svm: Deactivate AVIC when launching guest with nested SVM support

Since AVIC does not currently work w/ nested virtualization, deactivate AVIC for the guest if setting CPUID Fn80000001_ECX[SVM] (i.e. indicate support for SVM, which is needed for nested virtualization). Also, introduce a new APICV_INHIBIT_REASON_NESTED bit to be used for this reason. Suggested-by: Alexander Graf <graf@amazon.com> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-12-17 15:16:42 +07:00 · 2019-11-14 14:15:14 -06:00 · 2019-11-14 14:15:14 -06:00 · 9a0bf05430
commit 9a0bf05430
parent f4fdc0a2ed
2 changed files with 11 additions and 1 deletions
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@ -877,6 +877,7 @@ enum kvm_irqchip_mode {

 #define APICV_INHIBIT_REASON_DISABLE    0
 #define APICV_INHIBIT_REASON_HYPERV     1
+#define APICV_INHIBIT_REASON_NESTED     2

 struct kvm_arch {
 	unsigned long n_used_mmu_pages;
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@ -5988,6 +5988,14 @@ static void svm_cpuid_update(struct kvm_vcpu *vcpu)
 		return;

 	guest_cpuid_clear(vcpu, X86_FEATURE_X2APIC);
+
+	/*
+	 * Currently, AVIC does not work with nested virtualization.
+	 * So, we disable AVIC when cpuid for SVM is set in the L1 guest.
+	 */
+	if (nested && guest_cpuid_has(vcpu, X86_FEATURE_SVM))
+		kvm_request_apicv_update(vcpu->kvm, false,
+					 APICV_INHIBIT_REASON_NESTED);
 }

 #define F feature_bit
@ -7319,7 +7327,8 @@ static bool svm_apic_init_signal_blocked(struct kvm_vcpu *vcpu)
 static bool svm_check_apicv_inhibit_reasons(ulong bit)
 {
 	ulong supported = BIT(APICV_INHIBIT_REASON_DISABLE) |
-			  BIT(APICV_INHIBIT_REASON_HYPERV);
+			  BIT(APICV_INHIBIT_REASON_HYPERV) |
+			  BIT(APICV_INHIBIT_REASON_NESTED);

 	return supported & BIT(bit);
 }