[PATCH 1/6] KVM: nVMX: Get to-be-acknowledge IRQ for nested VM-Exit at injection site

From: Sean Christopherson
Date: Fri Jul 19 2024 - 20:02:14 EST

Next message: Sean Christopherson: "[PATCH 2/6] KVM: nVMX: Suppress external interrupt VM-Exit injection if there's no IRQ"
Previous message: Sean Christopherson: "[PATCH 0/6] KVM: nVMX: Fix IPIv vs. nested posted interrupts"
In reply to: Sean Christopherson: "[PATCH 0/6] KVM: nVMX: Fix IPIv vs. nested posted interrupts"
Next in thread: Sean Christopherson: "[PATCH 2/6] KVM: nVMX: Suppress external interrupt VM-Exit injection if there's no IRQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Move the logic to get the to-be-acknowledge IRQ for a nested VM-Exit from
nested_vmx_vmexit() to vmx_check_nested_events(), which is subtly the one
and only path where KVM invokes nested_vmx_vmexit() with
EXIT_REASON_EXTERNAL_INTERRUPT. A future fix will perform a last-minute
check on L2's nested posted interrupt notification vector, just before
injecting a nested VM-Exit. To handle that scenario correctly, KVM needs
to get the interrupt _before_ injecting VM-Exit, as simply querying the
highest priority interrupt, via kvm_cpu_has_interrupt(), would result in
TOCTOU bug, as a new, higher priority interrupt could arrive between
kvm_cpu_has_interrupt() and kvm_cpu_get_interrupt().

Opportunistically convert the WARN_ON() to a WARN_ON_ONCE(). If KVM has
a bug that results in a false positive from kvm_cpu_has_interrupt(),
spamming dmesg won't help the situation.

Note, nested_vmx_reflect_vmexit() can never reflect external interrupts as
they are always "wanted" by L0.

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/vmx/nested.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 2392a7ef254d..b3e17635f7e3 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4284,11 +4284,26 @@ static int vmx_check_nested_events(struct kvm_vcpu *vcpu)
}

if (kvm_cpu_has_interrupt(vcpu) && !vmx_interrupt_blocked(vcpu)) {
+ u32 exit_intr_info;
+
if (block_nested_events)
return -EBUSY;
if (!nested_exit_on_intr(vcpu))
goto no_vmexit;
- nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT, 0, 0);
+
+ if (nested_exit_intr_ack_set(vcpu)) {
+ int irq;
+
+ irq = kvm_cpu_get_interrupt(vcpu);
+ WARN_ON_ONCE(irq < 0);
+
+ exit_intr_info = INTR_INFO_VALID_MASK | INTR_TYPE_EXT_INTR | irq;
+ } else {
+ exit_intr_info = 0;
+ }
+
+ nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT,
+ exit_intr_info, 0);
return 0;
}

@@ -4969,14 +4984,6 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;

if (likely(!vmx->fail)) {
- if ((u16)vm_exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT &&
- nested_exit_intr_ack_set(vcpu)) {
- int irq = kvm_cpu_get_interrupt(vcpu);
- WARN_ON(irq < 0);
- vmcs12->vm_exit_intr_info = irq |
- INTR_INFO_VALID_MASK | INTR_TYPE_EXT_INTR;
- }
-
if (vm_exit_reason != -1)
trace_kvm_nested_vmexit_inject(vmcs12->vm_exit_reason,
vmcs12->exit_qualification,
--
2.45.2.1089.g2a221341d9-goog

Next message: Sean Christopherson: "[PATCH 2/6] KVM: nVMX: Suppress external interrupt VM-Exit injection if there's no IRQ"
Previous message: Sean Christopherson: "[PATCH 0/6] KVM: nVMX: Fix IPIv vs. nested posted interrupts"
In reply to: Sean Christopherson: "[PATCH 0/6] KVM: nVMX: Fix IPIv vs. nested posted interrupts"
Next in thread: Sean Christopherson: "[PATCH 2/6] KVM: nVMX: Suppress external interrupt VM-Exit injection if there's no IRQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]