Re: [PATCH 5/5] x86: KVM: SVM: workaround for AVIC's errata #1235

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: kvm@vger.kernel.org, Will Deacon <will@kernel.org>,
	Borislav Petkov <bp@alien8.de>,
	 Dave Hansen <dave.hansen@linux.intel.com>,
	 Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	 Paolo Bonzini <pbonzini@redhat.com>,
	x86@kernel.org, Robin Murphy <robin.murphy@arm.com>,
	 iommu@lists.linux.dev, Ingo Molnar <mingo@redhat.com>,
	Joerg Roedel <joro@8bytes.org>,  "H. Peter Anvin" <hpa@zytor.com>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 5/5] x86: KVM: SVM: workaround for AVIC's errata #1235
Date: Thu, 28 Sep 2023 08:37:18 -0700	[thread overview]
Message-ID: <ZRWdrtHynEbtQnpZ@google.com> (raw)
In-Reply-To: <20230928150428.199929-6-mlevitsk@redhat.com>

KVM: SVM: for the shortlog scope (applies to all relevant patches in this series)

On Thu, Sep 28, 2023, Maxim Levitsky wrote:
> On Zen2 (and likely on Zen1 as well), AVIC doesn't reliably detect a change
> in the 'is_running' bit during ICR write emulation and might skip a
> VM exit, if that bit was recently cleared.
> 
> The absence of the VM exit, leads to the KVM not waking up / triggering
> nested vm exit on the target(s) of the IPI which can, in some cases,
> lead to an unbounded delays in the guest execution.
> 
> As I recently discovered, a reasonable workaround exists: make the KVM

Nit, please just write "KVM", not "the KVM".  KVM is a proper noun when used in
this way, e.g. saying "the KVM" is like saying "the Sean" or "the Maxim".

> never set the is_running bit.
> 
> This workaround ensures that (*) all ICR writes always cause a VM exit
> and therefore correctly emulated, in expense of never enjoying VM exit-less
> ICR emulation.

This breaks svm_ir_list_add(), which relies on the vCPU's entry being up-to-date
and marked running to detect that IOMMU needs to be immediately pointed at the
current pCPU.

	/*
	 * Update the target pCPU for IOMMU doorbells if the vCPU is running.
	 * If the vCPU is NOT running, i.e. is blocking or scheduled out, KVM
	 * will update the pCPU info when the vCPU awkened and/or scheduled in.
	 * See also avic_vcpu_load().
	 */
	entry = READ_ONCE(*(svm->avic_physical_id_cache));
	if (entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK)
		amd_iommu_update_ga(entry & AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK,
				    true, pi->ir_data);

> This workaround does carry a performance penalty but according to my
> benchmarks is still much better than not using AVIC at all,
> because AVIC is still used for the receiving end of the IPIs, and for the
> posted interrupts.

I really, really don't like the idea of carrying a workaround like this in
perpetuity.  If there is a customer that is determined to enable AVIC on Zen1/Zen2,
then *maybe* it's something to consider, but I don't think we should carry this
if the only anticipated beneficiary is one-off users and KVM developers.  IMO, the
AVIC code is complex enough as it is.

next prev parent reply	other threads:[~2023-09-28 15:37 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-28 15:04 [PATCH 0/5] AVIC bugfixes and workarounds Maxim Levitsky
2023-09-28 15:04 ` [PATCH 1/5] x86: KVM: SVM: fix for x2avic CVE-2023-5090 Maxim Levitsky
2023-09-28 15:53   ` Sean Christopherson
2023-09-28 15:04 ` [PATCH 2/5] x86: KVM: SVM: add support for Invalid IPI Vector interception Maxim Levitsky
2023-09-28 15:46   ` Sean Christopherson
2023-09-28 15:04 ` [PATCH 3/5] x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested() Maxim Levitsky
2023-09-28 16:03   ` Sean Christopherson
2023-09-28 15:04 ` [PATCH 4/5] iommu/amd: skip updating the IRTE entry when is_run is already false Maxim Levitsky
2023-09-28 17:27   ` Joao Martins
2023-09-28 15:04 ` [PATCH 5/5] x86: KVM: SVM: workaround for AVIC's errata #1235 Maxim Levitsky
2023-09-28 15:37   ` Sean Christopherson [this message]
2024-03-26  3:15 ` [PATCH 0/5] AVIC bugfixes and workarounds Jim Mattson
2024-03-26 15:59   ` mlevitsk
2024-03-26 16:52     ` Joao Martins

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZRWdrtHynEbtQnpZ@google.com \
    --to=seanjc@google.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=iommu@lists.linux.dev \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=mlevitsk@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=robin.murphy@arm.com \
    --cc=suravee.suthikulpanit@amd.com \
    --cc=tglx@linutronix.de \
    --cc=will@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.