[PATCH] KVM: x86: Ignore pending PV EOI if the vCPU has since disabled PV EOIs

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] KVM: x86: Ignore pending PV EOI if the vCPU has since disabled PV EOIs
@ 2026-06-24 22:05 Sean Christopherson
  2026-06-24 22:17 ` sashiko-bot
  0 siblings, 1 reply; 3+ messages in thread
From: Sean Christopherson @ 2026-06-24 22:05 UTC (permalink / raw)
  To: Sean Christopherson, Paolo Bonzini; +Cc: kvm, linux-kernel

Ignore KVM's internal "service pending PV EOI" request if the vCPU has
disabled PV EOIs since the request was made.  Asserting that PV EOIs are
enabled can fail if reading guest memory in pv_eoi_get_user() fails, i.e.
if pv_eoi_test_and_clr_pending() bails early, *and* the vCPU also disables
PV EOIs.

  kernel BUG at arch/x86/kvm/lapic.c:3338!
  Oops: invalid opcode: 0000 [#1] SMP
  CPU: 4 UID: 1000 PID: 890 Comm: pv_eoi_test Not tainted 7.0.0-d585aa5894d8-vm #337 PREEMPT
  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
  RIP: 0010:kvm_lapic_sync_from_vapic+0x12b/0x140 [kvm]
  Call Trace:
   <TASK>
   kvm_arch_vcpu_ioctl_run+0x1075/0x1c30 [kvm]
   kvm_vcpu_ioctl+0x2d5/0x980 [kvm]
   __x64_sys_ioctl+0x8a/0xd0
   do_syscall_64+0xb5/0xb40
   entry_SYSCALL_64_after_hwframe+0x4b/0x53
   </TASK>
  Modules linked in: kvm_intel kvm irqbypass
  ---[ end trace 0000000000000000 ]---

Fixes: ae7a2a3fb6f8 ("KVM: host side for eoi optimization")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/lapic.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 6f30bbdddb5a..38bba9a1114c 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -3371,6 +3371,12 @@ static void apic_sync_pv_eoi_from_guest(struct kvm_vcpu *vcpu,
 					struct kvm_lapic *apic)
 {
 	int vector;
+
+	if (unlikely(!pv_eoi_enabled(vcpu))) {
+		__clear_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention);
+		return;
+	}
+
 	/*
 	 * PV EOI state is derived from KVM_APIC_PV_EOI_PENDING in host
 	 * and KVM_PV_EOI_ENABLED in guest memory as follows:
@@ -3382,8 +3388,6 @@ static void apic_sync_pv_eoi_from_guest(struct kvm_vcpu *vcpu,
 	 * KVM_APIC_PV_EOI_PENDING is set, KVM_PV_EOI_ENABLED is unset:
 	 * 	-> host enabled PV EOI, guest executed EOI.
 	 */
-	BUG_ON(!pv_eoi_enabled(vcpu));
-
 	if (pv_eoi_test_and_clr_pending(vcpu))
 		return;
 	vector = apic_set_eoi(apic);

base-commit: 50406d35f5635e1cc523e61409d57e851b5f5df8
-- 
2.55.0.rc0.799.gd6f94ed593-goog


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] KVM: x86: Ignore pending PV EOI if the vCPU has since disabled PV EOIs
  2026-06-24 22:05 [PATCH] KVM: x86: Ignore pending PV EOI if the vCPU has since disabled PV EOIs Sean Christopherson
@ 2026-06-24 22:17 ` sashiko-bot
  2026-06-24 22:27   ` Sean Christopherson
  0 siblings, 1 reply; 3+ messages in thread
From: sashiko-bot @ 2026-06-24 22:17 UTC (permalink / raw)
  To: Sean Christopherson; +Cc: kvm

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] pv_eoi_test_and_clr_pending() fails to clear KVM_APIC_PV_EOI_PENDING on guest memory access errors, leading to an infinite loop of spurious EOIs.
--

commit 8d31266dfac4b51fef59bed9e9475da6bffdd83d
Author: Sean Christopherson <seanjc@google.com>

KVM: x86: Ignore pending PV EOI if the vCPU has since disabled PV EOIs

This commit fixes a host panic by explicitly ignoring internal requests
to service pending PV EOIs if the vCPU has disabled PV EOIs since the
request was made.

> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
> --- a/arch/x86/kvm/lapic.c
> +++ b/arch/x86/kvm/lapic.c
[ ... ]
> @@ -3382,8 +3388,6 @@ static void apic_sync_pv_eoi_from_guest(struct kvm_vcpu *vcpu,
>  	 * KVM_APIC_PV_EOI_PENDING is set, KVM_PV_EOI_ENABLED is unset:
>  	 * 	-> host enabled PV EOI, guest executed EOI.
>  	 */
> -	BUG_ON(!pv_eoi_enabled(vcpu));
> -
>  	if (pv_eoi_test_and_clr_pending(vcpu))
>  		return;
>  	vector = apic_set_eoi(apic);

[Severity: High]
This is a pre-existing issue, but if pv_eoi_test_and_clr_pending() encounters
a memory access error, does it skip clearing the pending bit?

Looking at pv_eoi_test_and_clr_pending():

arch/x86/kvm/lapic.c:pv_eoi_test_and_clr_pending() {
    if (pv_eoi_get_user(vcpu, &val) < 0)
        return false;
    ...
    __clear_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention);
    ...
}

If a guest provides an invalid memory address, pv_eoi_test_and_clr_pending()
returns false early without clearing KVM_APIC_PV_EOI_PENDING.

Will this cause apic_sync_pv_eoi_from_guest() to falsely assume the guest
performed an EOI and proceed to call apic_set_eoi() below?

Since the pending bit remains set, will KVM continue calling apic_set_eoi()
on every subsequent VM exit, erroneously clearing valid in-service interrupts
and making the VM completely unresponsive?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260624220516.3033391-1-seanjc@google.com?part=1

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] KVM: x86: Ignore pending PV EOI if the vCPU has since disabled PV EOIs
  2026-06-24 22:17 ` sashiko-bot
@ 2026-06-24 22:27   ` Sean Christopherson
  0 siblings, 0 replies; 3+ messages in thread
From: Sean Christopherson @ 2026-06-24 22:27 UTC (permalink / raw)
  To: sashiko-reviews; +Cc: kvm

On Wed, Jun 24, 2026, sashiko-bot@kernel.org wrote:
> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
> > diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
> > --- a/arch/x86/kvm/lapic.c
> > +++ b/arch/x86/kvm/lapic.c
> [ ... ]
> > @@ -3382,8 +3388,6 @@ static void apic_sync_pv_eoi_from_guest(struct kvm_vcpu *vcpu,
> >  	 * KVM_APIC_PV_EOI_PENDING is set, KVM_PV_EOI_ENABLED is unset:
> >  	 * 	-> host enabled PV EOI, guest executed EOI.
> >  	 */
> > -	BUG_ON(!pv_eoi_enabled(vcpu));
> > -
> >  	if (pv_eoi_test_and_clr_pending(vcpu))
> >  		return;
> >  	vector = apic_set_eoi(apic);
> 
> [Severity: High]
> This is a pre-existing issue, but if pv_eoi_test_and_clr_pending() encounters
> a memory access error, does it skip clearing the pending bit?

Yes, that's what this patch is fixing.

> Looking at pv_eoi_test_and_clr_pending():
> 
> arch/x86/kvm/lapic.c:pv_eoi_test_and_clr_pending() {
>     if (pv_eoi_get_user(vcpu, &val) < 0)
>         return false;
>     ...
>     __clear_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention);
>     ...
> }
> 
> If a guest provides an invalid memory address, pv_eoi_test_and_clr_pending()
> returns false early without clearing KVM_APIC_PV_EOI_PENDING.
> 
> Will this cause apic_sync_pv_eoi_from_guest() to falsely assume the guest
> performed an EOI and proceed to call apic_set_eoi() below?
> 
> Since the pending bit remains set, will KVM continue calling apic_set_eoi()
> on every subsequent VM exit, erroneously clearing valid in-service interrupts
> and making the VM completely unresponsive?

Yes, but the alternative is to "falsely assume" the guest did NOT perform an EOI,
in which case in-service IRQs will never be cleared, and the guest be completely
unresponsive because it will stop receiving IRQs.

I.e. the problem isn't KVM's behavior, it's that the guest is hosed if the PV EOI
page goes missing.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-06-24 22:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-24 22:05 [PATCH] KVM: x86: Ignore pending PV EOI if the vCPU has since disabled PV EOIs Sean Christopherson
2026-06-24 22:17 ` sashiko-bot
2026-06-24 22:27   ` Sean Christopherson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.