Since UMIP emulation is broken, I'm not sure why anyone would use it. (Sorry, Paolo.) On Sat, Feb 29, 2020 at 11:21 AM Jan Kiszka <jan.kiszka@xxxxxx> wrote: > > On 29.02.20 20:00, Jim Mattson wrote: > > On Sat, Feb 29, 2020 at 10:33 AM Oliver Upton <oupton@xxxxxxxxxx> wrote: > >> > >> Hi Jan, > >> > >> On Sat, Feb 29, 2020 at 10:00 AM Jan Kiszka <jan.kiszka@xxxxxx> wrote: > >>> Is this expected to cause regressions on less common workloads? > >>> Jailhouse as L1 now fails when Linux as L2 tries to boot a CPU: L2-Linux > >>> gets a triple fault on load_current_idt() in start_secondary(). Only > >>> bisected so far, didn't debug further. > >> > >> I'm guessing that Jailhouse doesn't use 'descriptor table exiting', so > >> when KVM gets the corresponding exit from L2 the emulation burden is > >> on L0. We now refuse the emulation, which kicks a #UD back to L2. I > >> can get a patch out quickly to address this case (like the PIO exiting > >> one that came in this series) but the eventual solution is to map > >> emulator intercept checks into VM-exits + call into the > >> nested_vmx_exit_reflected() plumbing. > > > > If Jailhouse doesn't use descriptor table exiting, why is L0 > > intercepting descriptor table instructions? Is this just so that L0 > > can partially emulate UMIP on hardware that doesn't support it? > > > > That seems to be the case: My host lacks umip, L1 has it. So, KVM is > intercepting descriptor table load instructions to emulate umip. > Jailhouse never activates that interception. > > Jan
