Re: [PATCH] KVM: VMX: Fix losing blocking by NMI in the guest interruptibility-state field

Paolo Bonzini <pbonzini@xxxxxxxxxx> · Tue, 25 Jul 2017 10:48:54 +0200

On 25/07/2017 10:27, Wanpeng Li wrote:
> 2017-07-14 19:36 GMT+08:00 Paolo Bonzini <pbonzini@xxxxxxxxxx>:
>> On 14/07/2017 11:39, Wanpeng Li wrote:
>>> However, commit 0be9c7a89f750 (KVM: VMX: set "blocked by NMI" flag if EPT
>>> violation happens during IRET from NMI) just fixes the fault due to EPT violation.
>>> This patch tries to fix the fault due to the page fault of shadow page table.
>>>
>>> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
>>> Cc: Radim Krčmář <rkrcmar@xxxxxxxxxx>
>>> Signed-off-by: Wanpeng Li <wanpeng.li@xxxxxxxxxxx>
>>> ---
>>>  arch/x86/kvm/vmx.c | 5 +++++
>>>  1 file changed, 5 insertions(+)
>>>
>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> index 84e62ac..32ca063 100644
>>> --- a/arch/x86/kvm/vmx.c
>>> +++ b/arch/x86/kvm/vmx.c
>>> @@ -5709,6 +5709,11 @@ static int handle_exception(struct kvm_vcpu *vcpu)
>>>       }
>>>
>>>       if (is_page_fault(intr_info)) {
>>> +
>>> +             if (!(to_vmx(vcpu)->idt_vectoring_info & VECTORING_INFO_VALID_MASK) &&
>>> +                     (intr_info & INTR_INFO_UNBLOCK_NMI))
>>> +                     vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI);
>>> +
>>>               cr2 = vmcs_readl(EXIT_QUALIFICATION);
>>>               /* EPT won't cause page fault directly */
>>>               WARN_ON_ONCE(!vcpu->arch.apf.host_apf_reason && enable_ept);
>>
>> vmx_recover_nmi_blocking is supposed to do the same.  EPT and PML-full exits
>> need separate code because they store bit 12 in the exit qualification rather
>> than the VM-exit interruption info.  I think the bug is in the handling of
>> vmx->nmi_known_unmasked.
>>
>> The following patch fixes it for me, can you test it too?
> 
> Sorry, I just touch my testing machine recently and had a traveling
> before. It seems that the patch is correct for itself, but it still
> can't fix the issue which I encounter. Actually, L1 injects NMI to L2
> kvm-unit-tests/event.flat and mark the cached value of the guest
> interruptibility info is masked, however, it is marked in the L1 and
> L0 can't know what's the right value of the cached info should be. We
> lost the right value of the cached info on L0, and the cached info is
> unmask so vmx_recover_nmi_blocking can't handle it. So I'm afraid the
> original patch also should be applied.

No, the original patch is wrong.  Handling intr_info &
INTR_INFO_UNBLOCK_NMI is vmx_recover_nmi_blocking's task.  Are you
saying that nmi_known_unmasked must be updated when preparing the vmcs02
for the vmcs12?

Thanks,

Paolo