Re: Bug with nested PAUSE intercept on SVM

Next message: David Laight: "Re: [PATCH 3/5] uaccess: add copy_struct_{from,to}_bounce_buffer() helpers"
Previous message: Sanjay Govind: "[PATCH v6] xpad: Overhaul device data for wireless devices"
In reply to: Kaplan, David: "Bug with nested PAUSE intercept on SVM"
Next in thread: Kaplan, David: "RE: Bug with nested PAUSE intercept on SVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Tue Apr 07 2026 - 14:25:06 EST

On Tue, Apr 07, 2026, David Kaplan wrote:
> Hi,
>
> On AMD SVM when the L1 guest is trying to intercept every PAUSE instruction
> in an L2 guest, the PAUSE intercept sometimes fails to fire. I have a theory
> on the source of the bug and also included a short reproducer below.
>
> In this scenario, L1 has created a guest with the pause count and threshold
> set to 0, and the PAUSE intercept bit set. I *think* the bug is that if the
> vCPU gets scheduled out on L0 while we're in the L2 guest, then upon resuming
> the vCPU KVM calls shrink_ple_window() which doesn't appear to take into
> account the fact that svm->vmcb might be for the L2 guest and not the L1. As
> a result, it looks like it sets the pause count to the default (3000) causing
> many PAUSE instructions in L2 to not be intercepted.

It's probably even simpler than that: KVM is completely broken.

https://lore.kernel.org/all/20250131010601.469904-1-seanjc@xxxxxxxxxx

Paolo, can I finally apply that patch? I brought it up in PUCK a while back,
and IIRC you were resistant to dropping "support" for cpu_pm=on setups.