KVM: SVM: Generate GA log IRQs only if the associated vCPUs is blocking

Configure IRTEs to GA log interrupts for device posted IRQs that hit
non-running vCPUs if and only if the target vCPU is blocking, i.e.
actually needs a wake event.  If the vCPU has exited to userspace or was
preempted, generating GA log entries and interrupts is wasteful and
unnecessary, as the vCPU will be re-loaded and/or scheduled back in
irrespective of the GA log notification (avic_ga_log_notifier() is just a
fancy wrapper for kvm_vcpu_wake_up()).

Use a should-be-zero bit in the vCPU's Physical APIC ID Table Entry to
track whether or not the vCPU's associated IRTEs are configured to
generate GA logs, but only set the synthetic bit in KVM's "cache", i.e.
never set the should-be-zero bit in tables that are used by hardware.
Use a synthetic bit instead of a dedicated boolean to minimize the odds
of messing up the locking, i.e. so that all the existing rules that apply
to avic_physical_id_entry for IS_RUNNING are reused verbatim for
GA_LOG_INTR.

Note, because KVM (by design) "puts" AVIC state in a "pre-blocking"
phase, using kvm_vcpu_is_blocking() to track the need for notifications
isn't a viable option.

Link: https://lore.kernel.org/r/20250611224604.313496-63-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index 36f67c69ea664b05bc3837669dfee4700a003e14..ffc27f67624398e3b82f982ef4ce359541a2b2b5 100644 (file)
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -252,6 +252,13 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
 #define AVIC_LOGICAL_ID_ENTRY_VALID_BIT                        31
 #define AVIC_LOGICAL_ID_ENTRY_VALID_MASK               (1 << 31)
 
+/*
+ * GA_LOG_INTR is a synthetic flag that's never propagated to hardware-visible
+ * tables.  GA_LOG_INTR is set if the vCPU needs device posted IRQs to generate
+ * GA log interrupts to wake the vCPU (because it's blocking or about to block).
+ */
+#define AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR             BIT_ULL(61)
+
 #define AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK   GENMASK_ULL(11, 0)
 #define AVIC_PHYSICAL_ID_ENTRY_BACKING_PAGE_MASK       GENMASK_ULL(51, 12)
 #define AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK         (1ULL << 62)

diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
index 02f266901bfe277e13bf66567da40c7283773d35..a34c5c3b164e2491f09c0f8d3b22f7f47a27c33f 100644 (file)
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -789,7 +789,7 @@ int avic_pi_update_irte(struct kvm_kernel_irqfd *irqfd, struct kvm *kvm,
                        pi_data.cpu = entry & AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK;
                } else {
                        pi_data.cpu = -1;
-                       pi_data.ga_log_intr = true;
+                       pi_data.ga_log_intr = entry & AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR;
                }
 
                ret = irq_set_vcpu_affinity(host_irq, &pi_data);
@@ -826,16 +826,25 @@ enum avic_vcpu_action {
 
        /*
         * No unique action is required to deal with a vCPU that stops/starts
-        * running, as IRTEs are configured to generate GALog interrupts at all
-        * times.
+        * running.  A vCPU that starts running by definition stops blocking as
+        * well, and a vCPU that stops running can't have been blocking, i.e.
+        * doesn't need to toggle GALogIntr.
         */
        AVIC_START_RUNNING      = 0,
        AVIC_STOP_RUNNING       = 0,
+
+       /*
+        * When a vCPU starts blocking, KVM needs to set the GALogIntr flag
+        * int all associated IRTEs so that KVM can wake the vCPU if an IRQ is
+        * sent to the vCPU.
+        */
+       AVIC_START_BLOCKING     = BIT(1),
 };
 
 static void avic_update_iommu_vcpu_affinity(struct kvm_vcpu *vcpu, int cpu,
                                            enum avic_vcpu_action action)
 {
+       bool ga_log_intr = (action & AVIC_START_BLOCKING);
        struct vcpu_svm *svm = to_svm(vcpu);
        struct kvm_kernel_irqfd *irqfd;
 
@@ -852,9 +861,9 @@ static void avic_update_iommu_vcpu_affinity(struct kvm_vcpu *vcpu, int cpu,
                void *data = irqfd->irq_bypass_data;
 
                if (!(action & AVIC_TOGGLE_ON_OFF))
-                       WARN_ON_ONCE(amd_iommu_update_ga(data, cpu, true));
+                       WARN_ON_ONCE(amd_iommu_update_ga(data, cpu, ga_log_intr));
                else if (cpu >= 0)
-                       WARN_ON_ONCE(amd_iommu_activate_guest_mode(data, cpu, true));
+                       WARN_ON_ONCE(amd_iommu_activate_guest_mode(data, cpu, ga_log_intr));
                else
                        WARN_ON_ONCE(amd_iommu_deactivate_guest_mode(data));
        }
@@ -889,7 +898,8 @@ static void __avic_vcpu_load(struct kvm_vcpu *vcpu, int cpu,
        entry = svm->avic_physical_id_entry;
        WARN_ON_ONCE(entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK);
 
-       entry &= ~AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK;
+       entry &= ~(AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK |
+                  AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR);
        entry |= (h_physical_id & AVIC_PHYSICAL_ID_ENTRY_HOST_PHYSICAL_ID_MASK);
        entry |= AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
 
@@ -950,12 +960,26 @@ static void __avic_vcpu_put(struct kvm_vcpu *vcpu, enum avic_vcpu_action action)
 
        avic_update_iommu_vcpu_affinity(vcpu, -1, action);
 
+       WARN_ON_ONCE(entry & AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR);
+
+       /*
+        * Keep the previous APIC ID in the entry so that a rogue doorbell from
+        * hardware is at least restricted to a CPU associated with the vCPU.
+        */
        entry &= ~AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK;
-       svm->avic_physical_id_entry = entry;
 
        if (enable_ipiv)
                WRITE_ONCE(kvm_svm->avic_physical_id_table[vcpu->vcpu_id], entry);
 
+       /*
+        * Note!  Don't set AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR in the table as
+        * it's a synthetic flag that usurps an unused should-be-zero bit.
+        */
+       if (action & AVIC_START_BLOCKING)
+               entry |= AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR;
+
+       svm->avic_physical_id_entry = entry;
+
        spin_unlock_irqrestore(&svm->ir_list_lock, flags);
 }
 
@@ -970,11 +994,26 @@ void avic_vcpu_put(struct kvm_vcpu *vcpu)
         */
        u64 entry = to_svm(vcpu)->avic_physical_id_entry;
 
-       /* Nothing to do if IsRunning == '0' due to vCPU blocking. */
-       if (!(entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK))
-               return;
+       /*
+        * Nothing to do if IsRunning == '0' due to vCPU blocking, i.e. if the
+        * vCPU is preempted while its in the process of blocking.  WARN if the
+        * vCPU wasn't running and isn't blocking, KVM shouldn't attempt to put
+        * the AVIC if it wasn't previously loaded.
+        */
+       if (!(entry & AVIC_PHYSICAL_ID_ENTRY_IS_RUNNING_MASK)) {
+               if (WARN_ON_ONCE(!kvm_vcpu_is_blocking(vcpu)))
+                       return;
+
+               /*
+                * The vCPU was preempted while blocking, ensure its IRTEs are
+                * configured to generate GA Log Interrupts.
+                */
+               if (!(WARN_ON_ONCE(!(entry & AVIC_PHYSICAL_ID_ENTRY_GA_LOG_INTR))))
+                       return;
+       }
 
-       __avic_vcpu_put(vcpu, AVIC_STOP_RUNNING);
+       __avic_vcpu_put(vcpu, kvm_vcpu_is_blocking(vcpu) ? AVIC_START_BLOCKING :
+                                                          AVIC_STOP_RUNNING);
 }
 
 void avic_refresh_virtual_apic_mode(struct kvm_vcpu *vcpu)
@@ -1040,7 +1079,7 @@ void avic_vcpu_blocking(struct kvm_vcpu *vcpu)
         * CPU and cause noisy neighbor problems if the VM is sending interrupts
         * to the vCPU while it's scheduled out.
         */
-       __avic_vcpu_put(vcpu, AVIC_STOP_RUNNING);
+       __avic_vcpu_put(vcpu, AVIC_START_BLOCKING);
 }
 
 void avic_vcpu_unblocking(struct kvm_vcpu *vcpu)