From: Naveen N Rao <naveen@kernel.org>
To: Manali Shukla <manali.shukla@amd.com>
Cc: "Nikunj A. Dadhania" <nikunj@amd.com>,
seanjc@google.com, pbonzini@redhat.com, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, kvm@vger.kernel.org,
x86@kernel.org, santosh.shukla@amd.com, nikunj.dadhania@amd.com,
dapeng1.mi@linux.intel.com
Subject: Re: [PATCH v1 6/9] KVM: Add KVM_GET_LAPIC2 and KVM_SET_LAPIC2 for extended APIC
Date: Thu, 14 May 2026 20:06:15 +0530 [thread overview]
Message-ID: <agXanDurL2EogTtC@blrnaveerao1> (raw)
In-Reply-To: <f9784824-0c12-4c85-887f-b079285d4a6a@amd.com>
On Mon, Mar 23, 2026 at 04:45:43PM +0530, Manali Shukla wrote:
> On 3/16/2026 6:30 PM, Nikunj A. Dadhania wrote:
> >
> >
> > On 2/4/2026 1:14 PM, Manali Shukla wrote:
...
> >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> >> index 669c894f1061..ccd16bdff56a 100644
> >> --- a/arch/x86/kvm/x86.c
> >> +++ b/arch/x86/kvm/x86.c
> >> @@ -5331,6 +5331,17 @@ static int kvm_vcpu_ioctl_get_lapic(struct kvm_vcpu *vcpu,
> >> return kvm_apic_get_state(vcpu, s->regs, sizeof(*s));
> >> }
> >>
> >> +static int kvm_vcpu_ioctl_get_lapic2(struct kvm_vcpu *vcpu,
> >> + struct kvm_lapic_state2 *s)
> >> +{
> >> + if (vcpu->arch.apic->guest_apic_protected)
> >> + return -EINVAL;
> >> +
> >> + kvm_x86_call(sync_pir_to_irr)(vcpu);
> >> +
> >> + return kvm_apic_get_state(vcpu, s->regs, sizeof(*s));
> >> +}
> >
> > Should this function verify that KVM_CAP_LAPIC2 was enabled for the VM?
> > The KVM_CAP_LAPIC2 documentation states "This must be called before
> > creating any VCPUs" which implies userspace must explicitly enable the
> > capability. However, this ioctl doesn't check kvm->arch.nr_extlvt or any
> > flag indicating the capability was enabled.
> >
> > Looking at how this interacts with kvm_apic_get_state() in
> > arch/x86/kvm/lapic.c:
> >
> > int kvm_apic_get_state(struct kvm_vcpu *vcpu, void *regs, unsigned int size)
> > {
> > memcpy(regs, vcpu->arch.apic->regs, size);
> > ...
> > }
> >
> > The function copies 'size' bytes from vcpu->arch.apic->regs. Since
> > sizeof(struct kvm_lapic_state2) is 4096 bytes and apic->regs is allocated
> > as a single page (also 4096 bytes), this works. But if the extended APIC
> > capability wasn't enabled via KVM_ENABLE_CAP, should userspace be allowed
> > to read the extended register space?
> >
>
> Yeah. Correct. If the capability is not enabled, userspace should not be
> allowed to read/write the extended register space. It makes sense to put
> a check here. I will fix this in V2.
I think the base KVM_GET_LAPIC2/KVM_SET_LAPIC2 ioctls should always be
allowed, since we will now advertise KVM_CAP_LAPIC2 always.
Even though additional capability bits (to advertise AMD EXTAPIC space,
for instance) may need some KVM code/validation, I am not sure we need
to enforce it here by rejecting KVM_[G|S]ET_LAPIC2.
- Naveen
next prev parent reply other threads:[~2026-05-14 14:39 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-04 7:44 [PATCH v1 0/9] KVM: x86: Add support for AMD Extended APIC registers Manali Shukla
2026-02-04 7:44 ` [PATCH v1 1/9] KVM: x86: Refactor APIC register mask handling to support extended " Manali Shukla
2026-05-14 12:48 ` Naveen N Rao
2026-02-04 7:44 ` [PATCH v1 2/9] x86/apic: Add helper to get maximum number of Extended LVT registers Manali Shukla
2026-05-06 11:22 ` Borislav Petkov
2026-05-14 12:50 ` Naveen N Rao
2026-02-04 7:44 ` [PATCH v1 3/9] KVM: SVM: Set kvm_caps.has_extapic when CPU supports Extended APIC Manali Shukla
2026-05-14 12:58 ` Naveen N Rao
2026-02-04 7:44 ` [PATCH v1 4/9] KVM: x86: Introduce KVM_CAP_LAPIC2 for 4KB APIC register space support Manali Shukla
2026-05-14 13:08 ` Naveen N Rao
2026-02-04 7:44 ` [PATCH v1 5/9] KVM: x86: Refactor APIC state get/set to accept variable-sized buffers Manali Shukla
2026-05-14 14:20 ` Naveen N Rao
2026-02-04 7:44 ` [PATCH v1 6/9] KVM: Add KVM_GET_LAPIC2 and KVM_SET_LAPIC2 for extended APIC Manali Shukla
2026-03-16 13:00 ` Nikunj A. Dadhania
2026-03-23 11:15 ` Manali Shukla
2026-05-14 14:36 ` Naveen N Rao [this message]
2026-05-14 14:41 ` Naveen N Rao
2026-02-04 7:44 ` [PATCH v1 7/9] KVM: x86: Emulate Extended LVT registers for AMD guests Manali Shukla
2026-05-14 14:48 ` Naveen N Rao
2026-02-04 7:44 ` [PATCH v1 8/9] x86/cpufeatures: Add CPUID feature bit for Extended LVT AVIC acceleration Manali Shukla
2026-02-04 7:44 ` [PATCH v1 9/9] KVM: SVM: Add AVIC support for extended LVT MSRs Manali Shukla
2026-05-14 15:10 ` Naveen N Rao
2026-03-10 6:17 ` [PATCH v1 0/9] KVM: x86: Add support for AMD Extended APIC registers Manali Shukla
2026-04-27 4:34 ` Shukla, Manali
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agXanDurL2EogTtC@blrnaveerao1 \
--to=naveen@kernel.org \
--cc=bp@alien8.de \
--cc=dapeng1.mi@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=manali.shukla@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj.dadhania@amd.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=santosh.shukla@amd.com \
--cc=seanjc@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.