From nobody Thu Feb 12 19:03:37 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1D4519ADB1
	for <linux-kernel@vger.kernel.org>; Fri,  7 Jun 2024 17:26:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781176; cv=none;
 b=VRsTciN3HJZa8DrQr8dkTWmRLe8vU1vsteusNvoGSLWkI7bq663l1ezhcl6COcDSzqH3fXqXUra4vKeCwwomvDvKHYcKca0gJBcd7mKK3e5odacG3mFNHNB9FhmJZ8BcIzd8MLc/xjWx9ftUrKJDqqqMgdt8dntR8uYmuwehMYE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781176; c=relaxed/simple;
	bh=CmeU6X6XuRUCMZgWNmWWbwkO7e45T52s6O6uFlVMD4w=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=uiJzuPOI2naGYExHB/OZlH7oJ5dZu6dXKlSsajv+U8i9PoTctWPQwwh2gd6ZCYd40T8WZOWao9Fl8IHM6I7kfAYXcG/Q8LtC3a//jMUfavGqK3g1/meAiZS5Wbu4C7IUJt2Zar4HKMppZMDppneUAg20j4XAGTkSrOOoeazcLDc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=zGbTp4o1; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="zGbTp4o1"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2c1e9cbab00so1817552a91.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 07 Jun 2024 10:26:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781174; x=1718385974;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=nvAxTcZIvC1OdGrlu2eJxWT3B4hHYurQ+uIblxla4PA=;
        b=zGbTp4o1gvvfKg1SufjTOQJSja6C0ucpU/ZpqFqcCWgzMOv72MqE5X2BV88zu5ea3O
         /pnTM3mGshd++JyXUtmnJX0Rbbk287AqoffV7nwYurLHsPTKRnoi1/w8Mr0o723trkyj
         W9EnBTsZD3tfepoGOTCNinaa8PktrY/rv2DixHDdAyxIrzKQYTV/TN3pnfmn8CyhZ3Wv
         K+3GyJiHtpV/FrRACu/2SewvHl8EOAsj7slHyEXCQnj2EIJMX9Ae2z+5A5Xz2jaZ4ClV
         2UXxeRFDXh70ANO5w+Xq1dOJrkzfZiP8sX3vYTNzC0FAl4Whv+m2KmEWR5OCaMMnjbKF
         Icig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781174; x=1718385974;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=nvAxTcZIvC1OdGrlu2eJxWT3B4hHYurQ+uIblxla4PA=;
        b=c84j9zwUGNmaRs9ZwJ5TSuVkN+ClIiqBV6BLz1eRhsIDUrK6C7jkGdZ0mrzDTge44K
         ixxDHDa1+EwMQWhWkETEywiOXAe0SNUL8jqWnmOxiMtqKJ+KLPDjaifpkX+kf3x1mbvJ
         ZNSDeLnpaVwzgAoUWyoHxNLOG2ytAsLL/SphgDkYskseYi8+tjMWNog2kIyb12Oz2LH3
         RHqhajNBczO2aOD2qr+gVpxbaTla/r/9wrKPWwZ6moYx3UBNIvcMSF9aDqVNZoofF01e
         zP3/8UYrYts+1HNyEQCooEeVaZgLZoxOIV04SeBUyMJ27abkZWQru/C0MjMpd5tdMF28
         aaYA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUy0KGvbSgJuOpQ1+u8EmP6eQk5q8sQovUloxNnqc2lz78wsn/g2gjQGfrdkOMnW2OMErurd8W6QAi6VJjuMsr8h3T1gUiHuHjzLwn/
X-Gm-Message-State: AOJu0Yz8Bo0IRbjtetOHs5Wx5yLiL9ViwJ9l1EtbOEn61ZwRuD1X0L4/
	FTAidNUip2ueax8Che7ZWGvrTrxxarG5abhTqG4u1PT93J/YbTHJJ+oxZJsjWD+nF3z/4yr907Q
	wng==
X-Google-Smtp-Source: 
 AGHT+IGxcLR1b1Vm2e5rkoqR3n1WKlpdaBelsURlYgVJIykIKm0lGuKPenh5KLDsE4HFKo215OoI1C+zKeo=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90a:5a82:b0:2c2:d12e:c344 with SMTP id
 98e67ed59e1d1-2c2d12ed108mr3554a91.2.1717781174029; Fri, 07 Jun 2024 10:26:14
 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:04 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-2-seanjc@google.com>
Subject: [PATCH 1/6] KVM: nVMX: Add a helper to get highest pending from
 Posted Interrupt vector
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Add a helper to retrieve the highest pending vector given a Posted
Interrupt descriptor.  While the actual operation is straightforward, it's
surprisingly easy to mess up, e.g. if one tries to reuse lapic.c's
find_highest_vector(), which doesn't work with PID.PIR due to the APIC's
IRR and ISR component registers being physically discontiguous (they're
4-byte registers aligned at 16-byte intervals).

To make PIR handling more consistent with respect to IRR and ISR handling,
return -1 to indicate "no interrupt pending".

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/vmx/nested.c      |  5 +++--
 arch/x86/kvm/vmx/posted_intr.h | 10 ++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 75b4f41d9926..0710486d42cc 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -12,6 +12,7 @@
 #include "mmu.h"
 #include "nested.h"
 #include "pmu.h"
+#include "posted_intr.h"
 #include "sgx.h"
 #include "trace.h"
 #include "vmx.h"
@@ -3899,8 +3900,8 @@ static int vmx_complete_nested_posted_interrupt(struc=
t kvm_vcpu *vcpu)
 	if (!pi_test_and_clear_on(vmx->nested.pi_desc))
 		return 0;
=20
-	max_irr =3D find_last_bit((unsigned long *)vmx->nested.pi_desc->pir, 256);
-	if (max_irr !=3D 256) {
+	max_irr =3D pi_find_highest_vector(vmx->nested.pi_desc);
+	if (max_irr > 0) {
 		vapic_page =3D vmx->nested.virtual_apic_map.hva;
 		if (!vapic_page)
 			goto mmio_needed;
diff --git a/arch/x86/kvm/vmx/posted_intr.h b/arch/x86/kvm/vmx/posted_intr.h
index 6b2a0226257e..1715d2ab07be 100644
--- a/arch/x86/kvm/vmx/posted_intr.h
+++ b/arch/x86/kvm/vmx/posted_intr.h
@@ -1,6 +1,8 @@
 /* SPDX-License-Identifier: GPL-2.0 */
 #ifndef __KVM_X86_VMX_POSTED_INTR_H
 #define __KVM_X86_VMX_POSTED_INTR_H
+
+#include <linux/find.h>
 #include <asm/posted_intr.h>
=20
 void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu);
@@ -12,4 +14,12 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int hos=
t_irq,
 		       uint32_t guest_irq, bool set);
 void vmx_pi_start_assignment(struct kvm *kvm);
=20
+static inline int pi_find_highest_vector(struct pi_desc *pi_desc)
+{
+	int vec;
+
+	vec =3D find_last_bit((unsigned long *)pi_desc->pir, 256);
+	return vec < 256 ? vec : -1;
+}
+
 #endif /* __KVM_X86_VMX_POSTED_INTR_H */
--=20
2.45.2.505.gda0bf45e8d-goog
From nobody Thu Feb 12 19:03:37 2026
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1DCA419B59B
	for <linux-kernel@vger.kernel.org>; Fri,  7 Jun 2024 17:26:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781178; cv=none;
 b=a9dAvrX6s3N0E6IGTGEHLgsJQBZf+bLIh0aIYQf0Ep9OfViTgoPcqL5Ru3x/gFmESzlyfGtmra1e6p18z4mw9pjvFLBkqbR0BmjozSTbZptQ9jCoL1NzRXBJURY/br9p59GYC79fimONuUOx2Dg39xGunws3RPXgIYT4nTYUDXY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781178; c=relaxed/simple;
	bh=zAGtRhmr0d/QTq2Bw5BvUsPFzARJJ399PRwhubtB1X8=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=PMQ1K0oHOdCMX/eFKbTjW+4BaXJlvCCnH8wlhIRaXrss0gXMH4c+SqBamnRZTe1/AEzj7IEBLpbRewqcDzQQ8Pp1XNKDkgrSl6/Wr4lSRE0s+ZZwYS0s7J5JYNX2Pkt78E2gq+Xoi4RyugaXPgOTZswRkiqf1g76ajfJCLcM8gc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=PzUojqmZ; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="PzUojqmZ"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-62a0827391aso43150597b3.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 07 Jun 2024 10:26:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781176; x=1718385976;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=kJHRfStFkUXfG21w/DoiKB1T7iExC1PuwpEo9VICX2Y=;
        b=PzUojqmZdHtO6oN3aENDkb5YvE/utaYvBgVvUyOnItrLoRMC1g+JugWGoBw8LjYMpt
         NXrddiGm+qv1ywuCQB4GBFEgsKG4IUWw2mFUV4ENt62+6vemNVBmfOHqCrVniCgcbqLi
         m6TDWWUMrlHDOYVbIEZdXbDHldQGcp8gIJfZ6JudjnFoUCXf1stnRt06bFhq6HCxTNvC
         6VZ+W7s/cbkOUK+qNPRU2bQLScYQeXDsAXnCqFTkjm0YfuO8nBAnZbnP7lVQuw8AzaZb
         H7TsmCSWB4jIGi0kTwoCb1xVl9SRR2+om3i9ox9MZPo1ZqmOeqCdr8cz24mlZ++sLpNQ
         XccA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781176; x=1718385976;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=kJHRfStFkUXfG21w/DoiKB1T7iExC1PuwpEo9VICX2Y=;
        b=JW/OA6LGEBIv5vuFiA9cv/dL/JOhaKQRXC8xg/qbAEhpid8O9qjTTlXKXxCLvGdHS2
         66ivi+GbJ4JGrcVdVuMC228q2KwS5+Sg63Y4LhM3bhnlXiMnDyykgWpKyjmIoZ6bvMra
         vgMnRr/XBBJ9HEKi03jziCtDuuEO0D0m7s9cFEzD9EzuRWHVa4xQo98s/TH9dWeAczZD
         q0TSP60UFM2RPRKcfv+eeW+/+xK7fmCBIiuVqTHJMCfoJZ6sQkAnahmh4zUfk1t2yOiX
         ncYDx+l+7KEIH74OGCLS4+9q9ZNNTfQ5i0Cjctcy3knzv2agEKNm90Gfsox2Nd7DEto4
         Y2dg==
X-Forwarded-Encrypted: i=1;
 AJvYcCXaECyOJt7zhSTwYyQGK9fuj4A8HbP3T0YTBZzxdpYq0I8eH7bVFAHF696bij2OKX38ynQWyVDt8aMm1RUUJ/ZQqqqbwi1LvPAhSdAq
X-Gm-Message-State: AOJu0YyRYgYwcu08S7evSRZRFTv25Dp/YtIyUoO3GK95TsOaFE0/ORe4
	fxmggNNhYGTUTZVFxfGSmE1Sv8DCDLzBUps6oCKUugIkmY2z9V+RsoVGKKxko35Xip8r7DZH62j
	zjA==
X-Google-Smtp-Source: 
 AGHT+IEJgRrph+wkSRXAv3mYf/aI2eiFiQMIWYiL20qPih15C/254zU1LiwuO3jOFWmuqAnMD00vhDMjY/w=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6902:1106:b0:df7:a340:45e5 with SMTP id
 3f1490d57ef6-dfaf6594155mr711835276.9.1717781176159; Fri, 07 Jun 2024
 10:26:16 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:05 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-3-seanjc@google.com>
Subject: [PATCH 2/6] KVM: nVMX: Request immediate exit iff pending nested
 event needs injection
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When requesting an immediate exit from L2 in order to inject a pending
event, do so only if the pending event actually requires manual injection,
i.e. if and only if KVM actually needs to regain control in order to
deliver the event.

Avoiding the "immediate exit" isn't simply an optimization, it's necessary
to make forward progress, as the "already expired" VMX preemption timer
trick that KVM uses to force a VM-Exit has higher priority than events
that aren't directly injected.

At present time, this is a glorified nop as all events processed by
vmx_has_nested_events() require injection, but that will not hold true in
the future, e.g. if there's a pending virtual interrupt in vmcs02.RVI.
I.e. if KVM is trying to deliver a virtual interrupt to L2, the expired
VMX preemption timer will trigger VM-Exit before the virtual interrupt is
delivered, and KVM will effectively hang the vCPU in an endless loop of
forced immediate VM-Exits (because the pending virtual interrupt never
goes away).

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm_host.h | 2 +-
 arch/x86/kvm/vmx/nested.c       | 2 +-
 arch/x86/kvm/x86.c              | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos=
t.h
index 5c0415899a07..473f7e1d245c 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1836,7 +1836,7 @@ struct kvm_x86_nested_ops {
 	bool (*is_exception_vmexit)(struct kvm_vcpu *vcpu, u8 vector,
 				    u32 error_code);
 	int (*check_events)(struct kvm_vcpu *vcpu);
-	bool (*has_events)(struct kvm_vcpu *vcpu);
+	bool (*has_events)(struct kvm_vcpu *vcpu, bool for_injection);
 	void (*triple_fault)(struct kvm_vcpu *vcpu);
 	int (*get_state)(struct kvm_vcpu *vcpu,
 			 struct kvm_nested_state __user *user_kvm_nested_state,
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 0710486d42cc..9099c1d0c7cb 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4032,7 +4032,7 @@ static bool nested_vmx_preemption_timer_pending(struc=
t kvm_vcpu *vcpu)
 	       to_vmx(vcpu)->nested.preemption_timer_expired;
 }
=20
-static bool vmx_has_nested_events(struct kvm_vcpu *vcpu)
+static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injectio=
n)
 {
 	return nested_vmx_preemption_timer_pending(vcpu) ||
 	       to_vmx(vcpu)->nested.mtf_pending;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4157602c964e..5ec24d9cb231 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -10534,7 +10534,7 @@ static int kvm_check_and_inject_events(struct kvm_v=
cpu *vcpu,
=20
 	if (is_guest_mode(vcpu) &&
 	    kvm_x86_ops.nested_ops->has_events &&
-	    kvm_x86_ops.nested_ops->has_events(vcpu))
+	    kvm_x86_ops.nested_ops->has_events(vcpu, true))
 		*req_immediate_exit =3D true;
=20
 	/*
@@ -13182,7 +13182,7 @@ static inline bool kvm_vcpu_has_events(struct kvm_v=
cpu *vcpu)
=20
 	if (is_guest_mode(vcpu) &&
 	    kvm_x86_ops.nested_ops->has_events &&
-	    kvm_x86_ops.nested_ops->has_events(vcpu))
+	    kvm_x86_ops.nested_ops->has_events(vcpu, false))
 		return true;
=20
 	if (kvm_xen_has_pending_events(vcpu))
--=20
2.45.2.505.gda0bf45e8d-goog
From nobody Thu Feb 12 19:03:37 2026
Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com
 [209.85.219.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0135719CCF3
	for <linux-kernel@vger.kernel.org>; Fri,  7 Jun 2024 17:26:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.219.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781180; cv=none;
 b=DHSjIi0hIi0tbqqv2bxo9jC5I2tTgsLF0dJAdVujh6XktDhmbYMAAd232hTZSdx3Xaanq2vx2MqmeDm94t7fhwJaTXjb5jR0p4dkzHJdIuH9rtK/hfj/sOUyFBYn8oZpUsWEThVTQqKjk1FGGznkyTs07qIGlq0e2MWnUaFSYWs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781180; c=relaxed/simple;
	bh=MTqQFmVrRdyG7Np823VTm6J+yyKDKmP35dXc0YupBSg=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=ufld0mfeEdR/SbK6ej65QbHlqiujA7v17epTb4uWLWFjQLX09b55rF56cf0r7zGqvihV9xNdvslg3z+lhWLogJ9KTI7dT/D/NbAdtvILoZjmgAJSs2VbhBQLrWlEP4AIVvZqpwQN5uBtmsvL1hN0IKeNuG8QLTBCjH7m3Zsqne4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=NfgFH684; arc=none smtp.client-ip=209.85.219.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="NfgFH684"
Received: by mail-yb1-f201.google.com with SMTP id
 3f1490d57ef6-dfa5743655eso4149460276.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 07 Jun 2024 10:26:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781178; x=1718385978;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=JYYDgtTjpdJQWbBa/dr8LzdA49eSHC9v6AH4GoU5QDU=;
        b=NfgFH684x+eCraapvFW3iwc8lOixsi02uCsT6l8EqJZNU1m6F4MlL3fwgRj3qOFeJz
         dHAZes6k9qIVZdwZwJSnYgw1PWU0Ako5Kcnxmeem31GfXrs2toI7SDEcgr53vbAKI8ro
         74y3gkhj8GaauC2PVISa7rr1BK8SphEcjBMZxtx9WIyI0H+l5xFBFLFkdZHxz2pz0uZv
         lsZXwUPexlp1/JYHokLgtBKOsO5urh3N/0E0nb7jYO6TNV3qH7RV1UD9i6Lu5vUEm2Dr
         B/C51Q3cvTREmPm1hgLUNKMe4Whv0fRpnfU8wCeetSy+gxt5uiADnP7h1dG5x4uLC6KX
         eXAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781178; x=1718385978;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=JYYDgtTjpdJQWbBa/dr8LzdA49eSHC9v6AH4GoU5QDU=;
        b=QqVjLVJvjLYzjfOTtcAYwqFHXqACieX3P6ZJO1iL239om7FkaGGRe09pnxeuBHZw0k
         xZT23y/lwB1mH6AQDDtdDGE6KtDhZiE7x3WWtLpJU02VM8TQEyORAMUKmjvXtkC7HBdD
         +Om23cAwasRDbQsVNK0wkBgFcVR0MF8HvSHwAvGwlw1Rzp52veEafRRJuiThTEqktCOC
         SCUJTybeXOCYrRM2eZfJgQoL1P7bzCDdEv76fV3Tt1bWPR3+d4Jan+anL2sc7JSNFPgE
         njxthxVahIG1B1FtskJjARWj/KfnQdnfONjsP7xHLwuRRKUmU4xYCS3Mkv9BbIvnP0ez
         U26w==
X-Forwarded-Encrypted: i=1;
 AJvYcCVSStDNX2yJUrHAgPYu9u5pU2GI9aGQlM+dQnSA9Qz/cG4tuAEzlgbdrPF90mKTYZ18UQp564TYFNIl7VF9jqwoyIIB1at7WaIEhS+2
X-Gm-Message-State: AOJu0YwhTqKBI1USgJtNap+j9N9uI77Rl5/QwbGIPhnNzRRHncKt+I+H
	l5kNcgFnimLDoB8ClAyQv+DLeIW5/Qqs+U2bc1mYuOv+XLuzWlWBJqX5axR3gc4j+/FD9jGN9Zv
	XmQ==
X-Google-Smtp-Source: 
 AGHT+IHChjWREz5f17er3Dt6IudMfKcgo37XC0GFeRYtbeBkJwfmU7kOe/5g8rorkUKpzeJq7A7baJuMnI8=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6902:1007:b0:dfa:7282:d6d4 with SMTP id
 3f1490d57ef6-dfaf64efa7dmr799974276.6.1717781177998; Fri, 07 Jun 2024
 10:26:17 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:06 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-4-seanjc@google.com>
Subject: [PATCH 3/6] KVM: VMX: Split out the non-virtualization part of
 vmx_interrupt_blocked()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Move the non-VMX chunk of the "interrupt blocked" checks to a separate
helper so that KVM can reuse the code to detect if interrupts are blocked
for L2, e.g. to determine if a virtual interrupt _for L2_ is a valid wake
event.  If L1 disables HLT-exiting for L2, nested APICv is enabled, and L2
HLTs, then L2 virtual interrupts are valid wake events, but if and only if
interrupts are unblocked for L2.

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/vmx/vmx.c | 13 +++++++++----
 arch/x86/kvm/vmx/vmx.h |  1 +
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 0e3aaf520db2..d8d9e1f6c340 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -5050,16 +5050,21 @@ int vmx_nmi_allowed(struct kvm_vcpu *vcpu, bool for=
_injection)
 	return !vmx_nmi_blocked(vcpu);
 }
=20
-bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
+bool __vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
 {
-	if (is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
-		return false;
-
 	return !(vmx_get_rflags(vcpu) & X86_EFLAGS_IF) ||
 	       (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
 		(GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS));
 }
=20
+bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu)
+{
+	if (is_guest_mode(vcpu) && nested_exit_on_intr(vcpu))
+		return false;
+
+	return __vmx_interrupt_blocked(vcpu);
+}
+
 int vmx_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection)
 {
 	if (to_vmx(vcpu)->nested.nested_run_pending)
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index 08d7d67fe760..42498fa63abb 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -406,6 +406,7 @@ u64 construct_eptp(struct kvm_vcpu *vcpu, hpa_t root_hp=
a, int root_level);
 bool vmx_guest_inject_ac(struct kvm_vcpu *vcpu);
 void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu);
 bool vmx_nmi_blocked(struct kvm_vcpu *vcpu);
+bool __vmx_interrupt_blocked(struct kvm_vcpu *vcpu);
 bool vmx_interrupt_blocked(struct kvm_vcpu *vcpu);
 bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu);
 void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked);
--=20
2.45.2.505.gda0bf45e8d-goog
From nobody Thu Feb 12 19:03:37 2026
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3D6419CD1F
	for <linux-kernel@vger.kernel.org>; Fri,  7 Jun 2024 17:26:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781182; cv=none;
 b=Xorb6ZDsnTCRBkozxCU3/FKuJluxgdPZlJXe/5QB6CqWIZn7gdfeDCGJ9tLBs8XYGcxj+8cmnaz7kWclQml6/OJlH1y9G4IcJFHIzWBhzo7u4Xeq7XCwASoo+9NWK6XxJp40znyekdzNxHOHED10tGslHopb0jY/jceb00tRqyc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781182; c=relaxed/simple;
	bh=EkyMwxgguAdShYFUA0GXN+UsQ76+bfUZ2h4ecWNIerk=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=rsIlohsEQQ77/4XD1Ow0g66wUicapHV4+xxWoBeyz3FiBQFZwU+jEzKIr/+QFot46BP0dhcqGcLDstf3lh2rmbq0fu6KkEjJ2QjDHcI9vO4K3kGYkCNZ4/Tl/4OY3FzZauexWLwIVtj2gjeUNvisDAgFaeCpXibT8KJbZM2ZI3c=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=vcJDljGS; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="vcJDljGS"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-62a248f46aaso37927097b3.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 07 Jun 2024 10:26:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781180; x=1718385980;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=uvcmSFh6UDPlnnaoqVbG3z1+eul2qj/DkJROW9dPPPM=;
        b=vcJDljGSZJDzjPb8utCkJ4FypfZ29PYbOLV3rfsiWDB3VlWaK/kucDGxt659/RWNmg
         Al4UKWV6aZMaNMUwLIfOssKXD3QPgT7a6FXjZDJL04wKIve3EzPnPcnJk3S6wlhSXC0r
         2oJkTzGX3o6/CZaAIHT9DpvIk2rddXXoBDST+t+trdnLR8ORMD3wBr2JJ6oTcsQJsZ2A
         +H4cQoOEzZGkBg+K+Wqy0myjDeBEfOhjmRYO1edG1kSgWh+C5V3Kf2ukHJV/0xIHGHQt
         LDkfdTbz2UxKXtvBVzzWo511jsGk2GUcB+LYDJGzyqUrYe1kdkdEmyeom/4HhKLtysg9
         LO5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781180; x=1718385980;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=uvcmSFh6UDPlnnaoqVbG3z1+eul2qj/DkJROW9dPPPM=;
        b=Q6Q4PdCh6eHXWWsTcv2HMiM8QZRmLGcGNKlSkU6BJJr7KcBx1LqPUS+2orN0BBvokj
         4HuSbUgrwFmvdHjEvia1e/u0xkc8MjJEzXuD7EdIUWbsekiNrzlOx8RXF0fcH4s6etY9
         kg0iJ9xvVTmxuwdiL168ZmsrTeCYz2KpbK6HnFWMTojD+lmwvVCyPVQaG0JG7fPeTmkM
         3ymwVIVnx7RrTiBUtbIlJXvUKkUbpRUw1/T+xn+dlg9oH2+ibvmLl3ejmF3OldzOsY65
         g0dSfhsOdCvH5Ndxg39kY5xNdsHIITcv6iQnG/sP2VSOaiCSIKmHlXzWZbcb7g1vc8OA
         MQLQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCUqQkyCA1QzZh87NEU54+H4Q/iddLTDOPulM70zhxz4gGqULeyel2589iPYXn5xEoN69dY7JEMO19o7omexZ3/fWRSEmjvmWfpZ+/U4
X-Gm-Message-State: AOJu0YwGt2EFT+dGVgt9txuJmt79hVwuDJzne2A40MHwxH6wOoUZU4qi
	lEHDlN0S/SzHLKtKZckHfGNvvxiYPtxHBIWzaiqq0331hn2PnFuV3FT2lxAMZCnEZJwestyoRc/
	XlQ==
X-Google-Smtp-Source: 
 AGHT+IGIZ4Qb+0glovi73d9KZDhjY95rWNohcXu2h9SyflsuTB9XzgO6rUM0AtwM6BI0O8URSVqN8+IbMWY=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:690c:f12:b0:627:a671:8805 with SMTP id
 00721157ae682-62cd558cf7cmr8461517b3.3.1717781179894; Fri, 07 Jun 2024
 10:26:19 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:07 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-5-seanjc@google.com>
Subject: [PATCH 4/6] KVM: nVMX: Check for pending posted interrupts when
 looking for nested events
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check for pending (and notified!) posted interrupts when checking if L2
has a pending wake event, as fully posted/notified virtual interrupt is a
valid wake event for HLT.

Note that KVM must check vmx->nested.pi_pending to avoid prematurely
waking L2, e.g. even if KVM sees a non-zero PID.PIR and PID.0N=3D1, the
virtual interrupt won't actually be recognized until a notification IRQ is
received by the vCPU or the vCPU does (nested) VM-Enter.

Fixes: 26844fee6ade ("KVM: x86: never write to memory from kvm_vcpu_check_b=
lock()")
Cc: stable@vger.kernel.org
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Reported-by: Jim Mattson <jmattson@google.com>
Closes: https://lore.kernel.org/all/20231207010302.2240506-1-jmattson@googl=
e.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/vmx/nested.c | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 9099c1d0c7cb..3bac65591f20 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4034,8 +4034,40 @@ static bool nested_vmx_preemption_timer_pending(stru=
ct kvm_vcpu *vcpu)
=20
 static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injectio=
n)
 {
-	return nested_vmx_preemption_timer_pending(vcpu) ||
-	       to_vmx(vcpu)->nested.mtf_pending;
+	struct vcpu_vmx *vmx =3D to_vmx(vcpu);
+	void *vapic =3D vmx->nested.virtual_apic_map.hva;
+	int max_irr, vppr;
+
+	if (nested_vmx_preemption_timer_pending(vcpu) ||
+	    vmx->nested.mtf_pending)
+		return true;
+
+	/*
+	 * Virtual Interrupt Delivery doesn't require manual injection.  Either
+	 * the interrupt is already in GUEST_RVI and will be recognized by CPU
+	 * at VM-Entry, or there is a KVM_REQ_EVENT pending and KVM will move
+	 * the interrupt from the PIR to RVI prior to entering the guest.
+	 */
+	if (for_injection)
+		return false;
+
+	if (!nested_cpu_has_vid(get_vmcs12(vcpu)) ||
+	    __vmx_interrupt_blocked(vcpu))
+		return false;
+
+	if (!vapic)
+		return false;
+
+	vppr =3D *((u32 *)(vapic + APIC_PROCPRI));
+
+	if (vmx->nested.pi_pending && vmx->nested.pi_desc &&
+	    pi_test_on(vmx->nested.pi_desc)) {
+		max_irr =3D pi_find_highest_vector(vmx->nested.pi_desc);
+		if (max_irr > 0 && (max_irr & 0xf0) > (vppr & 0xf0))
+			return true;
+	}
+
+	return false;
 }
=20
 /*
--=20
2.45.2.505.gda0bf45e8d-goog
From nobody Thu Feb 12 19:03:37 2026
Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com
 [209.85.128.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99C4519D08B
	for <linux-kernel@vger.kernel.org>; Fri,  7 Jun 2024 17:26:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781184; cv=none;
 b=o/zvn8FU+tmeFF8JYLXd6IC2vzgDog8KWFufjwhI3CECqGbvb2NYIsRQ28Wiw2B+sVQhpOmRlQbve3nvs9E6l+4ENfJNyAwoUaD/6Qz8hS2ms+MEFXRPDKiaAOGgX7FL4TtFbYwMZ8tfoRTlay+UhUtG6GsHSBdgoQ63qxSK8K8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781184; c=relaxed/simple;
	bh=uwYtophU5hm1OXjOu+1eRsZ49jJfW6mqic9Ov3GeFFE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=hLx+WxH9YFYADsM5odiC3zW6d3/H8W/O7prqneVUEYYQWFdQ6hQcMJe6KyQN3grfeEjyAfosJvtsNQWRI9Z2kwDu3TQ8e9xx8FRNrvFDtA1SD5rr2ulJMvb9YmYzSJ1Dj/jGw1YP+mLBBP45V7mes/6UgLLxUs23uHVeKK8Neuk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Mby5aok0; arc=none smtp.client-ip=209.85.128.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Mby5aok0"
Received: by mail-yw1-f202.google.com with SMTP id
 00721157ae682-627956be166so44480087b3.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 07 Jun 2024 10:26:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781182; x=1718385982;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=I8tZ/gmYA7GBl7bf0FH2ZDf6II4rZkd3AyeJSBhZjy0=;
        b=Mby5aok0y7hgq4pYmKe9N0ihp3Nzrg6BLSfwbSRdDnjrwuC10bhVu2MLLvZ3LTV4Dg
         f1zj6jX131aH1je4+1YHSngGY7QYBd6u/MwubS/iQcHGPEvrW+bskEqpW2TZplPoTNek
         OfciX3x/uLBGJbgcZdRO7y7gkCGlpXqljT27ldw2HJ0kbPM+oB+c4IhlU8nT2GOGpDt2
         dklzwajAnisneEorQVi/5EaTn93+eVqFtGJHrYbdk0iWdcx3yRVlQyj3bKTGA7SkZBkO
         tEm2pEyzZWEgFaa/cNh029Y5VaSbk+3VX598P2kU7Roccua8xAaoRMeAQuSwA26hqzKa
         xzig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781182; x=1718385982;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=I8tZ/gmYA7GBl7bf0FH2ZDf6II4rZkd3AyeJSBhZjy0=;
        b=rsvG900Lx+2eXsX3pRwrDASMNh3opB/jAyY7BRUDW/CkjVfdiUpDjb4Pqz1SE/37gx
         +QupjybXwBso/u5HiLgFFheCMvXI9ySkACr/rEdonk2ynXMX4fLlsBZbJqF9ealFjYO5
         rlwT4irTQeQz/7jeQh8IQHrZdvRNdTomq4QgYzwoJV/cZrVeM4uw6nGojWBGutE88msa
         XV3oWHG+UXurdFvsbJEEobNM5hf7D4lPSGRJ7Shd7xfUfnccOmsZAUcFQa2unoawV9ba
         WDRk9qHc57VuzkQuFofNPjthOFL4BjyHXs2WmKk3EM15peUxQbYa5XY+TjEpcUOp7hti
         BuNA==
X-Forwarded-Encrypted: i=1;
 AJvYcCWyMkPOzuAKCnQVGPqm0THBnAu+hlxoGvwkwjnxewR8zFIG2RAi74n4B/1qhXYOLBJzHy6Bj/5G5qZxsuaJNYpBKGt0+aovEc59wZbg
X-Gm-Message-State: AOJu0Yyu+cJNDB6EdS7SfUUwMibf665wAh7r/e4+4jBPsSi8fMWe+1Km
	djTYgwxegTlDIF0X/Cy7MghW/uMnbswVP0z23BKs8GlKbE4ZhwkvIUxDEHt4SP+TSeXroEuiMXi
	4LQ==
X-Google-Smtp-Source: 
 AGHT+IHq6Ghjo627j1Ecg2DhQ0n1iZ2HoaZY1uPibDZ9DVJi3CFE2EBpX4AmWstOchENiKKMUNfrl6GA3KM=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:690c:6410:b0:62c:c56c:94c3 with SMTP id
 00721157ae682-62cd546f5e8mr8160437b3.0.1717781181722; Fri, 07 Jun 2024
 10:26:21 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:08 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-6-seanjc@google.com>
Subject: [PATCH 5/6] KVM: nVMX: Fold requested virtual interrupt check into
 has_nested_events()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check for a Requested Virtual Interrupt, i.e. a virtual interrupt that is
pending delivery, in vmx_has_nested_events() and drop the one-off
kvm_x86_ops.guest_apic_has_interrupt() hook.

In addition to dropping a superfluous hook, this fixes a bug where KVM
would incorrectly treat virtual interrupts _for L2_ as always enabled due
to kvm_arch_interrupt_allowed(), by way of vmx_interrupt_blocked(),
treating IRQs as enabled if L2 is active and vmcs12 is configured to exit
on IRQs, i.e. KVM would treat a virtual interrupt for L2 as a valid wake
event based on L1's IRQ blocking status.

Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm-x86-ops.h |  1 -
 arch/x86/include/asm/kvm_host.h    |  1 -
 arch/x86/kvm/vmx/main.c            |  1 -
 arch/x86/kvm/vmx/nested.c          |  4 ++++
 arch/x86/kvm/vmx/vmx.c             | 20 --------------------
 arch/x86/kvm/vmx/x86_ops.h         |  1 -
 arch/x86/kvm/x86.c                 | 10 +---------
 7 files changed, 5 insertions(+), 33 deletions(-)

diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-=
x86-ops.h
index 566d19b02483..f91d413d7de1 100644
--- a/arch/x86/include/asm/kvm-x86-ops.h
+++ b/arch/x86/include/asm/kvm-x86-ops.h
@@ -85,7 +85,6 @@ KVM_X86_OP_OPTIONAL(update_cr8_intercept)
 KVM_X86_OP(refresh_apicv_exec_ctrl)
 KVM_X86_OP_OPTIONAL(hwapic_irr_update)
 KVM_X86_OP_OPTIONAL(hwapic_isr_update)
-KVM_X86_OP_OPTIONAL_RET0(guest_apic_has_interrupt)
 KVM_X86_OP_OPTIONAL(load_eoi_exitmap)
 KVM_X86_OP_OPTIONAL(set_virtual_apic_mode)
 KVM_X86_OP_OPTIONAL(set_apic_access_page_addr)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos=
t.h
index 473f7e1d245c..f2336c646088 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1728,7 +1728,6 @@ struct kvm_x86_ops {
 	void (*refresh_apicv_exec_ctrl)(struct kvm_vcpu *vcpu);
 	void (*hwapic_irr_update)(struct kvm_vcpu *vcpu, int max_irr);
 	void (*hwapic_isr_update)(int isr);
-	bool (*guest_apic_has_interrupt)(struct kvm_vcpu *vcpu);
 	void (*load_eoi_exitmap)(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap);
 	void (*set_virtual_apic_mode)(struct kvm_vcpu *vcpu);
 	void (*set_apic_access_page_addr)(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index d0e1a5b5c915..7e846a842443 100644
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -97,7 +97,6 @@ struct kvm_x86_ops vt_x86_ops __initdata =3D {
 	.required_apicv_inhibits =3D VMX_REQUIRED_APICV_INHIBITS,
 	.hwapic_irr_update =3D vmx_hwapic_irr_update,
 	.hwapic_isr_update =3D vmx_hwapic_isr_update,
-	.guest_apic_has_interrupt =3D vmx_guest_apic_has_interrupt,
 	.sync_pir_to_irr =3D vmx_sync_pir_to_irr,
 	.deliver_interrupt =3D vmx_deliver_interrupt,
 	.dy_apicv_has_pending_interrupt =3D pi_has_pending_interrupt,
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 3bac65591f20..2392a7ef254d 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4060,6 +4060,10 @@ static bool vmx_has_nested_events(struct kvm_vcpu *v=
cpu, bool for_injection)
=20
 	vppr =3D *((u32 *)(vapic + APIC_PROCPRI));
=20
+	max_irr =3D vmx_get_rvi();
+	if ((max_irr & 0xf0) > (vppr & 0xf0))
+		return true;
+
 	if (vmx->nested.pi_pending && vmx->nested.pi_desc &&
 	    pi_test_on(vmx->nested.pi_desc)) {
 		max_irr =3D pi_find_highest_vector(vmx->nested.pi_desc);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index d8d9e1f6c340..c7558bcb0241 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -4106,26 +4106,6 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *vc=
pu)
 	}
 }
=20
-bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu)
-{
-	struct vcpu_vmx *vmx =3D to_vmx(vcpu);
-	void *vapic_page;
-	u32 vppr;
-	int rvi;
-
-	if (WARN_ON_ONCE(!is_guest_mode(vcpu)) ||
-		!nested_cpu_has_vid(get_vmcs12(vcpu)) ||
-		WARN_ON_ONCE(!vmx->nested.virtual_apic_map.gfn))
-		return false;
-
-	rvi =3D vmx_get_rvi();
-
-	vapic_page =3D vmx->nested.virtual_apic_map.hva;
-	vppr =3D *((u32 *)(vapic_page + APIC_PROCPRI));
-
-	return ((rvi & 0xf0) > (vppr & 0xf0));
-}
-
 void vmx_msr_filter_changed(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vmx *vmx =3D to_vmx(vcpu);
diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h
index 502704596c83..d404227c164d 100644
--- a/arch/x86/kvm/vmx/x86_ops.h
+++ b/arch/x86/kvm/vmx/x86_ops.h
@@ -49,7 +49,6 @@ void vmx_apicv_pre_state_restore(struct kvm_vcpu *vcpu);
 bool vmx_check_apicv_inhibit_reasons(enum kvm_apicv_inhibit reason);
 void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr);
 void vmx_hwapic_isr_update(int max_isr);
-bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu);
 int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu);
 void vmx_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode,
 			   int trig_mode, int vector);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5ec24d9cb231..82442960b499 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -13133,12 +13133,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
 		kvm_arch_free_memslot(kvm, old);
 }
=20
-static inline bool kvm_guest_apic_has_interrupt(struct kvm_vcpu *vcpu)
-{
-	return (is_guest_mode(vcpu) &&
-		static_call(kvm_x86_guest_apic_has_interrupt)(vcpu));
-}
-
 static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu)
 {
 	if (!list_empty_careful(&vcpu->async_pf.done))
@@ -13172,9 +13166,7 @@ static inline bool kvm_vcpu_has_events(struct kvm_v=
cpu *vcpu)
 	if (kvm_test_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, vcpu))
 		return true;
=20
-	if (kvm_arch_interrupt_allowed(vcpu) &&
-	    (kvm_cpu_has_interrupt(vcpu) ||
-	    kvm_guest_apic_has_interrupt(vcpu)))
+	if (kvm_arch_interrupt_allowed(vcpu) && kvm_cpu_has_interrupt(vcpu))
 		return true;
=20
 	if (kvm_hv_has_stimer_pending(vcpu))
--=20
2.45.2.505.gda0bf45e8d-goog
From nobody Thu Feb 12 19:03:37 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89BF519ADAE
	for <linux-kernel@vger.kernel.org>; Fri,  7 Jun 2024 17:26:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717781185; cv=none;
 b=DHe5ZG0AP725GkQmS0FKgFpHmMc5VDwT/PQWdhDwxORC43gAzVxP1gZUFkQMhPGJkgtwb3/YxVNsNXIIoS0OKEQv2da4ar+eW/5simUOg8SUXaMoFniSkUFxr3DrLkxogl/pAlMLB2+WYKFWLx9aYhcMKlLhZKa3cU9NmxGrXDI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717781185; c=relaxed/simple;
	bh=k3uT5XlI3ypHnkmLELkYUkwKaO/W0Vb6n7fa+JWmkAI=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=HcvbHMDXGmS5jmpllb49BOXq0nvB0Jf9MHpN0G+SrlY0gtfblXMCXSGY4OuV6phlcLfsNb9p6IYWNkXuZ1pOfunC1cPZUS/5kIbtWaVk08S+dyfplpV3xQMf77Z8EbALULhvg2SL4aMlv/SrSpqLzpp7fASiw0CdMT3xOxCS/Hg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=gVhJSPCi; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="gVhJSPCi"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2c1a9e8d3b0so1829738a91.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 07 Jun 2024 10:26:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1717781184; x=1718385984;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=imi/dSYgg4r8Xm2pV7Tc7IPLLCcd51djYuqB8UoSynw=;
        b=gVhJSPCiy/xmMy+io9LvM3vlstRFcRXZ818xvTziOsyK6QYvglbT0rDny7t3DrIyEA
         A6QL7eAA2FLpDiUyOV4XSoyljaTYSQLi6VRrWmMzLFO7LZjHhky4w5rJbRdGA9EQn/XC
         Omb29/5HVAUEQbIA4b+fIRErJ8avBy+vJaJfh5G6t/cHJqhUchwVWvOzqTzl/E3MNLhD
         70RGYEW8w0HQoNGver9ikXbephNn0SWmvIwiCzqNXsEgtoVPc+zh38w0ykLfmrUMwrrT
         zdzs7JtRSqEy8+h+ykSu97LEmLTaO+TBh+/Xs2TjKL2FbUBk7BsOpnKt2+c/5O2CjtT2
         Cnlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717781184; x=1718385984;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=imi/dSYgg4r8Xm2pV7Tc7IPLLCcd51djYuqB8UoSynw=;
        b=ZFlkr6yPP3d3Lhr7QLQ/jlqvJXmoON7C04ww2l66bTJYEqNlgmknqGzycKS7bSo/4U
         kd6V/wOPqJQ95Uft25tNEOnfvrOu2Gl21jVIXOnp8rxQBEEwsQCMoD1DP+VKaUPq4Vp2
         U9TO4HwHxh2gwJDM+psSBctB2k5ZALK2+cUsyHYhDs4Qfjee2RISootN3zeEfhFD+rT0
         g/8yqnhRxAK0pEHyajEeKEJoR/t62gVVNCHqmIXmgV4Q7n3FWDwFfekFZTmJ1szn4GB7
         qTaND6c7v85jaIQa6cJQnONDhBQ9NKxi3x4jGg6eaXRVSEd85sy0eOLsY4aavnLWpG+p
         RvOw==
X-Forwarded-Encrypted: i=1;
 AJvYcCVIBw/29Z2wZk6UBBT9f6ckQyNbxMdFhqIF70Ex63GSTh1Q4CoEY3hK/ZnNe+Fey7DKeP2yfQAkq16tRFgf+07wqH7UDAOEjqlRFgrS
X-Gm-Message-State: AOJu0YyHAqccSRJiEqOVT/YCKtnXCW9+4/Up7CGywAKsuzelESPf07YS
	rdngo770T1GkMPGmJm7BrXU/caDHxFPU2aydqL/BKOVur6VPaqXN4hDKsb5/lcGMijOoXj8nTdx
	+zQ==
X-Google-Smtp-Source: 
 AGHT+IG6nFvgtkoQJtWh/SJojCthYFNtSi07s94PAk8NWpUcvQDU80zrybcyumoWHUKops6ND1JkBsWVY/Q=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90b:2752:b0:2bd:f679:24ac with SMTP id
 98e67ed59e1d1-2c2bc790091mr8377a91.0.1717781183524; Fri, 07 Jun 2024 10:26:23
 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri,  7 Jun 2024 10:26:09 -0700
In-Reply-To: <20240607172609.3205077-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20240607172609.3205077-1-seanjc@google.com>
X-Mailer: git-send-email 2.45.2.505.gda0bf45e8d-goog
Message-ID: <20240607172609.3205077-7-seanjc@google.com>
Subject: [PATCH 6/6] KVM: x86: WARN if a vCPU gets a valid wakeup that KVM
 can't yet inject
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Maxim Levitsky <mlevitsk@redhat.com>, Jim Mattson <jmattson@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

WARN if a blocking vCPU is awaked by a valid wake event that KVM can't
inject, e.g. because KVM needs to completed a nested VM-enter, or needs to
re-inject an exception.  For the nested VM-Enter case, KVM is supposed to
clear "nested_run_pending" if L1 puts L2 into HLT, i.e. entering HLT
"completes" the nested VM-Enter.  And for already-injected exceptions, it
should be impossible for the vCPU to be in a blocking state if a VM-Exit
occurred while an exception was being vectored.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 82442960b499..f6ace2bd7124 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -11233,7 +11233,10 @@ static inline int vcpu_block(struct kvm_vcpu *vcpu)
 	 * causes a spurious wakeup from HLT).
 	 */
 	if (is_guest_mode(vcpu)) {
-		if (kvm_check_nested_events(vcpu) < 0)
+		int r =3D kvm_check_nested_events(vcpu);
+
+		WARN_ON_ONCE(r =3D=3D -EBUSY);
+		if (r < 0)
 			return 0;
 	}
=20
--=20
2.45.2.505.gda0bf45e8d-goog