Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4057350ioa; Tue, 26 Apr 2022 16:06:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyxnI1Ms2d2TnurSavPbYCwrRVjQ19GMEFwp/T7oDHykqwv0dZsxduDAB8puDUx6Q3c6wCQ X-Received: by 2002:a17:90b:1e08:b0:1d2:8bb4:f565 with SMTP id pg8-20020a17090b1e0800b001d28bb4f565mr40109980pjb.4.1651014402200; Tue, 26 Apr 2022 16:06:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651014402; cv=none; d=google.com; s=arc-20160816; b=hgYAsdN1EVX0Dm6TaFxg127w/vrKi+3AtjnEjEUCoaS0UzStTevZ+4oa0ndXefZlA5 Xq4dXd5UT+nUTBV4xa8q0iEB2ZWkuEr20F7mkSrnXADpHa6XWlOPDA+MxUe/3X/exBvu gFS7WDfSIXdpf+/G1Vvimty9HtHGzwly31dzPH79RA/SIJCxv2FEL/S1h/VPPfX9XezY fEaSEx29pPIAFKx45BPNLYHVy/zN6E7FaQf4iL5YxjxfATK/6Sn8k8DZe4UN//f85Fuf DillKLrvyZBu17dcxO39+m6Yh7LM9cLPKfeimcYlWIpzSnXgc19pfRYpIngOvKNzeKqj vK7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=JpgDYirKyTr2XWhE7BA+anKnE4hs+BFT4tkX2zlCWyM=; b=nVVSIGAw8brknZbMi2a6eYwtcoZZUMk9OkJOTKLvteWo3FS8XizsabuQXB3x51C2aw WT6K8gTfpHoMgM9/XMbDK4ZehPlCkeO0aMO7bd7l8a2/0N0w9aKeJf49WQNMhWi0Ma8S /c8JsSppmysR4tA8hhMY5B20XiFpgFp28HFEduB3oDkz83LmcjrJebI3iEdjuraYWYI1 ors0iE2J0yeW2DBOw0so0iwPqOAAm28/upCm0J1aOrQNS1HH/KkzArXDywmhisnxrSVk 24jxFLAyZVRaTzsuyrzWdq+TLioGh9iwGEdYnZf4sRmG52hozsobaFatFK36PmJAb0X3 gSBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="KuLWnI/5"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c1-20020a170902aa4100b00153b2d165bdsi8019040plr.453.2022.04.26.16.06.24; Tue, 26 Apr 2022 16:06:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="KuLWnI/5"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347437AbiDZJUG (ORCPT + 99 others); Tue, 26 Apr 2022 05:20:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345546AbiDZI4h (ORCPT ); Tue, 26 Apr 2022 04:56:37 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A933DC5BE; Tue, 26 Apr 2022 01:41:19 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 233D6604F5; Tue, 26 Apr 2022 08:41:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 342F3C385A4; Tue, 26 Apr 2022 08:41:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1650962478; bh=YqHERyHUxwYJs79q5FsoWblJusq3+OePBnS0nEGGnn8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KuLWnI/5V1u7RqUfKysiocBEn6GP4rTbcyyEtOqJeogjupl9bezgPMkUWbC3zR9n1 omxhhONQftOi4osRhXb2ZGW4egplsPCYdiYTHttP4qfsk0jzhQCj4Hdi3L1uPtwuBA Oi6gJMcwM4veg5UFjQ4Hcrrt5n+UGjkOLbc9rmC8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sean Christopherson , Paolo Bonzini Subject: [PATCH 5.15 109/124] KVM: nVMX: Defer APICv updates while L2 is active until L1 is active Date: Tue, 26 Apr 2022 10:21:50 +0200 Message-Id: <20220426081750.393843374@linuxfoundation.org> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220426081747.286685339@linuxfoundation.org> References: <20220426081747.286685339@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson commit 7c69661e225cc484fbf44a0b99b56714a5241ae3 upstream. Defer APICv updates that occur while L2 is active until nested VM-Exit, i.e. until L1 regains control. vmx_refresh_apicv_exec_ctrl() assumes L1 is active and (a) stomps all over vmcs02 and (b) neglects to ever updated vmcs01. E.g. if vmcs12 doesn't enable the TPR shadow for L2 (and thus no APICv controls), L1 performs nested VM-Enter APICv inhibited, and APICv becomes unhibited while L2 is active, KVM will set various APICv controls in vmcs02 and trigger a failed VM-Entry. The kicker is that, unless running with nested_early_check=1, KVM blames L1 and chaos ensues. In all cases, ignoring vmcs02 and always deferring the inhibition change to vmcs01 is correct (or at least acceptable). The ABSENT and DISABLE inhibitions cannot truly change while L2 is active (see below). IRQ_BLOCKING can change, but it is firmly a best effort debug feature. Furthermore, only L2's APIC is accelerated/virtualized to the full extent possible, e.g. even if L1 passes through its APIC to L2, normal MMIO/MSR interception will apply to the virtual APIC managed by KVM. The exception is the SELF_IPI register when x2APIC is enabled, but that's an acceptable hole. Lastly, Hyper-V's Auto EOI can technically be toggled if L1 exposes the MSRs to L2, but for that to work in any sane capacity, L1 would need to pass through IRQs to L2 as well, and IRQs must be intercepted to enable virtual interrupt delivery. I.e. exposing Auto EOI to L2 and enabling VID for L2 are, for all intents and purposes, mutually exclusive. Lack of dynamic toggling is also why this scenario is all but impossible to encounter in KVM's current form. But a future patch will pend an APICv update request _during_ vCPU creation to plug a race where a vCPU that's being created doesn't get included in the "all vCPUs request" because it's not yet visible to other vCPUs. If userspaces restores L2 after VM creation (hello, KVM selftests), the first KVM_RUN will occur while L2 is active and thus service the APICv update request made during VM creation. Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson Message-Id: <20220420013732.3308816-3-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/kvm/vmx/nested.c | 5 +++++ arch/x86/kvm/vmx/vmx.c | 5 +++++ arch/x86/kvm/vmx/vmx.h | 1 + 3 files changed, 11 insertions(+) --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4601,6 +4601,11 @@ void nested_vmx_vmexit(struct kvm_vcpu * kvm_make_request(KVM_REQ_APIC_PAGE_RELOAD, vcpu); } + if (vmx->nested.update_vmcs01_apicv_status) { + vmx->nested.update_vmcs01_apicv_status = false; + kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); + } + if ((vm_exit_reason != -1) && (enable_shadow_vmcs || evmptr_is_valid(vmx->nested.hv_evmcs_vmptr))) vmx->nested.need_vmcs12_to_shadow_sync = true; --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4098,6 +4098,11 @@ static void vmx_refresh_apicv_exec_ctrl( { struct vcpu_vmx *vmx = to_vmx(vcpu); + if (is_guest_mode(vcpu)) { + vmx->nested.update_vmcs01_apicv_status = true; + return; + } + pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx)); if (cpu_has_secondary_exec_ctrls()) { if (kvm_vcpu_apicv_active(vcpu)) --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -164,6 +164,7 @@ struct nested_vmx { bool change_vmcs01_virtual_apic_mode; bool reload_vmcs01_apic_access_page; bool update_vmcs01_cpu_dirty_logging; + bool update_vmcs01_apicv_status; /* * Enlightened VMCS has been enabled. It does not mean that L1 has to