Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp3573503pxm;
        Tue, 1 Mar 2022 00:42:19 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxnHnUymK0F5xY5Yu3QJ2Fh3pob/GQTD5A2Xc1fxOOi3nuO4/dVuBp9Xd59gW4D1tENV3FM
X-Received: by 2002:a17:903:310d:b0:151:6d4b:a274 with SMTP id w13-20020a170903310d00b001516d4ba274mr7797461plc.130.1646124139586;
        Tue, 01 Mar 2022 00:42:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1646124139; cv=none;
        d=google.com; s=arc-20160816;
        b=WqwYK2429x8Hlw0fEEqmzRe3N0KYfxr1nUPJsSxMuAe8PdUWbFqszm3DslnSgJSwc9
         0iNgiTGq2wYcOXU71OvDWmea01+DGF3fqLpDV7kTFtOqv+yrQQXZRX1LrwootqGnTv0K
         4U9axnWe8bDFFR6SMuyz47STXFBOk3gCbc1XosE/CezhJTUBkZLPHL8egqM4AifPlDD5
         ppoO6UzpTMWdL0TVXvDP9GPxdXL5lJ8YyUCGvLno9oiXxES81QDNf5Govf2k9y9oQD9h
         Fg6BdP23xsTEPaNULq8FtWnFtYrmTB0XDpp//l3VGmuhuwKrbNCZHAAzXHwX5yqFlaLs
         sqgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=XFU5hQGv5FIuesuyWQuKNX8CWjt1oYbapHVydkzX5uU=;
        b=yNfP1R4w1cDoauNmKRG1Ia7bpQ52EhSNFYfuOi5FfDdkeQU2x7YKxkbRO15znDWrq3
         3vfYyOblO+p+T+sWAdWPyoKRjlasxQYlDYi2g13y50QzEW74OibM8dImMjR4inRRzkx0
         UUZnaZElj6PVmgZRMYP+MRmqu90cG1r7SGZkYA689SHvYGrlEKRQEFeBCrgxhPeSFpfh
         QbFeLLijMJ9gUkudfV/F1jc1prDceIGDYS1oqG7ICC+AzH/OcPhXh1LljaJBUzfktAqA
         ReausXxgDxdvA2bHN2vQ/Vf0QZq9TNMy1txLpsmjia+7zOUQVhSLSeXuaux795pDyc14
         Sa7A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=bkc231YK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h11-20020a170902b94b00b0014f40ac475bsi10728054pls.387.2022.03.01.00.42.04;
        Tue, 01 Mar 2022 00:42:19 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=bkc231YK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233153AbiCAHxm (ORCPT <rfc822;anothersharkwizard@gmail.com>
        + 99 others); Tue, 1 Mar 2022 02:53:42 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58866 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233146AbiCAHxg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Mar 2022 02:53:36 -0500
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8120B4993A;
        Mon, 28 Feb 2022 23:52:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1646121176; x=1677657176;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=+Vw5wNB9mnCSXJ5OZ/ACGbxYZxQnrMA3CaBRMyS6k+k=;
  b=bkc231YKkPE4fHIp1hYMnFLL0KjsxHkS4ZBIrhkcSHUAt8qYxdI5p9kR
   LDBKBMsDQgeQP/7DW2qNxJmFU863v9eDFfMQC43eqm8aByQc/T09Amvai
   aSGsvWUahsUAaf9PWCHEb4Nc8fz/Y1tCVaR33kFgEtRNkcRAh5Q38wun/
   ZNTKyj8CICjKN7dfUWBKmka4dihjvqbM1xHUlQKlvfrUZWa2LAgkxBdB0
   qN63WWMVJLG2gNKeCou75/wtZny1oH9P/9W8h9YEUtdSacY6FlCciOMzP
   me3AGvrL8TeDPMDFVzpirAkIKAmmFjzrJmmEvhIm6jM73Wqagkp0QLYIB
   w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10272"; a="233050339"
X-IronPort-AV: E=Sophos;i="5.90,145,1643702400"; 
   d="scan'208";a="233050339"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2022 23:52:56 -0800
X-IronPort-AV: E=Sophos;i="5.90,145,1643702400"; 
   d="scan'208";a="550609480"
Received: from gao-cwp.sh.intel.com (HELO gao-cwp) ([10.239.159.105])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2022 23:52:50 -0800
Date:   Tue, 1 Mar 2022 16:03:46 +0800
From:   Chao Gao <chao.gao@intel.com>
To:     Maxim Levitsky <mlevitsk@redhat.com>
Cc:     Zeng Guang <guang.zeng@intel.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Tony Luck <tony.luck@intel.com>,
        Kan Liang <kan.liang@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Kim Phillips <kim.phillips@amd.com>,
        Jarkko Sakkinen <jarkko@kernel.org>,
        Jethro Beekman <jethro@fortanix.com>,
        Kai Huang <kai.huang@intel.com>, x86@kernel.org,
        linux-kernel@vger.kernel.org, Robert Hu <robert.hu@intel.com>
Subject: Re: [PATCH v6 6/9] KVM: x86: lapic: don't allow to change APIC ID
 unconditionally
Message-ID: <20220301080345.GA31557@gao-cwp>
References: <20220225082223.18288-1-guang.zeng@intel.com>
 <20220225082223.18288-7-guang.zeng@intel.com>
 <79f5ce60c65280f4fb7cba0ceedaca0ff5595c48.camel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <79f5ce60c65280f4fb7cba0ceedaca0ff5595c48.camel@redhat.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_PASS,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Feb 25, 2022 at 04:46:31PM +0200, Maxim Levitsky wrote:
>On Fri, 2022-02-25 at 16:22 +0800, Zeng Guang wrote:
>> From: Maxim Levitsky <mlevitsk@redhat.com>
>> 
>> No normal guest has any reason to change physical APIC IDs, and
>> allowing this introduces bugs into APIC acceleration code.
>> 
>> And Intel recent hardware just ignores writes to APIC_ID in
>> xAPIC mode. More background can be found at:
>> https://lore.kernel.org/lkml/Yfw5ddGNOnDqxMLs@google.com/
>> 
>> Looks there is no much value to support writable xAPIC ID in
>> guest except supporting some old and crazy use cases which
>> probably would fail on real hardware. So, make xAPIC ID
>> read-only for KVM guests.
>> 
>> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
>> Signed-off-by: Zeng Guang <guang.zeng@intel.com>
>
>Assuming that this is approved and accepted upstream,
>that is even better that my proposal of doing this
>when APICv is enabled.

Sean & Paolo

what's your opinion? Shall we make xAPIC ID read-only unconditionally
or just when enable_apicv is enabled or use a parameter to control
it as Sean suggested at

https://lore.kernel.org/lkml/Yfw5ddGNOnDqxMLs@google.com/

Intel SDM Vol3 10.4.6 Local APID ID says:

	In MP systems, the local APIC ID is also used as a processor ID by the
	BIOS and the operating system. Some processors permit software to
	modify the APIC ID. However, the ability of software to modify the APIC
	ID is processor model specific. Because of this, operating system
	software should avoid writing to the local APIC ID register.

So, we think it is fine to make xAPIC ID always read-only. Instead of
supporting writable xAPIC ID in KVM guest, it may be better to fix software
that modify local APIC ID.

Intel IPI virtualization and AVIC are two cases that requires special
handling if xAPIC ID is writable. But it doesn't worth the effort and
is error-prone (e.g., AVIC is broken if guest changed its APIC ID).

>
>Since now apic id is always read only, now we should not 
>forget to clean up some parts of kvm like kvm_recalculate_apic_map,
>which are not needed anymore.

Do you mean marking apic_map as DIRTY isn't needed in some cases?
Or some cleanup should be done inside kvm_recalculate_apic_map()?

For the former, I think we can ...

>
>Best regards,
>	Maxim Levitsky
>
>> ---
>>  arch/x86/kvm/lapic.c | 25 ++++++++++++++++++-------
>>  1 file changed, 18 insertions(+), 7 deletions(-)
>> 
>> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
>> index e4bcdab1fac0..b38288c8a94f 100644
>> --- a/arch/x86/kvm/lapic.c
>> +++ b/arch/x86/kvm/lapic.c
>> @@ -2044,10 +2044,17 @@ static int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
>>  
>>  	switch (reg) {
>>  	case APIC_ID:		/* Local APIC ID */
>> -		if (!apic_x2apic_mode(apic))
>> -			kvm_apic_set_xapic_id(apic, val >> 24);
>> -		else
>> +		if (apic_x2apic_mode(apic)) {
>>  			ret = 1;
>> +			break;
>> +		}
>> +		/* Don't allow changing APIC ID to avoid unexpected issues */
>> +		if ((val >> 24) != apic->vcpu->vcpu_id) {
>> +			kvm_vm_bugged(apic->vcpu->kvm);
>> +			break;
>> +		}
>> +
>> +		kvm_apic_set_xapic_id(apic, val >> 24);

... drop the kvm_apic_set_xapic_id().