tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

KVM: x86/mmu: allow APICv memslot to be enabled but invisible

on AMD, APIC virtualization needs to dynamicaly inhibit the AVIC in a
response to some events, and this is problematic and not efficient to do by
enabling/disabling the memslot that covers APIC's mmio range.

Plus due to SRCU locking, it makes it more complex to
request AVIC inhibition.

Instead, the APIC memslot will be always enabled, but be invisible
to the guest, such as the MMU code will not install a SPTE for it,
when it is inhibited and instead jump straight to emulating the access.

When inhibiting the AVIC, this SPTE will be zapped.

This code is based on a suggestion from Sean Christopherson:
https://lkml.org/lkml/2021/7/19/2970

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20210810205251.424103-8-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

authored by

Maxim Levitsky and committed by
Paolo Bonzini 9cc13d60 8f32d5e5

+18 -5
+18 -5
arch/x86/kvm/mmu/mmu.c
··· 3899 3899 if (slot && (slot->flags & KVM_MEMSLOT_INVALID)) 3900 3900 goto out_retry; 3901 3901 3902 - /* Don't expose private memslots to L2. */ 3903 - if (is_guest_mode(vcpu) && !kvm_is_visible_memslot(slot)) { 3904 - *pfn = KVM_PFN_NOSLOT; 3905 - *writable = false; 3906 - return false; 3902 + if (!kvm_is_visible_memslot(slot)) { 3903 + /* Don't expose private memslots to L2. */ 3904 + if (is_guest_mode(vcpu)) { 3905 + *pfn = KVM_PFN_NOSLOT; 3906 + *writable = false; 3907 + return false; 3908 + } 3909 + /* 3910 + * If the APIC access page exists but is disabled, go directly 3911 + * to emulation without caching the MMIO access or creating a 3912 + * MMIO SPTE. That way the cache doesn't need to be purged 3913 + * when the AVIC is re-enabled. 3914 + */ 3915 + if (slot && slot->id == APIC_ACCESS_PAGE_PRIVATE_MEMSLOT && 3916 + !kvm_apicv_activated(vcpu->kvm)) { 3917 + *r = RET_PF_EMULATE; 3918 + return true; 3919 + } 3907 3920 } 3908 3921 3909 3922 async = false;