prone (e.g., AVIC is broken if guest changed its APIC ID). > >Since now apic id is always read only, now we should not >forget to clean up some parts of kvm like kvm_recalculate_apic_map, >which are not needed anymore. Do you mean marking apic_map as DIRTY isn't needed in some cases? Or some cleanup should be done inside kvm_recalculate_apic_map()? For the former, I think we can ... > >Best regards, > Maxim Levitsky > >> --- >> arch/x86/kvm/lapic.c | 25 ++++++++++++++++++------- >> 1 file changed, 18 insertions(+), 7 deletions(-) >> >> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c >> index e4bcdab1fac0..b38288c8a94f 100644 >> --- a/arch/x86/kvm/lapic.c >> +++ b/arch/x86/kvm/lapic.c >> @@ -2044,10 +2044,17 @@ static int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) >> >> switch (reg) { >> case APIC_ID: /* Local APIC ID */ >> - if (!apic_x2apic_mode(apic)) >> - kvm_apic_set_xapic_id(apic, val >> 24); >> - else >> + if (apic_x2apic_mode(apic)) { >> ret = 1; >> + break; >> + } >> + /* Don't allow changing APIC ID to avoid unexpected issues */ >> + if ((val >> 24) != apic->vcpu->vcpu_id) { >> + kvm_vm_bugged(apic->vcpu->kvm); >> + break; >> + } >> + >> + kvm_apic_set_xapic_id(apic, val >> 24); ... drop the kvm_apic_set_xapic_id().