From: Jan Kiszka <jan.kiszka@siemens.com>
To: Avi Kivity <avi@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Joerg Roedel <joerg.roedel@amd.com>
Subject: Re: [PATCH 1/2] KVM: Fix race between nmi injection and enabling nmi window
Date: Thu, 03 Feb 2011 16:11:49 +0100 [thread overview]
Message-ID: <4D4AC5B5.5050504@siemens.com> (raw)
In-Reply-To: <1296745369-12066-2-git-send-email-avi@redhat.com>
On 2011-02-03 16:02, Avi Kivity wrote:
> The interrupt injection logic looks something like
>
> if an nmi is pending, and nmi injection allowed
> inject nmi
> if an nmi is pending
> request exit on nmi window
>
> the problem is that "nmi is pending" can be set asynchronously by
> the PIT; if it happens to fire between the two if statements, we
> will request an nmi window even though nmi injection is allowed. On
> SVM, this has disasterous results, since it causes eflags.TF to be
> set in random guest code.
Good point. Fortunately never seen on production machines so far here
(we have very moderate NMI rates).
>
> The fix is simple; make nmi_pending asynchronous using the standard
You mean synchronous, no?
> vcpu->requests mechanism; this ensures the code above is completely
> synchronous wrt nmi_pending.
>
> Signed-off-by: Avi Kivity <avi@redhat.com>
> ---
> arch/x86/kvm/x86.c | 4 +++-
> include/linux/kvm_host.h | 1 +
> 2 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index a7f65aa..abe76c0 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -360,8 +360,8 @@ void kvm_propagate_fault(struct kvm_vcpu *vcpu, struct x86_exception *fault)
>
> void kvm_inject_nmi(struct kvm_vcpu *vcpu)
> {
> + kvm_make_request(KVM_REQ_NMI, vcpu);
> kvm_make_request(KVM_REQ_EVENT, vcpu);
> - vcpu->arch.nmi_pending = 1;
> }
> EXPORT_SYMBOL_GPL(kvm_inject_nmi);
>
> @@ -5182,6 +5182,8 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
> r = 1;
> goto out;
> }
> + if (kvm_check_request(KVM_REQ_NMI, vcpu))
> + vcpu->arch.nmi_pending = true;
> }
>
> r = kvm_mmu_reload(vcpu);
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index c8dee22..7581090 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -43,6 +43,7 @@
> #define KVM_REQ_DEACTIVATE_FPU 10
> #define KVM_REQ_EVENT 11
> #define KVM_REQ_APF_HALT 12
> +#define KVM_REQ_NMI 13
>
> #define KVM_USERSPACE_IRQ_SOURCE_ID 0
>
Looks good.
Jan
--
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2011-02-03 15:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-03 15:02 [PATCH 0/2] SVM NMI fixes Avi Kivity
2011-02-03 15:02 ` [PATCH 1/2] KVM: Fix race between nmi injection and enabling nmi window Avi Kivity
2011-02-03 15:11 ` Jan Kiszka [this message]
2011-02-03 15:15 ` Avi Kivity
2011-02-03 15:02 ` [PATCH 2/2] KVM: SVM: check for progress after IRET interception Avi Kivity
2011-02-03 15:07 ` Avi Kivity
2011-02-03 15:21 ` Jan Kiszka
2011-02-03 15:30 ` Avi Kivity
2011-02-03 15:55 ` Jan Kiszka
2011-02-03 15:58 ` Avi Kivity
2011-02-03 16:14 ` Jan Kiszka
2011-02-03 16:20 ` Avi Kivity
2011-02-03 16:30 ` Jan Kiszka
2011-02-08 13:49 ` Marcelo Tosatti
2011-02-08 14:05 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D4AC5B5.5050504@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=avi@redhat.com \
--cc=joerg.roedel@amd.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.