mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2026-01-06 22:46:35 +00:00
2008fab345
Free the APIC access page memslot if any vCPU enables x2APIC and SVM's
AVIC is enabled to prevent accesses to the virtual APIC on vCPUs with
x2APIC enabled. On AMD, if its "hybrid" mode is enabled (AVIC is enabled
when x2APIC is enabled even without x2AVIC support), keeping the APIC
access page memslot results in the guest being able to access the virtual
APIC page as x2APIC is fully emulated by KVM. I.e. hardware isn't aware
that the guest is operating in x2APIC mode.
Exempt nested SVM's update of APICv state from the new logic as x2APIC
can't be toggled on VM-Exit. In practice, invoking the x2APIC logic
should be harmless precisely because it should be a glorified nop, but
play it safe to avoid latent bugs, e.g. with dropping the vCPU's SRCU
lock.
Intel doesn't suffer from the same issue as APICv has fully independent
VMCS controls for xAPIC vs. x2APIC virtualization. Technically, KVM
should provide bus error semantics and not memory semantics for the APIC
page when x2APIC is enabled, but KVM already provides memory semantics in
other scenarios, e.g. if APICv/AVIC is enabled and the APIC is hardware
disabled (via APIC_BASE MSR).
Note, checking apic_access_memslot_enabled without taking locks relies
it being set during vCPU creation (before kvm_vcpu_reset()). vCPUs can
race to set the inhibit and delete the memslot, i.e. can get false
positives, but can't get false negatives as apic_access_memslot_enabled
can't be toggled "on" once any vCPU reaches KVM_RUN.
Opportunistically drop the "can" while updating avic_activate_vmcb()'s
comment, i.e. to state that KVM _does_ support the hybrid mode. Move
the "Note:" down a line to conform to preferred kernel/KVM multi-line
comment style.
Opportunistically update the apicv_update_lock comment, as it isn't
actually used to protect apic_access_memslot_enabled (which is protected
by slots_lock).
Fixes:
|
||
|---|---|---|
| .. | ||
| mmu | ||
| svm | ||
| vmx | ||
| .gitignore | ||
| cpuid.c | ||
| cpuid.h | ||
| debugfs.c | ||
| emulate.c | ||
| fpu.h | ||
| hyperv.c | ||
| hyperv.h | ||
| i8254.c | ||
| i8254.h | ||
| i8259.c | ||
| ioapic.c | ||
| ioapic.h | ||
| irq_comm.c | ||
| irq.c | ||
| irq.h | ||
| Kconfig | ||
| kvm_cache_regs.h | ||
| kvm_emulate.h | ||
| kvm_onhyperv.c | ||
| kvm_onhyperv.h | ||
| kvm-asm-offsets.c | ||
| lapic.c | ||
| lapic.h | ||
| Makefile | ||
| mmu.h | ||
| mtrr.c | ||
| pmu.c | ||
| pmu.h | ||
| reverse_cpuid.h | ||
| smm.c | ||
| smm.h | ||
| trace.h | ||
| tss.h | ||
| x86.c | ||
| x86.h | ||
| xen.c | ||
| xen.h | ||