> On 5 Sep 2019, at 15:58, Alexander Graf <graf@xxxxxxxxxx> wrote:
>
> We can easily route hardware interrupts directly into VM context when
> they target the "Fixed" or "LowPriority" delivery modes.
>
> However, on modes such as "SMI" or "Init", we need to go via KVM code
> to actually put the vCPU into a different mode of operation, so we can
> not post the interrupt
>
> Add code in the VMX and SVM PI logic to explicitly refuse to establish
> posted mappings for advanced IRQ deliver modes. This reflects the logic
> in __apic_accept_irq() which also only ever passes Fixed and LowPriority
> interrupts as posted interrupts into the guest.
>
> This fixes a bug I have with code which configures real hardware to
> inject virtual SMIs into my guest.
>
> Signed-off-by: Alexander Graf <graf@xxxxxxxxxx>
Reviewed-by: Liran Alon <liran.alon@xxxxxxxxxx>
>
> ---
>
> v1 -> v2:
>
> - Make error message more unique
> - Update commit message to point to __apic_accept_irq()
>
> v2 -> v3:
>
> - Use if() rather than switch()
> - Move abort logic into existing if() branch for broadcast irqs
> -> remove the updated error message again (thus remove R-B tag from Liran)
> - Fold VMX and SVM changes into single commit
> - Combine postability check into helper function kvm_irq_is_postable()
> ---
> arch/x86/include/asm/kvm_host.h | 7 +++++++
> arch/x86/kvm/svm.c | 4 +++-
> arch/x86/kvm/vmx/vmx.c | 6 +++++-
> 3 files changed, 15 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> index 44a5ce57a905..5b14aa1fbeeb 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -1581,6 +1581,13 @@ bool kvm_intr_is_single_vcpu(struct kvm *kvm, struct kvm_lapic_irq *irq,
> void kvm_set_msi_irq(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
> struct kvm_lapic_irq *irq);
>
> +static inline bool kvm_irq_is_postable(struct kvm_lapic_irq *irq)
> +{
> + /* We can only post Fixed and LowPrio IRQs */
> + return (irq->delivery_mode == dest_Fixed ||
> + irq->delivery_mode == dest_LowestPrio);
> +}
> +
> static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu)
> {
> if (kvm_x86_ops->vcpu_blocking)
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 1f220a85514f..f5b03d0c9bc6 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -5260,7 +5260,8 @@ get_pi_vcpu_info(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
>
> kvm_set_msi_irq(kvm, e, &irq);
>
> - if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
> + if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
> + !kvm_irq_is_postable(&irq)) {
> pr_debug("SVM: %s: use legacy intr remap mode for irq %u\n",
> __func__, irq.vector);
> return -1;
> @@ -5314,6 +5315,7 @@ static int svm_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
> * 1. When cannot target interrupt to a specific vcpu.
> * 2. Unsetting posted interrupt.
> * 3. APIC virtialization is disabled for the vcpu.
> + * 4. IRQ has incompatible delivery mode (SMI, INIT, etc)
> */
> if (!get_pi_vcpu_info(kvm, e, &vcpu_info, &svm) && set &&
> kvm_vcpu_apicv_active(&svm->vcpu)) {
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 570a233e272b..63f3d88b36cc 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -7382,10 +7382,14 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq,
> * irqbalance to make the interrupts single-CPU.
> *
> * We will support full lowest-priority interrupt later.
> + *
> + * In addition, we can only inject generic interrupts using
> + * the PI mechanism, refuse to route others through it.
> */
>
> kvm_set_msi_irq(kvm, e, &irq);
> - if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
> + if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
> + !kvm_irq_is_postable(&irq)) {
> /*
> * Make sure the IRTE is in remapped mode if
> * we don't handle it in posted mode.
> --
> 2.17.1
>
>
>
>
> Amazon Development Center Germany GmbH
> Krausenstr. 38
> 10117 Berlin
> Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich
> Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
> Sitz: Berlin
> Ust-ID: DE 289 237 879
>
>
>
