[PATCH 1/3] SVM: nSVM: correctly restore GIF on vmexit from nesting after migration

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Maxim Levitsky <mlevitsk@redhat.com>
To: kvm@vger.kernel.org
Cc: Borislav Petkov <bp@alien8.de>,
	x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)),
	Paolo Bonzini <pbonzini@redhat.com>,
	linux-kernel@vger.kernel.org, Joerg Roedel <joro@8bytes.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Sean Christopherson <sean.j.christopherson@intel.com>,
	Ingo Molnar <mingo@redhat.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Maxim Levitsky <mlevitsk@redhat.com>
Subject: [PATCH 1/3] SVM: nSVM: correctly restore GIF on vmexit from nesting after migration
Date: Thu, 27 Aug 2020 19:27:18 +0300	[thread overview]
Message-ID: <20200827162720.278690-2-mlevitsk@redhat.com> (raw)
In-Reply-To: <20200827162720.278690-1-mlevitsk@redhat.com>

Currently code in svm_set_nested_state copies the current vmcb control
area to L1 control area (hsave->control), under assumption that
it mostly reflects the defaults that kvm choose, and later qemu
overrides  these defaults with L2 state using standard KVM interfaces,
like KVM_SET_REGS.

However nested GIF (which is AMD specific thing) is by default is true,
and it is copied to hsave area as such.

This alone is not a big deal since on VMexit, GIF is always set to false,
regardless of what it was on VM entry.

However in nested_svm_vmexit we were first were setting GIF to false,
but then we overwrite this with value from the hsave area.

Now on normal vm entry this is not a problem, since GIF is false
prior to normal vm entry,
and this is the value that copied to hsave, and then restored,
but this is not always the case when the nested state is loaded as
explained above.

Anyway to fix this issue, move svm_set_gif after we restore the L1 control
state in nested_svm_vmexit, so that even with wrong GIF in the
saved L1 control area, we still clear GIF as the spec says.

All of this is only relevant when GIF virtualization is enabled,
(otherwise nested GIF doesn't reside in the vmcb).

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 arch/x86/kvm/svm/nested.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index fb68467e60496..95fdf068fe4c1 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -586,7 +586,6 @@ int nested_svm_vmexit(struct vcpu_svm *svm)
 	svm->vcpu.arch.mp_state = KVM_MP_STATE_RUNNABLE;

 	/* Give the current vmcb to the guest */
-	svm_set_gif(svm, false);

 	nested_vmcb->save.es     = vmcb->save.es;
 	nested_vmcb->save.cs     = vmcb->save.cs;
@@ -632,6 +631,9 @@ int nested_svm_vmexit(struct vcpu_svm *svm)
 	/* Restore the original control entries */
 	copy_vmcb_control_area(&vmcb->control, &hsave->control);

+	/* On vmexit the  GIF is set to false */
+	svm_set_gif(svm, false);
+
 	svm->vmcb->control.tsc_offset = svm->vcpu.arch.tsc_offset =
 		svm->vcpu.arch.l1_tsc_offset;

-- 
2.26.2

next prev parent reply	other threads:[~2020-08-27 16:27 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-27 16:27 [PATCH 0/3] Few nSVM bugfixes Maxim Levitsky
2020-08-27 16:27 ` Maxim Levitsky [this message]
2020-09-12  7:55   ` [PATCH 1/3] SVM: nSVM: correctly restore GIF on vmexit from nesting after migration Paolo Bonzini
2020-08-27 16:27 ` [PATCH 2/3] SVM: nSVM: setup nested msr permission bitmap on nested state load Maxim Levitsky
2020-08-27 16:27 ` [PATCH 3/3] KVM: nSVM: more strict SMM checks when returning to nested guest Maxim Levitsky
2020-08-31 12:01   ` Dan Carpenter
2020-08-31 14:26     ` Maxim Levitsky
2020-09-12 16:32 ` [PATCH 0/3] Few nSVM bugfixes Paolo Bonzini

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fb68467e6049 dfblob:95fdf068fe4c )
 OR (
bs:"[PATCH 1/3] SVM: nSVM: correctly restore GIF on vmexit from nesting after migration" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200827162720.278690-2-mlevitsk@redhat.com \
    --to=mlevitsk@redhat.com \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=sean.j.christopherson@intel.com \
    --cc=tglx@linutronix.de \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox