Skip to content

Commit 9717efb

Browse files
committed
KVM: x86: Disallow guest CPUID lookups when IRQs are disabled
Now that KVM has a framework for caching guest CPUID feature flags, add a "rule" that IRQs must be enabled when doing guest CPUID lookups, and enforce the rule via a lockdep assertion. CPUID lookups are slow, and within KVM, IRQs are only ever disabled in hot paths, e.g. the core run loop, fast page fault handling, etc. I.e. querying guest CPUID with IRQs disabled, especially in the run loop, should be avoided. Link: https://lore.kernel.org/r/20230815203653.519297-16-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
1 parent ee785c8 commit 9717efb

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

arch/x86/kvm/cpuid.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
1212

1313
#include <linux/kvm_host.h>
14+
#include "linux/lockdep.h"
1415
#include <linux/export.h>
1516
#include <linux/vmalloc.h>
1617
#include <linux/uaccess.h>
@@ -84,6 +85,18 @@ static inline struct kvm_cpuid_entry2 *cpuid_entry2_find(
8485
struct kvm_cpuid_entry2 *e;
8586
int i;
8687

88+
/*
89+
* KVM has a semi-arbitrary rule that querying the guest's CPUID model
90+
* with IRQs disabled is disallowed. The CPUID model can legitimately
91+
* have over one hundred entries, i.e. the lookup is slow, and IRQs are
92+
* typically disabled in KVM only when KVM is in a performance critical
93+
* path, e.g. the core VM-Enter/VM-Exit run loop. Nothing will break
94+
* if this rule is violated, this assertion is purely to flag potential
95+
* performance issues. If this fires, consider moving the lookup out
96+
* of the hotpath, e.g. by caching information during CPUID updates.
97+
*/
98+
lockdep_assert_irqs_enabled();
99+
87100
for (i = 0; i < nent; i++) {
88101
e = &entries[i];
89102

0 commit comments

Comments
 (0)