Re: [PATCH v2 1/5] KVM: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control EFLAGS.IF

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/13/21 14:07, Maxim Levitsky wrote:

Right, another case is when CLGI is not trapped and the guest therefore
runs with GIF=0.  I think that means that a similar change has to be
done in all the *_allowed functions.


I think that SVM sets real GIF to 1 on VMentry regardless if it is trapped or not.


Yes, the issue is only when CLGI is not trapped (and vGIF is disabled).


However if not trapped, and neither EFLAGS.IF is trapped, one could enter a guest
that has EFLAGS.IF == 0, then the guest could disable GIF, enable EFLAGS.IF,
and then enable GIF, but then GIF enablement should trigger out interrupt window
VINTR as well.
While GIF=0 you have svm_nmi_blocked returning true and svm_nmi_allowed returning -EBUSY; that's wrong isn't it? 

Paolo
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux