[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] nestedsvm: Clear GIF when injecting VMEXIT

  • To: Teddy Astie <teddy.astie@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Mon, 11 May 2026 16:14:07 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=M97IDBq+YnAUaXPWbaO956Apv6hCI5spQG7tyga0720=; b=tCcMwLEtXiIGtHImUT04s6u9DGfb5u7zj0j5tqxRc08xG6VnUnA4MPO5LX4EIYeUnwTXTj0m553iiRaVc/A0YvXSjAPgHVnOMXt6tLR5LtMQhSTYz72/F9dkq5Z7s2dffGSNYLVWeHciEdNtIa/saOZpTBh7y8XlWybUDxIO38kKkkZyblj0wtPzzpiyJ75P6TsgYuOKylU14gxi7BnD1tzx5Q9oTgq8+nZPjUHR4zEFanSIBqbLfgTKRgL3MPFNGvL0/xSqFNECVAm1ztKmalgPNxIRvXYM4XUpdZftvEfGclZq4j4FveF7wW67laGjsxEDm7mGr91PGvoIXHODuw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TjTSrFfZS2Z7/pqW4IurIGG/5O88Iekndg9JmbBunoI68rUyB68dO+rGHM97dq9catzT/D+qSux4W9LQUZl7rXymmA++R6Q58xD8rdMTvkpcWFrtqFKIZ/vwQbdAxI5wJorNFkBjUCv7hA9fktUoNGjI1NzyPmZkxu3VXcOth1Lo4fMVk1y9Kc0zXKtK7XUAjy7P9/zTIRyrtkJTBVCiOoVQyvlBfQW6TROyJZLJO3WwQcXYUO4sWwKygkONDQohhms3j3iezx4SJo5l5DrVUZ6hDPAxPxuKQsENnxn8V5z/Wm2DSTmzDj9PgXFUoxbq4rAGsa0wQIv2TAYxF+BgKQ==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Autocrypt: addr=andrew.cooper3@xxxxxxxxxx; keydata= xsFNBFLhNn8BEADVhE+Hb8i0GV6mihnnr/uiQQdPF8kUoFzCOPXkf7jQ5sLYeJa0cQi6Penp VtiFYznTairnVsN5J+ujSTIb+OlMSJUWV4opS7WVNnxHbFTPYZVQ3erv7NKc2iVizCRZ2Kxn srM1oPXWRic8BIAdYOKOloF2300SL/bIpeD+x7h3w9B/qez7nOin5NzkxgFoaUeIal12pXSR Q354FKFoy6Vh96gc4VRqte3jw8mPuJQpfws+Pb+swvSf/i1q1+1I4jsRQQh2m6OTADHIqg2E ofTYAEh7R5HfPx0EXoEDMdRjOeKn8+vvkAwhviWXTHlG3R1QkbE5M/oywnZ83udJmi+lxjJ5 YhQ5IzomvJ16H0Bq+TLyVLO/VRksp1VR9HxCzItLNCS8PdpYYz5TC204ViycobYU65WMpzWe LFAGn8jSS25XIpqv0Y9k87dLbctKKA14Ifw2kq5OIVu2FuX+3i446JOa2vpCI9GcjCzi3oHV e00bzYiHMIl0FICrNJU0Kjho8pdo0m2uxkn6SYEpogAy9pnatUlO+erL4LqFUO7GXSdBRbw5 gNt25XTLdSFuZtMxkY3tq8MFss5QnjhehCVPEpE6y9ZjI4XB8ad1G4oBHVGK5LMsvg22PfMJ ISWFSHoF/B5+lHkCKWkFxZ0gZn33ju5n6/FOdEx4B8cMJt+cWwARAQABzSlBbmRyZXcgQ29v cGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPsLBegQTAQgAJAIbAwULCQgHAwUVCgkI CwUWAgMBAAIeAQIXgAUCWKD95wIZAQAKCRBlw/kGpdefoHbdD/9AIoR3k6fKl+RFiFpyAhvO 59ttDFI7nIAnlYngev2XUR3acFElJATHSDO0ju+hqWqAb8kVijXLops0gOfqt3VPZq9cuHlh IMDquatGLzAadfFx2eQYIYT+FYuMoPZy/aTUazmJIDVxP7L383grjIkn+7tAv+qeDfE+txL4 SAm1UHNvmdfgL2/lcmL3xRh7sub3nJilM93RWX1Pe5LBSDXO45uzCGEdst6uSlzYR/MEr+5Z JQQ32JV64zwvf/aKaagSQSQMYNX9JFgfZ3TKWC1KJQbX5ssoX/5hNLqxMcZV3TN7kU8I3kjK mPec9+1nECOjjJSO/h4P0sBZyIUGfguwzhEeGf4sMCuSEM4xjCnwiBwftR17sr0spYcOpqET ZGcAmyYcNjy6CYadNCnfR40vhhWuCfNCBzWnUW0lFoo12wb0YnzoOLjvfD6OL3JjIUJNOmJy RCsJ5IA/Iz33RhSVRmROu+TztwuThClw63g7+hoyewv7BemKyuU6FTVhjjW+XUWmS/FzknSi dAG+insr0746cTPpSkGl3KAXeWDGJzve7/SBBfyznWCMGaf8E2P1oOdIZRxHgWj0zNr1+ooF /PzgLPiCI4OMUttTlEKChgbUTQ+5o0P080JojqfXwbPAyumbaYcQNiH1/xYbJdOFSiBv9rpt TQTBLzDKXok86M7BTQRS4TZ/ARAAkgqudHsp+hd82UVkvgnlqZjzz2vyrYfz7bkPtXaGb9H4 Rfo7mQsEQavEBdWWjbga6eMnDqtu+FC+qeTGYebToxEyp2lKDSoAsvt8w82tIlP/EbmRbDVn 7bhjBlfRcFjVYw8uVDPptT0TV47vpoCVkTwcyb6OltJrvg/QzV9f07DJswuda1JH3/qvYu0p vjPnYvCq4NsqY2XSdAJ02HrdYPFtNyPEntu1n1KK+gJrstjtw7KsZ4ygXYrsm/oCBiVW/OgU g/XIlGErkrxe4vQvJyVwg6YH653YTX5hLLUEL1NS4TCo47RP+wi6y+TnuAL36UtK/uFyEuPy wwrDVcC4cIFhYSfsO0BumEI65yu7a8aHbGfq2lW251UcoU48Z27ZUUZd2Dr6O/n8poQHbaTd 6bJJSjzGGHZVbRP9UQ3lkmkmc0+XCHmj5WhwNNYjgbbmML7y0fsJT5RgvefAIFfHBg7fTY/i kBEimoUsTEQz+N4hbKwo1hULfVxDJStE4sbPhjbsPCrlXf6W9CxSyQ0qmZ2bXsLQYRj2xqd1 bpA+1o1j2N4/au1R/uSiUFjewJdT/LX1EklKDcQwpk06Af/N7VZtSfEJeRV04unbsKVXWZAk uAJyDDKN99ziC0Wz5kcPyVD1HNf8bgaqGDzrv3TfYjwqayRFcMf7xJaL9xXedMcAEQEAAcLB XwQYAQgACQUCUuE2fwIbDAAKCRBlw/kGpdefoG4XEACD1Qf/er8EA7g23HMxYWd3FXHThrVQ HgiGdk5Yh632vjOm9L4sd/GCEACVQKjsu98e8o3ysitFlznEns5EAAXEbITrgKWXDDUWGYxd pnjj2u+GkVdsOAGk0kxczX6s+VRBhpbBI2PWnOsRJgU2n10PZ3mZD4Xu9kU2IXYmuW+e5KCA vTArRUdCrAtIa1k01sPipPPw6dfxx2e5asy21YOytzxuWFfJTGnVxZZSCyLUO83sh6OZhJkk b9rxL9wPmpN/t2IPaEKoAc0FTQZS36wAMOXkBh24PQ9gaLJvfPKpNzGD8XWR5HHF0NLIJhgg 4ZlEXQ2fVp3XrtocHqhu4UZR4koCijgB8sB7Tb0GCpwK+C4UePdFLfhKyRdSXuvY3AHJd4CP 4JzW0Bzq/WXY3XMOzUTYApGQpnUpdOmuQSfpV9MQO+/jo7r6yPbxT7CwRS5dcQPzUiuHLK9i nvjREdh84qycnx0/6dDroYhp0DFv4udxuAvt1h4wGwTPRQZerSm4xaYegEFusyhbZrI0U9tJ B8WrhBLXDiYlyJT6zOV2yZFuW47VrLsjYnHwn27hmxTC/7tvG3euCklmkn9Sl9IAKFu29RSo d5bD8kMSCYsTqtTfT6W4A3qHGvIDta3ptLYpIAOD2sY3GYq2nf3Bbzx81wZK14JdDDHUX2Rs 6+ahAA==
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>
  • Delivery-date: Mon, 11 May 2026 15:14:29 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11/05/2026 3:35 pm, Teddy Astie wrote:
> Le 07/05/2026 à 15:03, Ross Lagerwall a écrit :
>> On 4/29/26 5:54 PM, Teddy Astie wrote:
>>> Le 23/04/2026 à 18:13, Ross Lagerwall a écrit :
>>>> If L1 executes VMRUN with the GIF set and it fails consistency checks,
>>>> Xen will inject a VMEXIT and fail the assert checking the GIF is
>>>> cleared.
>>>>
>>>> Instead, clear the GIF when injecting a VMEXIT to match what hardware
>>>> does.
>>>>
>>>> Fixes: 9a779e4fc161 ("Implement SVM specific part for Nested
>>>> Virtualization")
>>>> Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
>>>> ---
>>>>    xen/arch/x86/hvm/svm/nestedsvm.c | 4 ++--
>>>>    1 file changed, 2 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c
>>>> b/xen/arch/x86/hvm/svm/ nestedsvm.c
>>>> index ef6fa5d23b67..f89b087a1155 100644
>>>> --- a/xen/arch/x86/hvm/svm/nestedsvm.c
>>>> +++ b/xen/arch/x86/hvm/svm/nestedsvm.c
>>>> @@ -733,9 +733,9 @@ nsvm_vcpu_vmexit_inject(struct vcpu *v, struct
>>>> cpu_user_regs *regs,
>>>>        struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb;
>>>>        if ( vmcb->_vintr.fields.vgif_enable )
>>>> -        ASSERT(vmcb->_vintr.fields.vgif == 0);
>>>> +        vmcb->_vintr.fields.vgif = 0;
>>>>        else
>>>> -        ASSERT(svm->ns_gif == 0);
>>>> +        nestedsvm_vcpu_clgi(v);
>>>>        ns_vmcb = nv->nv_vvmcx;
>>>
>>> Looks good to me, though I think we are here looking to make a "guest
>>> CLGI" (clear GIF), so the vGIF specific logic should be collapsed into
>>> nestedsvm_vcpu_clgi() instead of having it as the non-vgif-support
>>> case.
>>> (as IIUC, vGIF is a hardware accelration for nested GIF handling ?)
>>
>> Not 100% sure I follow your point here but v2 of this series removes
>> nestedsvm_vcpu_clgi() entirely. Does that address your concern?
>>
>>>
>>> (also making me notice that svm_vmexit_do_{stgi,clgi}() seems to lack
>>> vGIF specific logic)
>>>
>>
>> Isn't that by design? If vGIF is enabled the hardware should handle
>> STGI/CLGI without a VMEXIT.
>>
>
> I think at some point in the future, we may need a
> `nestedsvm_vcpu_{stgi,clgi}()` function, or something in that regard;
> e.g for emulating this instruction outside of a SVM intercept path
> (x86 emulator bits ?). As I think there are cases where the
> instruction is not intercepted but still needs to be emulated.
>
> Such function would need to know whether or not we use vGIF.

Yes we will (eventually) want emulation of STGI/CLGI.  It will
specifically not reintroduce nestedsvm_vcpu_{stgi,clgi}().

With introspection, we do get arbitrary instructions running through the
emulator.  This is why we take care to ensure that the emulator can cope
before a feature gets enabled generally.

For normal cases, we either have vGIF active and everything is handled
without VMExit, or we don't have vGIF active and everything hits the
intercept; this is not a split based on hardware support - it includes
both L0 and L1's configuration.

In fact, vGIF is a feature where on older hardware it's actually faster
for L0 to emulate it for L1, because a virtual VMExit/Entry and running
the L1 vmexit handler is much slower than L0 just emulating it and
re-entering L2 as if nothing had happened.  But that's an optimisation
for a later day.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.