Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6437887rwb; Tue, 22 Nov 2022 13:25:47 -0800 (PST) X-Google-Smtp-Source: AA0mqf7BJs3pYeXyMsMUI/0XMks9JlI+0phVwXU9n8w4kPAG2kIxCVfwzENTWDz2qvkyvVLyS5qN X-Received: by 2002:a17:906:2dcb:b0:7b2:8a70:8fb7 with SMTP id h11-20020a1709062dcb00b007b28a708fb7mr21514445eji.163.1669152347182; Tue, 22 Nov 2022 13:25:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669152347; cv=none; d=google.com; s=arc-20160816; b=fY2i57xAnOassSPYZt/UUhVWyuIDiT6iG40zIQmCRw+FyHrq2q/dTn+ktevINKRBEu WSTJY9jFMqnLYTDcCfEoca8goRb8lmWdOxjL0F+LCevro1f2yg5mN47WcAitG/4Jd5rh JbYLI/WZNBiB9eZ3L51fXYxgw3OtJNmX7/yMiBJgyKvXYOfHkMOgz9UaRtPW0cAt4+oy C+CzOUPyS+blZwdRSD184GrBgDxoqssrGA2arxkPzVy61Ic14v7nHd+BkbPRg01PngsY BpI1ip8QPFZjI0ob6/bRZf1y4xBay5y+gi9mt770o1jt36H7rQdvFLCFe6UoOHiR5X84 0bww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Xe5lv1QsTYxiW+46jd84oLWYNOjdtqx5LsHPiQT+CbY=; b=ogoPOTJVYv/RpscTqWft0HDwUWyukOpk7teiavCLEDaPjqLQlpFoEJHaDZoq3ZWgcz 0gqNcUpzkN13dp3zETQoIkvGU1vhI3qwoo/9KIKt39Za6u/M2nSuIGbjmwE7KCizjIGi uYE1vAb0bh4PKkJosyNW2erfCzx+jQG5NdQ6ZPwVPITIYHrQHBg7EkmpjOhRHIyAWFJz Zl2u/64TU+deLvomhrxme06zV0z97p/VGwojKIReD1OvSQcoLWzlj7j27TG8eRkujnvK QbGCgz/BdNj+CQrkVWykofKU8WLbEAnyjdwPLrQ8AJS1yPhPrw6005zlfF9OqagbNCqq Y3/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=jHr87Eqr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gs15-20020a1709072d0f00b0078d4b605b71si14544136ejc.338.2022.11.22.13.25.24; Tue, 22 Nov 2022 13:25:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=jHr87Eqr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233436AbiKVUwu (ORCPT + 89 others); Tue, 22 Nov 2022 15:52:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234372AbiKVUwm (ORCPT ); Tue, 22 Nov 2022 15:52:42 -0500 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87AA51AF2A for ; Tue, 22 Nov 2022 12:52:39 -0800 (PST) Received: by mail-pj1-x102c.google.com with SMTP id a1-20020a17090abe0100b00218a7df7789so7341687pjs.5 for ; Tue, 22 Nov 2022 12:52:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Xe5lv1QsTYxiW+46jd84oLWYNOjdtqx5LsHPiQT+CbY=; b=jHr87EqrXczQan3cj3wKvuAcmEXgUT0owrBovzhrjOOZz83aqN2FXomVGU4sO8TKl9 RIIVJ4g4bh3i9/d99KPEbeIjhBp+ON/N+0xqVAjlfXbk85E4NhQstANHw2EQxSeiWTEI k9vHnM9uP0PHr3VJB8THPKjYsb9whCcCn6WMRpulIMvZIgPHS7vd6oIMxwlWwrEJWBdM C0RP4zEifu27siBCoe9LLdLbGe8aVnoTEMTkyNdISSQX7lapnos11FatL5D5jnzVS65B 1PmU5qm3JVPdVjAsE9w6kH/IvzZ8UKnx5TOC8wnUP28CR3xP4bG94DpfMVof93F8dZCi Q1NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Xe5lv1QsTYxiW+46jd84oLWYNOjdtqx5LsHPiQT+CbY=; b=TryVcEY7G1SxPPBK8p+B+Qqn8zB8SW0itDOXFgDZm2MTkaUDOoAta19s74mxlGPeX7 KG1dE5nmM0d/jeBgsDEzm8Ug4wRtNTr56bhtZC2hyy+foBE0CmCg5XPHe/rEMsU9OYW3 7j9tfZ/1dxk3F3Y0e/gz+rXFddHVx/oic5SeKwgr4+wZuPPFKCO9AZuiORmjHGcubqTs nmWICowsTTV6017T0s/RUUVBHB/4pblaiUr9q4zNjGO7Nwq3/A5KGw6fePKqyYVmgxKa XRbXL3utkAckrgZF6Swlt0PG37QHxyP3UCXj8FQEPcwHliGuFTgwk5nylU4aekomYGwK NVWQ== X-Gm-Message-State: ANoB5pkctwZBx1+218dmNZkUQtII86gwySSd0RmJ+r3GbggzwLs3q5TO JvoWyf0kgwwmGALPsvJB68eEzg== X-Received: by 2002:a17:902:d349:b0:189:324:27cc with SMTP id l9-20020a170902d34900b00189032427ccmr5653079plk.70.1669150358926; Tue, 22 Nov 2022 12:52:38 -0800 (PST) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id f19-20020a17090a9b1300b0020d9306e735sm9950352pjp.20.2022.11.22.12.52.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Nov 2022 12:52:38 -0800 (PST) Date: Tue, 22 Nov 2022 20:52:35 +0000 From: Sean Christopherson To: "Li, Xin3" Cc: Peter Zijlstra , Paolo Bonzini , "linux-kernel@vger.kernel.org" , "x86@kernel.org" , "kvm@vger.kernel.org" , "tglx@linutronix.de" , "mingo@redhat.com" , "bp@alien8.de" , "dave.hansen@linux.intel.com" , "hpa@zytor.com" , "Tian, Kevin" Subject: Re: [RESEND PATCH 5/6] KVM: x86/VMX: add kvm_vmx_reinject_nmi_irq() for NMI/IRQ reinjection Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 22, 2022, Li, Xin3 wrote: > > > > > > > And yes, the current code appears to suffer the same defect. > > > > > > That defect isn't going to be fixed simply by changing how KVM > > > forwards NMIs though. IIUC, _everything_ between VM-Exit and the > > > invocation of the NMI handler needs to be noinstr. On VM-Exit due to > > > NMI, NMIs are blocked. If a #BP/#DB/#PF occurs before KVM gets to > > > kvm_x86_handle_exit_irqoff(), the subsequent IRET will unblock NMIs > > > before the original NMI is serviced, i.e. a second NMI could come in > > > at anytime regardless of how KVM forwards the NMI to the kernel. > > > > > > Is there any way to solve this without tagging everything noinstr? > > > There is a metric shit ton of code between VM-Exit and the handling of > > > NMIs, and much of that code is common helpers. It might be possible > > > to hoist NMI handler much earlier, though we'd need to do a super > > > thorough audit to ensure all necessary host state is restored. > > > > As NMI is the only vector with this potential issue, it sounds a good idea to only > > promote its handling. > > > > Hi Peter/Sean, > > I prefer to move _everything_ between VM-Exit and the invocation of the NMI > handler into the noinstr section in the next patch set, how do you think? That's likely going to be beyond painful and will have a _lot_ of collateral damage in the sense that other paths will end up calling noinstr function just because of VMX. E.g. hw_breakpoint_restore(), fpu_sync_guest_vmexit_xfd_state(), kvm_get_apic_mode(), multiple static calls in KVM... the list goes on and on and on. The ongoing maintenance for that would also be quite painful. Actually, SVM already enables NMIs far earlier, which means the probability of breaking something by moving NMI handling earlier is lower. Not zero, as I don't trust that SVM gets all the corner right, but definitely low. E.g. this should be doable diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index cea8c07f5229..2fec93f38960 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7249,6 +7249,8 @@ static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu) if (unlikely(vmx->exit_reason.failed_vmentry)) return EXIT_FASTPATH_NONE; + + vmx->loaded_vmcs->launched = 1; vmx_recover_nmi_blocking(vmx); thouh we'd like want a fair bit of refactoring so that all of vmx_vcpu_run() and svm_vcpu_run() don't need to be noinstr. Another wart that needs to be addressed is trace_kvm_exit(). IIRC, tracepoints must be outside of noinstr, though maybe I'm misremembering that. And conversely, SVM doesn't trace exits that are handled in the fastpath. Best option is probably to move VMX's trace_kvm_exit() call to vmx_handle_exit(), and then figure out a common way to trace exits that are handled in the fastpath (which can reside outside of the noinstr section).