From: "Radim Krčmář" <rkrcmar@redhat.com>
To: Ladi Prosek <lprosek@redhat.com>
Cc: kvm@vger.kernel.org
Subject: Re: [PATCH 2/4] KVM: nSVM: do not forward NMI window singlestep VM exits to L1
Date: Fri, 16 Jun 2017 15:26:49 +0200 [thread overview]
Message-ID: <20170616132648.GF2224@potion> (raw)
In-Reply-To: <20170615112032.15812-3-lprosek@redhat.com>
2017-06-15 13:20+0200, Ladi Prosek:
> Nested hypervisor should not see singlestep VM exits if singlestepping
> was enabled internally by KVM. Windows is particularly sensitive to this
> and known to bluescreen on unexpected VM exits.
>
> Signed-off-by: Ladi Prosek <lprosek@redhat.com>
> ---
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> @@ -966,9 +967,13 @@ static void svm_disable_lbrv(struct vcpu_svm *svm)
> static void disable_nmi_singlestep(struct vcpu_svm *svm)
> {
> svm->nmi_singlestep = false;
> - if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
> - svm->vmcb->save.rflags &=
> - ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
> + if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) {
> + /* Clear our flags if they were not set by the guest */
> + if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_TF))
> + svm->vmcb->save.rflags &= ~X86_EFLAGS_TF;
> + if (!(svm->nmi_singlestep_guest_rflags & X86_EFLAGS_RF))
> + svm->vmcb->save.rflags &= ~X86_EFLAGS_RF;
IIUC, we intercept/fault on IRET, disable the interception, set TF+RF
and enter again, the CPU executes IRET and then we get a #DB exit.
IRET pops EFLAGS from before the NMI -- doesn't the CPU properly restore
EFLAGS, so we do not need this part here?
Thanks.
next prev parent reply other threads:[~2017-06-16 13:26 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-15 11:20 [PATCH 0/4] KVM: SVM: improve NMI window singlestep Ladi Prosek
2017-06-15 11:20 ` [PATCH 1/4] KVM: SVM: introduce disable_nmi_singlestep helper Ladi Prosek
2017-06-15 11:20 ` [PATCH 2/4] KVM: nSVM: do not forward NMI window singlestep VM exits to L1 Ladi Prosek
2017-06-15 12:08 ` Paolo Bonzini
2017-06-16 13:26 ` Radim Krčmář [this message]
2017-06-19 12:50 ` Ladi Prosek
2017-06-19 13:05 ` Ladi Prosek
2017-06-19 13:52 ` Paolo Bonzini
2017-06-19 16:17 ` Radim Krčmář
2017-06-19 17:17 ` Paolo Bonzini
2017-06-19 17:46 ` Radim Krčmář
2017-06-20 7:41 ` Ladi Prosek
2017-06-20 13:01 ` Radim Krčmář
2017-06-15 11:20 ` [PATCH 3/4] KVM: SVM: hide TF/RF flags used by NMI singlestep Ladi Prosek
2017-06-15 12:09 ` Paolo Bonzini
2017-06-15 13:02 ` Ladi Prosek
2017-06-15 13:32 ` Paolo Bonzini
2017-06-15 11:20 ` [PATCH 4/4] KVM: SVM: don't NMI singlestep over event injection Ladi Prosek
2017-06-15 12:05 ` Paolo Bonzini
2017-06-15 12:38 ` Ladi Prosek
2017-06-15 13:21 ` Paolo Bonzini
2017-06-15 12:03 ` [PATCH 0/4] KVM: SVM: improve NMI window singlestep Paolo Bonzini
2017-06-15 12:10 ` Ladi Prosek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170616132648.GF2224@potion \
--to=rkrcmar@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=lprosek@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).