From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: kvm@vger.kernel.org, Jim Mattson <jmattson@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Joerg Roedel <joro@8bytes.org>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, Vitaly Kuznetsov <vkuznets@redhat.com>,
Borislav Petkov <bp@alien8.de>,
linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Wanpeng Li <wanpengli@tencent.com>,
Ingo Molnar <mingo@redhat.com>
Subject: Re: [PATCH v2 5/5] KVM: SVM: allow AVIC to co-exist with a nested guest running
Date: Wed, 5 Jan 2022 21:56:31 +0000 [thread overview]
Message-ID: <YdYUD22otUIF3fqR@google.com> (raw)
In-Reply-To: <20211213104634.199141-6-mlevitsk@redhat.com>
On Mon, Dec 13, 2021, Maxim Levitsky wrote:
> @@ -1486,6 +1485,12 @@ struct kvm_x86_ops {
> int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err);
>
> void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector);
> +
> + /*
> + * Returns false if for some reason APICv (e.g guest mode)
> + * must be inhibited on this vCPU
Comment is wrong, code returns 'true' if AVIC is inhibited due to is_guest_mode().
Even better, rename the hook to something that's more self-documenting.
vcpu_is_apicv_inhibited() jumps to mind, but that's a bad name since it's not
called by kvm_vcpu_apicv_active(). Maybe vcpu_has_apicv_inhibit_condition()?
> + */
> + bool (*apicv_check_inhibit)(struct kvm_vcpu *vcpu);
> };
>
> struct kvm_x86_nested_ops {
> diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
> index 34f62da2fbadd..5a8304938f51e 100644
> --- a/arch/x86/kvm/svm/avic.c
> +++ b/arch/x86/kvm/svm/avic.c
> @@ -734,6 +734,11 @@ int svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec)
> return 0;
> }
>
> +bool avic_is_vcpu_inhibited(struct kvm_vcpu *vcpu)
This should follow whatever wording we decide on for the kvm_x86_ops hook. In
isolation, this name is too close to kvm_vcpu_apicv_active() and could be wrongly
assumed to mean that APICv is not inhibited for _any_ reason on this vCPU if it
returns false.
> +{
> + return is_guest_mode(vcpu);
> +}
> +
> bool svm_dy_apicv_has_pending_interrupt(struct kvm_vcpu *vcpu)
> {
> return false;
...
> @@ -4486,6 +4493,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = {
> .complete_emulated_msr = svm_complete_emulated_msr,
>
> .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector,
> + .apicv_check_inhibit = avic_is_vcpu_inhibited,
This can technically be NULL if nested=0.
> };
>
> /*
> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> index daa8ca84afccd..545684ea37353 100644
> --- a/arch/x86/kvm/svm/svm.h
> +++ b/arch/x86/kvm/svm/svm.h
> @@ -590,6 +590,7 @@ void svm_load_eoi_exitmap(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap);
> void svm_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr);
> void svm_hwapic_isr_update(struct kvm_vcpu *vcpu, int max_isr);
> int svm_deliver_avic_intr(struct kvm_vcpu *vcpu, int vec);
> +bool avic_is_vcpu_inhibited(struct kvm_vcpu *vcpu);
> bool svm_dy_apicv_has_pending_interrupt(struct kvm_vcpu *vcpu);
> int svm_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
> uint32_t guest_irq, bool set);
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 81a74d86ee5eb..125599855af47 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -9161,6 +9161,10 @@ static int inject_pending_event(struct kvm_vcpu *vcpu, bool *req_immediate_exit)
> r = kvm_check_nested_events(vcpu);
> if (r < 0)
> goto out;
> +
> + /* Nested VM exit might need to update APICv status */
> + if (kvm_check_request(KVM_REQ_APICV_UPDATE, vcpu))
> + kvm_vcpu_update_apicv(vcpu);
> }
>
> /* try to inject new event if pending */
> @@ -9538,6 +9542,10 @@ void kvm_vcpu_update_apicv(struct kvm_vcpu *vcpu)
> down_read(&vcpu->kvm->arch.apicv_update_lock);
>
> activate = kvm_apicv_activated(vcpu->kvm);
> +
> + if (kvm_x86_ops.apicv_check_inhibit)
> + activate = activate && !kvm_x86_ops.apicv_check_inhibit(vcpu);
Might as well use Use static_call(). This would also be a candidate for
DEFINE_STATIC_CALL_RET0, though that's overkill if this is the only call site.
> +
> if (vcpu->arch.apicv_active == activate)
> goto out;
>
> @@ -9935,7 +9943,10 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
> * per-VM state, and responsing vCPUs must wait for the update
> * to complete before servicing KVM_REQ_APICV_UPDATE.
> */
> - WARN_ON_ONCE(kvm_apicv_activated(vcpu->kvm) != kvm_vcpu_apicv_active(vcpu));
> + if (!is_guest_mode(vcpu))
> + WARN_ON_ONCE(kvm_apicv_activated(vcpu->kvm) != kvm_vcpu_apicv_active(vcpu));
> + else
> + WARN_ON(kvm_vcpu_apicv_active(vcpu));
Won't this fire on VMX?
>
> exit_fastpath = static_call(kvm_x86_run)(vcpu);
> if (likely(exit_fastpath != EXIT_FASTPATH_REENTER_GUEST))
> --
> 2.26.3
>
next prev parent reply other threads:[~2022-01-05 21:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-13 10:46 [PATCH v2 0/5] RFC: KVM: SVM: Allow L1's AVIC to co-exist with nesting Maxim Levitsky
2021-12-13 10:46 ` [PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF Maxim Levitsky
2021-12-13 11:34 ` Paolo Bonzini
2021-12-13 13:07 ` Maxim Levitsky
2021-12-13 13:15 ` Paolo Bonzini
2021-12-13 13:29 ` Maxim Levitsky
2021-12-13 10:46 ` [PATCH v2 2/5] KVM: SVM: allow to force AVIC to be enabled Maxim Levitsky
2022-01-04 22:25 ` Sean Christopherson
2022-01-05 10:54 ` Maxim Levitsky
2022-01-05 17:46 ` Sean Christopherson
2021-12-13 10:46 ` [PATCH v2 3/5] KVM: SVM: fix race between interrupt delivery and AVIC inhibition Maxim Levitsky
2022-01-04 22:52 ` Sean Christopherson
2022-01-05 11:03 ` Maxim Levitsky
2022-01-05 11:54 ` Paolo Bonzini
2022-01-05 12:15 ` Maxim Levitsky
2022-01-07 15:32 ` Paolo Bonzini
2022-01-07 23:42 ` Sean Christopherson
2022-01-10 15:10 ` Paolo Bonzini
2021-12-13 10:46 ` [PATCH v2 4/5] KVM: x86: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it Maxim Levitsky
2022-01-04 22:57 ` Sean Christopherson
2022-01-05 10:56 ` Maxim Levitsky
2021-12-13 10:46 ` [PATCH v2 5/5] KVM: SVM: allow AVIC to co-exist with a nested guest running Maxim Levitsky
2022-01-05 21:56 ` Sean Christopherson [this message]
2022-01-06 8:44 ` Maxim Levitsky
2022-01-06 17:41 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YdYUD22otUIF3fqR@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.