1. Patchew
  2. linux
  3. [RFC PATCH v2 00/17] AMD: Add Secure AVIC KVM Support
  4. View patch

[RFC PATCH v2 15/17] KVM: SVM: Check injected timers for Secure AVIC guests

Neeraj Upadhyay posted 17 patches 1 week, 1 day ago
[RFC PATCH v2 15/17] KVM: SVM: Check injected timers for Secure AVIC guests
Posted by Neeraj Upadhyay 1 week, 1 day ago 
The kvm_wait_lapic_expire() function is a pre-VMRUN optimization that
allows a vCPU to wait for an imminent LAPIC timer interrupt. However,
this function is not fully compatible with protected APIC models like
Secure AVIC because it relies on inspecting KVM's software vAPIC state.
For Secure AVIC, the true timer state is hardware-managed and opaque
to KVM. For this reason, kvm_wait_lapic_expire() does not check whether
timer interrupt is injected for the guests which have protected APIC
state.

For the protected APIC guests, the check for injected timer need to be
done by the callers of kvm_wait_lapic_expire(). So, for Secure AVIC
guests, check to be injected vectors in the requested_IRR for injected
timer interrupt before doing a kvm_wait_lapic_expire().

Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
 arch/x86/kvm/svm/sev.c | 8 ++++++++
 arch/x86/kvm/svm/svm.c | 3 ++-
 arch/x86/kvm/svm/svm.h | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 5be2956fb812..3f6cf8d5068a 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -5405,3 +5405,11 @@ bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu)
 	return READ_ONCE(to_svm(vcpu)->sev_savic_has_pending_ipi) ||
 		kvm_apic_has_interrupt(vcpu) != -1;
 }
+
+bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu)
+{
+	u32 reg  = kvm_lapic_get_reg(vcpu->arch.apic, APIC_LVTT);
+	int vec = reg & APIC_VECTOR_MASK;
+
+	return to_svm(vcpu)->vmcb->control.requested_irr[vec / 32] & BIT(vec % 32);
+}
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index a945bc094c1a..d0d972731ea7 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4335,7 +4335,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, u64 run_flags)
 	    vcpu->arch.host_debugctl != svm->vmcb->save.dbgctl)
 		update_debugctlmsr(svm->vmcb->save.dbgctl);
 
-	kvm_wait_lapic_expire(vcpu);
+	if (!sev_savic_active(vcpu->kvm) || sev_savic_timer_int_injected(vcpu))
+		kvm_wait_lapic_expire(vcpu);
 
 	/*
 	 * If this vCPU has touched SPEC_CTRL, restore the guest's value if
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 8043833a1a8c..ecc4ea11822d 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -878,6 +878,7 @@ static inline bool sev_savic_active(struct kvm *kvm)
 }
 void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected);
 bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu);
+bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu);
 #else
 static inline struct page *snp_safe_alloc_page_node(int node, gfp_t gfp)
 {
@@ -917,6 +918,7 @@ static inline struct vmcb_save_area *sev_decrypt_vmsa(struct kvm_vcpu *vcpu)
 static inline void sev_free_decrypted_vmsa(struct kvm_vcpu *vcpu, struct vmcb_save_area *vmsa) {}
 static inline void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected) {}
 static inline bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu) { return false; }
+static inline bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu) { return true; }
 #endif
 
 /* vmenter.S */
-- 
2.34.1
Re: [RFC PATCH v2 15/17] KVM: SVM: Check injected timers for Secure AVIC guests
Posted by Tom Lendacky 1 week, 1 day ago 
On 9/23/25 00:03, Neeraj Upadhyay wrote:
> The kvm_wait_lapic_expire() function is a pre-VMRUN optimization that
> allows a vCPU to wait for an imminent LAPIC timer interrupt. However,
> this function is not fully compatible with protected APIC models like
> Secure AVIC because it relies on inspecting KVM's software vAPIC state.
> For Secure AVIC, the true timer state is hardware-managed and opaque
> to KVM. For this reason, kvm_wait_lapic_expire() does not check whether
> timer interrupt is injected for the guests which have protected APIC
> state.
> 
> For the protected APIC guests, the check for injected timer need to be
> done by the callers of kvm_wait_lapic_expire(). So, for Secure AVIC
> guests, check to be injected vectors in the requested_IRR for injected
> timer interrupt before doing a kvm_wait_lapic_expire().
> 
> Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
> ---
>  arch/x86/kvm/svm/sev.c | 8 ++++++++
>  arch/x86/kvm/svm/svm.c | 3 ++-
>  arch/x86/kvm/svm/svm.h | 2 ++
>  3 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 5be2956fb812..3f6cf8d5068a 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -5405,3 +5405,11 @@ bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu)
>  	return READ_ONCE(to_svm(vcpu)->sev_savic_has_pending_ipi) ||
>  		kvm_apic_has_interrupt(vcpu) != -1;
>  }
> +
> +bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu)
> +{
> +	u32 reg  = kvm_lapic_get_reg(vcpu->arch.apic, APIC_LVTT);

Extra space before the "="

> +	int vec = reg & APIC_VECTOR_MASK;
> +
> +	return to_svm(vcpu)->vmcb->control.requested_irr[vec / 32] & BIT(vec % 32);
> +}
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index a945bc094c1a..d0d972731ea7 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -4335,7 +4335,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, u64 run_flags)
>  	    vcpu->arch.host_debugctl != svm->vmcb->save.dbgctl)
>  		update_debugctlmsr(svm->vmcb->save.dbgctl);
>  
> -	kvm_wait_lapic_expire(vcpu);
> +	if (!sev_savic_active(vcpu->kvm) || sev_savic_timer_int_injected(vcpu))
> +		kvm_wait_lapic_expire(vcpu);
>  
>  	/*
>  	 * If this vCPU has touched SPEC_CTRL, restore the guest's value if
> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> index 8043833a1a8c..ecc4ea11822d 100644
> --- a/arch/x86/kvm/svm/svm.h
> +++ b/arch/x86/kvm/svm/svm.h
> @@ -878,6 +878,7 @@ static inline bool sev_savic_active(struct kvm *kvm)
>  }
>  void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected);
>  bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu);
> +bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu);
>  #else
>  static inline struct page *snp_safe_alloc_page_node(int node, gfp_t gfp)
>  {
> @@ -917,6 +918,7 @@ static inline struct vmcb_save_area *sev_decrypt_vmsa(struct kvm_vcpu *vcpu)
>  static inline void sev_free_decrypted_vmsa(struct kvm_vcpu *vcpu, struct vmcb_save_area *vmsa) {}
>  static inline void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected) {}
>  static inline bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu) { return false; }
> +static inline bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu) { return true; }

Shouldn't this return false? If CONFIG_KVM_AMD_SEV isn't defined, then
sev_savic_active() will always be false and this won't be called anyway.

Thanks,
Tom

>  #endif
>  
>  /* vmenter.S */

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.