lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <68ad817529c6661085ff0524472933ba9f69fd47.camel@infradead.org>
Date: Tue, 02 Dec 2025 15:51:21 +0000
From: David Woodhouse <dwmw2@...radead.org>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Khushit Shah <khushit.shah@...anix.com>, "pbonzini@...hat.com"
 <pbonzini@...hat.com>, "kai.huang@...el.com" <kai.huang@...el.com>, 
 "mingo@...hat.com" <mingo@...hat.com>, "x86@...nel.org" <x86@...nel.org>,
 "bp@...en8.de" <bp@...en8.de>, "hpa@...or.com" <hpa@...or.com>,
 "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
 "kvm@...r.kernel.org" <kvm@...r.kernel.org>,  "dave.hansen@...ux.intel.com"
 <dave.hansen@...ux.intel.com>, "tglx@...utronix.de" <tglx@...utronix.de>, 
 Jon Kohler <jon@...anix.com>, Shaju Abraham <shaju.abraham@...anix.com>,
 "stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH v3] KVM: x86: Add x2APIC "features" to control EOI
 broadcast suppression

On Tue, 2025-12-02 at 07:42 -0800, Sean Christopherson wrote:
> On Tue, Dec 02, 2025, David Woodhouse wrote:
> > On Tue, 2025-12-02 at 12:58 +0000, Khushit Shah wrote:
> > > Thanks for the review!
> > > 
> > > > On 2 Dec 2025, at 2:43 PM, David Woodhouse <dwmw2@...radead.org> wrote:
> > > > 
> > > > Firstly, excellent work debugging and diagnosing that!
> > > > 
> > > > On Tue, 2025-11-25 at 18:05 +0000, Khushit Shah wrote:
> > > > > 
> > > > > --- a/Documentation/virt/kvm/api.rst
> > > > > +++ b/Documentation/virt/kvm/api.rst
> > > > > @@ -7800,8 +7800,10 @@ Will return -EBUSY if a VCPU has already been created.
> > > > >  
> > > > >  Valid feature flags in args[0] are::
> > > > >  
> > > > > -  #define KVM_X2APIC_API_USE_32BIT_IDS            (1ULL << 0)
> > > > > -  #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK  (1ULL << 1)
> > > > > +  #define KVM_X2APIC_API_USE_32BIT_IDS                               (1ULL << 0)
> > > > > +  #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK                     (1ULL << 1)
> > > > > +  #define KVM_X2APIC_API_DISABLE_IGNORE_SUPPRESS_EOI_BROADCAST_QUIRK (1ULL << 2)
> > > > > +  #define KVM_X2APIC_API_DISABLE_SUPPRESS_EOI_BROADCAST              (1ULL << 3)
> > > > > 
> > > > 
> > > > I kind of hate these names. This part right here is what we leave
> > > > behind for future generations, to understand the weird behaviour of
> > > > KVM. To have "IGNORE" "SUPPRESS" "QUIRK" all in the same flag, quite
> > > > apart from the length of the token, makes my brain hurt.
> 
> ...
> 
> > > > Could we perhaps call them 'ENABLE_SUPPRESS_EOI_BROADCAST' and
> > > > 'DISABLE_SUPPRESS_EOI_BROADCAST', with a note saying that modern VMMs
> > > > should always explicitly enable one or the other, because for
> > > > historical reasons KVM only *pretends* to support it by default but it
> > > > doesn't actually work correctly?
> 
> I don't disagree on the names being painful, but ENABLE_SUPPRESS_EOI_BROADCAST
> vs. DISABLE_SUPPRESS_EOI_BROADCAST won't work, and is even more confusing IMO.

I dunno, KVM never actually *did* suppress the EOI broadcast anyway,
did it? This fix really *does* enable it — as opposed to just
pretending to?

I was thinking along the lines of ...


Setting KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST causes KVM to
advertise and correctly implement the Directed EOI feature in the local
APIC, suppressing broadcast EOI when the feature is enabled by the
guest.

Setting KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST causes KVM not to
advertise the Directed EOI feature in the local APIC.

Userspace should explicitly either enable or disable the EOI broadcast
using one of the two flags above. For historical compatibility reasons,
if neither flag is set then KVM will advertise the feature but will not
actually suppress the EOI broadcast, leading to potential IRQ storms in
some guest configurations.

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5069 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ