From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C810BF510
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:55:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161759; cv=none;
 b=kQ+0LcpKd6/rshyJ5CXND8lIVCX+upT9rM/LVuTMDtywm66WkOMbgMy27B1ex3WLkeYwZNuhAWko1UH2uq0e7etHRXQpQt9A6tFAMSxhPpLqLMFZDXdsMIzqWsuUUk4haNJjvIG/LCJupzvLiplDisSBi/2IK6aIYYHWejEn5Ug=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161759; c=relaxed/simple;
	bh=3W53J50+PZqHyOi55W21xUUEtSE7zym4UMN7fIOYvUU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=XCwGlD2WMJ3TI3NJnqUS5mEyL781VaPT+kmoV/flJ+09S2KSmsSaOpn312CdHlzGB+BNScuLgNLlS/186K7e14eGCNhBcALkOLUdVjeYpHzOzKQyQ8G+13je+KD0CW7Jtk+DpJySKpGJvWzjGCh5+o8tA26cyzwQXF/a6lHO+Mw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=fOl8pk3G; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="fOl8pk3G"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-2178115051dso50434245ad.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:55:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161757; x=1737766557;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=w3jKkxzKwjJ8beEIQ08OLVGokkXfzypP1bi1T3wcCZk=;
        b=fOl8pk3GeIhpBhmTBcUxejdcBwyvnm8a2Hw85KbH0PzW/a23oOIkq4QW7LLvYKtA1J
         dvGrMXLOowC/swIsWYXAIs4hhEQL6eQbrkuEq4gum3QeNlZ+rbr+ul32LhUhbfiaMgXR
         PTlrnNZmEmXxI7S97EJqftcCNSugoc/V22uOjhgepi6nLNIpG00zVX1k/szjd+efQkEx
         93U9iClKWDJPoiPHmdR4GNqnlCPkqCES2/Pewtb43rEjA42DAEp8v+v1gXXBW3iKdp++
         sHT/Zlj5nx15orHH0Hvj2NKSeCDn3ZX/E1VT9/9idDwp3Et3nO+LrYE/DQIH45+FFiqC
         I5Bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161757; x=1737766557;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=w3jKkxzKwjJ8beEIQ08OLVGokkXfzypP1bi1T3wcCZk=;
        b=He+qT6X9uEmpgm5p89GCDPy1xr8XpwM05EX9MBKwboymlxyggE4HcCZMl6kd6OBMNc
         fvD3VR/0waQXrVLNIpyha0n5H6olBL6gu00EC3eHF+tJrqqxb9UYcmQbeTPkC/JIMzyR
         6XXfTFPYtaVN3DTWOvtKLP1GEu8DfgauyON54aaxXekmL8BifV6YhgiZNh1ML9QqmOd4
         /BGmMnh39nLuA5Iyv5Q03Pu0vnefmX76c57VJqwZItgsQZUkkCGLvvr5PRIqmj8IfxCI
         Ea/jINoHphRBtZzK3aiOE0xNEq1zEldTAVdbQC5T+12EGhuXyPm4WncphF/OdwcBP/LO
         gn8A==
X-Forwarded-Encrypted: i=1;
 AJvYcCU/TW55SZfqRDx4sSzSu6t0LhRzQWtCxWqfhyVCDD+yJqOf2YK9sVZuqYPXmyX8b5f7HFGSy8BdC7dZ3PM=@vger.kernel.org
X-Gm-Message-State: AOJu0YybIRlDTHu3J2xr46JoZogy1fTzSqMpC6ymFbAcu6VqPHk7qMGC
	wxigEgRVD35C2BQpFcGsPDfIslLKHDVvbN2B3/AETdX0lmwMnjua+QjQH2ZrhXh+MS96TNOI0eb
	ekA==
X-Google-Smtp-Source: 
 AGHT+IHDT9joR9cdsp+VvTozeNXaSD2eBRPEOZSTTQK4J+0dAHY/ZBseFJage8oAqq/8EXcrwND5x/Ijih8=
X-Received: from plhs6.prod.google.com ([2002:a17:903:3206:b0:216:69eb:bd08])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:2342:b0:216:725c:a137
 with SMTP id d9443c01a7336-21c3556b038mr70332835ad.28.1737161757140; Fri, 17
 Jan 2025 16:55:57 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:43 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-2-seanjc@google.com>
Subject: [PATCH 01/10] KVM: x86: Don't take kvm->lock when iterating over
 vCPUs in suspend notifier
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When queueing vCPU PVCLOCK updates in response to SUSPEND or HIBERNATE,
don't take kvm->lock as doing so can trigger a largely theoretical
deadlock, it is perfectly safe to iterate over the xarray of vCPUs without
holding kvm->lock, and kvm->lock doesn't protect kvm_set_guest_paused() in
any way (pv_time.active and pvclock_set_guest_stopped_request are
protected by vcpu->mutex, not kvm->lock).

Reported-by: syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/677c0f36.050a0220.3b3668.0014.GAE@googl=
e.com
Fixes: 7d62874f69d7 ("kvm: x86: implement KVM PM-notifier")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/x86.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b2d9a16fd4d3..26e18c9b0375 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6907,7 +6907,6 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)
 	unsigned long i;
 	int ret =3D 0;
=20
-	mutex_lock(&kvm->lock);
 	kvm_for_each_vcpu(i, vcpu, kvm) {
 		if (!vcpu->arch.pv_time.active)
 			continue;
@@ -6919,7 +6918,6 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)
 			break;
 		}
 	}
-	mutex_unlock(&kvm->lock);
=20
 	return ret ? NOTIFY_BAD : NOTIFY_DONE;
 }
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A86DF2D052
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:55:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161761; cv=none;
 b=I/hSdHvhmgeEehmAsYRCpLDXJJ8pkJ/c4oE3tKLkeOu+tSKctoAaJTRvHn1OkviVUMGJIT1e0dbqo0/J0I6EUBDrbdu9BL+KIC8r0lgf1OtIKlSN3R9O7Qd7glRlQaa7Zm+HY1qWocuEtxiJ/5BhPN6EO/IcJzE5nX7UuBSKesc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161761; c=relaxed/simple;
	bh=Re6JaOfMeqW7zBx1kUqXmRuRyZAeQXxa2/azIap9LI4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=DsZt22iea+P34VEqqEhvz+z8FOjSbUxVryZhnqSXanJAIeWH4nXHFYEypgUwD1ISWvtxisXNgTgkGZloZPRPrkiV+0qrvzrK+TTzxVbnyyKoSfyCXDlaEHFjZvjVF422Vd2PmMUr1mnQoziGL3MYqQpMSuD6sUrLXt9+PO2bm9g=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=1AKUcypY; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="1AKUcypY"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2efa0eb9dacso5239018a91.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:55:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161759; x=1737766559;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=BWg391tw9c+kOeFxLTnt1zsgTfqyDcOA+e1U4rmehPY=;
        b=1AKUcypYIc07ODfK/u0JsYMka1Ui6vfk/ecTE8uiRQoNtZEyINbfJYWS83IKhvsKWr
         +vTf6eexhB4o0W083deUmYWbXIcrP90HVQnc5xGDQiWEQrKlx/yd91xAQN28dG7OGxwg
         LoF0ZQLkvQPvANBU+VB7bXn2AZAtpsltsIdgfd7hTmRfVAKsnJV/lU40KtDtBvTh8jPc
         o5EEZ7hZr+RZDG9b4alm8dPTFAXJxu4vJFaMNiebPS4TRWY3fdQ8cLjsPToyYfWJEk0D
         y77WAC+10S7djittZP0nCQYSZqX4CDiCIUgMjoUFqdcEWPtC4hm5hDJ7DGQ1nL7yGZHo
         +dRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161759; x=1737766559;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BWg391tw9c+kOeFxLTnt1zsgTfqyDcOA+e1U4rmehPY=;
        b=JFanmShJfp3Tf1WDCHTgg4FUSedwLWuZQMQXp7fGwthnGq5WUY6zqui13u1uPM4hiM
         A8B51qhUkpBoaDR/og6ifCSfGBhgiaERkJCn4bVpsx/bgqVcKYZq1WHbS3dpDOmUZY2h
         Uq8o4fDqDR4eN7+WtSejHXgIkhiE9leutZ126+Z3aYuVkn0wbFzjpgrJO3EKqof4DwC2
         BDM4ShgVEPxYWggzHQWt+KfX04ecwdvRmyUF/6VAoe6GIqkrmKShX0C1mQq4VaR2h4UO
         K8RYLZve0M1N7BNPRBr58a4YbfPmT0R1EdnzdRxqUDT0gqvPYYlSD2D0m0KfL3e4Lem9
         qmYA==
X-Forwarded-Encrypted: i=1;
 AJvYcCXrM6JfmZ145NTUJfrcuDA1Qs4qqD2UVZmhCEm4uXlF5evGMjpfgaPfzQ9DZkumExczoxHJCnf1D4HQFZE=@vger.kernel.org
X-Gm-Message-State: AOJu0YxOT5tHwEqZ0OIk+266Zz3W8v+UJA+OZWdGmeOJqFtyYW4Jdeab
	FW9X3bRu0Zj2mNRAnkAzxR72K5HWhV9NryQx0VVmn1T/vcI1iYHD/mZFumGSdokg7XXQLSnIrZT
	vOA==
X-Google-Smtp-Source: 
 AGHT+IF91N/E24CDCeKFDja0F3kfDaJYkCm4ZjErhAsLwyG21uJ4YMyaWeGoc4lBz6gpAs6skETxGTCOn1E=
X-Received: from pjvb5.prod.google.com ([2002:a17:90a:d885:b0:2ea:6b84:3849])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:2b8e:b0:2f6:f107:faf8
 with SMTP id 98e67ed59e1d1-2f782d2e546mr7359245a91.24.1737161758948; Fri, 17
 Jan 2025 16:55:58 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:44 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-3-seanjc@google.com>
Subject: [PATCH 02/10] KVM: x86: Eliminate "handling" of impossible errors
 during SUSPEND
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Drop KVM's handling of kvm_set_guest_paused() failure when reacting to a
SUSPEND notification, as kvm_set_guest_paused() only "fails" if the vCPU
isn't using kvmclock, and KVM's notifier callback pre-checks that kvmclock
is active.  I.e. barring some bizarre edge case that shouldn't be treated
as an error in the first place, kvm_arch_suspend_notifier() can't fail.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/x86.c | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 26e18c9b0375..ef21158ec6b2 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6905,21 +6905,15 @@ static int kvm_arch_suspend_notifier(struct kvm *kv=
m)
 {
 	struct kvm_vcpu *vcpu;
 	unsigned long i;
-	int ret =3D 0;
=20
-	kvm_for_each_vcpu(i, vcpu, kvm) {
-		if (!vcpu->arch.pv_time.active)
-			continue;
+	/*
+	 * Ignore the return, marking the guest paused only "fails" if the vCPU
+	 * isn't using kvmclock; continuing on is correct and desirable.
+	 */
+	kvm_for_each_vcpu(i, vcpu, kvm)
+		(void)kvm_set_guest_paused(vcpu);
=20
-		ret =3D kvm_set_guest_paused(vcpu);
-		if (ret) {
-			kvm_err("Failed to pause guest VCPU%d: %d\n",
-				vcpu->vcpu_id, ret);
-			break;
-		}
-	}
-
-	return ret ? NOTIFY_BAD : NOTIFY_DONE;
+	return NOTIFY_DONE;
 }
=20
 int kvm_arch_pm_notifier(struct kvm *kvm, unsigned long state)
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63AD9BA2D
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:56:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161762; cv=none;
 b=V3gy9l5sl6qIkL/tV9V5zsycE3Y8IKlZeQ5WtKTF7XdVXdfjTwND4ZkoLF7/YfDjP6Kix1XokWz6bMalSKIqDmngBAl4NSdtEPEFPDQmgAHi+fs6a21uaEfizB1rJEPSJRJaTu/zyN/k+Rr8B6BQ4a8q0h1vCmqV8V0PMhQ5oRk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161762; c=relaxed/simple;
	bh=ZbA6yFmveNa2D14lROm2tOREBu6NBfrC1MBvad9WdvE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=scYU7xeXiGdGcyG2C8Q7t84RnjwD00/7WPjXLlFtDFH9wM98kORKmSAtk51cAwCpOqx68qlf57tgIrNYMVAb6CN85Lg6Ak4Tztn3Uc+ovAS3yxBOp8HHFqsKgRZes/qa8GysfWzoLvi7FNr/hySujlGthqrz3MlKROHrMSpa+gs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=3DkzWhMz; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="3DkzWhMz"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-2efa74481fdso5029027a91.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:56:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161760; x=1737766560;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=kw+zxikeNBB4FodaQVXX0L8BbFo8TDEqg90JZgmWMqc=;
        b=3DkzWhMzh5MCMfV4hjsZjK96P3/bkvNY3EY3Ho5lKjGmCnZ2xzHPFnMlRQBDe05xVq
         WZ0OGosKwxB2JvWL70rgVxIHQxvuzPXiSmCCYY/TXutGYyOD6AaMfvzay3afCvC/Fb1/
         mD+djN8c2O5ZyS8U5OKWK9FpkzPgsEMjG3XpmpitN+rYvtvIT70p1QixlYQM5QkVOAuR
         1csML90bR1wL0gXAXmHDhHH9vBvWqTYEhVw165+nfEgCiNrac5AK2G61tqVBgk2xm+mI
         9uYsjHyYn7b04OuFoJRSauUZl8wTvCuRPo12Mojc9C8vi2Ym+RsIT4pW99ZwEIl156SY
         qIfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161760; x=1737766560;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=kw+zxikeNBB4FodaQVXX0L8BbFo8TDEqg90JZgmWMqc=;
        b=w7dmX31OmOhtpByWKS/i5IaeA37oztVSjNM7XBZJi5f/17SPwCE4SvpR8jHSY79d++
         +IQR4atu+D2ECKZwhoRUZYXse6MxRVxRNbogQW+UW3A/IqBuR9tfmdV5CLb9F3ago3+e
         AZtvHb29RkyogdWwLJflr1b3Hi7+/E7MZ/f8O3p+f3HVVAdegLnvj4CJXpn2zKFvevpM
         t7dBbES+8DhoWMzQ766lcwlb4r+vDzJ4qbPewQFqb6eU6aL+GmgAFcDD4/o8ew4oKJ9t
         ObD9CRuZ8+3E3wZ4g/UrOSKbYC4fp6r7KMF16mqI53ImGNFpw32jSmmZDul7y/J5oVlj
         o0MA==
X-Forwarded-Encrypted: i=1;
 AJvYcCVZQVA/Uii8EMjSC/MJN10bQjnqVuNf178SuxT02z/JcAMdXeB3EPZzfi5lZAJZKF8IVOxKV2Ej+KZytmM=@vger.kernel.org
X-Gm-Message-State: AOJu0Yzeg3PgHN18bul6TulOl8Xp5GfxRqQhCIMA1WoJi2svvQfkL3Va
	GhplxySftw8RIBZVbzQNsqjsDV8lMh4e4RtDk5QDMs6D0hVVX/XRpdnm2AqxQCJuu7NH8xTXbgf
	dfQ==
X-Google-Smtp-Source: 
 AGHT+IGfcOLREVLx3eFzOTyVZ8snWmsSCngywovuBzuufyEWLRxg05P9VTYADZ/kr8UTj0njLqkpQzzSyEs=
X-Received: from pji12.prod.google.com ([2002:a17:90b:3fcc:b0:2ee:4b37:f869])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:5211:b0:2ee:4513:f1d1
 with SMTP id 98e67ed59e1d1-2f782d4f34cmr5876571a91.23.1737161760718; Fri, 17
 Jan 2025 16:56:00 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:45 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-4-seanjc@google.com>
Subject: [PATCH 03/10] KVM: x86: Drop local pvclock_flags variable in
 kvm_guest_time_update()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Drop the local pvclock_flags in kvm_guest_time_update(), the local variable
is immediately shoved into the per-vCPU "cache", i.e. the local variable
serves no purpose.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/x86.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ef21158ec6b2..d8ee37dd2b57 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3178,7 +3178,6 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	struct kvm_arch *ka =3D &v->kvm->arch;
 	s64 kernel_ns;
 	u64 tsc_timestamp, host_tsc;
-	u8 pvclock_flags;
 	bool use_master_clock;
 #ifdef CONFIG_KVM_XEN
 	/*
@@ -3261,11 +3260,9 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	vcpu->last_guest_tsc =3D tsc_timestamp;
=20
 	/* If the host uses TSC clocksource, then it is stable */
-	pvclock_flags =3D 0;
+	vcpu->hv_clock.flags =3D 0;
 	if (use_master_clock)
-		pvclock_flags |=3D PVCLOCK_TSC_STABLE_BIT;
-
-	vcpu->hv_clock.flags =3D pvclock_flags;
+		vcpu->hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
=20
 	if (vcpu->pv_time.active)
 		kvm_setup_guest_pvclock(v, &vcpu->pv_time, 0, false);
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04A49136352
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:56:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161764; cv=none;
 b=aDj7Mrs7VqVOiwAfhqNkngq+SrnWVDGLNSAycIlU5bRBk/ys9LwP/54wz+sABprB7H49K0UFIJz7gPF87nLTdqsQw3J2tx+Sq8qJMo22VDNAGQzH6OSy9/rT8ItYH/7yLGiudmo0tsHreO/RiqB9pAwKRKr/8B8kGDiCNkoniCA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161764; c=relaxed/simple;
	bh=sA0hS9Id9jjgEzQ/Xw9LNPSamWlk+dIcdiS07KzlWPU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=CUaAhngw58CeCxYRkFc3HnDsv+v7HgEu4UOt9DZwYO79Urgf/WAz3x1PjVIC18Ot7SgiOt7r6LdZ1HWOENOKya5wi1cFlkvbW0JjwvEUCY0riIE51rebsfACENSlZQGScuQ0ogKYTdHYLvvyj7nC/rjCIvYWNZZyNc6N8w9po9Q=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=IbMLZtDm; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="IbMLZtDm"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2ef79d9c692so7749739a91.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:56:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161762; x=1737766562;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=TtGZFtu7QgB0Mt5t6w7JlRT99J1dCdQK9yh6ZvZlQk8=;
        b=IbMLZtDm+GLDjVyG+YspLHQBY6W3r0mRQpJhQ0YxloifoGPPqVpOXB881Rw8oK3kvr
         NqXQ2eRvR95szs+PLy9yAtC5Hj2o3YF40X/z63fhvrH1SCgDYxu2wvSl7hU6Y81ypCJx
         3xn6yGMeENgXsfFS5vu7PpXapLNXyKA1NC9gnbKS19jWD9+hh4hdGcjKm28vDGnKrU0l
         HhWYWasMN8seAXgZOKn8YJbSmbES+QYE9gqvnUeVh2BHfwNN/HDmTOIc89I+mv6Kgccz
         FYSjcTFvvuRZxm3NB+JhU9sFVL/Hgmvngf4ouROkDTRz2wDnEC3LM9RAzc5QpvejzOZ+
         CXCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161762; x=1737766562;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=TtGZFtu7QgB0Mt5t6w7JlRT99J1dCdQK9yh6ZvZlQk8=;
        b=ET4unp590kYgd2kRQQrZt05u8s5FXehrUlTBtEof9v07oXGLEQ3qBNYxrbh+emUhaR
         kba9K7cXpsp3+nQ8AyQa16pjnUuoZxwzteE0LV6ln1TeqwbhksI6/vdL/8KZZiDouPPl
         Bb6sh795KVXlZ7pE1D75MHWeY2kX+OE1xxZ2vSIGjC+1iBV/sY4PcjdgfGWfoJsufog6
         +5M4FnwIV+0a0jp9SxPD17MXBkWzukhZ7V29yb8JEBXbh4LSvI5X2XH8o4Nm0lKiuYKb
         twyw1qFhFW9aLWbhsOVAa6bVRTpREStAC34Lag4IxevaPorJNnRzl8XgKb+gs4jCkqIM
         dyEg==
X-Forwarded-Encrypted: i=1;
 AJvYcCUO0mAzpHvLckKRkVJZJs30wpiB6H1qWhKLDyKPrYtz5TgKpPk+7nL2Sj5zJbqLd/EuRpvZ6d7ejOCtvrM=@vger.kernel.org
X-Gm-Message-State: AOJu0Yyrgcv0Hvz+t0MVhg7v/Tr3lLo1DLWYUyLxgzskfDtpTryAzQQW
	YwP6dKWm/bU4G9WHcATi6IRstsLhY3QKv/k/BsIH6Wf/hVNEZs0+KVC3dCbl29Gqt0FQCGJdfGA
	5UQ==
X-Google-Smtp-Source: 
 AGHT+IHDYfqDDUj6f3R/znriaiY2WAmKD2wdWDEcZoF0YWTsbhbe/fN7Idxp7RtwGR0Ou3LzEh3pKLjTXLA=
X-Received: from pjz13.prod.google.com ([2002:a17:90b:56cd:b0:2f4:3eb4:f8bf])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:3cd0:b0:2ee:aed6:9ec2
 with SMTP id 98e67ed59e1d1-2f782c926d5mr7786710a91.14.1737161762414; Fri, 17
 Jan 2025 16:56:02 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:46 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-5-seanjc@google.com>
Subject: [PATCH 04/10] KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock,
 not for Xen PV clock
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Handle "guest stopped" propagation only for kvmclock, as the flag is set
if and only if kvmclock is "active", i.e. can only be set for Xen PV clock
if kvmclock *and* Xen PV clock are in-use by the guest, which creates very
bizarre behavior for the guest.

Simply restrict the flag to kvmclock, e.g. instead of trying to handle
Xen PV clock, as propagation of PVCLOCK_GUEST_STOPPED was unintentionally
added during a refactoring, and while Xen proper defines
XEN_PVCLOCK_GUEST_STOPPED, there's no evidence that Xen guests actually
support the flag.

Check and clear pvclock_set_guest_stopped_request if and only if kvmclock
is active to preserve the original behavior, i.e. keep the flag pending
if kvmclock happens to be disabled when KVM processes the initial request.

Fixes: aa096aa0a05f ("KVM: x86/xen: setup pvclock updates")
Cc: Paul Durrant <pdurrant@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d8ee37dd2b57..3c4d210e8a9e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3150,11 +3150,6 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu =
*v,
 	/* retain PVCLOCK_GUEST_STOPPED if set in guest copy */
 	vcpu->hv_clock.flags |=3D (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED);
=20
-	if (vcpu->pvclock_set_guest_stopped_request) {
-		vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
-		vcpu->pvclock_set_guest_stopped_request =3D false;
-	}
-
 	memcpy(guest_hv_clock, &vcpu->hv_clock, sizeof(*guest_hv_clock));
=20
 	if (force_tsc_unstable)
@@ -3264,8 +3259,21 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	if (use_master_clock)
 		vcpu->hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
=20
-	if (vcpu->pv_time.active)
+	if (vcpu->pv_time.active) {
+		/*
+		 * GUEST_STOPPED is only supported by kvmclock, and KVM's
+		 * historic behavior is to only process the request if kvmclock
+		 * is active/enabled.
+		 */
+		if (vcpu->pvclock_set_guest_stopped_request) {
+			vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
+			vcpu->pvclock_set_guest_stopped_request =3D false;
+		}
 		kvm_setup_guest_pvclock(v, &vcpu->pv_time, 0, false);
+
+		vcpu->hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
+	}
+
 #ifdef CONFIG_KVM_XEN
 	if (vcpu->xen.vcpu_info_cache.active)
 		kvm_setup_guest_pvclock(v, &vcpu->xen.vcpu_info_cache,
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B847A12B94
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:56:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161766; cv=none;
 b=cutQXkSG+rpL+L8RYDdtSwYH/DfeHrFqgxSu7yMpM3il16GBtHQrGLFDV8d6XTtNGRMdVDJwr4hPKYutXoMH4K8WMUBGAhYImHfpITRSzZIOm8VQTkRyUpREXpDYbPd0/eRXAJN/rpNg+MWa1n4ymJmv/TAQib33Kq+6GKiQcVI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161766; c=relaxed/simple;
	bh=jxOTL3Mkz2NS4RNUG54+cI/ehiSamB2ybhpUJeSXWsQ=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=ArBi0cmJOsw9NsxHUViYnrbWZeVkybkkVUH/Jdn4RaHuAbgRIvM9t37NrDjxjESoAU8xwTbby5qZn/kmw3g4zGCnz4SlAfrYKq8QrvBp23Lc/xiEF1G6xGwoheX5BUN+d31KId7Ay5n4qXAFon7m3xputRTT32L4btejpy88QX0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=GTTA0MIP; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="GTTA0MIP"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2ef9864e006so7403856a91.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:56:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161764; x=1737766564;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=0gOhEmCjiyxgrlBTDB8zGSt/z/LMmY8p2MSVMeH6TEk=;
        b=GTTA0MIPojQyzISgTgsXfzLVYQPRMK+4azqIp7g6PkWBj1ADA4mh1NOqo7+UsWcjFX
         Xg16dHSTBaWZLEjA/2v4wSGAL6rxYlSN2aZQSCxYAGBgiUchq+i6ElL7C+2NMAGuFjyn
         LFzSOX5Wo3DiuTRdTJboqVxZ/w/maC0nVPdrTnJwix9T3lq9er0pCcp+Cy11BRnH7ExO
         +XrcUx1ski4D6u0+x/pVWO1C4Mu22IrhofNhRIqgDmOTpo1rS6DJ4e98lhlzd5k6ySMT
         sFE76eldvy1PCU+Xw1b332saQpaJ6ma7/1QL4VcLPuwrVddrWn1JKpvmKXDHCpOtyNld
         D3uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161764; x=1737766564;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=0gOhEmCjiyxgrlBTDB8zGSt/z/LMmY8p2MSVMeH6TEk=;
        b=gXb+dV6gYl3saTE/xvkVBFGLBgFWNmCCP7I/HwQn9KZQ2xFriNStu6xVVCsOWWCcZd
         Da1ovaiZeR6OYR9EKvmJJgXzGeBtp4R9BeuFK+lPIuCjvgOWgN2IY+TvmWqqiMUQ5V8K
         HEVF63Ww45cbrXLRqVktL+gfRhRBHvXcAAYoWeuI4BvrxiE3uV/YAkm2kexl3AW8uOQ3
         l2fyZ+nLALcjHQeZcsOaXdzvWB1ctmab758QZbNCruKLXQ+Kcu7VhEvrJLnBkkGLioSV
         Wrb185FKxIDt1dyuA/KGzE8dV1xe4km5Sd4lzK4eZyU4aU7cnLgzr9Jysba6wm9dIltq
         7yjQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCW5gpjOOYyr4Zz0aS3k4R3RbwRHjx5RA5gmJ7V4wCnNXl+L7rxhwWxIJ9s8T25W3UXm5c7MlsAyd+5z1uY=@vger.kernel.org
X-Gm-Message-State: AOJu0YwgP8iB0ut+P8AFdO7wLtUBFjcaiWXGj1xqmDvj6UdLgnd0+EIs
	Cw83u2/fB1G+7mcsxTgHNXl9LaUlgPPk7qtjT1+si5a+JEwWbbD7zZlrRwBWRK7jXWscbiV4IVc
	hbg==
X-Google-Smtp-Source: 
 AGHT+IFP/HSzy1wggki71dxrmmf0OyWe6VJQJ5CZsz8GbMTSoEoP0MgDzbq9mRwzPywuTYdjBynpIvGphIM=
X-Received: from pjh5.prod.google.com ([2002:a17:90b:3f85:b0:2ef:6ef8:6567])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:6c3:b0:2ee:59af:a432
 with SMTP id 98e67ed59e1d1-2f782d862famr6115793a91.31.1737161764011; Fri, 17
 Jan 2025 16:56:04 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:47 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-6-seanjc@google.com>
Subject: [PATCH 05/10] KVM: x86: Don't bleed PVCLOCK_GUEST_STOPPED across PV
 clocks
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When updating a specific PV clock, make a full copy of KVM's reference
copy/cache so that PVCLOCK_GUEST_STOPPED doesn't bleed across clocks.
E.g. in the unlikely scenario the guest has enabled both kvmclock and Xen
PV clock, a dangling GUEST_STOPPED in kvmclock would bleed into Xen PV
clock.

Using a local copy of the pvclock structure also sets the stage for
eliminating the per-vCPU copy/cache (only the TSC frequency information
actually "needs" to be cached/persisted).

Fixes: aa096aa0a05f ("KVM: x86/xen: setup pvclock updates")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 3c4d210e8a9e..5f3ad13a8ac7 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3123,8 +3123,11 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu =
*v,
 {
 	struct kvm_vcpu_arch *vcpu =3D &v->arch;
 	struct pvclock_vcpu_time_info *guest_hv_clock;
+	struct pvclock_vcpu_time_info hv_clock;
 	unsigned long flags;
=20
+	memcpy(&hv_clock, &vcpu->hv_clock, sizeof(hv_clock));
+
 	read_lock_irqsave(&gpc->lock, flags);
 	while (!kvm_gpc_check(gpc, offset + sizeof(*guest_hv_clock))) {
 		read_unlock_irqrestore(&gpc->lock, flags);
@@ -3144,25 +3147,25 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu=
 *v,
 	 * it is consistent.
 	 */
=20
-	guest_hv_clock->version =3D vcpu->hv_clock.version =3D (guest_hv_clock->v=
ersion + 1) | 1;
+	guest_hv_clock->version =3D hv_clock.version =3D (guest_hv_clock->version=
 + 1) | 1;
 	smp_wmb();
=20
 	/* retain PVCLOCK_GUEST_STOPPED if set in guest copy */
-	vcpu->hv_clock.flags |=3D (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED);
+	hv_clock.flags |=3D (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED);
=20
-	memcpy(guest_hv_clock, &vcpu->hv_clock, sizeof(*guest_hv_clock));
+	memcpy(guest_hv_clock, &hv_clock, sizeof(*guest_hv_clock));
=20
 	if (force_tsc_unstable)
 		guest_hv_clock->flags &=3D ~PVCLOCK_TSC_STABLE_BIT;
=20
 	smp_wmb();
=20
-	guest_hv_clock->version =3D ++vcpu->hv_clock.version;
+	guest_hv_clock->version =3D ++hv_clock.version;
=20
 	kvm_gpc_mark_dirty_in_slot(gpc);
 	read_unlock_irqrestore(&gpc->lock, flags);
=20
-	trace_kvm_pvclock_update(v->vcpu_id, &vcpu->hv_clock);
+	trace_kvm_pvclock_update(v->vcpu_id, &hv_clock);
 }
=20
 static int kvm_guest_time_update(struct kvm_vcpu *v)
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6540915E8B
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:56:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161768; cv=none;
 b=MihShCLHHdvnzZ1ehjVV+429rWeuLHsHI59ZPbxJfzzMop3AfDro11LBMPdXz2UsjeZIkVw/5gIf4ZpRMtNDXnjUZDkc6PfWI8h6w6uZ+K0X4RM7Us7zvykjnirvQpciOYWH6h2WeYm+vnZvOv8S1Inf3ShRBJEI2xUAV1hYBZI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161768; c=relaxed/simple;
	bh=VtQ/uqkwmoTxSj1yTfi+T7RgX+mctOvQzgcA4AyF1HI=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=fjvQgyzPB+UJ4BO8qPgdoI5NZWM9ylRelkxhQITeAq/OPbrNYAPbs8Sav21dvSsJ1+P3FencfGSSl1aV3GFybhDIYDcOY1NMarAQHQhzk+cbnp0WPVnLFRZwqptJnc2q4uRBCbt8uL/ELs7DfhIUWSTxX/Uf3Xu2NZl5MhUMS7U=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=mhrHTauo; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="mhrHTauo"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2ef35de8901so5088879a91.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:56:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161766; x=1737766566;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=VKxrwiqgrub7pQIzreEa3TDPAdQtjV/84avIRIDcu/4=;
        b=mhrHTauoTn3tMM4pxb2nNq3XhTbJbkx/KQaolLbKB8SwYDcTpzRm4CpdUVPOe0WtXK
         9PlEkgIu9kC5rvGq3zUamxm6wSCp0EzgqWwB4j+T4G5QN+vlRG+hsJDG7LejdIwXPX1o
         o1nTM9UZqDhgiwj2dtiM2oxk7fps8jg8BB0aItib4FOtRAxfTuHSnKP5umyjQY9J+4+J
         S9e8Z9SlBJpJWcyX3PAtEcOIhiOL5gfHrIEaTUih2BPCLmuOFhxSVTUNoQuwnGh7nD5G
         9BkibsAX0nLYTeY1aupv98zxk6PnmabDyrB5oPeCya2OV76dBjFoQUADI7/f1RSLK72U
         Q69w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161766; x=1737766566;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VKxrwiqgrub7pQIzreEa3TDPAdQtjV/84avIRIDcu/4=;
        b=GXIxHQa2blXQrF3SnhHEUS4NrWhken05OF1MGkcIBIff5u2KzRGRQe4xCIEgTCakGE
         32H+9PMfMZaSQHcXdIOaaAV/wVQg/x9yOUCCU1y7Ll5eKtJx7XXgdor/31prkYPQzcyw
         +ixBAbowvwWLUKsbv6NsLIYwQ9Ub3JrDyzgu7wCD9HYCYBvEx7RZFHAHZyN/WrC4NpG4
         NFXO9Ylne1Y0S3iJQcReqzDs6FE1fbkqOxB592gg1MzONzLrM1Pbs0nRiOkDcI/9oIk8
         y+8ZSRI59BKVa7mAMBcHFd8YdHk5wNnnYj5S0znON8V5Jt2XTKHHWTINnTuACPtvD4we
         MXag==
X-Forwarded-Encrypted: i=1;
 AJvYcCW7nFtA/7d3EgPOBhtg+2LnXn8gIMfa79eSpSC8XwVhEZ/4FNEB7Qp3hUVno8iz9eW/52BZISjPry+rO4k=@vger.kernel.org
X-Gm-Message-State: AOJu0YwE9aA6xJ7ehvrBYmVh7Z7aLbmRAhmMI81QJELzhxuYxR3df1C0
	8APLp8cSIa+vk7hIxQSEp/NTg42FfZFupmPczwX7rIqfyT+dK5y4mcZt4dbq6sw/oapKPaWT0Eh
	Wfw==
X-Google-Smtp-Source: 
 AGHT+IEYHrG1aHDK2uQ013E8rTso2F2zxpvLHYLI5gh7s2mkwRcNqmAGvyXElMRFxpqYTHTdnDRcju0UmxE=
X-Received: from pjboh12.prod.google.com
 ([2002:a17:90b:3a4c:b0:2ea:9d23:79a0])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90a:e18f:b0:2ee:d7d3:3019
 with SMTP id 98e67ed59e1d1-2f782c7a769mr8071130a91.12.1737161765797; Fri, 17
 Jan 2025 16:56:05 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:48 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-7-seanjc@google.com>
Subject: [PATCH 06/10] KVM: x86/xen: Use guest's copy of pvclock when starting
 timer
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Use the guest's copy of its pvclock when starting a Xen timer, as KVM's
reference copy may not be up-to-date, i.e. may yield a false positive of
sorts.  In the unlikely scenario that the guest is starting a Xen timer
and has used a Xen pvclock in the past, but has since but turned it "off",
then vcpu->arch.hv_clock may be stale, as KVM's reference copy is updated
if and only if at least pvclock is enabled.

Furthermore, vcpu->arch.hv_clock is currently used by three different
pvclocks: kvmclock, Xen, and Xen compat.  While it's extremely unlikely a
guest would ever enable multiple pvclocks, effectively sharing KVM's
reference clock could yield very weird behavior.  Using the guest's active
Xen pvclock instead of KVM's reference will allow dropping KVM's
reference copy.

Fixes: 451a707813ae ("KVM: x86/xen: improve accuracy of Xen timers")
Cc: Paul Durrant <pdurrant@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/xen.c | 58 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 53 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
index a909b817b9c0..b82c28223585 100644
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -150,11 +150,46 @@ static enum hrtimer_restart xen_timer_callback(struct=
 hrtimer *timer)
 	return HRTIMER_NORESTART;
 }
=20
+static int xen_get_guest_pvclock(struct kvm_vcpu *vcpu,
+				 struct pvclock_vcpu_time_info *hv_clock,
+				 struct gfn_to_pfn_cache *gpc,
+				 unsigned int offset)
+{
+	struct pvclock_vcpu_time_info *guest_hv_clock;
+	unsigned long flags;
+	int r;
+
+	read_lock_irqsave(&gpc->lock, flags);
+	while (!kvm_gpc_check(gpc, offset + sizeof(*guest_hv_clock))) {
+		read_unlock_irqrestore(&gpc->lock, flags);
+
+		r =3D kvm_gpc_refresh(gpc, offset + sizeof(*guest_hv_clock));
+		if (r)
+			return r;
+
+		read_lock_irqsave(&gpc->lock, flags);
+	}
+
+	memcpy(hv_clock, guest_hv_clock, sizeof(*hv_clock));
+	read_unlock_irqrestore(&gpc->lock, flags);
+
+	/*
+	 * Sanity check TSC shift+multiplier to verify the guest's view of time
+	 * is more or less consistent.
+	 */
+	if (hv_clock->tsc_shift !=3D vcpu->arch.hv_clock.tsc_shift ||
+	    hv_clock->tsc_to_system_mul !=3D vcpu->arch.hv_clock.tsc_to_system_mu=
l)
+		return -EINVAL;
+	return 0;
+}
+
 static void kvm_xen_start_timer(struct kvm_vcpu *vcpu, u64 guest_abs,
 				bool linux_wa)
 {
+	struct kvm_vcpu_xen *xen;
 	int64_t kernel_now, delta;
 	uint64_t guest_now;
+	int r =3D -EOPNOTSUPP;
=20
 	/*
 	 * The guest provides the requested timeout in absolute nanoseconds
@@ -173,10 +208,22 @@ static void kvm_xen_start_timer(struct kvm_vcpu *vcpu=
, u64 guest_abs,
 	 * the absolute CLOCK_MONOTONIC time at which the timer should
 	 * fire.
 	 */
-	if (vcpu->arch.hv_clock.version && vcpu->kvm->arch.use_master_clock &&
-	    static_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
+	do {
+		struct pvclock_vcpu_time_info hv_clock;
 		uint64_t host_tsc, guest_tsc;
=20
+		if (!static_cpu_has(X86_FEATURE_CONSTANT_TSC) ||
+		    !vcpu->kvm->arch.use_master_clock)
+			break;
+
+		if (xen->vcpu_info_cache.active)
+			r =3D xen_get_guest_pvclock(vcpu, &hv_clock, &xen->vcpu_info_cache,
+						offsetof(struct compat_vcpu_info, time));
+		else if (xen->vcpu_time_info_cache.active)
+			r =3D xen_get_guest_pvclock(vcpu, &hv_clock, &xen->vcpu_time_info_cache=
, 0);
+		if (r)
+			break;
+
 		if (!IS_ENABLED(CONFIG_64BIT) ||
 		    !kvm_get_monotonic_and_clockread(&kernel_now, &host_tsc)) {
 			/*
@@ -197,9 +244,10 @@ static void kvm_xen_start_timer(struct kvm_vcpu *vcpu,=
 u64 guest_abs,
=20
 		/* Calculate the guest kvmclock as the guest would do it. */
 		guest_tsc =3D kvm_read_l1_tsc(vcpu, host_tsc);
-		guest_now =3D __pvclock_read_cycles(&vcpu->arch.hv_clock,
-						  guest_tsc);
-	} else {
+		guest_now =3D __pvclock_read_cycles(&hv_clock, guest_tsc);
+	} while (0);
+
+	if (r) {
 		/*
 		 * Without CONSTANT_TSC, get_kvmclock_ns() is the only option.
 		 *
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAB6F1632E6
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:56:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161769; cv=none;
 b=XNrbcpCZ3DXyUk8Ifj7JCqUN/liFzlFucfgwMzBfgJPvQvZML3nUIBXyYXkOC5eRh32HmXBMezN04WmEw2vGnsONZWFl9lRwsP1CsDxqTfJ8coPSuAohusY+CymvUT+El9F+T9wdG8my0v6doIcnjQu1W+KAWU3D8o6FoZb/g0M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161769; c=relaxed/simple;
	bh=d5eTYZ8nA+eny2dlNR6wc75KXRvXh76kClSBvOeXHgs=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=r1CpXMrZHY4HLu+E+vRx0DgoH3WNV6GKBQvDCX+jFTUd2Ye3vx0Ia3BTrBbvD04UXmsf1OgJe70Ybz2IDMzj/xrY+3Ur57FM7fPySzkT6l1qW/npuEpiD8hB1YNIFEd/XKBlSKIVT5vzCfVqFTN/tbdeObgkag6j3PVWJBKY/lk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=n97VhTZ5; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="n97VhTZ5"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-2ee46799961so7692687a91.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:56:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161767; x=1737766567;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=Ob51wzRnvvlVEAc5sJP3Qw2cprvn1V49Q6RmU7YLzHo=;
        b=n97VhTZ5AWGyo8Y5vEnH4a1p6lQPgq/pQ68SUvTc36dunzUw++HJJu0OAFgflN3trB
         g6Li8BFXI7ILcpVT3N9p7wfOPpKza6BIncAEzCpMXZLZiSOTtnW7xl1WkcXip/20h0av
         KGbdMGSYepIU9RsLv33lufAcfYOd3QeK4ABOTJk2/+fHT3HNC+5sTMc7ygu1GtVM0zzT
         Lk3GstfdINAQ+Rd5g9ejCeauflsw3qCPkGVd3rLcpzaBrkeMMFpjqHeO5+5HF8G58EmK
         s/d9q+sp2Rw2x4er/zgcgFUjUJGjPWcECpW4PS9WEGARfLXLycu3R/4CwuX1dQpf9FQZ
         16Iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161767; x=1737766567;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Ob51wzRnvvlVEAc5sJP3Qw2cprvn1V49Q6RmU7YLzHo=;
        b=Yuq9Lf5mu8bRXEleGGXsAUarBWsi89a5PQEtuM0b7f9pwLbwUJjB8FQcL9bvRiD86t
         e5KE1+6ZDF4FZjQYvsZWEsj5YgjxGCM55r9Pkt56reO+HkSF9VQzrjltqcxMhhPk8CNn
         vWOo+qaiPmhCLG1MGVL1fYxBnTErE5Cl/XQNUDUtz99D/bjZvC6StV75p675PFtF7PRr
         eM3LEStvJPAlDk0mZFc67P9fm8qM13WC0CeY5WSoILiS+vt+IRgX4/LRHaibOcDXah5J
         r8rCzg0XEIpLNXJa2qs7c54yRtz50vpYSpvlQ2yoqknWxOZZT2yztwBpo5Hh2nj+rtH5
         6IMw==
X-Forwarded-Encrypted: i=1;
 AJvYcCVgB6uj16C8gU5CRVe7b/ajEBstvpBke/+5OS87DGrHb079bNoxXb6KMg44lZTyKcm8IkMgecM4zA+y/tY=@vger.kernel.org
X-Gm-Message-State: AOJu0YwV4GjYa7FKoEY1cT8kfhct4ZB19v6xEAknhbm1CAlA0JiPqQjV
	7pFeRXpq7bCBujJDuoHpbNbzeXyYAj81ZvcHcPsqlsNdDg8JNrqet7//zy2cUtM6d0qnwqKQ49q
	FIQ==
X-Google-Smtp-Source: 
 AGHT+IFJ/KP3omneRh37cgcPi/MY3vB6qbRxqQ5KBdluhT/QtFH6d0BYfKGKr1KEUpIGhlgHK/uF2kMkV1E=
X-Received: from pfhx22.prod.google.com
 ([2002:a05:6a00:1896:b0:725:e05b:5150])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a00:180c:b0:725:e309:7110
 with SMTP id d2e1a72fcca58-72daf9a53acmr6846276b3a.5.1737161767271; Fri, 17
 Jan 2025 16:56:07 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:49 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-8-seanjc@google.com>
Subject: [PATCH 07/10] KVM: x86: Pass reference pvclock as a param to
 kvm_setup_guest_pvclock()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Pass the reference pvclock structure that's used to setup each individual
pvclock as a parameter to kvm_setup_guest_pvclock() as a preparatory step
toward removing kvm_vcpu_arch.hv_clock.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/x86.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5f3ad13a8ac7..06d27b3cc207 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3116,17 +3116,17 @@ u64 get_kvmclock_ns(struct kvm *kvm)
 	return data.clock;
 }
=20
-static void kvm_setup_guest_pvclock(struct kvm_vcpu *v,
+static void kvm_setup_guest_pvclock(struct pvclock_vcpu_time_info *ref_hv_=
clock,
+				    struct kvm_vcpu *vcpu,
 				    struct gfn_to_pfn_cache *gpc,
 				    unsigned int offset,
 				    bool force_tsc_unstable)
 {
-	struct kvm_vcpu_arch *vcpu =3D &v->arch;
 	struct pvclock_vcpu_time_info *guest_hv_clock;
 	struct pvclock_vcpu_time_info hv_clock;
 	unsigned long flags;
=20
-	memcpy(&hv_clock, &vcpu->hv_clock, sizeof(hv_clock));
+	memcpy(&hv_clock, ref_hv_clock, sizeof(hv_clock));
=20
 	read_lock_irqsave(&gpc->lock, flags);
 	while (!kvm_gpc_check(gpc, offset + sizeof(*guest_hv_clock))) {
@@ -3165,7 +3165,7 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu *=
v,
 	kvm_gpc_mark_dirty_in_slot(gpc);
 	read_unlock_irqrestore(&gpc->lock, flags);
=20
-	trace_kvm_pvclock_update(v->vcpu_id, &hv_clock);
+	trace_kvm_pvclock_update(vcpu->vcpu_id, &hv_clock);
 }
=20
 static int kvm_guest_time_update(struct kvm_vcpu *v)
@@ -3272,18 +3272,18 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 			vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
 			vcpu->pvclock_set_guest_stopped_request =3D false;
 		}
-		kvm_setup_guest_pvclock(v, &vcpu->pv_time, 0, false);
+		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->pv_time, 0, false);
=20
 		vcpu->hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
 	}
=20
 #ifdef CONFIG_KVM_XEN
 	if (vcpu->xen.vcpu_info_cache.active)
-		kvm_setup_guest_pvclock(v, &vcpu->xen.vcpu_info_cache,
+		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->xen.vcpu_info_cache,
 					offsetof(struct compat_vcpu_info, time),
 					xen_pvclock_tsc_unstable);
 	if (vcpu->xen.vcpu_time_info_cache.active)
-		kvm_setup_guest_pvclock(v, &vcpu->xen.vcpu_time_info_cache, 0,
+		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->xen.vcpu_time_info_ca=
che, 0,
 					xen_pvclock_tsc_unstable);
 #endif
 	kvm_hv_setup_tsc_page(v->kvm, &vcpu->hv_clock);
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4D2D17C9F1
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:56:09 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161771; cv=none;
 b=kqpY20g4iAka6mRnZz4TcPMIKnGmLV/qU9cAFrnyk2UJCmmUGW2wsd7vjizPv5k+hkvKkCHjK/qtPzv5/zdHPpzu9vvJWoLN6XK+wj9foYcAwrJ0P/16osfyhZl4ThS2y4cnc+Vjhv74Zay8qzpZ+tcmxzNnuLFd+2Ra6BWWfy4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161771; c=relaxed/simple;
	bh=MlMCaN4C4GVV0w3D6Tva9o5mp4aTS3X/nOMX8xQEZzw=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=JwvytSI8bJ1Tj52edeESEHaAEKYq3S1nDaTO3p3ESD7zs/mnqo+2IOSrDFirBMBmdMt7oCee6lGO07oh9RJUo3ojVlPxG1YYvxQru1Snfbw2e4d2qVENJ3vEc6SGkHLsAlkS7QQq7zHe/7A0q1LRJDyFCLYWNU3XQMOVHIsJV6A=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=UBVy+9Ps; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="UBVy+9Ps"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-2166a1a5cc4so48775255ad.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:56:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161769; x=1737766569;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=Xe76inQQED+VDi+GOM1bZpRo/JAeJ3yY7og1Pn73/dU=;
        b=UBVy+9Ps2M5R+xEiXeKdfcOMLAarv0KF69bYAKJxCx36PzgudtsDma+uXfrXtRCDDk
         YQBvouZcn7mqbTxdznfVmHK/gtGTdfhhlvxhhLiAcEtEsI9e1U9m6H7HHGpLdr1HEyKv
         pCeCcZqIaJObAchCvxlF5qrePz8M2LnAZULXJFsZPcnU/W7yiU4GIPUMlM0y8yu3Hzfl
         yXcu4JHwFKruTer4f3lkrHKBH8bmvRiIlqZji6ZtHfw19VLxiIQIX0ePqj9zlsfRqq/P
         e922EgMI0/7C/lqB4l2aO8ABD4iYu0J381zXcnvIakMpvShM9K951DIZfB6qsO3hvU+v
         bq0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161769; x=1737766569;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Xe76inQQED+VDi+GOM1bZpRo/JAeJ3yY7og1Pn73/dU=;
        b=EEyeXCsBspWxXWaNzvXV1nQmjeHIQXq7zDNwliy1EibdyT8cgKIG5BSfJOeFIcUZRg
         99K9giVm+N7mPGFJSIRrCWbe9Qrg0GBstj1SZq0bO2dd7Q9TEdCmbhGxo4XnVrAWS7ax
         QEorWxtHGs8Hw0iYwRdxatZDyiUTJq75LJgrLuqZHV956hl7ZJZOjjKQkxH6WGmcv9gv
         D4+NmSQoxJdiLeTjtiPi0xLtsK70tIQ2L/zOcWoL15JTY6z9Mj46lO+J4GQbTSgqANIc
         7pGaTu5OoB0i7qd3hLLTswRHkTSTQ1pXd9FDAp+qhwGlcnt/wCIgH2sKM85Y6OIQGIq2
         6xKQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCX6PXRGqA9G1c0RdztBf53TdAHk/UZQ8Z73B/3bCKZMrygAVu3uKjJ1Z00nOhGeueO0k8JbwehVd8xCb7A=@vger.kernel.org
X-Gm-Message-State: AOJu0YwRmfDK926nZ3pRHx8KZFoblGj8RPTjwdoGV4LRMse5hZqaxLQC
	SoLGIo6PATq8bNTEnsODvxKeR/mQPfCo9wvqMk/GCWxX353QJ6zecmXzwKIbS2/TVaBOlvY+xLA
	xpQ==
X-Google-Smtp-Source: 
 AGHT+IEwP7oMktyaCLjiLHcanbI8N9janBfFwvH46GF7ZKFwrHrokmvqDB/j3xfVz2pJ9k+Y3S5lFTl0l78=
X-Received: from pjbsf7.prod.google.com ([2002:a17:90b:51c7:b0:2ef:71b9:f22f])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:da88:b0:216:69ca:773b
 with SMTP id d9443c01a7336-21c352c7b99mr77384315ad.5.1737161768921; Fri, 17
 Jan 2025 16:56:08 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:50 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-9-seanjc@google.com>
Subject: [PATCH 08/10] KVM: x86: Remove per-vCPU "cache" of its reference
 pvclock
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Remove the per-vCPU "cache" of the reference pvclock and instead cache
only the TSC shift+multiplier.  All other fields in pvclock are fully
recomputed by kvm_guest_time_update(), i.e. aren't actually persisted.

In addition to shaving a few bytes, explicitly tracking the TSC shift/mul
fields makes it easier to see that those fields are tied to hw_tsc_khz
(they exist to avoid having to do expensive math in the common case).
And conversely, not tracking the other fields makes it easier to see that
things like the version number are pulled from the guest's copy, not from
KVM's reference.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/include/asm/kvm_host.h |  3 ++-
 arch/x86/kvm/x86.c              | 27 +++++++++++++++------------
 arch/x86/kvm/xen.c              |  8 ++++----
 3 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos=
t.h
index 5193c3dfbce1..f26105654ec4 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -900,7 +900,8 @@ struct kvm_vcpu_arch {
 	int (*complete_userspace_io)(struct kvm_vcpu *vcpu);
=20
 	gpa_t time;
-	struct pvclock_vcpu_time_info hv_clock;
+	u8  pvclock_tsc_shift;
+	u32 pvclock_tsc_mul;
 	unsigned int hw_tsc_khz;
 	struct gfn_to_pfn_cache pv_time;
 	/* set guest stopped flag in pvclock flags field */
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 06d27b3cc207..9eabd70891dd 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3170,6 +3170,7 @@ static void kvm_setup_guest_pvclock(struct pvclock_vc=
pu_time_info *ref_hv_clock,
=20
 static int kvm_guest_time_update(struct kvm_vcpu *v)
 {
+	struct pvclock_vcpu_time_info hv_clock =3D {};
 	unsigned long flags, tgt_tsc_khz;
 	unsigned seq;
 	struct kvm_vcpu_arch *vcpu =3D &v->arch;
@@ -3247,20 +3248,22 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
=20
 	if (unlikely(vcpu->hw_tsc_khz !=3D tgt_tsc_khz)) {
 		kvm_get_time_scale(NSEC_PER_SEC, tgt_tsc_khz * 1000LL,
-				   &vcpu->hv_clock.tsc_shift,
-				   &vcpu->hv_clock.tsc_to_system_mul);
+				   &vcpu->pvclock_tsc_shift,
+				   &vcpu->pvclock_tsc_mul);
 		vcpu->hw_tsc_khz =3D tgt_tsc_khz;
 		kvm_xen_update_tsc_info(v);
 	}
=20
-	vcpu->hv_clock.tsc_timestamp =3D tsc_timestamp;
-	vcpu->hv_clock.system_time =3D kernel_ns + v->kvm->arch.kvmclock_offset;
+	hv_clock.tsc_shift =3D vcpu->pvclock_tsc_shift;
+	hv_clock.tsc_to_system_mul =3D vcpu->pvclock_tsc_mul;
+	hv_clock.tsc_timestamp =3D tsc_timestamp;
+	hv_clock.system_time =3D kernel_ns + v->kvm->arch.kvmclock_offset;
 	vcpu->last_guest_tsc =3D tsc_timestamp;
=20
 	/* If the host uses TSC clocksource, then it is stable */
-	vcpu->hv_clock.flags =3D 0;
+	hv_clock.flags =3D 0;
 	if (use_master_clock)
-		vcpu->hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
+		hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
=20
 	if (vcpu->pv_time.active) {
 		/*
@@ -3269,24 +3272,24 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 		 * is active/enabled.
 		 */
 		if (vcpu->pvclock_set_guest_stopped_request) {
-			vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
+			hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
 			vcpu->pvclock_set_guest_stopped_request =3D false;
 		}
-		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->pv_time, 0, false);
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->pv_time, 0, false);
=20
-		vcpu->hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
+		hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
 	}
=20
 #ifdef CONFIG_KVM_XEN
 	if (vcpu->xen.vcpu_info_cache.active)
-		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->xen.vcpu_info_cache,
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_info_cache,
 					offsetof(struct compat_vcpu_info, time),
 					xen_pvclock_tsc_unstable);
 	if (vcpu->xen.vcpu_time_info_cache.active)
-		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->xen.vcpu_time_info_ca=
che, 0,
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_time_info_cache, 0,
 					xen_pvclock_tsc_unstable);
 #endif
-	kvm_hv_setup_tsc_page(v->kvm, &vcpu->hv_clock);
+	kvm_hv_setup_tsc_page(v->kvm, &hv_clock);
 	return 0;
 }
=20
diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
index b82c28223585..7c6e4172527a 100644
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -177,8 +177,8 @@ static int xen_get_guest_pvclock(struct kvm_vcpu *vcpu,
 	 * Sanity check TSC shift+multiplier to verify the guest's view of time
 	 * is more or less consistent.
 	 */
-	if (hv_clock->tsc_shift !=3D vcpu->arch.hv_clock.tsc_shift ||
-	    hv_clock->tsc_to_system_mul !=3D vcpu->arch.hv_clock.tsc_to_system_mu=
l)
+	if (hv_clock->tsc_shift !=3D vcpu->arch.pvclock_tsc_shift ||
+	    hv_clock->tsc_to_system_mul !=3D vcpu->arch.pvclock_tsc_mul)
 		return -EINVAL;
 	return 0;
 }
@@ -2309,8 +2309,8 @@ void kvm_xen_update_tsc_info(struct kvm_vcpu *vcpu)
=20
 	entry =3D kvm_find_cpuid_entry_index(vcpu, function, 1);
 	if (entry) {
-		entry->ecx =3D vcpu->arch.hv_clock.tsc_to_system_mul;
-		entry->edx =3D vcpu->arch.hv_clock.tsc_shift;
+		entry->ecx =3D vcpu->arch.pvclock_tsc_mul;
+		entry->edx =3D vcpu->arch.pvclock_tsc_shift;
 	}
=20
 	entry =3D kvm_find_cpuid_entry_index(vcpu, function, 2);
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 726B918873F
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:56:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161772; cv=none;
 b=GWM0NfPzpiRw2wanVS37Dc2xMnfPcIUWXVbILoNOowkVYoIXcuMc9tbf1YhPT0D1xNDu8EBCBVJooc9gfUITS99GoT1bVGLUuow/7YaCpqvt7k5JBKNoJETFxry8MwTAk8FAwL3+gdUUZTXVjLwXLatJJ17xuuB45WGhCwP5Cks=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161772; c=relaxed/simple;
	bh=txU0Sdtz7R3MmtsACbSPDEzo0mLxEJccpBB/mvDYcac=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=Xz6IEEfUGuuDX/9uDGMfS1iiXnls8wn7vcijYIZjr0lm9lR7tjiEGdmfotqSMziLJ1cw8tavIlkJYZDp2dhK5v8i4+0Oz71P0D7G3iRAZ4hSNBzrMPLWDw+x5jRBlJNBeh8tNRGF5AUh/ITKIlTs4uzDKQNoDJ27lmReo0fovp0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Qb4vxX3r; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Qb4vxX3r"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-2ef9b9981f1so7396199a91.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:56:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161770; x=1737766570;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=BNpJzsrfz02JUJg/g5Nzqh1wopYI8C0whV/EdhFSCqQ=;
        b=Qb4vxX3rI5wA9tiy4SGJi0Y/S1BkhVKmYzOzS4il9lb+HJpdVlb72pE6Gfi2COMtbu
         Ka/FgsBhcLE4f15koLzRRX/0jxGII6TFmrybPVLYAK8I+yshG1qBH9HgMM1rrmMbF0zV
         xjYvJbPA74HU7SIbTEcsuGXy2MirZaDlAZ50zfwKXAbdD5L148QBQE0+9H1KTgFCOHC0
         4ummBe3jy/9OUhLz1XaVZMY1YTHZcnOQkw4B5A4gaybg8u7QGiB6gCSA5MOoBXs0Ju4+
         dnxnmfVKUqWfHzvG4AI0ywDB+uyrzf7FAOTxcsOJ36tYvCN2BIUK47IyY+8HzyHibTe2
         8UKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161770; x=1737766570;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BNpJzsrfz02JUJg/g5Nzqh1wopYI8C0whV/EdhFSCqQ=;
        b=sweAtKp5HkJlbpFfubP6apOn4v/mR7pWKVZ05yUqKr8blLOGsKfDY/lNNCASR/E8PM
         sSWTunnzvYobYLIGBRZ53DSngo9Zu44oR1BlNFVZLZz+ZcgoS+93BGafKy57tPSbt5Sj
         kJe6aLq5qaWUAjfyoRhyA2H8r4jCsMxUA5nR6cgha1uaDsoSlRk9VWpQo/H7GS8QWusg
         6I1P1Q0Pdv8MNdcZu9EvABdAzn81Dk/ER8VBG+8rmOCbuGmAF6t5dhf3OudpstTdYrIC
         KypniH63sfA0wG469OsNdhVg8EB5Q2T0rS+f0uB0Vjyb9mLbfignFJO+Nll6h3AjU4TU
         9xSg==
X-Forwarded-Encrypted: i=1;
 AJvYcCX57Q/L/KiKxyQqclZaPBPEpYaFr+4l6t1ND8OGUeocOnxoNfhjzU+aLmBTInd2GI68a3BdL20BsyBNvjU=@vger.kernel.org
X-Gm-Message-State: AOJu0YwmHi1lj/YARvvNji2qaUsAWTAoMVXe75/LXHUdHG4qWKtwHB9+
	AvPl5kCSndxzwyXnVmipDlI7U6innzxmtU5/cDkoln40riBSCtW4BiA2JisshJ6EuMcGYYqs7aa
	rcg==
X-Google-Smtp-Source: 
 AGHT+IHRvX0tflrgzrkpmk1b+MjqWug+G8ZrQ8JrlQY749G6+HLxwwSomleOR6ZkhT0jJLPFBCxCbbf+MWg=
X-Received: from pjuj3.prod.google.com ([2002:a17:90a:d003:b0:2f5:63a:4513])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1f8a:b0:2ee:f687:6acb
 with SMTP id 98e67ed59e1d1-2f782c94b50mr6683883a91.13.1737161770741; Fri, 17
 Jan 2025 16:56:10 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:51 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-10-seanjc@google.com>
Subject: [PATCH 09/10] KVM: x86: Setup Hyper-V TSC page before Xen PV clocks
 (during clock update)
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When updating paravirtual clocks, setup the Hyper-V TSC page before
Xen PV clocks.  This will allow dropping xen_pvclock_tsc_unstable in favor
of simply clearing PVCLOCK_TSC_STABLE_BIT in the reference flags.

Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/kvm/x86.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9eabd70891dd..c68e7f7ba69d 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3280,6 +3280,8 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 		hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
 	}
=20
+	kvm_hv_setup_tsc_page(v->kvm, &hv_clock);
+
 #ifdef CONFIG_KVM_XEN
 	if (vcpu->xen.vcpu_info_cache.active)
 		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_info_cache,
@@ -3289,7 +3291,6 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_time_info_cache, 0,
 					xen_pvclock_tsc_unstable);
 #endif
-	kvm_hv_setup_tsc_page(v->kvm, &hv_clock);
 	return 0;
 }
=20
--=20
2.48.0.rc2.279.g1de40edade-goog
From nobody Sun Feb  8 05:28:51 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0698B18A93C
	for <linux-kernel@vger.kernel.org>; Sat, 18 Jan 2025 00:56:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737161774; cv=none;
 b=Dl3sT1uy/WuNAeji80/d3LCz1O4R8u5UQJeK6LIIRR1barUFGOUrnyFF1KgGO/GezDDiNCsEtpZVhrd3RW3nAcGXdeRNiq+21D8i1IgIn+3i58qUImpAoCMnB+51GALfvMc1id0Pqe4KfQiz4ZHaUY+Fnth0TL0TyVSd0Ta3sPY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737161774; c=relaxed/simple;
	bh=oF0sBicAPPhUq72I5vlh3+SWBQ+gF99lBN9gOBit1as=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=m3hKUHyL6x0CD3WEltD0nAqipu/0Zk07zN5yewksa6lgLLVwGKR7Wui+KXYQqG8/lOaKMa0HyTqBNCQpKjJ4PWCkGKyg1/6MpeH+72A2pb7C58xqz6UYXOWdEU5Jd6wybgtZSzAKAMb9hMp6ssHIjHi6KKLMuXdQKxN5m991OeY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=XpzwarFr; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="XpzwarFr"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2f46b7851fcso7424856a91.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 17 Jan 2025 16:56:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1737161772; x=1737766572;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=sJCtQ5uAUri7iGFBLSXX36fSE63Q0nPcAnEP4m7LVa8=;
        b=XpzwarFrh+X2MWjTOkiaudMxp05TEx+sjzew/6Wc5Y89tGkq8Raz0jIExKGMbiN0P1
         PngG+XR/w6ynQ9vUwPJdHwM3Y30zyhATRjAbQOgHDfFJHZTzIAjGzZpJ/iPggwG10Qvf
         Ssik1ENGOtj0ehLJ4gunOVB2EEEGA4+MXcKpV3pl8ZxVodN8ipm5IBXkE9mwQnddOejI
         l/XIkO+W9kugR/xTO+XVMYUb90T8jkrC4YFo9UHnDY2XcEj93dajF8j2bpcY3sqxI7vw
         zCAMj3hd5Q55aw7vhwJuPwwZI94i59SpChj268V4C/6/yr7ktwT5AqJGa/vdrIHtiS4/
         9VxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737161772; x=1737766572;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=sJCtQ5uAUri7iGFBLSXX36fSE63Q0nPcAnEP4m7LVa8=;
        b=RrTfyu79RVLG0PeH7fhNclszvGmDu3zl5RTVjA4s09FVKZI5gDNxs91CBr3I6LbOZg
         zG4EKfATnrkAPE75A+Ku2ukFhGt0FbpDYq0kXHUGF4leiai4T350aHbCT95ee57X7JHa
         xGvhaTfhEORvZ4ZTru/d7Xy1I1JfkvutYImH4ABoftRjJhOzbq5MCPfJWGxKptrGaE80
         jwTqC+SVZgiBqEsg1OaQAxGwTO0+xi8ngWz67PFlv4NIThIYATenLhwWzph45lkeq5WK
         I1a7IZJlNJt/IsTVnDQlTZ2yqbJ5AiXy5xyTelNzGjE5Boi3t9yU9QIqfxV4m9dxsxZj
         cMqw==
X-Forwarded-Encrypted: i=1;
 AJvYcCUc4ndy3Bh7KRaU+HdiGQiAzwlhzFYfv7YBubVepar2QqTuP86Ekjn4E4HJzrAFJjSEvUNqb1J0FhU9Sls=@vger.kernel.org
X-Gm-Message-State: AOJu0YzSAVwzR1fa8Gls+lnxDisYd+5tzFMtLrigaJExh+5IAh0CRAJK
	1iQrHnU9D+SwebJyYT3CIscyh6kddRK5QUsLMSFP10Y9oGTGgy9kuZrhRTw8nxW2g5wsSirElBZ
	THA==
X-Google-Smtp-Source: 
 AGHT+IEdhNCZ24yUQLqPJww/GZu7srCGFAMCewMWioVRnJRojuDg8lwZ2z7ZAQPhZ3+MlNApu7cBlbpgUxU=
X-Received: from pja3.prod.google.com ([2002:a17:90b:5483:b0:2ea:5be5:da6])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90a:da8e:b0:2ee:d024:e4fc
 with SMTP id 98e67ed59e1d1-2f782d860d5mr7587139a91.33.1737161772463; Fri, 17
 Jan 2025 16:56:12 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 17 Jan 2025 16:55:52 -0800
In-Reply-To: <20250118005552.2626804-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250118005552.2626804-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog
Message-ID: <20250118005552.2626804-11-seanjc@google.com>
Subject: [PATCH 10/10] KVM: x86: Override TSC_STABLE flag for Xen PV clocks in
 kvm_guest_time_update()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When updating PV clocks, handle the Xen-specific UNSTABLE_TSC override in
the main kvm_guest_time_update() by simply clearing PVCLOCK_TSC_STABLE_BIT
in the flags of the reference pvclock structure.  Expand the comment to
(hopefully) make it obvious that Xen clocks need to be processed after all
clocks that care about the TSC_STABLE flag.

No functional change intended.

Cc: Paul Durrant <pdurrant@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/x86.c | 35 +++++++++++++++--------------------
 1 file changed, 15 insertions(+), 20 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index c68e7f7ba69d..065b349a0218 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3119,8 +3119,7 @@ u64 get_kvmclock_ns(struct kvm *kvm)
 static void kvm_setup_guest_pvclock(struct pvclock_vcpu_time_info *ref_hv_=
clock,
 				    struct kvm_vcpu *vcpu,
 				    struct gfn_to_pfn_cache *gpc,
-				    unsigned int offset,
-				    bool force_tsc_unstable)
+				    unsigned int offset)
 {
 	struct pvclock_vcpu_time_info *guest_hv_clock;
 	struct pvclock_vcpu_time_info hv_clock;
@@ -3155,9 +3154,6 @@ static void kvm_setup_guest_pvclock(struct pvclock_vc=
pu_time_info *ref_hv_clock,
=20
 	memcpy(guest_hv_clock, &hv_clock, sizeof(*guest_hv_clock));
=20
-	if (force_tsc_unstable)
-		guest_hv_clock->flags &=3D ~PVCLOCK_TSC_STABLE_BIT;
-
 	smp_wmb();
=20
 	guest_hv_clock->version =3D ++hv_clock.version;
@@ -3178,16 +3174,6 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	s64 kernel_ns;
 	u64 tsc_timestamp, host_tsc;
 	bool use_master_clock;
-#ifdef CONFIG_KVM_XEN
-	/*
-	 * For Xen guests we may need to override PVCLOCK_TSC_STABLE_BIT as unless
-	 * explicitly told to use TSC as its clocksource Xen will not set this bi=
t.
-	 * This default behaviour led to bugs in some guest kernels which cause
-	 * problems if they observe PVCLOCK_TSC_STABLE_BIT in the pvclock flags.
-	 */
-	bool xen_pvclock_tsc_unstable =3D
-		ka->xen_hvm_config.flags & KVM_XEN_HVM_CONFIG_PVCLOCK_TSC_UNSTABLE;
-#endif
=20
 	kernel_ns =3D 0;
 	host_tsc =3D 0;
@@ -3275,7 +3261,7 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 			hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
 			vcpu->pvclock_set_guest_stopped_request =3D false;
 		}
-		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->pv_time, 0, false);
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->pv_time, 0);
=20
 		hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
 	}
@@ -3283,13 +3269,22 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	kvm_hv_setup_tsc_page(v->kvm, &hv_clock);
=20
 #ifdef CONFIG_KVM_XEN
+	/*
+	 * For Xen guests we may need to override PVCLOCK_TSC_STABLE_BIT as unless
+	 * explicitly told to use TSC as its clocksource Xen will not set this bi=
t.
+	 * This default behaviour led to bugs in some guest kernels which cause
+	 * problems if they observe PVCLOCK_TSC_STABLE_BIT in the pvclock flags.
+	 *
+	 * Note!  Clear TSC_STABLE only for Xen clocks, i.e. the order matters!
+	 */
+	if (ka->xen_hvm_config.flags & KVM_XEN_HVM_CONFIG_PVCLOCK_TSC_UNSTABLE)
+		hv_clock.flags &=3D ~PVCLOCK_TSC_STABLE_BIT;
+
 	if (vcpu->xen.vcpu_info_cache.active)
 		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_info_cache,
-					offsetof(struct compat_vcpu_info, time),
-					xen_pvclock_tsc_unstable);
+					offsetof(struct compat_vcpu_info, time));
 	if (vcpu->xen.vcpu_time_info_cache.active)
-		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_time_info_cache, 0,
-					xen_pvclock_tsc_unstable);
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_time_info_cache, 0=
);
 #endif
 	return 0;
 }
--=20
2.48.0.rc2.279.g1de40edade-goog