Re: [PATCH V2] KVM:x86:Fix an interrupt injection logic error during PIC interrupt simulation

[Sean Christopherson <seanjc@google.com>]

On Tue, Jul 30, 2024, Liam Ni wrote:
> The input parameter level to the pic_irq_request function indicates
> whether there are interrupts to be injected,
> a level value of 1 indicates that there are interrupts to be injected,
> and a level value of 0 indicates that there are no interrupts to be injected.
> And the value of level will be assigned to s->output,
> so we should set s->wakeup_needed to true when s->output is true.

Neither the shortlog nor the changelog actually explains the impact of the bug,
or even what's being fixed.  I rewrote it to this:

    KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found
    
    When updating the emulated PIC IRQ status, set "wakeup_needed" if and only
    if a new interrupt was found, i.e. if the incoming level is non-zero and
    an IRQ is being raised.  The bug is relatively benign, as KVM will signal
    a spurious wakeup, e.g. set KVM_REQ_EVENT and kick target vCPUs, but KVM
    will never actually inject a spurious IRQ as kvm_cpu_has_extint() cares
    only about the "output" field.

And that's of particular interest because this fix uncovered a latent bug in
nested VMX.  If an IRQ becomes pending while L2 is running, and the IRQ must be
injected (e.g. APICv is disabled), KVM fails to request KVM_REQ_EVENT and so
doesn't trigger an IRQ window.  But the spurious KVM_REQ_EVENT from
pic_irq_request() masks the bug (I didn't bother tracking down how pic_irq_request()
is getting invoked on nested VM-Exit).

I'm applying the patch in advance of the nVMX fix, because the PIC emulation goof
only helps with fully in-kernel IRQCHIP, i.e. if the PIC and I/O APIC are emulated
by KVM.  E.g. the vmx_apic_passthrough_tpr_threshold_test KVM-Unit-Test fails even
without this change if it's run with a split IRQCHIP.

That said, I'll ensure the nVMX fix lands upstream before this (I'm planning on
tagging it for stable and routing it into 6.14).

> Signed-off-by: Liam Ni <zhiguangni01@gmail.com>
> ---
>  arch/x86/kvm/i8259.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
> index 8dec646e764b..ec9d6ee7d33d 100644
> --- a/arch/x86/kvm/i8259.c
> +++ b/arch/x86/kvm/i8259.c
> @@ -567,7 +567,7 @@ static void pic_irq_request(struct kvm *kvm, int level)
>  {
>     struct kvm_pic *s = kvm->arch.vpic;
> 
> -   if (!s->output)
> +   if (!s->output && level)
>         s->wakeup_needed = true;
>     s->output = level;
>  }
> --
> 2.34.1