From nobody Sat Feb 7 06:21:11 2026 Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E20EF347BC9 for ; Wed, 22 Oct 2025 15:01:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761145298; cv=none; b=bYU5sHBA3AqavFn8neCqNxpBNtuB/Q3ZBDm1dq75N/WdwI8Dh99i/BnCg1w12NLcuGADi7ANEGdoxoZQ8SaiYmCAQ/E85OXGl/awBpTMBltlbcD+P/hEXUnUQ3cnkEZE7XvIdxCteCw6/AB0XFa90sY1r2m5YsjCTUJZtCowwRo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761145298; c=relaxed/simple; bh=HqZK9FK31xUcTHOGeovXnR3k6rsNamjMy9oCewtnq2U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZGMYWxoLYHQ+jUYb3Tmz4/fAqnZjB3XnNwg9p1C+xndJkNVtnKsXyrK8fdYJO9cCs4KMKMdUhsZZcjT28LeW/zywvs1Xw4ItZc9qp1aQ0+ETjIF+WowGNgAA5h3cncQHJO+yrggF0eKUkJ8Y5W6UqrWhPcNJyZSMAlAENjiWOfU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=l5fwJX9L; arc=none smtp.client-ip=209.85.216.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="l5fwJX9L" Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-33082c95fd0so7042863a91.1 for ; Wed, 22 Oct 2025 08:01:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761145296; x=1761750096; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gElp4KIF8VYeQaILzzzMZvdUU8mJFRmHLG+SIVbwPDw=; b=l5fwJX9LEKBO0Kpc8cHohJRGcoLcQP7+clOZtvvn3mTZIAG7PrwnMTaN6bpEFzHR9k Zj3nuKFit7nA22lN9GkCDRKNG2cXO9TfKyFH9xpQ22tZIgQh0SGX2hLc0BeklNtDr3qN SDy9mUocgWUANiwGnA8Bs+Z9bM61siorwPonzjmc8zEXWH6GzcQd0HTFcMSRrX6UcguV b/mqpRRKnYl/lAdbwjgW/XBNT9q3mFwSazdekbiC67VN7/w74HfJ7W9l/HdeRzTSCMzA 1pf1mEWFaxyiUZKuCMBsQ4T8JxiyKSnjxUEaGgJUBtiaHZYJR0eywMYb+3Pbkq82IEla G+xQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761145296; x=1761750096; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gElp4KIF8VYeQaILzzzMZvdUU8mJFRmHLG+SIVbwPDw=; b=teN6qxWpYV2Gk6A2n9Anc5mYipYZAM4gaF/J8IgpiXC/eGpxcnJJhq66r4V3kjWIlx SvjrCiNiUqDuRLreq0Uf27dKsrORaEPhEFhhJu5semtuaXqIy42QNCiElMSGyb8EVR12 d9eyDGSWXZSX0EYzN4EkUuAHQtCGPf2OJIhYpqwbGJ5uB6b1Euoe+1PA4IQPeNG1yG/S AILFvUaGrk2k4PY4hWPz/2UpoTQNMQzY1yKQptLaujvLECSXLa5kniLICgmryBUJvir0 /k9FDyBHOvmSH9cDN9CKBT05pPsDuipBEl98SD5RCaPpERDlLnjLDXGtaeANaTiRxaJX PPUA== X-Forwarded-Encrypted: i=1; AJvYcCXiEuA5Mc0YDm+ZQKu6Miy6wh/aHJsthyhK2EHmUjenHtNLaXkiVMWcgU/P223nMj96/q+JV9GW57hRT8o=@vger.kernel.org X-Gm-Message-State: AOJu0YwBxCafc5gnmENcpnNNTZTQKMD7inm9r/INlV2BKkg5X2uvV6yy u9O/Rw10wpVi4cSnzf9TH87hUrOHnBebpGE/FSBIX0ek1uhtK/2IH7rJ X-Gm-Gg: ASbGncujDpslCuzz2hqdpruPhddzaeSiOHQS8fU3XQY8VWZ7mJeSLNUt+k/RuIxfb6n 0ERnNSoFWC4VCf9Kt0d9XWE5PF9hy9QCnyzmCMDUk58KycILL17Tp/tpk3tgCJONpyRe8u53tQQ 2mkMBXOG9vcVQyFGaytsXblpfxSQHSBv5reIrAAAILpjtKRVXqfzoFcXYRlW1Dp1uiiaiO93jDr u3XONMjKYiiv4X+cHCM91raOhY13xuf4WAlVKX3JJisxp8RB4J/ymWgD9WADEGjEzVk1hp9U4I/ mmkEECzuyLNFoXwzvNdvj3Rr1kFemSpGQQF1dufdEi/ARvrnnM99lZt/unkLkIfM6aJPYq1CAVy wEDN/cE3/dAfB47Fu0731axfcmWOp8uQsN0ryqYu5Qi7EhlX9RZmM/qB03pqHyO84FizJSBgY9W OdZOexcqmnyW+qZ/WHx8zKMFbE3cuzUK/DW1gr/WqwTfNqblM= X-Google-Smtp-Source: AGHT+IEI8NM6eerSg7O9PVoccAbCBDR+/0TZEfc94ERPhhBgd8KxbPs/KdgxDYfPXFvQatu8ZnH43g== X-Received: by 2002:a17:90b:28c4:b0:336:b563:993a with SMTP id 98e67ed59e1d1-33bcf8e72f4mr30503562a91.23.1761145295825; Wed, 22 Oct 2025 08:01:35 -0700 (PDT) Received: from localhost.localdomain ([2408:80e0:41fc:0:8685:174d:2a07:e639]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33e3125a3afsm1973624a91.6.2025.10.22.08.01.27 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Wed, 22 Oct 2025 08:01:35 -0700 (PDT) From: fuqiang wang To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , Maxim Levitsky , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: fuqiang wang , yu chen <33988979@163.com>, dongxu zhang Subject: [PATCH v3 1/2] avoid hv timer fallback to sw timer if delay exceeds period Date: Wed, 22 Oct 2025 23:00:54 +0800 Message-ID: <20251022150055.2531-2-fuqiang.wng@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20251022150055.2531-1-fuqiang.wng@gmail.com> References: <20251022150055.2531-1-fuqiang.wng@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When the guest uses the APIC periodic timer, if the next period has already expired, e.g. due to the period being smaller than the delay in processing the timer, the delta will be negative. nsec_to_cycles() may then convert this delta into an absolute value larger than guest_l1_tsc, resulting in a negative tscdeadline. Since the hv timer supports a maximum bit width of cpu_preemption_timer_multi + 32, this causes the hv timer setup to fail and switch to the sw timer. Moreover, due to the commit 98c25ead5eda ("KVM: VMX: Move preemption timer <=3D> hrtimer dance to common x86"), if the guest is using the sw timer before blocking, it will continue to use the sw timer after being woken up, and will not switch back to the hv timer until the relevant APIC timer register is reprogrammed. Since the periodic timer does not require frequent APIC timer register programming, the guest may continue to use the software timer for an extended period. Fixes: d8f2f498d9ed ("x86/kvm: fix LAPIC timer drift when guest uses period= ic mode") Signed-off-by: fuqiang wang --- arch/x86/kvm/lapic.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 0ae7f913d782..fa07a303767c 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2131,18 +2131,26 @@ static void advance_periodic_target_expiration(stru= ct kvm_lapic *apic) ktime_t delta; =20 /* - * Synchronize both deadlines to the same time source or - * differences in the periods (caused by differences in the - * underlying clocks or numerical approximation errors) will - * cause the two to drift apart over time as the errors - * accumulate. + * Use kernel time as the time source for both deadlines so that they + * stay synchronized. Computing each deadline independently will cause + * the two deadlines to drift apart over time as differences in the + * periods accumulate, e.g. due to differences in the underlying clocks + * or numerical approximation errors. */ apic->lapic_timer.target_expiration =3D ktime_add_ns(apic->lapic_timer.target_expiration, apic->lapic_timer.period); delta =3D ktime_sub(apic->lapic_timer.target_expiration, now); - apic->lapic_timer.tscdeadline =3D kvm_read_l1_tsc(apic->vcpu, tscl) + - nsec_to_cycles(apic->vcpu, delta); + + /* + * Don't adjust the tscdeadline if the next period has already expired, + * e.g. due to software overhead resulting in delays larger than the + * period. Blindly adding a negative delta could cause the deadline to + * become excessively large due to the deadline being an unsigned value. + */ + apic->lapic_timer.tscdeadline =3D kvm_read_l1_tsc(apic->vcpu, tscl); + if (delta > 0) + apic->lapic_timer.tscdeadline +=3D nsec_to_cycles(apic->vcpu, delta); } =20 static void start_sw_period(struct kvm_lapic *apic) --=20 2.47.0 From nobody Sat Feb 7 06:21:11 2026 Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A15C934C138 for ; Wed, 22 Oct 2025 15:01:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761145309; cv=none; b=hnWvZY0gvotfdr4mS2c7ZiWeamDDOk6Kf1FmsaBvdsPsN3q3HTfaVM8x48GwbWSJSRh6Wip0kmpc3fXXX9wxiYI0rZrePIYcJYNGgD0onPTPFcbpVZvWAkz5U0EMHMgrhhFdJjltSEEkQas/7Mr2d+28ce5OzN3fP/gmbiygTAw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761145309; c=relaxed/simple; bh=E3MjY4wrFQgs0Ey0M7VbCGgbgx+qYCvJq22nI6SsagA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PRuYTBphz5GMFucFKPZoy+oHnjownZznUSKGFYpgrJhWTWErB2chDc1SEQgrTHHPtUVW1UwA6Xn6JwJTFLH8dZqs6++3WniCQizeo01sE1PVKpqK2IkaAITjEEdqJxu5c9nDsBTm4DcIKsxpTXnMKTloJhPkoYmlas+anSykOps= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=crd0p7DR; arc=none smtp.client-ip=209.85.210.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="crd0p7DR" Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-782a77b5ec7so6492526b3a.1 for ; Wed, 22 Oct 2025 08:01:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761145307; x=1761750107; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GAEfyzLs6ZfNZyLJabqtuJouEJtYNe8jJBcru5DQddE=; b=crd0p7DRC1Tng3tEWub76YtCUDAkij09uw+6KcBEEkvGAyt95fZX4T4MwDnqId/2BA R0qu1+8lPLRhhJykLhmzG37BTYPsd1GWfuxyyEhNqgLoTF2utlUYf2te7P+Yb5Hj0DB6 XihhBFt8p4MDpA2hZpiksc8FVGfagOk5hVAL6w5MTAss3GvynTqBdWgYvW80TVyPzka2 2YZhxVhaEG4rlBdwaMhRlYYAJVtvMDh4/HFEdA4vG8taJ7gGQ+rDYktVCLeEeny+m8cz pe8YZ/CQRxGnv8RGikPgUS3WH5JSGyRMVv6wD2VQPMMIMv6ahmOdCCsrxZfbKNMo3kf5 gmAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761145307; x=1761750107; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GAEfyzLs6ZfNZyLJabqtuJouEJtYNe8jJBcru5DQddE=; b=tLTZRnsQJg/tXN9GW8ads/wroRjly3ZCwcfQ5UOj2rw0nbOGWSABt0jrCaH/cdqhy8 Qeofqnl2DVUADQJVEsOnn+NrUwwk0NgoU+X7i2ZpuBvVOe8JX2HN7GWeOy0SDLGXRCB6 1q6m3X4RuIb0StPR/Czwgjg7g1ljC1Qi085Dh3BHdISwAY41tN8SLYifyp71rNSXG5Tu KuRO+vAh0D3C6upK8E2MAN1K03v+rA/Na9W5W6kaOffSkz94FxBafr4sfJH5kkJEcMHB wV7u1cwRMaKcXc38O+bwRJGCeHjSrC67HU5oVDV2TtI/013GOqTSnioj0vfSl/+VfGMt 2K9A== X-Forwarded-Encrypted: i=1; AJvYcCWSTw+XoZXq3nFt6Ky10YymbjBrZoeftvIdKZW0dB7rPWye/LO+8gj5RhbdlE9yvfNlhvk9Xwk0wGIGUMs=@vger.kernel.org X-Gm-Message-State: AOJu0YzROoxFZg7uPMcbvudhQamxfxHCt7CYYogK2h2ASpNTDIsq0Mx6 MiPbe1cwYBxWskjz4vvU+AayXJjcOS3VTRw7YH7+yklpyMpho2kyWI3mAvXNInG4wnM= X-Gm-Gg: ASbGnctmZTidfom+SMAQwjFALfWbFX0Vqpmgw9RbjMswB6k/Mw8LvPjZChg8Zf5Gh0m NwMtZAOFGuMSaC+ZPjOeifYsQQI76hkSmExSeQMfA0Jw9tmh6ZSLdr0BMAYoHXqotsqo+AG2lp2 HYUHrLqMDCISxnYtetVZGAhaHtljLBwrzgcROwONklPs2OWFuLec15WP/CuMau1S5UwSZ3P8emV g1OYemyg2vT11dEmxf1dDuYgnum8IxvrwHqO0KJO6nhuMyuJuUNHlJuVIVg4Grlw8csxq/b95AE 7Qnqj/JBcq2DgaIxDmTIxHO5Wz5JysSr1R+Z+Od1xwqQbZrf8p7k/VYKXh0PXn7VCEWAfuzTF8g R7xUHHx9NNqdn6eVoj4KGxTMkMSe8ZfVXiM6lW+Cxfyar6RP3Jd5eZaaxpgp3krOwgAAQLclZYw 3YqSbJDclI67UvGSZL4ap2sg+TSNSCCXDiZPbTIz2BZsfUMjXG+TB/u2fIIA== X-Google-Smtp-Source: AGHT+IGrUnu0OE0MYMOGdRgAiyJXuUcaG4uPEeJasZ3TUiI7e1KAHvPHOFWaSXc9Do7+EcDyuK5f7Q== X-Received: by 2002:a17:902:e5cf:b0:290:a32b:9095 with SMTP id d9443c01a7336-290cb7567fdmr293829075ad.54.1761145306436; Wed, 22 Oct 2025 08:01:46 -0700 (PDT) Received: from localhost.localdomain ([2408:80e0:41fc:0:8685:174d:2a07:e639]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33e3125a3afsm1973624a91.6.2025.10.22.08.01.38 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Wed, 22 Oct 2025 08:01:45 -0700 (PDT) From: fuqiang wang To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , Maxim Levitsky , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: fuqiang wang , yu chen <33988979@163.com>, dongxu zhang Subject: [PATCH v3 2/2] fix hardlockup when waking VM after long suspend Date: Wed, 22 Oct 2025 23:00:55 +0800 Message-ID: <20251022150055.2531-3-fuqiang.wng@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20251022150055.2531-1-fuqiang.wng@gmail.com> References: <20251022150055.2531-1-fuqiang.wng@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When a virtual machine uses the HV timer during suspend, the KVM timer does not advance. Upon waking after a long period, there may be a significant gap between target_expiration and the current time. Since each timer expiration only advances target_expiration by one period, the expiration handler can be invoked repeatedly to catch up. Prior to the previous patch, if the advanced target_expiration remained less than the current time, tscdeadline could be set to a negative value. This would cause HV timer setup to fail and fallback to the SW timer. After switching to SW timer, apic_timer_fn could be repeatedly executed within a single clock interrupt handler, resulting in a hardlockup: NMI watchdog: Watchdog detected hard LOCKUP on cpu 45 ... RIP: 0010:advance_periodic_target_expiration+0x4d/0x80 [kvm] ... RSP: 0018:ff4f88f5d98d8ef0 EFLAGS: 00000046 RAX: fff0103f91be678e RBX: fff0103f91be678e RCX: 00843a7d9e127bcc RDX: 0000000000000002 RSI: 0052ca4003697505 RDI: ff440d5bfbdbd500 RBP: ff440d5956f99200 R08: ff2ff2a42deb6a84 R09: 000000000002a6c0 R10: 0122d794016332b3 R11: 0000000000000000 R12: ff440db1af39cfc0 R13: ff440db1af39cfc0 R14: ffffffffc0d4a560 R15: ff440db1af39d0f8 FS: 00007f04a6ffd700(0000) GS:ff440db1af380000(0000) knlGS:000000e38a3b8= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000d5651feff8 CR3: 000000684e038002 CR4: 0000000000773ee0 PKRU: 55555554 Call Trace: apic_timer_fn+0x31/0x50 [kvm] __hrtimer_run_queues+0x100/0x280 hrtimer_interrupt+0x100/0x210 ? ttwu_do_wakeup+0x19/0x160 smp_apic_timer_interrupt+0x6a/0x130 apic_timer_interrupt+0xf/0x20 With the previous patch applied, HV timer no longer falls back to SW timer. Additionally, while target_expiration is catching up to the current time, the VMX-preemption timer is set to 0 before each VM entry. According to Intel SDM 27.7.4 ("VMX-Preemption Timer"), if the timer has already expired at VM entry, a VM exit occurs before any guest instruction executes. As a result, the guest cannot run instructions during this period and cannot reach vcpu_block() to switch to the SW timer, preventing hardlockup. However, unnecessary repeated catch-ups should still be avoided. Therefore, if the advanced target_expiration is still less than the current time, we immediately catch up to the current time in the handler. Signed-off-by: fuqiang wang --- arch/x86/kvm/lapic.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index fa07a303767c..307e2d6c3450 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2140,17 +2140,25 @@ static void advance_periodic_target_expiration(stru= ct kvm_lapic *apic) apic->lapic_timer.target_expiration =3D ktime_add_ns(apic->lapic_timer.target_expiration, apic->lapic_timer.period); - delta =3D ktime_sub(apic->lapic_timer.target_expiration, now); =20 /* - * Don't adjust the tscdeadline if the next period has already expired, - * e.g. due to software overhead resulting in delays larger than the - * period. Blindly adding a negative delta could cause the deadline to - * become excessively large due to the deadline being an unsigned value. + * When the vm is suspend, the hv timer also stops advancing. After it + * is resumed, this may result in a large delta. If the + * target_expiration only advances by one period each time, it will + * cause KVM to frequently handle timer expirations. */ + if (apic->lapic_timer.period > 0 && + ktime_before(apic->lapic_timer.target_expiration, now)) + apic->lapic_timer.target_expiration =3D now; + + delta =3D ktime_sub(apic->lapic_timer.target_expiration, now); apic->lapic_timer.tscdeadline =3D kvm_read_l1_tsc(apic->vcpu, tscl); - if (delta > 0) - apic->lapic_timer.tscdeadline +=3D nsec_to_cycles(apic->vcpu, delta); + /* + * Note: delta must not be negative. Otherwise, blindly adding a + * negative delta could cause the deadline to become excessively large + * due to the deadline being an unsigned value. + */ + apic->lapic_timer.tscdeadline +=3D nsec_to_cycles(apic->vcpu, delta); } =20 static void start_sw_period(struct kvm_lapic *apic) @@ -2980,7 +2988,7 @@ static enum hrtimer_restart apic_timer_fn(struct hrti= mer *data) =20 if (lapic_is_periodic(apic)) { advance_periodic_target_expiration(apic); - hrtimer_add_expires_ns(&ktimer->timer, ktimer->period); + hrtimer_set_expires(&ktimer->timer, ktimer->target_expiration); return HRTIMER_RESTART; } else return HRTIMER_NORESTART; --=20 2.47.0