From mboxrd@z Thu Jan 1 00:00:00 1970 From: Radim =?utf-8?B?S3LEjW3DocWZ?= Subject: Re: [PATCH 2/4] KVM: nSVM: do not forward NMI window singlestep VM exits to L1 Date: Mon, 19 Jun 2017 19:46:29 +0200 Message-ID: <20170619174629.GA10318@potion> References: <20170615112032.15812-1-lprosek@redhat.com> <20170615112032.15812-3-lprosek@redhat.com> <20170616132648.GF2224@potion> <20170619161740.GA13549@potion> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Cc: Ladi Prosek , KVM list To: Paolo Bonzini Return-path: Received: from mx1.redhat.com ([209.132.183.28]:54990 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751024AbdFSRqc (ORCPT ); Mon, 19 Jun 2017 13:46:32 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 44D7D85A07 for ; Mon, 19 Jun 2017 17:46:32 +0000 (UTC) Content-Disposition: inline In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: 2017-06-19 19:17+0200, Paolo Bonzini: > On 19/06/2017 18:17, Radim Krčmář wrote: > > Right, we only need the single step over IRET and interrupt shadow. > > > > Btw. instead of single-stepping over IRET/interrupt shadow, could we set > > INTERRUPT_SHADOW in VMCB, inject the NMI, and let it execute? > > This mechanism would explain why AMD didn't provide a trap for IRET ... > > You mean they didn't provide a trap-like VMEXIT for IRET, only fault-like? Yes. SVM has trap-like VM exit, so I didn't understand why it was not used for IRET. Forcing the hypervisor to have two VM exits and a clumsy single-step felt out of place when the rest was designed nicely ...