From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: nVMX: Shadowing of CPU_BASED_VM_EXEC_CONTROL broken
Date: Wed, 08 Oct 2014 12:20:04 +0200
Message-ID: <54350FD4.10403@redhat.com>
References: <5434F5F9.3030803@siemens.com> <20141008092539.GA16561@kernel> <5435092A.3090704@siemens.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Cc: kvm <kvm@vger.kernel.org>, Bandan Das <bsd@redhat.com>
To: Jan Kiszka <jan.kiszka@siemens.com>,
	Wanpeng Li <wanpeng.li@linux.intel.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:8201 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755838AbaJHKUR (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 8 Oct 2014 06:20:17 -0400
In-Reply-To: <5435092A.3090704@siemens.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Il 08/10/2014 11:51, Jan Kiszka ha scritto:
>> > Could you point out where the other places L0 sets
>> > CPU_BASED_VIRTUAL_INTR_PENDING before entering L2?
> enable_irq_window(). I instrumented it, and it showed up right before
> vmcs12 state became corrupted.

But it would write to the vmcs02, not to the shadow VMCS; the shadow
VMCS is active during copy_shadow_to_vmcs12/copy_vmcs12_to_shadow, and
at no other time.  It is not clear to me how the VIRTUAL_INTR_PENDING
bit ended up from the vmcs02 (where it is perfectly fine) to the vmcs12.

BTW, I think the two lines here that Wanpeng pointed out:

        exec_control = vmx_exec_control(vmx); /* L0's desires */
        exec_control &= ~CPU_BASED_VIRTUAL_INTR_PENDING;
        exec_control &= ~CPU_BASED_VIRTUAL_NMI_PENDING;

can be deleted, the bits will never be in vmx_exec_control(vmx), see
setup_vmcs_config.

Paolo