Found while browsing Xen code: While we assume that the STI interrupt
shadow also inplies virtual NMI blocking, some processors may have a
different opinion (SDM 3: 22.3). To avoid misunderstandings that would
cause endless VM entry attempts, translate STI into MOV SS blocking when
requesting the NMI window.
Signed-off-by: Jan Kiszka <jan.kiszka@xxxxxxxxxxx>
---
arch/x86/kvm/vmx.c | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 14873b9..474f720 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2614,12 +2614,27 @@ static void enable_irq_window(struct kvm_vcpu *vcpu)
static void enable_nmi_window(struct kvm_vcpu *vcpu)
{
u32 cpu_based_vm_exec_control;
+ u32 interruptibility;
if (!cpu_has_virtual_nmis()) {
enable_irq_window(vcpu);
return;
}
+ /*
+ * SDM 3: 22.3 (June 2009)
+ * "A logical processor may also prevent such a VM exit [NMI-window
+ * exit] if there is blocking of events by STI."
+ * So better convert STI blocking into MOV SS to avoid premature VM
+ * exits that would end up in an endless loop.
+ */
+ interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO);
+ if (interruptibility & GUEST_INTR_STATE_STI) {
+ interruptibility &= ~GUEST_INTR_STATE_STI;
+ interruptibility |= GUEST_INTR_STATE_MOV_SS;
+ vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, interruptibility);
+ }
+
cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
cpu_based_vm_exec_control |= CPU_BASED_VIRTUAL_NMI_PENDING;
vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control);
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
