From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka@siemens.com>
Subject: Re: [PATCH 1/1] Disable GUEST_INTR_STATE_STI flag before injecting
 NMI to guest on VMX
Date: Fri, 27 Aug 2010 10:39:46 +0200
Message-ID: <4C7779D2.9090902@siemens.com>
References: <1282853162-16925-1-git-send-email-Jes.Sorensen@redhat.com> <1282853162-16925-2-git-send-email-Jes.Sorensen@redhat.com> <4C7776F9.4070306@siemens.com> <4C7777CA.4010208@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	"avi@redhat.com" <avi@redhat.com>,
	"gleb@redhat.com" <gleb@redhat.com>
To: Jes Sorensen <Jes.Sorensen@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from david.siemens.de ([192.35.17.14]:17355 "EHLO david.siemens.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752733Ab0H0IkA (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 27 Aug 2010 04:40:00 -0400
In-Reply-To: <4C7777CA.4010208@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Jes Sorensen wrote:
> On 08/27/10 10:27, Jan Kiszka wrote:
>> Am 26.08.2010 22:06, Jes.Sorensen@redhat.com wrote:
>>> From: Jes Sorensen <Jes.Sorensen@redhat.com>
>>>
>>> Injecting an NMI while GUEST_INTR_STATE_STI is set may fail,
>>> which can cause an EXIT with invalid state, resulting in the
>>> guest dieing.
>> Very interesting. Reality obviously doesn't bother about the statement
>> of the vendor [1].
>>
>> Just curious: is this limited to specific CPU models or actually a
>> generic issue?
> 
> I have been able to reproduce this on a core2 and a nehalem box, so I
> think it is at least somewhat generic on Intel. Not sure if it can be
> reproduced on AMD.

AMD does not differentiate between MOV-SS and STI interrupt shadows.

But AMD has its own NMI problems as it does not allow to trap after
IRET-from-NMI and requires magic dances which are partly broken in KVM.
I'm leaning towards NMI window emulation via the workaround we use for
older Intel CPUs without NMI window trapping as well.

> 
> It also seems to be specific to which guest kernel I run, so timing may
> play a part as well.

For sure, the critical window is one instruction wide...

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux