[v2] KVM: nVMX: Fix an SVI update bug with passthrough APIC

[PATCH v2 0/2] KVM: nVMX: Fix an SVI update bug with passthrough APIC

Sean Christopherson posted 2 patches 1 year, 2 months ago

Diff against v1
Download series mbox

arch/x86/include/asm/kvm_host.h |  2 +-
arch/x86/kvm/lapic.c            | 22 ++++++++++++++++------
arch/x86/kvm/lapic.h            |  1 +
arch/x86/kvm/vmx/nested.c       |  5 +++++
arch/x86/kvm/vmx/vmx.c          | 23 ++++++++++++++++++++++-
arch/x86/kvm/vmx/vmx.h          |  1 +
arch/x86/kvm/vmx/x86_ops.h      |  2 +-
7 files changed, 47 insertions(+), 9 deletions(-)

Expand all Fold all

[PATCH v2 0/2] KVM: nVMX: Fix an SVI update bug with passthrough APIC

Posted by Sean Christopherson 1 year, 2 months ago

Defer updating SVI (i.e. the VMCS's highest ISR cache) when L2 is active,
but L1 has not enabled virtual interrupt delivery for L2, as an EOI that
is emulated _by KVM_ in such a case acts on L1's ISR, i.e. vmcs01 needs to
reflect the updated ISR when L1 is next run.

Note, L1's ISR is also effectively L2's ISR in such a setup, but because
virtual interrupt deliver is disable for L2, there's no need to update
SVI in vmcs02, because it will never be used.

v2:
 - WARN only if the vCPU is running to avoid false positives due to userspace
   stuffing APIC state while L2 is active. [Chao]
 - Grab Chao's Tested-by.

v1: https://lore.kernel.org/all/20241101192114.1810198-1-seanjc@google.com
Chao Gao (1):
  KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID

Sean Christopherson (1):
  KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()

 arch/x86/include/asm/kvm_host.h |  2 +-
 arch/x86/kvm/lapic.c            | 22 ++++++++++++++++------
 arch/x86/kvm/lapic.h            |  1 +
 arch/x86/kvm/vmx/nested.c       |  5 +++++
 arch/x86/kvm/vmx/vmx.c          | 23 ++++++++++++++++++++++-
 arch/x86/kvm/vmx/vmx.h          |  1 +
 arch/x86/kvm/vmx/x86_ops.h      |  2 +-
 7 files changed, 47 insertions(+), 9 deletions(-)


base-commit: 4d911c7abee56771b0219a9fbf0120d06bdc9c14
-- 
2.47.0.338.g60cca15819-goog

Re: [PATCH v2 0/2] KVM: nVMX: Fix an SVI update bug with passthrough APIC

Posted by Sean Christopherson 1 year, 1 month ago

On Wed, 27 Nov 2024 16:00:08 -0800, Sean Christopherson wrote:
> Defer updating SVI (i.e. the VMCS's highest ISR cache) when L2 is active,
> but L1 has not enabled virtual interrupt delivery for L2, as an EOI that
> is emulated _by KVM_ in such a case acts on L1's ISR, i.e. vmcs01 needs to
> reflect the updated ISR when L1 is next run.
> 
> Note, L1's ISR is also effectively L2's ISR in such a setup, but because
> virtual interrupt deliver is disable for L2, there's no need to update
> SVI in vmcs02, because it will never be used.
> 
> [...]

Applied to kvm-x86 vmx, thanks!

[1/2] KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
      https://github.com/kvm-x86/linux/commit/76bce9f10162
[2/2] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID
      https://github.com/kvm-x86/linux/commit/b682d2fbf17c

--
https://github.com/kvm-x86/linux/tree/next