From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Ake Koomsin <ake@igel.co.jp>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H . Peter Anvin" <hpa@zytor.com>
Subject: Re: [RFC PATCH] KVM: x86: inhibit APICv upon detecting direct APIC access from L2
Date: Mon, 7 Aug 2023 11:04:48 -0700 [thread overview]
Message-ID: <ZNEyQM8CYSAcyt9F@google.com> (raw)
In-Reply-To: <43c18a3d57305cf52a1c3643fa8f714ae3769551.camel@redhat.com>
On Mon, Aug 07, 2023, Maxim Levitsky wrote:
> У пн, 2023-08-07 у 15:26 +0900, Ake Koomsin пише:
> > Current KVM does not expect L1 hypervisor to allow L2 guest to access
> > APIC page directly when APICv is enabled. When this happens, KVM
> > emulates the access itself resulting in interrupt lost.
Kinda stating the obvious, but as Maxim alluded to, emulating an APIC access while
APICv is active should not result in lost interrupts. I.e. suppressing APICv is
likely masking a bug that isn't unique to this specific scenario.
> Is there a good reason why KVM doesn't expose APIC memslot to a nested guest?
AFAIK, simply because no one has ever requested that KVM support such a use case.
> While nested guest runs, the L1's APICv is "inhibited" effectively anyway, so
> writes to this memslot should update APIC registers and be picked up by APICv
> hardware when L1 resumes execution.
>
> Since APICv alows itself to be inhibited due to other reasons, it means that
> just like AVIC, it should be able to pick up arbitrary changes to APIC
> registers which happened while it was inhibited, just like AVIC does.
>
> I'll take a look at the code to see if APICv does this (I know AVIC's code
> much better that APICv's)
>
> Is there a reproducer for this bug?
+1, this needs a reproducer, or at the very least a very detailed explanation
and analysis.
next prev parent reply other threads:[~2023-08-07 18:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-07 6:26 [RFC PATCH] KVM: x86: inhibit APICv upon detecting direct APIC access from L2 Ake Koomsin
2023-08-07 14:00 ` Maxim Levitsky
2023-08-07 18:04 ` Sean Christopherson [this message]
2023-08-08 7:45 ` Ake Koomsin
2023-08-08 23:48 ` Sean Christopherson
2023-08-09 8:42 ` Ake Koomsin
2023-08-25 3:58 ` Ake Koomsin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZNEyQM8CYSAcyt9F@google.com \
--to=seanjc@google.com \
--cc=ake@igel.co.jp \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox