On 10/11/2017 22:47, Liran Alon wrote:
> In order to fully fix the issue at hand here, you will basically need
> vmcs02->eoi_exit_bitmap to be a logical OR of vmcs12->eoi_exit_bitmap
> and vmcs01->eoi_exit_bitmap. Then on EOI_INDUCED exits to L0,
> nested_vmx_exit_reflected() will decide if it should be forwarded to L1
> or not. That will also fix the bug this patch aims to fix.
No, it should be possible to detect whether the APIC is passed through:
if "virtualize APIC access" and "virtual-x2APIC mode" are both clear in
vmcs12, then any EOI_INDUCED exit from L2 must come from the L1 APIC.
Therefore if "virtualize APIC access" is clear, you should set the
vmcs02 EOI exit bitmap to the values in vmcs01, otherwise you should use
the vmcs12 bitmap.
This is more or less the
else if (!(nested_cpu_has_virt_x2apic_mode(vmcs12)) &&
cpu_need_virtualize_apic_accesses(&vmx->vcpu)) {
vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,
SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES);
kvm_vcpu_reload_apic_access_page(vcpu);
}
case of nested_get_vmcs12_pages.
Thanks,
Paolo
> However, I am a bit worry about this approach as it can cause a
> significant performance overhead for the common case of not pass-through
> L1 LAPIC to L2 for supporting this esoteric case.
