svm: Deactivate AVIC when launching guest with nested SVM support
authorSuravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Thu, 14 Nov 2019 20:15:14 +0000 (14:15 -0600)
committerPaolo Bonzini <pbonzini@redhat.com>
Wed, 5 Feb 2020 14:17:43 +0000 (15:17 +0100)
Since AVIC does not currently work w/ nested virtualization,
deactivate AVIC for the guest if setting CPUID Fn80000001_ECX[SVM]
(i.e. indicate support for SVM, which is needed for nested virtualization).
Also, introduce a new APICV_INHIBIT_REASON_NESTED bit to be used for
this reason.

Suggested-by: Alexander Graf <graf@amazon.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/include/asm/kvm_host.h
arch/x86/kvm/svm.c

index 90bfe8becc562fa9b5404be4dc91be378c293988..ce19dea5f2ddc7856c124c25878e42ca97559530 100644 (file)
@@ -877,6 +877,7 @@ enum kvm_irqchip_mode {
 
 #define APICV_INHIBIT_REASON_DISABLE    0
 #define APICV_INHIBIT_REASON_HYPERV     1
+#define APICV_INHIBIT_REASON_NESTED     2
 
 struct kvm_arch {
        unsigned long n_used_mmu_pages;
index 3b87ccd320d1838731fa602e813523ad32ad8d78..af90f83d7123f1330654a8d92b16cbecef199ad2 100644 (file)
@@ -5988,6 +5988,14 @@ static void svm_cpuid_update(struct kvm_vcpu *vcpu)
                return;
 
        guest_cpuid_clear(vcpu, X86_FEATURE_X2APIC);
+
+       /*
+        * Currently, AVIC does not work with nested virtualization.
+        * So, we disable AVIC when cpuid for SVM is set in the L1 guest.
+        */
+       if (nested && guest_cpuid_has(vcpu, X86_FEATURE_SVM))
+               kvm_request_apicv_update(vcpu->kvm, false,
+                                        APICV_INHIBIT_REASON_NESTED);
 }
 
 #define F feature_bit
@@ -7319,7 +7327,8 @@ static bool svm_apic_init_signal_blocked(struct kvm_vcpu *vcpu)
 static bool svm_check_apicv_inhibit_reasons(ulong bit)
 {
        ulong supported = BIT(APICV_INHIBIT_REASON_DISABLE) |
-                         BIT(APICV_INHIBIT_REASON_HYPERV);
+                         BIT(APICV_INHIBIT_REASON_HYPERV) |
+                         BIT(APICV_INHIBIT_REASON_NESTED);
 
        return supported & BIT(bit);
 }