From: Maxim Levitsky <mlevitsk@xxxxxxxxxx> No normal guest has any reason to change physical APIC IDs, and allowing this introduces bugs into APIC acceleration code. And Intel recent hardware just ignores writes to APIC_ID in xAPIC mode. More background can be found at: https://lore.kernel.org/lkml/Yfw5ddGNOnDqxMLs@xxxxxxxxxx/ Looks there is no much value to support writable xAPIC ID in guest except supporting some old and crazy use cases which probably would fail on real hardware. So, make xAPIC ID read-only for KVM guests. Signed-off-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx> Signed-off-by: Zeng Guang <guang.zeng@xxxxxxxxx> --- arch/x86/kvm/lapic.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 137c3a2f5180..62d5ce4dc0c5 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2047,10 +2047,17 @@ static int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) switch (reg) { case APIC_ID: /* Local APIC ID */ - if (!apic_x2apic_mode(apic)) - kvm_apic_set_xapic_id(apic, val >> 24); - else + if (apic_x2apic_mode(apic)) { ret = 1; + break; + } + /* Don't allow changing APIC ID to avoid unexpected issues */ + if ((val >> 24) != apic->vcpu->vcpu_id) { + kvm_vm_bugged(apic->vcpu->kvm); + break; + } + + kvm_apic_set_xapic_id(apic, val >> 24); break; case APIC_TASKPRI: @@ -2635,11 +2642,15 @@ int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu) static int kvm_apic_state_fixup(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s, bool set) { - if (apic_x2apic_mode(vcpu->arch.apic)) { - u32 *id = (u32 *)(s->regs + APIC_ID); - u32 *ldr = (u32 *)(s->regs + APIC_LDR); - u64 icr; + u32 *id = (u32 *)(s->regs + APIC_ID); + u32 *ldr = (u32 *)(s->regs + APIC_LDR); + u64 icr; + if (!apic_x2apic_mode(vcpu->arch.apic)) { + /* Don't allow changing APIC ID to avoid unexpected issues */ + if ((*id >> 24) != vcpu->vcpu_id) + return -EINVAL; + } else { if (vcpu->kvm->arch.x2apic_format) { if (*id != vcpu->vcpu_id) return -EINVAL; -- 2.27.0
