From: Gleb Natapov <gleb@redhat.com>
To: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Avi Kivity <avi@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>, kvm <kvm@vger.kernel.org>
Subject: Re: [PATCH] KVM: VMX: Translate interrupt shadow when waiting on NMI window
Date: Mon, 3 May 2010 10:32:55 +0300 [thread overview]
Message-ID: <20100503073255.GA16976@redhat.com> (raw)
In-Reply-To: <4BCF163C.8060408@siemens.com>
On Wed, Apr 21, 2010 at 05:14:04PM +0200, Jan Kiszka wrote:
> > No you don't. I was told that software should be prepared to handle NMI
> > after MOV SS. What part of SDM does this contradict? I found nothing in
> > latest SDM.
>
> [ updated to March 2010 version ]
>
> To sum up the scenario again, I think it started with
>
> • If the “NMI-window exiting” VM-execution control is 1, a VM exit occurs before
> execution of any instruction if there is no virtual-NMI blocking and there is no
> blocking of events by MOV SS (see Table 21-3). (A logical processor may also
> prevent such a VM exit if there is blocking of events by STI.) Such a VM exit
> occurs immediately after VM entry if the above conditions are true (see Section
> 23.6.6).
>
>
> We included STI into the NMI shadow, but we /may/ get early exits on
> some processors according to the statement above. According to your
> latest info, we can also get that when the MOV SS shadow is on!? But
> simply allowing NMI injection under MOV SS is not possible:
>
> 23.3 CHECKING AND LOADING GUEST STATE
> 23.3.1.5 Checks on Guest Non-Register State
>
> • Interruptibility state.
> ...
> — Bit 1 (blocking by MOV-SS) must be 0 if the valid bit (bit 31) in the VM-entry
> interruption-information field is 1 and the interruption type (bits 10:8) in that
> field has value 2, indicating non-maskable interrupt (NMI).
>
>
> And doing this for STI sounds risky too:
>
> — A processor may require bit 0 (blocking by STI) to be 0 if the valid bit (bit 31)
> in the VM-entry interruption-information field is 1 and the interruption type
> (bits 10:8) in that field has value 2, indicating NMI. Other processors may not
> make this requirement.
>
>
> Should we start stepping over the shadow like we do for svm?
>
Intel's answer is that text above describes model-specific behaviour
in bare metal which can block NMI for one instruction after STI/MOV SS,
but since software should not rely on model-specific behaviour we can
safely inject NMI after STI/MOV SS (clearing "blocked by STI/MOV SS" bit
before injecting).
--
Gleb.
prev parent reply other threads:[~2010-05-03 7:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-16 9:16 [PATCH] KVM: VMX: Translate interrupt shadow when waiting on NMI window Jan Kiszka
2010-02-16 10:00 ` Gleb Natapov
2010-02-16 10:04 ` Jan Kiszka
2010-02-16 10:06 ` Gleb Natapov
2010-02-16 10:14 ` Jan Kiszka
2010-02-16 10:17 ` Gleb Natapov
2010-02-16 10:27 ` Jan Kiszka
2010-02-16 10:32 ` Gleb Natapov
2010-02-16 10:37 ` Jan Kiszka
2010-02-16 10:38 ` Gleb Natapov
2010-04-21 14:17 ` Jan Kiszka
2010-04-21 14:30 ` Gleb Natapov
2010-04-21 14:41 ` Jan Kiszka
2010-04-21 14:44 ` Gleb Natapov
2010-04-21 15:14 ` Jan Kiszka
2010-04-21 15:30 ` Gleb Natapov
2010-05-03 7:32 ` Gleb Natapov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100503073255.GA16976@redhat.com \
--to=gleb@redhat.com \
--cc=avi@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.