2020-03-31 12:17:38 -04:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
|
/*
|
|
|
|
|
* Kernel-based Virtual Machine driver for Linux
|
|
|
|
|
*
|
|
|
|
|
* AMD SVM support
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2006 Qumranet, Inc.
|
|
|
|
|
* Copyright 2010 Red Hat, Inc. and/or its affiliates.
|
|
|
|
|
*
|
|
|
|
|
* Authors:
|
|
|
|
|
* Yaniv Kamay <yaniv@qumranet.com>
|
|
|
|
|
* Avi Kivity <avi@qumranet.com>
|
|
|
|
|
*/
|
|
|
|
|
|
KVM: x86: Unify pr_fmt to use module name for all KVM modules
Define pr_fmt using KBUILD_MODNAME for all KVM x86 code so that printks
use consistent formatting across common x86, Intel, and AMD code. In
addition to providing consistent print formatting, using KBUILD_MODNAME,
e.g. kvm_amd and kvm_intel, allows referencing SVM and VMX (and SEV and
SGX and ...) as technologies without generating weird messages, and
without causing naming conflicts with other kernel code, e.g. "SEV: ",
"tdx: ", "sgx: " etc.. are all used by the kernel for non-KVM subsystems.
Opportunistically move away from printk() for prints that need to be
modified anyways, e.g. to drop a manual "kvm: " prefix.
Opportunistically convert a few SGX WARNs that are similarly modified to
WARN_ONCE; in the very unlikely event that the WARNs fire, odds are good
that they would fire repeatedly and spam the kernel log without providing
unique information in each print.
Note, defining pr_fmt yields undesirable results for code that uses KVM's
printk wrappers, e.g. vcpu_unimpl(). But, that's a pre-existing problem
as SVM/kvm_amd already defines a pr_fmt, and thankfully use of KVM's
wrappers is relatively limited in KVM x86 code.
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20221130230934.1014142-35-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-11-30 23:09:18 +00:00
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
#include <linux/kvm_types.h>
|
|
|
|
|
#include <linux/hashtable.h>
|
|
|
|
|
#include <linux/amd-iommu.h>
|
|
|
|
|
#include <linux/kvm_host.h>
|
2025-06-11 15:45:06 -07:00
|
|
|
#include <linux/kvm_irqfd.h>
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
#include <asm/irq_remapping.h>
|
2025-04-30 22:42:41 -07:00
|
|
|
#include <asm/msr.h>
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
#include "trace.h"
|
|
|
|
|
#include "lapic.h"
|
|
|
|
|
#include "x86.h"
|
|
|
|
|
#include "irq.h"
|
|
|
|
|
#include "svm.h"
|
|
|
|
|
|
2023-02-07 00:21:55 +00:00
|
|
|
/*
|
2025-06-11 15:45:58 -07:00
|
|
|
* Encode the arbitrary VM ID and the vCPU's _index_ into the GATag so that
|
|
|
|
|
* KVM can retrieve the correct vCPU from a GALog entry if an interrupt can't
|
|
|
|
|
* be delivered, e.g. because the vCPU isn't running. Use the vCPU's index
|
|
|
|
|
* instead of its ID (a.k.a. its default APIC ID), as KVM is guaranteed a fast
|
|
|
|
|
* lookup on the index, where as vCPUs whose index doesn't match their ID need
|
|
|
|
|
* to walk the entire xarray of vCPUs in the worst case scenario.
|
2023-02-07 00:21:55 +00:00
|
|
|
*
|
2025-06-11 15:45:58 -07:00
|
|
|
* For the vCPU index, use however many bits are currently allowed for the max
|
2023-02-07 00:21:55 +00:00
|
|
|
* guest physical APIC ID (limited by the size of the physical ID table), and
|
|
|
|
|
* use whatever bits remain to assign arbitrary AVIC IDs to VMs. Note, the
|
|
|
|
|
* size of the GATag is defined by hardware (32 bits), but is an opaque value
|
|
|
|
|
* as far as hardware is concerned.
|
|
|
|
|
*/
|
2025-06-11 15:45:58 -07:00
|
|
|
#define AVIC_VCPU_IDX_MASK AVIC_PHYSICAL_MAX_INDEX_MASK
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2023-02-07 00:21:55 +00:00
|
|
|
#define AVIC_VM_ID_SHIFT HWEIGHT32(AVIC_PHYSICAL_MAX_INDEX_MASK)
|
|
|
|
|
#define AVIC_VM_ID_MASK (GENMASK(31, AVIC_VM_ID_SHIFT) >> AVIC_VM_ID_SHIFT)
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2023-02-07 00:21:55 +00:00
|
|
|
#define AVIC_GATAG_TO_VMID(x) ((x >> AVIC_VM_ID_SHIFT) & AVIC_VM_ID_MASK)
|
2025-06-11 15:45:58 -07:00
|
|
|
#define AVIC_GATAG_TO_VCPUIDX(x) (x & AVIC_VCPU_IDX_MASK)
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2025-06-11 15:45:58 -07:00
|
|
|
#define __AVIC_GATAG(vm_id, vcpu_idx) ((((vm_id) & AVIC_VM_ID_MASK) << AVIC_VM_ID_SHIFT) | \
|
|
|
|
|
((vcpu_idx) & AVIC_VCPU_IDX_MASK))
|
|
|
|
|
#define AVIC_GATAG(vm_id, vcpu_idx) \
|
2023-02-07 00:21:56 +00:00
|
|
|
({ \
|
2025-06-11 15:45:58 -07:00
|
|
|
u32 ga_tag = __AVIC_GATAG(vm_id, vcpu_idx); \
|
2023-02-07 00:21:56 +00:00
|
|
|
\
|
2025-06-11 15:45:58 -07:00
|
|
|
WARN_ON_ONCE(AVIC_GATAG_TO_VCPUIDX(ga_tag) != (vcpu_idx)); \
|
2023-02-07 00:21:56 +00:00
|
|
|
WARN_ON_ONCE(AVIC_GATAG_TO_VMID(ga_tag) != (vm_id)); \
|
|
|
|
|
ga_tag; \
|
|
|
|
|
})
|
|
|
|
|
|
2025-06-11 15:45:58 -07:00
|
|
|
static_assert(__AVIC_GATAG(AVIC_VM_ID_MASK, AVIC_VCPU_IDX_MASK) == -1u);
|
2023-02-07 00:21:55 +00:00
|
|
|
|
2022-05-19 05:26:55 -05:00
|
|
|
static bool force_avic;
|
|
|
|
|
module_param_unsafe(force_avic, bool, 0444);
|
|
|
|
|
|
2020-03-31 12:17:38 -04:00
|
|
|
/* Note:
|
|
|
|
|
* This hash table is used to map VM_ID to a struct kvm_svm,
|
|
|
|
|
* when handling AMD IOMMU GALOG notification to schedule in
|
|
|
|
|
* a particular vCPU.
|
|
|
|
|
*/
|
|
|
|
|
#define SVM_VM_DATA_HASH_BITS 8
|
|
|
|
|
static DEFINE_HASHTABLE(svm_vm_data_hash, SVM_VM_DATA_HASH_BITS);
|
|
|
|
|
static u32 next_vm_id = 0;
|
|
|
|
|
static bool next_vm_id_wrapped = 0;
|
|
|
|
|
static DEFINE_SPINLOCK(svm_vm_data_hash_lock);
|
2023-01-06 01:12:44 +00:00
|
|
|
bool x2avic_enabled;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2022-05-19 05:27:03 -05:00
|
|
|
static void avic_activate_vmcb(struct vcpu_svm *svm)
|
|
|
|
|
{
|
|
|
|
|
struct vmcb *vmcb = svm->vmcb01.ptr;
|
|
|
|
|
|
|
|
|
|
vmcb->control.int_ctl &= ~(AVIC_ENABLE_MASK | X2APIC_MODE_MASK);
|
|
|
|
|
vmcb->control.avic_physical_id &= ~AVIC_PHYSICAL_MAX_INDEX_MASK;
|
|
|
|
|
|
|
|
|
|
vmcb->control.int_ctl |= AVIC_ENABLE_MASK;
|
2022-05-19 05:27:05 -05:00
|
|
|
|
KVM: x86: Inhibit APIC memslot if x2APIC and AVIC are enabled
Free the APIC access page memslot if any vCPU enables x2APIC and SVM's
AVIC is enabled to prevent accesses to the virtual APIC on vCPUs with
x2APIC enabled. On AMD, if its "hybrid" mode is enabled (AVIC is enabled
when x2APIC is enabled even without x2AVIC support), keeping the APIC
access page memslot results in the guest being able to access the virtual
APIC page as x2APIC is fully emulated by KVM. I.e. hardware isn't aware
that the guest is operating in x2APIC mode.
Exempt nested SVM's update of APICv state from the new logic as x2APIC
can't be toggled on VM-Exit. In practice, invoking the x2APIC logic
should be harmless precisely because it should be a glorified nop, but
play it safe to avoid latent bugs, e.g. with dropping the vCPU's SRCU
lock.
Intel doesn't suffer from the same issue as APICv has fully independent
VMCS controls for xAPIC vs. x2APIC virtualization. Technically, KVM
should provide bus error semantics and not memory semantics for the APIC
page when x2APIC is enabled, but KVM already provides memory semantics in
other scenarios, e.g. if APICv/AVIC is enabled and the APIC is hardware
disabled (via APIC_BASE MSR).
Note, checking apic_access_memslot_enabled without taking locks relies
it being set during vCPU creation (before kvm_vcpu_reset()). vCPUs can
race to set the inhibit and delete the memslot, i.e. can get false
positives, but can't get false negatives as apic_access_memslot_enabled
can't be toggled "on" once any vCPU reaches KVM_RUN.
Opportunistically drop the "can" while updating avic_activate_vmcb()'s
comment, i.e. to state that KVM _does_ support the hybrid mode. Move
the "Note:" down a line to conform to preferred kernel/KVM multi-line
comment style.
Opportunistically update the apicv_update_lock comment, as it isn't
actually used to protect apic_access_memslot_enabled (which is protected
by slots_lock).
Fixes: 0e311d33bfbe ("KVM: SVM: Introduce hybrid-AVIC mode")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20230106011306.85230-11-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-01-06 01:12:43 +00:00
|
|
|
/*
|
|
|
|
|
* Note: KVM supports hybrid-AVIC mode, where KVM emulates x2APIC MSR
|
|
|
|
|
* accesses, while interrupt injection to a running vCPU can be
|
|
|
|
|
* achieved using AVIC doorbell. KVM disables the APIC access page
|
|
|
|
|
* (deletes the memslot) if any vCPU has x2APIC enabled, thus enabling
|
|
|
|
|
* AVIC in hybrid mode activates only the doorbell mechanism.
|
2022-05-19 05:27:05 -05:00
|
|
|
*/
|
2023-01-06 01:12:44 +00:00
|
|
|
if (x2avic_enabled && apic_x2apic_mode(svm->vcpu.arch.apic)) {
|
2022-05-19 05:27:03 -05:00
|
|
|
vmcb->control.int_ctl |= X2APIC_MODE_MASK;
|
|
|
|
|
vmcb->control.avic_physical_id |= X2AVIC_MAX_PHYSICAL_ID;
|
|
|
|
|
/* Disabling MSR intercept for x2APIC registers */
|
|
|
|
|
svm_set_x2apic_msr_interception(svm, false);
|
|
|
|
|
} else {
|
2023-01-06 01:12:36 +00:00
|
|
|
/*
|
|
|
|
|
* Flush the TLB, the guest may have inserted a non-APIC
|
|
|
|
|
* mapping into the TLB while AVIC was disabled.
|
|
|
|
|
*/
|
|
|
|
|
kvm_make_request(KVM_REQ_TLB_FLUSH_CURRENT, &svm->vcpu);
|
|
|
|
|
|
2022-05-19 05:27:05 -05:00
|
|
|
/* For xAVIC and hybrid-xAVIC modes */
|
2022-05-19 05:27:03 -05:00
|
|
|
vmcb->control.avic_physical_id |= AVIC_MAX_PHYSICAL_ID;
|
|
|
|
|
/* Enabling MSR intercept for x2APIC registers */
|
|
|
|
|
svm_set_x2apic_msr_interception(svm, true);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void avic_deactivate_vmcb(struct vcpu_svm *svm)
|
|
|
|
|
{
|
|
|
|
|
struct vmcb *vmcb = svm->vmcb01.ptr;
|
|
|
|
|
|
|
|
|
|
vmcb->control.int_ctl &= ~(AVIC_ENABLE_MASK | X2APIC_MODE_MASK);
|
|
|
|
|
vmcb->control.avic_physical_id &= ~AVIC_PHYSICAL_MAX_INDEX_MASK;
|
|
|
|
|
|
2022-05-19 05:27:09 -05:00
|
|
|
/*
|
|
|
|
|
* If running nested and the guest uses its own MSR bitmap, there
|
|
|
|
|
* is no need to update L0's msr bitmap
|
|
|
|
|
*/
|
|
|
|
|
if (is_guest_mode(&svm->vcpu) &&
|
|
|
|
|
vmcb12_is_intercept(&svm->nested.ctl, INTERCEPT_MSR_PROT))
|
|
|
|
|
return;
|
|
|
|
|
|
2022-05-19 05:27:03 -05:00
|
|
|
/* Enabling MSR intercept for x2APIC registers */
|
|
|
|
|
svm_set_x2apic_msr_interception(svm, true);
|
|
|
|
|
}
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
/* Note:
|
|
|
|
|
* This function is called from IOMMU driver to notify
|
|
|
|
|
* SVM to schedule in a particular vCPU of a particular VM.
|
|
|
|
|
*/
|
|
|
|
|
int avic_ga_log_notifier(u32 ga_tag)
|
|
|
|
|
{
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
struct kvm_svm *kvm_svm;
|
|
|
|
|
struct kvm_vcpu *vcpu = NULL;
|
|
|
|
|
u32 vm_id = AVIC_GATAG_TO_VMID(ga_tag);
|
2025-06-11 15:45:58 -07:00
|
|
|
u32 vcpu_idx = AVIC_GATAG_TO_VCPUIDX(ga_tag);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2025-06-11 15:45:58 -07:00
|
|
|
pr_debug("SVM: %s: vm_id=%#x, vcpu_idx=%#x\n", __func__, vm_id, vcpu_idx);
|
|
|
|
|
trace_kvm_avic_ga_log(vm_id, vcpu_idx);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
spin_lock_irqsave(&svm_vm_data_hash_lock, flags);
|
|
|
|
|
hash_for_each_possible(svm_vm_data_hash, kvm_svm, hnode, vm_id) {
|
|
|
|
|
if (kvm_svm->avic_vm_id != vm_id)
|
|
|
|
|
continue;
|
2025-06-11 15:45:58 -07:00
|
|
|
vcpu = kvm_get_vcpu(&kvm_svm->kvm, vcpu_idx);
|
2020-03-31 12:17:38 -04:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags);
|
|
|
|
|
|
|
|
|
|
/* Note:
|
|
|
|
|
* At this point, the IOMMU should have already set the pending
|
|
|
|
|
* bit in the vAPIC backing page. So, we just need to schedule
|
|
|
|
|
* in the vcpu.
|
|
|
|
|
*/
|
|
|
|
|
if (vcpu)
|
|
|
|
|
kvm_vcpu_wake_up(vcpu);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void avic_vm_destroy(struct kvm *kvm)
|
|
|
|
|
{
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
struct kvm_svm *kvm_svm = to_kvm_svm(kvm);
|
|
|
|
|
|
2021-06-09 17:09:08 +02:00
|
|
|
if (!enable_apicv)
|
2020-03-31 12:17:38 -04:00
|
|
|
return;
|
|
|
|
|
|
2025-06-11 15:45:17 -07:00
|
|
|
free_page((unsigned long)kvm_svm->avic_logical_id_table);
|
|
|
|
|
free_page((unsigned long)kvm_svm->avic_physical_id_table);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
spin_lock_irqsave(&svm_vm_data_hash_lock, flags);
|
|
|
|
|
hash_del(&kvm_svm->hnode);
|
|
|
|
|
spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int avic_vm_init(struct kvm *kvm)
|
|
|
|
|
{
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
int err = -ENOMEM;
|
|
|
|
|
struct kvm_svm *kvm_svm = to_kvm_svm(kvm);
|
|
|
|
|
struct kvm_svm *k2;
|
|
|
|
|
u32 vm_id;
|
|
|
|
|
|
2021-06-09 17:09:08 +02:00
|
|
|
if (!enable_apicv)
|
2020-03-31 12:17:38 -04:00
|
|
|
return 0;
|
|
|
|
|
|
2025-06-11 15:45:17 -07:00
|
|
|
kvm_svm->avic_physical_id_table = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT);
|
|
|
|
|
if (!kvm_svm->avic_physical_id_table)
|
2020-03-31 12:17:38 -04:00
|
|
|
goto free_avic;
|
|
|
|
|
|
2025-06-11 15:45:17 -07:00
|
|
|
kvm_svm->avic_logical_id_table = (void *)get_zeroed_page(GFP_KERNEL_ACCOUNT);
|
|
|
|
|
if (!kvm_svm->avic_logical_id_table)
|
2020-03-31 12:17:38 -04:00
|
|
|
goto free_avic;
|
|
|
|
|
|
|
|
|
|
spin_lock_irqsave(&svm_vm_data_hash_lock, flags);
|
|
|
|
|
again:
|
|
|
|
|
vm_id = next_vm_id = (next_vm_id + 1) & AVIC_VM_ID_MASK;
|
|
|
|
|
if (vm_id == 0) { /* id is 1-based, zero is not okay */
|
|
|
|
|
next_vm_id_wrapped = 1;
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
/* Is it still in use? Only possible if wrapped at least once */
|
|
|
|
|
if (next_vm_id_wrapped) {
|
|
|
|
|
hash_for_each_possible(svm_vm_data_hash, k2, hnode, vm_id) {
|
|
|
|
|
if (k2->avic_vm_id == vm_id)
|
|
|
|
|
goto again;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
kvm_svm->avic_vm_id = vm_id;
|
|
|
|
|
hash_add(svm_vm_data_hash, &kvm_svm->hnode, kvm_svm->avic_vm_id);
|
|
|
|
|
spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
free_avic:
|
|
|
|
|
avic_vm_destroy(kvm);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2025-06-11 15:45:13 -07:00
|
|
|
static phys_addr_t avic_get_backing_page_address(struct vcpu_svm *svm)
|
|
|
|
|
{
|
2025-06-11 15:45:14 -07:00
|
|
|
return __sme_set(__pa(svm->vcpu.arch.apic->regs));
|
2025-06-11 15:45:13 -07:00
|
|
|
}
|
|
|
|
|
|
2022-03-22 18:24:43 +01:00
|
|
|
void avic_init_vmcb(struct vcpu_svm *svm, struct vmcb *vmcb)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
|
|
|
|
struct kvm_svm *kvm_svm = to_kvm_svm(svm->vcpu.kvm);
|
|
|
|
|
|
2025-06-11 15:45:13 -07:00
|
|
|
vmcb->control.avic_backing_page = avic_get_backing_page_address(svm);
|
2025-06-11 15:45:17 -07:00
|
|
|
vmcb->control.avic_logical_id = __sme_set(__pa(kvm_svm->avic_logical_id_table));
|
|
|
|
|
vmcb->control.avic_physical_id = __sme_set(__pa(kvm_svm->avic_physical_id_table));
|
2025-06-11 15:45:11 -07:00
|
|
|
vmcb->control.avic_vapic_bar = APIC_DEFAULT_PHYS_BASE;
|
2021-08-10 23:52:51 +03:00
|
|
|
|
2020-03-31 12:17:38 -04:00
|
|
|
if (kvm_apicv_activated(svm->vcpu.kvm))
|
2022-05-19 05:27:03 -05:00
|
|
|
avic_activate_vmcb(svm);
|
2020-03-31 12:17:38 -04:00
|
|
|
else
|
2022-05-19 05:27:03 -05:00
|
|
|
avic_deactivate_vmcb(svm);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int avic_init_backing_page(struct kvm_vcpu *vcpu)
|
|
|
|
|
{
|
2025-06-11 15:45:16 -07:00
|
|
|
struct kvm_svm *kvm_svm = to_kvm_svm(vcpu->kvm);
|
2020-03-31 12:17:38 -04:00
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
2025-06-11 15:45:16 -07:00
|
|
|
u32 id = vcpu->vcpu_id;
|
2025-06-11 15:45:17 -07:00
|
|
|
u64 new_entry;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2025-06-11 15:45:15 -07:00
|
|
|
/*
|
|
|
|
|
* Inhibit AVIC if the vCPU ID is bigger than what is supported by AVIC
|
|
|
|
|
* hardware. Immediately clear apicv_active, i.e. don't wait until the
|
|
|
|
|
* KVM_REQ_APICV_UPDATE request is processed on the first KVM_RUN, as
|
|
|
|
|
* avic_vcpu_load() expects to be called if and only if the vCPU has
|
|
|
|
|
* fully initialized AVIC.
|
|
|
|
|
*/
|
2023-01-06 01:12:44 +00:00
|
|
|
if ((!x2avic_enabled && id > AVIC_MAX_PHYSICAL_ID) ||
|
2025-06-11 15:45:15 -07:00
|
|
|
(id > X2AVIC_MAX_PHYSICAL_ID)) {
|
|
|
|
|
kvm_set_apicv_inhibit(vcpu->kvm, APICV_INHIBIT_REASON_PHYSICAL_ID_TOO_BIG);
|
|
|
|
|
vcpu->arch.apic->apicv_active = false;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2025-06-11 15:45:17 -07:00
|
|
|
BUILD_BUG_ON((AVIC_MAX_PHYSICAL_ID + 1) * sizeof(new_entry) > PAGE_SIZE ||
|
|
|
|
|
(X2AVIC_MAX_PHYSICAL_ID + 1) * sizeof(new_entry) > PAGE_SIZE);
|
2025-06-11 15:45:16 -07:00
|
|
|
|
2025-06-11 15:45:14 -07:00
|
|
|
if (WARN_ON_ONCE(!vcpu->arch.apic->regs))
|
2020-03-31 12:17:38 -04:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (kvm_apicv_activated(vcpu->kvm)) {
|
|
|
|
|
int ret;
|
|
|
|
|
|
2023-01-06 01:12:42 +00:00
|
|
|
/*
|
|
|
|
|
* Note, AVIC hardware walks the nested page table to check
|
|
|
|
|
* permissions, but does not use the SPA address specified in
|
|
|
|
|
* the leaf SPTE since it uses address in the AVIC_BACKING_PAGE
|
|
|
|
|
* pointer field of the VMCB.
|
|
|
|
|
*/
|
|
|
|
|
ret = kvm_alloc_apic_access_page(vcpu->kvm);
|
2020-03-31 12:17:38 -04:00
|
|
|
if (ret)
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
KVM: SVM: Drop pointless masking of kernel page pa's with AVIC HPA masks
Drop AVIC_HPA_MASK and all its users, the mask is just the 4KiB-aligned
maximum theoretical physical address for x86-64 CPUs, as x86-64 is
currently defined (going beyond PA52 would require an entirely new paging
mode, which would arguably create a new, different architecture).
All usage in KVM masks the result of page_to_phys(), which on x86-64 is
guaranteed to be 4KiB aligned and a legal physical address; if either of
those requirements doesn't hold true, KVM has far bigger problems.
Drop masking the avic_backing_page with
AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK for all the same reasons, but
keep the macro even though it's unused in functional code. It's a
distinct architectural define, and having the definition in software
helps visualize the layout of an entry. And to be hyper-paranoid about
MAXPA going beyond 52, add a compile-time assert to ensure the kernel's
maximum supported physical address stays in bounds.
The unnecessary masking in avic_init_vmcb() also incorrectly assumes that
SME's C-bit resides between bits 51:11; that holds true for current CPUs,
but isn't required by AMD's architecture:
In some implementations, the bit used may be a physical address bit
Key word being "may".
Opportunistically use the GENMASK_ULL() version for
AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK, which is far more readable
than a set of repeating Fs.
Tested-by: Sairaj Kodilkar <sarunkod@amd.com>
Reviewed-by: Naveen N Rao (AMD) <naveen@kernel.org>
Link: https://lore.kernel.org/r/20250611224604.313496-11-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2025-06-11 15:45:12 -07:00
|
|
|
/* Note, fls64() returns the bit position, +1. */
|
|
|
|
|
BUILD_BUG_ON(__PHYSICAL_MASK_SHIFT >
|
|
|
|
|
fls64(AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK));
|
|
|
|
|
|
2025-06-11 15:45:17 -07:00
|
|
|
/* Setting AVIC backing page address in the phy APIC ID table */
|
2025-06-11 15:45:13 -07:00
|
|
|
new_entry = avic_get_backing_page_address(svm) |
|
KVM: SVM: Drop pointless masking of kernel page pa's with AVIC HPA masks
Drop AVIC_HPA_MASK and all its users, the mask is just the 4KiB-aligned
maximum theoretical physical address for x86-64 CPUs, as x86-64 is
currently defined (going beyond PA52 would require an entirely new paging
mode, which would arguably create a new, different architecture).
All usage in KVM masks the result of page_to_phys(), which on x86-64 is
guaranteed to be 4KiB aligned and a legal physical address; if either of
those requirements doesn't hold true, KVM has far bigger problems.
Drop masking the avic_backing_page with
AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK for all the same reasons, but
keep the macro even though it's unused in functional code. It's a
distinct architectural define, and having the definition in software
helps visualize the layout of an entry. And to be hyper-paranoid about
MAXPA going beyond 52, add a compile-time assert to ensure the kernel's
maximum supported physical address stays in bounds.
The unnecessary masking in avic_init_vmcb() also incorrectly assumes that
SME's C-bit resides between bits 51:11; that holds true for current CPUs,
but isn't required by AMD's architecture:
In some implementations, the bit used may be a physical address bit
Key word being "may".
Opportunistically use the GENMASK_ULL() version for
AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK, which is far more readable
than a set of repeating Fs.
Tested-by: Sairaj Kodilkar <sarunkod@amd.com>
Reviewed-by: Naveen N Rao (AMD) <naveen@kernel.org>
Link: https://lore.kernel.org/r/20250611224604.313496-11-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2025-06-11 15:45:12 -07:00
|
|
|
AVIC_PHYSICAL_ID_ENTRY_VALID_MASK;
|
KVM: SVM: Add enable_ipiv param, never set IsRunning if disabled
Let userspace "disable" IPI virtualization for AVIC via the enable_ipiv
module param, by never setting IsRunning. SVM doesn't provide a way to
disable IPI virtualization in hardware, but by ensuring CPUs never see
IsRunning=1, every IPI in the guest (except for self-IPIs) will generate a
VM-Exit.
To avoid setting the real IsRunning bit, while still allowing KVM to use
each vCPU's entry to update GA log entries, simply maintain a shadow of
the entry, without propagating IsRunning updates to the real table when
IPI virtualization is disabled.
Providing a way to effectively disable IPI virtualization will allow KVM
to safely enable AVIC on hardware that is susceptible to erratum #1235,
which causes hardware to sometimes fail to detect that the IsRunning bit
has been cleared by software.
Note, the table _must_ be fully populated, as broadcast IPIs skip invalid
entries, i.e. won't generate VM-Exit if every entry is invalid, and so
simply pointing the VMCB at a common dummy table won't work.
Alternatively, KVM could allocate a shadow of the entire table, but that'd
be a waste of 4KiB since the per-vCPU entry doesn't actually consume an
additional 8 bytes of memory (vCPU structures are large enough that they
are backed by order-N pages).
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[sean: keep "entry" variables, reuse enable_ipiv, split from erratum]
Link: https://lore.kernel.org/r/20250611224604.313496-19-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2025-06-11 15:45:20 -07:00
|
|
|
svm->avic_physical_id_entry = new_entry;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Initialize the real table, as vCPUs must have a valid entry in order
|
|
|
|
|
* for broadcast IPIs to function correctly (broadcast IPIs ignore
|
|
|
|
|
* invalid entries, i.e. aren't guaranteed to generate a VM-Exit).
|
|
|
|
|
*/
|
2025-06-11 15:45:17 -07:00
|
|
|
WRITE_ONCE(kvm_svm->avic_physical_id_table[id], new_entry);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-08 06:48:42 -05:00
|
|
|
void avic_ring_doorbell(struct kvm_vcpu *vcpu)
|
2022-02-08 06:45:16 -05:00
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Note, the vCPU could get migrated to a different pCPU at any point,
|
|
|
|
|
* which could result in signalling the wrong/previous pCPU. But if
|
|
|
|
|
* that happens the vCPU is guaranteed to do a VMRUN (after being
|
|
|
|
|
* migrated) and thus will process pending interrupts, i.e. a doorbell
|
|
|
|
|
* is not needed (and the spurious one is harmless).
|
|
|
|
|
*/
|
|
|
|
|
int cpu = READ_ONCE(vcpu->cpu);
|
|
|
|
|
|
2022-05-19 05:27:08 -05:00
|
|
|
if (cpu != get_cpu()) {
|
2025-04-09 22:28:55 +02:00
|
|
|
wrmsrq(MSR_AMD64_SVM_AVIC_DOORBELL, kvm_cpu_get_apicid(cpu));
|
2022-05-19 05:27:08 -05:00
|
|
|
trace_kvm_avic_doorbell(vcpu->vcpu_id, kvm_cpu_get_apicid(cpu));
|
|
|
|
|
}
|
2022-02-08 06:45:16 -05:00
|
|
|
put_cpu();
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-06 01:12:49 +00:00
|
|
|
|
|
|
|
|
static void avic_kick_vcpu(struct kvm_vcpu *vcpu, u32 icrl)
|
|
|
|
|
{
|
|
|
|
|
vcpu->arch.apic->irr_pending = true;
|
|
|
|
|
svm_complete_interrupt_delivery(vcpu,
|
|
|
|
|
icrl & APIC_MODE_MASK,
|
|
|
|
|
icrl & APIC_INT_LEVELTRIG,
|
|
|
|
|
icrl & APIC_VECTOR_MASK);
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-06 01:13:01 +00:00
|
|
|
static void avic_kick_vcpu_by_physical_id(struct kvm *kvm, u32 physical_id,
|
|
|
|
|
u32 icrl)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* KVM inhibits AVIC if any vCPU ID diverges from the vCPUs APIC ID,
|
|
|
|
|
* i.e. APIC ID == vCPU ID.
|
|
|
|
|
*/
|
|
|
|
|
struct kvm_vcpu *target_vcpu = kvm_get_vcpu_by_id(kvm, physical_id);
|
|
|
|
|
|
|
|
|
|
/* Once again, nothing to do if the target vCPU doesn't exist. */
|
|
|
|
|
if (unlikely(!target_vcpu))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
avic_kick_vcpu(target_vcpu, icrl);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void avic_kick_vcpu_by_logical_id(struct kvm *kvm, u32 *avic_logical_id_table,
|
|
|
|
|
u32 logid_index, u32 icrl)
|
|
|
|
|
{
|
|
|
|
|
u32 physical_id;
|
|
|
|
|
|
|
|
|
|
if (avic_logical_id_table) {
|
|
|
|
|
u32 logid_entry = avic_logical_id_table[logid_index];
|
|
|
|
|
|
|
|
|
|
/* Nothing to do if the logical destination is invalid. */
|
|
|
|
|
if (unlikely(!(logid_entry & AVIC_LOGICAL_ID_ENTRY_VALID_MASK)))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
physical_id = logid_entry &
|
|
|
|
|
AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK;
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* For x2APIC, the logical APIC ID is a read-only value that is
|
|
|
|
|
* derived from the x2APIC ID, thus the x2APIC ID can be found
|
|
|
|
|
* by reversing the calculation (stored in logid_index). Note,
|
|
|
|
|
* bits 31:20 of the x2APIC ID aren't propagated to the logical
|
|
|
|
|
* ID, but KVM limits the x2APIC ID limited to KVM_MAX_VCPU_IDS.
|
|
|
|
|
*/
|
|
|
|
|
physical_id = logid_index;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
avic_kick_vcpu_by_physical_id(kvm, physical_id, icrl);
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-20 10:49:53 -05:00
|
|
|
/*
|
|
|
|
|
* A fast-path version of avic_kick_target_vcpus(), which attempts to match
|
|
|
|
|
* destination APIC ID to vCPU without looping through all vCPUs.
|
|
|
|
|
*/
|
|
|
|
|
static int avic_kick_target_vcpus_fast(struct kvm *kvm, struct kvm_lapic *source,
|
|
|
|
|
u32 icrl, u32 icrh, u32 index)
|
2021-02-04 16:57:42 -08:00
|
|
|
{
|
2022-04-20 10:49:53 -05:00
|
|
|
int dest_mode = icrl & APIC_DEST_MASK;
|
|
|
|
|
int shorthand = icrl & APIC_SHORT_MASK;
|
|
|
|
|
struct kvm_svm *kvm_svm = to_kvm_svm(kvm);
|
2023-01-06 01:13:01 +00:00
|
|
|
u32 dest;
|
2022-04-20 10:49:53 -05:00
|
|
|
|
|
|
|
|
if (shorthand != APIC_DEST_NOSHORT)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2022-06-06 21:08:26 +03:00
|
|
|
if (apic_x2apic_mode(source))
|
|
|
|
|
dest = icrh;
|
|
|
|
|
else
|
2022-05-19 05:26:54 -05:00
|
|
|
dest = GET_XAPIC_DEST_FIELD(icrh);
|
2022-06-06 21:08:26 +03:00
|
|
|
|
2022-04-20 10:49:53 -05:00
|
|
|
if (dest_mode == APIC_DEST_PHYSICAL) {
|
2022-06-06 21:08:26 +03:00
|
|
|
/* broadcast destination, use slow path */
|
|
|
|
|
if (apic_x2apic_mode(source) && dest == X2APIC_BROADCAST)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
if (!apic_x2apic_mode(source) && dest == APIC_BROADCAST)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2023-01-06 01:13:01 +00:00
|
|
|
if (WARN_ON_ONCE(dest != index))
|
2022-06-06 21:08:26 +03:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2023-01-06 01:13:01 +00:00
|
|
|
avic_kick_vcpu_by_physical_id(kvm, dest, icrl);
|
2022-04-20 10:49:53 -05:00
|
|
|
} else {
|
2023-01-06 01:13:01 +00:00
|
|
|
u32 *avic_logical_id_table;
|
|
|
|
|
unsigned long bitmap, i;
|
|
|
|
|
u32 cluster;
|
2022-06-06 21:08:26 +03:00
|
|
|
|
|
|
|
|
if (apic_x2apic_mode(source)) {
|
|
|
|
|
/* 16 bit dest mask, 16 bit cluster id */
|
2023-01-06 01:12:46 +00:00
|
|
|
bitmap = dest & 0xFFFF;
|
2022-06-06 21:08:26 +03:00
|
|
|
cluster = (dest >> 16) << 4;
|
|
|
|
|
} else if (kvm_lapic_get_reg(source, APIC_DFR) == APIC_DFR_FLAT) {
|
|
|
|
|
/* 8 bit dest mask*/
|
|
|
|
|
bitmap = dest;
|
|
|
|
|
cluster = 0;
|
2022-04-20 10:49:53 -05:00
|
|
|
} else {
|
2022-06-06 21:08:26 +03:00
|
|
|
/* 4 bit desk mask, 4 bit cluster id */
|
|
|
|
|
bitmap = dest & 0xF;
|
|
|
|
|
cluster = (dest >> 4) << 2;
|
2022-04-20 10:49:53 -05:00
|
|
|
}
|
|
|
|
|
|
2023-01-06 01:12:48 +00:00
|
|
|
/* Nothing to do if there are no destinations in the cluster. */
|
2022-06-06 21:08:26 +03:00
|
|
|
if (unlikely(!bitmap))
|
|
|
|
|
return 0;
|
2022-04-20 10:49:53 -05:00
|
|
|
|
2023-01-06 01:13:01 +00:00
|
|
|
if (apic_x2apic_mode(source))
|
|
|
|
|
avic_logical_id_table = NULL;
|
|
|
|
|
else
|
2025-06-11 15:45:17 -07:00
|
|
|
avic_logical_id_table = kvm_svm->avic_logical_id_table;
|
2022-05-19 05:27:07 -05:00
|
|
|
|
2023-01-06 01:13:01 +00:00
|
|
|
/*
|
|
|
|
|
* AVIC is inhibited if vCPUs aren't mapped 1:1 with logical
|
|
|
|
|
* IDs, thus each bit in the destination is guaranteed to map
|
|
|
|
|
* to at most one vCPU.
|
|
|
|
|
*/
|
|
|
|
|
for_each_set_bit(i, &bitmap, 16)
|
|
|
|
|
avic_kick_vcpu_by_logical_id(kvm, avic_logical_id_table,
|
|
|
|
|
cluster + i, icrl);
|
2022-04-20 10:49:53 -05:00
|
|
|
}
|
|
|
|
|
|
2022-06-06 21:08:26 +03:00
|
|
|
return 0;
|
2022-04-20 10:49:53 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void avic_kick_target_vcpus(struct kvm *kvm, struct kvm_lapic *source,
|
|
|
|
|
u32 icrl, u32 icrh, u32 index)
|
|
|
|
|
{
|
2023-01-06 01:12:45 +00:00
|
|
|
u32 dest = apic_x2apic_mode(source) ? icrh : GET_XAPIC_DEST_FIELD(icrh);
|
2021-11-16 16:04:02 +00:00
|
|
|
unsigned long i;
|
2022-04-20 10:49:53 -05:00
|
|
|
struct kvm_vcpu *vcpu;
|
|
|
|
|
|
|
|
|
|
if (!avic_kick_target_vcpus_fast(kvm, source, icrl, icrh, index))
|
|
|
|
|
return;
|
2021-02-04 16:57:42 -08:00
|
|
|
|
2022-04-20 10:49:54 -05:00
|
|
|
trace_kvm_avic_kick_vcpu_slowpath(icrh, icrl, index);
|
|
|
|
|
|
2021-12-08 01:52:21 +00:00
|
|
|
/*
|
|
|
|
|
* Wake any target vCPUs that are blocking, i.e. waiting for a wake
|
|
|
|
|
* event. There's no need to signal doorbells, as hardware has handled
|
|
|
|
|
* vCPUs that were in guest at the time of the IPI, and vCPUs that have
|
|
|
|
|
* since entered the guest will have processed pending IRQs at VMRUN.
|
|
|
|
|
*/
|
2021-02-04 16:57:42 -08:00
|
|
|
kvm_for_each_vcpu(i, vcpu, kvm) {
|
2021-12-08 01:52:21 +00:00
|
|
|
if (kvm_apic_match_dest(vcpu, source, icrl & APIC_SHORT_MASK,
|
2023-01-06 01:12:49 +00:00
|
|
|
dest, icrl & APIC_DEST_MASK))
|
|
|
|
|
avic_kick_vcpu(vcpu, icrl);
|
2021-02-04 16:57:42 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 14:40:39 -05:00
|
|
|
int avic_incomplete_ipi_interception(struct kvm_vcpu *vcpu)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2021-03-02 14:40:39 -05:00
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
2020-03-31 12:17:38 -04:00
|
|
|
u32 icrh = svm->vmcb->control.exit_info_1 >> 32;
|
|
|
|
|
u32 icrl = svm->vmcb->control.exit_info_1;
|
|
|
|
|
u32 id = svm->vmcb->control.exit_info_2 >> 32;
|
2022-04-20 10:49:53 -05:00
|
|
|
u32 index = svm->vmcb->control.exit_info_2 & 0x1FF;
|
2021-03-02 14:40:39 -05:00
|
|
|
struct kvm_lapic *apic = vcpu->arch.apic;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2021-03-02 14:40:39 -05:00
|
|
|
trace_kvm_avic_incomplete_ipi(vcpu->vcpu_id, icrh, icrl, id, index);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
switch (id) {
|
2023-01-06 01:12:37 +00:00
|
|
|
case AVIC_IPI_FAILURE_INVALID_TARGET:
|
2020-03-31 12:17:38 -04:00
|
|
|
case AVIC_IPI_FAILURE_INVALID_INT_TYPE:
|
|
|
|
|
/*
|
2022-02-04 21:41:59 +00:00
|
|
|
* Emulate IPIs that are not handled by AVIC hardware, which
|
2023-01-06 01:12:37 +00:00
|
|
|
* only virtualizes Fixed, Edge-Triggered INTRs, and falls over
|
|
|
|
|
* if _any_ targets are invalid, e.g. if the logical mode mask
|
|
|
|
|
* is a superset of running vCPUs.
|
|
|
|
|
*
|
|
|
|
|
* The exit is a trap, e.g. ICR holds the correct value and RIP
|
|
|
|
|
* has been advanced, KVM is responsible only for emulating the
|
|
|
|
|
* IPI. Sadly, hardware may sometimes leave the BUSY flag set,
|
|
|
|
|
* in which case KVM needs to emulate the ICR write as well in
|
2022-02-04 21:41:59 +00:00
|
|
|
* order to clear the BUSY flag.
|
2020-03-31 12:17:38 -04:00
|
|
|
*/
|
2022-02-04 21:41:59 +00:00
|
|
|
if (icrl & APIC_ICR_BUSY)
|
|
|
|
|
kvm_apic_write_nodecode(vcpu, APIC_ICR);
|
|
|
|
|
else
|
|
|
|
|
kvm_apic_send_ipi(apic, icrl, icrh);
|
2020-03-31 12:17:38 -04:00
|
|
|
break;
|
2021-02-04 16:57:42 -08:00
|
|
|
case AVIC_IPI_FAILURE_TARGET_NOT_RUNNING:
|
2020-03-31 12:17:38 -04:00
|
|
|
/*
|
|
|
|
|
* At this point, we expect that the AVIC HW has already
|
|
|
|
|
* set the appropriate IRR bits on the valid target
|
|
|
|
|
* vcpus. So, we just need to kick the appropriate vcpu.
|
|
|
|
|
*/
|
2022-04-20 10:49:53 -05:00
|
|
|
avic_kick_target_vcpus(vcpu->kvm, apic, icrl, icrh, index);
|
2020-03-31 12:17:38 -04:00
|
|
|
break;
|
|
|
|
|
case AVIC_IPI_FAILURE_INVALID_BACKING_PAGE:
|
|
|
|
|
WARN_ONCE(1, "Invalid backing page\n");
|
|
|
|
|
break;
|
2023-09-28 20:33:52 +03:00
|
|
|
case AVIC_IPI_FAILURE_INVALID_IPI_VECTOR:
|
|
|
|
|
/* Invalid IPI with vector < 16 */
|
|
|
|
|
break;
|
2020-03-31 12:17:38 -04:00
|
|
|
default:
|
2023-09-28 20:33:52 +03:00
|
|
|
vcpu_unimpl(vcpu, "Unknown avic incomplete IPI interception\n");
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-22 19:40:50 +02:00
|
|
|
unsigned long avic_vcpu_get_apicv_inhibit_reasons(struct kvm_vcpu *vcpu)
|
|
|
|
|
{
|
|
|
|
|
if (is_guest_mode(vcpu))
|
|
|
|
|
return APICV_INHIBIT_REASON_NESTED;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-31 12:17:38 -04:00
|
|
|
static u32 *avic_get_logical_id_entry(struct kvm_vcpu *vcpu, u32 ldr, bool flat)
|
|
|
|
|
{
|
|
|
|
|
struct kvm_svm *kvm_svm = to_kvm_svm(vcpu->kvm);
|
2023-01-06 01:13:00 +00:00
|
|
|
u32 cluster, index;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2023-01-06 01:13:00 +00:00
|
|
|
ldr = GET_APIC_LOGICAL_ID(ldr);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2023-01-06 01:13:00 +00:00
|
|
|
if (flat) {
|
|
|
|
|
cluster = 0;
|
|
|
|
|
} else {
|
|
|
|
|
cluster = (ldr >> 4);
|
|
|
|
|
if (cluster >= 0xf)
|
2020-03-31 12:17:38 -04:00
|
|
|
return NULL;
|
2023-01-06 01:13:00 +00:00
|
|
|
ldr &= 0xf;
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
2023-01-06 01:13:00 +00:00
|
|
|
if (!ldr || !is_power_of_2(ldr))
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
index = __ffs(ldr);
|
|
|
|
|
if (WARN_ON_ONCE(index > 7))
|
|
|
|
|
return NULL;
|
|
|
|
|
index += (cluster << 2);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2025-06-11 15:45:17 -07:00
|
|
|
return &kvm_svm->avic_logical_id_table[index];
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
2023-01-06 01:12:59 +00:00
|
|
|
static void avic_ldr_write(struct kvm_vcpu *vcpu, u8 g_physical_id, u32 ldr)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
|
|
|
|
bool flat;
|
|
|
|
|
u32 *entry, new_entry;
|
|
|
|
|
|
|
|
|
|
flat = kvm_lapic_get_reg(vcpu->arch.apic, APIC_DFR) == APIC_DFR_FLAT;
|
|
|
|
|
entry = avic_get_logical_id_entry(vcpu, ldr, flat);
|
|
|
|
|
if (!entry)
|
2023-01-06 01:12:59 +00:00
|
|
|
return;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
new_entry = READ_ONCE(*entry);
|
|
|
|
|
new_entry &= ~AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK;
|
|
|
|
|
new_entry |= (g_physical_id & AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK);
|
|
|
|
|
new_entry |= AVIC_LOGICAL_ID_ENTRY_VALID_MASK;
|
|
|
|
|
WRITE_ONCE(*entry, new_entry);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void avic_invalidate_logical_id_entry(struct kvm_vcpu *vcpu)
|
|
|
|
|
{
|
|
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
|
|
|
|
bool flat = svm->dfr_reg == APIC_DFR_FLAT;
|
2022-05-19 05:26:58 -05:00
|
|
|
u32 *entry;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2022-05-19 05:26:58 -05:00
|
|
|
/* Note: x2AVIC does not use logical APIC ID table */
|
|
|
|
|
if (apic_x2apic_mode(vcpu->arch.apic))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
entry = avic_get_logical_id_entry(vcpu, svm->ldr_reg, flat);
|
2020-03-31 12:17:38 -04:00
|
|
|
if (entry)
|
|
|
|
|
clear_bit(AVIC_LOGICAL_ID_ENTRY_VALID_BIT, (unsigned long *)entry);
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-06 01:12:58 +00:00
|
|
|
static void avic_handle_ldr_update(struct kvm_vcpu *vcpu)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
|
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
|
|
|
|
u32 ldr = kvm_lapic_get_reg(vcpu->arch.apic, APIC_LDR);
|
|
|
|
|
u32 id = kvm_xapic_id(vcpu->arch.apic);
|
|
|
|
|
|
2022-05-19 05:26:58 -05:00
|
|
|
/* AVIC does not support LDR update for x2APIC */
|
|
|
|
|
if (apic_x2apic_mode(vcpu->arch.apic))
|
2023-01-06 01:12:58 +00:00
|
|
|
return;
|
2022-05-19 05:26:58 -05:00
|
|
|
|
2020-03-31 12:17:38 -04:00
|
|
|
if (ldr == svm->ldr_reg)
|
2023-01-06 01:12:58 +00:00
|
|
|
return;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
|
|
|
|
avic_invalidate_logical_id_entry(vcpu);
|
|
|
|
|
|
2023-01-06 01:12:59 +00:00
|
|
|
svm->ldr_reg = ldr;
|
|
|
|
|
avic_ldr_write(vcpu, id, ldr);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void avic_handle_dfr_update(struct kvm_vcpu *vcpu)
|
|
|
|
|
{
|
|
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
|
|
|
|
u32 dfr = kvm_lapic_get_reg(vcpu->arch.apic, APIC_DFR);
|
|
|
|
|
|
|
|
|
|
if (svm->dfr_reg == dfr)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
avic_invalidate_logical_id_entry(vcpu);
|
|
|
|
|
svm->dfr_reg = dfr;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-04 21:41:58 +00:00
|
|
|
static int avic_unaccel_trap_write(struct kvm_vcpu *vcpu)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2022-02-04 21:41:58 +00:00
|
|
|
u32 offset = to_svm(vcpu)->vmcb->control.exit_info_1 &
|
2020-03-31 12:17:38 -04:00
|
|
|
AVIC_UNACCEL_ACCESS_OFFSET_MASK;
|
|
|
|
|
|
|
|
|
|
switch (offset) {
|
|
|
|
|
case APIC_LDR:
|
2023-01-06 01:12:58 +00:00
|
|
|
avic_handle_ldr_update(vcpu);
|
2020-03-31 12:17:38 -04:00
|
|
|
break;
|
|
|
|
|
case APIC_DFR:
|
2022-02-04 21:41:58 +00:00
|
|
|
avic_handle_dfr_update(vcpu);
|
2020-03-31 12:17:38 -04:00
|
|
|
break;
|
2023-01-06 01:13:02 +00:00
|
|
|
case APIC_RRR:
|
|
|
|
|
/* Ignore writes to Read Remote Data, it's read-only. */
|
|
|
|
|
return 1;
|
2020-03-31 12:17:38 -04:00
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-04 21:41:58 +00:00
|
|
|
kvm_apic_write_nodecode(vcpu, offset);
|
2020-03-31 12:17:38 -04:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool is_avic_unaccelerated_access_trap(u32 offset)
|
|
|
|
|
{
|
|
|
|
|
bool ret = false;
|
|
|
|
|
|
|
|
|
|
switch (offset) {
|
|
|
|
|
case APIC_ID:
|
|
|
|
|
case APIC_EOI:
|
|
|
|
|
case APIC_RRR:
|
|
|
|
|
case APIC_LDR:
|
|
|
|
|
case APIC_DFR:
|
|
|
|
|
case APIC_SPIV:
|
|
|
|
|
case APIC_ESR:
|
|
|
|
|
case APIC_ICR:
|
|
|
|
|
case APIC_LVTT:
|
|
|
|
|
case APIC_LVTTHMR:
|
|
|
|
|
case APIC_LVTPC:
|
|
|
|
|
case APIC_LVT0:
|
|
|
|
|
case APIC_LVT1:
|
|
|
|
|
case APIC_LVTERR:
|
|
|
|
|
case APIC_TMICT:
|
|
|
|
|
case APIC_TDCR:
|
|
|
|
|
ret = true;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 14:40:39 -05:00
|
|
|
int avic_unaccelerated_access_interception(struct kvm_vcpu *vcpu)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2021-03-02 14:40:39 -05:00
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
2020-03-31 12:17:38 -04:00
|
|
|
int ret = 0;
|
|
|
|
|
u32 offset = svm->vmcb->control.exit_info_1 &
|
|
|
|
|
AVIC_UNACCEL_ACCESS_OFFSET_MASK;
|
|
|
|
|
u32 vector = svm->vmcb->control.exit_info_2 &
|
|
|
|
|
AVIC_UNACCEL_ACCESS_VECTOR_MASK;
|
|
|
|
|
bool write = (svm->vmcb->control.exit_info_1 >> 32) &
|
|
|
|
|
AVIC_UNACCEL_ACCESS_WRITE_MASK;
|
|
|
|
|
bool trap = is_avic_unaccelerated_access_trap(offset);
|
|
|
|
|
|
2021-03-02 14:40:39 -05:00
|
|
|
trace_kvm_avic_unaccelerated_access(vcpu->vcpu_id, offset,
|
2020-03-31 12:17:38 -04:00
|
|
|
trap, write, vector);
|
|
|
|
|
if (trap) {
|
|
|
|
|
/* Handling Trap */
|
|
|
|
|
WARN_ONCE(!write, "svm: Handling trap read.\n");
|
2022-02-04 21:41:58 +00:00
|
|
|
ret = avic_unaccel_trap_write(vcpu);
|
2020-03-31 12:17:38 -04:00
|
|
|
} else {
|
|
|
|
|
/* Handling Fault */
|
2021-03-02 14:40:39 -05:00
|
|
|
ret = kvm_emulate_instruction(vcpu, 0);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int avic_init_vcpu(struct vcpu_svm *svm)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
struct kvm_vcpu *vcpu = &svm->vcpu;
|
|
|
|
|
|
2025-06-11 15:45:55 -07:00
|
|
|
INIT_LIST_HEAD(&svm->ir_list);
|
|
|
|
|
spin_lock_init(&svm->ir_list_lock);
|
|
|
|
|
|
2021-06-09 17:09:08 +02:00
|
|
|
if (!enable_apicv || !irqchip_in_kernel(vcpu->kvm))
|
2020-03-31 12:17:38 -04:00
|
|
|
return 0;
|
|
|
|
|
|
2021-03-02 14:40:39 -05:00
|
|
|
ret = avic_init_backing_page(vcpu);
|
2020-03-31 12:17:38 -04:00
|
|
|
if (ret)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
svm->dfr_reg = APIC_DFR_FLAT;
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-28 00:52:04 +00:00
|
|
|
void avic_apicv_post_state_restore(struct kvm_vcpu *vcpu)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
|
|
|
|
avic_handle_dfr_update(vcpu);
|
|
|
|
|
avic_handle_ldr_update(vcpu);
|
|
|
|
|
}
|
|
|
|
|
|
2025-06-11 15:45:08 -07:00
|
|
|
static void svm_ir_list_del(struct kvm_kernel_irqfd *irqfd)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2025-06-11 15:45:08 -07:00
|
|
|
struct kvm_vcpu *vcpu = irqfd->irq_bypass_vcpu;
|
2020-03-31 12:17:38 -04:00
|
|
|
unsigned long flags;
|
|
|
|
|
|
2025-06-11 15:45:08 -07:00
|
|
|
if (!vcpu)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
spin_lock_irqsave(&to_svm(vcpu)->ir_list_lock, flags);
|
|
|
|
|
list_del(&irqfd->vcpu_list);
|
|
|
|
|
spin_unlock_irqrestore(&to_svm(vcpu)->ir_list_lock, flags);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
2025-06-11 15:45:06 -07:00
|
|
|
int avic_pi_update_irte(struct kvm_kernel_irqfd *irqfd, struct kvm *kvm,
|
|
|
|
|
unsigned int host_irq, uint32_t guest_irq,
|
2025-06-11 15:45:31 -07:00
|
|
|
struct kvm_vcpu *vcpu, u32 vector)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2025-06-11 15:45:10 -07:00
|
|
|
/*
|
|
|
|
|
* If the IRQ was affined to a different vCPU, remove the IRTE metadata
|
|
|
|
|
* from the *previous* vCPU's list.
|
|
|
|
|
*/
|
|
|
|
|
svm_ir_list_del(irqfd);
|
|
|
|
|
|
2025-06-11 15:45:46 -07:00
|
|
|
if (vcpu) {
|
2025-06-11 15:45:26 -07:00
|
|
|
/*
|
2025-06-11 15:45:46 -07:00
|
|
|
* Try to enable guest_mode in IRTE, unless AVIC is inhibited,
|
|
|
|
|
* in which case configure the IRTE for legacy mode, but track
|
|
|
|
|
* the IRTE metadata so that it can be converted to guest mode
|
|
|
|
|
* if AVIC is enabled/uninhibited in the future.
|
2025-06-11 15:45:26 -07:00
|
|
|
*/
|
2025-06-11 15:45:34 -07:00
|
|
|
struct amd_iommu_pi_data pi_data = {
|
|
|
|
|
.ga_tag = AVIC_GATAG(to_kvm_svm(kvm)->avic_vm_id,
|
2025-06-11 15:45:58 -07:00
|
|
|
vcpu->vcpu_idx),
|
2025-06-11 15:45:46 -07:00
|
|
|
.is_guest_mode = kvm_vcpu_apicv_active(vcpu),
|
2025-06-11 15:45:34 -07:00
|
|
|
.vapic_addr = avic_get_backing_page_address(to_svm(vcpu)),
|
|
|
|
|
.vector = vector,
|
2025-06-11 15:45:31 -07:00
|
|
|
};
|
2025-06-11 15:45:41 -07:00
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
|
|
|
|
u64 entry;
|
2025-06-11 15:45:33 -07:00
|
|
|
int ret;
|
2025-06-11 15:45:31 -07:00
|
|
|
|
2025-06-11 15:45:41 -07:00
|
|
|
/*
|
|
|
|
|
* Prevent the vCPU from being scheduled out or migrated until
|
|
|
|
|
* the IRTE is updated and its metadata has been added to the
|
|
|
|
|
* list of IRQs being posted to the vCPU, to ensure the IRTE
|
|
|
|
|
* isn't programmed with stale pCPU/IsRunning information.
|
|
|
|
|
*/
|
|
|
|
|
guard(spinlock_irqsave)(&svm->ir_list_lock);
|
|
|
|
|
|
2025-06-11 15:45:45 -07:00
|
|
|
/*
|
|
|
|
|
* Update the target pCPU for IOMMU doorbells if the vCPU is
|
|
|
|
|
* running. If the vCPU is NOT running, i.e. is blocking or
|
|
|
|
|
* scheduled out, KVM will update the pCPU info when the vCPU
|
|
|
|
|
* is awakened and/or scheduled in. See also avic_vcpu_load().
|
|
|
|
|
*/
|
|
|
|
|
entry = svm->avic_physical_id_entry;
|
2025-06-11 15:46:03 -07:00
|
|
|
if (entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK) {
|
2025-06-11 15:45:45 -07:00
|
|
|
pi_data.cpu = entry & AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK;
|
2025-06-11 15:46:03 -07:00
|
|
|
} else {
|
2025-06-11 15:45:45 -07:00
|
|
|
pi_data.cpu = -1;
|
2025-06-11 15:46:04 -07:00
|
|
|
pi_data.ga_log_intr = entry & AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR;
|
2025-06-11 15:46:03 -07:00
|
|
|
}
|
2025-06-11 15:45:45 -07:00
|
|
|
|
2025-06-11 15:45:34 -07:00
|
|
|
ret = irq_set_vcpu_affinity(host_irq, &pi_data);
|
2025-06-11 15:45:33 -07:00
|
|
|
if (ret)
|
|
|
|
|
return ret;
|
2025-06-11 15:45:06 -07:00
|
|
|
|
2025-06-11 15:45:40 -07:00
|
|
|
/*
|
|
|
|
|
* Revert to legacy mode if the IOMMU didn't provide metadata
|
|
|
|
|
* for the IRTE, which KVM needs to keep the IRTE up-to-date,
|
|
|
|
|
* e.g. if the vCPU is migrated or AVIC is disabled.
|
|
|
|
|
*/
|
|
|
|
|
if (WARN_ON_ONCE(!pi_data.ir_data)) {
|
|
|
|
|
irq_set_vcpu_affinity(host_irq, NULL);
|
|
|
|
|
return -EIO;
|
|
|
|
|
}
|
|
|
|
|
|
2025-06-11 15:45:41 -07:00
|
|
|
irqfd->irq_bypass_data = pi_data.ir_data;
|
|
|
|
|
list_add(&irqfd->vcpu_list, &svm->ir_list);
|
2025-06-11 15:45:40 -07:00
|
|
|
return 0;
|
2025-06-11 15:45:26 -07:00
|
|
|
}
|
2025-06-11 15:45:33 -07:00
|
|
|
return irq_set_vcpu_affinity(host_irq, NULL);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
enum avic_vcpu_action {
|
|
|
|
|
/*
|
|
|
|
|
* There is no need to differentiate between activate and deactivate,
|
|
|
|
|
* as KVM only refreshes AVIC state when the vCPU is scheduled in and
|
|
|
|
|
* isn't blocking, i.e. the pCPU must always be (in)valid when AVIC is
|
|
|
|
|
* being (de)activated.
|
|
|
|
|
*/
|
|
|
|
|
AVIC_TOGGLE_ON_OFF = BIT(0),
|
|
|
|
|
AVIC_ACTIVATE = AVIC_TOGGLE_ON_OFF,
|
|
|
|
|
AVIC_DEACTIVATE = AVIC_TOGGLE_ON_OFF,
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* No unique action is required to deal with a vCPU that stops/starts
|
2025-06-11 15:46:04 -07:00
|
|
|
* running. A vCPU that starts running by definition stops blocking as
|
|
|
|
|
* well, and a vCPU that stops running can't have been blocking, i.e.
|
|
|
|
|
* doesn't need to toggle GALogIntr.
|
2025-06-11 15:46:02 -07:00
|
|
|
*/
|
|
|
|
|
AVIC_START_RUNNING = 0,
|
|
|
|
|
AVIC_STOP_RUNNING = 0,
|
2025-06-11 15:46:04 -07:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* When a vCPU starts blocking, KVM needs to set the GALogIntr flag
|
|
|
|
|
* int all associated IRTEs so that KVM can wake the vCPU if an IRQ is
|
|
|
|
|
* sent to the vCPU.
|
|
|
|
|
*/
|
|
|
|
|
AVIC_START_BLOCKING = BIT(1),
|
2025-06-11 15:46:02 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static void avic_update_iommu_vcpu_affinity(struct kvm_vcpu *vcpu, int cpu,
|
|
|
|
|
enum avic_vcpu_action action)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2025-06-11 15:46:04 -07:00
|
|
|
bool ga_log_intr = (action & AVIC_START_BLOCKING);
|
2020-03-31 12:17:38 -04:00
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
2025-06-11 15:45:07 -07:00
|
|
|
struct kvm_kernel_irqfd *irqfd;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2023-08-08 16:31:31 -07:00
|
|
|
lockdep_assert_held(&svm->ir_list_lock);
|
|
|
|
|
|
2020-03-31 12:17:38 -04:00
|
|
|
/*
|
|
|
|
|
* Here, we go through the per-vcpu ir_list to update all existing
|
|
|
|
|
* interrupt remapping table entry targeting this vcpu.
|
|
|
|
|
*/
|
|
|
|
|
if (list_empty(&svm->ir_list))
|
2025-06-11 15:45:51 -07:00
|
|
|
return;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
list_for_each_entry(irqfd, &svm->ir_list, vcpu_list) {
|
|
|
|
|
void *data = irqfd->irq_bypass_data;
|
|
|
|
|
|
|
|
|
|
if (!(action & AVIC_TOGGLE_ON_OFF))
|
2025-06-11 15:46:04 -07:00
|
|
|
WARN_ON_ONCE(amd_iommu_update_ga(data, cpu, ga_log_intr));
|
2025-06-11 15:46:02 -07:00
|
|
|
else if (cpu >= 0)
|
2025-06-11 15:46:04 -07:00
|
|
|
WARN_ON_ONCE(amd_iommu_activate_guest_mode(data, cpu, ga_log_intr));
|
2025-06-11 15:46:02 -07:00
|
|
|
else
|
|
|
|
|
WARN_ON_ONCE(amd_iommu_deactivate_guest_mode(data));
|
|
|
|
|
}
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
static void __avic_vcpu_load(struct kvm_vcpu *vcpu, int cpu,
|
|
|
|
|
enum avic_vcpu_action action)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2025-06-11 15:45:18 -07:00
|
|
|
struct kvm_svm *kvm_svm = to_kvm_svm(vcpu->kvm);
|
2020-03-31 12:17:38 -04:00
|
|
|
int h_physical_id = kvm_cpu_get_apicid(cpu);
|
|
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
2023-08-08 16:31:31 -07:00
|
|
|
unsigned long flags;
|
2025-06-11 15:45:18 -07:00
|
|
|
u64 entry;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2021-12-08 01:52:31 +00:00
|
|
|
lockdep_assert_preemption_disabled();
|
|
|
|
|
|
2022-02-10 18:08:51 -06:00
|
|
|
if (WARN_ON(h_physical_id & ~AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK))
|
2020-03-31 12:17:38 -04:00
|
|
|
return;
|
|
|
|
|
|
2025-06-11 15:45:18 -07:00
|
|
|
if (WARN_ON_ONCE(vcpu->vcpu_id * sizeof(entry) >= PAGE_SIZE))
|
2025-06-11 15:45:16 -07:00
|
|
|
return;
|
|
|
|
|
|
2023-08-08 16:31:32 -07:00
|
|
|
/*
|
|
|
|
|
* Grab the per-vCPU interrupt remapping lock even if the VM doesn't
|
|
|
|
|
* _currently_ have assigned devices, as that can change. Holding
|
|
|
|
|
* ir_list_lock ensures that either svm_ir_list_add() will consume
|
|
|
|
|
* up-to-date entry information, or that this task will wait until
|
|
|
|
|
* svm_ir_list_add() completes to set the new target pCPU.
|
|
|
|
|
*/
|
2023-08-08 16:31:31 -07:00
|
|
|
spin_lock_irqsave(&svm->ir_list_lock, flags);
|
|
|
|
|
|
KVM: SVM: Add enable_ipiv param, never set IsRunning if disabled
Let userspace "disable" IPI virtualization for AVIC via the enable_ipiv
module param, by never setting IsRunning. SVM doesn't provide a way to
disable IPI virtualization in hardware, but by ensuring CPUs never see
IsRunning=1, every IPI in the guest (except for self-IPIs) will generate a
VM-Exit.
To avoid setting the real IsRunning bit, while still allowing KVM to use
each vCPU's entry to update GA log entries, simply maintain a shadow of
the entry, without propagating IsRunning updates to the real table when
IPI virtualization is disabled.
Providing a way to effectively disable IPI virtualization will allow KVM
to safely enable AVIC on hardware that is susceptible to erratum #1235,
which causes hardware to sometimes fail to detect that the IsRunning bit
has been cleared by software.
Note, the table _must_ be fully populated, as broadcast IPIs skip invalid
entries, i.e. won't generate VM-Exit if every entry is invalid, and so
simply pointing the VMCB at a common dummy table won't work.
Alternatively, KVM could allocate a shadow of the entire table, but that'd
be a waste of 4KiB since the per-vCPU entry doesn't actually consume an
additional 8 bytes of memory (vCPU structures are large enough that they
are backed by order-N pages).
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[sean: keep "entry" variables, reuse enable_ipiv, split from erratum]
Link: https://lore.kernel.org/r/20250611224604.313496-19-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2025-06-11 15:45:20 -07:00
|
|
|
entry = svm->avic_physical_id_entry;
|
2023-01-06 01:13:03 +00:00
|
|
|
WARN_ON_ONCE(entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2025-06-11 15:46:04 -07:00
|
|
|
entry &= ~(AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK |
|
|
|
|
|
AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR);
|
2020-03-31 12:17:38 -04:00
|
|
|
entry |= (h_physical_id & AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK);
|
2021-12-08 01:52:24 +00:00
|
|
|
entry |= AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
KVM: SVM: Add enable_ipiv param, never set IsRunning if disabled
Let userspace "disable" IPI virtualization for AVIC via the enable_ipiv
module param, by never setting IsRunning. SVM doesn't provide a way to
disable IPI virtualization in hardware, but by ensuring CPUs never see
IsRunning=1, every IPI in the guest (except for self-IPIs) will generate a
VM-Exit.
To avoid setting the real IsRunning bit, while still allowing KVM to use
each vCPU's entry to update GA log entries, simply maintain a shadow of
the entry, without propagating IsRunning updates to the real table when
IPI virtualization is disabled.
Providing a way to effectively disable IPI virtualization will allow KVM
to safely enable AVIC on hardware that is susceptible to erratum #1235,
which causes hardware to sometimes fail to detect that the IsRunning bit
has been cleared by software.
Note, the table _must_ be fully populated, as broadcast IPIs skip invalid
entries, i.e. won't generate VM-Exit if every entry is invalid, and so
simply pointing the VMCB at a common dummy table won't work.
Alternatively, KVM could allocate a shadow of the entire table, but that'd
be a waste of 4KiB since the per-vCPU entry doesn't actually consume an
additional 8 bytes of memory (vCPU structures are large enough that they
are backed by order-N pages).
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[sean: keep "entry" variables, reuse enable_ipiv, split from erratum]
Link: https://lore.kernel.org/r/20250611224604.313496-19-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2025-06-11 15:45:20 -07:00
|
|
|
svm->avic_physical_id_entry = entry;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If IPI virtualization is disabled, clear IsRunning when updating the
|
|
|
|
|
* actual Physical ID table, so that the CPU never sees IsRunning=1.
|
|
|
|
|
* Keep the APIC ID up-to-date in the entry to minimize the chances of
|
|
|
|
|
* things going sideways if hardware peeks at the ID.
|
|
|
|
|
*/
|
|
|
|
|
if (!enable_ipiv)
|
|
|
|
|
entry &= ~AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
|
|
|
|
|
|
2025-06-11 15:45:18 -07:00
|
|
|
WRITE_ONCE(kvm_svm->avic_physical_id_table[vcpu->vcpu_id], entry);
|
KVM: SVM: Add enable_ipiv param, never set IsRunning if disabled
Let userspace "disable" IPI virtualization for AVIC via the enable_ipiv
module param, by never setting IsRunning. SVM doesn't provide a way to
disable IPI virtualization in hardware, but by ensuring CPUs never see
IsRunning=1, every IPI in the guest (except for self-IPIs) will generate a
VM-Exit.
To avoid setting the real IsRunning bit, while still allowing KVM to use
each vCPU's entry to update GA log entries, simply maintain a shadow of
the entry, without propagating IsRunning updates to the real table when
IPI virtualization is disabled.
Providing a way to effectively disable IPI virtualization will allow KVM
to safely enable AVIC on hardware that is susceptible to erratum #1235,
which causes hardware to sometimes fail to detect that the IsRunning bit
has been cleared by software.
Note, the table _must_ be fully populated, as broadcast IPIs skip invalid
entries, i.e. won't generate VM-Exit if every entry is invalid, and so
simply pointing the VMCB at a common dummy table won't work.
Alternatively, KVM could allocate a shadow of the entire table, but that'd
be a waste of 4KiB since the per-vCPU entry doesn't actually consume an
additional 8 bytes of memory (vCPU structures are large enough that they
are backed by order-N pages).
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[sean: keep "entry" variables, reuse enable_ipiv, split from erratum]
Link: https://lore.kernel.org/r/20250611224604.313496-19-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2025-06-11 15:45:20 -07:00
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
avic_update_iommu_vcpu_affinity(vcpu, h_physical_id, action);
|
2023-08-08 16:31:31 -07:00
|
|
|
|
|
|
|
|
spin_unlock_irqrestore(&svm->ir_list_lock, flags);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
2025-06-11 15:46:01 -07:00
|
|
|
void avic_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* No need to update anything if the vCPU is blocking, i.e. if the vCPU
|
|
|
|
|
* is being scheduled in after being preempted. The CPU entries in the
|
|
|
|
|
* Physical APIC table and IRTE are consumed iff IsRun{ning} is '1'.
|
|
|
|
|
* If the vCPU was migrated, its new CPU value will be stuffed when the
|
|
|
|
|
* vCPU unblocks.
|
|
|
|
|
*/
|
|
|
|
|
if (kvm_vcpu_is_blocking(vcpu))
|
|
|
|
|
return;
|
|
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
__avic_vcpu_load(vcpu, cpu, AVIC_START_RUNNING);
|
2025-06-11 15:46:01 -07:00
|
|
|
}
|
|
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
static void __avic_vcpu_put(struct kvm_vcpu *vcpu, enum avic_vcpu_action action)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2025-06-11 15:45:18 -07:00
|
|
|
struct kvm_svm *kvm_svm = to_kvm_svm(vcpu->kvm);
|
2020-03-31 12:17:38 -04:00
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
2023-08-08 16:31:31 -07:00
|
|
|
unsigned long flags;
|
2025-06-11 15:46:01 -07:00
|
|
|
u64 entry = svm->avic_physical_id_entry;
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2021-12-08 01:52:31 +00:00
|
|
|
lockdep_assert_preemption_disabled();
|
|
|
|
|
|
2025-06-11 15:45:18 -07:00
|
|
|
if (WARN_ON_ONCE(vcpu->vcpu_id * sizeof(entry) >= PAGE_SIZE))
|
2025-06-11 15:45:16 -07:00
|
|
|
return;
|
|
|
|
|
|
2023-08-08 16:31:32 -07:00
|
|
|
/*
|
|
|
|
|
* Take and hold the per-vCPU interrupt remapping lock while updating
|
|
|
|
|
* the Physical ID entry even though the lock doesn't protect against
|
|
|
|
|
* multiple writers (see above). Holding ir_list_lock ensures that
|
|
|
|
|
* either svm_ir_list_add() will consume up-to-date entry information,
|
|
|
|
|
* or that this task will wait until svm_ir_list_add() completes to
|
|
|
|
|
* mark the vCPU as not running.
|
|
|
|
|
*/
|
2023-08-08 16:31:31 -07:00
|
|
|
spin_lock_irqsave(&svm->ir_list_lock, flags);
|
|
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
avic_update_iommu_vcpu_affinity(vcpu, -1, action);
|
2020-03-31 12:17:38 -04:00
|
|
|
|
2025-06-11 15:46:04 -07:00
|
|
|
WARN_ON_ONCE(entry & AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Keep the previous APIC ID in the entry so that a rogue doorbell from
|
|
|
|
|
* hardware is at least restricted to a CPU associated with the vCPU.
|
|
|
|
|
*/
|
2020-03-31 12:17:38 -04:00
|
|
|
entry &= ~AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
|
KVM: SVM: Add enable_ipiv param, never set IsRunning if disabled
Let userspace "disable" IPI virtualization for AVIC via the enable_ipiv
module param, by never setting IsRunning. SVM doesn't provide a way to
disable IPI virtualization in hardware, but by ensuring CPUs never see
IsRunning=1, every IPI in the guest (except for self-IPIs) will generate a
VM-Exit.
To avoid setting the real IsRunning bit, while still allowing KVM to use
each vCPU's entry to update GA log entries, simply maintain a shadow of
the entry, without propagating IsRunning updates to the real table when
IPI virtualization is disabled.
Providing a way to effectively disable IPI virtualization will allow KVM
to safely enable AVIC on hardware that is susceptible to erratum #1235,
which causes hardware to sometimes fail to detect that the IsRunning bit
has been cleared by software.
Note, the table _must_ be fully populated, as broadcast IPIs skip invalid
entries, i.e. won't generate VM-Exit if every entry is invalid, and so
simply pointing the VMCB at a common dummy table won't work.
Alternatively, KVM could allocate a shadow of the entire table, but that'd
be a waste of 4KiB since the per-vCPU entry doesn't actually consume an
additional 8 bytes of memory (vCPU structures are large enough that they
are backed by order-N pages).
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[sean: keep "entry" variables, reuse enable_ipiv, split from erratum]
Link: https://lore.kernel.org/r/20250611224604.313496-19-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2025-06-11 15:45:20 -07:00
|
|
|
|
|
|
|
|
if (enable_ipiv)
|
|
|
|
|
WRITE_ONCE(kvm_svm->avic_physical_id_table[vcpu->vcpu_id], entry);
|
2023-08-08 16:31:31 -07:00
|
|
|
|
2025-06-11 15:46:04 -07:00
|
|
|
/*
|
|
|
|
|
* Note! Don't set AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR in the table as
|
|
|
|
|
* it's a synthetic flag that usurps an unused should-be-zero bit.
|
|
|
|
|
*/
|
|
|
|
|
if (action & AVIC_START_BLOCKING)
|
|
|
|
|
entry |= AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR;
|
|
|
|
|
|
|
|
|
|
svm->avic_physical_id_entry = entry;
|
|
|
|
|
|
2023-08-08 16:31:31 -07:00
|
|
|
spin_unlock_irqrestore(&svm->ir_list_lock, flags);
|
2025-06-11 15:46:01 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void avic_vcpu_put(struct kvm_vcpu *vcpu)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Note, reading the Physical ID entry outside of ir_list_lock is safe
|
|
|
|
|
* as only the pCPU that has loaded (or is loading) the vCPU is allowed
|
|
|
|
|
* to modify the entry, and preemption is disabled. I.e. the vCPU
|
|
|
|
|
* can't be scheduled out and thus avic_vcpu_{put,load}() can't run
|
|
|
|
|
* recursively.
|
|
|
|
|
*/
|
|
|
|
|
u64 entry = to_svm(vcpu)->avic_physical_id_entry;
|
|
|
|
|
|
2025-06-11 15:46:04 -07:00
|
|
|
/*
|
|
|
|
|
* Nothing to do if IsRunning == '0' due to vCPU blocking, i.e. if the
|
|
|
|
|
* vCPU is preempted while its in the process of blocking. WARN if the
|
|
|
|
|
* vCPU wasn't running and isn't blocking, KVM shouldn't attempt to put
|
|
|
|
|
* the AVIC if it wasn't previously loaded.
|
|
|
|
|
*/
|
|
|
|
|
if (!(entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK)) {
|
|
|
|
|
if (WARN_ON_ONCE(!kvm_vcpu_is_blocking(vcpu)))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The vCPU was preempted while blocking, ensure its IRTEs are
|
|
|
|
|
* configured to generate GA Log Interrupts.
|
|
|
|
|
*/
|
|
|
|
|
if (!(WARN_ON_ONCE(!(entry & AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR))))
|
|
|
|
|
return;
|
|
|
|
|
}
|
2023-08-08 16:31:31 -07:00
|
|
|
|
2025-06-11 15:46:04 -07:00
|
|
|
__avic_vcpu_put(vcpu, kvm_vcpu_is_blocking(vcpu) ? AVIC_START_BLOCKING :
|
|
|
|
|
AVIC_STOP_RUNNING);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
2023-01-06 01:12:40 +00:00
|
|
|
void avic_refresh_virtual_apic_mode(struct kvm_vcpu *vcpu)
|
2022-03-01 09:05:09 -08:00
|
|
|
{
|
|
|
|
|
struct vcpu_svm *svm = to_svm(vcpu);
|
|
|
|
|
struct vmcb *vmcb = svm->vmcb01.ptr;
|
|
|
|
|
|
2023-01-06 01:12:44 +00:00
|
|
|
if (!lapic_in_kernel(vcpu) || !enable_apicv)
|
2022-03-01 09:05:09 -08:00
|
|
|
return;
|
|
|
|
|
|
2023-01-06 01:12:40 +00:00
|
|
|
if (kvm_vcpu_apicv_active(vcpu)) {
|
2022-03-01 09:05:09 -08:00
|
|
|
/**
|
|
|
|
|
* During AVIC temporary deactivation, guest could update
|
|
|
|
|
* APIC ID, DFR and LDR registers, which would not be trapped
|
|
|
|
|
* by avic_unaccelerated_access_interception(). In this case,
|
|
|
|
|
* we need to check and update the AVIC logical APIC ID table
|
|
|
|
|
* accordingly before re-activating.
|
|
|
|
|
*/
|
|
|
|
|
avic_apicv_post_state_restore(vcpu);
|
2022-05-19 05:27:03 -05:00
|
|
|
avic_activate_vmcb(svm);
|
2022-03-01 09:05:09 -08:00
|
|
|
} else {
|
2022-05-19 05:27:03 -05:00
|
|
|
avic_deactivate_vmcb(svm);
|
2022-03-01 09:05:09 -08:00
|
|
|
}
|
|
|
|
|
vmcb_mark_dirty(vmcb, VMCB_AVIC);
|
2023-01-06 01:12:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void avic_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu)
|
|
|
|
|
{
|
|
|
|
|
if (!enable_apicv)
|
|
|
|
|
return;
|
|
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
/* APICv should only be toggled on/off while the vCPU is running. */
|
|
|
|
|
WARN_ON_ONCE(kvm_vcpu_is_blocking(vcpu));
|
|
|
|
|
|
2023-01-06 01:12:40 +00:00
|
|
|
avic_refresh_virtual_apic_mode(vcpu);
|
2022-03-01 09:05:09 -08:00
|
|
|
|
2025-06-11 15:46:02 -07:00
|
|
|
if (kvm_vcpu_apicv_active(vcpu))
|
|
|
|
|
__avic_vcpu_load(vcpu, vcpu->cpu, AVIC_ACTIVATE);
|
2022-03-01 09:05:09 -08:00
|
|
|
else
|
2025-06-11 15:46:02 -07:00
|
|
|
__avic_vcpu_put(vcpu, AVIC_DEACTIVATE);
|
2022-03-01 09:05:09 -08:00
|
|
|
}
|
|
|
|
|
|
2021-12-08 01:52:33 +00:00
|
|
|
void avic_vcpu_blocking(struct kvm_vcpu *vcpu)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2021-12-08 01:52:31 +00:00
|
|
|
if (!kvm_vcpu_apicv_active(vcpu))
|
|
|
|
|
return;
|
|
|
|
|
|
2025-06-11 15:45:23 -07:00
|
|
|
/*
|
|
|
|
|
* Unload the AVIC when the vCPU is about to block, _before_ the vCPU
|
|
|
|
|
* actually blocks.
|
|
|
|
|
*
|
|
|
|
|
* Note, any IRQs that arrive before IsRunning=0 will not cause an
|
|
|
|
|
* incomplete IPI vmexit on the source; kvm_vcpu_check_block() handles
|
|
|
|
|
* this by checking vIRR one last time before blocking. The memory
|
|
|
|
|
* barrier implicit in set_current_state orders writing IsRunning=0
|
|
|
|
|
* before reading the vIRR. The processor needs a matching memory
|
|
|
|
|
* barrier on interrupt delivery between writing IRR and reading
|
|
|
|
|
* IsRunning; the lack of this barrier might be the cause of errata #1235).
|
|
|
|
|
*
|
|
|
|
|
* Clear IsRunning=0 even if guest IRQs are disabled, i.e. even if KVM
|
|
|
|
|
* doesn't need to detect events for scheduling purposes. The doorbell
|
|
|
|
|
* used to signal running vCPUs cannot be blocked, i.e. will perturb the
|
|
|
|
|
* CPU and cause noisy neighbor problems if the VM is sending interrupts
|
|
|
|
|
* to the vCPU while it's scheduled out.
|
|
|
|
|
*/
|
2025-06-11 15:46:04 -07:00
|
|
|
__avic_vcpu_put(vcpu, AVIC_START_BLOCKING);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
|
|
|
|
|
2021-12-08 01:52:33 +00:00
|
|
|
void avic_vcpu_unblocking(struct kvm_vcpu *vcpu)
|
2020-03-31 12:17:38 -04:00
|
|
|
{
|
2021-12-08 01:52:31 +00:00
|
|
|
if (!kvm_vcpu_apicv_active(vcpu))
|
|
|
|
|
return;
|
|
|
|
|
|
2022-06-06 21:08:29 +03:00
|
|
|
avic_vcpu_load(vcpu, vcpu->cpu);
|
2020-03-31 12:17:38 -04:00
|
|
|
}
|
2022-05-19 05:26:55 -05:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Note:
|
|
|
|
|
* - The module param avic enable both xAPIC and x2APIC mode.
|
|
|
|
|
* - Hypervisor can support both xAVIC and x2AVIC in the same guest.
|
|
|
|
|
* - The mode can be switched at run-time.
|
|
|
|
|
*/
|
2022-11-09 19:59:52 +08:00
|
|
|
bool avic_hardware_setup(void)
|
2022-05-19 05:26:55 -05:00
|
|
|
{
|
|
|
|
|
if (!npt_enabled)
|
|
|
|
|
return false;
|
|
|
|
|
|
2023-01-06 01:12:44 +00:00
|
|
|
/* AVIC is a prerequisite for x2AVIC. */
|
|
|
|
|
if (!boot_cpu_has(X86_FEATURE_AVIC) && !force_avic) {
|
|
|
|
|
if (boot_cpu_has(X86_FEATURE_X2AVIC)) {
|
|
|
|
|
pr_warn(FW_BUG "Cannot support x2AVIC due to AVIC is disabled");
|
|
|
|
|
pr_warn(FW_BUG "Try enable AVIC using force_avic option");
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2024-11-04 07:58:45 +00:00
|
|
|
if (cc_platform_has(CC_ATTR_HOST_SEV_SNP) &&
|
|
|
|
|
!boot_cpu_has(X86_FEATURE_HV_INUSE_WR_ALLOWED)) {
|
|
|
|
|
pr_warn("AVIC disabled: missing HvInUseWrAllowed on SNP-enabled system\n");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-19 05:26:55 -05:00
|
|
|
if (boot_cpu_has(X86_FEATURE_AVIC)) {
|
|
|
|
|
pr_info("AVIC enabled\n");
|
|
|
|
|
} else if (force_avic) {
|
|
|
|
|
/*
|
|
|
|
|
* Some older systems does not advertise AVIC support.
|
|
|
|
|
* See Revision Guide for specific AMD processor for more detail.
|
|
|
|
|
*/
|
|
|
|
|
pr_warn("AVIC is not supported in CPUID but force enabled");
|
|
|
|
|
pr_warn("Your system might crash and burn");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* AVIC is a prerequisite for x2AVIC. */
|
2023-01-06 01:12:44 +00:00
|
|
|
x2avic_enabled = boot_cpu_has(X86_FEATURE_X2AVIC);
|
|
|
|
|
if (x2avic_enabled)
|
|
|
|
|
pr_info("x2AVIC enabled\n");
|
2022-05-19 05:26:55 -05:00
|
|
|
|
KVM: SVM: Disable (x2)AVIC IPI virtualization if CPU has erratum #1235
Disable IPI virtualization on AMD Family 17h CPUs (Zen2 and Zen1), as
hardware doesn't reliably detect changes to the 'IsRunning' bit during ICR
write emulation, and might fail to VM-Exit on the sending vCPU, if
IsRunning was recently cleared.
The absence of the VM-Exit leads to KVM not waking (or triggering nested
VM-Exit of) the target vCPU(s) of the IPI, which can lead to hung vCPUs,
unbounded delays in L2 execution, etc.
To workaround the erratum, simply disable IPI virtualization, which
prevents KVM from setting IsRunning and thus eliminates the race where
hardware sees a stale IsRunning=1. As a result, all ICR writes (except
when "Self" shorthand is used) will VM-Exit and therefore be correctly
emulated by KVM.
Disabling IPI virtualization does carry a performance penalty, but
benchmarkng shows that enabling AVIC without IPI virtualization is still
much better than not using AVIC at all, because AVIC still accelerates
posted interrupts and the receiving end of the IPIs.
Note, when virtualizing Self-IPIs, the CPU skips reading the physical ID
table and updates the vIRR directly (because the vCPU is by definition
actively running), i.e. Self-IPI isn't susceptible to the erratum *and*
is still accelerated by hardware.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[sean: rebase, massage changelog, disallow user override]
Acked-by: Naveen N Rao (AMD) <naveen@kernel.org>
Link: https://lore.kernel.org/r/20250611224604.313496-20-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2025-06-11 15:45:21 -07:00
|
|
|
/*
|
|
|
|
|
* Disable IPI virtualization for AMD Family 17h CPUs (Zen1 and Zen2)
|
|
|
|
|
* due to erratum 1235, which results in missed VM-Exits on the sender
|
|
|
|
|
* and thus missed wake events for blocking vCPUs due to the CPU
|
|
|
|
|
* failing to see a software update to clear IsRunning.
|
|
|
|
|
*/
|
|
|
|
|
enable_ipiv = enable_ipiv && boot_cpu_data.x86 != 0x17;
|
|
|
|
|
|
2023-01-06 01:12:44 +00:00
|
|
|
amd_iommu_register_ga_log_notifier(&avic_ga_log_notifier);
|
2022-05-19 05:26:55 -05:00
|
|
|
|
2023-01-06 01:12:44 +00:00
|
|
|
return true;
|
2022-05-19 05:26:55 -05:00
|
|
|
}
|