On Sun, Oct 10, 2021, Maxim Levitsky wrote:
> On Fri, 2021-10-08 at 18:01 -0700, Sean Christopherson wrote:
> > Belated "code review" for Maxim's recent series to rework the AVIC inhibit
> > code. Using the global APICv status in the page fault path is wrong as
> > the correct status is always the vCPU's, since that status is accurate
> > with respect to the time of the page fault. In a similar vein, the code
> > to change the inhibit can be cleaned up since KVM can't rely on ordering
> > between the update and the request for anything except consumers of the
> > request.
> >
> > Sean Christopherson (2):
> > KVM: x86/mmu: Use vCPU's APICv status when handling APIC_ACCESS
> > memslot
> > KVM: x86: Simplify APICv update request logic
> >
> > arch/x86/kvm/mmu/mmu.c | 2 +-
> > arch/x86/kvm/x86.c | 16 +++++++---------
> > 2 files changed, 8 insertions(+), 10 deletions(-)
> >
>
> Are you sure about it? Let me explain how the algorithm works:
>
> - kvm_request_apicv_update:
>
> - take kvm->arch.apicv_update_lock
>
> - if inhibition state doesn't really change (kvm->arch.apicv_inhibit_reasons still zero or non zero)
> - update kvm->arch.apicv_inhibit_reasons
> - release the lock
>
> - raise KVM_REQ_APICV_UPDATE
> * since kvm->arch.apicv_update_lock is taken, all vCPUs will be
> kicked out of guest mode and will be either doing someing in
> the KVM (like page fault) or stuck on trying to process that
> request the important thing is that no vCPU will be able to get
> back to the guest mode.
>
> - update the kvm->arch.apicv_inhibit_reasons
> * since we hold vm->arch.apicv_update_lock vcpus can't see the new value
This assertion is incorrect, kvm_apicv_activated() is not guarded by the lock.
> - update the SPTE that covers the APIC's mmio window:
This won't affect in-flight page faults.
vCPU0 vCPU1
===== =====
Disabled APICv
#NPT Acquire apicv_update_lock
Re-enable APICv
kvm_apicv_activated() == false
incorrectly handle as regular MMIO
zap APIC pages
MMIO cache has bad entry
