Re: [PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF

From: Paolo Bonzini
Date: Mon Dec 13 2021 - 08:16:19 EST

Next message: Baoquan He: "Re: [PATCH v17 01/10] x86: kdump: replace the hard-coded alignment with macro CRASH_ALIGN"
Previous message: Vinod Koul: "[PATCH 2/3] dt-bindings: phy: qcom,qmp: Add SM8450 USB3 PHY"
In reply to: Maxim Levitsky: "Re: [PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF"
Next in thread: Maxim Levitsky: "Re: [PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/13/21 14:07, Maxim Levitsky wrote:

Right, another case is when CLGI is not trapped and the guest therefore
runs with GIF=0. I think that means that a similar change has to be
done in all the *_allowed functions.

I think that SVM sets real GIF to 1 on VMentry regardless if it is trapped or not.

Yes, the issue is only when CLGI is not trapped (and vGIF is disabled).

However if not trapped, and neither EFLAGS.IF is trapped, one could enter a guest
that has EFLAGS.IF == 0, then the guest could disable GIF, enable EFLAGS.IF,
and then enable GIF, but then GIF enablement should trigger out interrupt window
VINTR as well.

While GIF=0 you have svm_nmi_blocked returning true and svm_nmi_allowed returning -EBUSY; that's wrong isn't it?

Paolo

Next message: Baoquan He: "Re: [PATCH v17 01/10] x86: kdump: replace the hard-coded alignment with macro CRASH_ALIGN"
Previous message: Vinod Koul: "[PATCH 2/3] dt-bindings: phy: qcom,qmp: Add SM8450 USB3 PHY"
In reply to: Maxim Levitsky: "Re: [PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF"
Next in thread: Maxim Levitsky: "Re: [PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]