| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Jul 2021 15:58:17 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Zeng Guang <guang.zeng@...el.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"Luck, Tony" <tony.luck@...el.com>,
Kan Liang <kan.liang@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Kim Phillips <kim.phillips@....com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Jethro Beekman <jethro@...tanix.com>,
"Huang, Kai" <kai.huang@...el.com>
Cc: "x86@...nel.org" <x86@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"Hu, Robert" <robert.hu@...el.com>,
"Gao, Chao" <chao.gao@...el.com>,
Emanuele Giuseppe Esposito <eesposit@...hat.com>
Subject: Re: [PATCH 6/6] KVM: VMX: enable IPI virtualization
On 19/07/21 14:38, Zeng Guang wrote:
>> Understood, but in practice all uses of vmx->ipiv_active are
>> guarded by kvm_vcpu_apicv_active so they are always reached with
>> vmx->ipiv_active == enable_ipiv.
>>
>> The one above instead seems wrong and should just use enable_ipiv.
>
> enable_ipiv associate with "IPI virtualization" setting in tertiary
> exec controls and enable_apicv which depends on cpu_has_vmx_apicv().
> kvm_vcpu_apicv_active still can be false even if enable_ipiv is true,
> e.g. in case irqchip not emulated in kernel.
Right, kvm_vcpu_apicv_active *is* set in init_vmcs. But there's an
"if (kvm_vcpu_apicv_active(&vmx->vcpu))" above. You can just stick
if (enable_ipicv)
install_pid(vmx);
inside there. As to the other occurrences of vmx->ipiv_active, look here:
> + if (!kvm_vcpu_apicv_active(vcpu))
> + return;
> +
> + if ((!kvm_arch_has_assigned_device(vcpu->kvm) ||
> + !irq_remapping_cap(IRQ_POSTING_CAP)) &&
> + !to_vmx(vcpu)->ipiv_active)
> return;
>
This one can be enable_ipiv because APICv must be active.
> + if (!kvm_vcpu_apicv_active(vcpu))
> + return 0;
> +
> + /* Put vCPU into a list and set NV to wakeup vector if it is
> + * one of the following cases:
> + * 1. any assigned device is in use.
> + * 2. IPI virtualization is enabled.
> + */
> + if ((!kvm_arch_has_assigned_device(vcpu->kvm) ||
> + !irq_remapping_cap(IRQ_POSTING_CAP)) && !to_vmx(vcpu)->ipiv_active)
> return 0;
This one can be !enable_ipiv because APICv must be active.
>
> @@ -3870,6 +3877,8 @@ static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu, u8 mode)
> vmx_enable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_RW);
> vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_EOI), MSR_TYPE_W);
> vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_SELF_IPI), MSR_TYPE_W);
> + vmx_set_intercept_for_msr(vcpu, X2APIC_MSR(APIC_ICR),
> + MSR_TYPE_RW, !to_vmx(vcpu)->ipiv_active);
> }
> }
Is inside "if (mode & MSR_BITMAP_MODE_X2APIC_APICV)" so APICv must be
activ; so it can be enable_ipiv as well.
In conclusion, you do not need vmx->ipiv_active.
Paolo
Powered by blists - more mailing lists