Commit 75c69c8
committed
KVM: x86: Load guest/host XCR0 and XSS outside of the fastpath run loop
Move KVM's swapping of XFEATURE masks, i.e. XCR0 and XSS, out of the
fastpath loop now that the guts of the #MC handler runs in task context,
i.e. won't invoke schedule() with preemption disabled and clobber state
(or crash the kernel) due to trying to context switch XSTATE with a mix
of host and guest state.
For all intents and purposes, this reverts commit 1811d97 ("x86/kvm:
move kvm_load/put_guest_xcr0 into atomic context"), which papered over an
egregious bug/flaw in the #MC handler where it would do schedule() even
though IRQs are disabled. E.g. the call stack from the commit:
kvm_load_guest_xcr0
...
kvm_x86_ops->run(vcpu)
vmx_vcpu_run
vmx_complete_atomic_exit
kvm_machine_check
do_machine_check
do_memory_failure
memory_failure
lock_page
Commit 1811d97 "fixed" the immediate issue of XRSTORS exploding, but
completely ignored that scheduling out a vCPU task while IRQs and
preemption is wildly broken. Thankfully, commit 5567d11 ("x86/mce:
Send #MC singal from task work") (somewhat incidentally?) fixed that flaw
by pushing the meat of the work to the user-return path, i.e. to task
context.
KVM has also hardened itself against #MC goofs by moving #MC forwarding to
kvm_x86_ops.handle_exit_irqoff(), i.e. out of the fastpath. While that's
by no means a robust fix, restoring as much state as possible before
handling the #MC will hopefully provide some measure of protection in the
event that #MC handling goes off the rails again.
Note, KVM always intercepts XCR0 writes for vCPUs without protected state,
e.g. there's no risk of consuming a stale XCR0 when determining if a PKRU
update is needed; kvm_load_host_xfeatures() only reads, and never writes,
vcpu->arch.xcr0.
Deferring the XCR0 and XSS loads shaves ~300 cycles off the fastpath for
Intel, and ~500 cycles for AMD. E.g. using INVD in KVM-Unit-Test's
vmexit.c, which an extra hack to enable CR4.OXSAVE, latency numbers for
AMD Turin go from ~2000 => 1500, and for Intel Emerald Rapids, go from
~1300 => ~1000.
Cc: Jon Kohler <jon@nutanix.com>
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Jon Kohler <jon@nutanix.com>
Link: https://patch.msgid.link/20251118222328.2265758-4-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>1 parent 63669bd commit 75c69c8
1 file changed
+26
-13
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1205 | 1205 | | |
1206 | 1206 | | |
1207 | 1207 | | |
1208 | | - | |
| 1208 | + | |
1209 | 1209 | | |
1210 | 1210 | | |
1211 | 1211 | | |
1212 | 1212 | | |
1213 | 1213 | | |
1214 | | - | |
1215 | 1214 | | |
1216 | 1215 | | |
1217 | 1216 | | |
1218 | 1217 | | |
1219 | 1218 | | |
1220 | 1219 | | |
1221 | 1220 | | |
| 1221 | + | |
| 1222 | + | |
| 1223 | + | |
| 1224 | + | |
| 1225 | + | |
| 1226 | + | |
| 1227 | + | |
| 1228 | + | |
| 1229 | + | |
| 1230 | + | |
| 1231 | + | |
| 1232 | + | |
| 1233 | + | |
| 1234 | + | |
| 1235 | + | |
| 1236 | + | |
| 1237 | + | |
| 1238 | + | |
| 1239 | + | |
| 1240 | + | |
| 1241 | + | |
1222 | 1242 | | |
1223 | 1243 | | |
1224 | 1244 | | |
| |||
1240 | 1260 | | |
1241 | 1261 | | |
1242 | 1262 | | |
1243 | | - | |
1244 | | - | |
1245 | | - | |
1246 | | - | |
1247 | | - | |
1248 | | - | |
1249 | | - | |
1250 | | - | |
1251 | | - | |
1252 | | - | |
1253 | | - | |
1254 | 1263 | | |
1255 | 1264 | | |
1256 | 1265 | | |
| |||
11264 | 11273 | | |
11265 | 11274 | | |
11266 | 11275 | | |
| 11276 | + | |
| 11277 | + | |
11267 | 11278 | | |
11268 | 11279 | | |
11269 | 11280 | | |
| |||
11350 | 11361 | | |
11351 | 11362 | | |
11352 | 11363 | | |
| 11364 | + | |
| 11365 | + | |
11353 | 11366 | | |
11354 | 11367 | | |
11355 | 11368 | | |
| |||
0 commit comments