From: Tom Lendacky <thomas.lendacky@amd.com>
To: Sean Christopherson <seanjc@google.com>
Cc: Naveen N Rao <naveen@kernel.org>,
Srikanth Aithal <sraithal@amd.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Jim Mattson <jmattson@google.com>,
"Maciej S . Szmigiero" <maciej.szmigiero@oracle.com>
Subject: Re: [PATCH 2/2] KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated
Date: Tue, 10 Mar 2026 17:33:36 -0500 [thread overview]
Message-ID: <dc6809fb-ef44-4fce-b98a-bd80edf7d64e@amd.com> (raw)
In-Reply-To: <abCT69PvxOo9ERu2@google.com>
On 3/10/26 16:58, Sean Christopherson wrote:
> On Tue, Mar 10, 2026, Tom Lendacky wrote:
>> On 3/10/26 13:35, Sean Christopherson wrote:
>>> On Tue, Mar 10, 2026, Tom Lendacky wrote:
>>>> I'm just saying that the unconditional trap for CR8_WRITE isn't flawed
>>>> for SEV-ES+ because AVIC can't work with SEV, so there isn't any time
>>>> that CR8 writes shouldn't be trapped.
>>>
>>> Yeah, I forgot that (obviously).
>>>
>>> But sync_cr8_to_lapic() is very broken, no? INTERCEPT_CR8_WRITE will never be
>>> set, and svm->vmcb->control.int_ctl will become stale as soon as the VMSA is
>>> live, and so in all likelihood KVM is crushing CR8 to zero for SEV-ES guests.
>>
>> I don't think so. V_TPR is written on #VMEXIT even for SEV-ES+ guests,
>> and since it is a trap, CR8 is set and so V_TPR should have that value.
>> That would imply sync_cr8_to_lapic() should do the right thing.
>
> But isn't svm->vmcb->control.int_ctl stale? Oh. "control", not "save". /facepalm
>
> Ah, and I assume Secure AVIC hides vTPR from the host? Or at least prevents the
> host from setting it?
Secure AVIC will prevent the host from setting it since the backing page
lives in guest memory and is encrypted/private.
>
>> After attempting to verify this behavior it turns out that writes to CR8
>> (and CR2) are, in fact, not trapped, but the APM was not updated with
>> this information (I'll send a patch to remove that code). KVM's CR8
>> value is, however, synced with the proper value through
>> sync_cr8_to_lapic() because V_TPR in the VMCB is updated on #VMEXIT.
>
> Oh. Huh. So doesn't that mean that supporting Windows (or any other guest that
> uses TPR to mask interrupts) as an SEV-ES guest is practically impossible? Because
> while KVM can observe and manipulate guest CR8, KVM won't be able to precisely
> detect when TPR drops below a pending IRQ.
Could we do something with virtual interrupt support? Today KVM uses the
virtual interrupt control to detect when an IRQ window opens. We could
do something similar by setting up the virtual interrupt priority,
V_INTR_PRIO, at the level of the current TPR/CR8 level. When the TPR
drops, that would trigger a #VMEXIT and allow the pending IRQ to be
injected. Thoughts?
Thanks,
Tom
>
next prev parent reply other threads:[~2026-03-10 22:33 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-03 19:07 [PATCH 0/2] KVM: SVM: Fix CR8 intercpetion woes with AVIC Sean Christopherson
2026-02-03 19:07 ` [PATCH 1/2] KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC Sean Christopherson
2026-02-05 4:21 ` Jim Mattson
2026-02-06 14:00 ` Naveen N Rao
2026-02-06 18:17 ` Sean Christopherson
2026-02-09 10:23 ` Naveen N Rao
2026-02-09 21:36 ` Sean Christopherson
2026-02-03 19:07 ` [PATCH 2/2] KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Sean Christopherson
2026-02-05 4:22 ` Jim Mattson
2026-02-06 17:11 ` Naveen N Rao
2026-02-06 17:55 ` Sean Christopherson
2026-03-10 15:41 ` Aithal, Srikanth
2026-03-10 17:17 ` Sean Christopherson
2026-03-10 17:36 ` Tom Lendacky
2026-03-10 17:48 ` Naveen N Rao
2026-03-10 18:00 ` Naveen N Rao
2026-03-10 18:12 ` Tom Lendacky
2026-03-10 18:35 ` Sean Christopherson
2026-03-10 21:41 ` Tom Lendacky
2026-03-10 21:58 ` Sean Christopherson
2026-03-10 22:33 ` Tom Lendacky [this message]
2026-03-10 22:40 ` Sean Christopherson
2026-03-11 13:43 ` Tom Lendacky
2026-03-11 17:39 ` Paolo Bonzini
2026-03-05 17:07 ` [PATCH 0/2] KVM: SVM: Fix CR8 intercpetion woes with AVIC Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dc6809fb-ef44-4fce-b98a-bd80edf7d64e@amd.com \
--to=thomas.lendacky@amd.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maciej.szmigiero@oracle.com \
--cc=naveen@kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=sraithal@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox