This is a note to let you know that I've just added the patch titled
KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID
to the 6.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-x86-don-t-inhibit-apicv-avic-if-xapic-id-mismatch-is-due-to-32-bit-id.patch
and it can be found in the queue-6.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From f651a008954803d7bb2d85b7042d0fd46133d782 Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@xxxxxxxxxx>
Date: Fri, 6 Jan 2023 01:12:39 +0000
Subject: KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID
From: Sean Christopherson <seanjc@xxxxxxxxxx>
commit f651a008954803d7bb2d85b7042d0fd46133d782 upstream.
Truncate the vcpu_id, a.k.a. x2APIC ID, to an 8-bit value when comparing
it against the xAPIC ID to avoid false positives (sort of) on systems
with >255 CPUs, i.e. with IDs that don't fit into a u8. The intent of
APIC_ID_MODIFIED is to inhibit APICv/AVIC when the xAPIC is changed from
it's original value,
The mismatch isn't technically a false positive, as architecturally the
xAPIC IDs do end up being aliased in this scenario, and neither APICv
nor AVIC correctly handles IPI virtualization when there is aliasing.
However, KVM already deliberately does not honor the aliasing behavior
that results when an x2APIC ID gets truncated to an xAPIC ID. I.e. the
resulting APICv/AVIC behavior is aligned with KVM's existing behavior
when KVM's x2APIC hotplug hack is effectively enabled.
If/when KVM provides a way to disable the hotplug hack, APICv/AVIC can
piggyback whatever logic disables the optimized APIC map (which is what
provides the hotplug hack), i.e. so that KVM's optimized map and APIC
virtualization yield the same behavior.
For now, fix the immediate problem of APIC virtualization being disabled
for large VMs, which is a much more pressing issue than ensuring KVM
honors architectural behavior for APIC ID aliasing.
Fixes: 3743c2f02517 ("KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base")
Reported-by: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Message-Id: <20230106011306.85230-7-seanjc@xxxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/lapic.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -2078,7 +2078,12 @@ static void kvm_lapic_xapic_id_updated(s
if (KVM_BUG_ON(apic_x2apic_mode(apic), kvm))
return;
- if (kvm_xapic_id(apic) == apic->vcpu->vcpu_id)
+ /*
+ * Deliberately truncate the vCPU ID when detecting a modified APIC ID
+ * to avoid false positives if the vCPU ID, i.e. x2APIC ID, is a 32-bit
+ * value.
+ */
+ if (kvm_xapic_id(apic) == (u8)apic->vcpu->vcpu_id)
return;
kvm_set_apicv_inhibit(apic->vcpu->kvm, APICV_INHIBIT_REASON_APIC_ID_MODIFIED);
Patches currently in stable-queue which might be from seanjc@xxxxxxxxxx are
queue-6.2/kvm-svm-hyper-v-placate-modpost-section-mismatch-error.patch
queue-6.2/kvm-svm-flush-the-current-tlb-when-activating-avic.patch
queue-6.2/x86-virt-force-gif-1-prior-to-disabling-svm-for-reboot-flows.patch
queue-6.2/kvm-x86-inject-gp-if-wrmsr-sets-reserved-bits-in-apic-self-ipi.patch
queue-6.2/x86-reboot-disable-svm-not-just-vmx-when-stopping-cpus.patch
queue-6.2/kvm-svm-process-icr-on-avic-ipi-delivery-failure-due-to-invalid-target.patch
queue-6.2/kvm-x86-don-t-inhibit-apicv-avic-if-xapic-id-mismatch-is-due-to-32-bit-id.patch
queue-6.2/x86-reboot-disable-virtualization-in-an-emergency-if-svm-is-supported.patch
queue-6.2/kvm-svm-don-t-put-load-avic-when-setting-virtual-apic-mode.patch
queue-6.2/x86-crash-disable-virt-in-core-nmi-crash-handler-to-avoid-double-shootdown.patch
queue-6.2/kvm-register-dev-kvm-as-the-_very_-last-thing-during-initialization.patch
queue-6.2/kvm-x86-don-t-inhibit-apicv-avic-on-xapic-id-change-if-apic-is-disabled.patch
queue-6.2/kvm-destroy-target-device-if-coalesced-mmio-unregistration-fails.patch
queue-6.2/kvm-svm-fix-potential-overflow-in-sev-s-send-receive_update_data.patch
queue-6.2/kvm-x86-blindly-get-current-x2apic-reg-value-on-nodecode-write-traps.patch
queue-6.2/kvm-x86-purge-highest-isr-cache-when-updating-apicv-state.patch
queue-6.2/kvm-x86-inject-gp-on-x2apic-wrmsr-that-sets-reserved-bits-63-32.patch
queue-6.2/kvm-vmx-fix-crash-due-to-uninitialized-current_vmcs.patch
