Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp4792566rwe; Tue, 30 Aug 2022 17:39:17 -0700 (PDT) X-Google-Smtp-Source: AA6agR40XxnIrSzngBs+VbiI+nE+fqnsxjA2J84faxfo5Iqjda1Aom9VcfhJjMN9kCfpCbkj7Oj9 X-Received: by 2002:a05:6402:1694:b0:447:fa04:367b with SMTP id a20-20020a056402169400b00447fa04367bmr17215765edv.138.1661906357565; Tue, 30 Aug 2022 17:39:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661906357; cv=none; d=google.com; s=arc-20160816; b=dSc4RG41iOoYhqWNkcADczcsVtlTR+S8rQpa5ukhzsFtpYXTi0pOiziKB/oSEwxx7X HCvLs4ebc/n8AewsrM/hfBIV+YQ2gv5nD2sezYUKkZJJaoYrw6GfeG2jz0WqTkkhlC05 3zHytdk6KZ/KzX7Jt+xxTimUqOohsV7L1R2eFfdrEd0yaeIJ6/VlzdIfUMal6W92XTuv fZ39Sl+onXYwUv/7Kxhr558lv1O4eMmmWO2BmdAkodc0DTtZlz+DicNxtr3XWmAmKs92 bvGddsrD5OfNuSXF7VQNwYXXZp0YSh3bWYWt8q34h0TNbjrTHFoJZzPorrEgLgs8MN5u QmkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=nNU9Bjqf9y2XiX7CZGxt5LtQZtYEQ0fRI0M+3kQYHd8=; b=j9FFht7VYXkbcDcSEqtir/+hqVclMALHNLpnPQAYFxKhUh4PG4yO4hjgeCdK92+Rsi pwpQP1xbk7/VhGEWoiAwyHqphiHQMFAn0WC4lMyv+lG5q1yv4y2uPtYoNG//bxgToxTx Kd7uN9dxoGLz1/cmzYNzeKbdqyyfmexjC6I3dpRwcrFSk0BHCWNQSyLZXPx40wojH9Lm QiXXRL1YiU/6BWEfBif2sy8KNAJbGRX+yVxVynJW25q/FaOeIEKGMxfvE/PVd9Kee6n7 ig26ZM6Ghqr02QUpTX/tGG7AfNDG1PPklaqn39ty8AFDiQhXn8TBDPdEOGHtVvtYAdLn JYTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=nsUDSLmw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y9-20020a50eb89000000b004484015a8b6si2438395edr.510.2022.08.30.17.38.52; Tue, 30 Aug 2022 17:39:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=nsUDSLmw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232080AbiHaAhT (ORCPT + 99 others); Tue, 30 Aug 2022 20:37:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51656 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231886AbiHaAgu (ORCPT ); Tue, 30 Aug 2022 20:36:50 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C161FA6AD5 for ; Tue, 30 Aug 2022 17:35:30 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id y9-20020a17090322c900b00174c881abaeso4607506plg.6 for ; Tue, 30 Aug 2022 17:35:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc; bh=nNU9Bjqf9y2XiX7CZGxt5LtQZtYEQ0fRI0M+3kQYHd8=; b=nsUDSLmwiz2YIjGoJDWf0sAGexBLRtBGLNj+U0a0dxwdRSnDUJLZ/s81wWgXfPmfZC rcingM4u7HvJFWTBgWJYoy47ughU9OZmQ69i4DqRXTjNGW5TUGJAtBm24vA2koy20Z+W WFEt7S4TUlpmlrrMirREsdRXHPp3qTniXB67PD3UFg+egTtgi3vDgy/lBQtl6fgp7K4x na1upEaIRDzqldfvv3xrkoqoEluOHkX+4ctoSit8dSJRwikX9HoU6EP+/3rhGXZRoUT0 VfANzt47NFBIqN5xekmNQ7zAiDzyfupSXNkPPIW9bVZcUW6gXapvsysItmRXJxYhCoqs hACQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=nNU9Bjqf9y2XiX7CZGxt5LtQZtYEQ0fRI0M+3kQYHd8=; b=ah0COkVJRMzQ1g0SIeRrqnW89NP2oU0e0rKzuwE+DIGZxgC/nIFmUtRoxmiL8oKtSx VxaLaut5n7tzuiIOx6ZOf19iW4SZ+DaLVAiajPjRBfnW2Iy4XDEJLC4KIdXIz62Ek8R0 x6pu/RZxicopnQkLVNgz2BCAVy0uu4bIpp4m5WUBO7yNb0d/e+moJT0Gx+b9md4a14nS Rg/3vfEStoMblrqEVgpmMvQJ00zUBCVf83EruLZqFYi99RJjGutn7BdOvgImSd3yCX9s GnQ/EFQppUgR5aXbjBg06JDkPeXCBo1wLDY7No5Ar3ujaLHn+xDPDiDMTL6wWzaS8nhq QsCw== X-Gm-Message-State: ACgBeo1K5WbXdMd7ZrOv5xdsNEHEgrfqTNCWiIvI1EKX44EMheIOpEue 8nvnF7nbs/vvJQy1wkKosH6yG4gUDK0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:124d:b0:538:295a:1c47 with SMTP id u13-20020a056a00124d00b00538295a1c47mr13357367pfi.5.1661906114650; Tue, 30 Aug 2022 17:35:14 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 31 Aug 2022 00:34:50 +0000 In-Reply-To: <20220831003506.4117148-1-seanjc@google.com> Mime-Version: 1.0 References: <20220831003506.4117148-1-seanjc@google.com> X-Mailer: git-send-email 2.37.2.672.g94769d06f0-goog Message-ID: <20220831003506.4117148-4-seanjc@google.com> Subject: [PATCH 03/19] Revert "KVM: SVM: Introduce hybrid-AVIC mode" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Suravee Suthikulpanit , Maxim Levitsky , Li RongQing Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Remove SVM's so called "hybrid-AVIC mode" and reinstate the restriction where AVIC is disabled if x2APIC is enabled. The argument that the "guest is not supposed to access xAPIC mmio when uses x2APIC" is flat out wrong. Activating x2APIC completely disables the xAPIC MMIO region, there is nothing that says the guest must not access that address. Concretely, KVM-Unit-Test's existing "apic" test fails the subtests that expect accesses to the APIC base region to not be emulated when x2APIC is enabled. Furthermore, allowing the guest to trigger MMIO emulation in a mode where KVM doesn't expect such emulation to occur is all kinds of dangerous. Tweak the restriction so that it only inhibits AVIC if x2APIC is actually enabled instead of inhibiting AVIC is x2APIC is exposed to the guest. This reverts commit 0e311d33bfbef86da130674e8528cc23e6acfe16. Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm_host.h | 6 ++++++ arch/x86/kvm/svm/avic.c | 21 ++++++++++----------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 2c96c43c313a..1f51411f3112 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1128,6 +1128,12 @@ enum kvm_apicv_inhibit { */ APICV_INHIBIT_REASON_PIT_REINJ, + /* + * AVIC is inhibited because the vCPU has x2apic enabled and x2AVIC is + * not supported. + */ + APICV_INHIBIT_REASON_X2APIC, + /* * AVIC is disabled because SEV doesn't support it. */ diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index f3a74c8284cb..1d516d658f9a 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -71,22 +71,12 @@ static void avic_activate_vmcb(struct vcpu_svm *svm) vmcb->control.avic_physical_id &= ~AVIC_PHYSICAL_MAX_INDEX_MASK; vmcb->control.int_ctl |= AVIC_ENABLE_MASK; - - /* Note: - * KVM can support hybrid-AVIC mode, where KVM emulates x2APIC - * MSR accesses, while interrupt injection to a running vCPU - * can be achieved using AVIC doorbell. The AVIC hardware still - * accelerate MMIO accesses, but this does not cause any harm - * as the guest is not supposed to access xAPIC mmio when uses x2APIC. - */ - if (apic_x2apic_mode(svm->vcpu.arch.apic) && - avic_mode == AVIC_MODE_X2) { + if (apic_x2apic_mode(svm->vcpu.arch.apic)) { vmcb->control.int_ctl |= X2APIC_MODE_MASK; vmcb->control.avic_physical_id |= X2AVIC_MAX_PHYSICAL_ID; /* Disabling MSR intercept for x2APIC registers */ svm_set_x2apic_msr_interception(svm, false); } else { - /* For xAVIC and hybrid-xAVIC modes */ vmcb->control.avic_physical_id |= AVIC_MAX_PHYSICAL_ID; /* Enabling MSR intercept for x2APIC registers */ svm_set_x2apic_msr_interception(svm, true); @@ -537,6 +527,14 @@ unsigned long avic_vcpu_get_apicv_inhibit_reasons(struct kvm_vcpu *vcpu) { if (is_guest_mode(vcpu)) return APICV_INHIBIT_REASON_NESTED; + + /* + * AVIC must be disabled if x2AVIC isn't supported and the guest has + * x2APIC enabled. + */ + if (avic_mode != AVIC_MODE_X2 && apic_x2apic_mode(vcpu->arch.apic)) + return APICV_INHIBIT_REASON_X2APIC; + return 0; } @@ -993,6 +991,7 @@ bool avic_check_apicv_inhibit_reasons(enum kvm_apicv_inhibit reason) BIT(APICV_INHIBIT_REASON_NESTED) | BIT(APICV_INHIBIT_REASON_IRQWIN) | BIT(APICV_INHIBIT_REASON_PIT_REINJ) | + BIT(APICV_INHIBIT_REASON_X2APIC) | BIT(APICV_INHIBIT_REASON_BLOCKIRQ) | BIT(APICV_INHIBIT_REASON_SEV) | BIT(APICV_INHIBIT_REASON_APIC_ID_MODIFIED) | -- 2.37.2.672.g94769d06f0-goog