From: Gleb Natapov <gleb@redhat.com>
To: Jan Kiszka <jan.kiszka@web.de>
Cc: Marcelo Tosatti <mtosatti@redhat.com>, kvm <kvm@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
"Nadav Har'El" <nyh@math.technion.ac.il>
Subject: Re: [PATCH v4 5/6] KVM: nVMX: Fix conditions for NMI injection
Date: Sun, 14 Apr 2013 19:18:06 +0300 [thread overview]
Message-ID: <20130414161806.GA6542@redhat.com> (raw)
In-Reply-To: <516AD0E1.5000000@web.de>
On Sun, Apr 14, 2013 at 05:53:05PM +0200, Jan Kiszka wrote:
> On 2013-04-14 17:23, Gleb Natapov wrote:
> > On Sun, Apr 14, 2013 at 12:12:49PM +0200, Jan Kiszka wrote:
> >> From: Jan Kiszka <jan.kiszka@siemens.com>
> >>
> >> The logic for checking if interrupts can be injected has to be applied
> >> also on NMIs. The difference is that if NMI interception is on these
> >> events are consumed and blocked by the VM exit.
> >>
> >> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> >> ---
> >> arch/x86/kvm/vmx.c | 28 ++++++++++++++++++++++++++++
> >> 1 files changed, 28 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> >> index 56e7519..ad9b4bc 100644
> >> --- a/arch/x86/kvm/vmx.c
> >> +++ b/arch/x86/kvm/vmx.c
> >> @@ -4190,6 +4190,12 @@ static bool nested_exit_on_intr(struct kvm_vcpu *vcpu)
> >> PIN_BASED_EXT_INTR_MASK;
> >> }
> >>
> >> +static bool nested_exit_on_nmi(struct kvm_vcpu *vcpu)
> >> +{
> >> + return get_vmcs12(vcpu)->pin_based_vm_exec_control &
> >> + PIN_BASED_NMI_EXITING;
> >> +}
> >> +
> >> static void enable_irq_window(struct kvm_vcpu *vcpu)
> >> {
> >> u32 cpu_based_vm_exec_control;
> >> @@ -4315,6 +4321,28 @@ static void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
> >>
> >> static int vmx_nmi_allowed(struct kvm_vcpu *vcpu)
> >> {
> >> + if (is_guest_mode(vcpu)) {
> >> + struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
> >> +
> >> + if (to_vmx(vcpu)->nested.nested_run_pending ||
> >> + vmcs_read32(GUEST_ACTIVITY_STATE) ==
> >> + GUEST_ACTIVITY_WAIT_SIPI)
> > The same is true for interrupt too,
>
> Yes, but aren't we already waiting with interrupts disabled in that state?
>
Why? L1 can do vmcs_write(GUEST_ACTIVITY_STATE,
GUEST_ACTIVITY_WAIT_SIPI) at any point.
> > but I do not think that we should allow
> > nested guest directly enter GUEST_ACTIVITY_WAIT_SIPI state or any other
> > state except ACTIVE. They should be emulated instead.
>
> Well, they aren't emulated yet but directly applied. So I think the
> patch is correct in the current context at least.
>
If my understanding is correct the facts that it is directly applied is
a serious bug and should be fixed.
> What negative effects do you expect from entering those states with L2?
>
As I wrote below (and you misunderstood me :)) it looks like L0 external
interrupts do not generate vmexit while active VMCS is in Wait-For-SIPI
state. In any case we should carefully examine what are the implications
of this state since KVM never uses it and does not know how to handle it.
> > From quick look at
> > the spec it looks like external interrupts do not cause VMEXIT while
> > vcpu is in GUEST_ACTIVITY_WAIT_SIPI.
>
> Yes, see above.
>
> Jan
>
>
--
Gleb.
next prev parent reply other threads:[~2013-04-14 16:18 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-14 10:12 [PATCH v4 0/6] KVM: nVMX: Make direct IRQ/NMI injection work Jan Kiszka
2013-04-14 10:12 ` [PATCH v4 1/6] KVM: nVMX: Fix injection of PENDING_INTERRUPT and NMI_WINDOW exits to L1 Jan Kiszka
2013-04-14 10:12 ` [PATCH v4 2/6] KVM: nVMX: Rework event injection and recovery Jan Kiszka
2013-04-14 10:12 ` [PATCH v4 3/6] KVM: VMX: Move vmx_nmi_allowed after vmx_set_nmi_mask Jan Kiszka
2013-04-14 10:12 ` [PATCH v4 4/6] KVM: nVMX: Fix conditions for interrupt injection Jan Kiszka
2013-04-14 10:12 ` [PATCH v4 5/6] KVM: nVMX: Fix conditions for NMI injection Jan Kiszka
2013-04-14 15:23 ` Gleb Natapov
2013-04-14 15:53 ` Jan Kiszka
2013-04-14 16:18 ` Gleb Natapov [this message]
2013-04-14 16:35 ` Jan Kiszka
2013-04-14 16:43 ` Gleb Natapov
2013-04-14 19:04 ` [PATCH v5 " Jan Kiszka
2013-04-15 15:42 ` Gleb Natapov
2013-04-22 8:11 ` Gleb Natapov
2013-04-14 10:12 ` [PATCH v4 6/6] KVM: nVMX: Avoid reading VM_EXIT_INTR_ERROR_CODE needlessly on nested exits Jan Kiszka
2013-04-14 15:34 ` [PATCH v4 0/6] KVM: nVMX: Make direct IRQ/NMI injection work Gleb Natapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130414161806.GA6542@redhat.com \
--to=gleb@redhat.com \
--cc=jan.kiszka@web.de \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=nyh@math.technion.ac.il \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.