From patchwork Fri Jun  7 17:26:04 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 13690562
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E5E6B19ADB6
	for <kvm@vger.kernel.org>; Fri,  7 Jun 2024 17:26:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781176; cv=none;
 b=HeRr5ciWSoNBJ2GN+2yzKJfMNF+eZRbJkL+QdiSQF1OQQl94s/5t85K9ioqW+BaJaBZf+DJXjCRZR6FiW0JFXMxq7HJ2SlNc0HwRy8LC36n+uSDeEolwGFMVSYtraiCNxwi6GJIxO66J3JwEDP3ahE1zr5EdXQtLx4thEHFA894=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781176; c=relaxed/simple;
	bh=CmeU6X6XuRUCMZgWNmWWbwkO7e45T52s6O6uFlVMD4w=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=uiJzuPOI2naGYExHB/OZlH7oJ5dZu6dXKlSsajv+U8i9PoTctWPQwwh2gd6ZCYd40T8WZOWao9Fl8IHM6I7kfAYXcG/Q8LtC3a//jMUfavGqK3g1/meAiZS5Wbu4C7IUJt2Zar4HKMppZMDppneUAg20j4XAGTkSrOOoeazcLDc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=zGbTp4o1; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="zGbTp4o1"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-2c1e9cbab00so1817553a91.0
        for <kvm@vger.kernel.org>; Fri, 07 Jun 2024 10:26:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781174; x=1718385974;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=nvAxTcZIvC1OdGrlu2eJxWT3B4hHYurQ+uIblxla4PA=;
        b=zGbTp4o1gvvfKg1SufjTOQJSja6C0ucpU/ZpqFqcCWgzMOv72MqE5X2BV88zu5ea3O
         /pnTM3mGshd++JyXUtmnJX0Rbbk287AqoffV7nwYurLHsPTKRnoi1/w8Mr0o723trkyj
         W9EnBTsZD3tfepoGOTCNinaa8PktrY/rv2DixHDdAyxIrzKQYTV/TN3pnfmn8CyhZ3Wv
         K+3GyJiHtpV/FrRACu/2SewvHl8EOAsj7slHyEXCQnj2EIJMX9Ae2z+5A5Xz2jaZ4ClV
         2UXxeRFDXh70ANO5w+Xq1dOJrkzfZiP8sX3vYTNzC0FAl4Whv+m2KmEWR5OCaMMnjbKF
         Icig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781174; x=1718385974;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=nvAxTcZIvC1OdGrlu2eJxWT3B4hHYurQ+uIblxla4PA=;
        b=n8mjBLo582xOx4g8zxEeANNw57RtIV2OjjDWIjnrQxCCRO5RvehK9XIvw9DX/rqCey
         hLRm/qY4yqgpi1NFMTo4HleBb1+FJ2vCUs9HLVl1o1+o5dEMcARYRjbo7+qrsQU+Gn67
         2QgZf6dWQFlcnSKZyfrz2byiuk/6Y88DCEUBD2fqadbfzNy4rgZYjUvTFoC4RaqE3MTs
         fNG6amMAbX1HoL64Gs2RAgsc3KzeSsBU+aYhdtKeiNMsKHZS6AH6Gpr5OgZKwUjx2Cbx
         /svCOQR/C+DmuDjIZ8iwB78MRSN1BT2g9kMKoVcKP8IrGPyTAXrbKBtYLPUxwoZRSkVs
         Jvag==
X-Gm-Message-State: AOJu0Yx7Kd2hBg/MJJ10bpcJ8O4nC5zi50EFO2or1ee5snmpyapiXaDw
	hjKniVBY+NhvjiWrg+LQaqLI12Tz/fMDrm8OtotCbwVCaOqjpM/rVzORqbzWQ1gv9anjpIr6FEt
	YDQ==
X-Google-Smtp-Source: 
 AGHT+IGxcLR1b1Vm2e5rkoqR3n1WKlpdaBelsURlYgVJIykIKm0lGuKPenh5KLDsE4HFKo215OoI1C+zKeo=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90a:5a82:b0:2c2:d12e:c344 with SMTP id
 98e67ed59e1d1-2c2d12ed108mr3554a91.2.1717781174029; Fri, 07 Jun 2024 10:26:14
 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:04 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-2-seanjc@google.com>
Subject: [PATCH 1/6] KVM: nVMX: Add a helper to get highest pending from
 Posted Interrupt vector
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>

Add a helper to retrieve the highest pending vector given a Posted
Interrupt descriptor.  While the actual operation is straightforward, it's
surprisingly easy to mess up, e.g. if one tries to reuse lapic.c's
find_highest_vector(), which doesn't work with PID.PIR due to the APIC's
IRR and ISR component registers being physically discontiguous (they're
4-byte registers aligned at 16-byte intervals).

To make PIR handling more consistent with respect to IRR and ISR handling,
return -1 to indicate "no interrupt pending".

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/vmx/nested.c      |  5 +++--
 arch/x86/kvm/vmx/posted_intr.h | 10 ++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 75b4f41d9926..0710486d42cc 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -12,6 +12,7 @@
 #include "mmu.h"
 #include "nested.h"
 #include "pmu.h"
+#include "posted_intr.h"
 #include "sgx.h"
 #include "trace.h"
 #include "vmx.h"
@@ -3899,8 +3900,8 @@ static int vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu)
 	if (!pi_test_and_clear_on(vmx->nested.pi_desc))
 		return 0;
 
-	max_irr = find_last_bit((unsigned long *)vmx->nested.pi_desc->pir, 256);
-	if (max_irr != 256) {
+	max_irr = pi_find_highest_vector(vmx->nested.pi_desc);
+	if (max_irr > 0) {
 		vapic_page = vmx->nested.virtual_apic_map.hva;
 		if (!vapic_page)
 			goto mmio_needed;
diff --git a/arch/x86/kvm/vmx/posted_intr.h b/arch/x86/kvm/vmx/posted_intr.h
index 6b2a0226257e..1715d2ab07be 100644
--- a/arch/x86/kvm/vmx/posted_intr.h
+++ b/arch/x86/kvm/vmx/posted_intr.h
@@ -1,6 +1,8 @@
 /* SPDX-License-Identifier: GPL-2.0 */
 #ifndef __KVM_X86_VMX_POSTED_INTR_H
 #define __KVM_X86_VMX_POSTED_INTR_H
+
+#include <linux/find.h>
 #include <asm/posted_intr.h>
 
 void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu);
@@ -12,4 +14,12 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq,
 		       uint32_t guest_irq, bool set);
 void vmx_pi_start_assignment(struct kvm *kvm);
 
+static inline int pi_find_highest_vector(struct pi_desc *pi_desc)
+{
+	int vec;
+
+	vec = find_last_bit((unsigned long *)pi_desc->pir, 256);
+	return vec < 256 ? vec : -1;
+}
+
 #endif /* __KVM_X86_VMX_POSTED_INTR_H */

From patchwork Fri Jun  7 17:26:05 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 13690563
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1DC1E19B59A
	for <kvm@vger.kernel.org>; Fri,  7 Jun 2024 17:26:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781179; cv=none;
 b=oE7sluQE5VVA8wsV4DRqWhIOl/wqsGOoFQ1vGVKRiL3IwwBHT6NNZo/bk3W8SvINiJBweqXreKvLkQh6I/3VtulILPcMggCtuP3fE3ms7E2poT0CDHG1BGy55Espq3AEevpcdf46DJentASsd03G4FuK1LPvxpXh3zrHdo1O1Pk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781179; c=relaxed/simple;
	bh=zAGtRhmr0d/QTq2Bw5BvUsPFzARJJ399PRwhubtB1X8=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=KGggqYMR58oa4C0bqEIKprXFWp13iZhW8RlQWq94WKZHUTU1BikFjql32uJSs9gWAHsrO8lOX7QdnMySA9iiMC8A6m98RN/bYNHbmp5r99iXhnDh491wbUi6LL+RmcK9UWeACxw3wYUcRzrWtvNFOsiBkgbp/ORcMAS4Oe/TCV8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=PzUojqmZ; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="PzUojqmZ"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-627956be166so44478267b3.0
        for <kvm@vger.kernel.org>; Fri, 07 Jun 2024 10:26:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781176; x=1718385976;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=kJHRfStFkUXfG21w/DoiKB1T7iExC1PuwpEo9VICX2Y=;
        b=PzUojqmZdHtO6oN3aENDkb5YvE/utaYvBgVvUyOnItrLoRMC1g+JugWGoBw8LjYMpt
         NXrddiGm+qv1ywuCQB4GBFEgsKG4IUWw2mFUV4ENt62+6vemNVBmfOHqCrVniCgcbqLi
         m6TDWWUMrlHDOYVbIEZdXbDHldQGcp8gIJfZ6JudjnFoUCXf1stnRt06bFhq6HCxTNvC
         6VZ+W7s/cbkOUK+qNPRU2bQLScYQeXDsAXnCqFTkjm0YfuO8nBAnZbnP7lVQuw8AzaZb
         H7TsmCSWB4jIGi0kTwoCb1xVl9SRR2+om3i9ox9MZPo1ZqmOeqCdr8cz24mlZ++sLpNQ
         XccA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781176; x=1718385976;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=kJHRfStFkUXfG21w/DoiKB1T7iExC1PuwpEo9VICX2Y=;
        b=wlzOgvXfpcRKsUKd2rKxLWQTNvDkzaOBdYvs4unI516oNcXW09QOZIvD6KSuz8JTlq
         EYTIQ70vbhbmU8NlbYA1uvUjwiB9vA9xZVBcD9cu/EXDrgXvLBHtOVRD5T9W78+Gur0d
         zzS0WsNBruaN2SYBl/0/52ApRblQuGFgpegcfWiI39A7gDaMxjbm/sprQu5aQ2t6DeNW
         AZUz4ZDV8uSMimpcgv0RJrFCjXWOvQa2Vym1q6MrqHH7vmbCSESSH6VNnbl/MuTrBvF2
         qhhN6Wq1h9rE0kQyJZ3f9RKwo9eKambWLoLURFY5zmp2SeAZpECbhEz4drJr+JUTaHlC
         y+CA==
X-Gm-Message-State: AOJu0YxJBONqob7FgG0a/rQkJUIR3nEbpHG3g3Psw1jII4DGqmykv2F7
	cmcQeGh30bjRmnIPGuoF0T8P5aYov/xF7pFsRfGY9mScukxOW/dByvlCNOkrWAS1OWM2migcB/D
	kSQ==
X-Google-Smtp-Source: 
 AGHT+IEJgRrph+wkSRXAv3mYf/aI2eiFiQMIWYiL20qPih15C/254zU1LiwuO3jOFWmuqAnMD00vhDMjY/w=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6902:1106:b0:df7:a340:45e5 with SMTP id
 3f1490d57ef6-dfaf6594155mr711835276.9.1717781176159; Fri, 07 Jun 2024
 10:26:16 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:05 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-3-seanjc@google.com>
Subject: [PATCH 2/6] KVM: nVMX: Request immediate exit iff pending nested
 event needs injection
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>

When requesting an immediate exit from L2 in order to inject a pending
event, do so only if the pending event actually requires manual injection,
i.e. if and only if KVM actually needs to regain control in order to
deliver the event.

Avoiding the "immediate exit" isn't simply an optimization, it's necessary
to make forward progress, as the "already expired" VMX preemption timer
trick that KVM uses to force a VM-Exit has higher priority than events
that aren't directly injected.

At present time, this is a glorified nop as all events processed by
vmx_has_nested_events() require injection, but that will not hold true in
the future, e.g. if there's a pending virtual interrupt in vmcs02.RVI.
I.e. if KVM is trying to deliver a virtual interrupt to L2, the expired
VMX preemption timer will trigger VM-Exit before the virtual interrupt is
delivered, and KVM will effectively hang the vCPU in an endless loop of
forced immediate VM-Exits (because the pending virtual interrupt never
goes away).

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm_host.h | 2 +-
 arch/x86/kvm/vmx/nested.c       | 2 +-
 arch/x86/kvm/x86.c              | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 5c0415899a07..473f7e1d245c 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1836,7 +1836,7 @@ struct kvm_x86_nested_ops {
 	bool (*is_exception_vmexit)(struct kvm_vcpu *vcpu, u8 vector,
 				    u32 error_code);
 	int (*check_events)(struct kvm_vcpu *vcpu);
-	bool (*has_events)(struct kvm_vcpu *vcpu);
+	bool (*has_events)(struct kvm_vcpu *vcpu, bool for_injection);
 	void (*triple_fault)(struct kvm_vcpu *vcpu);
 	int (*get_state)(struct kvm_vcpu *vcpu,
 			 struct kvm_nested_state __user *user_kvm_nested_state,
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 0710486d42cc..9099c1d0c7cb 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4032,7 +4032,7 @@ static bool nested_vmx_preemption_timer_pending(struct kvm_vcpu *vcpu)
 	       to_vmx(vcpu)->nested.preemption_timer_expired;
 }
 
-static bool vmx_has_nested_events(struct kvm_vcpu *vcpu)
+static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injection)
 {
 	return nested_vmx_preemption_timer_pending(vcpu) ||
 	       to_vmx(vcpu)->nested.mtf_pending;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4157602c964e..5ec24d9cb231 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -10534,7 +10534,7 @@ static int kvm_check_and_inject_events(struct kvm_vcpu *vcpu,
 
 	if (is_guest_mode(vcpu) &&
 	    kvm_x86_ops.nested_ops->has_events &&
-	    kvm_x86_ops.nested_ops->has_events(vcpu))
+	    kvm_x86_ops.nested_ops->has_events(vcpu, true))
 		*req_immediate_exit = true;
 
 	/*
@@ -13182,7 +13182,7 @@ static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu)
 
 	if (is_guest_mode(vcpu) &&
 	    kvm_x86_ops.nested_ops->has_events &&
-	    kvm_x86_ops.nested_ops->has_events(vcpu))
+	    kvm_x86_ops.nested_ops->has_events(vcpu, false))
 		return true;
 
 	if (kvm_xen_has_pending_events(vcpu))

From patchwork Fri Jun  7 17:26:06 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 13690564
Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com
 [209.85.128.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F097199235
	for <kvm@vger.kernel.org>; Fri,  7 Jun 2024 17:26:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781180; cv=none;
 b=KZrQcS49BeXHN1hqkHtmZhCBI3xe+ofCPmS0TgPoayJfAcnnW00DepDCqgaI87hzIwJDjN5cKBefslxEh/g4baY4KXzUWAxz3Ih4oMjuMfSjLnJPL6LQq9zDPm464sUl1YvBIjir+f2bWwzmW2wQWTSng59zpQ6ecI+53bsEvhM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781180; c=relaxed/simple;
	bh=MTqQFmVrRdyG7Np823VTm6J+yyKDKmP35dXc0YupBSg=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=ufld0mfeEdR/SbK6ej65QbHlqiujA7v17epTb4uWLWFjQLX09b55rF56cf0r7zGqvihV9xNdvslg3z+lhWLogJ9KTI7dT/D/NbAdtvILoZjmgAJSs2VbhBQLrWlEP4AIVvZqpwQN5uBtmsvL1hN0IKeNuG8QLTBCjH7m3Zsqne4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=NfgFH684; arc=none smtp.client-ip=209.85.128.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="NfgFH684"
Received: by mail-yw1-f202.google.com with SMTP id
 00721157ae682-62a080977a5so40297237b3.0
        for <kvm@vger.kernel.org>; Fri, 07 Jun 2024 10:26:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781178; x=1718385978;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=JYYDgtTjpdJQWbBa/dr8LzdA49eSHC9v6AH4GoU5QDU=;
        b=NfgFH684x+eCraapvFW3iwc8lOixsi02uCsT6l8EqJZNU1m6F4MlL3fwgRj3qOFeJz
         dHAZes6k9qIVZdwZwJSnYgw1PWU0Ako5Kcnxmeem31GfXrs2toI7SDEcgr53vbAKI8ro
         74y3gkhj8GaauC2PVISa7rr1BK8SphEcjBMZxtx9WIyI0H+l5xFBFLFkdZHxz2pz0uZv
         lsZXwUPexlp1/JYHokLgtBKOsO5urh3N/0E0nb7jYO6TNV3qH7RV1UD9i6Lu5vUEm2Dr
         B/C51Q3cvTREmPm1hgLUNKMe4Whv0fRpnfU8wCeetSy+gxt5uiADnP7h1dG5x4uLC6KX
         eXAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781178; x=1718385978;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=JYYDgtTjpdJQWbBa/dr8LzdA49eSHC9v6AH4GoU5QDU=;
        b=FP5UcwLmbvw/asCVP/FUcBk08xV/jXADcCPeDnEtYll44l+clIbx1yG1e/MStIXXlt
         2eaCTF0oNSzlgprMCwtQ33lgutIxwuGx423HxuxRE5lCaA3kD0AA1HbzbQxIfgC91ofo
         N3YXULZOH0X0gXIntwob3jDXSMVASLzh5F6pywlUyyCdNSJiRmcm5k/58lT7kxGJ8fwL
         sOlP899QMNvYcXZl643EJMwrr71Lcjxv1h/0N5tgvltI5g4WAFc888uz805HsjxGHv68
         9DThwvjqrHbBku+FzXgiJVQKkZWncNSDEX8U9qZZEQGnQsutIeJwG6VW4KpU+FSWXt0A
         sLIg==
X-Gm-Message-State: AOJu0Yyhu9WGa3Y62xSRVS9t9MBix1wKVSc/A9BdAhyUx+ZoDQqwGcts
	Ok0hS0GJuG6ZFgDNlOQ5L6Clw9/ltFZ9CXKJc7ZmGIFEWm4CSm+6L0HfS0xF6uhKS3YAghXKn/I
	I7Q==
X-Google-Smtp-Source: 
 AGHT+IHChjWREz5f17er3Dt6IudMfKcgo37XC0GFeRYtbeBkJwfmU7kOe/5g8rorkUKpzeJq7A7baJuMnI8=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6902:1007:b0:dfa:7282:d6d4 with SMTP id
 3f1490d57ef6-dfaf64efa7dmr799974276.6.1717781177998; Fri, 07 Jun 2024
 10:26:17 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:06 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-4-seanjc@google.com>
Subject: [PATCH 3/6] KVM: VMX: Split out the non-virtualization part of
 vmx_interrupt_blocked()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>

Move the non-VMX chunk of the "interrupt blocked" checks to a separate
helper so that KVM can reuse the code to detect if interrupts are blocked
for L2, e.g. to determine if a virtual interrupt _for L2_ is a valid wake
event.  If L1 disables HLT-exiting for L2, nested APICv is enabled, and L2
HLTs, then L2 virtual interrupts are valid wake events, but if and only if
interrupts are unblocked for L2.

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/vmx/vmx.c | 13 +++++++++----
 arch/x86/kvm/vmx/vmx.h |  1 +
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 0e3aaf520db2..d8d9e1f6c340 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -5050,16 +5050,21 @@ int vmx_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
 	return !vmx_nmi_blocked(vcpu);
 }
 
-bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
+bool __vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
 {
-	if (is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
-		return false;
-
 	return !(vmx_get_rflags(vcpu) & X86_EFLAGS_IF) ||
 	       (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
 		(GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS));
 }
 
+bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
+{
+	if (is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
+		return false;
+
+	return __vmx_interrupt_blocked(vcpu);
+}
+
 int vmx_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection)
 {
 	if (to_vmx(vcpu)->nested.nested_run_pending)
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 08d7d67fe760..42498fa63abb 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -406,6 +406,7 @@ u64 construct_eptp(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level);
 bool vmx_guest_inject_ac(struct kvm_vcpu *vcpu);
 void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu);
 bool vmx_nmi_blocked(struct kvm_vcpu *vcpu);
+bool __vmx_interrupt_blocked(struct kvm_vcpu *vcpu);
 bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu);
 bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu);
 void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked);

From patchwork Fri Jun  7 17:26:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 13690566
Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com
 [209.85.128.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC81A19D064
	for <kvm@vger.kernel.org>; Fri,  7 Jun 2024 17:26:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781185; cv=none;
 b=DR47MkPHtJBCmYLomrz/3VKf62som8fvKxpx2kEcckZ4zPVsgo4hSWxaiBxOSjw7xeK6rPIAlRKOg0+VMAEsK2Fh+hrBIsVCnaYPjir+XdRlLSv6TlHYMCXwzL0vr51INccbtm45QRH7DjjwWE3HOh/b9JU/hJx8Ga2gu7xCO3s=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781185; c=relaxed/simple;
	bh=EkyMwxgguAdShYFUA0GXN+UsQ76+bfUZ2h4ecWNIerk=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=cV6MUiXcQSXuHdDBKqEVab9nH6Ds/UGk6VEOh3Deg9BSsLArqypqX0Z2Gq5F/0QXs1xcFcucUoEHNJPMtZ6Ul+ctdxLmnO8zY52gj220ENcxdOCiW/pQGcIaP4/hLKr9cuak3rEdQKYVtR18TrJ7OOQvYPC+vKOqjBKZCpKFyC8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=vcJDljGS; arc=none smtp.client-ip=209.85.128.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="vcJDljGS"
Received: by mail-yw1-f202.google.com with SMTP id
 00721157ae682-629fe12b380so36236087b3.1
        for <kvm@vger.kernel.org>; Fri, 07 Jun 2024 10:26:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781180; x=1718385980;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=uvcmSFh6UDPlnnaoqVbG3z1+eul2qj/DkJROW9dPPPM=;
        b=vcJDljGSZJDzjPb8utCkJ4FypfZ29PYbOLV3rfsiWDB3VlWaK/kucDGxt659/RWNmg
         Al4UKWV6aZMaNMUwLIfOssKXD3QPgT7a6FXjZDJL04wKIve3EzPnPcnJk3S6wlhSXC0r
         2oJkTzGX3o6/CZaAIHT9DpvIk2rddXXoBDST+t+trdnLR8ORMD3wBr2JJ6oTcsQJsZ2A
         +H4cQoOEzZGkBg+K+Wqy0myjDeBEfOhjmRYO1edG1kSgWh+C5V3Kf2ukHJV/0xIHGHQt
         LDkfdTbz2UxKXtvBVzzWo511jsGk2GUcB+LYDJGzyqUrYe1kdkdEmyeom/4HhKLtysg9
         LO5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781180; x=1718385980;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=uvcmSFh6UDPlnnaoqVbG3z1+eul2qj/DkJROW9dPPPM=;
        b=nVz1GuEVnptGg2ax4fyMzvn1SF0lsCo+qGN/MjqYbSYnYZgr1rdhKrR2/47Iu9indS
         px49gbnK1qIfcubPVHIc2aEwN4ro6gUS/7YwFQNq9j2xSDJMZwpttz+PKXXAoWhMi+GB
         j/kfbE0nA8fhj7pM+iLXP/8C3rsACVQdh5ZIJ5vTVb24JQpsj+ln+QfLAj12wmVtx3G6
         MwZxjOBjStqPTTWeDzfK7Fvb4XTp6BpCjMn+KPNzGzrDk7Jqp7pWpPgR7DlVNCvk1g4J
         6ILO70ugAAqBkCkMQJWqfBsr25xYzJgZ12QKbu3JCxnoBmXoyqgxnlUU14Jc3uvA8Wbg
         /68A==
X-Gm-Message-State: AOJu0YxAj/xNG2VM/8NvpOocqS1n6sMixC7DuSrKYBhRHpEijgGUX+oK
	vCeUuQCHqnWYzwFGf4pOXP4Pk0tGeWfAmUXszpPzevDkccQ9zPgjtRWVJNyjC1pt49yRUPMBG/Y
	CCw==
X-Google-Smtp-Source: 
 AGHT+IGIZ4Qb+0glovi73d9KZDhjY95rWNohcXu2h9SyflsuTB9XzgO6rUM0AtwM6BI0O8URSVqN8+IbMWY=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:690c:f12:b0:627:a671:8805 with SMTP id
 00721157ae682-62cd558cf7cmr8461517b3.3.1717781179894; Fri, 07 Jun 2024
 10:26:19 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:07 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-5-seanjc@google.com>
Subject: [PATCH 4/6] KVM: nVMX: Check for pending posted interrupts when
 looking for nested events
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>

Check for pending (and notified!) posted interrupts when checking if L2
has a pending wake event, as fully posted/notified virtual interrupt is a
valid wake event for HLT.

Note that KVM must check vmx->nested.pi_pending to avoid prematurely
waking L2, e.g. even if KVM sees a non-zero PID.PIR and PID.0N=1, the
virtual interrupt won't actually be recognized until a notification IRQ is
received by the vCPU or the vCPU does (nested) VM-Enter.

Fixes: 26844fee6ade ("KVM: x86: never write to memory from kvm_vcpu_check_block()")
Cc: stable@vger.kernel.org
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Reported-by: Jim Mattson <jmattson@google.com>
Closes: https://lore.kernel.org/all/20231207010302.2240506-1-jmattson@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/vmx/nested.c | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 9099c1d0c7cb..3bac65591f20 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4034,8 +4034,40 @@ static bool nested_vmx_preemption_timer_pending(struct kvm_vcpu *vcpu)
 
 static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injection)
 {
-	return nested_vmx_preemption_timer_pending(vcpu) ||
-	       to_vmx(vcpu)->nested.mtf_pending;
+	struct vcpu_vmx *vmx = to_vmx(vcpu);
+	void *vapic = vmx->nested.virtual_apic_map.hva;
+	int max_irr, vppr;
+
+	if (nested_vmx_preemption_timer_pending(vcpu) ||
+	    vmx->nested.mtf_pending)
+		return true;
+
+	/*
+	 * Virtual Interrupt Delivery doesn't require manual injection.  Either
+	 * the interrupt is already in GUEST_RVI and will be recognized by CPU
+	 * at VM-Entry, or there is a KVM_REQ_EVENT pending and KVM will move
+	 * the interrupt from the PIR to RVI prior to entering the guest.
+	 */
+	if (for_injection)
+		return false;
+
+	if (!nested_cpu_has_vid(get_vmcs12(vcpu)) ||
+	    __vmx_interrupt_blocked(vcpu))
+		return false;
+
+	if (!vapic)
+		return false;
+
+	vppr = *((u32 *)(vapic + APIC_PROCPRI));
+
+	if (vmx->nested.pi_pending && vmx->nested.pi_desc &&
+	    pi_test_on(vmx->nested.pi_desc)) {
+		max_irr = pi_find_highest_vector(vmx->nested.pi_desc);
+		if (max_irr > 0 && (max_irr & 0xf0) > (vppr & 0xf0))
+			return true;
+	}
+
+	return false;
 }
 
 /*

From patchwork Fri Jun  7 17:26:08 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 13690565
Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com
 [209.85.128.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99C9419D08F
	for <kvm@vger.kernel.org>; Fri,  7 Jun 2024 17:26:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781184; cv=none;
 b=o/zvn8FU+tmeFF8JYLXd6IC2vzgDog8KWFufjwhI3CECqGbvb2NYIsRQ28Wiw2B+sVQhpOmRlQbve3nvs9E6l+4ENfJNyAwoUaD/6Qz8hS2ms+MEFXRPDKiaAOGgX7FL4TtFbYwMZ8tfoRTlay+UhUtG6GsHSBdgoQ63qxSK8K8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781184; c=relaxed/simple;
	bh=uwYtophU5hm1OXjOu+1eRsZ49jJfW6mqic9Ov3GeFFE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=hLx+WxH9YFYADsM5odiC3zW6d3/H8W/O7prqneVUEYYQWFdQ6hQcMJe6KyQN3grfeEjyAfosJvtsNQWRI9Z2kwDu3TQ8e9xx8FRNrvFDtA1SD5rr2ulJMvb9YmYzSJ1Dj/jGw1YP+mLBBP45V7mes/6UgLLxUs23uHVeKK8Neuk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Mby5aok0; arc=none smtp.client-ip=209.85.128.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Mby5aok0"
Received: by mail-yw1-f202.google.com with SMTP id
 00721157ae682-62834d556feso40494067b3.3
        for <kvm@vger.kernel.org>; Fri, 07 Jun 2024 10:26:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781182; x=1718385982;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=I8tZ/gmYA7GBl7bf0FH2ZDf6II4rZkd3AyeJSBhZjy0=;
        b=Mby5aok0y7hgq4pYmKe9N0ihp3Nzrg6BLSfwbSRdDnjrwuC10bhVu2MLLvZ3LTV4Dg
         f1zj6jX131aH1je4+1YHSngGY7QYBd6u/MwubS/iQcHGPEvrW+bskEqpW2TZplPoTNek
         OfciX3x/uLBGJbgcZdRO7y7gkCGlpXqljT27ldw2HJ0kbPM+oB+c4IhlU8nT2GOGpDt2
         dklzwajAnisneEorQVi/5EaTn93+eVqFtGJHrYbdk0iWdcx3yRVlQyj3bKTGA7SkZBkO
         tEm2pEyzZWEgFaa/cNh029Y5VaSbk+3VX598P2kU7Roccua8xAaoRMeAQuSwA26hqzKa
         xzig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781182; x=1718385982;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=I8tZ/gmYA7GBl7bf0FH2ZDf6II4rZkd3AyeJSBhZjy0=;
        b=uogJlnGTZLGN5zGCGCA3t9SQKIJ3dnrc55/FyM+und0JImfqL/8OqKU0pzPVad09WO
         icp76mfpCUxN5v1NyKGgrGWsu5kRcNZueZxtLyegcdUhca4u9IEHjkUJy3z0bJj2vsvu
         lGTCYf9BRCK5d+0Ndg9LxLm1ct476sSQoGB5d845Hf2y+ebQPhA33/zNrzZSTbaQdhZt
         BRxwsVLHY2v5CQO4JQupSC+nsibbg8IGbi6bbJeKAqcTEHKpeop/xgQ8+CRO8aKBtJwE
         1djz7QTRoEmLGobUg0eqTzqNdn23x483Tc0Gq34gn9cj/MzO6KRyxFbM/ZrDyctOaSMN
         s8fw==
X-Gm-Message-State: AOJu0YzUXJePCdbOItH6eN9KEKAwCigJSUhq7pLKrhtZK7+RbcO+I41F
	bMXmtW+K/LTihyRwo67JnknyqYNk7YUdx8KCTVAbx5vJx0h8a8WLT61+4TqWFsKn+JdfAC1krnl
	6tw==
X-Google-Smtp-Source: 
 AGHT+IHq6Ghjo627j1Ecg2DhQ0n1iZ2HoaZY1uPibDZ9DVJi3CFE2EBpX4AmWstOchENiKKMUNfrl6GA3KM=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:690c:6410:b0:62c:c56c:94c3 with SMTP id
 00721157ae682-62cd546f5e8mr8160437b3.0.1717781181722; Fri, 07 Jun 2024
 10:26:21 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:08 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-6-seanjc@google.com>
Subject: [PATCH 5/6] KVM: nVMX: Fold requested virtual interrupt check into
 has_nested_events()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>

Check for a Requested Virtual Interrupt, i.e. a virtual interrupt that is
pending delivery, in vmx_has_nested_events() and drop the one-off
kvm_x86_ops.guest_apic_has_interrupt() hook.

In addition to dropping a superfluous hook, this fixes a bug where KVM
would incorrectly treat virtual interrupts _for L2_ as always enabled due
to kvm_arch_interrupt_allowed(), by way of vmx_interrupt_blocked(),
treating IRQs as enabled if L2 is active and vmcs12 is configured to exit
on IRQs, i.e. KVM would treat a virtual interrupt for L2 as a valid wake
event based on L1's IRQ blocking status.

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm-x86-ops.h |  1 -
 arch/x86/include/asm/kvm_host.h    |  1 -
 arch/x86/kvm/vmx/main.c            |  1 -
 arch/x86/kvm/vmx/nested.c          |  4 ++++
 arch/x86/kvm/vmx/vmx.c             | 20 --------------------
 arch/x86/kvm/vmx/x86_ops.h         |  1 -
 arch/x86/kvm/x86.c                 | 10 +---------
 7 files changed, 5 insertions(+), 33 deletions(-)

diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h
index 566d19b02483..f91d413d7de1 100644
--- a/arch/x86/include/asm/kvm-x86-ops.h
+++ b/arch/x86/include/asm/kvm-x86-ops.h
@@ -85,7 +85,6 @@ KVM_X86_OP_OPTIONAL(update_cr8_intercept)
 KVM_X86_OP(refresh_apicv_exec_ctrl)
 KVM_X86_OP_OPTIONAL(hwapic_irr_update)
 KVM_X86_OP_OPTIONAL(hwapic_isr_update)
-KVM_X86_OP_OPTIONAL_RET0(guest_apic_has_interrupt)
 KVM_X86_OP_OPTIONAL(load_eoi_exitmap)
 KVM_X86_OP_OPTIONAL(set_virtual_apic_mode)
 KVM_X86_OP_OPTIONAL(set_apic_access_page_addr)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 473f7e1d245c..f2336c646088 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1728,7 +1728,6 @@ struct kvm_x86_ops {
 	void (*refresh_apicv_exec_ctrl)(struct kvm_vcpu *vcpu);
 	void (*hwapic_irr_update)(struct kvm_vcpu *vcpu, int max_irr);
 	void (*hwapic_isr_update)(int isr);
-	bool (*guest_apic_has_interrupt)(struct kvm_vcpu *vcpu);
 	void (*load_eoi_exitmap)(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap);
 	void (*set_virtual_apic_mode)(struct kvm_vcpu *vcpu);
 	void (*set_apic_access_page_addr)(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index d0e1a5b5c915..7e846a842443 100644
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -97,7 +97,6 @@ struct kvm_x86_ops vt_x86_ops __initdata = {
 	.required_apicv_inhibits = VMX_REQUIRED_APICV_INHIBITS,
 	.hwapic_irr_update = vmx_hwapic_irr_update,
 	.hwapic_isr_update = vmx_hwapic_isr_update,
-	.guest_apic_has_interrupt = vmx_guest_apic_has_interrupt,
 	.sync_pir_to_irr = vmx_sync_pir_to_irr,
 	.deliver_interrupt = vmx_deliver_interrupt,
 	.dy_apicv_has_pending_interrupt = pi_has_pending_interrupt,
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 3bac65591f20..2392a7ef254d 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4060,6 +4060,10 @@ static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injection)
 
 	vppr = *((u32 *)(vapic + APIC_PROCPRI));
 
+	max_irr = vmx_get_rvi();
+	if ((max_irr & 0xf0) > (vppr & 0xf0))
+		return true;
+
 	if (vmx->nested.pi_pending && vmx->nested.pi_desc &&
 	    pi_test_on(vmx->nested.pi_desc)) {
 		max_irr = pi_find_highest_vector(vmx->nested.pi_desc);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index d8d9e1f6c340..c7558bcb0241 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -4106,26 +4106,6 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *vcpu)
 	}
 }
 
-bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu)
-{
-	struct vcpu_vmx *vmx = to_vmx(vcpu);
-	void *vapic_page;
-	u32 vppr;
-	int rvi;
-
-	if (WARN_ON_ONCE(!is_guest_mode(vcpu)) ||
-		!nested_cpu_has_vid(get_vmcs12(vcpu)) ||
-		WARN_ON_ONCE(!vmx->nested.virtual_apic_map.gfn))
-		return false;
-
-	rvi = vmx_get_rvi();
-
-	vapic_page = vmx->nested.virtual_apic_map.hva;
-	vppr = *((u32 *)(vapic_page + APIC_PROCPRI));
-
-	return ((rvi & 0xf0) > (vppr & 0xf0));
-}
-
 void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h
index 502704596c83..d404227c164d 100644
--- a/arch/x86/kvm/vmx/x86_ops.h
+++ b/arch/x86/kvm/vmx/x86_ops.h
@@ -49,7 +49,6 @@ void vmx_apicv_pre_state_restore(struct kvm_vcpu *vcpu);
 bool vmx_check_apicv_inhibit_reasons(enum kvm_apicv_inhibit reason);
 void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr);
 void vmx_hwapic_isr_update(int max_isr);
-bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu);
 int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu);
 void vmx_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode,
 			   int trig_mode, int vector);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5ec24d9cb231..82442960b499 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -13133,12 +13133,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
 		kvm_arch_free_memslot(kvm, old);
 }
 
-static inline bool kvm_guest_apic_has_interrupt(struct kvm_vcpu *vcpu)
-{
-	return (is_guest_mode(vcpu) &&
-		static_call(kvm_x86_guest_apic_has_interrupt)(vcpu));
-}
-
 static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu)
 {
 	if (!list_empty_careful(&vcpu->async_pf.done))
@@ -13172,9 +13166,7 @@ static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu)
 	if (kvm_test_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, vcpu))
 		return true;
 
-	if (kvm_arch_interrupt_allowed(vcpu) &&
-	    (kvm_cpu_has_interrupt(vcpu) ||
-	    kvm_guest_apic_has_interrupt(vcpu)))
+	if (kvm_arch_interrupt_allowed(vcpu) && kvm_cpu_has_interrupt(vcpu))
 		return true;
 
 	if (kvm_hv_has_stimer_pending(vcpu))

From patchwork Fri Jun  7 17:26:09 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 13690567
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9877019DF5A
	for <kvm@vger.kernel.org>; Fri,  7 Jun 2024 17:26:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781185; cv=none;
 b=rwoMNMwGVZ7UPBw82dMe5xdowLEyOYyk84qs6RkZ6e2e42g3m53J2uhjhk82G3MPsPG2PfM117Va3pkwyW1ZLRy29y5Dm+K3eUHGfUCZW/MYJ/zP0wrqbkU5joVszKZd3h9BlPbwaGdmv/2v30K7isvANQ0/Ka5mDY4wTDPU6Zc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781185; c=relaxed/simple;
	bh=k3uT5XlI3ypHnkmLELkYUkwKaO/W0Vb6n7fa+JWmkAI=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=HcvbHMDXGmS5jmpllb49BOXq0nvB0Jf9MHpN0G+SrlY0gtfblXMCXSGY4OuV6phlcLfsNb9p6IYWNkXuZ1pOfunC1cPZUS/5kIbtWaVk08S+dyfplpV3xQMf77Z8EbALULhvg2SL4aMlv/SrSpqLzpp7fASiw0CdMT3xOxCS/Hg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=gVhJSPCi; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="gVhJSPCi"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-2c2d8af4eb3so4947a91.1
        for <kvm@vger.kernel.org>; Fri, 07 Jun 2024 10:26:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781184; x=1718385984;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=imi/dSYgg4r8Xm2pV7Tc7IPLLCcd51djYuqB8UoSynw=;
        b=gVhJSPCiy/xmMy+io9LvM3vlstRFcRXZ818xvTziOsyK6QYvglbT0rDny7t3DrIyEA
         A6QL7eAA2FLpDiUyOV4XSoyljaTYSQLi6VRrWmMzLFO7LZjHhky4w5rJbRdGA9EQn/XC
         Omb29/5HVAUEQbIA4b+fIRErJ8avBy+vJaJfh5G6t/cHJqhUchwVWvOzqTzl/E3MNLhD
         70RGYEW8w0HQoNGver9ikXbephNn0SWmvIwiCzqNXsEgtoVPc+zh38w0ykLfmrUMwrrT
         zdzs7JtRSqEy8+h+ykSu97LEmLTaO+TBh+/Xs2TjKL2FbUBk7BsOpnKt2+c/5O2CjtT2
         Cnlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781184; x=1718385984;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=imi/dSYgg4r8Xm2pV7Tc7IPLLCcd51djYuqB8UoSynw=;
        b=XejKpEY0pctwZXOmx2fgDgj0j1kD+fenu96q8vlMiLZXn0TmpTscEWj+bP4BUiUqr7
         tucSASeD1ZOOFQRRBZ7YfrQ89sH/G51jFfeCMNnlKLzjMHlaNV3C+TINi/J++CTYdy48
         Y+IlxD+QgENFVj+yRdUQ9Ej3NSX9Eq5Yyq3ddyvo3HhvdMRm78RZqEXrGRvxZ9f/rEBo
         P3m3DwBgP5H2dh++Myh1vE/BlEqSwLbtVG/yqu7M3HMdGm3e1Tr2AuMpGAPaw90tDUIe
         h0BpZOIOqExh47Fi7L2LjnSHEl1otKJjRvGM/8C5Rtv/qCZL/QTElyIgYmkE6uOGlw34
         Y6OA==
X-Gm-Message-State: AOJu0YxHKoTN/2tTQPySEV9w6QRMp6b02QTmw/FPbr1xanUHQttLRnUd
	O7OSNZlwI2DqlxS288+WGC6/RDjQYoYXuXPlWV7MYJq3pWnehrcwpas90QklW2CDncm2GPZ6+V1
	R3Q==
X-Google-Smtp-Source: 
 AGHT+IG6nFvgtkoQJtWh/SJojCthYFNtSi07s94PAk8NWpUcvQDU80zrybcyumoWHUKops6ND1JkBsWVY/Q=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90b:2752:b0:2bd:f679:24ac with SMTP id
 98e67ed59e1d1-2c2bc790091mr8377a91.0.1717781183524; Fri, 07 Jun 2024 10:26:23
 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:09 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: kvm@vger.kernel.org
List-Id: <kvm.vger.kernel.org>
List-Subscribe: <mailto:kvm+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:kvm+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-7-seanjc@google.com>
Subject: [PATCH 6/6] KVM: x86: WARN if a vCPU gets a valid wakeup that KVM
 can't yet inject
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>

WARN if a blocking vCPU is awaked by a valid wake event that KVM can't
inject, e.g. because KVM needs to completed a nested VM-enter, or needs to
re-inject an exception.  For the nested VM-Enter case, KVM is supposed to
clear "nested_run_pending" if L1 puts L2 into HLT, i.e. entering HLT
"completes" the nested VM-Enter.  And for already-injected exceptions, it
should be impossible for the vCPU to be in a blocking state if a VM-Exit
occurred while an exception was being vectored.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 82442960b499..f6ace2bd7124 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -11233,7 +11233,10 @@ static inline int vcpu_block(struct kvm_vcpu *vcpu)
 	 * causes a spurious wakeup from HLT).
 	 */
 	if (is_guest_mode(vcpu)) {
-		if (kvm_check_nested_events(vcpu) < 0)
+		int r = kvm_check_nested_events(vcpu);
+
+		WARN_ON_ONCE(r == -EBUSY);
+		if (r < 0)
 			return 0;
 	}