Fix two bugs related to updating APICv state, add a regression test, and
then rip out the "defer updates until nested VM-Exit" that contributed to
bug #2, and eliminated a number ideas for fixing bug #1 (ignoring that my
ideas weren't all that great).

The only thing that gives me pause is the TLB flushing logic in
vmx_set_virtual_apic_mode(), mainly because I don't love open coding things
like that.  But for me, it's a much lesser evil than the mounting pile of
booleans related to tracking deferred updates, and the mental gymnastics
needed to understanding the interactions and ordering.

The fixes are tagged for stable@, and I'll probably land the selftest in
6.19 as well.  Everything else is most definitely 6.20+ material.

v3:
 - Add a selftest.
 - Rip out the deferred updates stuff.
 - Collect Chao's review.
 - Add Dongli's fix for bug #2. [Chao]

v2:
 - https://lore.kernel.org/all/20251110063212.34902-1-dongli.zhang@oracle.com
 - Add support for guest mode (suggested by Chao Gao).
 - Add comments in the code (suggested by Chao Gao).
 - Remove WARN_ON_ONCE from vmx_hwapic_isr_update().
 - Edit commit message "AMD SVM APICv" to "AMD SVM AVIC"
   (suggested by Alejandro Jimenez).

Dongli Zhang (2):
  KVM: VMX: Update SVI during runtime APICv activation
  KVM: nVMX: Immediately refresh APICv controls as needed on nested
    VM-Exit

Sean Christopherson (8):
  KVM: selftests: Add a test to verify APICv updates (while L2 is
    active)
  KVM: nVMX: Switch to vmcs01 to update PML controls on-demand if L2 is
    active
  KVM: nVMX: Switch to vmcs01 to update TPR threshold on-demand if L2 is
    active
  KVM: nVMX: Switch to vmcs01 to update SVI on-demand if L2 is active
  KVM: nVMX: Switch to vmcs01 to refresh APICv controls on-demand if L2
    is active
  KVM: nVMX: Switch to vmcs01 to update APIC page on-demand if L2 is
    active
  KVM: nVMX: Switch to vmcs01 to set virtual APICv mode on-demand if L2
    is active
  KVM: x86: Update APICv ISR (a.k.a. SVI) as part of
    kvm_apic_update_apicv()

 arch/x86/kvm/lapic.c                          |  21 +-
 arch/x86/kvm/lapic.h                          |   1 -
 arch/x86/kvm/vmx/nested.c                     |  30 +--
 arch/x86/kvm/vmx/vmx.c                        | 104 +++++-----
 arch/x86/kvm/vmx/vmx.h                        |   9 -
 arch/x86/kvm/x86.c                            |   5 +
 tools/testing/selftests/kvm/Makefile.kvm      |   1 +
 .../testing/selftests/kvm/include/x86/apic.h  |   4 +
 .../kvm/x86/vmx_apicv_updates_test.c          | 181 ++++++++++++++++++
 9 files changed, 257 insertions(+), 99 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/vmx_apicv_updates_test.c


base-commit: 5d3e2d9ba9ed68576c70c127e4f7446d896f2af2
-- 
2.52.0.223.gf5cc29aaa4-goog

On Fri, 05 Dec 2025 15:19:03 -0800, Sean Christopherson wrote:
> Fix two bugs related to updating APICv state, add a regression test, and
> then rip out the "defer updates until nested VM-Exit" that contributed to
> bug #2, and eliminated a number ideas for fixing bug #1 (ignoring that my
> ideas weren't all that great).
> 
> The only thing that gives me pause is the TLB flushing logic in
> vmx_set_virtual_apic_mode(), mainly because I don't love open coding things
> like that.  But for me, it's a much lesser evil than the mounting pile of
> booleans related to tracking deferred updates, and the mental gymnastics
> needed to understanding the interactions and ordering.
> 
> [...]

Applied 1 and 2 to kvm-x86 fixes.

[01/10] KVM: VMX: Update SVI during runtime APICv activation
        https://github.com/kvm-x86/linux/commit/b2849bec936b
[02/10] KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit
        https://github.com/kvm-x86/linux/commit/297631388309

--
https://github.com/kvm-x86/linux/tree/next