KVM: x86: Recompute PID.ON when clearing PID.SN

Luwei Kang · bonzini · commit c112b5f50232 · 2019-02-14T16:20:31.000+01:00
Some Posted-Interrupts from passthrough devices may be lost or
overwritten when the vCPU is in runnable state.

The SN (Suppress Notification) of PID (Posted Interrupt Descriptor) will
be set when the vCPU is preempted (vCPU in KVM_MP_STATE_RUNNABLE state but
not running on physical CPU). If a posted interrupt comes at this time,
the irq remapping facility will set the bit of PIR (Posted Interrupt
Requests) but not ON (Outstanding Notification).  Then, the interrupt
will not be seen by KVM, which always expects PID.ON=1 if PID.PIR=1
as documented in the Intel processor SDM but not in the VT-d specification.
To fix this, restore the invariant after PID.SN is cleared.

Signed-off-by: Luwei Kang &lt;luwei.kang@intel.com&gt;
Signed-off-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
@@ -1193,21 +1193,6 @@ static void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu)
 	if (!pi_test_sn(pi_desc) && vcpu->cpu == cpu)
 		return;
 
-	/*
-	 * First handle the simple case where no cmpxchg is necessary; just
-	 * allow posting non-urgent interrupts.
-	 *
-	 * If the 'nv' field is POSTED_INTR_WAKEUP_VECTOR, do not change
-	 * PI.NDST: pi_post_block will do it for us and the wakeup_handler
-	 * expects the VCPU to be on the blocked_vcpu_list that matches
-	 * PI.NDST.
-	 */
-	if (pi_desc->nv == POSTED_INTR_WAKEUP_VECTOR ||
-	    vcpu->cpu == cpu) {
-		pi_clear_sn(pi_desc);
-		return;
-	}
-
 	/* The full case.  */
 	do {
 		old.control = new.control = pi_desc->control;
@@ -1222,6 +1207,17 @@ static void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu)
 		new.sn = 0;
 	} while (cmpxchg64(&pi_desc->control, old.control,
 			   new.control) != old.control);
+
+	/*
+	 * Clear SN before reading the bitmap.  The VT-d firmware
+	 * writes the bitmap and reads SN atomically (5.2.3 in the
+	 * spec), so it doesn't really have a memory barrier that
+	 * pairs with this, but we cannot do that and we need one.
+	 */
+	smp_mb__after_atomic();
+
+	if (!bitmap_empty((unsigned long *)pi_desc->pir, NR_VECTORS))
+		pi_set_on(pi_desc);
 }
 
 /*
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
@@ -337,16 +337,16 @@ static inline int pi_test_and_set_pir(int vector, struct pi_desc *pi_desc)
 	return test_and_set_bit(vector, (unsigned long *)pi_desc->pir);
 }
 
-static inline void pi_clear_sn(struct pi_desc *pi_desc)
+static inline void pi_set_sn(struct pi_desc *pi_desc)
 {
-	return clear_bit(POSTED_INTR_SN,
+	return set_bit(POSTED_INTR_SN,
 			(unsigned long *)&pi_desc->control);
 }
 
-static inline void pi_set_sn(struct pi_desc *pi_desc)
+static inline void pi_set_on(struct pi_desc *pi_desc)
 {
-	return set_bit(POSTED_INTR_SN,
-			(unsigned long *)&pi_desc->control);
+	set_bit(POSTED_INTR_ON,
+		(unsigned long *)&pi_desc->control);
 }
 
 static inline void pi_clear_on(struct pi_desc *pi_desc)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
@@ -7801,7 +7801,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 	 * 1) We should set ->mode before checking ->requests.  Please see
 	 * the comment in kvm_vcpu_exiting_guest_mode().
 	 *
-	 * 2) For APICv, we should set ->mode before checking PIR.ON.  This
+	 * 2) For APICv, we should set ->mode before checking PID.ON. This
 	 * pairs with the memory barrier implicit in pi_test_and_set_on
 	 * (see vmx_deliver_posted_interrupt).
 	 *

Original file line number	Diff line number	Diff line change
`@@ -337,16 +337,16 @@ static inline int pi_test_and_set_pir(int vector, struct pi_desc *pi_desc)`
`337`	`337`	`return test_and_set_bit(vector, (unsigned long *)pi_desc->pir);`
`338`	`338`	`}`
`339`	`339`
`340`		`-static inline void pi_clear_sn(struct pi_desc *pi_desc)`
	`340`	`+static inline void pi_set_sn(struct pi_desc *pi_desc)`
`341`	`341`	`{`
`342`		`- return clear_bit(POSTED_INTR_SN,`
	`342`	`+ return set_bit(POSTED_INTR_SN,`
`343`	`343`	`(unsigned long *)&pi_desc->control);`
`344`	`344`	`}`
`345`	`345`
`346`		`-static inline void pi_set_sn(struct pi_desc *pi_desc)`
	`346`	`+static inline void pi_set_on(struct pi_desc *pi_desc)`
`347`	`347`	`{`
`348`		`- return set_bit(POSTED_INTR_SN,`
`349`		`- (unsigned long *)&pi_desc->control);`
	`348`	`+ set_bit(POSTED_INTR_ON,`
	`349`	`+ (unsigned long *)&pi_desc->control);`
`350`	`350`	`}`
`351`	`351`
`352`	`352`	`static inline void pi_clear_on(struct pi_desc *pi_desc)`
Original file line number	Diff line number	Diff line change
`@@ -7801,7 +7801,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)`
`7801`	`7801`	`* 1) We should set ->mode before checking ->requests. Please see`
`7802`	`7802`	`* the comment in kvm_vcpu_exiting_guest_mode().`
`7803`	`7803`	`*`
`7804`		`- * 2) For APICv, we should set ->mode before checking PIR.ON. This`
	`7804`	`+ * 2) For APICv, we should set ->mode before checking PID.ON. This`
`7805`	`7805`	`* pairs with the memory barrier implicit in pi_test_and_set_on`
`7806`	`7806`	`* (see vmx_deliver_posted_interrupt).`
`7807`	`7807`	`*`