Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3314999imw;
        Mon, 18 Jul 2022 06:06:02 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1vbqpHySwwbpsa6gQCM9g7ebiQf9QgHPobK1BD0jdSvaRZ7/B5aeOwBgGgruOrqm3It4ctI
X-Received: by 2002:a17:903:247:b0:16c:5017:9ad4 with SMTP id j7-20020a170903024700b0016c50179ad4mr29382465plh.115.1658149562519;
        Mon, 18 Jul 2022 06:06:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658149562; cv=none;
        d=google.com; s=arc-20160816;
        b=SVaZLltwL6oWaXbI3X/3evSwDgy5mpQVMkjQAnaYg2+NJMpWFI6Wb8k0+Aw1zSb0mm
         1nDSKnpjlEE/weXwfNSdLtSiGEIn5WRb2IoKXqS9m99dmMKdbtStJK4jdVMKgO+PXv37
         I/f09aRU6CUpuVhdksp3HBWo52In2cNzvSQzFN3q3z/yxPqTY1Hp+FogPEtzlfnDA+le
         cRd5j1AdSdJc5wYQ5qcg38Nybol1amV1ZlV0hOg1GvC5C/Oe08zAEylOpUC8aCLc6s9f
         l5vfO1e2XqgWr4ksfvmleDp29botKmx9O9ufmNbWlqmUm71IRw11h+uT6MkGVP3AeD5J
         ftSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=YzFKckXhA5GYIysBuY0PrHqaWag3B2/+v6zDfahY5Aw=;
        b=N3pcrYlxuT6eKS090ttdwsvPngGDPBXdplAKFghCVNTjf8Uv7e+V9GZ7fgpZ9JywAw
         tplM1q/yYFcutFr3eX7lZc6Rdbu6DzxtHGMKmkWddm2oq3gMpmBJz6W+UVJeQ9yieqWh
         XjoV2CK+q/Yq5qQlYeR9i22oTv4Ze43L98zTu0jXyiAyOL8s7+fOg7rJ1ld7/ws+H+Pm
         4G8hIQQs7qPdHQgtbf9n7Jbb92RGzPQxK2kIDLHZxE0c2YtB7d8/Qga5YV9eF/e9CmqI
         Ui/wB7/7gpQhbxM/rQhGLdnBT7Db2gpXMrluqP6jWD1UncXZa0Dsi6C8lIrwbTmtS5q+
         tzRA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="TSynr/AE";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id r12-20020a17090a2e8c00b001f14535e904si9513880pjd.147.2022.07.18.06.05.46;
        Mon, 18 Jul 2022 06:06:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="TSynr/AE";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235215AbiGRNEa (ORCPT <rfc822;algowarbles@gmail.com>
        + 99 others); Mon, 18 Jul 2022 09:04:30 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55096 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235207AbiGRNE2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Jul 2022 09:04:28 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 484576155
        for <linux-kernel@vger.kernel.org>; Mon, 18 Jul 2022 06:04:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1658149465;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=YzFKckXhA5GYIysBuY0PrHqaWag3B2/+v6zDfahY5Aw=;
        b=TSynr/AE4SaYvG1XbVM1gHldjUkzxTdjrPL2Qjxaqf08ZV6/V1berm1dAJw1K+nYj909OE
        2agK3QfaPCihrWboqjRg9Mof5YJzFeXFInw1+jubiKD2vZ9Thn2fZmVlXAulb7u1TrQdnk
        uxeDcMXQlDUTV/6255YKro4gg1NkF5k=
Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com
 [209.85.219.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-327-GWR_kdFMNG-5AzSEOhr45w-1; Mon, 18 Jul 2022 09:04:24 -0400
X-MC-Unique: GWR_kdFMNG-5AzSEOhr45w-1
Received: by mail-qv1-f72.google.com with SMTP id ln2-20020a0562145a8200b0047301e9bc53so5409602qvb.3
        for <linux-kernel@vger.kernel.org>; Mon, 18 Jul 2022 06:04:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
         :references:user-agent:mime-version:content-transfer-encoding;
        bh=YzFKckXhA5GYIysBuY0PrHqaWag3B2/+v6zDfahY5Aw=;
        b=5HTNi639jOQ2ScL6Ob7pQKiUK4o2LcO2yBqccJF5vA5Zmvu+C7IMUaVmqsQFbmxoTF
         1rIU6RLW1VA0+muYwft4g2GAM7E2XWQpS/NggBXRYklzGn0bIfqry5UGweSbHvI2aUyo
         bRWVw5yWIcrPiDztrAgSDzAzFTLAgPErPaQStx+8VC5jN2e0g/ZWcyWSdh6hKWmRjXwp
         2D0ENZivc/B1BF3KSLiOez9vjT1QZrlwRWuRPHNT4bGr061wtgWi15T7A7kBbceXVD4G
         jlZOLpfOk6SU6qXJ5BC34qG1b8B3UMzQOaR39/gS4v3Stq8v+R73xezsKI6utQOBZLX4
         v9vA==
X-Gm-Message-State: AJIora8h6RTOBvoO0c5yZg+d8yIkhrzMMkSxzaNBIrMHnBno6AQiF/87
        R4BpbtK/wkdIVvk9kZMbA73I6dBMidlaFALZpDLKqJPU60wqBxSVQAp4CL6TMnslIcKrBNeEg1R
        8peDa6jR+hihboWEvLo6tR/Wa
X-Received: by 2002:ac8:5d94:0:b0:31e:ed4b:2ce2 with SMTP id d20-20020ac85d94000000b0031eed4b2ce2mr3797484qtx.139.1658149463667;
        Mon, 18 Jul 2022 06:04:23 -0700 (PDT)
X-Received: by 2002:ac8:5d94:0:b0:31e:ed4b:2ce2 with SMTP id d20-20020ac85d94000000b0031eed4b2ce2mr3797460qtx.139.1658149463401;
        Mon, 18 Jul 2022 06:04:23 -0700 (PDT)
Received: from [10.35.4.238] (bzq-82-81-161-50.red.bezeqint.net. [82.81.161.50])
        by smtp.gmail.com with ESMTPSA id ay17-20020a05620a179100b006b5d3a6f1e1sm7988913qkb.0.2022.07.18.06.04.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 18 Jul 2022 06:04:22 -0700 (PDT)
Message-ID: <261f60dfe9813e612bfb30b6f271a68b9e877408.camel@redhat.com>
Subject: Re: [PATCH v2 09/24] KVM: nVMX: Unconditionally clear mtf_pending
 on nested VM-Exit
From:   Maxim Levitsky <mlevitsk@redhat.com>
To:     Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Jim Mattson <jmattson@google.com>,
        Oliver Upton <oupton@google.com>,
        Peter Shier <pshier@google.com>
Date:   Mon, 18 Jul 2022 16:04:19 +0300
In-Reply-To: <20220715204226.3655170-10-seanjc@google.com>
References: <20220715204226.3655170-1-seanjc@google.com>
         <20220715204226.3655170-10-seanjc@google.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.40.4 (3.40.4-5.fc34) 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 2022-07-15 at 20:42 +0000, Sean Christopherson wrote:
> Clear mtf_pending on nested VM-Exit instead of handling the clear on a
> case-by-case basis in vmx_check_nested_events().  The pending MTF should
> never survive nested VM-Exit, as it is a property of KVM's run of the
> current L2, i.e. should never affect the next L2 run by L1.  In practice,
> this is likely a nop as getting to L1 with nested_run_pending is
> impossible, and KVM doesn't correctly handle morphing a pending exception
> that occurs on a prior injected exception (need for re-injected exception
> being the other case where MTF isn't cleared).  However, KVM will
> hopefully soon correctly deal with a pending exception on top of an
> injected exception.
> 
> Add a TODO to document that KVM has an inversion priority bug between
> SMIs and MTF (and trap-like #DBS), and that KVM also doesn't properly
> save/restore MTF across SMI/RSM.
> 
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
>  arch/x86/kvm/vmx/nested.c | 21 ++++++++++++---------
>  1 file changed, 12 insertions(+), 9 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 104f233ddd5d..a85f31cee149 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -3898,16 +3898,8 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu)
>         unsigned long exit_qual;
>         bool block_nested_events =
>             vmx->nested.nested_run_pending || kvm_event_needs_reinjection(vcpu);
> -       bool mtf_pending = vmx->nested.mtf_pending;
>         struct kvm_lapic *apic = vcpu->arch.apic;
>  
> -       /*
> -        * Clear the MTF state. If a higher priority VM-exit is delivered first,
> -        * this state is discarded.
> -        */
> -       if (!block_nested_events)
> -               vmx->nested.mtf_pending = false;
> -
>         if (lapic_in_kernel(vcpu) &&
>                 test_bit(KVM_APIC_INIT, &apic->pending_events)) {
>                 if (block_nested_events)
> @@ -3916,6 +3908,9 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu)
>                 clear_bit(KVM_APIC_INIT, &apic->pending_events);
>                 if (vcpu->arch.mp_state != KVM_MP_STATE_INIT_RECEIVED)
>                         nested_vmx_vmexit(vcpu, EXIT_REASON_INIT_SIGNAL, 0, 0);
> +
> +               /* MTF is discarded if the vCPU is in WFS. */
> +               vmx->nested.mtf_pending = false;
>                 return 0;
>         }
>  
> @@ -3938,6 +3933,11 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu)
>          * fault-like exceptions, TSS T flag #DB (not emulated by KVM, but
>          * could theoretically come in from userspace), and ICEBP (INT1).
>          *
> +        * TODO: SMIs have higher priority than MTF and trap-like #DBs (except
> +        * for TSS T flag #DBs).  KVM also doesn't save/restore pending MTF
> +        * across SMI/RSM as it should; that needs to be addressed in order to
> +        * prioritize SMI over MTF and trap-like #DBs.

Thanks, makes sense.

Best regards,
	Maxim Levitsky
> +        *
>          * Note that only a pending nested run can block a pending exception.
>          * Otherwise an injected NMI/interrupt should either be
>          * lost or delivered to the nested hypervisor in the IDT_VECTORING_INFO,
> @@ -3953,7 +3953,7 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu)
>                 return 0;
>         }
>  
> -       if (mtf_pending) {
> +       if (vmx->nested.mtf_pending) {
>                 if (block_nested_events)
>                         return -EBUSY;
>                 nested_vmx_update_pending_dbg(vcpu);
> @@ -4549,6 +4549,9 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
>         struct vcpu_vmx *vmx = to_vmx(vcpu);
>         struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
>  
> +       /* Pending MTF traps are discarded on VM-Exit. */
> +       vmx->nested.mtf_pending = false;
> +
>         /* trying to cancel vmlaunch/vmresume is a bug */
>         WARN_ON_ONCE(vmx->nested.nested_run_pending);
>