Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp516220imi;
        Thu, 21 Jul 2022 05:54:56 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1uEd6ViYZhHzWaiTN2ZtfgiyYBYAgvgHP58Blv+1Aa2sbbPIwa7gkHaFkoUi3bjPcfLIWLZ
X-Received: by 2002:a4a:ac89:0:b0:42c:7331:a110 with SMTP id b9-20020a4aac89000000b0042c7331a110mr14993948oon.40.1658408095852;
        Thu, 21 Jul 2022 05:54:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658408095; cv=none;
        d=google.com; s=arc-20160816;
        b=fH+5oh0jtN7UsIG4OLCF/jwbKKOVYGhC7kUpYAnsCVHAwOqhrcyo4easinIS8rzK1R
         06h5Fu2aoQZrPbEw0v2Q+5bspNMRz8rijDBaqleovMZK1GXuchSVJ/dPZWDFoeErI6hL
         eZkHGPa3x1Jmm+DA+Vq44dWyuYg+M4wLh/qIVXBJv1c4Ws3vcBaxrwaVeBjjv/UZRFgx
         dqVqONP/AiHAqbxuCKECTy8jYRzGQnHh5RXPO6eH7Sf96UhQ67DRnsO3QvAigW+4Z4ub
         CFpMNAvmkfWQdGnmORObyWEJlGZMWtkAL5dMvk/VvX7aza2Uma0gdPinb3CovEVyu4Q+
         ejmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=8+OSAHFKj8ZkhrxUMotDyCGFpaPNNUdkm2ihrb2xFQE=;
        b=gU+kZ3FKscUsWi6B4XG+W712X6lszFllO/4VCDhJra0Uww3ZsB+HCMrUTYHqXH/7MV
         PGTfO+wRWj8oNzPPgo3mGGs5vE3hyfh+f+dF30AYF+Siz7/0wG7eceSaQbUDHjoOxJee
         KG4TFWGCeEMiwoBDfIU4eeKVu6pKm88WVScrBEahceAh1dbPmgXTNPZvoc5BpkjetZPt
         P3OKoHSANZDpLnpRgRDqKRCzOwN7SWdbL1mVuIkvP0lKl2soHgCkDwfLQHVAff4DGcaB
         9ypWsHdCUOEPCypm1Y631c49WvAG/RSfKSQv+ppjlhmLXRCDAme5PFBsAA7bcHSfVS5U
         FTFg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="N/BK4G6g";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id k23-20020a056870959700b00101bd9bd718si1809717oao.232.2022.07.21.05.54.42;
        Thu, 21 Jul 2022 05:54:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="N/BK4G6g";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233459AbiGUMGA (ORCPT <rfc822;algowarbles@gmail.com>
        + 99 others); Thu, 21 Jul 2022 08:06:00 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47088 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232969AbiGUMF6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 21 Jul 2022 08:05:58 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2BEFB18B04
        for <linux-kernel@vger.kernel.org>; Thu, 21 Jul 2022 05:05:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1658405156;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=8+OSAHFKj8ZkhrxUMotDyCGFpaPNNUdkm2ihrb2xFQE=;
        b=N/BK4G6g3xwo0IlEEW9qq7LtSVrcl7S4FR+RgBegLHPpYMPj4fjFX+Gq/Ujgxi3iBaSzjR
        zKxb+n8JLmjIzay+HIBgOwaCR/MBlYxWpDV1/9w6EIMRTXhN4tLtOIuR8HfSx3DD466eXU
        crCkeLL2YBmwsI71VfFWxUqhMv2H7qo=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-43-cPk2_nM5PySQjQgILGmMhA-1; Thu, 21 Jul 2022 08:05:53 -0400
X-MC-Unique: cPk2_nM5PySQjQgILGmMhA-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id AE27C3801F55;
        Thu, 21 Jul 2022 12:05:52 +0000 (UTC)
Received: from starship (unknown [10.40.192.46])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 6B229492C3B;
        Thu, 21 Jul 2022 12:05:50 +0000 (UTC)
Message-ID: <c5acc3ac2aec4b98f9211ca3f4100c358bf2f460.camel@redhat.com>
Subject: Re: [PATCHv2 4/7] KVM: SVM: Report NMI not allowed when Guest busy
 handling VNMI
From:   Maxim Levitsky <mlevitsk@redhat.com>
To:     Sean Christopherson <seanjc@google.com>,
        Santosh Shukla <santosh.shukla@amd.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>,
        Tom Lendacky <thomas.lendacky@amd.com>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org
Date:   Thu, 21 Jul 2022 15:05:49 +0300
In-Reply-To: <Yth5hl+RlTaa5ybj@google.com>
References: <20220709134230.2397-1-santosh.shukla@amd.com>
         <20220709134230.2397-5-santosh.shukla@amd.com>
         <Yth5hl+RlTaa5ybj@google.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9
X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2022-07-20 at 21:54 +0000, Sean Christopherson wrote:
> On Sat, Jul 09, 2022, Santosh Shukla wrote:
> > In the VNMI case, Report NMI is not allowed when the processor set the
> > V_NMI_MASK to 1 which means the Guest is busy handling VNMI.
> > 
> > Signed-off-by: Santosh Shukla <santosh.shukla@amd.com>
> > ---
> > v2:
> > - Moved vnmi check after is_guest_mode() in func _nmi_blocked().
> > - Removed is_vnmi_mask_set check from _enable_nmi_window().
> > as it was a redundent check.
> > 
> >  arch/x86/kvm/svm/svm.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> > index 3574e804d757..44c1f2317b45 100644
> > --- a/arch/x86/kvm/svm/svm.c
> > +++ b/arch/x86/kvm/svm/svm.c
> > @@ -3480,6 +3480,9 @@ bool svm_nmi_blocked(struct kvm_vcpu *vcpu)
> >  	if (is_guest_mode(vcpu) && nested_exit_on_nmi(svm))
> >  		return false;
> >  
> > +	if (is_vnmi_enabled(svm) && is_vnmi_mask_set(svm))
> > +		return true;
> > +
> >  	ret = (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) ||
> >  	      (vcpu->arch.hflags & HF_NMI_MASK);
> >  
> > @@ -3609,6 +3612,9 @@ static void svm_enable_nmi_window(struct kvm_vcpu *vcpu)
> >  {
> >  	struct vcpu_svm *svm = to_svm(vcpu);
> >  
> > +	if (is_vnmi_enabled(svm))
> > +		return;
> 
> Ugh, is there really no way to trigger an exit when NMIs become unmasked?  Because
> if there isn't, this is broken for KVM.
> 
> On bare metal, if two NMIs arrive "simultaneously", so long as NMIs aren't blocked,
> the first NMI will be delivered and the second will be pended, i.e. software will
> see both NMIs.  And if that doesn't hold true, the window for a true collision is
> really, really tiny.
> 
> But in KVM, because a vCPU may not be run a long duration, that window becomes
> very large.  To not drop NMIs and more faithfully emulate hardware, KVM allows two
> NMIs to be _pending_.  And when that happens, KVM needs to trigger an exit when
> NMIs become unmasked _after_ the first NMI is injected.


This is how I see this:

- When a NMI arrives and neither NMI is injected (V_NMI_PENDING) nor in service (V_NMI_MASK)
  then all it is needed to inject the NMI will be to set the V_NMI_PENDING bit and do VM entry.

- If V_NMI_PENDING is set but not V_NMI_MASK, and another NMI arrives we can make the
  svm_nmi_allowed return -EBUSY which will cause immediate VM exit,

  and if hopefully vNMI takes priority over the fake interrupt we raise, it will be injected,
  and upon immediate VM exit we can inject another NMI by setting the V_NMI_PENDING again,
  and later when the guest is done with first NMI, it will take the second.

  Of course if we get a nested exception, then it will be fun....

  (the patches don't do it (causing immediate VM exit), 
  but I think we should make the svm_nmi_allowed, check for the case for 
  V_NMI_PENDING && !V_NMI_MASK and make it return -EBUSY).


- If both V_NMI_PENDING and V_NMI_MASK are set, then I guess we lose an NMI.
 (It means that the guest is handling an NMI, there is a pending NMI, and now
 another NMI arrived)

 Sean, this is the problem you mention, right?

Best regards,
	Maxim Levitsky

> 
> > +
> >  	if ((vcpu->arch.hflags & (HF_NMI_MASK | HF_IRET_MASK)) == HF_NMI_MASK)
> >  		return; /* IRET will cause a vm exit */
> >  
> > -- 
> > 2.25.1
> >