Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp802316rwe;
        Wed, 31 Aug 2022 11:13:49 -0700 (PDT)
X-Google-Smtp-Source: AA6agR7kBu1ex1k8vM26fpSZqBAiRAgwIp9Io17W7ulfN0/sCJQrus8JltVEMGsNtf//halvCupP
X-Received: by 2002:a63:4d47:0:b0:42c:2def:6ffc with SMTP id n7-20020a634d47000000b0042c2def6ffcmr12242989pgl.142.1661969629270;
        Wed, 31 Aug 2022 11:13:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661969629; cv=none;
        d=google.com; s=arc-20160816;
        b=xOxCh3m23eR2splx6aJNi7zzcl+CH+4x0IeVjrfVh9BsIx8x+tktp0duX2SGiRSzjj
         hiAL8Cz9C8iBDppKWph6gzZ6FwZSomEwCu+h35QOSLS09hDglMt3m5eh1E3v96+/6gcv
         QuYk/S7LyJRd1L8NMrgltaCYM88iR4EKAd+Eq0g4W69FRwz/6g4TkJRgdn5q6iRDNRWH
         A7jsKHOE5l8JeGkjomFP88wKqyUa0zhgbKBF/qlfZH1WdhwhF61Sy9haF3iN1p47U0vW
         GY+0GvE7cIRjJsBZ8MXJhqvbjeTxw35u/M5LlH99a+rwxMYVVN0HMk+U/SL+VDmWtmAl
         7UTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=cjaWnDUuxi7FimnJS6wS+o0UPUIXMMd9GW1k9/00SrY=;
        b=JjL0/NWEEYppSiMWn+sBOR0csgcCTD47niJLrJDzSSYFZ0zPjzvf1dkgVTgk/vu/rG
         RdMgJB8ra6cop9+K99Pztjmp0tWma2sHft1fdjN11pYGUQ54wlWvn67gXQB1xhaY2N4k
         aV7fNWcikDb/PpCsDytmQ/FdWLDk+Pvbno9OGwPrMdsLUKedXpTDGRwD3jIHQO6xeb8X
         9uomZTGEyXIZnI++SHQ3UfcryrEmKviMFwlg5L72TmSyOf69iG5PjCqSrlnTQ6rbhMBB
         18uWOC/EjzCLVk0/Ap2Lb9u+AhuzouUkCtL0kSqrlW558+Xv+Xy575JwYaFM2aX3X0Ct
         uodQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=LiRMQmmQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id d1-20020a170902cec100b001753c45cb46si3289044plg.209.2022.08.31.11.13.35;
        Wed, 31 Aug 2022 11:13:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=LiRMQmmQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230179AbiHaRrJ (ORCPT <rfc822;android.linux@gmail.com>
        + 99 others); Wed, 31 Aug 2022 13:47:09 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33682 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229510AbiHaRrG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 31 Aug 2022 13:47:06 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E4BFAC12C8
        for <linux-kernel@vger.kernel.org>; Wed, 31 Aug 2022 10:47:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1661968025;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=cjaWnDUuxi7FimnJS6wS+o0UPUIXMMd9GW1k9/00SrY=;
        b=LiRMQmmQL+rZhYf02rRp4rA6EWtdm6K32Vipusnh5LaBeHX3tgC777OQsZ06YnES9e5Cyj
        6Zn+jN4uKskXJiBU1T3msai44ltM2VuJGxh0gyJCMQP9/WqQWNJx8xMsrGqHLlxlXF3xX1
        spGLfBQJ2bXtsQDtv27hkXwRf3Ujn0Q=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-609-zH0cGgFyPj6fDjJu6Ckhqw-1; Wed, 31 Aug 2022 13:46:58 -0400
X-MC-Unique: zH0cGgFyPj6fDjJu6Ckhqw-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 06966964081;
        Wed, 31 Aug 2022 17:46:58 +0000 (UTC)
Received: from starship (unknown [10.40.194.96])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 6443A4011A58;
        Wed, 31 Aug 2022 17:46:56 +0000 (UTC)
Message-ID: <59206c01da236c836c58ff96c5b4123d18a28b2b.camel@redhat.com>
Subject: Re: [PATCH 03/19] Revert "KVM: SVM: Introduce hybrid-AVIC mode"
From:   Maxim Levitsky <mlevitsk@redhat.com>
To:     Sean Christopherson <seanjc@google.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
        Li RongQing <lirongqing@baidu.com>
Date:   Wed, 31 Aug 2022 20:46:55 +0300
In-Reply-To: <Yw+MYLyVXvxmbIRY@google.com>
References: <20220831003506.4117148-1-seanjc@google.com>
         <20220831003506.4117148-4-seanjc@google.com>
         <17e776dccf01e03bce1356beb8db0741e2a13d9a.camel@redhat.com>
         <84c2e836d6ba4eae9fa20329bcbc1d19f8134b0f.camel@redhat.com>
         <Yw+MYLyVXvxmbIRY@google.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2022-08-31 at 16:29 +0000, Sean Christopherson wrote:
> On Wed, Aug 31, 2022, Maxim Levitsky wrote:
> > On Wed, 2022-08-31 at 08:59 +0300, Maxim Levitsky wrote:
> > > On Wed, 2022-08-31 at 00:34 +0000, Sean Christopherson wrote:
> > > > Remove SVM's so called "hybrid-AVIC mode" and reinstate the restriction
> > > > where AVIC is disabled if x2APIC is enabled.  The argument that the
> > > > "guest is not supposed to access xAPIC mmio when uses x2APIC" is flat out
> > > > wrong.  Activating x2APIC completely disables the xAPIC MMIO region,
> > > > there is nothing that says the guest must not access that address.
> > > > 
> > > > Concretely, KVM-Unit-Test's existing "apic" test fails the subtests that
> > > > expect accesses to the APIC base region to not be emulated when x2APIC is
> > > > enabled.
> > > > 
> > > > Furthermore, allowing the guest to trigger MMIO emulation in a mode where
> > > > KVM doesn't expect such emulation to occur is all kinds of dangerous.
> > 
> > Also, unless I misunderstood you, the above statement is wrong.
> > 
> > Leaving AVIC on, when vCPU is in x2apic mode cannot trigger extra MMIO emulation,
> > in fact the opposite - because AVIC is on, writes to 0xFEE00xxx might *not* trigger
> > MMIO emulation and instead be emulated by AVIC.
> 
> That's even worse, because KVM is allowing the guest to exercise hardware logic
> that I highly doubt AMD has thoroughly tested.

Harware logic is exactly the same regarless of if KVM uses x2apic mode or not,
and it is better to be prepared for all kind of garbage coming from the guest.

Software logic, I can understand you, there could be registers that trap differently
in avic and x2avic mode, but it should be *very* easy to deal with it, the list
of registers that trap is very short.

> 
> > Yes, some of these writes can trigger AVIC specific emulation vm exits, but they
> > are literaly the same as those used by x2avic, and it is really hard to see
> > why this would be dangerous (assuming that x2avic code works, and avic code
> > is aware of this 'hybrid' mode).
> 
> The APIC_RRR thing triggered the KVM_BUG_ON() in kvm_apic_write_nodecode()
> precisely because of the AVIC trap.  At best, this gives a way for the guest to
> trigger a WARN_ON_ONCE() and thus panic the host if panic_on_warn=1.  I fixed
> the APIC_RRR case because that will be problematic for x2AVIC, but there are
> other APIC registers that are unsupported in x2APIC that can trigger the KVM_BUG_ON().
> 
> > From the guest point of view, unless the guest pokes at random MMIO area,
> > the only case when this matters is if the guest maps RAM over the 0xFEE00xxx
> > (which it of course can, the spec explictly state as you say that when x2apic
> > is enabled, the mmio is disabled), and then instead of functioning as RAM,
> > the range will still function as APIC.
> 
> There is no wiggle room here though, KVM is blatantly breaking the architectural
> specification.  When x2APIC is enabled, the xAPIC MMIO does not exist.

In this case I say that there is no wiggle room for KVM to not allow different APIC bases
on each CPU - the spec 100% allows it, but in KVM it is broken.

If you are really hell bent on not having that MMIO exposed, 
then I say we can just disable the AVIC memslot, and keep AVIC enabled in this case - 
this should make us both happy.


This discussion really makes me feel that you want just to force your opinion on others,
and its not the first time this happens. It is really frustrating to work like that.
It might sound harsh but this is how I feel. Hopefully I am wrong.


Best regards,
	Maxim Levisky


>