Commit 0ccf3e7c authored Jan 06, 2023 by Sean Christopherson Committed by Paolo Bonzini Jan 13, 2023

KVM: SVM: Flush the "current" TLB when activating AVIC



Flush the TLB when activating AVIC as the CPU can insert into the TLB
while AVIC is "locally" disabled.  KVM doesn't treat "APIC hardware
disabled" as VM-wide AVIC inhibition, and so when a vCPU has its APIC
hardware disabled, AVIC is not guaranteed to be inhibited.  As a result,
KVM may create a valid NPT mapping for the APIC base, which the CPU can
cache as a non-AVIC translation.

Note, Intel handles this in vmx_set_virtual_apic_mode().

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20230106011306.85230-4-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

parent 97a71c44

arch/x86/kvm/svm/avic.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -86,6 +86,12 @@ static void avic_activate_vmcb(struct vcpu_svm *svm)
		/* Disabling MSR intercept for x2APIC registers */
		svm_set_x2apic_msr_interception(svm, false);
		} else {
		/*
		* Flush the TLB, the guest may have inserted a non-APIC
		* mapping into the TLB while AVIC was disabled.
		*/
		kvm_make_request(KVM_REQ_TLB_FLUSH_CURRENT, &svm->vcpu);

		/* For xAVIC and hybrid-xAVIC modes */
		vmcb->control.avic_physical_id \|= AVIC_MAX_PHYSICAL_ID;
		/* Enabling MSR intercept for x2APIC registers */