From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joerg Roedel <joro@8bytes.org>
Subject: Re: [PATCH 1/5] Implement #NMI exiting for nested SVM
Date: Wed, 23 Sep 2009 03:06:17 +0200
Message-ID: <20090923010616.GA4654@8bytes.org>
References: <1253278832-31803-1-git-send-email-agraf@suse.de> <1253278832-31803-2-git-send-email-agraf@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm@vger.kernel.org
To: Alexander Graf <agraf@suse.de>
Return-path: <kvm-owner@vger.kernel.org>
Received: from 8bytes.org ([88.198.83.132]:50205 "EHLO 8bytes.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753735AbZIWBdA (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 22 Sep 2009 21:33:00 -0400
Content-Disposition: inline
In-Reply-To: <1253278832-31803-2-git-send-email-agraf@suse.de>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Fri, Sep 18, 2009 at 03:00:28PM +0200, Alexander Graf wrote:
> When injecting an NMI to the l1 guest while it was running the l2 guest, we
> didn't #VMEXIT but just injected the NMI to the l2 guest.
> 
> Let's be closer to real hardware and #VMEXIT if we're supposed to do so.
> 
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
>  arch/x86/kvm/svm.c |   38 ++++++++++++++++++++++++++++++++------
>  1 files changed, 32 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 9a4daca..f12a669 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -1375,6 +1375,21 @@ static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
>  	return nested_svm_exit_handled(svm);
>  }
>  
> +static inline int nested_svm_nmi(struct vcpu_svm *svm)
> +{
> +	if (!is_nested(svm))
> +		return 0;
> +
> +	svm->vmcb->control.exit_code = SVM_EXIT_NMI;
> +
> +	if (nested_svm_exit_handled(svm)) {
> +		nsvm_printk("VMexit -> NMI\n");
> +		return 1;
> +	}
> +
> +	return 0;
> +}
> +
>  static inline int nested_svm_intr(struct vcpu_svm *svm)
>  {
>  	if (!is_nested(svm))
> @@ -2462,7 +2477,9 @@ static int svm_nmi_allowed(struct kvm_vcpu *vcpu)
>  	struct vcpu_svm *svm = to_svm(vcpu);
>  	struct vmcb *vmcb = svm->vmcb;
>  	return !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
> -		!(svm->vcpu.arch.hflags & HF_NMI_MASK);
> +		!(svm->vcpu.arch.hflags & HF_NMI_MASK) &&
> +		gif_set(svm) &&
> +		!is_nested(svm);

This check is not sufficient. It assumes that the guest intercepts NMIs
for its guests.


> -	if (gif_set(svm)) {
> -		svm_set_vintr(svm);
> -		svm_inject_irq(svm, 0x0);
> -	}
> +	if (!gif_set(svm))
> +		return;
> +
> +	svm_set_vintr(svm);
> +	svm_inject_irq(svm, 0x0);
>  }

As Jan already wrote, please put this in a seperate patch.

Joerg