lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Jul 2021 15:58:17 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: Zeng Guang <guang.zeng@...el.com>, Sean Christopherson <seanjc@...gle.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, Wanpeng Li <wanpengli@...cent.com>, Jim Mattson <jmattson@...gle.com>, Joerg Roedel <joro@...tes.org>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, Dave Hansen <dave.hansen@...ux.intel.com>, "Luck, Tony" <tony.luck@...el.com>, Kan Liang <kan.liang@...ux.intel.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>, Kim Phillips <kim.phillips@....com>, Jarkko Sakkinen <jarkko@...nel.org>, Jethro Beekman <jethro@...tanix.com>, "Huang, Kai" <kai.huang@...el.com> Cc: "x86@...nel.org" <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Hu, Robert" <robert.hu@...el.com>, "Gao, Chao" <chao.gao@...el.com>, Emanuele Giuseppe Esposito <eesposit@...hat.com> Subject: Re: [PATCH 6/6] KVM: VMX: enable IPI virtualization On 19/07/21 14:38, Zeng Guang wrote: >> Understood, but in practice all uses of vmx->ipiv_active are >> guarded by kvm_vcpu_apicv_active so they are always reached with >> vmx->ipiv_active == enable_ipiv. >> >> The one above instead seems wrong and should just use enable_ipiv. > > enable_ipiv associate with "IPI virtualization" setting in tertiary > exec controls and enable_apicv which depends on cpu_has_vmx_apicv(). > kvm_vcpu_apicv_active still can be false even if enable_ipiv is true, > e.g. in case irqchip not emulated in kernel. Right, kvm_vcpu_apicv_active *is* set in init_vmcs. But there's an "if (kvm_vcpu_apicv_active(&vmx->vcpu))" above. You can just stick if (enable_ipicv) install_pid(vmx); inside there. As to the other occurrences of vmx->ipiv_active, look here: > + if (!kvm_vcpu_apicv_active(vcpu)) > + return; > + > + if ((!kvm_arch_has_assigned_device(vcpu->kvm) || > + !irq_remapping_cap(IRQ_POSTING_CAP)) && > + !to_vmx(vcpu)->ipiv_active) > return; > This one can be enable_ipiv because APICv must be active. > + if (!kvm_vcpu_apicv_active(vcpu)) > + return 0; > + > + /* Put vCPU into a list and set NV to wakeup vector if it is > + * one of the following cases: > + * 1. any assigned device is in use. > + * 2. IPI virtualization is enabled. > + */ > + if ((!kvm_arch_has_assigned_device(vcpu->kvm) || > + !irq_remapping_cap(IRQ_POSTING_CAP)) && !to_vmx(vcpu)->ipiv_active) > return 0; This one can be !enable_ipiv because APICv must be active. > > @@ -3870,6 +3877,8 @@ static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu, u8 mode) > vmx_enable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_TMCCT), MSR_TYPE_RW); > vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_EOI), MSR_TYPE_W); > vmx_disable_intercept_for_msr(vcpu, X2APIC_MSR(APIC_SELF_IPI), MSR_TYPE_W); > + vmx_set_intercept_for_msr(vcpu, X2APIC_MSR(APIC_ICR), > + MSR_TYPE_RW, !to_vmx(vcpu)->ipiv_active); > } > } Is inside "if (mode & MSR_BITMAP_MODE_X2APIC_APICV)" so APICv must be activ; so it can be enable_ipiv as well. In conclusion, you do not need vmx->ipiv_active. Paolo
Powered by blists - more mailing lists