Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4057350ioa;
        Tue, 26 Apr 2022 16:06:42 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyxnI1Ms2d2TnurSavPbYCwrRVjQ19GMEFwp/T7oDHykqwv0dZsxduDAB8puDUx6Q3c6wCQ
X-Received: by 2002:a17:90b:1e08:b0:1d2:8bb4:f565 with SMTP id pg8-20020a17090b1e0800b001d28bb4f565mr40109980pjb.4.1651014402200;
        Tue, 26 Apr 2022 16:06:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651014402; cv=none;
        d=google.com; s=arc-20160816;
        b=hgYAsdN1EVX0Dm6TaFxg127w/vrKi+3AtjnEjEUCoaS0UzStTevZ+4oa0ndXefZlA5
         Xq4dXd5UT+nUTBV4xa8q0iEB2ZWkuEr20F7mkSrnXADpHa6XWlOPDA+MxUe/3X/exBvu
         gFS7WDfSIXdpf+/G1Vvimty9HtHGzwly31dzPH79RA/SIJCxv2FEL/S1h/VPPfX9XezY
         fEaSEx29pPIAFKx45BPNLYHVy/zN6E7FaQf4iL5YxjxfATK/6Sn8k8DZe4UN//f85Fuf
         DillKLrvyZBu17dcxO39+m6Yh7LM9cLPKfeimcYlWIpzSnXgc19pfRYpIngOvKNzeKqj
         vK7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=JpgDYirKyTr2XWhE7BA+anKnE4hs+BFT4tkX2zlCWyM=;
        b=nVVSIGAw8brknZbMi2a6eYwtcoZZUMk9OkJOTKLvteWo3FS8XizsabuQXB3x51C2aw
         WT6K8gTfpHoMgM9/XMbDK4ZehPlCkeO0aMO7bd7l8a2/0N0w9aKeJf49WQNMhWi0Ma8S
         /c8JsSppmysR4tA8hhMY5B20XiFpgFp28HFEduB3oDkz83LmcjrJebI3iEdjuraYWYI1
         ors0iE2J0yeW2DBOw0so0iwPqOAAm28/upCm0J1aOrQNS1HH/KkzArXDywmhisnxrSVk
         24jxFLAyZVRaTzsuyrzWdq+TLioGh9iwGEdYnZf4sRmG52hozsobaFatFK36PmJAb0X3
         gSBQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="KuLWnI/5";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id c1-20020a170902aa4100b00153b2d165bdsi8019040plr.453.2022.04.26.16.06.24;
        Tue, 26 Apr 2022 16:06:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="KuLWnI/5";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1347437AbiDZJUG (ORCPT <rfc822;andre.cachopas@gmail.com>
        + 99 others); Tue, 26 Apr 2022 05:20:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56196 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1345546AbiDZI4h (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Apr 2022 04:56:37 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A933DC5BE;
        Tue, 26 Apr 2022 01:41:19 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 233D6604F5;
        Tue, 26 Apr 2022 08:41:19 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 342F3C385A4;
        Tue, 26 Apr 2022 08:41:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1650962478;
        bh=YqHERyHUxwYJs79q5FsoWblJusq3+OePBnS0nEGGnn8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=KuLWnI/5V1u7RqUfKysiocBEn6GP4rTbcyyEtOqJeogjupl9bezgPMkUWbC3zR9n1
         omxhhONQftOi4osRhXb2ZGW4egplsPCYdiYTHttP4qfsk0jzhQCj4Hdi3L1uPtwuBA
         Oi6gJMcwM4veg5UFjQ4Hcrrt5n+UGjkOLbc9rmC8=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH 5.15 109/124] KVM: nVMX: Defer APICv updates while L2 is active until L1 is active
Date:   Tue, 26 Apr 2022 10:21:50 +0200
Message-Id: <20220426081750.393843374@linuxfoundation.org>
X-Mailer: git-send-email 2.36.0
In-Reply-To: <20220426081747.286685339@linuxfoundation.org>
References: <20220426081747.286685339@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sean Christopherson <seanjc@google.com>

commit 7c69661e225cc484fbf44a0b99b56714a5241ae3 upstream.

Defer APICv updates that occur while L2 is active until nested VM-Exit,
i.e. until L1 regains control.  vmx_refresh_apicv_exec_ctrl() assumes L1
is active and (a) stomps all over vmcs02 and (b) neglects to ever updated
vmcs01.  E.g. if vmcs12 doesn't enable the TPR shadow for L2 (and thus no
APICv controls), L1 performs nested VM-Enter APICv inhibited, and APICv
becomes unhibited while L2 is active, KVM will set various APICv controls
in vmcs02 and trigger a failed VM-Entry.  The kicker is that, unless
running with nested_early_check=1, KVM blames L1 and chaos ensues.

In all cases, ignoring vmcs02 and always deferring the inhibition change
to vmcs01 is correct (or at least acceptable).  The ABSENT and DISABLE
inhibitions cannot truly change while L2 is active (see below).

IRQ_BLOCKING can change, but it is firmly a best effort debug feature.
Furthermore, only L2's APIC is accelerated/virtualized to the full extent
possible, e.g. even if L1 passes through its APIC to L2, normal MMIO/MSR
interception will apply to the virtual APIC managed by KVM.
The exception is the SELF_IPI register when x2APIC is enabled, but that's
an acceptable hole.

Lastly, Hyper-V's Auto EOI can technically be toggled if L1 exposes the
MSRs to L2, but for that to work in any sane capacity, L1 would need to
pass through IRQs to L2 as well, and IRQs must be intercepted to enable
virtual interrupt delivery.  I.e. exposing Auto EOI to L2 and enabling
VID for L2 are, for all intents and purposes, mutually exclusive.

Lack of dynamic toggling is also why this scenario is all but impossible
to encounter in KVM's current form.  But a future patch will pend an
APICv update request _during_ vCPU creation to plug a race where a vCPU
that's being created doesn't get included in the "all vCPUs request"
because it's not yet visible to other vCPUs.  If userspaces restores L2
after VM creation (hello, KVM selftests), the first KVM_RUN will occur
while L2 is active and thus service the APICv update request made during
VM creation.

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220420013732.3308816-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/vmx/nested.c |    5 +++++
 arch/x86/kvm/vmx/vmx.c    |    5 +++++
 arch/x86/kvm/vmx/vmx.h    |    1 +
 3 files changed, 11 insertions(+)

--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4601,6 +4601,11 @@ void nested_vmx_vmexit(struct kvm_vcpu *
 		kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu);
 	}
 
+	if (vmx->nested.update_vmcs01_apicv_status) {
+		vmx->nested.update_vmcs01_apicv_status = false;
+		kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu);
+	}
+
 	if ((vm_exit_reason != -1) &&
 	    (enable_shadow_vmcs || evmptr_is_valid(vmx->nested.hv_evmcs_vmptr)))
 		vmx->nested.need_vmcs12_to_shadow_sync = true;
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -4098,6 +4098,11 @@ static void vmx_refresh_apicv_exec_ctrl(
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
 
+	if (is_guest_mode(vcpu)) {
+		vmx->nested.update_vmcs01_apicv_status = true;
+		return;
+	}
+
 	pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx));
 	if (cpu_has_secondary_exec_ctrls()) {
 		if (kvm_vcpu_apicv_active(vcpu))
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -164,6 +164,7 @@ struct nested_vmx {
 	bool change_vmcs01_virtual_apic_mode;
 	bool reload_vmcs01_apic_access_page;
 	bool update_vmcs01_cpu_dirty_logging;
+	bool update_vmcs01_apicv_status;
 
 	/*
 	 * Enlightened VMCS has been enabled. It does not mean that L1 has to