From patchwork Sat Jul 20 00:01:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13737581 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5314C523D for ; Sat, 20 Jul 2024 00:01:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433704; cv=none; b=faFDgKMYqmy4PVZl64A3gyAsvntFCsiYKZmdKfJMh/KScL5MP2JGYMkFf2fviQLZUpkP9KqCs6ONOQWasg52dqWLOcPlOj9dxJmcLl4nvMMH3MNEx7DlnU792ipoZ3Z+09OSvGvG+u9bG7jsFekLnSTNOegEVyYj6gBNtTaRL+8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433704; c=relaxed/simple; bh=oxbgJ+tn2EZ4kaxkAnXDfcMOfnefrqgznqvcIQ/o76o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=O1xu0JXAakKoWZPaAiEFj3Zu19IWSWckjYKUO5W73g8wFzRLfTZoHzqHfmf72uSEO5T3xeDcaJcJZYDq7YZxwaLHQ8hqEgSe7BbmQ0YR4JG7Az3bl2Vdn4sDPbFk7PJyo2gd58Xnkknfn+x4gO6emXH3BoeDFWDyjTKQI4KEaMc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UmX39kaO; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UmX39kaO" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-70afe6e2d7aso1204779b3a.1 for ; Fri, 19 Jul 2024 17:01:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721433703; x=1722038503; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=N1R48DI4ufKXK6suvxcPHvpGEQ7ja9gHKwbShAWyxfY=; b=UmX39kaORfbjVF8HlImftCEHiyXdgAtlqialHc7+SsuHpc5xQegWu6mOACoFCAZbp4 e3R3tIO37ivDAS5crWn+XtvVp2d2wPp+TbgJDp+Kus9vqfgB5NtVk57zwdNqtbbyrsKw a/pjhe/XSVtV2gmx7Er4RoDRXzJq1/lEa5yk2orH4LKF3nN372DPbCiHjUi4EQdb/369 e2luLdIJRqxDg21PAkkTiw/wwFAtxJM3rPqdBIw9ksSW7M6G7CsAf4TT837QkWrNS53Y IhKFYX01LD2nKQRKCegBWr3QTUUseJtft2kXtL/+gCmGvpmIzy01iDn02idG9hvXHXP5 R8bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721433703; x=1722038503; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=N1R48DI4ufKXK6suvxcPHvpGEQ7ja9gHKwbShAWyxfY=; b=iIYzxi8Oo1k39n3T1txXhfBy9LrGW9oaLmk5u6r13OSffxWooTpEZEoNpgDC0sbaR5 S+qAscBOF4WDWYGd1Mauj2XwjXO75bpjQhxvB3sbyk/cC+50V57E/mptT7kNddqCx+n4 6dFKqUOa88ThqCXLBxDXEsMlkT5BeOCQkCpJtgqjDSQA+56DjQnq0E8x5Isu5LLEx3GN 3NgkTdnSqijOlrot69Kv1ZgRsem/Wdun1kkDyhlcUu181QpHOJs0R/+Z/5vY512uC2UE DdPwDCgim79hXFblRMiUAuYToO349QTMhEMLuB/tD3tCydf8YDPniOJEPI3WoxHPWo9k ChfQ== X-Gm-Message-State: AOJu0YwJn8yDsYgCqvE+osg+Vy+p+HtbBFuLVAFjgdlK/0OyEf3pFzlj SFjRfKuFqs1u2cSHXtbTW5upRimYEBchx92DaDcre8mTY4VO2cugxs1GTshHYdlv9l1qIF30t4p Tbg== X-Google-Smtp-Source: AGHT+IGYGClz9nDahgh9LyCS1O0T5L/ru9OI1rUEfQwloaqtBjqd1EVZlWqGqARPLL9NMvgmBrpCxjGO+0c= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:2a9:b0:70b:5392:a6ef with SMTP id d2e1a72fcca58-70d0877dc15mr4425b3a.3.1721433702597; Fri, 19 Jul 2024 17:01:42 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Jul 2024 17:01:33 -0700 In-Reply-To: <20240720000138.3027780-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240720000138.3027780-1-seanjc@google.com> X-Mailer: git-send-email 2.45.2.1089.g2a221341d9-goog Message-ID: <20240720000138.3027780-2-seanjc@google.com> Subject: [PATCH 1/6] KVM: nVMX: Get to-be-acknowledge IRQ for nested VM-Exit at injection site From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Chao Gao , Zeng Guang Move the logic to get the to-be-acknowledge IRQ for a nested VM-Exit from nested_vmx_vmexit() to vmx_check_nested_events(), which is subtly the one and only path where KVM invokes nested_vmx_vmexit() with EXIT_REASON_EXTERNAL_INTERRUPT. A future fix will perform a last-minute check on L2's nested posted interrupt notification vector, just before injecting a nested VM-Exit. To handle that scenario correctly, KVM needs to get the interrupt _before_ injecting VM-Exit, as simply querying the highest priority interrupt, via kvm_cpu_has_interrupt(), would result in TOCTOU bug, as a new, higher priority interrupt could arrive between kvm_cpu_has_interrupt() and kvm_cpu_get_interrupt(). Opportunistically convert the WARN_ON() to a WARN_ON_ONCE(). If KVM has a bug that results in a false positive from kvm_cpu_has_interrupt(), spamming dmesg won't help the situation. Note, nested_vmx_reflect_vmexit() can never reflect external interrupts as they are always "wanted" by L0. Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 2392a7ef254d..b3e17635f7e3 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4284,11 +4284,26 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu) } if (kvm_cpu_has_interrupt(vcpu) && !vmx_interrupt_blocked(vcpu)) { + u32 exit_intr_info; + if (block_nested_events) return -EBUSY; if (!nested_exit_on_intr(vcpu)) goto no_vmexit; - nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT, 0, 0); + + if (nested_exit_intr_ack_set(vcpu)) { + int irq; + + irq = kvm_cpu_get_interrupt(vcpu); + WARN_ON_ONCE(irq < 0); + + exit_intr_info = INTR_INFO_VALID_MASK | INTR_TYPE_EXT_INTR | irq; + } else { + exit_intr_info = 0; + } + + nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT, + exit_intr_info, 0); return 0; } @@ -4969,14 +4984,6 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; if (likely(!vmx->fail)) { - if ((u16)vm_exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT && - nested_exit_intr_ack_set(vcpu)) { - int irq = kvm_cpu_get_interrupt(vcpu); - WARN_ON(irq < 0); - vmcs12->vm_exit_intr_info = irq | - INTR_INFO_VALID_MASK | INTR_TYPE_EXT_INTR; - } - if (vm_exit_reason != -1) trace_kvm_nested_vmexit_inject(vmcs12->vm_exit_reason, vmcs12->exit_qualification, From patchwork Sat Jul 20 00:01:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13737582 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DBD85EAE4 for ; Sat, 20 Jul 2024 00:01:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433706; cv=none; b=dRnS+gPyPQBoU0kozUVw3avJ0F1GtLGagA8cgNDq6MvQ+DNNqfjfHUaWagnNwyDSew50HYDerx80WiYeqNMgPvbk2yClIYaiwla9iJpeDG8c0m+DQVWVRzyReNoPu7gmQKIz6uRoHQtEjEuYNHTahW5Mi1Ji6ekUgJkrWgxy/Qc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433706; c=relaxed/simple; bh=VqsKa1WimS9ikW1CNPjNpZC2DpEQUsoALSiC9PZV/cI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MNsR/flEDu6vHnCEIvq5SQMrGNcJKnEmIULBINCY5xHbopNRl7q7jUMV6wUrz8xaumaglYuzGL68USUDZkn4IclsQ8Gynruu17dGagvlVWiEZE3s7H9D78qg2wsngCZYer92UD7CvNrD2AgOoXJYbYFG9aCp5SMKc/webN9d99c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GE042bsv; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GE042bsv" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-79f7e1f0998so424213a12.2 for ; Fri, 19 Jul 2024 17:01:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721433704; x=1722038504; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=jWQXbwGgjnrhFwaWDlRF7dDcL0Y0IybdDbZ77h8k7+Y=; b=GE042bsv/+MtJiT69c2GFBQCUj8Tsl8RqJ2I9hQVKUD+PAWSKONttQYX0n6JK5T8B9 kqnHMbYhniuE9CBzNPGv2nI6qn7jqnZcAdu0n5wHt7+I9vYvOrk9QIi58IXSaCIAqPFc pjM+IFawk7iod2hprLHjAPEd4JWa9qXKFbZ3Q2cokEvXl4CDPVOpi9ojgx1Ph6SSbpD/ sDUVtXVgw5l5WwMoRVuimqoPoA2gVIyDr4tJETxmzknsizvc10YeVoP5rUVbEFvTK3op +sERmk+warH749iA21OhMV1rmRtlTw5JSM9ek86OS5VV77YlUDLOzivZBIoiP30GWdyz kCjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721433704; x=1722038504; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jWQXbwGgjnrhFwaWDlRF7dDcL0Y0IybdDbZ77h8k7+Y=; b=JDUC3XiNr8RKM0pzo3F0JDk/0HxP/naBtnMAuTBzgxsjlMBWydI41EXosEfRJsRvJY c8CqG4NN1Kd9REkBDTVywHVz2HeB2kvfSDEZJBLE2xngCPqlgc/oITek5GOhQ7gsmBhl B/IfUJOVtXnhwLhs+9vYrXCLDj6WRL4qClKzEi63Eu+juPHS30DE790btPMyDuvXcXPl u7+bcrpp+3kyIX1TSZUtFk3hva+Wp/PKXnUqPhM11XBgRHcPrvtC7yFkOGUDy7y6gCIa EJpuXoIr/vNcsHvF1IYxyLKlrRxhgbLxvjEul6eoJ0xPzszajevaAF8/5M0l8o4CydPq zznA== X-Gm-Message-State: AOJu0YwYKKFzs3txOVkGZh+Zy8g6DBSvQNw36yjetRrBRAeUMigmGCCv BN1GMQaWKXCn2y1EBZgv2TLmDHxT/ZGbxUSVc9EAnuCvluM4+CLuszDX5/Zt48dZ9vXrlrHRdUY 3bQ== X-Google-Smtp-Source: AGHT+IEkou7ZoQZ8BydHFuZQ3Ir14Iu8av9pw1BHJhZUiJGG7HtjDw3rdyBfFsiTuXQxxaZKzQPUQy09EHk= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:4d0c:0:b0:71a:2fc8:7fe1 with SMTP id 41be03b00d2f7-79fa2222dbdmr2695a12.10.1721433704096; Fri, 19 Jul 2024 17:01:44 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Jul 2024 17:01:34 -0700 In-Reply-To: <20240720000138.3027780-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240720000138.3027780-1-seanjc@google.com> X-Mailer: git-send-email 2.45.2.1089.g2a221341d9-goog Message-ID: <20240720000138.3027780-3-seanjc@google.com> Subject: [PATCH 2/6] KVM: nVMX: Suppress external interrupt VM-Exit injection if there's no IRQ From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Chao Gao , Zeng Guang In the should-be-impossible scenario that kvm_cpu_get_interrupt() doesn't return a valid vector after checking kvm_cpu_has_interrupt(), skip VM-Exit injection to reduce the probability of crashing/confusing L1. Now that KVM gets the IRQ _before_ calling nested_vmx_vmexit(), squashing the VM-Exit injection is trivial since there are no actions that need to be undone. Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index b3e17635f7e3..b042b70560f2 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4295,7 +4295,8 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu) int irq; irq = kvm_cpu_get_interrupt(vcpu); - WARN_ON_ONCE(irq < 0); + if (WARN_ON_ONCE(irq < 0)) + goto no_vmexit; exit_intr_info = INTR_INFO_VALID_MASK | INTR_TYPE_EXT_INTR | irq; } else { From patchwork Sat Jul 20 00:01:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13737583 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B947120332 for ; Sat, 20 Jul 2024 00:01:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433708; cv=none; b=jfK4pgc+F0vKzSkZXUSrCM4y3hEVNmHtBfgyvSawDsjkEJ0ZFmS4Ly5Ud+hRSQrSsfSquT05lx6tnoCWc/UKdCbq/mK3lYYCc/3zb4TXEkHIXjOEKZ/+e/FDbv3BSH+tmQKn/bfnyjwGNA53JZ3CDKNVFcft4/jodvGGI9Fd0GE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433708; c=relaxed/simple; bh=7mQTa61PZtBwiRxGctia5whN8AZ0Ed/jRJUe6bo2Il4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GiHrU2PDpm30qAE/JMxkNSxdXEdzqiq9blW/gOB6jYagZsEkkOKUU8KEMOGBa+6F57Iy9fBiRmQND3d70nzxSmGoawjS7vcz96Hv55qRTICQ2F3shQQ15hmKW808iEWBtTNvzmGZVIMWu1t1UvlVz9vUC3tMcF86KA1LuxAvGIY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XtFm8MyP; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XtFm8MyP" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-70b1808deeaso1282491b3a.1 for ; Fri, 19 Jul 2024 17:01:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721433706; x=1722038506; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Z8nEJGUTtQkRbHuCUQxI9jEBCLpYOzXNb1LzkzPL7F0=; b=XtFm8MyPT54gy4ttbL4SVBI11dZjEOhP6wr0HUo/gRVqZ09nLfZPXG/NOM1rf67WmY lGOzvETBmvjpYsZ1vdOLMhSeO6FEUFG6z6eQopCgBPM2Za5xNbGMQLE6kbzh2hyUoM1J MF+CCAy19EqZ4qAf6FgkwzeppckCCvi9ojkvVuBaNWtFDl+IOkzj6A9M/cZxRkxLF6VM thEuZdI6bJRmBfNM3mjAgT8OdoeMESGz8h05fTQvfO5cYLg/ypajVey6GPSfg27Tvvma a/jznlTKO3uUwZ1sEewfcGL4yu/NYDxc8E3kJdzxEMz8Aj6HC2wtd625dRhEFfsBayDd bwxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721433706; x=1722038506; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Z8nEJGUTtQkRbHuCUQxI9jEBCLpYOzXNb1LzkzPL7F0=; b=Z+lMOrfSUxM3jq3M9IWdBEbDlXNZt0wNdYDyZlYpXsgKU8NlUzuInKjxm9ghXpp7u0 kMypth6auRnbcRVPMoiFFX9c6FrEd4UvI1xYcgUp3UVjHEeYgxsP19nDIppiZuf6oZkB 4hUFzdoyoYmdfmP/R3hNJ70M4mY9gbtGbRxyBJIFwu6Lz1OkBEIdfTPeWZHj/MW9VL9P lN56mNV+nKf8vfKZ3AMnMY0oHSryrUdjL08aUlPiYSNWyhH+o8H28EiEFmGExwyMWa0/ u/hHmCaU3sAzTYF8Shi6R2hGzKjBWJkyeQSnYJ3oYi4ifNxu80W02mpeuebj/ZHGsaNJ 6YhA== X-Gm-Message-State: AOJu0YxHuQ4h4eNUy0sGp0RKyquU8qX2X3vYdGnCkb5IjSj+ENgkvYMJ /o4pyEgkrTMsceSIiwwCAmmu/xYeZLwGKEtcVdalpXQdVam4O2CDtFiburtvdwQoaqI5mizpX8+ YKA== X-Google-Smtp-Source: AGHT+IHBNdDWmftYOoI5/TwktwN/tsSwZnPxe85iyDJlZC8uIE6OS/b9FRsmrRoEzAgV+Vv2N6MWQZrt4Ys= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a62:b51a:0:b0:70a:ffa2:bb14 with SMTP id d2e1a72fcca58-70d0861f930mr6498b3a.2.1721433705873; Fri, 19 Jul 2024 17:01:45 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Jul 2024 17:01:35 -0700 In-Reply-To: <20240720000138.3027780-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240720000138.3027780-1-seanjc@google.com> X-Mailer: git-send-email 2.45.2.1089.g2a221341d9-goog Message-ID: <20240720000138.3027780-4-seanjc@google.com> Subject: [PATCH 3/6] KVM: x86: Don't move VMX's nested PI notification vector from IRR to ISR From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Chao Gao , Zeng Guang When getting an IRQ from the local APIC, don't move the vector to the ISR and skip the PPR update if the found vector is the vCPU's nested posted interrupt notification vector, i.e. if the IRQ should trigger posted interrupt processing in L2 instead of being deliver to L1. For now, pass in -1 from all callers and defer passing the actual nested notification vector to a separate patch, as more prep work is needed. Functionally, this should be a glorified nop, i.e. no true functional change intended. Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/irq.c | 6 +++--- arch/x86/kvm/lapic.c | 12 ++++++++++-- arch/x86/kvm/lapic.h | 2 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/x86.c | 2 +- 6 files changed, 17 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 950a03e0181e..b40703f05b27 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2251,7 +2251,7 @@ int kvm_cpu_has_injectable_intr(struct kvm_vcpu *v); int kvm_cpu_has_interrupt(struct kvm_vcpu *vcpu); int kvm_cpu_has_extint(struct kvm_vcpu *v); int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu); -int kvm_cpu_get_interrupt(struct kvm_vcpu *v); +int kvm_cpu_get_interrupt(struct kvm_vcpu *v, int nested_pi_nv); void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event); int kvm_pv_send_ipi(struct kvm *kvm, unsigned long ipi_bitmap_low, diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c index 3d7eb11d0e45..69d04d80f143 100644 --- a/arch/x86/kvm/irq.c +++ b/arch/x86/kvm/irq.c @@ -135,13 +135,13 @@ static int kvm_cpu_get_extint(struct kvm_vcpu *v) /* * Read pending interrupt vector and intack. */ -int kvm_cpu_get_interrupt(struct kvm_vcpu *v) +int kvm_cpu_get_interrupt(struct kvm_vcpu *v, int nested_pi_nv) { int vector = kvm_cpu_get_extint(v); if (vector != -1) - return vector; /* PIC */ + return vector; /* PIC */ - return kvm_get_apic_interrupt(v); /* APIC */ + return kvm_get_apic_interrupt(v, nested_pi_nv); /* APIC */ } EXPORT_SYMBOL_GPL(kvm_cpu_get_interrupt); diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index a7172ba59ad2..c5c4473f50f6 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2924,7 +2924,7 @@ void kvm_inject_apic_timer_irqs(struct kvm_vcpu *vcpu) } } -int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu) +int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu, int nested_pi_nv) { int vector = kvm_apic_has_interrupt(vcpu); struct kvm_lapic *apic = vcpu->arch.apic; @@ -2939,8 +2939,16 @@ int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu) * on exit" mode. Then we cannot inject the interrupt via RVI, * because the process would deliver it through the IDT. */ - apic_clear_irr(vector, apic); + + /* + * If the vector is L2's posted interrupt notification vector, return + * without moving the vector to the ISR, as notification interrupts + * trigger processing in L2, i.e. aren't delivered to L1. + */ + if (vector == nested_pi_nv) + return vector; + if (kvm_hv_synic_auto_eoi_set(vcpu, vector)) { /* * For auto-EOI interrupts, there might be another pending diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 7ef8ae73e82d..c8ff3bd2ce2c 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -89,7 +89,7 @@ void kvm_free_lapic(struct kvm_vcpu *vcpu); int kvm_apic_has_interrupt(struct kvm_vcpu *vcpu); int kvm_apic_accept_pic_intr(struct kvm_vcpu *vcpu); -int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu); +int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu, int nested_pi_nv); int kvm_apic_accept_events(struct kvm_vcpu *vcpu); void kvm_lapic_reset(struct kvm_vcpu *vcpu, bool init_event); u64 kvm_lapic_get_cr8(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index b042b70560f2..7e0a944088eb 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4294,7 +4294,7 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu) if (nested_exit_intr_ack_set(vcpu)) { int irq; - irq = kvm_cpu_get_interrupt(vcpu); + irq = kvm_cpu_get_interrupt(vcpu, -1); if (WARN_ON_ONCE(irq < 0)) goto no_vmexit; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index af6c8cf6a37a..4c14ea000e89 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10548,7 +10548,7 @@ static int kvm_check_and_inject_events(struct kvm_vcpu *vcpu, if (r < 0) goto out; if (r) { - int irq = kvm_cpu_get_interrupt(vcpu); + int irq = kvm_cpu_get_interrupt(vcpu, -1); if (!WARN_ON_ONCE(irq == -1)) { kvm_queue_interrupt(vcpu, irq, false); From patchwork Sat Jul 20 00:01:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13737584 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B4E2258AA5 for ; Sat, 20 Jul 2024 00:01:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433710; cv=none; b=TyooJCG5TfZD4zBKC9FlCdvaHlyXMMEp4YaDSs+7DRWAKhRxw1gEkz7N36zT+nVy/Bu8xntvczUlMIH2u0wceZtbIIlykPtIyM9oeUmTXNB5kYg+IXB6lJFlSxGVjneLQz5ymrrjwi1vko1gHsnHHZ+X8EUMjytzWdjHbX9bUU4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433710; c=relaxed/simple; bh=MFLtkL/1x53Q6UUfm7ynJX/aenkLzsfwcLQOqXgYplI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tMCGFN5Icy+gpGQLn1ygw8SoskhUzzQ+xHupS6laVzNOOdUYIAbMaom45XDAGCoELJUIR8YUhnWqA8DxrJjfk3YNx26alaRhKKLjEd/F3ZPFqDEW2yIWkclB1dlzJrdp1eAsQVPRajy1aN3n0+MGLNqtL7tMi4w6WkxxuW+E2nU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ByBG8mQT; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ByBG8mQT" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e087a57edcaso134415276.3 for ; Fri, 19 Jul 2024 17:01:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721433708; x=1722038508; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=htNTaIxfaR6n9UdbBaZJqnoxR10sdpaYRsT6NfFpXRs=; b=ByBG8mQT8CeUfe33B1X+e6VO/47WnVQ8KhIgbsLbvNLvOOYqjN93W4Di/h/6vnRv6u T9DJEKtyygfduPlOnXzzL1vHVrnhtmT3hW9da/ptP1+txzrIGov5NwhX8zcQAjgxMIDd d2duXEG86TSCNd6BLrJHgWJ25stqIClr+t4Drj7cuKNsoCyBhLAOddKdkhqZZBdwASzu W0V15yY+CQ6IxBxkfnjM4IXBTR486Sgy4xs2nF2jAMX4EaNdjh7bH3VhTCCq+DVvyDoA he5+0gzYtEJpT2DekUMmBu6WzB8iGoXg6Z+jn5/o4IHWdz4yPYBDuSGciVjpdw7n41Ag 4YUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721433708; x=1722038508; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=htNTaIxfaR6n9UdbBaZJqnoxR10sdpaYRsT6NfFpXRs=; b=PKlIKZCh8O7i5KZrW992sUuz4HPXxHE9DkK/B40RhnYm6zq6vTcjUTcMvAxnfwKhfb ghRlinJt7k5Z94Pw7IRazSazpGvzF1GzWlcWSk+W8ysgoc6ORWjUTimVyyP3ht9HIL1Z VmS2RsmGs3eEJHaQ7+Aqbnk5b0lB25ff0+TDrYjqKOucDrbYiSpWEfNLeh0glarN76ek edeR9vhYDId/Lj7jG5StGQK63jGqLtN1VDDaka+sEkgIOwkYn+ZL1qfpuIMEER2acpHB PLxGmKCOwNt+JRz7c84bYz5SVaslibsyZ3fSSfP9B13t9T+6g+TXTeRXRY1CI5xlWC0v a6cA== X-Gm-Message-State: AOJu0Yz8velF1nZNw7x37JZbEc7LpuAeLaqFcVUFStx3kvlHn9opfKYg 9VfaeVkYxdYtCcpNQPjKENlpIi0oB6E/4nggKxPHYEOSPMh/CzcP5z7aI+oXls9nKZFs3/VItsX tvg== X-Google-Smtp-Source: AGHT+IFf5Ki3AK6jumi0dajUtxJd0gFSN1CWjiYodUX6vzIqzLQzbhvgvz6WRixdyl/5GA4Rn4URhEzNpxc= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:870e:0:b0:e08:6c33:7334 with SMTP id 3f1490d57ef6-e087044445emr31630276.8.1721433707785; Fri, 19 Jul 2024 17:01:47 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Jul 2024 17:01:36 -0700 In-Reply-To: <20240720000138.3027780-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240720000138.3027780-1-seanjc@google.com> X-Mailer: git-send-email 2.45.2.1089.g2a221341d9-goog Message-ID: <20240720000138.3027780-5-seanjc@google.com> Subject: [PATCH 4/6] KVM: nVMX: Track nested_vmx.posted_intr_nv as a signed int From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Chao Gao , Zeng Guang Track nested_vmx.posted_intr_nv as a signed 32-bit integer instead of an unsigned 16-bit integer so that it can be passed to kvm_cpu_get_interrupt() without relying on sign-extension to do the right thing when the vector is invalid, i.e. when it's -1. No true functional change intended. Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 42498fa63abb..dc0921bc4569 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -208,7 +208,7 @@ struct nested_vmx { struct pi_desc *pi_desc; bool pi_pending; - u16 posted_intr_nv; + int posted_intr_nv; struct hrtimer preemption_timer; u64 preemption_timer_deadline; From patchwork Sat Jul 20 00:01:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13737585 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8913E127E3A for ; Sat, 20 Jul 2024 00:01:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433711; cv=none; b=sr21Etb0a96AHwglLO51Enx0r2pfwQ9+EkHTYIaBi0SMazWBeZzLUYl0cL3vbZbVuUfWyEoJc/eU2kjjmNPC3vzMYB34lng+k7umem6x3D6iOdWd4omMUqx75cHhwcfrcMwA4hTk5VNcvM5/5+0zg3Ibb/+oJUXg1mRdy4UQK8M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433711; c=relaxed/simple; bh=NpPButGwFDSYrLorKe8iH3ljuXBaeaiLkK5vQ21zXqs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Yi35pCGCWlkF/rPhNLwqfLPyd5nTcFIHLIXbVS6SEKbHX+8SOT6dJ8PLcCD/wFGzBZMKwLHiEnyL2HKiEipxko93c8JNeMz5wALjX0zURrISyrJz9IIpxTuG2IHHO5JVdm6t8vklGqYmNe1nLCaYnnfdbmnIUW21ZFEJHmLwPV0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=prD03J7k; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="prD03J7k" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-75fa4278316so2423680a12.3 for ; Fri, 19 Jul 2024 17:01:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721433710; x=1722038510; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Wq2xg9NVZTZ/gCE3mn/xVWeIQnPrQ6LUdOw/VjX+ck4=; b=prD03J7krQ/xdGunx4yHKufmVdNw6dNQOsUMYf+lHtLU/0p651AgVeHMOURrm/ExgO dzHvaTRBEFwnocnV/k1RSLy93WO8gJA3GEfDq+2+FR+ZVvUYAjbmB1tV6TZ+QLe/3WGA kJhZivjNRoLWgvuTqZV9gXHzCvQoyx3LHLY4wPr4swe22UFF87DoWvExx2iwwy1RwoEM 0nuPaIc5rprgIXreaiRwD65lXX3s3ZPHZi7YY132at3MPosTfNfagrCp8RfUp2sLVs7O 088t1hosl+qc53a3jeMzrFqcCP3p2hYOUdmVLJZ58Lll7rVq5aYZmoNrAt+9TAenii3H hgjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721433710; x=1722038510; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Wq2xg9NVZTZ/gCE3mn/xVWeIQnPrQ6LUdOw/VjX+ck4=; b=GS17ov68kPszzx1Qe8ybhvICtGyroKRuBWIGzTtbsZW0eoDPRWgj5+jW9hzK6hOANB 73bx/VV0A0Pu9TL87ZHS70QePFNw/xcm/fd0wqzeFJdo6VIsbNeWpm7PHOVgvueMXloX U6NcSCzdeI3yqmLkMYAro1F2foebtb3QEZpcfc+0vANImjGn1wsbcCAjfP6lcxYYoCwJ mCJ7Yz3yJtYziQDt/ov8jdbxO73S2Ax16M+ffcW3VFXnlLk8MvDGmql47METR+IRyrkc Q7fIFh5hXnpuOYRUHOKtB1Q1lAbHpU/GeGUnopSqMNAYy36IuXcf/JtNe+eTYDKKz1C2 ethA== X-Gm-Message-State: AOJu0YyCmj+1/GOsIcZIXi8hOeUS+DqEbzRaC4zzBwdlj8WZvHNHKavL MpZbwI6ISbfMpMItGaQ2U25CeUOG6JBDppNIXXpp/nqXfXCpuvxVdjDH3vcEk61ZJz5WAX+W7IN zjA== X-Google-Smtp-Source: AGHT+IELR11zvr+k5NZltD7ajnFqM1nKVjvphuk/ZGPqsRsgEqciHJSU9H9jGjr6wO9UTObuyYHtjLnArFo= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:f454:0:b0:71a:e413:b0ef with SMTP id 41be03b00d2f7-79f9da0db86mr3785a12.3.1721433709702; Fri, 19 Jul 2024 17:01:49 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Jul 2024 17:01:37 -0700 In-Reply-To: <20240720000138.3027780-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240720000138.3027780-1-seanjc@google.com> X-Mailer: git-send-email 2.45.2.1089.g2a221341d9-goog Message-ID: <20240720000138.3027780-6-seanjc@google.com> Subject: [PATCH 5/6] KVM: nVMX: Explicitly invalidate posted_intr_nv if PI is disabled at VM-Enter From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Chao Gao , Zeng Guang Explicitly set posted_intr_nv to -1 when emulating nested VM-Enter and posted interrupts are disabled to make it clear that posted_intr_nv is valid if and only if nested posted interrupts are enabled, and as a cheap way to harden against KVM bugs. Note, KVM initializes posted_intr_nv to -1 at vCPU creation and when resets it to -1 when unloading vmcs12 and/or leaving nested mode, i.e. this is not a bug fix (or at least, it's not intended to be a bug fix). Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 7e0a944088eb..40cf4839ca47 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -2317,10 +2317,12 @@ static void prepare_vmcs02_early(struct vcpu_vmx *vmx, struct loaded_vmcs *vmcs0 /* Posted interrupts setting is only taken from vmcs12. */ vmx->nested.pi_pending = false; - if (nested_cpu_has_posted_intr(vmcs12)) + if (nested_cpu_has_posted_intr(vmcs12)) { vmx->nested.posted_intr_nv = vmcs12->posted_intr_nv; - else + } else { + vmx->nested.posted_intr_nv = -1; exec_control &= ~PIN_BASED_POSTED_INTR; + } pin_controls_set(vmx, exec_control); /* From patchwork Sat Jul 20 00:01:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13737586 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6D251487F4 for ; Sat, 20 Jul 2024 00:01:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433714; cv=none; b=O0TdfoOhGF52UTwUcRRZxgFYpprFmZrN6XahZaT0MQWH0B6bTcL2y2AjKhWTOTRn+iHnD8koevUmeRFeOSsD7olfArIK24dw2reDRjLKL0gy9iPSieVrutHmLTiktsEc/iFPRVBGALovTadF947HI9eJHfibH7hQYyb2QCmBc3A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721433714; c=relaxed/simple; bh=XgD5GqltxUDG4lPHOu6o7JlASxacI4CRdFqu+5ZOIe4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=IB7HMSLzKtxT8CsmrkkkHMIws8ZdXKYz8j1NZNnkKwTWKTWwXZYNzuKOWgl8staRH/yoI9Im9EMPywT8CgazqegnJK5Z6/ryNOg4x/Srj33eP56LvahJ5XPz1WkL9f0vetL0S2y9Uu8EA844LgDzCvJcsQFF4F8azULCChvFFjY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=nHMBkVT3; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nHMBkVT3" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-665a6dd38c8so69343917b3.1 for ; Fri, 19 Jul 2024 17:01:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721433712; x=1722038512; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=uP1DFI8G8OMRVwqXzFjttFTT28cC2fff2ANO01+U4QI=; b=nHMBkVT3iST6hfzkQAvW5dkGWeEXwXJAssm8KE/yCfjV1f3WLL/4GXIwXYFBDqKR6u JON+Qj2IbVciO8f11S/h/T/cpUeHO/9eRF3E8KknMj1iHKCHts43QEtiSN/219kJX503 MLiA9HD7sSLbsh0aWpejO84A91Z9//ZuQxiEwDsZua7oAn44/X4rshrA25qRwiAVeie1 mPJPNwORFmLL1suQwHHzTqdlrCbKYfqcO4J4YLJPlBuda2RAfoZ2Z+mluLL2mqu4pU5M icBoCPBAskxk53Ac5Ns5z6rXNqi0lSLk9W0yTVhEZeSIHHYe6hQ6ef+9VD0Xz066rz1E g4VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721433712; x=1722038512; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uP1DFI8G8OMRVwqXzFjttFTT28cC2fff2ANO01+U4QI=; b=tkYH2pQIL5Q2rXoLr/DHIxo0zQOvJSDHuHoyHWXv89I0GXcOfrqljYVoKYSpITUSzQ yGA37CuoZbeIOVDWo8E4xVMR3KT7wHUzpKtBCniE0uMYfM7b7jHMxOJnM89+FhmvylZs 88qbgllwodbZRFFNaQaGtyz1LsOVC/ZJfy4JhVjvUpGErLTgJ5qDHj40BglbjoqQRxSr Gxaiwdp0sMp/qkuMBlttzKHj53XO40m0nCalEcFLrSpO0v102/4X9mT0s2NNTSehMnFz AzX3xJD6jZAy16a1lF8ltJFn2zrXod+qjTewBn/mfkr04i4KwfU+BW8wQ3eUiES3b+jJ 9WJg== X-Gm-Message-State: AOJu0YzTUQnaOI3hu6rQltRjgZSPPXH8tgwHEeUnpHnGVunkzXHUEd2+ y4gC9XBDWgDAZ1/CU8MG/GH+poN5dyMaw3QxwNejQhJ2WqpTnBeK7BLvvK5tWs1AefcOPsiauJO 3uw== X-Google-Smtp-Source: AGHT+IGKChwVghPbVLUjeGfiUXsgd7fKmmdWApzzdOSbuKqTecu2/MtGolotqeK0MGxQ8atcvr0qSuh1cds= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:1891:b0:e03:2217:3c8f with SMTP id 3f1490d57ef6-e086fe4020amr2324276.2.1721433711647; Fri, 19 Jul 2024 17:01:51 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 19 Jul 2024 17:01:38 -0700 In-Reply-To: <20240720000138.3027780-1-seanjc@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240720000138.3027780-1-seanjc@google.com> X-Mailer: git-send-email 2.45.2.1089.g2a221341d9-goog Message-ID: <20240720000138.3027780-7-seanjc@google.com> Subject: [PATCH 6/6] KVM: nVMX: Detect nested posted interrupt NV at nested VM-Exit injection From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Chao Gao , Zeng Guang When synthensizing a nested VM-Exit due to an external interrupt, pend a nested posted interrupt if the external interrupt vector matches L2's PI notification vector, i.e. if the interrupt is a PI notification for L2. This fixes a bug where KVM will incorrectly inject VM-Exit instead of processing nested posted interrupt when IPI virtualization is enabled. Per the SDM, detection of the notification vector doesn't occur until the interrupt is acknowledge and deliver to the CPU core. If the external-interrupt exiting VM-execution control is 1, any unmasked external interrupt causes a VM exit (see Section 26.2). If the "process posted interrupts" VM-execution control is also 1, this behavior is changed and the processor handles an external interrupt as follows: 1. The local APIC is acknowledged; this provides the processor core with an interrupt vector, called here the physical vector. 2. If the physical vector equals the posted-interrupt notification vector, the logical processor continues to the next step. Otherwise, a VM exit occurs as it would normally due to an external interrupt; the vector is saved in the VM-exit interruption-information field. For the most part, KVM has avoided problems because a PI NV for L2 that arrives will L2 is active will be processed by hardware, and KVM checks for a pending notification vector during nested VM-Enter. Thus, to hit the bug, the PI NV interrupt needs to sneak its way into L1's vIRR while L2 is active. Without IPI virtualization, the scenario is practically impossible to hit as the ordering between vmx_deliver_posted_interrupt() and nested VM-Enter effectively guarantees that either the sender will see the vCPU as being in_guest_mode(), or the receiver will see the interrupt in its vIRR. With IPI virtualization, the sending CPU effectively implements a rough equivalent of vmx_deliver_posted_interrupt(), sans the nested PI NV check. If the target vCPU has a valid PID, the CPU will send a PI NV interrupt based on _L1's_ PID, as the sender's because IPIv table points at L1 PIDs. PIR := 32 bytes at PID_ADDR; // under lock PIR[V] := 1; store PIR at PID_ADDR; // release lock NotifyInfo := 8 bytes at PID_ADDR + 32; // under lock IF NotifyInfo.ON = 0 AND NotifyInfo.SN = 0; THEN NotifyInfo.ON := 1; SendNotify := 1; ELSE SendNotify := 0; FI; store NotifyInfo at PID_ADDR + 32; // release lock IF SendNotify = 1; THEN send an IPI specified by NotifyInfo.NDST and NotifyInfo.NV; FI; As a result, the target vCPU ends up receiving an interrupt on KVM's POSTED_INTR_VECTOR while L2 is running, with an interrupt in L1's PIR for L2's nested PI NV. The POSTED_INTR_VECTOR interrupt triggers a VM-Exit from L2 to L0, KVM moves the interrupt from L1's PIR to vIRR, triggers a KVM_REQ_EVENT prior to re-entry to L2, and calls vmx_check_nested_events(), effectively bypassing all of KVM's "early" checks on nested PI NV. Note, the Fixes tag is a bit of a lie, as the bug is technically a generic nested posted interrupt issue. However, as above, it's practically impossible to hit the bug without IPI virtualization being enabled. Cc: Chao Gao Cc: Zeng Guang Cc: stable@vger.kernel.org Fixes: d588bb9be1da ("KVM: VMX: enable IPI virtualization") Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 40cf4839ca47..f1fe4d5a1ed8 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4296,10 +4296,21 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu) if (nested_exit_intr_ack_set(vcpu)) { int irq; - irq = kvm_cpu_get_interrupt(vcpu, -1); + irq = kvm_cpu_get_interrupt(vcpu, vmx->nested.posted_intr_nv); if (WARN_ON_ONCE(irq < 0)) goto no_vmexit; + /* + * If the IRQ is L2's PI notification vector, process + * posted interrupts instead of injecting VM-Exit, as + * the detection/morphing architecturally occurs when + * the IRQ is delivered to the CPU. Note, enabling PI + * requires ACK-on-exit. + */ + if (irq == vmx->nested.posted_intr_nv) { + vmx->nested.pi_pending = true; + goto no_vmexit; + } exit_intr_info = INTR_INFO_VALID_MASK | INTR_TYPE_EXT_INTR | irq; } else { exit_intr_info = 0;