[PATCH v2 0/5] RFC: KVM: SVM: Allow L1's AVIC to co-exist with nesting

From: Maxim Levitsky
Date: Mon Dec 13 2021 - 05:47:39 EST

Next message: Maxim Levitsky: "[PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF"
Previous message: Suthikulpanit, Suravee: "Re: [PATCH v2 3/3] KVM: SVM: Extend host physical APIC ID field to support more than 8-bit"
Next in thread: Maxim Levitsky: "[PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch series aims to lift long standing restriction of
using AVIC only when nested virtualization is not exposed
to the guest.

Notes about specific patches:

Patch 1 - this is an unrelated fix to KVM for a corner case I found
while writing a unit test for the feature.

Patch 2 addresses the fact that AVIC appears to be disabled
in CPUID on several Milan systems I am tesing on.

This adds a workaround (with a big warning and a kernel taint) to enable
it anyway if you really know what you are doing.

Patch 3 is from Paolo, which was done after our long discussion about the
various races that AVIC inhibition is subject to. Thanks Paolo!
It replaces two patches I sent in the previous version which attempted
to fix the same issue but weren't quite right.

Patch 4 is the more or less the same patch 5 in V1, but with proper
justification.

Patch 6 is the patch that adds the AVIC co-existance itself and
in this version I fixed (and partially tested) it in regard to AVIC inhibition
due to interrupt window.

Everything was tested on a Zen3 (Milan) machine.

On Zen2 machines, the errata #1235 makes my tests fail quite fast.
For general use though, most of the time this errata doesn't cause
long hangs.

Best regards,
Maxim Levitsky

Maxim Levitsky (5):
KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets
L2 control EFLAGS.IF
KVM: SVM: allow to force AVIC to be enabled
KVM: SVM: fix race between interrupt delivery and AVIC inhibition
KVM: x86: don't touch irr_pending in kvm_apic_update_apicv when
inhibiting it
KVM: SVM: allow AVIC to co-exist with a nested guest running

arch/x86/include/asm/kvm-x86-ops.h | 1 +
arch/x86/include/asm/kvm_host.h | 7 ++-
arch/x86/kvm/lapic.c | 5 +-
arch/x86/kvm/svm/avic.c | 91 +++++++++++++++++++-----------
arch/x86/kvm/svm/nested.c | 11 ++--
arch/x86/kvm/svm/svm.c | 51 +++++++++++------
arch/x86/kvm/svm/svm.h | 1 +
arch/x86/kvm/x86.c | 17 +++++-
8 files changed, 125 insertions(+), 59 deletions(-)

--
2.26.3

Next message: Maxim Levitsky: "[PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF"
Previous message: Suthikulpanit, Suravee: "Re: [PATCH v2 3/3] KVM: SVM: Extend host physical APIC ID field to support more than 8-bit"
Next in thread: Maxim Levitsky: "[PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]