Re: [PATCH] KVM: VMX: Translate interrupt shadow when waiting on NMI window

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gleb Natapov <gleb@redhat.com>
To: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Avi Kivity <avi@redhat.com>,
	Marcelo Tosatti <mtosatti@redhat.com>, kvm <kvm@vger.kernel.org>
Subject: Re: [PATCH] KVM: VMX: Translate interrupt shadow when waiting on NMI window
Date: Wed, 21 Apr 2010 17:44:01 +0300	[thread overview]
Message-ID: <20100421144401.GF14124@redhat.com> (raw)
In-Reply-To: <4BCF0EA2.3010100@siemens.com>

On Wed, Apr 21, 2010 at 04:41:38PM +0200, Jan Kiszka wrote:
> Gleb Natapov wrote:
> > On Wed, Apr 21, 2010 at 04:17:03PM +0200, Jan Kiszka wrote:
> >> Gleb Natapov wrote:
> >>> On Tue, Feb 16, 2010 at 11:37:15AM +0100, Jan Kiszka wrote:
> >>>> Gleb Natapov wrote:
> >>>>> On Tue, Feb 16, 2010 at 11:27:07AM +0100, Jan Kiszka wrote:
> >>>>>> Gleb Natapov wrote:
> >>>>>>> On Tue, Feb 16, 2010 at 11:14:45AM +0100, Jan Kiszka wrote:
> >>>>>>>> Gleb Natapov wrote:
> >>>>>>>>> On Tue, Feb 16, 2010 at 11:04:10AM +0100, Jan Kiszka wrote:
> >>>>>>>>>> Gleb Natapov wrote:
> >>>>>>>>>>> On Tue, Feb 16, 2010 at 10:16:12AM +0100, Jan Kiszka wrote:
> >>>>>>>>>>>> Found while browsing Xen code: While we assume that the STI interrupt
> >>>>>>>>>>>> shadow also inplies virtual NMI blocking, some processors may have a
> >>>>>>>>>>>> different opinion (SDM 3: 22.3). To avoid misunderstandings that would
> >>>>>>>>>>>> cause endless VM entry attempts, translate STI into MOV SS blocking when
> >>>>>>>>>>>> requesting the NMI window.
> >>>>>>>>>>>>
> >>>>>>>>>>> Why not just remove "block by STI" check in vmx_nmi_allowed()? IIRC this
> >>>>>>>>>>> is documented that on some CPUs STI does not block NMI.
> >>>>>>>>>>>
> >>>>>>>>>> Probably because we will stumble and fall on those CPUs that do care.
> >>>>>>>>>>
> >>>>>>>>> But this defines behaviour of cpu _we_ emulate. So on _our_ cpu NMI will
> >>>>>>>>> not be blocked by STI.
> >>>>>>>> The host CPU decides if it accepts an NMI injections while
> >>>>>>> Are you sure? I haven't found such check during VMENTRY.
> >>>>>> I also only find the explicitly stated exclusion of MOV SS blocking vs.
> >>>>>> NMI injection. If we can rely on this, removing STI blocking from
> >>>>>> vmx_nmi_allowed should suffice. Or, better, can we get an official
> >>>>>> confirmation from Intel?
> >>>>>>
> >>>>> SDM 2b says about STI instruction:
> >>>>> The IF flag and the STI and CLI instructions do not prohibit the
> >>>>> generation of exceptions and NMI interrupts. NMI interrupts (and SMIs)
> >>>>> may be blocked for one macroinstruction following an STI.
> >>>> Yes, it's likely that this is the architectural reason for the delayed
> >>>> NMI window signaling after STI. Still, we are looking for the
> >>>> entry-check logic.
> >>>>
> >>> Will ask Intel.
> >>>
> >> Just remembered that there was some open topic... Did your ask? Any answer?
> >>
> > I did and got answer last week :) The answer is that NMI is blocked only
> > if GUEST_INTR_STATE_NMI flag is set. MOV SS and STI shouldn't block NMI,
> > so vmx_nmi_allowed() should check only GUEST_INTR_STATE_NMI flag.
> 
> Cool, that's now increasing my level of confusion again: :(
> 
> Thought we only wanted to confirm that it's still safe to inject NMIs
> when blocked-by-STI is set. Now we hear that it's also safe when MOV SS
> is active? That would directly contradict the SDM (at least the version
> I have at hand: June 2009). Or did I misunderstand the answer?
> 
No you don't. I was told that software should be prepared to handle NMI
after MOV SS. What part of SDM does this contradict? I found nothing in
latest SDM.

--
			Gleb.

next prev parent reply	other threads:[~2010-04-21 14:44 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-16  9:16 [PATCH] KVM: VMX: Translate interrupt shadow when waiting on NMI window Jan Kiszka
2010-02-16 10:00 ` Gleb Natapov
2010-02-16 10:04   ` Jan Kiszka
2010-02-16 10:06     ` Gleb Natapov
2010-02-16 10:14       ` Jan Kiszka
2010-02-16 10:17         ` Gleb Natapov
2010-02-16 10:27           ` Jan Kiszka
2010-02-16 10:32             ` Gleb Natapov
2010-02-16 10:37               ` Jan Kiszka
2010-02-16 10:38                 ` Gleb Natapov
2010-04-21 14:17                   ` Jan Kiszka
2010-04-21 14:30                     ` Gleb Natapov
2010-04-21 14:41                       ` Jan Kiszka
2010-04-21 14:44                         ` Gleb Natapov [this message]
2010-04-21 15:14                           ` Jan Kiszka
2010-04-21 15:30                             ` Gleb Natapov
2010-05-03  7:32                             ` Gleb Natapov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100421144401.GF14124@redhat.com \
    --to=gleb@redhat.com \
    --cc=avi@redhat.com \
    --cc=jan.kiszka@siemens.com \
    --cc=kvm@vger.kernel.org \
    --cc=mtosatti@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.