lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b9ee5f62e904a690d7e2d8837ade8ece7e24a359.camel@redhat.com>
Date:   Tue, 26 Apr 2022 10:06:46 +0300
From:   Maxim Levitsky <mlevitsk@...hat.com>
To:     Suravee Suthikulpanit <suravee.suthikulpanit@....com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc:     pbonzini@...hat.com, seanjc@...gle.com, joro@...tes.org,
        jon.grimm@....com, wei.huang2@....com, terry.bowman@....com
Subject: Re: [PATCH v2 11/12] KVM: SVM: Do not inhibit APICv when x2APIC is
 present

On Tue, 2022-04-26 at 09:25 +0700, Suravee Suthikulpanit wrote:
> Hi Maim,
> 
> On 4/19/22 8:29 PM, Maxim Levitsky wrote:
> > On Tue, 2022-04-12 at 06:58 -0500, Suravee Suthikulpanit wrote:
> > 
> > Hi!
> > 
> > 
> > I just got an idea, while writing a kvm selftest that would use AVIC,
> > and finding out that selftest code uploads the '-host' cpuid right away
> > which has x2apic enabled and that inhibits AVIC, and later clearing x2apic
> > in the cpuid doesn't un-inhibit it.
> >   
> > That can be fixed in few ways but that got me thinking:
> >   
> > Why do we inhibit AVIC when the guest uses x2apic, even without X2AVIC?
> > I think that if we didn't it would just work, and even work faster than
> > pure software x2apic.
> >   
> > My thinking is:
> >   
> > - when a vcpu itself uses its x2apic, even if its avic is not inhibited,
> > the guest will write x2apic msrs which kvm intercepts and will correctly emulate a proper x2apic.
> >   
> > - vcpu peers will also use x2apic msrs and again it will work correctly
> > (even when there are more than 256 vcpus).
> >   
> > - and the host + iommu will still be able to use AVIC's doorbell to send interrupts to the guest
> > and that doesn't need apic ids or anything, it should work just fine.
> > 
> > Also AVIC should have no issues scanning IRR and injecting interrupts on VM entry,
> > x2apic mode doesn't matter for that.
> >   
> > AVIC mmio can still be though discovered by the guest which is technically against x86 spec
> > (in x2apic mode, mmio supposed to not work) but that can be fixed easily by disabing
> > the AVIC memslot if any of the vCPUs are in x2apic mode, or this can be ignored since
> > it should not cause any issues.
> > We seem to have a quirk for that KVM_X86_QUIRK_LAPIC_MMIO_HOLE.
> >   
> > On top of all this, removing this inhibit will also allow to test AVIC with guest
> > which does have x2apic in the CPUID but doesn't use it (e.g kvm unit test, or
> > linux booted with nox2apic, which is also nice IMHO)
> >   
> > What do you think?
> 
> This is actually a good idea!!! Let's call it hybrid-x2AVIC :)
> 
> I am working on prototype and test out the support for this, which will be introduced in V3.

Thanks! 

Best regards,
	Maxim Levitsky

> 
> Regards,
> Suravee
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ