From: Paolo Bonzini <pbonzini@redhat.com>
To: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Gleb Natapov <gleb@kernel.org>, kvm <kvm@vger.kernel.org>
Subject: Re: [PATCH] KVM: nVMX: Leave VMX mode on clearing of feature control MSR
Date: Wed, 18 Dec 2013 10:23:35 +0100 [thread overview]
Message-ID: <52B16997.9010907@redhat.com> (raw)
In-Reply-To: <52B09EA7.4040507@siemens.com>
Il 17/12/2013 19:57, Jan Kiszka ha scritto:
> When userspace sets MSR_IA32_FEATURE_CONTROL to 0, make sure we leave
> root and non-root mode, fully disabling VMX. The register state of the
> VCPU is undefined after this step, so userspace has to set it to a
> proper state afterward.
>
> This enables to reboot a VM while it is running some hypervisor code.
>
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
>
> Even without a QEMU patch, this already enables system reset - the guest
> is left in such a broken state that it simply triple-faults and resets
> twice. Nevertheless, QEMU patch will follow.
>
> arch/x86/kvm/vmx.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index f90320b..6a0c2fa 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -2455,6 +2455,8 @@ static int vmx_get_vmx_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
> return 1;
> }
>
> +static void vmx_leave_nested(struct kvm_vcpu *vcpu);
> +
> static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> {
> u32 msr_index = msr_info->index;
> @@ -2470,6 +2472,8 @@ static int vmx_set_vmx_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> & FEATURE_CONTROL_LOCKED)
> return 0;
> to_vmx(vcpu)->nested.msr_ia32_feature_control = data;
> + if (host_initialized && data == 0)
> + vmx_leave_nested(vcpu);
> return 1;
> }
>
> @@ -8488,6 +8492,16 @@ static void nested_vmx_vmexit(struct kvm_vcpu *vcpu)
> }
>
> /*
> + * Forcibly leave nested mode in order to be able to reset the VCPU later on.
> + */
> +static void vmx_leave_nested(struct kvm_vcpu *vcpu)
> +{
> + if (is_guest_mode(vcpu))
> + nested_vmx_vmexit(vcpu);
> + free_nested(to_vmx(vcpu));
> +}
> +
> +/*
> * L1's failure to enter L2 is a subset of a normal exit, as explained in
> * 23.7 "VM-entry failures during or after loading guest state" (this also
> * lists the acceptable exit-reason and exit-qualification parameters).
>
Applied, thanks!
Paolo
prev parent reply other threads:[~2013-12-18 9:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-17 18:57 [PATCH] KVM: nVMX: Leave VMX mode on clearing of feature control MSR Jan Kiszka
2013-12-18 9:23 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52B16997.9010907@redhat.com \
--to=pbonzini@redhat.com \
--cc=gleb@kernel.org \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.