From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Santosh Shukla <santosh.shukla@amd.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCHv2 4/7] KVM: SVM: Report NMI not allowed when Guest busy handling VNMI
Date: Thu, 21 Jul 2022 16:08:56 +0000 [thread overview]
Message-ID: <Ytl6GLui7UQFi3FO@google.com> (raw)
In-Reply-To: <413f59cd3c0a80c5b71a0cd033fdaad082c5a0e7.camel@redhat.com>
On Thu, Jul 21, 2022, Maxim Levitsky wrote:
> On Thu, 2022-07-21 at 14:59 +0000, Sean Christopherson wrote:
> > Yep. Dropping an NMI in the last case is ok, AFAIK no CPU will pend multiple NMIs
> > while another is in-flight. But triggering an immediate exit in svm_nmi_allowed()
> > will hang the vCPU as the second pending NMI will never go away since the vCPU
>
> The idea is to trigger the immediate exit only when a NMI was just injected (V_NMI_PENDING=1)
> but not masked (that is currently in service, that is V_NMI_MASK=0).
I assume you mean "and an NMI is currently NOT in service"?
Anyways, we're on the same page, trigger an exit if and only if there's an NMI pending
and the vCPU isn't already handling a vNMI. We may need to explicitly drop one of
the pending NMIs in that case though, otherwise the NMI that _KVM_ holds pending could
get "injected" well after NMIs are unmasked, which could suprise the guest. E.g.
guest IRETs from the second (of three) NMIs, KVM doesn't "inject" that third NMI
until the next VM-Exit, which could be a long time in the future.
> In case both bits are set, the NMI is dropped, that is no immediate exit is requested.
>
> In this case, next VM entry should have no reason to not inject the NMI and then VM exit
> on the interrupt we raised, so there should not be a problem with forward progress.
>
> There is an issue still, the NMI could also be masked if we are in SMM (I suggested
> setting the V_NMI_MASK manually in this case), thus in this case we won't have more
> that one pending NMI, but I guess this is not that big problem.
>
> We can btw also in this case "open" the NMI window by waiting for RSM intercept.
> (that is just not inject the NMI, and on RSM inject it, I think that KVM already does this)
>
> I think it should overal work, but no doubt I do expect issues and corner cases,
>
>
> > won't make forward progress to unmask NMIs. This can also happen if there are
> > two pending NMIs and GIF=0, i.e. any time there are multiple pending NMIs and NMIs
> > are blocked.
>
> GIF=0 can be dealt with though, if GIF is 0 when 2nd pending NMI arrives, we can
> delay its injection to the moment the STGI is executed and intercept STGI.
>
> We I think already do something like that as well.
Yep, you're right, svm_enable_nmi_window() sets INTERCEPT_STGI if VGIF is enabled
and GIF=0 (and STGI exits unconditional if VGIF=0?).
So we have a poor man's NMI-window exiting.
next prev parent reply other threads:[~2022-07-21 16:09 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-09 13:42 [PATCHv2 0/7] Virtual NMI feature Santosh Shukla
2022-07-09 13:42 ` [PATCHv2 1/7] x86/cpu: Add CPUID feature bit for VNMI Santosh Shukla
2022-07-09 13:42 ` [PATCHv2 2/7] KVM: SVM: Add VNMI bit definition Santosh Shukla
2022-07-09 13:42 ` [PATCHv2 3/7] KVM: SVM: Add VNMI support in get/set_nmi_mask Santosh Shukla
2022-07-10 16:15 ` Maxim Levitsky
2022-07-21 9:34 ` Shukla, Santosh
2022-07-21 12:01 ` Maxim Levitsky
2022-07-21 13:12 ` Shukla, Santosh
2022-07-21 15:48 ` Maxim Levitsky
2022-07-09 13:42 ` [PATCHv2 4/7] KVM: SVM: Report NMI not allowed when Guest busy handling VNMI Santosh Shukla
2022-07-20 21:54 ` Sean Christopherson
2022-07-21 12:05 ` Maxim Levitsky
2022-07-21 14:59 ` Sean Christopherson
2022-07-21 15:31 ` Maxim Levitsky
2022-07-21 16:08 ` Sean Christopherson [this message]
2022-07-21 16:17 ` Maxim Levitsky
2022-07-21 16:25 ` Sean Christopherson
2022-07-29 5:51 ` Shukla, Santosh
2022-07-29 14:41 ` Sean Christopherson
2022-08-04 9:51 ` Shukla, Santosh
2022-07-09 13:42 ` [PATCHv2 5/7] KVM: SVM: Add VNMI support in inject_nmi Santosh Shukla
2022-07-20 21:41 ` Sean Christopherson
2022-07-20 22:46 ` Jim Mattson
2022-07-20 23:04 ` Sean Christopherson
2022-07-29 6:06 ` Shukla, Santosh
2022-07-29 13:53 ` Sean Christopherson
2022-07-29 13:55 ` Shukla, Santosh
2022-07-09 13:42 ` [PATCHv2 6/7] KVM: nSVM: implement nested VNMI Santosh Shukla
2022-07-09 13:42 ` [PATCHv2 7/7] KVM: SVM: Enable VNMI feature Santosh Shukla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ytl6GLui7UQFi3FO@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=santosh.shukla@amd.com \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).