All of lore.kernel.org
 help / color / mirror / Atom feed
From: Liran Alon <liran.alon@oracle.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: rkrcmar@redhat.com, kvm@vger.kernel.org,
	sean.j.christopherson@intel.com, jmattson@google.com,
	vkuznets@redhat.com, Joao Martins <joao.m.martins@oracle.com>
Subject: Re: [PATCH 2/2] KVM: nVMX: Update vmcs01 TPR_THRESHOLD if L2 changed L1 TPR
Date: Mon, 11 Nov 2019 18:17:01 +0200	[thread overview]
Message-ID: <BD8FF780-C38E-493C-9BDE-FAFC1B3D25D6@oracle.com> (raw)
In-Reply-To: <72c26523-702a-df0c-5573-982da25cba19@redhat.com>



> On 11 Nov 2019, at 18:07, Paolo Bonzini <pbonzini@redhat.com> wrote:
> 
> On 11/11/19 16:24, Liran Alon wrote:
>>> Can you explain why the write shouldn't be done to vmcs02 as well?
>> 
>> Because when L1 don’t use TPR-Shadow, L0 configures vmcs02 without TPR-Shadow.
>> Thus, writing to vmcs02->tpr_threshold doesn’t have any effect.
>> 
>> If l1 do use TPR-Shadow, then VMX’s update_cr8_intercept() doesn’t write to vmcs at all,
>> because it means L1 defines a vTPR for L2 and thus doesn’t provide it direct access to L1 TPR.
> 
> But I'm still not sure about another aspect of the patch.  The write to
> vmcs01 can be done even if TPR_SHADOW was set in vmcs12, because no one
> takes care of clearing vmx->nested.l1_tpr_threshold.  Should
> "vmx->nested.l1_tpr_threshold = -1;" be outside the if?

If I understand you correctly, you refer to the case where L1 first enters L2 without TPR-Shadow,
then L2 lowers L1 TPR directly (which load vmx->nested.l1_tpr_threshold with value), then an
emualted exit happen from L2 to L1 which writes to vmcs01->tpr_threshold the value of
vmx->nested.l1_tpr_threshold. Then L1 enters again L2 but this time with TPR-Shadow and
prepare_vmcs02_early() doesn’t clear vmx->nested.l1_tpr_threshold which will cause next
exit from L2 to L1 to wrongly write the value of vmx->nested.l1_tpr_threshold to vmcs01->tpr_threshold.

So yes I think you are right. Good catch.
We should move vmx->nested.l1_tpr_threshold = -1; outside of the if.
Should I send v2 or will you change on apply?

> 
> Also, what happens to_vmx(vcpu)->nested.l1_tpr_threshold if the guest is
> migrated while L2 is running without TPR shadow?  Perhaps it would be
> easier to just rerun update_cr8_intercept on nested_vmx_vmexit.
> 

On restore of state during migration, kvm_apic_set_state() must be called which
will also request a KVM_REQ_EVENT which will make sure to call update_cr8_intercept().
If vCPU is currently in guest-mode, this should update vmx->nested.l1_tpr_threshold.

-Liran

> Paolo



  reply	other threads:[~2019-11-11 16:17 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-11 12:30 [PATCH 0/2] KVM: nVMX: Update vmcs01 TPR_THRESHOLD if L2 changed L1 TPR Liran Alon
2019-11-11 12:30 ` [PATCH 1/2] KVM: VMX: Refactor update_cr8_intercept() Liran Alon
2019-11-11 14:57   ` Paolo Bonzini
2019-11-11 15:00     ` Liran Alon
2019-11-11 16:01       ` Paolo Bonzini
2019-11-11 16:02         ` Liran Alon
2019-11-11 12:30 ` [PATCH 2/2] KVM: nVMX: Update vmcs01 TPR_THRESHOLD if L2 changed L1 TPR Liran Alon
2019-11-11 15:02   ` Paolo Bonzini
2019-11-11 15:24     ` Liran Alon
2019-11-11 15:59       ` Paolo Bonzini
2019-11-11 16:07       ` Paolo Bonzini
2019-11-11 16:17         ` Liran Alon [this message]
2019-11-11 16:50           ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BD8FF780-C38E-493C-9BDE-FAFC1B3D25D6@oracle.com \
    --to=liran.alon@oracle.com \
    --cc=jmattson@google.com \
    --cc=joao.m.martins@oracle.com \
    --cc=kvm@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=sean.j.christopherson@intel.com \
    --cc=vkuznets@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.