On 28/11/17 13:14, Paolo Bonzini wrote:
On 28/11/2017 05:55, Jim Mattson wrote:
kvm_queue_interrupt() begins as follows:
vcpu->arch.interrupt.pending = true;
kvm_cpu_has_interrupt() begins as follows:
if (!lapic_in_kernel(v))
return v->arch.interrupt.pending;
In the referenced [patch 2/8], you change interrupt.pending to
interrupt.injected, but the same field is still referenced by these
two functions.
We cannot remove the !lapic_in_kernel(v) case, but it's okay if we
restrict nested VMX/SVM in CPUID when it is disabled (that is, check for
!lapic_in_kernel in nested_svm_check_permissions and nested_vmx_allowed,
so that setting VMXE and SVME will fail).
I agree with this suggestion.
I think it is best to currently make a commit before ("[PATCH v2 2/8]
KVM: x86: Rename interrupt.pending to interrupt.injected"), that will
add FIXME comments in kvm_cpu_has_interrupt() &
kvm_cpu_has_injectable_intr() specifying why it is problematic that they
use interrupt.pending in nVMX/nSVM scenarios and in addition put the
above checks Paolo mentioned in nested_svm_check_permissions() and
nested_vmx_allowed().
Regards,
-Liran
Thanks,
Paolo
