From nobody Sun Feb 8 03:58:33 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F203032252E for ; Thu, 13 Nov 2025 20:51:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763067081; cv=none; b=jHeIqWPhQAXnYFe+pfee4pGXlmmUA5YEAB43t3N5nijUTEz/S6IJKtNXkrGPEiF7XG0jV5b7rFYeD0cpShhMzWMJMzDunPQRfN/ExAEEfad2atu6HsdCr4MpemTRdHqebrW38lDMmGzFAxseQ1QwpnTXYW2ahl9qK76tkqJvw4k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763067081; c=relaxed/simple; bh=Vf3uSzJxbcyxYL4gFf/C72FnMzhTr6uR25r04d1TBGk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ktIluuWWe/sh8w+/4FSUImr7cNIp2KUgBmrSLjs88xwnc3qQsTosYuX+UjmYcef5WA607RCWaM9padZCQdvf7/WY32X1fntDjcqG2a8bvX4gGUUdI7lwDC7sk2nSwZBsu/H702M9SjW/x8vswbyku+cUG6nsl2TZIHyemPiVuD8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Vz1ZpVCY; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Vz1ZpVCY" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-340bb1bf12aso3055509a91.1 for ; Thu, 13 Nov 2025 12:51:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1763067079; x=1763671879; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=2S2xbMUFn2UUxymTDK244231LhDPBAgc++LRYyMCXcc=; b=Vz1ZpVCYl0ehQREEva6QHDlVEj5Xg2fQWza5UDiQvcgVvhzOccsEthXq3sEVyN81kR lMwhoiyUKrfFWTE93cXVwEv6XCc/8jHrMKtknNlV7mybCof0RzoqLWuZcPNelBZxTLVc huxrhHEovC7uPzFtTp4IHXqKqcR307iD3aAi+Ci+egxFmQa4hI2SV/a2EdH+UCprYUz4 o6rNDEeLnsmxFOHh0W0mdReC/bu4qbTP2Q6b/ZKN3htN3/Tgb4rZPFtpztBGcgx+TPb0 Wb5VR3uLsFGScxRox92adUk5MlCOFGKjV8Nu7wBMfpueWghxwEuPQrFggX2CP3TJxoyL Az7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763067079; x=1763671879; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2S2xbMUFn2UUxymTDK244231LhDPBAgc++LRYyMCXcc=; b=wijys/WBapwveIzrusdd0hqV71eknMrJchEmQYn+OLekluLR/aQB4+jiGnjb7WWbvR tnNCRqJAyzer2awjJHX3svHdPZJ6+eEXlP0ADLBrGrZz63MaBufMOaajQq12Ind+8qwV cs4ENWNjDuGZob+/XWDxdlyOuOQagLojf96z9vnharf9VV1E/qRkjrWRlJa2vHosNBKc VgMq7OrjAC90ax+2AtxGkeUm9SiDXAVyut1YXIRz78G869HVSAo7SAEAz5XeqljtW2An Pm2l49H2/80PgrzNTA1+cV7HEqv2phzL2O6b36kQlqCkzrAO9oR/MI+2Q4E0oW8gRiPc wCSw== X-Forwarded-Encrypted: i=1; AJvYcCW6L+TIv+zv97IkuIAtwBUR7yORB0FPWuIwzOXX4un42Ph53vCKSfDc/CeqeOSrvwFxwn/FHVEynvNyUXA=@vger.kernel.org X-Gm-Message-State: AOJu0YzyTJRocj9NkKtuQCzWzyt6Fd4H0RNZOFb3cfjDUYuDg1JCErJ7 /arwPnsAM3Yu4GgTMuUiwptIgB8jK/d42fvm22NzGQbzAlw7moN+7LNJSiEMgef2Ilcs+2JvC9o /bc8GIg== X-Google-Smtp-Source: AGHT+IGVAzpCiBUlqayaEcwV9yPwrMMcLoBK/HBvd8DKQ/dh06UxA07ygYJfrejiXAPWfmyV/Ib0nnpELwY= X-Received: from pfbhh7.prod.google.com ([2002:a05:6a00:8687:b0:77f:5efe:2d71]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:33a1:b0:34f:99ce:4c48 with SMTP id adf61e73a8af0-35ba1d9acd7mr1276932637.42.1763067079096; Thu, 13 Nov 2025 12:51:19 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 13 Nov 2025 12:51:11 -0800 In-Reply-To: <20251113205114.1647493-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251113205114.1647493-1-seanjc@google.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog Message-ID: <20251113205114.1647493-2-seanjc@google.com> Subject: [PATCH v6 1/4] KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, fuqiang wang Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" WARN and don't restart the hrtimer if KVM's callback runs with the guest's APIC timer in periodic mode but with a period of '0', as not advancing the hrtimer's deadline would put the CPU into an infinite loop of hrtimer events. Observing a period of '0' should be impossible, even when the hrtimer is running on a different CPU than the vCPU, as KVM is supposed to cancel the hrtimer before changing (or zeroing) the period, e.g. when switching from periodic to one-shot. Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/lapic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 0ae7f913d782..78b74ba17592 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2970,7 +2970,7 @@ static enum hrtimer_restart apic_timer_fn(struct hrti= mer *data) =20 apic_timer_expired(apic, true); =20 - if (lapic_is_periodic(apic)) { + if (lapic_is_periodic(apic) && !WARN_ON_ONCE(!apic->lapic_timer.period)) { advance_periodic_target_expiration(apic); hrtimer_add_expires_ns(&ktimer->timer, ktimer->period); return HRTIMER_RESTART; --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Sun Feb 8 03:58:33 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 85031322DD1 for ; Thu, 13 Nov 2025 20:51:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763067083; cv=none; b=t2nx5rNPzqiMLI5K01mSzHdAhIgK620NS5Cgm3AYrIo9lq/b7DdCBwGGWB6DowOm3rbprdOO2F4s6lPF0ouS9hiGSpWKHuZm+G1IyS3OsCeDSRdJgAX5Q++F/ln2hg10qNkwZEaqHBl81Omgf0bpmb2/qkXE6cJlm7ElyYEmPNM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763067083; c=relaxed/simple; bh=eRxbYe0kdGcrEUUzVBzWT3I5r2UPd2pYTMvZwRdDYDE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XQoOfrWfF8sCmVr7cJSGQpQgAbvOLpdC5JvsgSdGWvgmmyuJHhUmbDJUXmYCNPeCLbZfHftSCWm1dVQVS57AuKP3F6Wp9rTRNSOTj+HFpADUh9lyAFIhLEnoL8lDKCa5nTldDt0kS94+EssSNLYQOmj5yLAI69DS0ftEnd+MD8A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=S2WOwPl4; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="S2WOwPl4" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-343daf0f38aso1566380a91.3 for ; Thu, 13 Nov 2025 12:51:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1763067081; x=1763671881; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ejzuboDQw4w6apP9VylzMSB0PpTSFQoCGewPZ8H3aC4=; b=S2WOwPl4funA8D19HbpXcxxTMwQvggXHddqKq901H+DOtDdR+If4H68JmnGQKbwL4F tEzzhsc/F3zlpzyyoYD7PNyGGsQMCp5Ho02RoAIMAAwFQQtbTuISWsb+6a+mmITuHMZY H8KByCEf2hILyygXmnXnJqD9TPbFtwviPAhfi/gEbQI2RyEsviSD1O82cai4x+BY0XSX nRHhoCzz7uEK3xwgb9ZjCXoFhX7S/Q32fqtrLuXRuSjqLIjxwtsrEPRJWh+xfEHh/Pt6 sXYh+WbV0tUVrnTvD95waL7Jv2U2FUs+6YDssXGrIU3OzxLd4XJrbHp9eENw2ea2PJPu 4PZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763067081; x=1763671881; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ejzuboDQw4w6apP9VylzMSB0PpTSFQoCGewPZ8H3aC4=; b=WjX3CKYCZnT/fEFS5xGY0QTF2NfdeNFkzm66itf+2n2E1bGlSFSKxyETtmcjrNYvCU fjBLKWUA9LM5zDJsxR/LuND4uLXeCUCK7tFHJFWl41i2TqJAVqcM0ET4D8rOygAXHMKX LBbvEFRs2aHRN/XhP06PzvlNra3JQToIJSk62c65Cb/+kd5IVOzevGtsBU6P5osalqUc bNvYD73yo4FtOvb57yhNksCrjoHCOTW5syO/nFuhpZrd0VAczLQ/l8FVZrPwVXC7O5LF 5RHwZXBjFjHegqRvYbavq2ZW7KRpp0irAfocpXeJCcFZXx3slKrzf9Zkv7+HZHVSqZ0e OXgg== X-Forwarded-Encrypted: i=1; AJvYcCUSIlcVvaU3z7nifZqdYQODLEJee/stC26K3FaCiI0MI0bSqE5yebYoMp5Iiq0S+Uvq4RvA95VxhStxcM8=@vger.kernel.org X-Gm-Message-State: AOJu0YyG3cWbDrWowbr68PBjCgXh2GGQFgymFH4wKd6qrdNNonZxp7ni 95YvzCymR0796PhwehJLYMx1+YZgehfEDZbsAHEMwPIE7iul4y85Et/R9ZkLqAe0E3qlewzA13d fLPqQxA== X-Google-Smtp-Source: AGHT+IE3TMMnlHBn6B8nmXmxM49hbBVHnKcvO72C9SKjgOi/6oqv7jleyJZlT7nXdmHE1UQkaFzpJLxKqGI= X-Received: from pjbnk9.prod.google.com ([2002:a17:90b:1949:b0:343:7133:ea30]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2890:b0:340:bb5c:7dd7 with SMTP id 98e67ed59e1d1-343f9e92771mr605020a91.5.1763067080876; Thu, 13 Nov 2025 12:51:20 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 13 Nov 2025 12:51:12 -0800 In-Reply-To: <20251113205114.1647493-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251113205114.1647493-1-seanjc@google.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog Message-ID: <20251113205114.1647493-3-seanjc@google.com> Subject: [PATCH v6 2/4] KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, fuqiang wang Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: fuqiang wang When restarting an hrtimer to emulate a the guest's APIC timer in periodic mode, explicitly set the expiration using the target expiration computed by advance_periodic_target_expiration() instead of adding the period to the existing timer. This will allow making adjustments to the expiration, e.g. to deal with expirations far in the past, without having to implement the same logic in both advance_periodic_target_expiration() and apic_timer_fn(). Cc: stable@vger.kernel.org Signed-off-by: fuqiang wang [sean: split to separate patch, write changelog] Signed-off-by: Sean Christopherson --- arch/x86/kvm/lapic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 78b74ba17592..a5c927e7bae6 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2972,7 +2972,7 @@ static enum hrtimer_restart apic_timer_fn(struct hrti= mer *data) =20 if (lapic_is_periodic(apic) && !WARN_ON_ONCE(!apic->lapic_timer.period)) { advance_periodic_target_expiration(apic); - hrtimer_add_expires_ns(&ktimer->timer, ktimer->period); + hrtimer_set_expires(&ktimer->timer, ktimer->target_expiration); return HRTIMER_RESTART; } else return HRTIMER_NORESTART; --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Sun Feb 8 03:58:33 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42FE3324703 for ; Thu, 13 Nov 2025 20:51:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763067084; cv=none; b=uviIn2ciy5m7jrLSx5eQQ3snhy1LlZOneGTX19h5V2TAIHVmdqxnr9UKbKBhzX3uVB9yW138IC3AosraOBsCXGD+qvFRTTlW/v77zkLnon/KLDl+YCcevRTn8ZFeOxgwg72as9SwJJ4+W/Faisz5ce/L9LKBmv0alQW3/0W5gjs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763067084; c=relaxed/simple; bh=2qD33DHcfAR1IPtZENaezS1oJEG+r+B9YVEUiZ/LQdc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SiBHQ6eYvUf9aQ3DipZQWAct2yXT9D2OmzIcfFsHhhX2DzvEY03a2UbzN95drDAz2Pdma7aQf27GImLh+FVjqfXLFkSevYBgLxq5RMJyaCSVvK1D6Yl6jyHpqQCQ+yjEnf+KVmuL/mFQEzeKohXGlhiWiaV644MTPOlPJGYlN1Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=wmp9mP/Z; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wmp9mP/Z" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-297f587dc2eso15987545ad.2 for ; Thu, 13 Nov 2025 12:51:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1763067083; x=1763671883; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=iZirwTH1N2dLuDj6J5piWIcXE5UcZVGJnlCfUAfpwcE=; b=wmp9mP/Z2gEla0NL1VSCOODTnn9X+mxt/al5DOT8w2A0YCPnKKy38HGeoXrS0Ihdw6 5vbw5j/gOQhUZ9diK7VRw5Tl5p1YaSi1jlxYg7v1VBFSQuTG0yw5YluGrDAcvOsLAUdk imnJNaoOhkNbOeww8U2qyvCFwHq27lqqi56w/Gv9iiZThFkXNSCPrsJ+hIfSl2qN7kBh +wtdF7n9uRT/34B26/ZqqJFZuWKYA30GNzI7gLGagplohf6e9K/aBz5iCkPvUiR+xNds 3GMuHiVTpjyY90UVl26R2zFA2rG2gKBvxaiviMZBOZ7yekdfCB8jdlF9Jp7WxcoTBxM6 62gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763067083; x=1763671883; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iZirwTH1N2dLuDj6J5piWIcXE5UcZVGJnlCfUAfpwcE=; b=fxLknt29tAFC8DvT6G3Stx//LTeWRLgMAb7QDamGCss1kARv9EJiPx2f1mSlC4yvpu JdZjj8rGg8y3lXY867QJn0F9+PRxM37bpYRc4qw+CypG7AAXveTKV/3JFdbSxa941Mvf ayt8U6aFrpi70EacWXc2EoTuTXe/lbxb1WtU3OCLaBYG/c6bGeGAbY2or29F0rJO2SvD /Xtv2Xg29NN8g1rQGmPuhCrb+7z+OFVpGewqldT0LjIvtLD6XR+K/TtpvfD1TLYQO7uk FDbymVgG+OR0xy7/MMRndsR/MjWlynYm12+UmYpPpjft3j23yba3JZwWEX6KEN4u/LnZ h90A== X-Forwarded-Encrypted: i=1; AJvYcCVMe79vdUnTOhSBKtgZ1YRMhknztH0xJBj52CHZWQen55SIoSJIsKYjX+fZMhnpJyatJZTIJtlwFUPTwSM=@vger.kernel.org X-Gm-Message-State: AOJu0YzLvTPMeYhX+Nfy1OWf/xm8Wv2LLyRrY/qF+8hjIrzw3MmY2r7e BpIgX36qhHHtEN6QKtYJHAyRS7FfAxf1S9DdZGlnHvlahSA0TGUdty2VMjst7wL3a0osiPSJ+gA ny8sDZw== X-Google-Smtp-Source: AGHT+IE/Lrm2iniBx+LCo4pKWDmy4JykLLOGfcbXkvXZxVT09h8YR6ozlvGSkmm8taUBniNnCdHlY+cinsc= X-Received: from plqu16.prod.google.com ([2002:a17:902:a610:b0:290:28e2:ce59]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:2c04:b0:295:b7a3:30e6 with SMTP id d9443c01a7336-2986a6d55c0mr3834675ad.18.1763067082645; Thu, 13 Nov 2025 12:51:22 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 13 Nov 2025 12:51:13 -0800 In-Reply-To: <20251113205114.1647493-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251113205114.1647493-1-seanjc@google.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog Message-ID: <20251113205114.1647493-4-seanjc@google.com> Subject: [PATCH v6 3/4] KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, fuqiang wang Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: fuqiang wang When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past (similar to what is done in update_target_expiration()). Blindly adding the period to the previous target expiration can result in KVM generating a practically unbounded number of hrtimer IRQs due to programming an expired timer over and over. In extreme scenarios, e.g. if userspace pauses/suspends a VM for an extended duration, this can even cause hard lockups in the host. Currently, the bug only affects Intel CPUs when using the hypervisor timer (HV timer), a.k.a. the VMX preemption timer. Unlike the software timer, a.k.a. hrtimer, which KVM keeps running even on exits to userspace, the HV timer only runs while the guest is active. As a result, if the vCPU does not run for an extended duration, there will be a huge gap between the target expiration and the current time the vCPU resumes running. Because the target expiration is incremented by only one period on each timer expiration, this leads to a series of timer expirations occurring rapidly after the vCPU/VM resumes. More critically, when the vCPU first triggers a periodic HV timer expiration after resuming, advancing the expiration by only one period will result in a target expiration in the past. As a result, the delta may be calculated as a negative value. When the delta is converted into an absolute value (tscdeadline is an unsigned u64), the resulting value can overflow what the HV timer is capable of programming. I.e. the large value will exceed the VMX Preemption Timer's maximum bit width of cpu_preemption_timer_multi + 32, and thus cause KVM to switch from the HV timer to the software timer (hrtimers). After switching to the software timer, periodic timer expiration callbacks may be executed consecutively within a single clock interrupt handler, because hrtimers honors KVM's request for an expiration in the past and immediately re-invokes KVM's callback after reprogramming. And because the interrupt handler runs with IRQs disabled, restarting KVM's hrtimer over and over until the target expiration is advanced to "now" can result in a hard lockup. E.g. the following hard lockup was triggered in the host when running a Windows VM (only relevant because it used the APIC timer in periodic mode) after resuming the VM from a long suspend (in the host). NMI watchdog: Watchdog detected hard LOCKUP on cpu 45 ... RIP: 0010:advance_periodic_target_expiration+0x4d/0x80 [kvm] ... RSP: 0018:ff4f88f5d98d8ef0 EFLAGS: 00000046 RAX: fff0103f91be678e RBX: fff0103f91be678e RCX: 00843a7d9e127bcc RDX: 0000000000000002 RSI: 0052ca4003697505 RDI: ff440d5bfbdbd500 RBP: ff440d5956f99200 R08: ff2ff2a42deb6a84 R09: 000000000002a6c0 R10: 0122d794016332b3 R11: 0000000000000000 R12: ff440db1af39cfc0 R13: ff440db1af39cfc0 R14: ffffffffc0d4a560 R15: ff440db1af39d0f8 FS: 00007f04a6ffd700(0000) GS:ff440db1af380000(0000) knlGS:000000e38a3b8= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000d5651feff8 CR3: 000000684e038002 CR4: 0000000000773ee0 PKRU: 55555554 Call Trace: apic_timer_fn+0x31/0x50 [kvm] __hrtimer_run_queues+0x100/0x280 hrtimer_interrupt+0x100/0x210 ? ttwu_do_wakeup+0x19/0x160 smp_apic_timer_interrupt+0x6a/0x130 apic_timer_interrupt+0xf/0x20 Moreover, if the suspend duration of the virtual machine is not long enough to trigger a hard lockup in this scenario, since commit 98c25ead5eda ("KVM: VMX: Move preemption timer <=3D> hrtimer dance to common x86"), KVM will continue using the software timer until the guest reprograms the APIC timer in some way. Since the periodic timer does not require frequent APIC timer register programming, the guest may continue to use the software timer in perpetuity. Fixes: d8f2f498d9ed ("x86/kvm: fix LAPIC timer drift when guest uses period= ic mode") Cc: stable@vger.kernel.org Signed-off-by: fuqiang wang [sean: massage comments and changelog] Signed-off-by: Sean Christopherson --- arch/x86/kvm/lapic.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index a5c927e7bae6..8b6ec3304100 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2131,15 +2131,33 @@ static void advance_periodic_target_expiration(stru= ct kvm_lapic *apic) ktime_t delta; =20 /* - * Synchronize both deadlines to the same time source or - * differences in the periods (caused by differences in the - * underlying clocks or numerical approximation errors) will - * cause the two to drift apart over time as the errors - * accumulate. + * Use kernel time as the time source for both the hrtimer deadline and + * TSC-based deadline so that they stay synchronized. Computing each + * deadline independently will cause the two deadlines to drift apart + * over time as differences in the periods accumulate, e.g. due to + * differences in the underlying clocks or numerical approximation errors. */ apic->lapic_timer.target_expiration =3D ktime_add_ns(apic->lapic_timer.target_expiration, apic->lapic_timer.period); + + /* + * If the new expiration is in the past, e.g. because userspace stopped + * running the VM for an extended duration, then force the expiration + * to "now" and don't try to play catch-up with the missed events. KVM + * will only deliver a single interrupt regardless of how many events + * are pending, i.e. restarting the timer with an expiration in the + * past will do nothing more than waste host cycles, and can even lead + * to a hard lockup in extreme cases. + */ + if (ktime_before(apic->lapic_timer.target_expiration, now)) + apic->lapic_timer.target_expiration =3D now; + + /* + * Note, ensuring the expiration isn't in the past also prevents delta + * from going negative, which could cause the TSC deadline to become + * excessively large due to it an unsigned value. + */ delta =3D ktime_sub(apic->lapic_timer.target_expiration, now); apic->lapic_timer.tscdeadline =3D kvm_read_l1_tsc(apic->vcpu, tscl) + nsec_to_cycles(apic->vcpu, delta); --=20 2.52.0.rc1.455.g30608eb744-goog From nobody Sun Feb 8 03:58:33 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3507332277B for ; Thu, 13 Nov 2025 20:51:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763067086; cv=none; b=VDMBkyFJPH0dA6HECKs0tdvsMWUXaKsATA3NfGHvMbzZsxSyQTKyYQQgiMl4nF2nBJ8k3vbIsDvNueVB9f3/WcIfUAATWhh8QwOscdRJ7TsKEQGGL0iAHhFpzeChvb7L3OLSD0N7Bzgf8QIjJTAsQaiWSML7a3fpRXZtcNwu+aU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763067086; c=relaxed/simple; bh=eAhyJbLqUXlwQlucntSBQU+UA5T0/Z2bvA4Pjea03G0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ivY/hzs25JHbgeWW3W41G9ej2gnt0NdnuEW1RVfNqHpCDWkkMsaNp3uv2r6nn55MLabHC2j7uDIiJDxhSi2Hte0IRPQS3Jomg6fBKNEutNuLqj2Hi4lS5qoCGaUz02edvK3FdY2dT4qJDNQ/zmq/IbFkmtPNN+1D4XGGSKF4qUQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=B0MPILvC; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="B0MPILvC" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-29846a9efa5so30409525ad.0 for ; Thu, 13 Nov 2025 12:51:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1763067084; x=1763671884; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=C7fYJA4HWXsvtk3lehp2/p12kOlA15qEdCD6I2JDssg=; b=B0MPILvC44cJuscNyamdQu+kKF0fqGhkMkip9WS7b0do7Hm+0CRS87MfZgAYJqdzgB 1ZqORR7WMPmtMrhCP+LsHR5RDtXEJBpU5iSkjhHy6o9TwnHsVzDazwCX5aYkZ8wGCMEl gnxkk/m5DPadMK3CsMrlgaMpqDrSAmxrybiey/qcbaYIAmIcpmGmw9xmq1aNozNIHvtW Vf2r6dBJRhXq/+0PvcYu1D51z4M8oNt2MQcQjQgssYuwa6u4xjo4UtXQqd9n8Fc1yJu2 aE5+QN0UomNpOJiuGTDJm8i1dv0mHEVBAYUCIeRxAbaG17Xx6DEcNp+zbCe1FSggjtYJ bS+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763067084; x=1763671884; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=C7fYJA4HWXsvtk3lehp2/p12kOlA15qEdCD6I2JDssg=; b=a4Beayfrz4Mp3hCavkKOfM9hu+I9SUgqNJCfdZpNAwM63e4igmFDYutWIvXA2poPj5 +bRqzvJhxkD+qT2RXPmEltYwE/0mRKGzK+XG7OUETYqU1GXfey345TOiuu2wZvTFVEZf MFJwHZBt5BalzJVacrTivapQGXsslfqv2azUqIV12Rk85J4rL2Xfptv14GJlh2JLmLZB yFS+CQs/kUe13NGdOgih8SwrfpL8prQr3goolnfpG6+/wnqn7NRTbrxn+cjrvL2ctPyA Fry3pq6X5Wc+Fvvxn8CutmsgkYhnToArGBpwoXHi7iqUGTpY78wQZxjd9Oq6j179Yw5c OFaw== X-Forwarded-Encrypted: i=1; AJvYcCWQ+cMkt6F/KZNmTwbp6pZZldy8emq+vQqpA5Y0JNZKRRUyWKeReYn1N8nF9wmuMNr3pyPcIpA0nGVQNR0=@vger.kernel.org X-Gm-Message-State: AOJu0YyETkTKw4QD0K1wNHdi+uYixP6c+RsHE4st7Kwe+M0Gp/d7smir TMFkKYf5cpUsoXSZGZgAq10Eb1nJFUs0SDAxvOwNFjnyXYByMJi+pcM1+8zybWXWG1S8U496l4e CH6rOlg== X-Google-Smtp-Source: AGHT+IFcKCPvjnTbeCT8KN8m2AR8BSXmhvS7vXQLw6Thu8ciwldiBuq98W7UYmI82opbMJksxR+2zZr76OU= X-Received: from plau6.prod.google.com ([2002:a17:903:3046:b0:258:dc43:b015]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:b0d:b0:295:4d50:aab8 with SMTP id d9443c01a7336-2986a6c3747mr3264535ad.24.1763067084383; Thu, 13 Nov 2025 12:51:24 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 13 Nov 2025 12:51:14 -0800 In-Reply-To: <20251113205114.1647493-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251113205114.1647493-1-seanjc@google.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog Message-ID: <20251113205114.1647493-5-seanjc@google.com> Subject: [PATCH v6 4/4] KVM: x86: Grab lapic_timer in a local variable to cleanup periodic code From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, fuqiang wang Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Stash apic->lapic_timer in a local "ktimer" variable in advance_periodic_target_expiration() to eliminate a few unaligned wraps, and to make the code easier to read overall. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/lapic.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 8b6ec3304100..1597dd0b0cc6 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2126,6 +2126,7 @@ static bool set_target_expiration(struct kvm_lapic *a= pic, u32 count_reg) =20 static void advance_periodic_target_expiration(struct kvm_lapic *apic) { + struct kvm_timer *ktimer =3D &apic->lapic_timer; ktime_t now =3D ktime_get(); u64 tscl =3D rdtsc(); ktime_t delta; @@ -2137,9 +2138,8 @@ static void advance_periodic_target_expiration(struct= kvm_lapic *apic) * over time as differences in the periods accumulate, e.g. due to * differences in the underlying clocks or numerical approximation errors. */ - apic->lapic_timer.target_expiration =3D - ktime_add_ns(apic->lapic_timer.target_expiration, - apic->lapic_timer.period); + ktimer->target_expiration =3D ktime_add_ns(ktimer->target_expiration, + ktimer->period); =20 /* * If the new expiration is in the past, e.g. because userspace stopped @@ -2150,17 +2150,17 @@ static void advance_periodic_target_expiration(stru= ct kvm_lapic *apic) * past will do nothing more than waste host cycles, and can even lead * to a hard lockup in extreme cases. */ - if (ktime_before(apic->lapic_timer.target_expiration, now)) - apic->lapic_timer.target_expiration =3D now; + if (ktime_before(ktimer->target_expiration, now)) + ktimer->target_expiration =3D now; =20 /* * Note, ensuring the expiration isn't in the past also prevents delta * from going negative, which could cause the TSC deadline to become * excessively large due to it an unsigned value. */ - delta =3D ktime_sub(apic->lapic_timer.target_expiration, now); - apic->lapic_timer.tscdeadline =3D kvm_read_l1_tsc(apic->vcpu, tscl) + - nsec_to_cycles(apic->vcpu, delta); + delta =3D ktime_sub(ktimer->target_expiration, now); + ktimer->tscdeadline =3D kvm_read_l1_tsc(apic->vcpu, tscl) + + nsec_to_cycles(apic->vcpu, delta); } =20 static void start_sw_period(struct kvm_lapic *apic) --=20 2.52.0.rc1.455.g30608eb744-goog