Re: [PATCH v2 3/6] KVM: nVMX: fix SMI injection in guest mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20/09/2017 10:52, Ladi Prosek wrote:
>> Therefore, storing such hidden state or a subset of it in
>> vmx->nested.smm is merely a convenience that lets you keep
>> vmx->nested.vmxon == false while in SMM.  This is different from nSVM,
>> and I think it's an acceptable difference for the sake of convenience.
> So for nSVM, you'd save to and restore from the state save area? I can
> certainly do that but it would be hard to guarantee that KVM won't
> blow up if the SMM handler pokes at these fields. It feels safer to
> keep it internal or just save, not restore from it. I know that this
> comment belongs to the nSVM patch but it looks similar to your
> suggestion to protect CR4.VMXE on Intel. If we want to prevent SMM
> from wreaking havoc by trying to enable VMX, shouldn't we use the same
> measures on AMD and prevent it from switching VMCB while the nested
> guest is running. Thanks!

The difference is that on AMD you're actually allowed to do that.  The
SMM handler can also poke the general purpose register or even the
descriptor cache, so I think we should stay close to what the manual
says---even if it does two opposite things on Intel vs. AMD.

Thanks!

Paolo



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux