lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Mar 2022 10:39:26 -0600 From: Suravee Suthikulpanit <suravee.suthikulpanit@....com> To: <linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org> CC: <pbonzini@...hat.com>, <mlevitsk@...hat.com>, <seanjc@...gle.com>, <joro@...tes.org>, <jon.grimm@....com>, <wei.huang2@....com>, <terry.bowman@....com>, Suravee Suthikulpanit <suravee.suthikulpanit@....com> Subject: [RFCv2 PATCH 12/12] KVM: SVM: Do not inhibit APICv when x2APIC is present Currently, AVIC is inhibited when booting a VM w/ x2APIC support. This is because AVIC cannot virtualize x2APIC mode in the VM. With x2AVIC support, the APICV_INHIBIT_REASON_X2APIC is no longer enforced. Reviewed-by: Maxim Levitsky <mlevitsk@...hat.com> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@....com> --- arch/x86/kvm/svm/avic.c | 21 +++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 18 ++---------------- arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index 015888aad8fc..e4bf4f68f332 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -21,6 +21,7 @@ #include <asm/irq_remapping.h> +#include "cpuid.h" #include "trace.h" #include "lapic.h" #include "x86.h" @@ -159,6 +160,26 @@ void avic_vm_destroy(struct kvm *kvm) spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags); } +void avic_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu, int nested) +{ + /* + * If the X2APIC feature is exposed to the guest, + * disable AVIC unless X2AVIC mode is enabled. + */ + if (avic_mode == AVIC_MODE_X1 && + guest_cpuid_has(vcpu, X86_FEATURE_X2APIC)) + kvm_request_apicv_update(vcpu->kvm, false, + APICV_INHIBIT_REASON_X2APIC); + + /* + * Currently, AVIC does not work with nested virtualization. + * So, we disable AVIC when cpuid for SVM is set in the L1 guest. + */ + if (nested && guest_cpuid_has(vcpu, X86_FEATURE_SVM)) + kvm_request_apicv_update(vcpu->kvm, false, + APICV_INHIBIT_REASON_NESTED); +} + int avic_vm_init(struct kvm *kvm) { unsigned long flags; diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index ce3c68a785cf..01384ccdb56c 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3988,23 +3988,9 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) vcpu->arch.reserved_gpa_bits &= ~(1UL << (best->ebx & 0x3f)); } - if (kvm_vcpu_apicv_active(vcpu)) { - /* - * AVIC does not work with an x2APIC mode guest. If the X2APIC feature - * is exposed to the guest, disable AVIC. - */ - if (guest_cpuid_has(vcpu, X86_FEATURE_X2APIC)) - kvm_request_apicv_update(vcpu->kvm, false, - APICV_INHIBIT_REASON_X2APIC); + if (kvm_vcpu_apicv_active(vcpu)) + avic_vcpu_after_set_cpuid(vcpu, nested); - /* - * Currently, AVIC does not work with nested virtualization. - * So, we disable AVIC when cpuid for SVM is set in the L1 guest. - */ - if (nested && guest_cpuid_has(vcpu, X86_FEATURE_SVM)) - kvm_request_apicv_update(vcpu->kvm, false, - APICV_INHIBIT_REASON_NESTED); - } init_vmcb_after_set_cpuid(vcpu); } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 19ad40b8383b..30fd9c8da9f2 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -576,6 +576,7 @@ int avic_init_vcpu(struct vcpu_svm *svm); void avic_vcpu_load(struct kvm_vcpu *vcpu, int cpu); void avic_vcpu_put(struct kvm_vcpu *vcpu); void avic_post_state_restore(struct kvm_vcpu *vcpu); +void avic_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu, int nested); void svm_set_virtual_apic_mode(struct kvm_vcpu *vcpu); void svm_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu); bool svm_check_apicv_inhibit_reasons(ulong bit); -- 2.25.1
Powered by blists - more mailing lists