[PATCH] KVM: VMX: Fix losing blocking by NMI in the guest interruptibility-state field

From: Wanpeng Li
Date: Fri Jul 14 2017 - 05:39:26 EST

From: Wanpeng Li <wanpeng.li@xxxxxxxxxxx>

Run kvm-unit-tests/eventinj.flat in L1 w/ ept=0 on both L0 and L1:

Before NMI IRET test
Sending NMI to self
NMI isr running stack 0x461000
Sending nested NMI to self
After nested NMI to self
Nested NMI isr running rip=40038e
After iret
After NMI to self

Reference SDM

If the âvirtual NMIsâ VM-execution control is 1, bit 12 of the VM-exit
interruption-information field indicates that the VM exit was due to a fault
encountered during an execution of the IRET instruction that removed virtual-NMI
blocking. In particular, it provides this indication if the following are both

- Bit 31 (valid) in the IDT-vectoring information field is 0.
- The value of bits 7:0 (vector) of the VM-exit interruption-information
field is not 8 (the VM exit is not due to a double-fault exception).

If both are true and bit 12 of the VM-exit interruption-information field is 1,
there was virtual-NMI blocking before guest software executed the IRET instruction
that caused the fault that caused the VM exit. The VMM should set bit 3 (blocking
by NMI) in the interruptibility-state field (using VMREAD and VMWRITE) before
resuming guest software.

However, commit 0be9c7a89f750 (KVM: VMX: set "blocked by NMI" flag if EPT
violation happens during IRET from NMI) just fixes the fault due to EPT violation.
This patch tries to fix the fault due to the page fault of shadow page table.

Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Radim KrÄmÃÅ <rkrcmar@xxxxxxxxxx>
Signed-off-by: Wanpeng Li <wanpeng.li@xxxxxxxxxxx>
arch/x86/kvm/vmx.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 84e62ac..32ca063 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5709,6 +5709,11 @@ static int handle_exception(struct kvm_vcpu *vcpu)

if (is_page_fault(intr_info)) {
+ if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&
+ (intr_info & INTR_INFO_UNBLOCK_NMI))
cr2 = vmcs_readl(EXIT_QUALIFICATION);
/* EPT won't cause page fault directly */
WARN_ON_ONCE(!vcpu->arch.apf.host_apf_reason && enable_ept);