KVM Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs
@ 2019-09-05 12:58 Alexander Graf
  2019-09-05 17:07 ` Liran Alon
                   ` (3 more replies)
  0 siblings, 4 replies; 6+ messages in thread
From: Alexander Graf @ 2019-09-05 12:58 UTC (permalink / raw)
  To: kvm
  Cc: linux-kernel, x86, H. Peter Anvin, Borislav Petkov, Ingo Molnar,
	Thomas Gleixner, Joerg Roedel, Jim Mattson, Wanpeng Li,
	Vitaly Kuznetsov, Sean Christopherson,
	Radim Krčmář,
	Paolo Bonzini, Liran Alon

We can easily route hardware interrupts directly into VM context when
they target the "Fixed" or "LowPriority" delivery modes.

However, on modes such as "SMI" or "Init", we need to go via KVM code
to actually put the vCPU into a different mode of operation, so we can
not post the interrupt

Add code in the VMX and SVM PI logic to explicitly refuse to establish
posted mappings for advanced IRQ deliver modes. This reflects the logic
in __apic_accept_irq() which also only ever passes Fixed and LowPriority
interrupts as posted interrupts into the guest.

This fixes a bug I have with code which configures real hardware to
inject virtual SMIs into my guest.

Signed-off-by: Alexander Graf <graf@amazon.com>

---

v1 -> v2:

  - Make error message more unique
  - Update commit message to point to __apic_accept_irq()

v2 -> v3:

  - Use if() rather than switch()
  - Move abort logic into existing if() branch for broadcast irqs
  -> remove the updated error message again (thus remove R-B tag from Liran)
  - Fold VMX and SVM changes into single commit
  - Combine postability check into helper function kvm_irq_is_postable()
---
 arch/x86/include/asm/kvm_host.h | 7 +++++++
 arch/x86/kvm/svm.c              | 4 +++-
 arch/x86/kvm/vmx/vmx.c          | 6 +++++-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 44a5ce57a905..5b14aa1fbeeb 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1581,6 +1581,13 @@ bool kvm_intr_is_single_vcpu(struct kvm *kvm, struct kvm_lapic_irq *irq,
 void kvm_set_msi_irq(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
 		     struct kvm_lapic_irq *irq);
 
+static inline bool kvm_irq_is_postable(struct kvm_lapic_irq *irq)
+{
+	/* We can only post Fixed and LowPrio IRQs */
+	return (irq->delivery_mode == dest_Fixed ||
+		irq->delivery_mode == dest_LowestPrio);
+}
+
 static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu)
 {
 	if (kvm_x86_ops->vcpu_blocking)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 1f220a85514f..f5b03d0c9bc6 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5260,7 +5260,8 @@ get_pi_vcpu_info(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
 
 	kvm_set_msi_irq(kvm, e, &irq);
 
-	if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
+	if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
+	    !kvm_irq_is_postable(&irq)) {
 		pr_debug("SVM: %s: use legacy intr remap mode for irq %u\n",
 			 __func__, irq.vector);
 		return -1;
@@ -5314,6 +5315,7 @@ static int svm_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
 		 * 1. When cannot target interrupt to a specific vcpu.
 		 * 2. Unsetting posted interrupt.
 		 * 3. APIC virtialization is disabled for the vcpu.
+		 * 4. IRQ has incompatible delivery mode (SMI, INIT, etc)
 		 */
 		if (!get_pi_vcpu_info(kvm, e, &vcpu_info, &svm) && set &&
 		    kvm_vcpu_apicv_active(&svm->vcpu)) {
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 570a233e272b..63f3d88b36cc 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7382,10 +7382,14 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
 		 * irqbalance to make the interrupts single-CPU.
 		 *
 		 * We will support full lowest-priority interrupt later.
+		 *
+		 * In addition, we can only inject generic interrupts using
+		 * the PI mechanism, refuse to route others through it.
 		 */
 
 		kvm_set_msi_irq(kvm, e, &irq);
-		if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
+		if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
+		    !kvm_irq_is_postable(&irq)) {
 			/*
 			 * Make sure the IRTE is in remapped mode if
 			 * we don't handle it in posted mode.
-- 
2.17.1




Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs
  2019-09-05 12:58 [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs Alexander Graf
@ 2019-09-05 17:07 ` Liran Alon
  2019-09-05 17:33 ` Sean Christopherson
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 6+ messages in thread
From: Liran Alon @ 2019-09-05 17:07 UTC (permalink / raw)
  To: Alexander Graf
  Cc: kvm, linux-kernel, x86, H. Peter Anvin, Borislav Petkov,
	Ingo Molnar, Thomas Gleixner, Joerg Roedel, Jim Mattson,
	Wanpeng Li, Vitaly Kuznetsov, Sean Christopherson,
	Radim Krčmář,
	Paolo Bonzini



> On 5 Sep 2019, at 15:58, Alexander Graf <graf@amazon.com> wrote:
> 
> We can easily route hardware interrupts directly into VM context when
> they target the "Fixed" or "LowPriority" delivery modes.
> 
> However, on modes such as "SMI" or "Init", we need to go via KVM code
> to actually put the vCPU into a different mode of operation, so we can
> not post the interrupt
> 
> Add code in the VMX and SVM PI logic to explicitly refuse to establish
> posted mappings for advanced IRQ deliver modes. This reflects the logic
> in __apic_accept_irq() which also only ever passes Fixed and LowPriority
> interrupts as posted interrupts into the guest.
> 
> This fixes a bug I have with code which configures real hardware to
> inject virtual SMIs into my guest.
> 
> Signed-off-by: Alexander Graf <graf@amazon.com>

Reviewed-by: Liran Alon <liran.alon@oracle.com>

> 
> ---
> 
> v1 -> v2:
> 
>  - Make error message more unique
>  - Update commit message to point to __apic_accept_irq()
> 
> v2 -> v3:
> 
>  - Use if() rather than switch()
>  - Move abort logic into existing if() branch for broadcast irqs
>  -> remove the updated error message again (thus remove R-B tag from Liran)
>  - Fold VMX and SVM changes into single commit
>  - Combine postability check into helper function kvm_irq_is_postable()
> ---
> arch/x86/include/asm/kvm_host.h | 7 +++++++
> arch/x86/kvm/svm.c              | 4 +++-
> arch/x86/kvm/vmx/vmx.c          | 6 +++++-
> 3 files changed, 15 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> index 44a5ce57a905..5b14aa1fbeeb 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -1581,6 +1581,13 @@ bool kvm_intr_is_single_vcpu(struct kvm *kvm, struct kvm_lapic_irq *irq,
> void kvm_set_msi_irq(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
> 		     struct kvm_lapic_irq *irq);
> 
> +static inline bool kvm_irq_is_postable(struct kvm_lapic_irq *irq)
> +{
> +	/* We can only post Fixed and LowPrio IRQs */
> +	return (irq->delivery_mode == dest_Fixed ||
> +		irq->delivery_mode == dest_LowestPrio);
> +}
> +
> static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu)
> {
> 	if (kvm_x86_ops->vcpu_blocking)
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 1f220a85514f..f5b03d0c9bc6 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -5260,7 +5260,8 @@ get_pi_vcpu_info(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
> 
> 	kvm_set_msi_irq(kvm, e, &irq);
> 
> -	if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
> +	if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
> +	    !kvm_irq_is_postable(&irq)) {
> 		pr_debug("SVM: %s: use legacy intr remap mode for irq %u\n",
> 			 __func__, irq.vector);
> 		return -1;
> @@ -5314,6 +5315,7 @@ static int svm_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
> 		 * 1. When cannot target interrupt to a specific vcpu.
> 		 * 2. Unsetting posted interrupt.
> 		 * 3. APIC virtialization is disabled for the vcpu.
> +		 * 4. IRQ has incompatible delivery mode (SMI, INIT, etc)
> 		 */
> 		if (!get_pi_vcpu_info(kvm, e, &vcpu_info, &svm) && set &&
> 		    kvm_vcpu_apicv_active(&svm->vcpu)) {
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 570a233e272b..63f3d88b36cc 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -7382,10 +7382,14 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
> 		 * irqbalance to make the interrupts single-CPU.
> 		 *
> 		 * We will support full lowest-priority interrupt later.
> +		 *
> +		 * In addition, we can only inject generic interrupts using
> +		 * the PI mechanism, refuse to route others through it.
> 		 */
> 
> 		kvm_set_msi_irq(kvm, e, &irq);
> -		if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
> +		if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
> +		    !kvm_irq_is_postable(&irq)) {
> 			/*
> 			 * Make sure the IRTE is in remapped mode if
> 			 * we don't handle it in posted mode.
> -- 
> 2.17.1
> 
> 
> 
> 
> Amazon Development Center Germany GmbH
> Krausenstr. 38
> 10117 Berlin
> Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich
> Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
> Sitz: Berlin
> Ust-ID: DE 289 237 879
> 
> 
> 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs
  2019-09-05 12:58 [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs Alexander Graf
  2019-09-05 17:07 ` Liran Alon
@ 2019-09-05 17:33 ` Sean Christopherson
  2019-09-06  0:22 ` Wanpeng Li
  2019-09-10  6:15 ` Christoph Hellwig
  3 siblings, 0 replies; 6+ messages in thread
From: Sean Christopherson @ 2019-09-05 17:33 UTC (permalink / raw)
  To: Alexander Graf
  Cc: kvm, linux-kernel, x86, H. Peter Anvin, Borislav Petkov,
	Ingo Molnar, Thomas Gleixner, Joerg Roedel, Jim Mattson,
	Wanpeng Li, Vitaly Kuznetsov, Radim Krčmář,
	Paolo Bonzini, Liran Alon

On Thu, Sep 05, 2019 at 02:58:18PM +0200, Alexander Graf wrote:
> We can easily route hardware interrupts directly into VM context when
> they target the "Fixed" or "LowPriority" delivery modes.
> 
> However, on modes such as "SMI" or "Init", we need to go via KVM code
> to actually put the vCPU into a different mode of operation, so we can
> not post the interrupt
> 
> Add code in the VMX and SVM PI logic to explicitly refuse to establish
> posted mappings for advanced IRQ deliver modes. This reflects the logic
> in __apic_accept_irq() which also only ever passes Fixed and LowPriority
> interrupts as posted interrupts into the guest.
> 
> This fixes a bug I have with code which configures real hardware to
> inject virtual SMIs into my guest.
> 
> Signed-off-by: Alexander Graf <graf@amazon.com>
> 
> ---

Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs
  2019-09-05 12:58 [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs Alexander Graf
  2019-09-05 17:07 ` Liran Alon
  2019-09-05 17:33 ` Sean Christopherson
@ 2019-09-06  0:22 ` Wanpeng Li
  2019-09-10  6:15 ` Christoph Hellwig
  3 siblings, 0 replies; 6+ messages in thread
From: Wanpeng Li @ 2019-09-06  0:22 UTC (permalink / raw)
  To: Alexander Graf
  Cc: kvm, LKML, the arch/x86 maintainers, H. Peter Anvin,
	Borislav Petkov, Ingo Molnar, Thomas Gleixner, Joerg Roedel,
	Jim Mattson, Wanpeng Li, Vitaly Kuznetsov, Sean Christopherson,
	Radim Krčmář,
	Paolo Bonzini, Liran Alon

On Thu, 5 Sep 2019 at 21:46, Alexander Graf <graf@amazon.com> wrote:
>
> We can easily route hardware interrupts directly into VM context when
> they target the "Fixed" or "LowPriority" delivery modes.
>
> However, on modes such as "SMI" or "Init", we need to go via KVM code
> to actually put the vCPU into a different mode of operation, so we can
> not post the interrupt
>
> Add code in the VMX and SVM PI logic to explicitly refuse to establish
> posted mappings for advanced IRQ deliver modes. This reflects the logic
> in __apic_accept_irq() which also only ever passes Fixed and LowPriority
> interrupts as posted interrupts into the guest.
>
> This fixes a bug I have with code which configures real hardware to
> inject virtual SMIs into my guest.
>
> Signed-off-by: Alexander Graf <graf@amazon.com>

Reviewed-by: Wanpeng Li <wanpengli@tencent.com>

>
> ---
>
> v1 -> v2:
>
>   - Make error message more unique
>   - Update commit message to point to __apic_accept_irq()
>
> v2 -> v3:
>
>   - Use if() rather than switch()
>   - Move abort logic into existing if() branch for broadcast irqs
>   -> remove the updated error message again (thus remove R-B tag from Liran)
>   - Fold VMX and SVM changes into single commit
>   - Combine postability check into helper function kvm_irq_is_postable()
> ---
>  arch/x86/include/asm/kvm_host.h | 7 +++++++
>  arch/x86/kvm/svm.c              | 4 +++-
>  arch/x86/kvm/vmx/vmx.c          | 6 +++++-
>  3 files changed, 15 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> index 44a5ce57a905..5b14aa1fbeeb 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -1581,6 +1581,13 @@ bool kvm_intr_is_single_vcpu(struct kvm *kvm, struct kvm_lapic_irq *irq,
>  void kvm_set_msi_irq(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
>                      struct kvm_lapic_irq *irq);
>
> +static inline bool kvm_irq_is_postable(struct kvm_lapic_irq *irq)
> +{
> +       /* We can only post Fixed and LowPrio IRQs */
> +       return (irq->delivery_mode == dest_Fixed ||
> +               irq->delivery_mode == dest_LowestPrio);
> +}
> +
>  static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu)
>  {
>         if (kvm_x86_ops->vcpu_blocking)
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 1f220a85514f..f5b03d0c9bc6 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -5260,7 +5260,8 @@ get_pi_vcpu_info(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
>
>         kvm_set_msi_irq(kvm, e, &irq);
>
> -       if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
> +       if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
> +           !kvm_irq_is_postable(&irq)) {
>                 pr_debug("SVM: %s: use legacy intr remap mode for irq %u\n",
>                          __func__, irq.vector);
>                 return -1;
> @@ -5314,6 +5315,7 @@ static int svm_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
>                  * 1. When cannot target interrupt to a specific vcpu.
>                  * 2. Unsetting posted interrupt.
>                  * 3. APIC virtialization is disabled for the vcpu.
> +                * 4. IRQ has incompatible delivery mode (SMI, INIT, etc)
>                  */
>                 if (!get_pi_vcpu_info(kvm, e, &vcpu_info, &svm) && set &&
>                     kvm_vcpu_apicv_active(&svm->vcpu)) {
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 570a233e272b..63f3d88b36cc 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -7382,10 +7382,14 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
>                  * irqbalance to make the interrupts single-CPU.
>                  *
>                  * We will support full lowest-priority interrupt later.
> +                *
> +                * In addition, we can only inject generic interrupts using
> +                * the PI mechanism, refuse to route others through it.
>                  */
>
>                 kvm_set_msi_irq(kvm, e, &irq);
> -               if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
> +               if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
> +                   !kvm_irq_is_postable(&irq)) {
>                         /*
>                          * Make sure the IRTE is in remapped mode if
>                          * we don't handle it in posted mode.
> --
> 2.17.1
>
>
>
>
> Amazon Development Center Germany GmbH
> Krausenstr. 38
> 10117 Berlin
> Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich
> Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
> Sitz: Berlin
> Ust-ID: DE 289 237 879
>
>
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs
  2019-09-05 12:58 [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs Alexander Graf
                   ` (2 preceding siblings ...)
  2019-09-06  0:22 ` Wanpeng Li
@ 2019-09-10  6:15 ` Christoph Hellwig
  2019-09-10 14:40   ` Paolo Bonzini
  3 siblings, 1 reply; 6+ messages in thread
From: Christoph Hellwig @ 2019-09-10  6:15 UTC (permalink / raw)
  To: Alexander Graf
  Cc: kvm, linux-kernel, x86, H. Peter Anvin, Borislav Petkov,
	Ingo Molnar, Thomas Gleixner, Joerg Roedel, Jim Mattson,
	Wanpeng Li, Vitaly Kuznetsov, Sean Christopherson,
	Radim Krčmář,
	Paolo Bonzini, Liran Alon

And what about even ones? :)

Sorry, just joking, but the "odd" qualifier here looks a little weird,
maybe something like "non-standard develiry modes" might make sense
here.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs
  2019-09-10  6:15 ` Christoph Hellwig
@ 2019-09-10 14:40   ` Paolo Bonzini
  0 siblings, 0 replies; 6+ messages in thread
From: Paolo Bonzini @ 2019-09-10 14:40 UTC (permalink / raw)
  To: Christoph Hellwig, Alexander Graf
  Cc: kvm, linux-kernel, x86, H. Peter Anvin, Borislav Petkov,
	Ingo Molnar, Thomas Gleixner, Joerg Roedel, Jim Mattson,
	Wanpeng Li, Vitaly Kuznetsov, Sean Christopherson,
	Radim Krčmář,
	Liran Alon

On 10/09/19 08:15, Christoph Hellwig wrote:
> And what about even ones? :)
> 
> Sorry, just joking, but the "odd" qualifier here looks a little weird,
> maybe something like "non-standard develiry modes" might make sense
> here.

Indeed, folded this into the commit message.  Thanks Christoph.

Alex, I queued the patch but I don't think I'll include it in 5.3.

Paolo


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-05 12:58 [PATCH v3] KVM: x86: Disable posted interrupts for odd IRQs Alexander Graf
2019-09-05 17:07 ` Liran Alon
2019-09-05 17:33 ` Sean Christopherson
2019-09-06  0:22 ` Wanpeng Li
2019-09-10  6:15 ` Christoph Hellwig
2019-09-10 14:40   ` Paolo Bonzini

KVM Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kvm/0 kvm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kvm kvm/ https://lore.kernel.org/kvm \
		kvm@vger.kernel.org kvm@archiver.kernel.org
	public-inbox-index kvm


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.kvm


AGPL code for this site: git clone https://public-inbox.org/ public-inbox