[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] SVM: limit GIF=0 region

>>> On 26.06.18 at 10:45, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 26/06/2018 08:32, Jan Beulich wrote:
>> Use EFLAGS.IF for all ordinary purposes; there's in particular no need
>> to unduly defer NMI/#MC. Clear/set GIF solely around VMRUN itself. This
>> has the additional advantage that svm_stgi_label now indeed marks the
>> only place where GIF is being set.
>> A note regarding the main STI placement: Orignally I had it at the place
>> the main STGI was sitting at so far. However, my Fam15 box reliably
>> locks up hard with this, unless I have the NMI watchdog enabled. I can
>> only deduce that the CPU doesn't like STGI with EFLAGS.IF clear plus
>> some other condition (the lockup occurs only after exiting the boot
>> loader in the guest). As there's nothing wrong with interrupts being on
>> right after VMRUN, I've decided to put the STI right after the CLGI
>> (matching what KVM does, i.e. having a fair chance of working
>> everywhere).
> I'd like some input from AMD on this observation, because it is
> completely bizarre.

Would be nice indeed.

>> @@ -96,13 +100,11 @@ __UNLIKELY_END(nsvm_hap)
>>          SPEC_CTRL_ENTRY_FROM_HVM    /* Req: b=curr %rsp=regs/cpuinfo, Clob: 
>> acd */
>>          /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
>> -        STGI
>> -GLOBAL(svm_stgi_label)
> Unfortunately, the stgi label must remain here. 
> SPEC_CTRL_ENTRY_FROM_HVM depends on NMIs being blocked to avoid
> corrupting guest state.

I'm afraid I don't follow: How are things safe then without NMIs blocked
for VMX?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.