[PATCH] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1

[PATCH] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1

[Vitaly Kuznetsov]

kvm-unit-tests' eventinj "NMI failing on IDT" test results in NMI being
delivered to the host (L1) when it's running nested. The problem seems to
be: svm_complete_interrupts() raises 'nmi_injected' flag but later we
decide to reflect EXIT_NPF to L1. The flag remains pending and we do NMI
injection upon entry so it got delivered to L1 instead of L2.

It seems that VMX code solves the same issue in prepare_vmcs12(), this was
introduced with code refactoring in commit 5f3d5799974b ("KVM: nVMX: Rework
event injection and recovery").

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/kvm/svm.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 33d4ed6e78a5..db842dafccf0 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3419,6 +3419,14 @@ static int nested_svm_vmexit(struct vcpu_svm *svm)
 	kvm_mmu_reset_context(&svm->vcpu);
 	kvm_mmu_load(&svm->vcpu);
 
+	/*
+	 * Drop what we picked up for L2 via svm_complete_interrupts() so it
+	 * doesn't end up in L1.
+	 */
+	svm->vcpu.arch.nmi_injected = false;
+	kvm_clear_exception_queue(&svm->vcpu);
+	kvm_clear_interrupt_queue(&svm->vcpu);
+
 	return 0;
 }
 
-- 
2.20.1

Re: [PATCH] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1

[Vitaly Kuznetsov]

Vitaly Kuznetsov <vkuznets@redhat.com> writes:

> kvm-unit-tests' eventinj "NMI failing on IDT" test results in NMI being
> delivered to the host (L1) when it's running nested. The problem seems to
> be: svm_complete_interrupts() raises 'nmi_injected' flag but later we
> decide to reflect EXIT_NPF to L1. The flag remains pending and we do NMI
> injection upon entry so it got delivered to L1 instead of L2.
>
> It seems that VMX code solves the same issue in prepare_vmcs12(), this was
> introduced with code refactoring in commit 5f3d5799974b ("KVM: nVMX: Rework
> event injection and recovery").
>
> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> ---
>  arch/x86/kvm/svm.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 33d4ed6e78a5..db842dafccf0 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -3419,6 +3419,14 @@ static int nested_svm_vmexit(struct vcpu_svm *svm)
>  	kvm_mmu_reset_context(&svm->vcpu);
>  	kvm_mmu_load(&svm->vcpu);
>  
> +	/*
> +	 * Drop what we picked up for L2 via svm_complete_interrupts() so it
> +	 * doesn't end up in L1.
> +	 */
> +	svm->vcpu.arch.nmi_injected = false;
> +	kvm_clear_exception_queue(&svm->vcpu);
> +	kvm_clear_interrupt_queue(&svm->vcpu);
> +
>  	return 0;
>  }

Ping?

-- 
Vitaly

Re: [PATCH] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1

[Paolo Bonzini]

On 07/01/19 19:44, Vitaly Kuznetsov wrote:
> kvm-unit-tests' eventinj "NMI failing on IDT" test results in NMI being
> delivered to the host (L1) when it's running nested. The problem seems to
> be: svm_complete_interrupts() raises 'nmi_injected' flag but later we
> decide to reflect EXIT_NPF to L1. The flag remains pending and we do NMI
> injection upon entry so it got delivered to L1 instead of L2.
> 
> It seems that VMX code solves the same issue in prepare_vmcs12(), this was
> introduced with code refactoring in commit 5f3d5799974b ("KVM: nVMX: Rework

Queued, thanks.

Paolo