| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c210c32b8e8345c9265535ae9347678f679e7d83.1770116051.git.isaku.yamahata@intel.com>
Date: Tue, 3 Feb 2026 10:17:06 -0800
From: isaku.yamahata@...el.com
To: kvm@...r.kernel.org
Cc: isaku.yamahata@...el.com,
isaku.yamahata@...il.com,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH 23/32] KVM: nVMX: Introduce module parameter for nested APIC timer virtualization
From: Isaku Yamahata <isaku.yamahata@...el.com>
Introduce a new module parameter, nested_apic_timer_virt, to control the
nested virtualization of the APIC timer in KVM.
The nested_apic_timer_virt parameter is set to true by default on processor
platforms that support APIC timer virtualization. On platforms that do not
support this feature, the parameter will indicate that APIC timer
virtualization is not available.
Signed-off-by: Isaku Yamahata <isaku.yamahata@...el.com>
---
arch/x86/kvm/vmx/capabilities.h | 1 +
arch/x86/kvm/vmx/nested.c | 13 ++++++++++++-
arch/x86/kvm/vmx/vmx.c | 2 +-
3 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
index f73a50c887ac..8d8beae4839a 100644
--- a/arch/x86/kvm/vmx/capabilities.h
+++ b/arch/x86/kvm/vmx/capabilities.h
@@ -15,6 +15,7 @@ extern bool __read_mostly enable_ept;
extern bool __read_mostly enable_unrestricted_guest;
extern bool __read_mostly enable_ept_ad_bits;
extern bool __read_mostly enable_pml;
+extern bool __read_mostly enable_apic_timer_virt;
extern int __read_mostly pt_mode;
#define PT_MODE_SYSTEM 0
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index a940f1d9ee83..fd2c3b11aabe 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -27,6 +27,10 @@ module_param_named(enable_shadow_vmcs, enable_shadow_vmcs, bool, S_IRUGO);
static bool __ro_after_init warn_on_missed_cc;
module_param(warn_on_missed_cc, bool, 0444);
+static bool __read_mostly enable_nested_apic_timer_virt = true;
+module_param_named(nested_apic_timer_virt, enable_nested_apic_timer_virt, bool,
+ S_IRUGO);
+
#define CC KVM_NESTED_VMENTER_CONSISTENCY_CHECK
/*
@@ -7485,13 +7489,20 @@ static void nested_vmx_setup_secondary_ctls(u32 ept_caps,
static void nested_vmx_setup_tertiary_ctls(struct vmcs_config *vmcs_conf,
struct nested_vmx_msrs *msrs)
{
- msrs->tertiary_ctls = vmcs_conf->cpu_based_3rd_exec_ctrl;
+ enable_nested_apic_timer_virt &= enable_apic_timer_virt;
+ msrs->tertiary_ctls = vmcs_conf->cpu_based_3rd_exec_ctrl;
msrs->tertiary_ctls &= TERTIARY_EXEC_GUEST_APIC_TIMER;
+ if (!enable_nested_apic_timer_virt)
+ msrs->tertiary_ctls &= ~TERTIARY_EXEC_GUEST_APIC_TIMER;
+
if (msrs->tertiary_ctls)
msrs->procbased_ctls_high |=
CPU_BASED_ACTIVATE_TERTIARY_CONTROLS;
+
+ if (!(msrs->tertiary_ctls & TERTIARY_EXEC_GUEST_APIC_TIMER))
+ enable_nested_apic_timer_virt = false;
}
static void nested_vmx_setup_misc_data(struct vmcs_config *vmcs_conf,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 76725f8dd228..bc4611629879 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -118,7 +118,7 @@ module_param(enable_ipiv, bool, 0444);
module_param(enable_device_posted_irqs, bool, 0444);
-static bool __read_mostly enable_apic_timer_virt = true;
+bool __read_mostly enable_apic_timer_virt = true;
module_param_named(apic_timer_virt, enable_apic_timer_virt, bool, 0444);
/*
--
2.45.2
Powered by blists - more mailing lists