From: Joerg Roedel <joerg.roedel@amd.com>
To: Alexander Graf <agraf@suse.de>
Cc: Avi Kivity <avi@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/8] KVM: SVM: Fix nested nmi handling
Date: Fri, 23 Apr 2010 16:22:58 +0200 [thread overview]
Message-ID: <20100423142258.GG31537@amd.com> (raw)
In-Reply-To: <85D89C34-806C-4376-89BA-5BFD413F5396@suse.de>
On Fri, Apr 23, 2010 at 04:19:40PM +0200, Alexander Graf wrote:
>
> On 23.04.2010, at 16:13, Joerg Roedel wrote:
>
> > On Fri, Apr 23, 2010 at 03:46:07PM +0200, Alexander Graf wrote:
> >>
> >> On 22.04.2010, at 12:33, Joerg Roedel wrote:
> >>
> >>> The patch introducing nested nmi handling had a bug. The
> >>> check does not belong to enable_nmi_window but must be in
> >>> nmi_allowed. This patch fixes this.
> >>>
> >>> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
> >>> ---
> >>> arch/x86/kvm/svm.c | 16 +++++++++-------
> >>> 1 files changed, 9 insertions(+), 7 deletions(-)
> >>>
> >>> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> >>> index ab78eb8..ec20584 100644
> >>> --- a/arch/x86/kvm/svm.c
> >>> +++ b/arch/x86/kvm/svm.c
> >>> @@ -2771,8 +2771,12 @@ static int svm_nmi_allowed(struct kvm_vcpu *vcpu)
> >>> {
> >>> struct vcpu_svm *svm = to_svm(vcpu);
> >>> struct vmcb *vmcb = svm->vmcb;
> >>> - return !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
> >>> - !(svm->vcpu.arch.hflags & HF_NMI_MASK);
> >>> + int ret;
> >>> + ret = !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
> >>> + !(svm->vcpu.arch.hflags & HF_NMI_MASK);
> >>> + ret = ret && gif_set(svm) && nested_svm_nmi(svm);
> >>> +
> >>> + return ret;
> >>> }
> >>>
> >>> static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu)
> >>> @@ -2841,11 +2845,9 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
> >>> * Something prevents NMI from been injected. Single step over possible
> >>> * problem (IRET or exception injection or interrupt shadow)
> >>> */
> >>> - if (gif_set(svm) && nested_svm_nmi(svm)) {
> >>> - svm->nmi_singlestep = true;
> >>> - svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
> >>> - update_db_intercept(vcpu);
> >>> - }
> >>> + svm->nmi_singlestep = true;
> >>> + svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
> >>> + update_db_intercept(vcpu);
> >>
> >> So we're always messing with the nested guest state when the host
> >> wants to inject an nmi into the l1 guest? Is that safe?
> >
> > Why not? We can't inject an NMI directly into L2 if the nested
> > hypervisor intercepts it.
>
> So where did the code go that does the #vmexit in case the nested
> hypervisor does intercept it? It used to be nested_svm_nmi(), right?
No, nested_svm_nmi runs in atomic context where we can't emulate a
vmexit. We set exit_required and emulate the vmexit later.
Joerg
next prev parent reply other threads:[~2010-04-23 14:23 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-22 10:33 [PATCH 0/8] More fixes for nested svm Joerg Roedel
2010-04-22 10:33 ` [PATCH 1/8] KVM: SVM: Fix nested nmi handling Joerg Roedel
2010-04-23 13:46 ` Alexander Graf
2010-04-23 14:13 ` Joerg Roedel
2010-04-23 14:19 ` Alexander Graf
2010-04-23 14:22 ` Joerg Roedel [this message]
2010-04-23 14:24 ` Alexander Graf
2010-04-23 14:31 ` Joerg Roedel
2010-04-23 14:42 ` Alexander Graf
2010-04-23 14:51 ` Joerg Roedel
2010-04-23 19:18 ` Alexander Graf
2010-04-22 10:33 ` [PATCH 2/8] KVM: SVM: Make sure rip is synced to vmcb before nested vmexit Joerg Roedel
2010-04-22 10:33 ` [PATCH 3/8] KVM: SVM: Sync cr0 and cr3 to kvm state before nested handling Joerg Roedel
2010-04-23 13:50 ` Alexander Graf
2010-04-23 14:17 ` Joerg Roedel
2010-04-23 14:20 ` Alexander Graf
2010-04-22 10:33 ` [PATCH 4/8] KVM: SVM: Propagate nested entry failure into guest hypervisor Joerg Roedel
2010-04-23 13:50 ` Alexander Graf
2010-04-22 10:33 ` [PATCH 5/8] KVM: X86: Add callback to let modules decide over some supported cpuid bits Joerg Roedel
2010-04-23 13:52 ` Alexander Graf
2010-04-23 13:59 ` Avi Kivity
2010-04-22 10:33 ` [PATCH 6/8] KVM: SVM: Report emulated SVM features to userspace Joerg Roedel
2010-04-23 13:55 ` Alexander Graf
2010-04-23 14:21 ` Joerg Roedel
2010-04-22 10:33 ` [PATCH 7/8] KVM: x86: Allow marking an exception as reinjected Joerg Roedel
2010-04-23 13:57 ` Alexander Graf
2010-04-23 14:27 ` Joerg Roedel
2010-04-23 14:41 ` Alexander Graf
2010-04-22 10:33 ` [PATCH 8/8] KVM: SVM: Handle MCE intercepts always on host level Joerg Roedel
2010-04-23 13:58 ` Alexander Graf
2010-04-23 14:28 ` Joerg Roedel
2010-04-22 11:04 ` [PATCH 0/8] More fixes for nested svm Avi Kivity
2010-04-23 13:47 ` Alexander Graf
2010-04-23 19:18 ` Alexander Graf
2010-04-23 13:43 ` Alexander Graf
2010-04-25 8:39 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100423142258.GG31537@amd.com \
--to=joerg.roedel@amd.com \
--cc=agraf@suse.de \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox