Re: [PATCH v7 8/8] KVM: VMX: enable IPI virtualization

From: Sean Christopherson
Date: Fri Apr 15 2022 - 10:36:01 EST


On Sat, Apr 09, 2022, Zeng Guang wrote:
>
> On 4/5/2022 1:57 AM, Sean Christopherson wrote:
> > On Sun, Apr 03, 2022, Zeng Guang wrote:
> > > On 4/1/2022 10:37 AM, Sean Christopherson wrote:
> > > > > @@ -4219,14 +4226,21 @@ static void vmx_refresh_apicv_exec_ctrl(struct kvm_vcpu *vcpu)
> > > > > pin_controls_set(vmx, vmx_pin_based_exec_ctrl(vmx));
> > > > > if (cpu_has_secondary_exec_ctrls()) {
> > > > > - if (kvm_vcpu_apicv_active(vcpu))
> > > > > + if (kvm_vcpu_apicv_active(vcpu)) {
> > > > > secondary_exec_controls_setbit(vmx,
> > > > > SECONDARY_EXEC_APIC_REGISTER_VIRT |
> > > > > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
> > > > > - else
> > > > > + if (enable_ipiv)
> > > > > + tertiary_exec_controls_setbit(vmx,
> > > > > + TERTIARY_EXEC_IPI_VIRT);
> > > > > + } else {
> > > > > secondary_exec_controls_clearbit(vmx,
> > > > > SECONDARY_EXEC_APIC_REGISTER_VIRT |
> > > > > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY);
> > > > > + if (enable_ipiv)
> > > > > + tertiary_exec_controls_clearbit(vmx,
> > > > > + TERTIARY_EXEC_IPI_VIRT);
> > > > Oof. The existing code is kludgy. We should never reach this point without
> > > > enable_apicv=true, and enable_apicv should be forced off if APICv isn't supported,
> > > > let alone seconary exec being support.
> > > >
> > > > Unless I'm missing something, throw a prep patch earlier in the series to drop
> > > > the cpu_has_secondary_exec_ctrls() check, that will clean this code up a smidge.
> > > cpu_has_secondary_exec_ctrls() check can avoid wrong vmcs write in case mistaken
> > > invocation.
> > KVM has far bigger problems on buggy invocation, and in that case the resulting
> > printk + WARN from the failed VMWRITE is a good thing.
>
> SDM doesn't define VMWRITE failure for such case.

Yes it absolutely does. cpu_has_secondary_exec_ctrls() checks if the VMCS field
_exists_, not if it's being used by KVM (though that's a moot point since KVM
always enables secondary controls when it's supported). VMWRITE to non-existent
fields cause VM-Fail.

ELSIF secondary source operand does not correspond to any VMCS field
THEN VMfailValid(VMREAD/VMWRITE from/to unsupported VMCS component);