From nobody Sun Feb  8 15:57:47 2026
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 084A5C0015E
	for <linux-kernel@archiver.kernel.org>; Sat, 29 Jul 2023 01:19:00 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234189AbjG2BS4 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 28 Jul 2023 21:18:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35974 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231725AbjG2BRu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Jul 2023 21:17:50 -0400
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com
 [IPv6:2607:f8b0:4864:20::b49])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77E444EEA
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Jul 2023 18:17:23 -0700 (PDT)
Received: by mail-yb1-xb49.google.com with SMTP id
 3f1490d57ef6-d1c693a29a0so2526820276.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Jul 2023 18:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1690593414; x=1691198214;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=Td1GH9IlHvpXHIHUDo3By6hiD1XsWn1I7aZZNe6DB5w=;
        b=4Af6FshVFsrgrFsPJc4IthqUvttt1ICUmFLNLWtLZE5xK3kzxiG/xG13Xua1xOPAG/
         qsi+BpFoCzlp0VqIdOlZQTdc+VAwJpYpajeNm0aL+x2sNusxHJ/vlU7DAgRyh5rmbLaZ
         WiAqQcKmtSK4GPhYMEy5RsN9vB29UAhXPElyy3PHh1U4dOm6r1eZgY8xnD3/RvIcv/bn
         lxqE7kbzbGxs9WqU0pdeayYujblF5h2ScPpYWgTeS5EU3IHTWmT+NIX0KnUD0CHtrTJV
         kLsfo4Pxhv3CCog7OEi23/z3x7p5Ec3EYwTHO7qsM2gZaKo6owxQ+L33ziSVxQGlz6qK
         zKxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690593414; x=1691198214;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Td1GH9IlHvpXHIHUDo3By6hiD1XsWn1I7aZZNe6DB5w=;
        b=c0goQAeB0xlgoLvcUHS0MxZ+8mjHmOgO87aH1CdPVl/us2ndgNUcxjg2zf9LMO9qjB
         JTJkONMqD5D0UiE6Nkyqpy7lKhcQqO9sUi1xSZfjjEpMOshhZnVOCJSfOXlupzCOtGP9
         +opqrYCs19R8vdemkAZlxlL9i3F1P3OrGDFs2piqzEcU3EexuX+rfMtZfdWkmsVfRlBc
         Py9L4j1n++d8/fuqCymR1GEbuJSOPP88ah7vG6/t1FYsFe4bLsPtbfnAgYb+9Ag/FtTd
         M+htVk3lYvd7bSm+RTl8bgvtWI92QviYdoscYrqXl0E9gapOq5atcx+t5M6XhvI1Wkaj
         1ggA==
X-Gm-Message-State: ABy/qLbtSnsp8euTTJfe3H/EjTEUddQNtr+9HcaitOa2a0EEkqJjoE3r
        PN9aaqoCqpaWr+wVcXwPWslHTua7Dz0=
X-Google-Smtp-Source: 
 APBJJlFP2d5RvtjZ9pjPB+7KOrkaTgp7g+JNH10ugdM7iZq8xOgChgQ4IeHH9mcrUrSucyrbppH+IZqcT8s=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a25:69c7:0:b0:d07:f1ed:521a with SMTP id
 e190-20020a2569c7000000b00d07f1ed521amr17972ybc.4.1690593414398; Fri, 28 Jul
 2023 18:16:54 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 28 Jul 2023 18:16:08 -0700
In-Reply-To: <20230729011608.1065019-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230729011608.1065019-1-seanjc@google.com>
X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog
Message-ID: <20230729011608.1065019-22-seanjc@google.com>
Subject: [PATCH v2 21/21] KVM: x86: Disallow guest CPUID lookups when IRQs are
 disabled
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Maxim Levitsky <mlevitsk@redhat.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Now that KVM has a framework for caching guest CPUID feature flags, add
a "rule" that IRQs must be enabled when doing guest CPUID lookups, and
enforce the rule via a lockdep assertion.  CPUID lookups are slow, and
within KVM, IRQs are only ever disabled in hot paths, e.g. the core run
loop, fast page fault handling, etc.  I.e. querying guest CPUID with IRQs
disabled, especially in the run loop, should be avoided.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/cpuid.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index f74d6c404551..4b14bd9c5637 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -11,6 +11,7 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
=20
 #include <linux/kvm_host.h>
+#include "linux/lockdep.h"
 #include <linux/export.h>
 #include <linux/vmalloc.h>
 #include <linux/uaccess.h>
@@ -84,6 +85,18 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_find(
 	struct kvm_cpuid_entry2 *e;
 	int i;
=20
+	/*
+	 * KVM has a semi-arbitrary rule that querying the guest's CPUID model
+	 * with IRQs disabled is disallowed.  The CPUID model can legitimately
+	 * have over one hundred entries, i.e. the lookup is slow, and IRQs are
+	 * typically disabled in KVM only when KVM is in a performance critical
+	 * path, e.g. the core VM-Enter/VM-Exit run loop.  Nothing will break
+	 * if this rule is violated, this assertion is purely to flag potential
+	 * performance issues.  If this fires, consider moving the lookup out
+	 * of the hotpath, e.g. by caching information during CPUID updates.
+	 */
+	lockdep_assert_irqs_enabled();
+
 	for (i =3D 0; i < nent; i++) {
 		e =3D &entries[i];
=20
--=20
2.41.0.487.g6d72f3e995-goog