From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoph Egger Subject: [PATCH] nestedsvm: fix lazy fpu switching causing a triple fault Date: Fri, 28 Oct 2011 16:42:36 +0200 Message-ID: <4EAABF5C.7020708@amd.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------060906030205020706090609" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: "xen-devel@lists.xensource.com" , Keir Fraser List-Id: xen-devel@lists.xenproject.org --------------060906030205020706090609 Content-Type: text/plain; charset="ISO-8859-15"; format=flowed Content-Transfer-Encoding: 7bit Fix FPU switching uncovered with Hyper-V: Do FPU switching always on the n1 vmcb rather doing it on the current active vmcb. The FPU state between n1 and n2 vmcb is already synced in the vmrun and vmexit emulation. This fixes the situation where the n2 vmcb had the #NM intercept bit set but the virtual vmcb did not. That means it was believed the l1 guest can handle an #NM intercept but was actually wrong. The result were three #GP's with error code 0x11 in the l1 guest. Signed-off-by: Christoph Egger -- ---to satisfy European Law for business letters: Advanced Micro Devices GmbH Einsteinring 24, 85689 Dornach b. Muenchen Geschaeftsfuehrer: Alberto Bozzo, Andrew Bowd Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen Registergericht Muenchen, HRB Nr. 43632 --------------060906030205020706090609 Content-Type: text/plain; name="xen_nh_fpu.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="xen_nh_fpu.diff" Content-Description: xen_nh_fpu.diff diff -r 0d092359d86f xen/arch/x86/hvm/svm/svm.c --- a/xen/arch/x86/hvm/svm/svm.c Wed Oct 26 10:32:36 2011 +0200 +++ b/xen/arch/x86/hvm/svm/svm.c Fri Oct 28 16:25:11 2011 +0200 @@ -349,16 +349,16 @@ static int svm_load_vmcb_ctxt(struct vcp static void svm_fpu_enter(struct vcpu *v) { - struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; + struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; vcpu_restore_fpu_lazy(v); - vmcb_set_exception_intercepts( - vmcb, vmcb_get_exception_intercepts(vmcb) & ~(1U << TRAP_no_device)); + vmcb_set_exception_intercepts(n1vmcb, + vmcb_get_exception_intercepts(n1vmcb) & ~(1U << TRAP_no_device)); } static void svm_fpu_leave(struct vcpu *v) { - struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; + struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; ASSERT(!v->fpu_dirtied); ASSERT(read_cr0() & X86_CR0_TS); @@ -372,9 +372,9 @@ static void svm_fpu_leave(struct vcpu *v if ( !(v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_TS) ) { vmcb_set_exception_intercepts( - vmcb, - vmcb_get_exception_intercepts(vmcb) | (1U << TRAP_no_device)); - vmcb_set_cr0(vmcb, vmcb_get_cr0(vmcb) | X86_CR0_TS); + n1vmcb, + vmcb_get_exception_intercepts(n1vmcb) | (1U << TRAP_no_device)); + vmcb_set_cr0(n1vmcb, vmcb_get_cr0(n1vmcb) | X86_CR0_TS); } } @@ -1191,15 +1191,17 @@ static void svm_fpu_dirty_intercept(void { struct vcpu *v = current; struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; + struct vmcb_struct *n1vmcb = vcpu_nestedhvm(v).nv_n1vmcx; svm_fpu_enter(v); - if ( nestedhvm_enabled(v->domain) && nestedhvm_vcpu_in_guestmode(v) ) { - /* Check if guest must make FPU ready for the nested guest */ + if ( vmcb != n1vmcb ) { + + /* Check if l1 guest must make FPU ready for the l2 guest */ if ( v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_TS ) hvm_inject_exception(TRAP_no_device, HVM_DELIVER_NO_ERROR_CODE, 0); else - vmcb_set_cr0(vmcb, vmcb_get_cr0(vmcb) & ~X86_CR0_TS); + vmcb_set_cr0(n1vmcb, vmcb_get_cr0(n1vmcb) & ~X86_CR0_TS); return; } --------------060906030205020706090609 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------060906030205020706090609--