From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com
 [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 110BF1DA53
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373914; cv=none;
 b=g+32NVl//0Xsy0iloxlxigBVTECDt31lbiquF8FDWGjNXGT4dpDLOKuGyLoZA2QOvgzN0Mr804bLJ+Pd9nOio5ONOYnlZRvHzjRdq5A9/xqUUCTpcIc71AbRQ/jeIKRgfLQE1w7JR+PFKNIIgno6Ss6zvLpsHIPiBDeJREEIPJo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373914; c=relaxed/simple;
	bh=bIer252FPj2neLt5xdi2KiMB2kp+ZCOYERhI9r0upcQ=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=A7h/kURFsqqaJqau6ANbi63o7U3pXezlu1yON/Is6UFCRAzFbaUnBrZJxtfVn8rtUaznpGVN3RJRG3+h7IZ+8xF3c1XvtFZ2rMYPbUGM7gTzB/IO+oJXzywDzLXhKw1atT6F5qeHW1ufE8WNqak0tbqe1ZbjdzIa5a0fp+YoLz0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=qR49V3cl; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="qR49V3cl"
Received: by mail-pj1-f74.google.com with SMTP id
 98e67ed59e1d1-2ef909597d9so7215180a91.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373912; x=1738978712;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=zp7NYWAIXF7j15e690s9k+4LsZ2x/OUxLnCwUuEMDT4=;
        b=qR49V3clEC6DCbODm1bLFr47MwfFTX8GBtSbxk7irAKu5kXnlzstI6tbs/50OhbIW0
         L3yEhZf4nsPrZ08yBb5jfNSP3pd3JePgH0zhXQqvCymRUy4jhM8J9H0wYxtY0l/WI54q
         H2IDTNrK/0MJeP6kQlBtruTUVsHALHXXd3PWE8KF6hFL5djqomD7VFjJEYa0U+p+Bb+e
         u+oMAy7tLWujSedjAd8VtREFnoGDxKRhRgTbvDDxejnTZ9lMmWNWM/PqVyRIpa7YPfDK
         gMdGkTGzOkHMN34Tp9bpnX03D5L7CvdbTz0448NX6JhZqbUmaDf1FMJXLTj8QCHwuEht
         mwHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373912; x=1738978712;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zp7NYWAIXF7j15e690s9k+4LsZ2x/OUxLnCwUuEMDT4=;
        b=IcVJXkrsvWkkaLmRSNYveOTJ5XPxOAT/gSA2Z7qqcNE+uM124I/lzwh9zhp1TkrRnx
         OAoxwfk8Sv0BHqzx1KQdzV5VifEriNDboQ3vopYNZ9Fr4ZoxuNbYvkuiqvpGClPPc3SY
         EuTOzddIr5IDL1UfrJlzwiCPApiCBlO+O/8Hbmko5F23Cop7VFqRmnRvcLNnd71x3aLX
         Bz9noW0lslO4PyI2lp5oLDxcjnVwLzDOxk/0cQtkYjQLxYSzpS+hCvuzI0o1ml61OV3C
         o3UyNuwcIZ1sO83E2kLJrr6Qr8tSWs+RzYQjj2r1NbEcL+Uby48eXjAjtqjmjdwM/hf3
         kujA==
X-Forwarded-Encrypted: i=1;
 AJvYcCXXwAm9WEEzPD8sp6OpPbZQmtD2+NrbEE8Eck/JiF9v7PmOGDDMpNUqyumi4TXBTkZfTGiZbR8LqbeJVDs=@vger.kernel.org
X-Gm-Message-State: AOJu0YxruN1pdR4X83yedj7n/hRK7t+Eln6x2CfOtpolh4/zuPHGMYF7
	+tRwnLpNe91q8ZY+31ki0CoMKp4bPkZ//nlVGT8AX/KCtwbQhygY+TiBgLLn49kPlZ4W1q7uBQL
	Keg==
X-Google-Smtp-Source: 
 AGHT+IEewJwHCgkXKTVE1+h2sO808rYxQKec4ZGCZb9LwsStHhG0Pq3/2ryQ5LpVFWr3Dlpj3qpPvdy7x70=
X-Received: from pjbsw11.prod.google.com
 ([2002:a17:90b:2c8b:b0:2ef:a732:f48d])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:5245:b0:2ee:ee77:2263
 with SMTP id 98e67ed59e1d1-2f83abaf3f2mr21239555a91.7.1738373912335; Fri, 31
 Jan 2025 17:38:32 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:17 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-2-seanjc@google.com>
Subject: [PATCH v2 01/11] KVM: x86: Don't take kvm->lock when iterating over
 vCPUs in suspend notifier
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When queueing vCPU PVCLOCK updates in response to SUSPEND or HIBERNATE,
don't take kvm->lock as doing so can trigger a largely theoretical
deadlock, it is perfectly safe to iterate over the xarray of vCPUs without
holding kvm->lock, and kvm->lock doesn't protect kvm_set_guest_paused() in
any way (pv_time.active and pvclock_set_guest_stopped_request are
protected by vcpu->mutex, not kvm->lock).

Reported-by: syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/677c0f36.050a0220.3b3668.0014.GAE@googl=
e.com
Fixes: 7d62874f69d7 ("kvm: x86: implement KVM PM-notifier")
Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b2d9a16fd4d3..26e18c9b0375 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6907,7 +6907,6 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)
 	unsigned long i;
 	int ret =3D 0;
=20
-	mutex_lock(&kvm->lock);
 	kvm_for_each_vcpu(i, vcpu, kvm) {
 		if (!vcpu->arch.pv_time.active)
 			continue;
@@ -6919,7 +6918,6 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)
 			break;
 		}
 	}
-	mutex_unlock(&kvm->lock);
=20
 	return ret ? NOTIFY_BAD : NOTIFY_DONE;
 }
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D621657C93
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373917; cv=none;
 b=cd7BRxKRm9Z995ktltsv4vTO7Or3ky4gop+WjlQpVB/PeaMtPx6yxm6gSIN9lyUpPfVD39ljwFQZpZzs6+7SvZiLRIRdAY/ePVOsmNl/MM/A7AoZgZ7BVOn0pFTPwVsxU07ByXEpYMAa6plx2Y1LwpzZxSm8MNowhh7uRuLj80E=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373917; c=relaxed/simple;
	bh=EWqk4KP30hLS8qDZzToz6KVrg0V46dJzG1FJBWmksMY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=iFF0ucETQFVS4T/pxHDqV3MYkgFRGcCJs0e7jK2VuPflU73I2q+bIiCGQ+zSQDGYWzLXQv4TytVB0hKuFv8gNwjJz+kWKcFU+5V3TqSGWOfYRaGIsIrQ34ldVHFOmWTywMv8IcBOIHe1CEX8px+A5EzHLgNzLQox/7V2q/vt1eo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=b8qLgrvb; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="b8qLgrvb"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-2163d9a730aso53960385ad.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373914; x=1738978714;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=kLtOSCafmeXa0Tlio6zr7dmpFxS5UvuVrLDBE53O/J8=;
        b=b8qLgrvbOARM4CpfDjWvb+68PayA3vOVhC5+Cmta1TX7Fi9cPCPWDkXqaSAqE2h75+
         Tu12iSy6sVENtH4zEJJigFEHAy+Zkl0orQU5jz0UQRpVo6R8FzdZNTBqLMG5HrKVZgLP
         xIqj8QYixUtWBrlMWX/X+xdGhWQFCQ9uPl4wtLX/AojRuCjMkMXavDACIu1BX0zZDj5J
         ILIY+KPfahFKsuoXzymLG6BXTNAMx8dax0n7SNMe2mih82No7SZ0cs7n+LJ4OXkd5PrS
         3iUbAD/VUQjaZBQ1zSIzBnPX4uZl5NQ4aU4s9s4srr9oCYzKhXmB29r9oKFSVGSYIEkg
         FxVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373914; x=1738978714;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=kLtOSCafmeXa0Tlio6zr7dmpFxS5UvuVrLDBE53O/J8=;
        b=fpcd/9E+rPfUunV6roW9tGXltfRDjHIRNOVtba7AnZqX2Xl7klhYWdTLK3mWbWI8yv
         3fv3sp4KIQRuTO39lfASLSsNgDsUi497HtU1j/9WszY7V+qL3O74idAC4y3ZKkJX9YQC
         XXqCIemY9mfYVNXRC+kpsbvx14zgaZ6cddD1SQXQ6FXB28ol9sOfDtMzJTvgWTYarTqL
         hUTFvPzs7KwQEcNvnMPljg+gEC4TU+58mSaMJCKDKFXvQWVjnOeebp9Yrz/ZMyY/P2+Y
         IyplwayEVGt5iv5MlXXaUfCZbOZu6UwJP2PNAjf7WwPaOBVg0uxzt2tSh2/8IkJDZQsh
         mqBQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCXTCo2jEWtLhlZgCtCEtvNsfWpGhIJanz1IO32fOJlQv/2qudDrXaZKSYsJOiclQXtn6jaQ9PWKQ4WAr9U=@vger.kernel.org
X-Gm-Message-State: AOJu0YxHAGMsnje5qeONIqzb8BTM1A6pF8Bm54xLt0Ya6u3QZGslbDBc
	/am2KdT8e0GkQACFd+lofg/52cG0V1TrWDaExij/E8hh1/YfPqvdgppjZDLc0q3PVmgpCR1roa1
	Spg==
X-Google-Smtp-Source: 
 AGHT+IGpxUDOtpNaOqm4HE3ykis5lIWlKBo+60yrqrJGaRiR9GaKmISfRl/sDJx5rpvI7cqJjvLYCkOtBJI=
X-Received: from pjbsi11.prod.google.com
 ([2002:a17:90b:528b:b0:2ea:4139:e72d])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:2b06:b0:216:3440:3d21
 with SMTP id d9443c01a7336-21edd880549mr92004395ad.26.1738373914116; Fri, 31
 Jan 2025 17:38:34 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:18 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-3-seanjc@google.com>
Subject: [PATCH v2 02/11] KVM: x86: Eliminate "handling" of impossible errors
 during SUSPEND
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Drop KVM's handling of kvm_set_guest_paused() failure when reacting to a
SUSPEND notification, as kvm_set_guest_paused() only "fails" if the vCPU
isn't using kvmclock, and KVM's notifier callback pre-checks that kvmclock
is active.  I.e. barring some bizarre edge case that shouldn't be treated
as an error in the first place, kvm_arch_suspend_notifier() can't fail.

Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 26e18c9b0375..ef21158ec6b2 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6905,21 +6905,15 @@ static int kvm_arch_suspend_notifier(struct kvm *kv=
m)
 {
 	struct kvm_vcpu *vcpu;
 	unsigned long i;
-	int ret =3D 0;
=20
-	kvm_for_each_vcpu(i, vcpu, kvm) {
-		if (!vcpu->arch.pv_time.active)
-			continue;
+	/*
+	 * Ignore the return, marking the guest paused only "fails" if the vCPU
+	 * isn't using kvmclock; continuing on is correct and desirable.
+	 */
+	kvm_for_each_vcpu(i, vcpu, kvm)
+		(void)kvm_set_guest_paused(vcpu);
=20
-		ret =3D kvm_set_guest_paused(vcpu);
-		if (ret) {
-			kvm_err("Failed to pause guest VCPU%d: %d\n",
-				vcpu->vcpu_id, ret);
-			break;
-		}
-	}
-
-	return ret ? NOTIFY_BAD : NOTIFY_DONE;
+	return NOTIFY_DONE;
 }
=20
 int kvm_arch_pm_notifier(struct kvm *kvm, unsigned long state)
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D3A07081D
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373918; cv=none;
 b=gWSixbQfa3K5m6wdcaJFK6mAawbVaAgvoH6PIdUiEGgTsiXB3IoFps9sYtwFj1agW+fGarJmVVEEFPZdQOYnKmL6Idx7/1bq5kIYE7e/Y45fj58sCmMaQ7mXeqXcFRiYYQe8JYwX9N9UkGCi25EN+jT/kXIIHYb/J7YuN1KaDhw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373918; c=relaxed/simple;
	bh=BjTGMZAujz8V7PRymU0MtCLYLhiR76QtteHhEUWAMN8=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=r8b8LCAOF2o1tKCzoRECk3zBlJIUED4zDZaxP7pidp9P7lLD/gNEfKP2q46/1yC5Af3N65uEwFGM+5T8Sy9iK2hv3NShyvLZ98DTN7qJ7EieLzC0jugY7ycPWYNdg+WoTV6n7FWUNKvjxwj9OT95JxcVrIpmA7jUt6oGX5yMjTc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=JxXM7Nvc; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="JxXM7Nvc"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2ef9864e006so7220390a91.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373916; x=1738978716;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=Y8ZYyjd0W1TCp6raZa192Hjs1JgLUz/3Q7DTTNkVwjg=;
        b=JxXM7Nvcsj0TbIJgo08OkvhM5lc4edmBDdUGSsglfLVtL+mtzpDuJJjjNd2m5MpI4j
         AkzPqIkssvzesk1TgDd5ErtAfqtZu/9G+t7vPMtC6NYGIeU7qyxqF2RLJ0cI+pfynu/Y
         1sS8ffwF/gw/zWTWuHOQrIDncnA0DgAHD+P+uekE3gkl5Szx05rCx/KRhQezMRFwUdlz
         cmZnnAqKFjhBN5IQYczb9SvP7FFA8vPpGVm2+QQA5uANm/JnGObxsqJBdhSROdx3T1Pf
         o5rqh6rX5LhDU+y3liZVhNrFX53up5ub0k+K9VFdwjOfaByGXTcEzma5BYCZI34BXDWB
         Eafg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373916; x=1738978716;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Y8ZYyjd0W1TCp6raZa192Hjs1JgLUz/3Q7DTTNkVwjg=;
        b=Yjj73Q9xGhOHknR1cNnYQNc88fLPYs3Zs+WuXyoWvPccdkOhduoSqjgbNh3+f/JAN0
         yq+ip8vFhIcHOX/teUyv4x0nFXpdXDWvv3d2T57ocOQ0NinCY8aX92ni5owuIMDtAgSa
         /NTPAGF2XKHsPgDOUv0kpglAY8I255z5rPCINUgctpHMVrSIHdJES2FHzsc3XbtzgAVH
         6zZTIF7+OuTdI/738Tt8Uz2SRqGOods+5LUufesMBljPlHnLLfNsVaJlaam8DAvl8fza
         4fhwBjzkqPbEVnqa2AE6B8WPIWJaIvmucWHAIuVUsqq0U8RHyWmS5lDWZdUJk0Q99YB0
         StCg==
X-Forwarded-Encrypted: i=1;
 AJvYcCUw8cIH8s7+2I24YS9cLgY7NoTbYtTGYKHYULEDe9sptAtdTAzZLFw59vxJJNvnM4pwzuai/lXUm21aRMQ=@vger.kernel.org
X-Gm-Message-State: AOJu0YySichzffRQlF43TRgA1tNUXiBJTA6koQGp/g4PV+22KV2Vfru4
	D+PjNkEI751Cga9uDrTGVkJlF7kzkmDa1gnP+QUfRvQjp0/iTgzII+p/xMl13LGxOomHm38ZBdB
	n4w==
X-Google-Smtp-Source: 
 AGHT+IEUww6H9B/218pN1bGykGPB3qoRx0Sbh+RYhN1f/Suxq4iXH/h2uszLxk4L9NNFXl1LU+sQF2Wfaho=
X-Received: from pjbsw13.prod.google.com
 ([2002:a17:90b:2c8d:b0:2ef:78ff:bc3b])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:2250:b0:2ee:5bc9:75c3
 with SMTP id 98e67ed59e1d1-2f83abaf3e7mr18367670a91.5.1738373915941; Fri, 31
 Jan 2025 17:38:35 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:19 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-4-seanjc@google.com>
Subject: [PATCH v2 03/11] KVM: x86: Drop local pvclock_flags variable in
 kvm_guest_time_update()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Drop the local pvclock_flags in kvm_guest_time_update(), the local variable
is immediately shoved into the per-vCPU "cache", i.e. the local variable
serves no purpose.

No functional change intended.

Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ef21158ec6b2..d8ee37dd2b57 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3178,7 +3178,6 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	struct kvm_arch *ka =3D &v->kvm->arch;
 	s64 kernel_ns;
 	u64 tsc_timestamp, host_tsc;
-	u8 pvclock_flags;
 	bool use_master_clock;
 #ifdef CONFIG_KVM_XEN
 	/*
@@ -3261,11 +3260,9 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	vcpu->last_guest_tsc =3D tsc_timestamp;
=20
 	/* If the host uses TSC clocksource, then it is stable */
-	pvclock_flags =3D 0;
+	vcpu->hv_clock.flags =3D 0;
 	if (use_master_clock)
-		pvclock_flags |=3D PVCLOCK_TSC_STABLE_BIT;
-
-	vcpu->hv_clock.flags =3D pvclock_flags;
+		vcpu->hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
=20
 	if (vcpu->pv_time.active)
 		kvm_setup_guest_pvclock(v, &vcpu->pv_time, 0, false);
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D234126F1E
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373919; cv=none;
 b=qxmOK/g9lAkprZ+w9mMmF5DoXaOf9p2LqPV5oZEiaXYZg63XR+myZtqHpaXzBuSu1AmFF9ktoGUWxwN1It2Nth5vzOhxp8FXMQ7/8mdYn0t6UhK2dv0CrnQjgj7CJOsjqYhHmfttfR+bOCxAvWUWkhj+CoxqFYAIx6NmIKWfcjM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373919; c=relaxed/simple;
	bh=UUzVxW+A0LbHvQamjiSSU35WtkGq3vbu9aNxHkZpIfs=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=ADtZg/86ogHtZrsGfHUdFmY9kSrER3luQPZiTS7aJ3Ib1DwagJivgrCmVCTMOwX5ksR+sZEZkCk0NeT9PSjo/rVVMc+xBQ1KPJZq26fn7LOVJGmldxYH7WoA/5p/NTx87KFMhMcwb8psz6pQECjKXPJ3bWC68bk39f3RlfcHhdg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Kb7PG6ND; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Kb7PG6ND"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-21681a2c0d5so45891015ad.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373918; x=1738978718;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=P0Rg1qN67xtOrW9/3acldXp82KHWRVyhcuyhp0qB1L0=;
        b=Kb7PG6NDBXebuirdoki52DwwkYmWRLS5NQ8FznNZkZeXvDJZ0shaltjsow8Jqo/lGx
         cLrVWJu+8bin4NZZZpgfpIbJag2boYx6PzYJE2eosU9pGXyhq95Kc3cuTmBohSA7BZkG
         ogvnQ81TLMOBejkAlJu7+I3qtp4pU4GC3EEhZKFODt71LoYaj+Tfwnp+/Dy2zU97iQef
         docm99OHbcAQ0kAcO5MeDvThYXpe8xqHnRslhBEHOknLStx/lBI5GDYPLsZ941Up5dOP
         1cOXS4ECCdAewkWRuTBwAM1sQtEIr8I+gR9Cm0Bx8e1U901fQlHnLOciUH37gnuuSRon
         Kuwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373918; x=1738978718;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=P0Rg1qN67xtOrW9/3acldXp82KHWRVyhcuyhp0qB1L0=;
        b=AsK7tt9E5aNE4gTW0yfmIDGDoik3NZPxwx4GFdRCxXv9161nqkersxkMKOdV/jPGvD
         Wgy6WrsMYQvqs9gIsJc92ugpeM3v9Q//SFC4fn+t4l4lyHDZP2nGQgnDUEQnXifiZgLf
         iYcJbS2VCg94urz2fEI8/DXDAf0AOrhBYF11+d+y2HyRW66K/n05KoaUe8qyXpqCw7t4
         eMczcaJwqQ4Y5IPJm8EEFxdLXx0iQzaHOe2qm2biLqb5A6sTd8k+w3vKqBnqbselqkHG
         LCwBCO/80CBV7qj0Y/2D5sv7lv0szor7wvG6kJP9axDC7kjRxEzn2KJqzDweJ4PP+5oZ
         yZBQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCVwQAf6cQ6Cu1yTmoWMKJa9ExBCnv8j/VNfeYjIHLqzsoTbGr5zg3/9KRA9Hi/eUrTjLreOgdTH3yU4B1Y=@vger.kernel.org
X-Gm-Message-State: AOJu0YxBctSP4V8mRGAU/e6G0gtQvQzrAEIJp5Ysz3QuxKOE+HweAnad
	84e/S/NLQYY2/LND9Hn8gr7EqqKK5EwtRSPJ1Qu41n5p+2ZJdzcsWEvQauvRDEnIBcxHAqQoTL9
	agQ==
X-Google-Smtp-Source: 
 AGHT+IHzrvrAtIazL7DuI5S6zMGK5azT035sFwOHSFpiw0QSUrMFD83Pit1/KumxCWsWadgyJWwokGOlwp0=
X-Received: from pgc25.prod.google.com ([2002:a05:6a02:2f99:b0:7fd:40dd:86a5])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:d049:b0:1e0:cf9a:87b1
 with SMTP id adf61e73a8af0-1ed7a49a2d8mr21514926637.6.1738373917669; Fri, 31
 Jan 2025 17:38:37 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:20 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-5-seanjc@google.com>
Subject: [PATCH v2 04/11] KVM: x86: Process "guest stopped request" once per
 guest time update
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Handle "guest stopped" requests once per guest time update in preparation
of restoring KVM's historical behavior of setting PVCLOCK_GUEST_STOPPED
for kvmclock and only kvmclock.  For now, simply move the code to minimize
the probability of an unintentional change in functionally.

Note, in practice, all clocks are guaranteed to see the request (or not)
even though each PV clock processes the request individual, as KVM holds
vcpu->mutex (blocks KVM_KVMCLOCK_CTRL) and it should be impossible for
KVM's suspend notifier to run while KVM is handling requests.  And because
the helper updates the reference flags, all subsequent PV clock updates
will pick up PVCLOCK_GUEST_STOPPED.

Note #2, once PVCLOCK_GUEST_STOPPED is restricted to kvmclock, the
horrific #ifdef will go away.

Cc: Paul Durrant <pdurrant@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/x86.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d8ee37dd2b57..de281c328cb1 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3150,11 +3150,6 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu =
*v,
 	/* retain PVCLOCK_GUEST_STOPPED if set in guest copy */
 	vcpu->hv_clock.flags |=3D (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED);
=20
-	if (vcpu->pvclock_set_guest_stopped_request) {
-		vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
-		vcpu->pvclock_set_guest_stopped_request =3D false;
-	}
-
 	memcpy(guest_hv_clock, &vcpu->hv_clock, sizeof(*guest_hv_clock));
=20
 	if (force_tsc_unstable)
@@ -3264,6 +3259,18 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	if (use_master_clock)
 		vcpu->hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
=20
+	if (vcpu->pv_time.active
+#ifdef CONFIG_KVM_XEN
+	 || vcpu->xen.vcpu_info_cache.active
+	 || vcpu->xen.vcpu_time_info_cache.active
+#endif
+	    ) {
+		if (vcpu->pvclock_set_guest_stopped_request) {
+			vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
+			vcpu->pvclock_set_guest_stopped_request =3D false;
+		}
+	}
+
 	if (vcpu->pv_time.active)
 		kvm_setup_guest_pvclock(v, &vcpu->pv_time, 0, false);
 #ifdef CONFIG_KVM_XEN
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4B8713B7BE
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373921; cv=none;
 b=XUCs6NlojYnarhusLLTO7uvK4sZV8zozWxkdYYTJWNekbBoBDUsN7lK4InLhsnlfBLWyxxqZE3Inj9z6A8AQDiz0QU4WzqQp5pd7oKjfUmc+PYmGWUlYfPSyzcn6LoTdoDGDWGvx/J4p11A5hBYG5Mh87XQWxVjxO9j54GxUrdg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373921; c=relaxed/simple;
	bh=jqD6fINm58nrlJC96XXHVdF8NcVOAKSb17n1uydbzUY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=UVJH/CMWLYOBkMlx2Y9w9xOsXzgxNCC8GwfxSL81v1bLit94ih91rvMVtS9YORSeyN26hyUiB40gM9xmPU+sFBGiEvGiU13AH6O5b5BOsbKWT/GKvqYI/+iGLM1vKTEETKSjGaB+jKq1xIBErflYV7x4pmrOfJtZ7EV+wbCAgco=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=kO7w2rtT; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="kO7w2rtT"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-2178115051dso56902475ad.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373919; x=1738978719;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=rCMiScS+NLaVhzTpSO0M+ZWK4RHUIY21ppYPfMWENg4=;
        b=kO7w2rtT8sS5A6RRvNVSmbzxjXWufZdjwFE5I9+laBiuJObeUES4tCFDVN7wEhBgxD
         SbWdOELCX3DQpxzm/BA3jAlmAhIRTKEWRL7gLdq4FgVeWH75cBC+k46exbh4OCnvuFNy
         hWTVkNaHD/dXVKjaK/STGyi5xIM0f2XqNN/xyIrCD2SaptXW0ZIXJMtTglDLG/aBEwXv
         xNNPbQSZv6+Ko4cA+itZJMh4kgdMqMmiDhwd+Z54RuN7ipAsnqwBZ0gvB4FEW/HHroCP
         FDEgAT979LS22wDSBRYCmu1ufpY9wYOcSmJxjPcR6whf0mqUpPaI/nQ/uOePX54acrX0
         8j4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373919; x=1738978719;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=rCMiScS+NLaVhzTpSO0M+ZWK4RHUIY21ppYPfMWENg4=;
        b=qcFgHCuzyHFv/MCKED1YLWfkTOliP1YsgX0duVu8/GmfdgjvqvSCBdiW/8Q/vz1qtT
         NsPyYZvIuOq1vVFqAhmedxGtyp49eNYYMv/R0KXJUg3+1z0f+Pl6xxnaW3GpGKpuJnWU
         dnHQ5fcnp6hHpmH/MrFAJ5M5K1Wh04JVscwnz3eyoCvGzEOe/4+iiuKFDDCXGgQxarGx
         YZei5egAMLTsPo6SKRlxtGkuM2cw/Cas8+bgwH9NXOia4KfBYoxUBBs9Y0tMoAQ9vq1K
         U5aCkzhxpXWdkE4Yfd0/cC6tT4N0DOTqquJqSbYO0iNnayyNmuQtFDJB2so6XYw69aaK
         XrXw==
X-Forwarded-Encrypted: i=1;
 AJvYcCVRxPcqEzb6vRK0Zgt+mkQZ9iiI5kzWvactPX0LwkTmBIv9SMIndSPllgfgUWiGvkD+2w9082zG6lqKiNQ=@vger.kernel.org
X-Gm-Message-State: AOJu0YwlBZjE/dQzd0lZVgqqsXOGKT52WhRTAR4L0XkJfatHwACCcchz
	c0YRTdsNyo24UqonRqIyuBCYsWOZo0Tf55roC+5iCw26QzcF6nJx0yuWWdxEfOETe4/Om6Omu8S
	b9A==
X-Google-Smtp-Source: 
 AGHT+IF/0ykLJ+eIXWfIGrSoBCyHpla92OyK69X3dikfVCHOBJ0I+S0cqlz9orZGrS3UqUgziU9//IFySsw=
X-Received: from pghh13.prod.google.com ([2002:a63:210d:0:b0:7ff:d6:4f0e])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a21:3284:b0:1e8:bd15:6845
 with SMTP id adf61e73a8af0-1ed7a5a50eamr19970517637.1.1738373919154; Fri, 31
 Jan 2025 17:38:39 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:21 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-6-seanjc@google.com>
Subject: [PATCH v2 05/11] KVM: x86/xen: Use guest's copy of pvclock when
 starting timer
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Use the guest's copy of its pvclock when starting a Xen timer, as KVM's
reference copy may not be up-to-date, i.e. may yield a false positive of
sorts.  In the unlikely scenario that the guest is starting a Xen timer
and has used a Xen pvclock in the past, but has since but turned it "off",
then vcpu->arch.hv_clock may be stale, as KVM's reference copy is updated
if and only if at least one pvclock is enabled.

Furthermore, vcpu->arch.hv_clock is currently used by three different
pvclocks: kvmclock, Xen, and Xen compat.  While it's extremely unlikely a
guest would ever enable multiple pvclocks, effectively sharing KVM's
reference clock could yield very weird behavior.  Using the guest's active
Xen pvclock instead of KVM's reference will allow dropping KVM's
reference copy.

Fixes: 451a707813ae ("KVM: x86/xen: improve accuracy of Xen timers")
Cc: Paul Durrant <pdurrant@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/xen.c | 65 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 60 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
index a909b817b9c0..300a79f1fae5 100644
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -150,11 +150,46 @@ static enum hrtimer_restart xen_timer_callback(struct=
 hrtimer *timer)
 	return HRTIMER_NORESTART;
 }
=20
+static int xen_get_guest_pvclock(struct kvm_vcpu *vcpu,
+				 struct pvclock_vcpu_time_info *hv_clock,
+				 struct gfn_to_pfn_cache *gpc,
+				 unsigned int offset)
+{
+	unsigned long flags;
+	int r;
+
+	read_lock_irqsave(&gpc->lock, flags);
+	while (!kvm_gpc_check(gpc, offset + sizeof(*hv_clock))) {
+		read_unlock_irqrestore(&gpc->lock, flags);
+
+		r =3D kvm_gpc_refresh(gpc, offset + sizeof(*hv_clock));
+		if (r)
+			return r;
+
+		read_lock_irqsave(&gpc->lock, flags);
+	}
+
+	memcpy(hv_clock, gpc->khva + offset, sizeof(*hv_clock));
+	read_unlock_irqrestore(&gpc->lock, flags);
+
+	/*
+	 * Sanity check TSC shift+multiplier to verify the guest's view of time
+	 * is more or less consistent.
+	 */
+	if (hv_clock->tsc_shift !=3D vcpu->arch.hv_clock.tsc_shift ||
+	    hv_clock->tsc_to_system_mul !=3D vcpu->arch.hv_clock.tsc_to_system_mu=
l)
+		return -EINVAL;
+
+	return 0;
+}
+
 static void kvm_xen_start_timer(struct kvm_vcpu *vcpu, u64 guest_abs,
 				bool linux_wa)
 {
+	struct kvm_vcpu_xen *xen =3D &vcpu->arch.xen;
 	int64_t kernel_now, delta;
 	uint64_t guest_now;
+	int r =3D -EOPNOTSUPP;
=20
 	/*
 	 * The guest provides the requested timeout in absolute nanoseconds
@@ -173,10 +208,29 @@ static void kvm_xen_start_timer(struct kvm_vcpu *vcpu=
, u64 guest_abs,
 	 * the absolute CLOCK_MONOTONIC time at which the timer should
 	 * fire.
 	 */
-	if (vcpu->arch.hv_clock.version && vcpu->kvm->arch.use_master_clock &&
-	    static_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
+	do {
+		struct pvclock_vcpu_time_info hv_clock;
 		uint64_t host_tsc, guest_tsc;
=20
+		if (!static_cpu_has(X86_FEATURE_CONSTANT_TSC) ||
+		    !vcpu->kvm->arch.use_master_clock)
+			break;
+
+		/*
+		 * If both Xen PV clocks are active, arbitrarily try to use the
+		 * compat clock first, but also try to use the non-compat clock
+		 * if the compat clock is unusable.  The two PV clocks hold the
+		 * same information, but it's possible one (or both) is stale
+		 * and/or currently unreachable.
+		 */
+		if (xen->vcpu_info_cache.active)
+			r =3D xen_get_guest_pvclock(vcpu, &hv_clock, &xen->vcpu_info_cache,
+						  offsetof(struct compat_vcpu_info, time));
+		if (r && xen->vcpu_time_info_cache.active)
+			r =3D xen_get_guest_pvclock(vcpu, &hv_clock, &xen->vcpu_time_info_cache=
, 0);
+		if (r)
+			break;
+
 		if (!IS_ENABLED(CONFIG_64BIT) ||
 		    !kvm_get_monotonic_and_clockread(&kernel_now, &host_tsc)) {
 			/*
@@ -197,9 +251,10 @@ static void kvm_xen_start_timer(struct kvm_vcpu *vcpu,=
 u64 guest_abs,
=20
 		/* Calculate the guest kvmclock as the guest would do it. */
 		guest_tsc =3D kvm_read_l1_tsc(vcpu, host_tsc);
-		guest_now =3D __pvclock_read_cycles(&vcpu->arch.hv_clock,
-						  guest_tsc);
-	} else {
+		guest_now =3D __pvclock_read_cycles(&hv_clock, guest_tsc);
+	} while (0);
+
+	if (r) {
 		/*
 		 * Without CONSTANT_TSC, get_kvmclock_ns() is the only option.
 		 *
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 492FD145B00
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373922; cv=none;
 b=XVUwx6Bi/KvdCfD3kCoERDOcyrcxyD19NAuSSB+2uXHqNmYzwoD1dP+K+Saem/i3NIXgaMt0o/WBkuw/iLyr7bmrxNJruj6EZH019+tpp8/hS4QRdDraG/T0NZoWJ2nngUSv4XEt8SOxzi65xgsUn3KQ/U+3sXXBXeLn3j4i4+E=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373922; c=relaxed/simple;
	bh=FxR3NlhqjaxyvZuR88P+kPdnNxxn6TSgaLJ91JhSPhM=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=TAVwxG/ALNLIfBzZLeD5Y7XjoBw5JNQzzROq51xr1O91cCMycftC6DCCQlsIZsdH0IlgafhWUxOwqC2fELvTvduqg6/S/pviygQ7nqICKwF4OeC9K1bLEdDd6I7VVefsuJS8bNm3rlB547B0RCu6INh8Q8Ar/gDA4pPOljStxVM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=KWsKTAKh; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="KWsKTAKh"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-2161d185f04so37799755ad.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373920; x=1738978720;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=MZzFZJ/ti1ZasZwSICIUNU12dHfHQJu6sx5F72/iN6A=;
        b=KWsKTAKhdKSiyVZNP/v/akSGiJtQVE0gZGu4ff7b3WiJyTLZmlPTreRQkmdiqv9+ck
         ShWKvvsF6JE6S89ymCC4sWOZhCPAdWh/m06ZJ6VYt4tpGVByKmKVYPveJbK2ofPH1OkA
         58o2mfNa8l1kosAjf4Y1NZBlkKfuKcSl+XtbiqNXiQtNE68tSOQ75QKMtV37FTCRQSs+
         rNn5yBb154pw/ULbVxtVnbtuOk2S79Kx5UQHT4NncimFVt0beod+MjtVidzAo2RwFgBD
         qJ3LBC4DM3fgHWjp0K81SpwPFhiun5Dmq9J6vkTRV+cSR/Ou6UbY41bN1Qd/RsCs9ZB8
         3Vfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373920; x=1738978720;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=MZzFZJ/ti1ZasZwSICIUNU12dHfHQJu6sx5F72/iN6A=;
        b=kDTORw0V2IGo4e1NgVU7LQqcWy4BzXXzbU8on9hot8+qFkwhpKUTi6dHw2I8JO5LMD
         Bfy7ATFXBGCGQzLeIAwnTcwm0n9TC4/9V6nPyzFLrPsEw9MQgGChsEsIhPyoWocjEk4Z
         OmuUAVgO7eUuegIF0XLagT4hbsydp8+HlxVz6SQXEPjxk1AwXrYYiwWNH3k3MyUaXz4U
         wLXQD1A4cvEaQ8Hzkpk2FN6VP0o5OvfEoZp6dWaisyJ3v29E7hNh8lQiF/fH7TZ2c+an
         wazocKNAY89zzds9IOE7BMuA8asfuAW1FjTcfUV2O6uiUQXXdtON+Xzx+I5RwZ/+pXY6
         0BAQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCUKk/w+iEqm95BFAp/x7f0tJ4HwBjzskCejEWrRhV04ERV92Pcm7Z3oROzJWFGs2uy+Ak9YwvNbpQuh7o4=@vger.kernel.org
X-Gm-Message-State: AOJu0YyD9Obw2ZRlx9ueShXj+OeEcGioub0AF93uGUeB3FUss4de6SeJ
	5zujzlD9MiYECUep6I1zffU2d74+w1sKaQ5eni9uZkIHcqW/RMUAAmjHgyEh96vHDPoB1RKrxHJ
	xEQ==
X-Google-Smtp-Source: 
 AGHT+IGINrKcjMYRORFQEHt3bDlZ15bD44RFlDg8hRTr/ZtpYuPlB3mzVJHhLezZwRgBsysW3kb9Q+jlHIU=
X-Received: from plkp2.prod.google.com ([2002:a17:902:6b82:b0:20c:a78c:2b70])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:903:166d:b0:215:6489:cfb8
 with SMTP id d9443c01a7336-21dd7c4c2aamr232050175ad.10.1738373920608; Fri, 31
 Jan 2025 17:38:40 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:22 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-7-seanjc@google.com>
Subject: [PATCH v2 06/11] KVM: x86: Don't bleed PVCLOCK_GUEST_STOPPED across
 PV clocks
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When updating a specific PV clock, make a full copy of KVM's reference
copy/cache so that PVCLOCK_GUEST_STOPPED doesn't bleed across clocks.
E.g. in the unlikely scenario the guest has enabled both kvmclock and Xen
PV clock, a dangling GUEST_STOPPED in kvmclock would bleed into Xen PV
clock.

Using a local copy of the pvclock structure also sets the stage for
eliminating the per-vCPU copy/cache (only the TSC frequency information
actually "needs" to be cached/persisted).

Fixes: aa096aa0a05f ("KVM: x86/xen: setup pvclock updates")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/x86.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index de281c328cb1..3971a13bddbe 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3123,8 +3123,11 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu =
*v,
 {
 	struct kvm_vcpu_arch *vcpu =3D &v->arch;
 	struct pvclock_vcpu_time_info *guest_hv_clock;
+	struct pvclock_vcpu_time_info hv_clock;
 	unsigned long flags;
=20
+	memcpy(&hv_clock, &vcpu->hv_clock, sizeof(hv_clock));
+
 	read_lock_irqsave(&gpc->lock, flags);
 	while (!kvm_gpc_check(gpc, offset + sizeof(*guest_hv_clock))) {
 		read_unlock_irqrestore(&gpc->lock, flags);
@@ -3144,25 +3147,25 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu=
 *v,
 	 * it is consistent.
 	 */
=20
-	guest_hv_clock->version =3D vcpu->hv_clock.version =3D (guest_hv_clock->v=
ersion + 1) | 1;
+	guest_hv_clock->version =3D hv_clock.version =3D (guest_hv_clock->version=
 + 1) | 1;
 	smp_wmb();
=20
 	/* retain PVCLOCK_GUEST_STOPPED if set in guest copy */
-	vcpu->hv_clock.flags |=3D (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED);
+	hv_clock.flags |=3D (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED);
=20
-	memcpy(guest_hv_clock, &vcpu->hv_clock, sizeof(*guest_hv_clock));
+	memcpy(guest_hv_clock, &hv_clock, sizeof(*guest_hv_clock));
=20
 	if (force_tsc_unstable)
 		guest_hv_clock->flags &=3D ~PVCLOCK_TSC_STABLE_BIT;
=20
 	smp_wmb();
=20
-	guest_hv_clock->version =3D ++vcpu->hv_clock.version;
+	guest_hv_clock->version =3D ++hv_clock.version;
=20
 	kvm_gpc_mark_dirty_in_slot(gpc);
 	read_unlock_irqrestore(&gpc->lock, flags);
=20
-	trace_kvm_pvclock_update(v->vcpu_id, &vcpu->hv_clock);
+	trace_kvm_pvclock_update(v->vcpu_id, &hv_clock);
 }
=20
 static int kvm_guest_time_update(struct kvm_vcpu *v)
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com
 [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 369DC149C51
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373924; cv=none;
 b=kjSpbj5OjQ4pLzJm3xZ9b9AU1TlppK6Qc1dFcH/GHqomjqjpQmDO/UJW+CEjtvxMQBO/LrGwoTC0EqjkHE7kJuQSUHVqk0DfZzAduymWAKXtxiviAUjRZ7DKbZQ34bo+aPfIWm2ggLEFvt+04BR1J6EMqxzwudXdyagLka8HFsI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373924; c=relaxed/simple;
	bh=v2nNVv+EFRYPunzdZ+ILeHXzhZpVDwHyHKp7YCyi+L0=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=AComUkgTx7gEWtg8fDh1ccA4Nzd5X9iVTZ6sL7vjbq5QByHlmlNNUkRfTjxWW6hfbpMDi30gYm1KrQ1yDlbApOqE4PX5T9chj9Xvt/RAcwX+BwUSHwJQqgGJnumFRkHzc2PsPdw6Zo13SZRXD0obMMaI6F7ztlxMMfDjBByAvrc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=WHEFgqp8; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="WHEFgqp8"
Received: by mail-pj1-f73.google.com with SMTP id
 98e67ed59e1d1-2f129f7717fso5051869a91.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373922; x=1738978722;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=x+/SOKG3JumebYmqFYS/sEsTOSGuKOAOS5dLwsiexZc=;
        b=WHEFgqp895UzMDGIh2d5UQgogiFOQmYO768vxdUzRLGi/bZTxQ+ArYzy/8aGLyPoHG
         ZMeu+vO0fOrjhXiLVfreTZBmPb2pG28t+YpRIl6YfDT4RJK3fnDoEuIiHziC/BnN0p9D
         FJIfCR0EDy3pQTnEMP3AxDAN9OgoPPNLZmyG0fYwq1k9nHDyK2EE3zhazd5aKfrQt2K3
         /w5v3mNNb4wwRtqfAlXnCw5dj1/loL210ZFsDQz3orPV2Dn2GZ5duSN8IKU2UT87IfNZ
         cXHfAKgdKBHGT31E3A9W36ar0FwDEl5bSJ+aQRXlgQ8++FnyNINL3hf7jmtUJ29kIw/w
         FAPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373922; x=1738978722;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=x+/SOKG3JumebYmqFYS/sEsTOSGuKOAOS5dLwsiexZc=;
        b=kY6A/JB3JnFEx06C67w6uPE7AH2hUQulKrBVVn9OTXr+CwRWN9jlqSnOr3ORI4Vqfz
         FBF846F2LZuoq5uJuKw+PT3bQpWEVu0pQS0+mKswg8CvppyyS/8rz25X0b3/EcstdmG7
         waY7UENF6izBcJWMdj2kLQaYhothXeS9aWGBMjRSJIb3z/oveFcG8pWpkqwJ91NSnTw8
         XOHt0W2B8A1VpJS4AX9pptdnZqmMsZ7j44LjCzDEk+Ys0FAY0bUlixMOcSiCN2+N18LV
         vC+jMH2nY8sK93JxmHgrGPsHGmoyomkh5rk+efXpUFpbwX3bnqVZ4thrqF+faQ/wp2XV
         2EfA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUrFcCGCXCac4oY/DnyW09c2uHGcPVfGLm+DoXo10aGN8YcnI61Eowy/AvT3ikZlDRT2FDcLxMf07BwMbs=@vger.kernel.org
X-Gm-Message-State: AOJu0YwFL54lAzcZmdvMk4nj9WPmGmqaItYQWw74Q4r+iHixagciSQdX
	2eiAgjmU7aEovXNgGE40b2dHNy7wfQtqfgQhe2o3dqY3wiaW+i+z5nFieZiStYo7eEsHmQD4j5x
	VuA==
X-Google-Smtp-Source: 
 AGHT+IHYnLS7BAwUoGkHQKlNghqdBiP1OFbs9Cwx1+plht9fOXLw3Xd5M6E/dTSO5tlBS9xowyMjOG8b70s=
X-Received: from pjbeu6.prod.google.com ([2002:a17:90a:f946:b0:2f4:47fc:7f17])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:90b:1f81:b0:2ee:bc1d:f98b
 with SMTP id 98e67ed59e1d1-2f83ac8ac3amr17463933a91.31.1738373922389; Fri, 31
 Jan 2025 17:38:42 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:23 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-8-seanjc@google.com>
Subject: [PATCH v2 07/11] KVM: x86: Set PVCLOCK_GUEST_STOPPED only for
 kvmclock, not for Xen PV clock
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Handle "guest stopped" propagation only for kvmclock, as the flag is set
if and only if kvmclock is "active", i.e. can only be set for Xen PV clock
if kvmclock *and* Xen PV clock are in-use by the guest, which creates very
bizarre behavior for the guest.

Simply restrict the flag to kvmclock, e.g. instead of trying to handle
Xen PV clock, as propagation of PVCLOCK_GUEST_STOPPED was unintentionally
added during a refactoring, and while Xen proper defines
XEN_PVCLOCK_GUEST_STOPPED, there's no evidence that Xen guests actually
support the flag.

Check and clear pvclock_set_guest_stopped_request if and only if kvmclock
is active to preserve the original behavior, i.e. keep the flag pending
if kvmclock happens to be disabled when KVM processes the initial request.

Fixes: aa096aa0a05f ("KVM: x86/xen: setup pvclock updates")
Cc: Paul Durrant <pdurrant@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 arch/x86/kvm/x86.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 3971a13bddbe..5f3ad13a8ac7 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3262,20 +3262,21 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	if (use_master_clock)
 		vcpu->hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
=20
-	if (vcpu->pv_time.active
-#ifdef CONFIG_KVM_XEN
-	 || vcpu->xen.vcpu_info_cache.active
-	 || vcpu->xen.vcpu_time_info_cache.active
-#endif
-	    ) {
+	if (vcpu->pv_time.active) {
+		/*
+		 * GUEST_STOPPED is only supported by kvmclock, and KVM's
+		 * historic behavior is to only process the request if kvmclock
+		 * is active/enabled.
+		 */
 		if (vcpu->pvclock_set_guest_stopped_request) {
 			vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
 			vcpu->pvclock_set_guest_stopped_request =3D false;
 		}
-	}
-
-	if (vcpu->pv_time.active)
 		kvm_setup_guest_pvclock(v, &vcpu->pv_time, 0, false);
+
+		vcpu->hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
+	}
+
 #ifdef CONFIG_KVM_XEN
 	if (vcpu->xen.vcpu_info_cache.active)
 		kvm_setup_guest_pvclock(v, &vcpu->xen.vcpu_info_cache,
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6F0F14B962
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373926; cv=none;
 b=BI0oOBsWb/THJAs67xlMkUxqk9UUCROuDW6YoGPvFksenOynKBTDYufBVmowQtYXjBtdAeqS2/DMwSDhV1jGVWMapaahwqEPrVOrW9amgF0z+GJgk2yt9n7T/ReFeKTm7/Rff2muVSLk6ZfJ0mtoTpK+q6R95q3lCERahTAEGsY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373926; c=relaxed/simple;
	bh=S0cfkfcvuIT723YoScs3tAnJNc+E1NoNA3KNUZ4zydY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=HT/YD/R1BEZVDvSg13ceRHPkJlcy408jgSTwhrJCRZ29OrCpWs/cBtYhbTdBRWfkCUJNgJZqj0ZtwoYYlSzlkFVPj86Pk8ytpetvJkkugZx/iYrP8679+quMLstX+laBkGK25FMTsiiAk1Fwhcrj505XNrlp85g2CARmjxd2Fe4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=iWbk1Nx7; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="iWbk1Nx7"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-216717543b7so67462925ad.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373924; x=1738978724;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=SqlXkof1Dlk5EqS0bEckGBOreF1G6+rbdQPzOVsecgY=;
        b=iWbk1Nx7O508UiEO7t8Dgh9RTqpAmC8oWhiRPGVgRUp8LfzfTdNm1UgPsoFb89j2j4
         Z7moPpVM4Cmi9OmZxhm6F9soZiCeUsjG0pEYjcYKDCbF6vfRGuhuAbR/+E2Wh/3tdxEc
         8X1qVuIbh3llf7KBmktmhVJN5fsu+h1q9/LPypB4IZZgrMx0GCJq7ATvJoQ4J6dDPoX2
         U/aTgVoFnTcsRAdwbOqUKtwyP0pS+lbR6euXlebXSTRU1PTuCOJQHvQa5JjQEoCIttri
         x6TKlMQ6A8anLp5yEQqmQXNj53NS87ceFdGLniCUEZcDWUdyCmcqxZKR89urm0SDyaN2
         fcMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373924; x=1738978724;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=SqlXkof1Dlk5EqS0bEckGBOreF1G6+rbdQPzOVsecgY=;
        b=H5t6hNsbwzcEuu5OKmwCStu0+7t/l82agcwHTBqpHCYp3pGy9ZYYjnpZ37RnFP93CB
         EJq+1OlH1hiYSw7DJwqshC0d6RiouQeZbSPEJea8UHHjq09wM+eHR4cUthS6YRk3KRYv
         higj/7dmjsEXXO+GWgrwB+L/9gEoTpx828/61y9tw/fEJy3NSUFqYn5GtOr7YhHVtKKE
         y5cQmP5j21GjlgYVksDWJ0kWiThi2qZnaBCWtR0TnByjXK3Otyz4J+BAthdPqioK8zJp
         KjCeENr5+oVVgPGdSnJsTzRmUhETC4k6ZYTDDmUYQRrk5TUOU8I/pehQHvxA7iA9Ix5F
         ZSUg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVM9KRjhZLTU1AXUmdlbn6mgWBK2KaYiLYFuAD61YAeHl0yGZywf44G2DFp4s4DTjeswwOozfbbxldSBkw=@vger.kernel.org
X-Gm-Message-State: AOJu0YzW95ENGjZvHMg/vh1/2f/DgRom1FujtY2qGz6Jqplffb6DchM7
	CEsM7RPTfYmjPQZLRQHisuM2rtQpiLUyzx7hrOBz4s/bMAc/8e80QddNSZ2F35apoafJHVnhbTJ
	ybQ==
X-Google-Smtp-Source: 
 AGHT+IFNf5S0vTL27XQUYWusQWzi4oXLJZ2sw5QHFsmsRqLpME4oOPmWgN3SSRp50OLDEWb6ANqX8m4TZdQ=
X-Received: from plek12.prod.google.com ([2002:a17:903:450c:b0:21b:d402:6f93])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:e751:b0:216:4d1f:5c83
 with SMTP id d9443c01a7336-21dd7de1c73mr200004905ad.47.1738373924151; Fri, 31
 Jan 2025 17:38:44 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:24 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-9-seanjc@google.com>
Subject: [PATCH v2 08/11] KVM: x86: Pass reference pvclock as a param to
 kvm_setup_guest_pvclock()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Pass the reference pvclock structure that's used to setup each individual
pvclock as a parameter to kvm_setup_guest_pvclock() as a preparatory step
toward removing kvm_vcpu_arch.hv_clock.

No functional change intended.

Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5f3ad13a8ac7..06d27b3cc207 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3116,17 +3116,17 @@ u64 get_kvmclock_ns(struct kvm *kvm)
 	return data.clock;
 }
=20
-static void kvm_setup_guest_pvclock(struct kvm_vcpu *v,
+static void kvm_setup_guest_pvclock(struct pvclock_vcpu_time_info *ref_hv_=
clock,
+				    struct kvm_vcpu *vcpu,
 				    struct gfn_to_pfn_cache *gpc,
 				    unsigned int offset,
 				    bool force_tsc_unstable)
 {
-	struct kvm_vcpu_arch *vcpu =3D &v->arch;
 	struct pvclock_vcpu_time_info *guest_hv_clock;
 	struct pvclock_vcpu_time_info hv_clock;
 	unsigned long flags;
=20
-	memcpy(&hv_clock, &vcpu->hv_clock, sizeof(hv_clock));
+	memcpy(&hv_clock, ref_hv_clock, sizeof(hv_clock));
=20
 	read_lock_irqsave(&gpc->lock, flags);
 	while (!kvm_gpc_check(gpc, offset + sizeof(*guest_hv_clock))) {
@@ -3165,7 +3165,7 @@ static void kvm_setup_guest_pvclock(struct kvm_vcpu *=
v,
 	kvm_gpc_mark_dirty_in_slot(gpc);
 	read_unlock_irqrestore(&gpc->lock, flags);
=20
-	trace_kvm_pvclock_update(v->vcpu_id, &hv_clock);
+	trace_kvm_pvclock_update(vcpu->vcpu_id, &hv_clock);
 }
=20
 static int kvm_guest_time_update(struct kvm_vcpu *v)
@@ -3272,18 +3272,18 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 			vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
 			vcpu->pvclock_set_guest_stopped_request =3D false;
 		}
-		kvm_setup_guest_pvclock(v, &vcpu->pv_time, 0, false);
+		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->pv_time, 0, false);
=20
 		vcpu->hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
 	}
=20
 #ifdef CONFIG_KVM_XEN
 	if (vcpu->xen.vcpu_info_cache.active)
-		kvm_setup_guest_pvclock(v, &vcpu->xen.vcpu_info_cache,
+		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->xen.vcpu_info_cache,
 					offsetof(struct compat_vcpu_info, time),
 					xen_pvclock_tsc_unstable);
 	if (vcpu->xen.vcpu_time_info_cache.active)
-		kvm_setup_guest_pvclock(v, &vcpu->xen.vcpu_time_info_cache, 0,
+		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->xen.vcpu_time_info_ca=
che, 0,
 					xen_pvclock_tsc_unstable);
 #endif
 	kvm_hv_setup_tsc_page(v->kvm, &vcpu->hv_clock);
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6BFE154C07
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373928; cv=none;
 b=gWc3hTzfB3PmUsS1e7PsB4zX8Amw/t2VMwq0GpPYqDdBhuYVXZCkMBJFW3CqZqzndMisvAV57t2cZbc1qRbG0AxMFwwkyrRmM5dZxD/ciJ4p+TtIDFhNYwF6Aq7YNBd7SQBeUOTkCpYWzDrMLPdtw8LqfrsNoPF2kDORFnjRI1g=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373928; c=relaxed/simple;
	bh=j8Js95XQEzrpga5pnx540RrGXnEndIOKuhZHKerCpxs=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=JfV0mr8lh/h9dtbvW8J5kCqw86vUistyFv9pJks3oXy2jMqjBJoS8rvE7rIqOrLF7mmrMBqfuzhwNfbr9qPK2wuBqKkqy+3fjCSrIKTrOSEwz2pxraMPXrTIUDVvVMMO8Ih8EhpYbKUhRNjhbpAWG+QPkpUD7VI+CysZmEmd8A0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=NHwhjkDg; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="NHwhjkDg"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-216728b170cso54328235ad.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373926; x=1738978726;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=Fbz8COXaILE+Zu9vgExhJVrHHfmOCqlJc8Vvcis5s3s=;
        b=NHwhjkDg6n5Ju2/G7HLOQPs2i10IwIuE3x/w1bvABbxOUYbAXSuEP6ERU88cXEBNZN
         Q2eA3RdXoQMOfFQ/1A3avuWvLWuYyJZBvf786rlCX6GCrVhGjPwrYpoEiF0XVCMZFeZz
         plxF6e+Wz3tPgFPH8BDmMvZFq13iKC2/07LQiO5TtzMoPEBK/4wcJ555jebd7OVfnRdg
         O0n2bqeKoslL/aFQhLm9kHvYdBPcpuw/dslbTs3ZYNvYz+yB0uKA1HT0wVbmFo1jznG+
         ZHceBroIPrjYGFOagrB1LO6mcBJ3usk2XIV59reWoe9N6+SMEnd9Q7f3nI3JL3IQ8N8l
         IMLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373926; x=1738978726;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Fbz8COXaILE+Zu9vgExhJVrHHfmOCqlJc8Vvcis5s3s=;
        b=bEBlSuAyzICO2osF3Jza2clQOHXTQAlPxHSN/ktrPnW/2wCv/HM8MYJzi2IXycJ6mQ
         UMlo4r56LXnbrzI3Qc8pP8JHedtvjETwZibL/VXODMg/eJBOeJNAvsKaOO5yY0O3zxoU
         shs5cG4HTcEmIthf23cVgrpc+5izLHdSRJS7oz2a/3yreEX6yvIF1pxKILv7VaG1dp7N
         GyzxSO5Bq9EryBzH/lsKZgDDrkx5lpZjviWqx0uvQqMeubtTm+8LtLwWH1BoFmwwC/PS
         SNk+MD6asa0X3yEDNuzsLU0lE0uUDeFFBZfWJC1F2Lh3OFmwlVrx955crrdCeZX3t5Hl
         fFkA==
X-Forwarded-Encrypted: i=1;
 AJvYcCVehPyBV02ZYvScAxwfwaq7hudZeqHxVV+3ULZo0O9mE9soXUoWt4oVBsHt1q+Z6fGrNwoBRUAfQowoFp8=@vger.kernel.org
X-Gm-Message-State: AOJu0YzfcZdeGTpySlSy8+aFbWlBcunxAEm7NL33/J/X8NEBxfvOxSO0
	Z9CyepS0ENlDt19jIWyhSJenjDBL8BQa4pXnyioLRo5smfAioWr9ACh93SSRhWnTNJI4EJuRKSM
	d5g==
X-Google-Smtp-Source: 
 AGHT+IHyOOvgOUd5ePqbx3wTCArkQB9CqfpCQFadR4WVsKJKE5kfN8eBoKsb5IwVtZLwZD0aa8eEyPtUgPA=
X-Received: from pgey24.prod.google.com ([2002:a63:b518:0:b0:7fd:483d:9d10])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:d48d:b0:1d9:c615:d1e6
 with SMTP id adf61e73a8af0-1ed7a4095a8mr21239963637.0.1738373926016; Fri, 31
 Jan 2025 17:38:46 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:25 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-10-seanjc@google.com>
Subject: [PATCH v2 09/11] KVM: x86: Remove per-vCPU "cache" of its reference
 pvclock
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Remove the per-vCPU "cache" of the reference pvclock and instead cache
only the TSC shift+multiplier.  All other fields in pvclock are fully
recomputed by kvm_guest_time_update(), i.e. aren't actually persisted.

In addition to shaving a few bytes, explicitly tracking the TSC shift/mul
fields makes it easier to see that those fields are tied to hw_tsc_khz
(they exist to avoid having to do expensive math in the common case).
And conversely, not tracking the other fields makes it easier to see that
things like the version number are pulled from the guest's copy, not from
KVM's reference.

Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm_host.h |  3 ++-
 arch/x86/kvm/x86.c              | 27 +++++++++++++++------------
 arch/x86/kvm/xen.c              |  8 ++++----
 3 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos=
t.h
index 5193c3dfbce1..80ce1fc9fcb7 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -900,7 +900,8 @@ struct kvm_vcpu_arch {
 	int (*complete_userspace_io)(struct kvm_vcpu *vcpu);
=20
 	gpa_t time;
-	struct pvclock_vcpu_time_info hv_clock;
+	s8  pvclock_tsc_shift;
+	u32 pvclock_tsc_mul;
 	unsigned int hw_tsc_khz;
 	struct gfn_to_pfn_cache pv_time;
 	/* set guest stopped flag in pvclock flags field */
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 06d27b3cc207..9eabd70891dd 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3170,6 +3170,7 @@ static void kvm_setup_guest_pvclock(struct pvclock_vc=
pu_time_info *ref_hv_clock,
=20
 static int kvm_guest_time_update(struct kvm_vcpu *v)
 {
+	struct pvclock_vcpu_time_info hv_clock =3D {};
 	unsigned long flags, tgt_tsc_khz;
 	unsigned seq;
 	struct kvm_vcpu_arch *vcpu =3D &v->arch;
@@ -3247,20 +3248,22 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
=20
 	if (unlikely(vcpu->hw_tsc_khz !=3D tgt_tsc_khz)) {
 		kvm_get_time_scale(NSEC_PER_SEC, tgt_tsc_khz * 1000LL,
-				   &vcpu->hv_clock.tsc_shift,
-				   &vcpu->hv_clock.tsc_to_system_mul);
+				   &vcpu->pvclock_tsc_shift,
+				   &vcpu->pvclock_tsc_mul);
 		vcpu->hw_tsc_khz =3D tgt_tsc_khz;
 		kvm_xen_update_tsc_info(v);
 	}
=20
-	vcpu->hv_clock.tsc_timestamp =3D tsc_timestamp;
-	vcpu->hv_clock.system_time =3D kernel_ns + v->kvm->arch.kvmclock_offset;
+	hv_clock.tsc_shift =3D vcpu->pvclock_tsc_shift;
+	hv_clock.tsc_to_system_mul =3D vcpu->pvclock_tsc_mul;
+	hv_clock.tsc_timestamp =3D tsc_timestamp;
+	hv_clock.system_time =3D kernel_ns + v->kvm->arch.kvmclock_offset;
 	vcpu->last_guest_tsc =3D tsc_timestamp;
=20
 	/* If the host uses TSC clocksource, then it is stable */
-	vcpu->hv_clock.flags =3D 0;
+	hv_clock.flags =3D 0;
 	if (use_master_clock)
-		vcpu->hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
+		hv_clock.flags |=3D PVCLOCK_TSC_STABLE_BIT;
=20
 	if (vcpu->pv_time.active) {
 		/*
@@ -3269,24 +3272,24 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 		 * is active/enabled.
 		 */
 		if (vcpu->pvclock_set_guest_stopped_request) {
-			vcpu->hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
+			hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
 			vcpu->pvclock_set_guest_stopped_request =3D false;
 		}
-		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->pv_time, 0, false);
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->pv_time, 0, false);
=20
-		vcpu->hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
+		hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
 	}
=20
 #ifdef CONFIG_KVM_XEN
 	if (vcpu->xen.vcpu_info_cache.active)
-		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->xen.vcpu_info_cache,
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_info_cache,
 					offsetof(struct compat_vcpu_info, time),
 					xen_pvclock_tsc_unstable);
 	if (vcpu->xen.vcpu_time_info_cache.active)
-		kvm_setup_guest_pvclock(&vcpu->hv_clock, v, &vcpu->xen.vcpu_time_info_ca=
che, 0,
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_time_info_cache, 0,
 					xen_pvclock_tsc_unstable);
 #endif
-	kvm_hv_setup_tsc_page(v->kvm, &vcpu->hv_clock);
+	kvm_hv_setup_tsc_page(v->kvm, &hv_clock);
 	return 0;
 }
=20
diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
index 300a79f1fae5..2801c7bcc2ef 100644
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -176,8 +176,8 @@ static int xen_get_guest_pvclock(struct kvm_vcpu *vcpu,
 	 * Sanity check TSC shift+multiplier to verify the guest's view of time
 	 * is more or less consistent.
 	 */
-	if (hv_clock->tsc_shift !=3D vcpu->arch.hv_clock.tsc_shift ||
-	    hv_clock->tsc_to_system_mul !=3D vcpu->arch.hv_clock.tsc_to_system_mu=
l)
+	if (hv_clock->tsc_shift !=3D vcpu->arch.pvclock_tsc_shift ||
+	    hv_clock->tsc_to_system_mul !=3D vcpu->arch.pvclock_tsc_mul)
 		return -EINVAL;
=20
 	return 0;
@@ -2316,8 +2316,8 @@ void kvm_xen_update_tsc_info(struct kvm_vcpu *vcpu)
=20
 	entry =3D kvm_find_cpuid_entry_index(vcpu, function, 1);
 	if (entry) {
-		entry->ecx =3D vcpu->arch.hv_clock.tsc_to_system_mul;
-		entry->edx =3D vcpu->arch.hv_clock.tsc_shift;
+		entry->ecx =3D vcpu->arch.pvclock_tsc_mul;
+		entry->edx =3D vcpu->arch.pvclock_tsc_shift;
 	}
=20
 	entry =3D kvm_find_cpuid_entry_index(vcpu, function, 2);
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63E9615746B
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373929; cv=none;
 b=saDWFOQU1D6MJbpaegDvYZRBy9fwmYzt1f+ZnLyOVU9xrWR0cx0eKPUF6u+5JeNUrJLBU+iPUEQymwL8zUliheO4TUYwUqniyelxJSJFDSPOBRRS5qsi3+TxGAeFNt2rUEVTgvFvQQyjtqBNAr8+zAyBdpfpIkRueOuokiaFSXU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373929; c=relaxed/simple;
	bh=v9H+2tMmNqFAeOpfbgGt/nZWndkG/fhbAY6d0wjp8N4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=YrcKVD1Wd1ujsQo+qfA7mC+HxMNClUtn9oQEsg2ZpO3gWgjVdMPBCO3FmYQmMu3B3IH5qlpPK4aWD0nHJ3xqMbBsY/M1d7weYYmQ2EdFgDk0YhHLR82lB2A4xd579rkXxe7OWdeSjNGxaX4X5ctIlmPdDWsko5llaoZ+SajJXlQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=t0ej3dpj; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="t0ej3dpj"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-2178115051dso56903875ad.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373928; x=1738978728;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=IMAYQckruDa+SPrRiOqDGSNb0t/dgyYc3adSwMI6g+M=;
        b=t0ej3dpjti584ksrWRkhAetjp9cq+Y2yxlydSPG9jPuYcmYYI1E9R1yUAdMelTNhsc
         sX3lNxs6JeFoG/8hZaU0/tm7HyFIIk6boWx12JDB2U5bAFAjZWf28RFF+di035R/LR6v
         /QtdgXUj/S114EmPUmAEqTmIBnjNzZPp7CGqLSE9VHso2tJidBso3XNTyuVOZ9saKXWk
         NF/zYkqRpBlsez8tAOOS9VTL0gfErKPrGXNtmzr4jT8MwjTnC0sJvs1lygxIaQfvajhh
         v1hK4qaVZ7FU3yDczElr6xJ5rR+L4p7Up9cCEtlr8MARjsjK36audKkRzNBbKgvdY21q
         sL6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373928; x=1738978728;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=IMAYQckruDa+SPrRiOqDGSNb0t/dgyYc3adSwMI6g+M=;
        b=FE+Ixlf/uxC7vJ9VrRJgJN2eTriopp424gZY5q3EomAhh4In1ud2cLK21LB3/CPeH0
         ysqTLRE5KlCW0xfI7P+BYqaZsCUI8rWdohueBAXbvRvNbj+orZIB6sGW4/DHUJqVnmGl
         h/CAIOb6efNBcmi3C6qA0r/vtw2h9Ua7Vy9+lF1+SfNh/E+nYzniH0VhfuRB5N8XK1N8
         1dIiNuXUWuJPSAos76b2VjBWIAPnAtVlHT5kfI3cgXi+DD6ynh5BXdmCE4Gm5YOVqHvm
         2VaHl9nXg9ULwCtf9VP43DdN8at4nX68ZqzmZKBPmGRGwW0jpt809H5IDomYExs77BsU
         kGxw==
X-Forwarded-Encrypted: i=1;
 AJvYcCVmHMB4ikwGpdFAEIVGH53cTZJLN64SwnjD3PkQj0Blin9UXwT2QqUAEPCZBTu8mkgJrhvfStyLDRf5hBs=@vger.kernel.org
X-Gm-Message-State: AOJu0YxKdSlUTh3IGmq1QjefBheyr8JNFvbLHMdHedgm5ibfPzTVhxFN
	CnKHP87AzzmnWGjxN81vtHZsRb4sO2qsAkJ3JfyIC8Dq0GJdj0UnQKlcuhRWJ2U9ueh5wv2BqOH
	wbw==
X-Google-Smtp-Source: 
 AGHT+IGH8xQcFoI+aZS/paLcJ3lHOSsoPD/bioCvxQShclhq3Gc+aulVvgApxgkYoQcRJY3B5N26fOk0g0I=
X-Received: from pjvf15.prod.google.com ([2002:a17:90a:da8f:b0:2ea:5fc2:b503])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:dacd:b0:216:50fb:5dfc
 with SMTP id d9443c01a7336-21dd7c3cddemr179335675ad.9.1738373927642; Fri, 31
 Jan 2025 17:38:47 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:26 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-11-seanjc@google.com>
Subject: [PATCH v2 10/11] KVM: x86: Setup Hyper-V TSC page before Xen PV
 clocks (during clock update)
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When updating paravirtual clocks, setup the Hyper-V TSC page before
Xen PV clocks.  This will allow dropping xen_pvclock_tsc_unstable in favor
of simply clearing PVCLOCK_TSC_STABLE_BIT in the reference flags.

Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9eabd70891dd..c68e7f7ba69d 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3280,6 +3280,8 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 		hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
 	}
=20
+	kvm_hv_setup_tsc_page(v->kvm, &hv_clock);
+
 #ifdef CONFIG_KVM_XEN
 	if (vcpu->xen.vcpu_info_cache.active)
 		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_info_cache,
@@ -3289,7 +3291,6 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_time_info_cache, 0,
 					xen_pvclock_tsc_unstable);
 #endif
-	kvm_hv_setup_tsc_page(v->kvm, &hv_clock);
 	return 0;
 }
=20
--=20
2.48.1.362.g079036d154-goog
From nobody Sat Feb  7 23:48:23 2026
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA764180A80
	for <linux-kernel@vger.kernel.org>; Sat,  1 Feb 2025 01:38:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738373931; cv=none;
 b=ADGCgEtIgiW9X5Z+Daao6AViTPlR5gai6d+Efnn/jzA5iSbcyIzkDQcldz3qfTRd8EJYWCURTT8LpeUbg5rItNvLeJdM27K8sVVZRiSQy92WSkhtczhwo7NAUyYUfSIS5G16iv5HeJTYIWaEsljr0UMzbDSYA+vFC4aJK4pdWRg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738373931; c=relaxed/simple;
	bh=k8wxsOE443NggaCrOV7dF04ykNDJ9RadB60SKgkrT5M=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=u/oLdmrKPk+yfcHQXayOG5RLzImBEAdhRFfq7mshYiWAxsjnMKe4VVsZXLGMHrDjg0TQeRHSg02stgjqqAt/1gC3cR3c2DIeP4O+iq+Rj465Q88Z33U3TjYaFpLdSDU1dqgLzBQN8F4fNC2LuoAih81xXfedzvrki55MNDKpS2o=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Wga9SqZU; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Wga9SqZU"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-2166855029eso52064365ad.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 31 Jan 2025 17:38:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1738373929; x=1738978729;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=sE/Rfgm5mvZA9XECaHOz947FprssysVyUkm3w4GqLVg=;
        b=Wga9SqZU9jHACXKmEKMYG9ZiIL35h2Mx2pn+ozdbDB1Jn4FEuiNFj7/CkR5Ffhu6ck
         BWzmgEDRYgnUO7d7F2syKZUtLtjhV3yhKNwMgzcc6j3sI0FioBZpXm5FlwsjOztYZfbB
         yKCaQ/6opHD2FN77tEHOKH0xDtMy/mZZDEDeqX7pWG5h4KQ2YAwInM/GJEx/6Hk6o/rh
         wOyDPkrFIfe0zekCuWODatVmr983UTax/u2J1DrGDiFR5D9KnhbBxok4zI0zTi2HBFTU
         3FDIcvmtUbXjILz8QPNleKwKmgICBJQXh5qe8bb/YbLgbHL82IhQN2evnGATXrgLIIYz
         6Fow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738373929; x=1738978729;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=sE/Rfgm5mvZA9XECaHOz947FprssysVyUkm3w4GqLVg=;
        b=FAp8nOkbJ78uduQbMHF2uxW7+waMlGhzsXLI40xFm4t8P/Zw+UI449Y325KJXHAhNO
         dhYlgVvuuMrHjsAfpU6Ll6ZDKaWuAKE/PC6M7/zeToq/xijjelhcZZ68qCCC/LFfkDuB
         C49IRNnrIbEn+53O7ZTdL5izUK5bJncdh3m5GYAJNzyzM8BAqGAb7WT8bAIHN1nCPXV4
         pFrmAeFDSYihMzZG9dh5Lk6VtmwZEW7PVjxrWrePUoUvQKKbbdOnSguSqTQgHJkdeH82
         Xi0W1GRRyEEavWteSysV7XcJBPElArF/Woig5sSTWbHyMdn5HkSonPo+0NGiy63QuPlC
         3iLA==
X-Forwarded-Encrypted: i=1;
 AJvYcCX1EnngQS+0tBbc85ua2OPySP0Q/YA/T1+81zKff/Lu7MVfn+QYVnf6sVvgtECDwA7dl0d8nQP0K1tqrWA=@vger.kernel.org
X-Gm-Message-State: AOJu0Yxr+HpFKtBjGz56nmpEnZN4ZSancGo7BK1ZVdH+kkj4OA48s417
	3EqaSqPlQdTBkahNsTH//w27Pz9/5BwGaV/rU6bc2HPRlXm5MKpjeb31uIsJ57bXXmmwkJsc+8G
	lMA==
X-Google-Smtp-Source: 
 AGHT+IHUMlCNgV3o1DxuBhC0GH3ufcaAMDOedqCRUviFnMxqgNjrYr6qtvvaw2bZC0boO+KzbUlr4m6PsiA=
X-Received: from plbld4.prod.google.com ([2002:a17:902:fac4:b0:21c:2d63:f756])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:d542:b0:216:2b14:b625
 with SMTP id d9443c01a7336-21dd7d7f818mr215027835ad.31.1738373929411; Fri, 31
 Jan 2025 17:38:49 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 31 Jan 2025 17:38:27 -0800
In-Reply-To: <20250201013827.680235-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250201013827.680235-1-seanjc@google.com>
X-Mailer: git-send-email 2.48.1.362.g079036d154-goog
Message-ID: <20250201013827.680235-12-seanjc@google.com>
Subject: [PATCH v2 11/11] KVM: x86: Override TSC_STABLE flag for Xen PV clocks
 in kvm_guest_time_update()
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com,
	Paul Durrant <pdurrant@amazon.com>, David Woodhouse <dwmw@amazon.co.uk>,
	Vitaly Kuznetsov <vkuznets@redhat.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When updating PV clocks, handle the Xen-specific UNSTABLE_TSC override in
the main kvm_guest_time_update() by simply clearing PVCLOCK_TSC_STABLE_BIT
in the flags of the reference pvclock structure.  Expand the comment to
(hopefully) make it obvious that Xen clocks need to be processed after all
clocks that care about the TSC_STABLE flag.

No functional change intended.

Cc: Paul Durrant <pdurrant@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/x86.c | 35 +++++++++++++++--------------------
 1 file changed, 15 insertions(+), 20 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index c68e7f7ba69d..065b349a0218 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3119,8 +3119,7 @@ u64 get_kvmclock_ns(struct kvm *kvm)
 static void kvm_setup_guest_pvclock(struct pvclock_vcpu_time_info *ref_hv_=
clock,
 				    struct kvm_vcpu *vcpu,
 				    struct gfn_to_pfn_cache *gpc,
-				    unsigned int offset,
-				    bool force_tsc_unstable)
+				    unsigned int offset)
 {
 	struct pvclock_vcpu_time_info *guest_hv_clock;
 	struct pvclock_vcpu_time_info hv_clock;
@@ -3155,9 +3154,6 @@ static void kvm_setup_guest_pvclock(struct pvclock_vc=
pu_time_info *ref_hv_clock,
=20
 	memcpy(guest_hv_clock, &hv_clock, sizeof(*guest_hv_clock));
=20
-	if (force_tsc_unstable)
-		guest_hv_clock->flags &=3D ~PVCLOCK_TSC_STABLE_BIT;
-
 	smp_wmb();
=20
 	guest_hv_clock->version =3D ++hv_clock.version;
@@ -3178,16 +3174,6 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	s64 kernel_ns;
 	u64 tsc_timestamp, host_tsc;
 	bool use_master_clock;
-#ifdef CONFIG_KVM_XEN
-	/*
-	 * For Xen guests we may need to override PVCLOCK_TSC_STABLE_BIT as unless
-	 * explicitly told to use TSC as its clocksource Xen will not set this bi=
t.
-	 * This default behaviour led to bugs in some guest kernels which cause
-	 * problems if they observe PVCLOCK_TSC_STABLE_BIT in the pvclock flags.
-	 */
-	bool xen_pvclock_tsc_unstable =3D
-		ka->xen_hvm_config.flags & KVM_XEN_HVM_CONFIG_PVCLOCK_TSC_UNSTABLE;
-#endif
=20
 	kernel_ns =3D 0;
 	host_tsc =3D 0;
@@ -3275,7 +3261,7 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 			hv_clock.flags |=3D PVCLOCK_GUEST_STOPPED;
 			vcpu->pvclock_set_guest_stopped_request =3D false;
 		}
-		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->pv_time, 0, false);
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->pv_time, 0);
=20
 		hv_clock.flags &=3D ~PVCLOCK_GUEST_STOPPED;
 	}
@@ -3283,13 +3269,22 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
 	kvm_hv_setup_tsc_page(v->kvm, &hv_clock);
=20
 #ifdef CONFIG_KVM_XEN
+	/*
+	 * For Xen guests we may need to override PVCLOCK_TSC_STABLE_BIT as unless
+	 * explicitly told to use TSC as its clocksource Xen will not set this bi=
t.
+	 * This default behaviour led to bugs in some guest kernels which cause
+	 * problems if they observe PVCLOCK_TSC_STABLE_BIT in the pvclock flags.
+	 *
+	 * Note!  Clear TSC_STABLE only for Xen clocks, i.e. the order matters!
+	 */
+	if (ka->xen_hvm_config.flags & KVM_XEN_HVM_CONFIG_PVCLOCK_TSC_UNSTABLE)
+		hv_clock.flags &=3D ~PVCLOCK_TSC_STABLE_BIT;
+
 	if (vcpu->xen.vcpu_info_cache.active)
 		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_info_cache,
-					offsetof(struct compat_vcpu_info, time),
-					xen_pvclock_tsc_unstable);
+					offsetof(struct compat_vcpu_info, time));
 	if (vcpu->xen.vcpu_time_info_cache.active)
-		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_time_info_cache, 0,
-					xen_pvclock_tsc_unstable);
+		kvm_setup_guest_pvclock(&hv_clock, v, &vcpu->xen.vcpu_time_info_cache, 0=
);
 #endif
 	return 0;
 }
--=20
2.48.1.362.g079036d154-goog