From patchwork Wed Oct 18 19:20:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 155094 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp5015772vqb; Wed, 18 Oct 2023 12:20:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE44k7ubInRVvvPdg0UTctcgaX/YYstFhMBXIVKEDYI/FsNG5OLrMdM6tvggUrBXNDXKgKE X-Received: by 2002:a17:90a:ae81:b0:27d:1df4:2920 with SMTP id u1-20020a17090aae8100b0027d1df42920mr63063pjq.34.1697656844303; Wed, 18 Oct 2023 12:20:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697656844; cv=none; d=google.com; s=arc-20160816; b=cidRV9lHxunfpRbRnNlZhn0A0KTC6FJs9dYsr/Y/MJoAKgUQ55StEMB+3B1KmtFDj8 YpCS0aMbreDFLBA1+2SdHOeQTfYFZFtrsk+3HSnC4RWloKOWDjQcFTU+iEYVoHUH8+U4 c28JSR42uxCrCIzdzeliyvgHVNsxzulm0FoVEkO5+T6EokB48G4ESR6mQ/AaYkIpi8vq tg0x8xJGCvnGsB797VtcwISdOFNQLD2CoSOK1Gj/ediHgQoQinAKk5D2w/7oDtUxN9tr M0yhbRwF5mz2dNSM5TBpCJ1LB/UnJPlEtlKiAHkHJ296/7KOq13N4D+6xnxVtM1QLFKE 6vCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date :reply-to:dkim-signature; bh=H7ppnBIIrbmfIJgnyx9B9RiTitNvmGmwskuXYW2Y3sk=; fh=+bHu51nEgy2HG3H76aTWZEQfC1nIHMYOIdNEx2cUoYY=; b=jm3Y/ZWCfnceM5trFwE1l+cS/iEJcPXZCZC6WW2K6uLwzL1357FEiE0Nsz2Hc9XDLZ mPmTbeYmtmEKHb+HC4rq+fz+vSy07NpRvDrTVj1QxuMB2ICUdnDmsnKODscEMeIzalzd Pfc8ld9kim+Cmez2E4Lz4fO5g8U78Q+Lw08iTD47Wwtff3ceiS70uPrPaeQ2DqpRITAw 1e9CjoEMrGA4W9+FSECHAYZb18lZVpOLAXdZ1vKWsUUfiimHJCV7BXQBBpQS3vNkJHu2 xheZGerKBsadTNTMICpxa1MI5LbbwX3yyNwLWbhMXxuCTtRu2TlmFkHngyBl55PEmwLp 3sdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="Eh+lgmU/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id nu10-20020a17090b1b0a00b0027dbf69ec11si467457pjb.160.2023.10.18.12.20.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 12:20:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="Eh+lgmU/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id DB4908082850; Wed, 18 Oct 2023 12:20:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231452AbjJRTU1 (ORCPT + 24 others); Wed, 18 Oct 2023 15:20:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230421AbjJRTU0 (ORCPT ); Wed, 18 Oct 2023 15:20:26 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A620D119 for ; Wed, 18 Oct 2023 12:20:24 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1c9e0b9b96cso51804935ad.2 for ; Wed, 18 Oct 2023 12:20:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697656824; x=1698261624; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc :subject:date:message-id:reply-to; bh=H7ppnBIIrbmfIJgnyx9B9RiTitNvmGmwskuXYW2Y3sk=; b=Eh+lgmU/yLFcI4f/ahRmW3zanjUCZG9OkK3vNWgq1j9GrPbUBhq09t376RbY1BBXDo JbspcSvDp2LYTk/d4EXp/e17UBoGy/w1vjEOGKf24/ZOQHfJ6++hoO1pVb2Fj5HAAJFG zzBNeEQqFXeitii8VRQ0+lQ6uP/aZd83yq24Fd0fWwARrYErbsgspqURWOaA1MQpMBR0 aj5jhWZUBIX27A0ThvrEoq/onaw3UnjKlK1I9jdKhm9p90xZ/9L6JsBQ8MgPuF+pCakc XvKdftOY3ezawUHR1D1a03Y8+rOxPbSsN+lUJ70bfNId7wasXeEQ4vjWoT9EUafYnezx I6lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697656824; x=1698261624; h=cc:to:from:subject:message-id:mime-version:date:reply-to :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=H7ppnBIIrbmfIJgnyx9B9RiTitNvmGmwskuXYW2Y3sk=; b=DIWcV7DhjmBLDO5XB8wMESnkTKE6uG/m27ErvdP/IXuoo1BHbTVtqbdxeZH6IFecx7 CH8BZNyXguk7qRG+KqId5QiuTuXhgbAD0knsLN3W+AifAAJOWePReVqEnDQELBr60IFl /KG9aU0+qIp5VklMoHMMi4ttlKV5XD0cdtwwTBVae0EVaty2+s0p3eJmSN1OIHHAOQQR TBcfQGuvVaqZCyCLA6nm3R5OS6Vh+Mnex2Z0xoJbTDdfGDmjz+r3QIuDUsL+VYSk9C34 Zi3q1F4800Akc1qKDgkLpgWhsP2OlQ3UvWPpSZndJEYTPn8wgl5l3DOgrPcYynsx2r+C VXSA== X-Gm-Message-State: AOJu0YwoR0cTSlcSvkxrJ85poIKjembvr/bCsNGKqRTwey8/bUmoEOr4 jph5ipyVeXQZ/yvOG0V+uzLRYNavhpM= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:c9c4:b0:1ca:a382:7fc1 with SMTP id q4-20020a170902c9c400b001caa3827fc1mr6069pld.12.1697656824132; Wed, 18 Oct 2023 12:20:24 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 18 Oct 2023 12:20:21 -0700 Mime-Version: 1.0 X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog Message-ID: <20231018192021.1893261-1-seanjc@google.com> Subject: [PATCH v2] KVM: SVM: Don't intercept IRET when injecting NMI and vNMI is enabled From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Santosh Shukla , Maxim Levitsky X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 18 Oct 2023 12:20:39 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780122222708402216 X-GMAIL-MSGID: 1780122222708402216 When vNMI is enabled, rely entirely on hardware to correctly handle NMI blocking, i.e. don't intercept IRET to detect when NMIs are no longer blocked. KVM already correctly ignores svm->nmi_masked when vNMI is enabled, so the effect of the bug is essentially an unnecessary VM-Exit. KVM intercepts IRET for two reasons: - To track NMI masking to be able to know at any point of time if NMI is masked. - To track NMI windows (to inject another NMI after the guest executes IRET, i.e. unblocks NMIs) When vNMI is enabled, both cases are handled by hardware: - NMI masking state resides in int_ctl.V_NMI_BLOCKING and can be read by KVM at will. - Hardware automatically "injects" pending virtual NMIs when virtual NMIs become unblocked. However, even though pending a virtual NMI for hardware to handle is the most common way to synthesize a guest NMI, KVM may still directly inject an NMI via when KVM is handling two "simultaneous" NMIs (see comments in process_nmi() for details on KVM's simultaneous NMI handling). Per AMD's APM, hardware sets the BLOCKING flag when software directly injects an NMI as well, i.e. KVM doesn't need to manually mark vNMIs as blocked: If Event Injection is used to inject an NMI when NMI Virtualization is enabled, VMRUN sets V_NMI_MASK in the guest state. Note, it's still possible that KVM could trigger a spurious IRET VM-Exit. When running a nested guest, KVM disables vNMI for L2 and thus will enable IRET interception (in both vmcb01 and vmcb02) while running L2 reason. If a nested VM-Exit happens before L2 executes IRET, KVM can end up running L1 with vNMI enable and IRET intercepted. This is also a benign bug, and even less likely to happen, i.e. can be safely punted to a future fix. Fixes: fa4c027a7956 ("KVM: x86: Add support for SVM's Virtual NMI") Link: https://lore.kernel.org/all/ZOdnuDZUd4mevCqe@google.como Cc: Santosh Shukla Cc: Maxim Levitsky Signed-off-by: Sean Christopherson Tested-by: Santosh Shukla --- v2: Expand changelog to explain the various behaviors and combos. [Maxim] v1: https://lore.kernel.org/all/20231009212919.221810-1-seanjc@google.com arch/x86/kvm/svm/svm.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) base-commit: 437bba5ad2bba00c2056c896753a32edf80860cc diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 1785de7dc98b..517a12e0f1fd 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3568,8 +3568,15 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) if (svm->nmi_l1_to_l2) return; - svm->nmi_masked = true; - svm_set_iret_intercept(svm); + /* + * No need to manually track NMI masking when vNMI is enabled, hardware + * automatically sets V_NMI_BLOCKING_MASK as appropriate, including the + * case where software directly injects an NMI. + */ + if (!is_vnmi_enabled(svm)) { + svm->nmi_masked = true; + svm_set_iret_intercept(svm); + } ++vcpu->stat.nmi_injections; }