Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp3316580rwb; Mon, 7 Aug 2023 11:25:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEHH2Yf5i7mrvMDp8w/YlGH7za/Y7VRBNDdh15NFxl/nXVo6yYF3WNeScbrSySWhC2NUZ7f X-Received: by 2002:a17:902:8692:b0:1b9:d307:c1df with SMTP id g18-20020a170902869200b001b9d307c1dfmr9871471plo.17.1691432730125; Mon, 07 Aug 2023 11:25:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691432730; cv=none; d=google.com; s=arc-20160816; b=R5CQoGnz8sOviEpnj0n7WB/hXDujaxFuOQAiEcLYBwvwdfQCjP+WvwZsf/xa8L1cdu GAkMLFdt78XYCpQX3415XKltoBSSGQYZiD78L4tVb+ON5RDsWpWlZM4ljOb1YeI6jFNc ToF2uCZNRDJSxO2C9KxkHyo32xZfFA/kabCMxWm/dzQhaqWfL6ITISmnjU/gsqsosaeh sTW4Ows7VfsalfoAgTZ86IuCZsb8RYPACcRnaXfq+MXS9k3ZiRtx2DlEHnnCf4PIE874 P+t3ERmRfQ0OGi8m6F/tyIv9gp5j3pYY55HT8x/m1t5+8jrhU0WJWvcs1VLXb1XcwwM4 8wAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:from:subject :message-id:references:mime-version:in-reply-to:date:dkim-signature; bh=OExYOOf8M1CpNU2fJgIYRywdcLhFkzkukKiV9j1xays=; fh=t7CFnls8fxiwhRgDoghxrmDI6AtzIu1fuBg/5ysb5Qo=; b=WDI79EcfNP+BDyH4bAHOyGxzVBVChZ7YHFKD5bXkFzQLhaanmSF6UWorER4psNyNHP y6zY+kTH6rQOC7E9PhtSM2GRV3SVlRhMu7P7oHBglVeTOJg5Of45+3Jy7cjuhlHavJ87 olqiptzjEKxVbOVcNJ+oo95oThJBZtVk5p0txOMF/X0I5xBhb/zCqO5xHWKwP5B8UB4w bsTW58HLqutBRfSOtJfl28JccFaWCy9yU1W2XDeuCpGmkddRWwQ+h4W8mCEbO9nWydrM lKaPXbTCvHrJHtXLuOKgi14agC6SknRIHFOg06EF8Gomi4/kfJfZrH0DkU05yp/DwsEW /0Jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=jQIlcBum; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s13-20020a170902b18d00b001b9d2659694si5979865plr.270.2023.08.07.11.25.18; Mon, 07 Aug 2023 11:25:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=jQIlcBum; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229726AbjHGSEx (ORCPT + 99 others); Mon, 7 Aug 2023 14:04:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229559AbjHGSEw (ORCPT ); Mon, 7 Aug 2023 14:04:52 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21782171A for ; Mon, 7 Aug 2023 11:04:51 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id 41be03b00d2f7-564364d11adso2938772a12.2 for ; Mon, 07 Aug 2023 11:04:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691431490; x=1692036290; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=OExYOOf8M1CpNU2fJgIYRywdcLhFkzkukKiV9j1xays=; b=jQIlcBumk+cFSXohMvN9lg2D+elmWJ3TBAgGENXmq2Zc/QKsZwAn6n/dtcuIav+z53 qvFmhT6r7avNTnMIBrsQsGuXxYETHaXGCK+d40JiDxP9jodrVn9kec1G4yH1R0jylyGS GHU6zqjPiOasRdl1NgO0wbCYw5sBcR3wGrhc3cPieHO6Jryx9X9g3rFc7/PeNoTd6eO6 zr5i87Ui+U7H3rlFeA94R+YFUDByoYh6BF3IordnnrE4nI5fgI8WqUrpz4UBKKPsyw6N dFhrCpn9CXXdVE7e4zQ6jmO3IEj8mHCN0uWMipXLOSC1oRybrRGbTfMk8pUdWAm2BtlY CVMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691431490; x=1692036290; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=OExYOOf8M1CpNU2fJgIYRywdcLhFkzkukKiV9j1xays=; b=Y0/fLj8bAW7KEAbaKcjJ2Z+s2wO44k+rQAKnp6vf28kxA7T0GFF8IFNip34YzpqzWX QTBE4sjC7/qCAeGLYkBHkSqgcKBEmz2cDW5Ac+8XNER4cGVqfEvljqW8hYTNIDTBw5K+ VlkHPmQboXlK1wIRrvXbx3VAVaN6/gvBNy/7XWmu70Sf32WKGqDASVVKqrPnYu4ML7Wg jZd2tH/p+ZZQHNmIKettcTV+kBlPwlTw5Z545ybsRKX4aafNzo8bht5asUzbvYMn6UbR kcitaermbkwr3XkfqX/2DJurrgtS6ZR33ukPxu6vKkB+xBnNkhKOGjEjPneQaIa52VWa kKYQ== X-Gm-Message-State: AOJu0Yxjezf24gxtpENeCbgcj/41lCPERrbc6cK6XQGM3IcG0TOvs4JD 8hPuF9u9dWY7WbO1lrQ2QezTv4l61lo= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:db02:b0:1b8:95fc:d18 with SMTP id m2-20020a170902db0200b001b895fc0d18mr40862plx.8.1691431490364; Mon, 07 Aug 2023 11:04:50 -0700 (PDT) Date: Mon, 7 Aug 2023 11:04:48 -0700 In-Reply-To: <43c18a3d57305cf52a1c3643fa8f714ae3769551.camel@redhat.com> Mime-Version: 1.0 References: <20230807062611.12596-1-ake@igel.co.jp> <43c18a3d57305cf52a1c3643fa8f714ae3769551.camel@redhat.com> Message-ID: Subject: Re: [RFC PATCH] KVM: x86: inhibit APICv upon detecting direct APIC access from L2 From: Sean Christopherson To: Maxim Levitsky Cc: Ake Koomsin , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 07, 2023, Maxim Levitsky wrote: > =D0=A3 =D0=BF=D0=BD, 2023-08-07 =D1=83 15:26 +0900, Ake Koomsin =D0=BF=D0= =B8=D1=88=D0=B5: > > Current KVM does not expect L1 hypervisor to allow L2 guest to access > > APIC page directly when APICv is enabled. When this happens, KVM > > emulates the access itself resulting in interrupt lost. Kinda stating the obvious, but as Maxim alluded to, emulating an APIC acces= s while APICv is active should not result in lost interrupts. I.e. suppressing API= Cv is likely masking a bug that isn't unique to this specific scenario. > Is there a good reason why KVM doesn't expose APIC memslot to a nested gu= est? AFAIK, simply because no one has ever requested that KVM support such a use= case. > While nested guest runs, the L1's APICv is "inhibited" effectively anyway= , so > writes to this memslot should update APIC registers and be picked up by A= PICv > hardware when L1 resumes execution. >=20 > Since APICv alows itself to be inhibited due to other reasons, it means t= hat > just like AVIC, it should be able to pick up arbitrary changes to APIC > registers which happened while it was inhibited, just like AVIC does. >=20 > I'll take a look at the code to see if APICv does this (I know AVIC's cod= e > much better that APICv's) >=20 > Is there a reproducer for this bug? +1, this needs a reproducer, or at the very least a very detailed explanati= on and analysis.