[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2022 16:35:30 +0000
From: Andrew Cooper <Andrew.Cooper3@...rix.com>
To: Peter Zijlstra <peterz@...radead.org>,
Paolo Bonzini <pbonzini@...hat.com>
CC: "Li, Xin3" <xin3.li@...el.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"mingo@...hat.com" <mingo@...hat.com>,
"bp@...en8.de" <bp@...en8.de>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"hpa@...or.com" <hpa@...or.com>,
"Christopherson,, Sean" <seanjc@...gle.com>,
Kevin Tian <kevin.tian@...el.com>,
Andrew Cooper <Andrew.Cooper3@...rix.com>
Subject: Re: [RESEND PATCH 5/6] KVM: x86/VMX: add kvm_vmx_reinject_nmi_irq()
for NMI/IRQ reinjection
On 11/11/2022 14:23, Peter Zijlstra wrote:
> On Fri, Nov 11, 2022 at 01:48:26PM +0100, Paolo Bonzini wrote:
>> On 11/11/22 13:19, Peter Zijlstra wrote:
>>> On Fri, Nov 11, 2022 at 01:04:27PM +0100, Paolo Bonzini wrote:
>>>> On Intel you can optionally make it hold onto IRQs, but NMIs are always
>>>> eaten by the VMEXIT and have to be reinjected manually.
>>> That 'optionally' thing worries me -- as in, KVM is currently
>>> opting-out?
>> Yes, because "If the “process posted interrupts” VM-execution control is 1,
>> the “acknowledge interrupt on exit” VM-exit control is 1" (SDM 26.2.1.1,
>> checks on VM-Execution Control Fields). Ipse dixit. Posted interrupts are
>> available and used on all processors since I think Ivy Bridge.
On server SKUs. Client only got "virtual interrupt processing" fairly
recently IIRC, which is the CPU-side property which matters.
> (imagine the non-coc compliant reaction here)
>
> So instead of fixing it, they made it worse :-(
>
> And now FRED is arguably making it worse again, and people wonder why I
> hate virt...
The only FRED-compatible fix is to send a self-NMI, because because you
may need a CSL change too.
VT-x *does* hold the NMI latch (for VMEXIT_REASON NMI), so it's self-NMI
and then enable_nmi()s.
Except the IRET to self won't work - it will need to be ERETS-to-self.
Which I think is fine.
But what isn't fine is the fact that a self-NMI doesn't deliver
synchronously, so you need to wait until it is pending, before enabling
NMIs. (Well, actually you need to ensure that it's definitely delivered
before re-entering the VM).
And I'm totally out of ideas here...
~Andrew
Powered by blists - more mailing lists