From: bugzilla-daemon@bugzilla.kernel.org
To: kvm@vger.kernel.org
Subject: [Bug 53711] New: nVMX: potential bug with IDT_VECTORING_INFO if !PIN_BASED_EXT_INTR_MASK
Date: Tue, 12 Feb 2013 09:56:47 +0000 (UTC) [thread overview]
Message-ID: <bug-53711-28872@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=53711
Summary: nVMX: potential bug with IDT_VECTORING_INFO if
!PIN_BASED_EXT_INTR_MASK
Product: Virtualization
Version: unspecified
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: enhancement
Priority: P1
Component: kvm
AssignedTo: virtualization_kvm@kernel-bugs.osdl.org
ReportedBy: nyh@math.technion.ac.il
Regression: No
This is a potential bug nested VMX - I just thought about it and don't know if
actually happens.
If !PIN_BASED_EXT_INTR_MASK, our code can inject user-space-specified events
directly into L2.
But what if we also have valid IDT_VECTORING_INFO? In this case, when we
reenter L2, and notice L2 also ran previously, and there is valid
IDT_VECTORING_INFO, we replace the injection field with this
IDT_VECTORING_INFO.
I guess we assumed that if we're in L2 we couldn't have meaningful things in
the injection field because L0 doesn't inject to L2. But it can, when
!PIN_BASED_EXT_INTR_MASK... So maybe we don't support this case correctly.
Kevin Tian also independently thought of this bug in his code review:
Date: Wed, 25 May 2011 18:02:03 +0800
From: "Tian, Kevin" <kevin.tian@intel.com>
Here got one question. How about L2 has interrupt exiting disabled? That way
it's expect to have L0 directly inject virtual interrupt into L2, and thus
simply overwrite interrupt info field here looks incorrect. Though as you said
typical hypervisor doesn't turn interrupt exiting off, but it does be an
architectural correct thing. I think here you should compare current
INTR_INFO_FIELD with saved IDT_VECTOR and choose a higher priority, when L2 has
interrupt exiting disabled.
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
next reply other threads:[~2013-02-12 9:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-12 9:56 bugzilla-daemon [this message]
2013-02-12 9:57 ` [Bug 53711] nVMX: potential bug with IDT_VECTORING_INFO if !PIN_BASED_EXT_INTR_MASK bugzilla-daemon
2015-03-17 3:53 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-53711-28872@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox