Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4633191rwb; Mon, 21 Nov 2022 09:51:47 -0800 (PST) X-Google-Smtp-Source: AA0mqf6Saa4SiYacbk6Gvt8bjG9XdTcr8pND0MxYQ4C90IfM2pf5xdNTZO7h8FamIVGMbd6iOoCt X-Received: by 2002:a05:6a00:1409:b0:56b:e1d8:e7a1 with SMTP id l9-20020a056a00140900b0056be1d8e7a1mr122128pfu.28.1669053106730; Mon, 21 Nov 2022 09:51:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669053106; cv=none; d=google.com; s=arc-20160816; b=u2l64Zb9PgrunDKcx/FpvJWYRz+sFo8peTWQsyn9d745EN1+w4FDAGdxzaCeW64MJb h+/i5wwIJOUJp+yo1BXlvCmrRFogjNH4r+6fLIZ2RTbywFbohAjxhrmqrx4/kFyC3QTF WMz8uLzvdmcN5pNADEfeDWrtzpeasy5XMhde4VTyGo5ohlGreptf1LnVPyD4rrZbAElN lU5ih6TWwK/aL1vidrBTJ5OGf4X+HbzrMHi7IO67aJ0odTQ0ID2M+U4JkbQsqlo0hUqF xOFCvb43rw2gqV4xN8CqMrngDKv4296t8o8PLXei0XCZ9jl5d9I1V65K9xOzENGQRm1J e68Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=mWrsUVH7dB6OSSMZm6MOoJV9MHEspgOy930qIPoKKBU=; b=DnXRIO/Hp5duE/bpKk8QyO3FVC/Tiyt61ShTW4dlqtFheyMTCP7NnIH91sq/Th4FKl gC7lM1BkWARHdO4kUs0MizxFxgT1sWvkLwHBIGmoSL5L8fGLbQf8IUSUjKKpZvxe37Gg 0s1f3THAmkJ+TQi0fUf/x2bOGgT233stiuh2IjHThOlT6xr3ZQnD/AuNtexA8ijGNG51 Fu+W4MeNu2JWTFg9cqA1zLh9RGjHMpwwzKWhM7LEQK+RqigbgREKggiRr1a1HaNC7c5Y AbFdUK46SsjXtoOVPNgno7rALajS1WbJ8v6fj/EnAB87iBQaTSFz21higxhcj6TxWDvZ uNmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=nHp+7HQ7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p12-20020a63c14c000000b00476e21bc1bdsi11203522pgi.162.2022.11.21.09.51.35; Mon, 21 Nov 2022 09:51:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=nHp+7HQ7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231276AbiKURNA (ORCPT + 91 others); Mon, 21 Nov 2022 12:13:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230477AbiKURMT (ORCPT ); Mon, 21 Nov 2022 12:12:19 -0500 Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2249CDFF8 for ; Mon, 21 Nov 2022 09:12:15 -0800 (PST) Received: by mail-pl1-x634.google.com with SMTP id j12so11165250plj.5 for ; Mon, 21 Nov 2022 09:12:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=mWrsUVH7dB6OSSMZm6MOoJV9MHEspgOy930qIPoKKBU=; b=nHp+7HQ7Hr+KZQIQsMsn4/3cncaHAMY8Ki9hQ2xw2SxkZxV69l+PCAhgXFVwmgiNcM XzAn5pLa5L6/i8pR5KBaiADZaAVH7eF4HWxsbK0INyDgNbC6AUVspDoUTOfwPbIjiXK7 RN/FoaUMoOgTzrZJjIO83cbPFcd5VsUOOr0Tn0dzmkwhFns80JI++azwSpx/wR1rkLRb izv5/HBebWCjSg48U45Sfk09fvoyoCvZ4b+4up5A3KBo9rTpIxcbgtkW7tvAaOVeiawC cmGYidS0yK6uSi5KBxtgFsctkeAYneIvKPRZzAPpz1gsPhQ8plJg0CqGbTyNPztY2o9C 0rVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mWrsUVH7dB6OSSMZm6MOoJV9MHEspgOy930qIPoKKBU=; b=ZfMxh/xn5ECNONcwP2Re+X7QUSnjr5VLMeOgXZHUmgAw+lNg1KfGBS+nGL6pqUNkDb upPFt2mbfQp0DjnQCMPAJiggoayROrVIHbXMiG3x0kY8rXgVfaQfZee/lIEAApaIBXjo XgruFi+Sk1fC+5FOoLBSQcUrSh0+6FWV2S9IB3Hwmniy47ZtjZSl/NxoBYDnXaUqYWPk E3rZQfVdSdiuSv710WTGgNt4jhIUNqK2Xm4ULcuPg3NPo/9Oz0e18UxbFyx3Yd5togzb 1OMxsqwtASpLWGGs1cN7QxOScPFvtCF55SaaHLu9Bjj+vQmTKq2yZrvq16WtXMBPGFWx m6Lg== X-Gm-Message-State: ANoB5plpw3vwMHJF0k43/kKZ5eHn7N0Its5dmEFXSNn3Ijb0A+QrWyNR pqnhODIrsKPrZSE8hhvrMu0oYQ== X-Received: by 2002:a17:90b:48c8:b0:20b:16bc:8493 with SMTP id li8-20020a17090b48c800b0020b16bc8493mr21644639pjb.210.1669050735117; Mon, 21 Nov 2022 09:12:15 -0800 (PST) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id y15-20020aa79e0f000000b005672daedc8fsm8913951pfq.81.2022.11.21.09.12.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Nov 2022 09:12:14 -0800 (PST) Date: Mon, 21 Nov 2022 17:12:11 +0000 From: Sean Christopherson To: Maxim Levitsky Cc: kvm@vger.kernel.org, Paolo Bonzini , Ingo Molnar , "H. Peter Anvin" , Dave Hansen , linux-kernel@vger.kernel.org, Peter Zijlstra , Thomas Gleixner , Sandipan Das , Daniel Sneddon , Jing Liu , Josh Poimboeuf , Wyes Karny , Borislav Petkov , Babu Moger , Pawan Gupta , Jim Mattson , x86@kernel.org, Santosh Shukla Subject: Re: [PATCH 10/13] KVM: SVM: Add VNMI support in inject_nmi Message-ID: References: <20221117143242.102721-1-mlevitsk@redhat.com> <20221117143242.102721-11-mlevitsk@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221117143242.102721-11-mlevitsk@redhat.com> X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 17, 2022, Maxim Levitsky wrote: > From: Santosh Shukla > > Inject the NMI by setting V_NMI in the VMCB interrupt control. processor > will clear V_NMI to acknowledge processing has started and will keep the > V_NMI_MASK set until the processor is done with processing the NMI event. > > Also, handle the nmi_l1_to_l2 case such that when it is true then > NMI to be injected originally comes from L1's VMCB12 EVENTINJ field. > So adding a check for that case. > > Signed-off-by: Santosh Shukla > Reviewed-by: Maxim Levitsky > --- > arch/x86/kvm/svm/svm.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index eaa30f8ace518d..9ebfbd0d4b467e 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -3479,7 +3479,14 @@ static void pre_svm_run(struct kvm_vcpu *vcpu) > static void svm_inject_nmi(struct kvm_vcpu *vcpu) > { > struct vcpu_svm *svm = to_svm(vcpu); > + struct vmcb *vmcb = NULL; As written, no need to initialize vmcb. Might be a moot point depending on the final form of the code. > + if (is_vnmi_enabled(svm) && !svm->nmi_l1_to_l2) { Checking nmi_l1_to_l2 is wrong. KVM should directly re-inject any NMI that was already recognized by hardware, not just those that were originally injected by L1. If another event comes along, e.g. SMI, because an event (NMI) is already injected, KVM will send a hardware IRQ to interrupt the guest and forcea a VM-Exit so that the SMI can be injected. If hardware does the (IMO) sane thing and prioritizes "real" IRQs over virtual NMIs, the IRQ VM-Exit will occur before the virtual NMI is processed and KVM will incorrectly service the SMI before the NMI. I believe the correct way to handle this is to add a @reinjected param to ->inject_nmi(), a la ->inject_irq(). That would also allow adding a sanity check that KVM never attempts to inject an NMI into L2 if NMIs are supposed to trigger VM-Exit. This is the least ugly code I could come up with. Note, if vNMI is enabled, hardare sets V_NMI_MASKED if an NMI is injected through event_inj. static void svm_inject_nmi(struct kvm_vcpu *vcpu, bool reinjected) { struct vcpu_svm *svm = to_svm(vcpu); /* * Except for re-injection, KVM should never inject an NMI into L2 if * NMIs are supposed to exit from L2 to L1. */ WARN_ON_ONCE(!reinjected && is_guest_mode(vcpu) && nested_exit_on_nmi(svm)); if (is_vnmi_enabled(svm)) { if (!reinjected) svm->vmcb->control.int_ctl |= V_NMI_PENDING; else svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; ++vcpu->stat.nmi_injections; return; } svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; if (svm->nmi_l1_to_l2) return; vcpu->arch.hflags |= HF_NMI_MASK; if (!sev_es_guest(vcpu->kvm)) svm_set_intercept(svm, INTERCEPT_IRET); ++vcpu->stat.nmi_injections; }