Re: [PATCH 4/5] KVM: SVM: Allow EFER.LMSLE to be set with nestedsvm
From: Roedel, Joerg
Date: Thu May 06 2010 - 05:39:11 EST
On Wed, May 05, 2010 at 04:57:00PM -0400, Przywara, Andre wrote:
> If I understood this correctly, there is a bug somewhere, maybe even in
> KVM's nested SVM implementation. Xen is fine with this bit-set provoking
> a #GP. I haven't had time yet to further investigate this, though.
Ok, I looked at this again and reproduced the traces I already deleted
and fetched the Xen crash message and found something I missed before.
The relevant part of the KVM trace is:
qemu-system-x86-7364 [012] 790.715351: kvm_exit: reason msr rip 0xffff82c4801b5c93
qemu-system-x86-7364 [012] 790.715352: kvm_msr: msr_write c0000080 = 0x3d01
qemu-system-x86-7364 [012] 790.715354: kvm_inj_exception: #GP (0x0)
And the Xen-Crash message is:
(XEN) Xen call trace:
(XEN) [<ffff82c4801b5c95>] svm_cpu_up+0x135/0x200
(XEN) [<ffff82c4801b5d9c>] start_svm+0x3c/0xe0
(XEN) [<ffff82c4801948b2>] identify_cpu+0xd2/0x240
(XEN) [<ffff82c480252c6b>] __start_xen+0x1dbb/0x3660
(XEN) [<ffff82c4801000b5>] __high_start+0xa1/0xa3
(XEN)
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) GENERAL PROTECTION FAULT
(XEN) [error_code=0000]
(XEN) ****************************************
The MSR write happens on rip 0xffff82c4801b5c93 while the #GP is
injected at rip ffff82c4801b5c95 (== right after the wrmsr instruction).
So yes, there is another bug in KVM here. The problem is that the
set_efer function does not report write errors to ist caller and injects
the #GP directly. The svm:wrmsr_interception recognizes a success and
advances the rip.
The attached patch fixes this.