| Message ID | 20190903142954.3429-2-graf@amazon.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: Only use posted interrupts for Fixes/LowPrio MSIs | expand |
> On 3 Sep 2019, at 17:29, Alexander Graf <graf@amazon.com> wrote: > > We can easily route hardware interrupts directly into VM context when > they target the "Fixed" or "LowPriority" delivery modes. > > However, on modes such as "SMI" or "Init", we need to go via KVM code > to actually put the vCPU into a different mode of operation, so we can > not post the interrupt I would also mention in commit message that one can see this is also true in KVM’s vLAPIC code. i.e. __apic_accept_irq() can call kvm_x86_ops->deliver_posted_interrupt() only in case deliver-mode is either “Fixed” or “LowPriority”. > > Add code in the VMX PI logic to explicitly refuse to establish posted > mappings for advanced IRQ deliver modes. > > This fixes a bug I have with code which configures real hardware to > inject virtual SMIs into my guest. > > Signed-off-by: Alexander Graf <graf@amazon.com> With some small improvements I written inline below: Reviewed-by: Liran Alon <liran.alon@oracle.com> > --- > arch/x86/kvm/vmx/vmx.c | 22 ++++++++++++++++++++++ > 1 file changed, 22 insertions(+) > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index 570a233e272b..d16c4ae8f685 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -7401,6 +7401,28 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq, > continue; > } > > + switch (irq.delivery_mode) { > + case dest_Fixed: > + case dest_LowestPrio: > + break; > + default: > + /* > + * For non-trivial interrupt events, we need to go > + * through the full KVM IRQ code, so refuse to take > + * any direct PI assignments here. > + */ > + > + ret = irq_set_vcpu_affinity(host_irq, NULL); > + if (ret < 0) { > + printk(KERN_INFO > + "failed to back to remapped mode, irq: %u\n", > + host_irq); > + goto out; I recommend we will chose to print here a string that is different than the !kvm_intr_is_single_vcpu() case to make it easier to diagnose which case exactly failed. -Liran > + } > + > + continue; > + } > + > vcpu_info.pi_desc_addr = __pa(vcpu_to_pi_desc(vcpu)); > vcpu_info.vector = irq.vector; > > -- > 2.17.1 > > > > > Amazon Development Center Germany GmbH > Krausenstr. 38 > 10117 Berlin > Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich > Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B > Sitz: Berlin > Ust-ID: DE 289 237 879 > > >
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 570a233e272b..d16c4ae8f685 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7401,6 +7401,28 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq, continue; } + switch (irq.delivery_mode) { + case dest_Fixed: + case dest_LowestPrio: + break; + default: + /* + * For non-trivial interrupt events, we need to go + * through the full KVM IRQ code, so refuse to take + * any direct PI assignments here. + */ + + ret = irq_set_vcpu_affinity(host_irq, NULL); + if (ret < 0) { + printk(KERN_INFO + "failed to back to remapped mode, irq: %u\n", + host_irq); + goto out; + } + + continue; + } + vcpu_info.pi_desc_addr = __pa(vcpu_to_pi_desc(vcpu)); vcpu_info.vector = irq.vector;
We can easily route hardware interrupts directly into VM context when they target the "Fixed" or "LowPriority" delivery modes. However, on modes such as "SMI" or "Init", we need to go via KVM code to actually put the vCPU into a different mode of operation, so we can not post the interrupt Add code in the VMX PI logic to explicitly refuse to establish posted mappings for advanced IRQ deliver modes. This fixes a bug I have with code which configures real hardware to inject virtual SMIs into my guest. Signed-off-by: Alexander Graf <graf@amazon.com> --- arch/x86/kvm/vmx/vmx.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)