Xen project Mailing List

Re: [Xen-devel] [PATCH] SVM: limit GIF=0 region

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>

From: "Jan Beulich" <JBeulich@xxxxxxxx>

Date: Tue, 26 Jun 2018 05:50:27 -0600

Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>

Delivery-date: Tue, 26 Jun 2018 11:50:44 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 26.06.18 at 12:52, <andrew.cooper3@xxxxxxxxxx> wrote: > On 26/06/18 10:52, Jan Beulich wrote: >>>>> On 26.06.18 at 10:45, <andrew.cooper3@xxxxxxxxxx> wrote: >>> On 26/06/2018 08:32, Jan Beulich wrote: >>>> Use EFLAGS.IF for all ordinary purposes; there's in particular no need >>>> to unduly defer NMI/#MC. Clear/set GIF solely around VMRUN itself. This >>>> has the additional advantage that svm_stgi_label now indeed marks the >>>> only place where GIF is being set. >>>> >>>> A note regarding the main STI placement: Orignally I had it at the place >>>> the main STGI was sitting at so far. However, my Fam15 box reliably >>>> locks up hard with this, unless I have the NMI watchdog enabled. I can >>>> only deduce that the CPU doesn't like STGI with EFLAGS.IF clear plus >>>> some other condition (the lockup occurs only after exiting the boot >>>> loader in the guest). As there's nothing wrong with interrupts being on >>>> right after VMRUN, I've decided to put the STI right after the CLGI >>>> (matching what KVM does, i.e. having a fair chance of working >>>> everywhere). >>> I'd like some input from AMD on this observation, because it is >>> completely bizarre. >> Would be nice indeed. >> >>>> @@ -96,13 +100,11 @@ __UNLIKELY_END(nsvm_hap) >>>> SPEC_CTRL_ENTRY_FROM_HVM /* Req: b=curr %rsp=regs/cpuinfo, >>>> Clob: acd */ >>>> /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. >>>> */ >>>> >>>> - STGI >>>> -GLOBAL(svm_stgi_label) >>> Unfortunately, the stgi label must remain here. >>> SPEC_CTRL_ENTRY_FROM_HVM depends on NMIs being blocked to avoid >>> corrupting guest state. >> I'm afraid I don't follow: How are things safe then without NMIs blocked >> for VMX? > > 27.5.5 VMExits > Updating Non-Register State > > VM exits caused directly by non-maskable interrupts (NMIs) cause > blocking by NMI (see Table 24-3). Other VM exits do not affect blocking > by NMI. Telling us that an NMI can occur at any point between vmx_asm_vmexit_handler and the point where guest state was saved in SPEC_CTRL_ENTRY_FROM_HVM. So afaict if the macro is indeed unsafe right now, it's the macro that needs to change, not the patch we're discussing here. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.