From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Kiszka Subject: Re: [PATCH 13/15] Add NMI injection support to SVM. Date: Sun, 19 Apr 2009 15:27:22 +0200 Message-ID: <49EB26BA.9020200@web.de> References: <1239616545-25199-1-git-send-email-gleb@redhat.com> <1239616545-25199-14-git-send-email-gleb@redhat.com> <49E8DEC1.4030802@web.de> <20090419131735.GG10126@redhat.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig67A5AA6A5A52C2C66AAD64AE" Cc: avi@redhat.com, kvm@vger.kernel.org, joerg.roedel@amd.com, sheng@linux.intel.com, Dmitry Baryshkov To: Gleb Natapov Return-path: Received: from fmmailgate01.web.de ([217.72.192.221]:45159 "EHLO fmmailgate01.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755687AbZDSN1c (ORCPT ); Sun, 19 Apr 2009 09:27:32 -0400 In-Reply-To: <20090419131735.GG10126@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig67A5AA6A5A52C2C66AAD64AE Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Gleb Natapov wrote: > On Fri, Apr 17, 2009 at 09:55:45PM +0200, Jan Kiszka wrote: >> Gleb Natapov wrote: >>> Signed-off-by: Gleb Natapov >>> --- >>> arch/x86/include/asm/kvm_host.h | 1 + >>> arch/x86/kvm/svm.c | 49 +++++++++++++++++++++++++++++= ++++++++- >>> 2 files changed, 48 insertions(+), 2 deletions(-) >>> >>> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/k= vm_host.h >>> index 8b6f6e9..057a612 100644 >>> --- a/arch/x86/include/asm/kvm_host.h >>> +++ b/arch/x86/include/asm/kvm_host.h >>> @@ -766,6 +766,7 @@ enum { >>> #define HF_GIF_MASK (1 << 0) >>> #define HF_HIF_MASK (1 << 1) >>> #define HF_VINTR_MASK (1 << 2) >>> +#define HF_NMI_MASK (1 << 3) >>> =20 >>> /* >>> * Hardware virtualization extension instructions may fault if a >>> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c >>> index c605477..cd60fd7 100644 >>> --- a/arch/x86/kvm/svm.c >>> +++ b/arch/x86/kvm/svm.c >>> @@ -1834,6 +1834,13 @@ static int cpuid_interception(struct vcpu_svm = *svm, struct kvm_run *kvm_run) >>> return 1; >>> } >>> =20 >>> +static int iret_interception(struct vcpu_svm *svm, struct kvm_run *k= vm_run) >>> +{ >>> + svm->vmcb->control.intercept &=3D ~(1UL << INTERCEPT_IRET); >>> + svm->vcpu.arch.hflags &=3D ~HF_NMI_MASK; >>> + return 0; >>> +} >> First, this must return 1 (or set an exit reason, but there is no reas= on >> to escape to user space here). And second, I think a corner case is no= t >> handled the same way as on real iron: If there is already the next NMI= >> waiting, we will inject it before iret, not after its execution as it >> should be. >> >> No easy solution for this yet. Maybe emulating iret, but there is no >> implementation, specifically for protected mode. Maybe setting a >> breakpoint. Or maybe enforcing a single step exception. Nothing trivia= l >> in this list. On the other hand, this may only be a slight imprecision= >> of the virtualization. Need to think about it. >> > What about this: > Instead of clearing HF_NMI_MASK in iret_interception() we can set > another flag (HF_IRET) and on guest entry clear HF_NMI_MASK (and > HF_IRET) if HF_IRET is set, but do that after checking for NMI > injection. The pending NMI will be injected on the next entry. > Also not how real HW works, but may be better then current situation. It's OK as a first step towards correct NMI emulation. Additionally, you could enable the IRQ window interception in case the is an NMI pending. The resulting behavior should then much like the VNMI mask emulation for vmx. The next step should then be setting TF in the eflags stored on the guest's stack before returning *if* there is already the next NMI pending. But I wonder how much additional effort this will actually mean (compared to the band-aid work)... :) Jan --------------enig67A5AA6A5A52C2C66AAD64AE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAknrJsIACgkQniDOoMHTA+macgCfUAyMpF+fNXojEH+u8HLt4YXI BWAAn2Sh7f9HpgsdjcMpbE5LCdfmEpw6 =Wfv2 -----END PGP SIGNATURE----- --------------enig67A5AA6A5A52C2C66AAD64AE--