From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Oliver Upton <oupton@google.com>, Peter Shier <pshier@google.com>
Subject: [PATCH 11/13] KVM: VMX: Use vmx_interrupt_blocked() directly from vmx_handle_exit()
Date: Wed, 22 Apr 2020 19:25:48 -0700 [thread overview]
Message-ID: <20200423022550.15113-12-sean.j.christopherson@intel.com> (raw)
In-Reply-To: <20200423022550.15113-1-sean.j.christopherson@intel.com>
Use vmx_interrupt_blocked() instead of bouncing through
vmx_interrupt_allowed() when handling edge cases in vmx_handle_exit().
The nested_run_pending check in vmx_interrupt_allowed() should never
evaluate true in the VM-Exit path.
Hoist the WARN in handle_invalid_guest_state() up to vmx_handle_exit()
to enforce the above assumption for the !enable_vnmi case, and to detect
any other potential bugs with nested VM-Enter.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
arch/x86/kvm/vmx/vmx.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 50c726a21feb..2f8cacb3aa9b 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -5268,18 +5268,11 @@ static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
bool intr_window_requested;
unsigned count = 130;
- /*
- * We should never reach the point where we are emulating L2
- * due to invalid guest state as that means we incorrectly
- * allowed a nested VMEntry with an invalid vmcs12.
- */
- WARN_ON_ONCE(vmx->emulation_required && vmx->nested.nested_run_pending);
-
intr_window_requested = exec_controls_get(vmx) &
CPU_BASED_INTR_WINDOW_EXITING;
while (vmx->emulation_required && count-- != 0) {
- if (intr_window_requested && vmx_interrupt_allowed(vcpu))
+ if (intr_window_requested && !vmx_interrupt_blocked(vcpu))
return handle_interrupt_window(&vmx->vcpu);
if (kvm_test_request(KVM_REQ_EVENT, vcpu))
@@ -5896,6 +5889,14 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu,
if (enable_pml)
vmx_flush_pml_buffer(vcpu);
+ /*
+ * We should never reach this point with a pending nested VM-Enter, and
+ * more specifically emulation of L2 due to invalid guest state (see
+ * below) should never happen as that means we incorrectly allowed a
+ * nested VM-Enter with an invalid vmcs12.
+ */
+ WARN_ON_ONCE(vmx->nested.nested_run_pending);
+
/* If guest state is invalid, start emulating */
if (vmx->emulation_required)
return handle_invalid_guest_state(vcpu);
@@ -5962,7 +5963,7 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu,
if (unlikely(!enable_vnmi &&
vmx->loaded_vmcs->soft_vnmi_blocked)) {
- if (vmx_interrupt_allowed(vcpu)) {
+ if (!vmx_interrupt_blocked(vcpu)) {
vmx->loaded_vmcs->soft_vnmi_blocked = 0;
} else if (vmx->loaded_vmcs->vnmi_blocked_time > 1000000000LL &&
vcpu->arch.nmi_pending) {
--
2.26.0
next prev parent reply other threads:[~2020-04-23 2:26 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-23 2:25 [PATCH 00/13] KVM: x86: Event fixes and cleanup Sean Christopherson
2020-04-23 2:25 ` [PATCH 01/13] KVM: nVMX: Preserve exception priority irrespective of exiting behavior Sean Christopherson
2020-04-28 18:54 ` Jim Mattson
2020-04-28 20:07 ` Oliver Upton
2020-04-23 2:25 ` [PATCH 02/13] KVM: nVMX: Open a window for pending nested VMX preemption timer Sean Christopherson
2020-04-28 21:39 ` Jim Mattson
2020-04-23 2:25 ` [PATCH 03/13] KVM: x86: Set KVM_REQ_EVENT if run is canceled with req_immediate_exit set Sean Christopherson
2020-04-28 21:41 ` Jim Mattson
2020-04-23 2:25 ` [PATCH 04/13] KVM: x86: Make return for {interrupt_nmi}_allowed() a bool instead of int Sean Christopherson
2020-04-28 21:42 ` Jim Mattson
2020-04-23 2:25 ` [PATCH 05/13] KVM: nVMX: Move nested_exit_on_nmi() to nested.h Sean Christopherson
2020-04-28 21:44 ` Jim Mattson
2020-04-23 2:25 ` [PATCH 06/13] KVM: nVMX: Report NMIs as allowed when in L2 and Exit-on-NMI is set Sean Christopherson
2020-04-28 21:46 ` Jim Mattson
2020-04-23 2:25 ` [PATCH 07/13] KVM: VMX: Split out architectural interrupt/NMI blocking checks Sean Christopherson
2020-04-28 21:57 ` Jim Mattson
2020-04-23 2:25 ` [PATCH 08/13] KVM: nVMX: Preserve IRQ/NMI priority irrespective of exiting behavior Sean Christopherson
2020-04-28 21:58 ` Jim Mattson
2020-04-23 2:25 ` [PATCH 09/13] KVM: nVMX: Prioritize SMI over nested IRQ/NMI Sean Christopherson
2020-04-28 22:04 ` Jim Mattson
2020-04-28 22:59 ` Sean Christopherson
2020-04-28 23:16 ` Jim Mattson
2020-04-29 14:50 ` Sean Christopherson
2020-04-29 20:06 ` Sean Christopherson
2020-04-28 23:23 ` Jim Mattson
2020-04-23 2:25 ` [PATCH 10/13] KVM: x86: WARN on injected+pending exception even in nested case Sean Christopherson
2020-04-28 22:05 ` Jim Mattson
2020-04-23 2:25 ` Sean Christopherson [this message]
2020-04-28 22:07 ` [PATCH 11/13] KVM: VMX: Use vmx_interrupt_blocked() directly from vmx_handle_exit() Jim Mattson
2020-04-23 2:25 ` [PATCH 12/13] KVM: x86: Replace late check_nested_events() hack with more precise fix Sean Christopherson
2020-04-23 11:00 ` Paolo Bonzini
2020-04-28 22:12 ` Jim Mattson
2020-04-28 22:20 ` Sean Christopherson
2020-04-29 8:36 ` Paolo Bonzini
2020-04-29 16:45 ` Sean Christopherson
2020-04-29 16:58 ` Paolo Bonzini
2020-04-29 17:07 ` Sean Christopherson
2020-04-23 2:25 ` [PATCH 13/13] KVM: VMX: Use vmx_get_rflags() to query RFLAGS in vmx_interrupt_blocked() Sean Christopherson
2020-04-28 22:13 ` Jim Mattson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200423022550.15113-12-sean.j.christopherson@intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oupton@google.com \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).