Re: [PATCH] KVM: x86: hyper-v: Don't auto-enable stimer during deserialization

[Vitaly Kuznetsov <vkuznets@redhat.com>]

Nicolas Saenz Julienne <nsaenz@amazon.com> writes:

> By not honoring the 'stimer->config.enable' state during stimer
> deserialization we might introduce spurious timer interrupts. For
> example through the following events:
>  - The stimer is configured in auto-enable mode.
>  - The stimer's count is set and the timer enabled.
>  - The stimer expires, an interrupt is injected.
>  - We live migrate the VM.
>  - The stimer config and count are deserialized, auto-enable is ON, the
>    stimer is re-enabled.
>  - The stimer expires right away, and injects an unwarranted interrupt.
>
> So let's not change the stimer's enable state if the MSR write comes
> from user-space.
>
> Fixes: 1f4b34f825e8 ("kvm/x86: Hyper-V SynIC timers")
> Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com>
> ---
>  arch/x86/kvm/hyperv.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
> index 7c2dac6824e2..9f1deb6aa131 100644
> --- a/arch/x86/kvm/hyperv.c
> +++ b/arch/x86/kvm/hyperv.c
> @@ -729,7 +729,7 @@ static int stimer_set_count(struct kvm_vcpu_hv_stimer *stimer, u64 count,
>  	stimer->count = count;
>  	if (stimer->count == 0)
>  		stimer->config.enable = 0;

Can this branch be problematic too? E.g. if STIMER[X]_CONFIG is
deserialized after STIMER[X]_COUNT we may erroneously reset 'enable' to
0, right? In fact, when MSRs are ordered like this:

#define HV_X64_MSR_STIMER0_CONFIG		0x400000B0
#define HV_X64_MSR_STIMER0_COUNT		0x400000B1

I would guess that we always de-serialize 'config' first. With
auto-enable, the timer will get enabled when writing 'count' but what
happens in other cases?

Maybe the whole block needs to go under 'if (!host)' instead?

> -	else if (stimer->config.auto_enable)
> +	else if (stimer->config.auto_enable && !host)
>  		stimer->config.enable = 1;
>  
>  	if (stimer->config.enable)

-- 
Vitaly