Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Message-ID: <3f0a9c9782b90e882da1229c00241da8cef89b21.camel@redhat.com>
Subject: Re: [PATCH v2 11/12] KVM: SVM: Do not inhibit APICv when x2APIC is
 present
From:   Maxim Levitsky <mlevitsk@redhat.com>
To:     Sean Christopherson <seanjc@google.com>
Cc:     Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        pbonzini@redhat.com, joro@8bytes.org, jon.grimm@amd.com,
        wei.huang2@amd.com, terry.bowman@amd.com
Date:   Sun, 01 May 2022 09:49:57 +0300
In-Reply-To: <YmwZxAWJ8KqHodbf@google.com>
References: <20220412115822.14351-1-suravee.suthikulpanit@amd.com>
         <20220412115822.14351-12-suravee.suthikulpanit@amd.com>
         <3fd0aabb6288a5703760da854fd6b09a485a2d69.camel@redhat.com>
         <01460b72-1189-fef1-9718-816f2f658d42@amd.com>
         <b9ee5f62e904a690d7e2d8837ade8ece7e24a359.camel@redhat.com>
         <41b1e63ad6e45be019bbedc93bd18cfcb9475b06.camel@redhat.com>
         <YmwZxAWJ8KqHodbf@google.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: bulk

On Fri, 2022-04-29 at 17:00 +0000, Sean Christopherson wrote:
> On Tue, Apr 26, 2022, Maxim Levitsky wrote:
> > On Tue, 2022-04-26 at 10:06 +0300, Maxim Levitsky wrote:
> > BTW, can I ask you to check something on the AMD side of things of AVIC?
> > 
> > I noticed that AMD's manual states that:
> > 
> > "Multiprocessor VM requirements. When running a VM which has multiple virtual CPUs, and the
> > VMM runs a virtual CPU on a core which had last run a different virtual CPU from the same VM,
> > regardless of the respective ASID values, care must be taken to flush the TLB on the VMRUN using a
> > TLB_CONTROL value of 3h. Failure to do so may result in stale mappings misdirecting virtual APIC
> > accesses to the previous virtual CPU's APIC backing page."
> > 
> > It it relevant to KVM? I don't fully understand why it was mentioned that ASID doesn't matter,
> > what makes it special about 'virtual CPU from the same VM' if ASID doesn't matter? 
> 
> I believe it's calling out that, because vCPUs from the same VM likely share an ASID,
> the magic TLB entry for the APIC-access page, which redirects to the virtual APIC page,
> will be preserved.  And so if the hypervisor doesn't flush the ASID/TLB, accelerated
> xAPIC accesses for the new vCPU will go to the previous vCPU's virtual APIC page.

This is what I want to think as well, but the manual says explicitly 
"regardless of the respective ASID values"

On the face value of it, the only logical way to read this IMHO,
is that every time apic backing page is changed, we need to issue a TLB flush.

Best regards,
	Maxim Levitsky

> 
> Intel has the same requirement, though this specific scenario isn't as well documented.
> E.g. even if using EPT and VPID, the EPT still needs to be invalidated because the
> TLB can cache guest-physical mappings, which are not associated with a VPID.
> 
> Huh.  I was going to say that KVM does the necessary flushes in vmx_vcpu_load_vmcs()
> and pre_svm_run(), but I don't think that's true.  KVM flushes if the _new_ VMCS/VMCB
> is being migrated to a different pCPU, but neither VMX nor SVM flush when switching
> between vCPUs that are both "loaded" on the current pCPU.
> 
> Switching between vmcs01 and vmcs02 is ok, because KVM always forces a different
> EPTP, even if L1 is using shadow paging (the guest_mode bit in the role prevents
> reusing a root).  nSVM is "ok" because it flushes on every transition anyways.
>