Commit b518ba9f authored by Paolo Bonzini's avatar Paolo Bonzini

KVM: nSVM: implement check_nested_events for interrupts

The current implementation of physical interrupt delivery to a nested guest
is quite broken.  It relies on svm_interrupt_allowed returning false if
VINTR=1 so that the interrupt can be injected from enable_irq_window,
but this does not work for guests that do not intercept HLT or that rely
on clearing the host IF to block physical interrupts while L2 runs.

This patch can be split in two logical parts, but including only
one breaks tests so I am combining both changes together.

The first and easiest is simply to return true for svm_interrupt_allowed
if HF_VINTR_MASK is set and HIF is set.  This way the semantics of
svm_interrupt_allowed are respected: svm_interrupt_allowed being false
does not mean "call enable_irq_window", it means "interrupts cannot
be injected now".

After doing this, however, we need another place to inject the
interrupt, and fortunately we already have one, check_nested_events,
which nested SVM does not implement but which is meant exactly for this
purpose.  It is called before interrupts are injected, and it can
therefore do the L2->L1 switch while leaving inject_pending_event
none the wiser.

This patch was developed together with Cathy Avery, who wrote the
test and did a lot of the initial debugging.
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 64b5bd27
...@@ -3135,43 +3135,36 @@ static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr, ...@@ -3135,43 +3135,36 @@ static int nested_svm_check_exception(struct vcpu_svm *svm, unsigned nr,
return vmexit; return vmexit;
} }
/* This function returns true if it is save to enable the irq window */ static void nested_svm_intr(struct vcpu_svm *svm)
static inline bool nested_svm_intr(struct vcpu_svm *svm)
{ {
if (!is_guest_mode(&svm->vcpu))
return true;
if (!(svm->vcpu.arch.hflags & HF_VINTR_MASK))
return true;
if (!(svm->vcpu.arch.hflags & HF_HIF_MASK))
return false;
/*
* if vmexit was already requested (by intercepted exception
* for instance) do not overwrite it with "external interrupt"
* vmexit.
*/
if (svm->nested.exit_required)
return false;
svm->vmcb->control.exit_code = SVM_EXIT_INTR; svm->vmcb->control.exit_code = SVM_EXIT_INTR;
svm->vmcb->control.exit_info_1 = 0; svm->vmcb->control.exit_info_1 = 0;
svm->vmcb->control.exit_info_2 = 0; svm->vmcb->control.exit_info_2 = 0;
if (svm->nested.intercept & 1ULL) { /* nested_svm_vmexit this gets called afterwards from handle_exit */
/* svm->nested.exit_required = true;
* The #vmexit can't be emulated here directly because this trace_kvm_nested_intr_vmexit(svm->vmcb->save.rip);
* code path runs with irqs and preemption disabled. A }
* #vmexit emulation might sleep. Only signal request for
* the #vmexit here. static bool nested_exit_on_intr(struct vcpu_svm *svm)
*/ {
svm->nested.exit_required = true; return (svm->nested.intercept & 1ULL);
trace_kvm_nested_intr_vmexit(svm->vmcb->save.rip); }
return false;
static int svm_check_nested_events(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
bool block_nested_events =
kvm_event_needs_reinjection(vcpu) || svm->nested.exit_required;
if (kvm_cpu_has_interrupt(vcpu) && nested_exit_on_intr(svm)) {
if (block_nested_events)
return -EBUSY;
nested_svm_intr(svm);
return 0;
} }
return true; return 0;
} }
/* This function returns true if it is save to enable the nmi window */ /* This function returns true if it is save to enable the nmi window */
...@@ -5546,18 +5539,15 @@ static int svm_interrupt_allowed(struct kvm_vcpu *vcpu) ...@@ -5546,18 +5539,15 @@ static int svm_interrupt_allowed(struct kvm_vcpu *vcpu)
{ {
struct vcpu_svm *svm = to_svm(vcpu); struct vcpu_svm *svm = to_svm(vcpu);
struct vmcb *vmcb = svm->vmcb; struct vmcb *vmcb = svm->vmcb;
int ret;
if (!gif_set(svm) || if (!gif_set(svm) ||
(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK)) (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK))
return 0; return 0;
ret = !!(kvm_get_rflags(vcpu) & X86_EFLAGS_IF); if (is_guest_mode(vcpu) && (svm->vcpu.arch.hflags & HF_VINTR_MASK))
return !!(svm->vcpu.arch.hflags & HF_HIF_MASK);
if (is_guest_mode(vcpu)) else
return ret && !(svm->vcpu.arch.hflags & HF_VINTR_MASK); return !!(kvm_get_rflags(vcpu) & X86_EFLAGS_IF);
return ret;
} }
static void enable_irq_window(struct kvm_vcpu *vcpu) static void enable_irq_window(struct kvm_vcpu *vcpu)
...@@ -5572,7 +5562,7 @@ static void enable_irq_window(struct kvm_vcpu *vcpu) ...@@ -5572,7 +5562,7 @@ static void enable_irq_window(struct kvm_vcpu *vcpu)
* enabled, the STGI interception will not occur. Enable the irq * enabled, the STGI interception will not occur. Enable the irq
* window under the assumption that the hardware will set the GIF. * window under the assumption that the hardware will set the GIF.
*/ */
if ((vgif_enabled(svm) || gif_set(svm)) && nested_svm_intr(svm)) { if (vgif_enabled(svm) || gif_set(svm)) {
/* /*
* IRQ window is not needed when AVIC is enabled, * IRQ window is not needed when AVIC is enabled,
* unless we have pending ExtINT since it cannot be injected * unless we have pending ExtINT since it cannot be injected
...@@ -7467,6 +7457,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { ...@@ -7467,6 +7457,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.need_emulation_on_page_fault = svm_need_emulation_on_page_fault, .need_emulation_on_page_fault = svm_need_emulation_on_page_fault,
.apic_init_signal_blocked = svm_apic_init_signal_blocked, .apic_init_signal_blocked = svm_apic_init_signal_blocked,
.check_nested_events = svm_check_nested_events,
}; };
static int __init svm_init(void) static int __init svm_init(void)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment