On 11/11/19 17:17, Liran Alon wrote: > If I understand you correctly, you refer to the case where L1 first enters L2 without TPR-Shadow, > then L2 lowers L1 TPR directly (which load vmx->nested.l1_tpr_threshold with value), then an > emualted exit happen from L2 to L1 which writes to vmcs01->tpr_threshold the value of > vmx->nested.l1_tpr_threshold. Then L1 enters again L2 but this time with TPR-Shadow and > prepare_vmcs02_early() doesn’t clear vmx->nested.l1_tpr_threshold which will cause next > exit from L2 to L1 to wrongly write the value of vmx->nested.l1_tpr_threshold to vmcs01->tpr_threshold. > > So yes I think you are right. Good catch. > We should move vmx->nested.l1_tpr_threshold = -1; outside of the if. > Should I send v2 or will you change on apply? I can do that too. >> Also, what happens to_vmx(vcpu)->nested.l1_tpr_threshold if the guest is >> migrated while L2 is running without TPR shadow? Perhaps it would be >> easier to just rerun update_cr8_intercept on nested_vmx_vmexit. >> > On restore of state during migration, kvm_apic_set_state() must be called which > will also request a KVM_REQ_EVENT which will make sure to call update_cr8_intercept(). > If vCPU is currently in guest-mode, this should update vmx->nested.l1_tpr_threshold. Okay, that makes sense. I was half-sure that update_cr8_intercept() would be called, but I couldn't think of the exact path. Paolo
