On Mon, May 24, 2021 at 4:22 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> On Thu, May 20, 2021, Jim Mattson wrote:
> > Don't allow posted interrupts to modify a stale posted interrupt
> > descriptor (including the initial value of 0).
> >
> > Empirical tests on real hardware reveal that a posted interrupt
> > descriptor referencing an unbacked address has PCI bus error semantics
> > (reads as all 1's; writes are ignored). However, kvm can't distinguish
> > unbacked addresses from device-backed (MMIO) addresses, so it should
> > really ask userspace for an MMIO completion. That's overly
> > complicated, so just punt with KVM_INTERNAL_ERROR.
> >
> > Don't return the error until the posted interrupt descriptor is
> > actually accessed. We don't want to break the existing kvm-unit-tests
> > that assume they can launch an L2 VM with a posted interrupt
> > descriptor that references MMIO space in L1.
> >
> > Fixes: 6beb7bd52e48 ("kvm: nVMX: Refactor nested_get_vmcs12_pages()")
> > Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> > ---
> > arch/x86/kvm/vmx/nested.c | 15 ++++++++++++++-
> > 1 file changed, 14 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > index 706c31821362..defd42201bb4 100644
> > --- a/arch/x86/kvm/vmx/nested.c
> > +++ b/arch/x86/kvm/vmx/nested.c
> > @@ -3175,6 +3175,15 @@ static bool nested_get_vmcs12_pages(struct kvm_vcpu *vcpu)
> > offset_in_page(vmcs12->posted_intr_desc_addr));
> > vmcs_write64(POSTED_INTR_DESC_ADDR,
> > pfn_to_hpa(map->pfn) + offset_in_page(vmcs12->posted_intr_desc_addr));
> > + } else {
> > + /*
> > + * Defer the KVM_INTERNAL_ERROR exit until
> > + * someone tries to trigger posted interrupt
> > + * processing on this vCPU, to avoid breaking
> > + * existing kvm-unit-tests.
>
> Run the lines out to 80 chars. Also, can we change the comment to tie it to
> CPU behavior in someway? A few years down the road, "existing kvm-unit-tests"
> may not have any relevant meaning, and it's not like kvm-unit-tests is bug free
> either. E.g. something like
>
> /*
> * Defer the KVM_INTERNAL_ERROR exit until posted
> * interrupt processing actually occurs on this vCPU.
> * Until that happens, the descriptor is not accessed,
> * and userspace can technically rely on that behavior.
> */
Okay...except for the fact that kvm will rather gratuitously process
posted interrupts in situations where hardware won't. That makes it
difficult to tie this to hardware behavior.
