[PATCH] KVM: VMX: Fix losing blocking by NMI in the guest interruptibility-state field

From: Wanpeng Li <kernellwp@gmail.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
	"Radim Krčmář" <rkrcmar@redhat.com>,
	"Wanpeng Li" <wanpeng.li@hotmail.com>
Subject: [PATCH] KVM: VMX: Fix losing blocking by NMI in the guest interruptibility-state field
Date: Fri, 14 Jul 2017 02:39:05 -0700	[thread overview]
Message-ID: <1500025145-96878-1-git-send-email-wanpeng.li@hotmail.com> (raw)

From: Wanpeng Li <wanpeng.li@hotmail.com>

Run kvm-unit-tests/eventinj.flat in L1 w/ ept=0 on both L0 and L1:

Before NMI IRET test
Sending NMI to self
NMI isr running stack 0x461000
Sending nested NMI to self
After nested NMI to self
Nested NMI isr running rip=40038e
After iret
After NMI to self
FAIL: NMI

Reference SDM 31.7.1.2:

 If the “virtual NMIs” VM-execution control is 1, bit 12 of the VM-exit 
 interruption-information field indicates that the VM exit was due to a fault 
 encountered during an execution of the IRET instruction that removed virtual-NMI 
 blocking. In particular, it provides this indication if the following are both 
 true:
 
  - Bit 31 (valid) in the IDT-vectoring information field is 0.
  - The value of bits 7:0 (vector) of the VM-exit interruption-information 
    field is not 8 (the VM exit is not due to a double-fault exception).
 
 If both are true and bit 12 of the VM-exit interruption-information field is 1, 
 there was virtual-NMI blocking before guest software executed the IRET instruction 
 that caused the fault that caused the VM exit. The VMM should set bit 3 (blocking 
 by NMI) in the interruptibility-state field (using VMREAD and VMWRITE) before 
 resuming guest software.

However, commit 0be9c7a89f750 (KVM: VMX: set "blocked by NMI" flag if EPT 
violation happens during IRET from NMI) just fixes the fault due to EPT violation. 
This patch tries to fix the fault due to the page fault of shadow page table. 

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
---
 arch/x86/kvm/vmx.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 84e62ac..32ca063 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5709,6 +5709,11 @@ static int handle_exception(struct kvm_vcpu *vcpu)
 	}
 
 	if (is_page_fault(intr_info)) {
+
+		if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&
+			(intr_info & INTR_INFO_UNBLOCK_NMI))
+			vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI);
+
 		cr2 = vmcs_readl(EXIT_QUALIFICATION);
 		/* EPT won't cause page fault directly */
 		WARN_ON_ONCE(!vcpu->arch.apf.host_apf_reason && enable_ept);
-- 
2.7.4
