Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp2148212rdb; Mon, 9 Oct 2023 14:29:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGh+BxLG7vBBAT8F60Ibgw+BgLLLjiqu0l/JZvxaFdYuyHsSr9zX5VOYKZq0nyjKI0Q3dhf X-Received: by 2002:a17:903:48a:b0:1c9:b258:2c43 with SMTP id jj10-20020a170903048a00b001c9b2582c43mr97044plb.34.1696886991953; Mon, 09 Oct 2023 14:29:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696886991; cv=none; d=google.com; s=arc-20160816; b=ZxYLDiNdNjqNI36k7sjueA7nVQzkTW5uv8D3A9D1N4OD2pwRQP6gCFcQ9K9foHQ5AY FZDJxWjl7T3FvVuLYRWPo2/557Zw6JR4S4ylP2GBx32KgWmUTf52iuvEF/kz7yQR2s7d e3fA6M2lI8T2IBiiRIgVSKSpUAwCe2n3yOw6WuMEofBAPpsjvJQAMtJfdRkJVdUQdfOZ hw0bfidizo5sk207Xkixl6kVzjta5H3sX1qypgC4LafKy1OONCPzJgE5Npd9+XRLjx9h 97qozrAnwylY+mhiELPJIEJ9rNx5jdzbVz4xq3opp0NOcsD6dq6zTXKZlrXmqa6Y/1Db lYvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :reply-to:dkim-signature; bh=bYkvhBthhHqIlQG5LO3kogv7cSVxxNevxV9LcQnZMPA=; fh=cGxChTyJuuVJP3J+deyn46esXkCjzHca8wSVhaJyeTE=; b=s4+wHpvt4cuYXkowtW5ss7IByrnuntsXQHKqGquPidspqljXcL+BIXMByjyCbcwrmS sAA4Iek0jG/WhO6CbVbjN38YaP4WZhIDxc292MKPRzGhPhkaxEy/ayDuvliwg6EtibQf HQRiGYTc5dNdLPwvLNM5WGpsjGCUyJkrrtaphmRSs2gpAEsqR3BgjlsOO23H4NOLVtPe 3b2tuOELjHjae+BdSE2oRu5JJcq0YOG6cQxGl6r6dDuYyqQQiqspngTzUq7un3DefF/z rw01Sc1svyeCktf/uc7FlxAsHmhIgHep/kpMsH4RlT/nJI5eTEYKZCE7NFX7hSbJmBUb gl3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=rFYxNkk9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id w11-20020a170902e88b00b001b81fe65fa3si11123767plg.569.2023.10.09.14.29.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Oct 2023 14:29:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=rFYxNkk9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 93B9981E5D2A; Mon, 9 Oct 2023 14:29:49 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378751AbjJIV33 (ORCPT + 99 others); Mon, 9 Oct 2023 17:29:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378724AbjJIV3Y (ORCPT ); Mon, 9 Oct 2023 17:29:24 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A846CA7 for ; Mon, 9 Oct 2023 14:29:22 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1c9b1ce8f0fso878595ad.0 for ; Mon, 09 Oct 2023 14:29:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1696886962; x=1697491762; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc :subject:date:message-id:reply-to; bh=bYkvhBthhHqIlQG5LO3kogv7cSVxxNevxV9LcQnZMPA=; b=rFYxNkk9qBXjJBvBs+kYp2Ta1CjsEtXbIyjVgdqBaXOpgQc4NN/J98TdGfl2jD0/un nAVwwYtR4y5Tv0HZPi7ns1azUjlRkdA4ZdxRD+MzaPsN+kPGiBg1ZY9vgw+dOF5G8F5+ 4hrAMG749yzkGYpBDW1PwrowN4SRJDrL+EWigl+FU//7GnfXDRBXO2BpNYBWEYCBlVjT fBPIubJ4WUqbfWRlE95SxuqBb76FmfHHVOt8MIomSEuHt0Dc6/KRKEkne5rS38TH0fOp H7YzYlPhMk8E9Kr8YQ9VcIK9kferNJeItfXK0EOJx+Uq1cIOZhu3Uyne8V7ujeu5jwxy dIeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696886962; x=1697491762; h=cc:to:from:subject:message-id:mime-version:date:reply-to :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bYkvhBthhHqIlQG5LO3kogv7cSVxxNevxV9LcQnZMPA=; b=mnflzSuneSPoXbXIVsOZ/r586zIYKI7GSShfKz2Q0tNSH4QZsFS1J3GwntQ+XbQMfx m7EPA8NUg8cjBQsngML5wHdRY8MNdCVARcDxR+sisGb60VAMwdrQKKsMnU2UPmmDt/He HuqLwfhDjbmCbu0g82A3WtRyE1fPhLI93XnHonEy/SjFtgpWxfvnZNmrbuqFyp//FMzv eBu3CzK0VqH5jNSUv24eZsY2Bh7Avqp6uY/0UNqgifk3ErrFzkei0BrF2hs9jJMwRrIr HFLwuPF2m0DksVbE/f7Yfz4LbkurqebvoKo948KCakg3G8c375T4AZ4XcbeuKdKYnb7S uOjA== X-Gm-Message-State: AOJu0YyFWTp1svrPbW8ikpB3tySOurKpYw/Ca4ffLMxzhSE9uNjycvaa ztaBAcL4yyIIZr2x89EVA/7ajCpxbC8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:d4c8:b0:1c1:fc5c:b32e with SMTP id o8-20020a170902d4c800b001c1fc5cb32emr276837plg.10.1696886962172; Mon, 09 Oct 2023 14:29:22 -0700 (PDT) Reply-To: Sean Christopherson Date: Mon, 9 Oct 2023 14:29:19 -0700 Mime-Version: 1.0 X-Mailer: git-send-email 2.42.0.609.gbb76f46606-goog Message-ID: <20231009212919.221810-1-seanjc@google.com> Subject: [PATCH] KVM: SVM: Don't intercept IRET when injecting NMI and vNMI is enabled From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Santosh Shukla Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-4.8 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Mon, 09 Oct 2023 14:29:49 -0700 (PDT) When vNMI is enabled, rely entirely on hardware to correctly handle NMI blocking, i.e. don't intercept IRET to detect when NMIs are no longer blocked. KVM already correctly ignores svm->nmi_masked when vNMI is enabled, so the effect of the bug is essentially an unnecessary VM-Exit. Note, per the APM, hardware sets the BLOCKING flag when software directly directly injects an NMI: If Event Injection is used to inject an NMI when NMI Virtualization is enabled, VMRUN sets V_NMI_MASK in the guest state. Fixes: fa4c027a7956 ("KVM: x86: Add support for SVM's Virtual NMI") Link: https://lore.kernel.org/all/ZOdnuDZUd4mevCqe@google.como Cc: Santosh Shukla Signed-off-by: Sean Christopherson --- Santosh, can you verify that I didn't break vNMI? I don't have access to the right hardware. Thanks! arch/x86/kvm/svm/svm.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index b7472ad183b9..4f22d12b5d60 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3569,8 +3569,15 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) if (svm->nmi_l1_to_l2) return; - svm->nmi_masked = true; - svm_set_iret_intercept(svm); + /* + * No need to manually track NMI masking when vNMI is enabled, hardware + * automatically sets V_NMI_BLOCKING_MASK as appropriate, including the + * case where software directly injects an NMI. + */ + if (!is_vnmi_enabled(svm)) { + svm->nmi_masked = true; + svm_set_iret_intercept(svm); + } ++vcpu->stat.nmi_injections; } base-commit: 86701e115030e020a052216baa942e8547e0b487 -- 2.42.0.609.gbb76f46606-goog