From: Binbin Wu <binbin.wu@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: tglx@kernel.org, linux-kernel@vger.kernel.org,
Sean Christopherson <seanjc@google.com>,
Jim Mattson <jmattson@google.com>,
Vishal L Verma <vishal.l.verma@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>,
Binbin Wu <binbin.wu@intel.com>,
"x86@kernel.org" <x86@kernel.org>,
Paolo Bonzini <bonzini@redhat.com>
Subject: Re: [PATCH v2 1/2] x86/kvm/vmx: Move IRQ/NMI dispatch from KVM into x86 core
Date: Fri, 8 May 2026 14:09:09 +0800 [thread overview]
Message-ID: <719c6275-c4b9-49f1-877e-05dd079b984e@linux.intel.com> (raw)
In-Reply-To: <20260501203717.GH1026330@noisy.programming.kicks-ass.net>
On 5/2/2026 4:37 AM, Peter Zijlstra wrote:
[...]
> --- /dev/null
> +++ b/arch/x86/entry/common.c
> @@ -0,0 +1,48 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +#include <linux/entry-common.h>
> +#include <linux/kvm_types.h>
> +#include <asm/fred.h>
> +#include <asm/desc.h>
> +
> +#if IS_ENABLED(CONFIG_KVM_INTEL)
> +/*
> + * On VMX, NMIs and IRQs (as configured by KVM) are acknowledged by hardware as
> + * part of the VM-Exit, i.e. the event itself is consumed as part the VM-Exit.
> + * x86_entry_from_kvm() is invoked by KVM to effectively forward NMIs and IRQs
> + * to the kernel for servicing. On SVM, a.k.a. AMD, the NMI/IRQ VM-Exit is
> + * purely a signal that an NMI/IRQ is pending, i.e. the event that triggered
> + * the VM-Exit is held pending until it's unblocked in the host.
> + */
> +noinstr void x86_entry_from_kvm(unsigned int event_type, unsigned int vector)
> +{
> + if (event_type == EVENT_TYPE_EXTINT) {
> +#ifdef CONFIG_X86_64
> + /*
> + * Use FRED dispatch, even when running IDT. The dispatch
> + * tables are kept in sync between FRED and IDT, and the FRED
> + * dispatch works well with CFI.
> + */
> + fred_entry_from_kvm(event_type, vector);
> +#else
> + idt_entry_from_kvm(vector);
> +#endif
> + return;
> + }
> +
> + WARN_ON_ONCE(event_type != EVENT_TYPE_NMI);
Not sure if it's OK to use WARN_ON_ONCE() here.
If the warning is triggered, it could unblock NMI due to handling of #UD.
> +
> +#ifdef CONFIG_X86_64
> + if (cpu_feature_enabled(X86_FEATURE_FRED))
> + return fred_entry_from_kvm(event_type, vector);
> +#endif
> +
> + /*
> + * Notably, we must use IDT dispatch for NMI when running in IDT mode.
> + * The FRED NMI context is significantly different and will not work
> + * right (speficially FRED fixed the NMI recursion issue).
> + */
> + idt_entry_from_kvm(vector);
> +}
> +EXPORT_SYMBOL_FOR_KVM(x86_entry_from_kvm);
> +#endif
[...]
> --- a/arch/x86/include/asm/desc.h
> +++ b/arch/x86/include/asm/desc.h
> @@ -438,6 +438,10 @@ extern void idt_setup_traps(void);
> extern void idt_setup_apic_and_irq_gates(void);
> extern bool idt_is_f00f_address(unsigned long address);
>
> +extern void idt_do_interrupt_irqoff(unsigned int vector);
In idt_entry_from_kvm() below, gate_offset() returns 'unsigned long', but here
it uses 'unsigned int'. It's not safe since there is no guarantee that the
address is within 32 bits for x86_64.
Also, the argument is not a vector.
[...]
> +noinstr void idt_entry_from_kvm(unsigned int vector)
> +{
> + if (vector == NMI_VECTOR)
> + return idt_do_nmi_irqoff();
> +
> + /*
> + * Only the NMI path requires noinstr.
> + */
> + instrumentation_begin();
> + idt_do_interrupt_irqoff(gate_offset(idt_table + vector));
> + instrumentation_end();
> +}
> +
next prev parent reply other threads:[~2026-05-08 6:09 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-23 15:56 [PATCH 0/2] x86/kvm/vmx: Fix VMX interrupt injection vs hrtimer_rearm_deferred() Peter Zijlstra
2026-04-23 15:56 ` [PATCH 1/2] x86/kvm/vmx: Move IRQ/NMI dispatch from KVM into x86 core Peter Zijlstra
2026-04-23 17:54 ` Xin Li
2026-04-28 9:43 ` Binbin Wu
2026-04-28 11:25 ` Paolo Bonzini
2026-05-01 20:31 ` Peter Zijlstra
2026-05-01 20:37 ` [PATCH v2 " Peter Zijlstra
2026-05-08 2:54 ` Yan Zhao
2026-05-08 8:54 ` Peter Zijlstra
2026-05-08 6:09 ` Binbin Wu [this message]
2026-05-08 8:53 ` Peter Zijlstra
2026-05-08 8:56 ` Binbin Wu
2026-05-08 9:18 ` [PATCH v3 " Peter Zijlstra
2026-05-08 9:41 ` Binbin Wu
2026-05-12 22:31 ` Sean Christopherson
2026-04-23 15:56 ` [PATCH 2/2] x86/kvm/vmx: Fix VMX vs hrtimer_rearm_deferred() Peter Zijlstra
2026-05-11 12:59 ` David Woodhouse
2026-05-12 22:32 ` Sean Christopherson
2026-05-15 18:15 ` Marc Dionne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=719c6275-c4b9-49f1-877e-05dd079b984e@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=binbin.wu@intel.com \
--cc=bonzini@redhat.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.