On Thu, Nov 17, 2022, Maxim Levitsky wrote: > From: Santosh Shukla <santosh.shukla@xxxxxxx> > > Inject the NMI by setting V_NMI in the VMCB interrupt control. processor > will clear V_NMI to acknowledge processing has started and will keep the > V_NMI_MASK set until the processor is done with processing the NMI event. > > Also, handle the nmi_l1_to_l2 case such that when it is true then > NMI to be injected originally comes from L1's VMCB12 EVENTINJ field. > So adding a check for that case. > > Signed-off-by: Santosh Shukla <santosh.shukla@xxxxxxx> > Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx> > --- > arch/x86/kvm/svm/svm.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index eaa30f8ace518d..9ebfbd0d4b467e 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -3479,7 +3479,14 @@ static void pre_svm_run(struct kvm_vcpu *vcpu) > static void svm_inject_nmi(struct kvm_vcpu *vcpu) > { > struct vcpu_svm *svm = to_svm(vcpu); > + struct vmcb *vmcb = NULL; As written, no need to initialize vmcb. Might be a moot point depending on the final form of the code. > + if (is_vnmi_enabled(svm) && !svm->nmi_l1_to_l2) { Checking nmi_l1_to_l2 is wrong. KVM should directly re-inject any NMI that was already recognized by hardware, not just those that were originally injected by L1. If another event comes along, e.g. SMI, because an event (NMI) is already injected, KVM will send a hardware IRQ to interrupt the guest and forcea a VM-Exit so that the SMI can be injected. If hardware does the (IMO) sane thing and prioritizes "real" IRQs over virtual NMIs, the IRQ VM-Exit will occur before the virtual NMI is processed and KVM will incorrectly service the SMI before the NMI. I believe the correct way to handle this is to add a @reinjected param to ->inject_nmi(), a la ->inject_irq(). That would also allow adding a sanity check that KVM never attempts to inject an NMI into L2 if NMIs are supposed to trigger VM-Exit. This is the least ugly code I could come up with. Note, if vNMI is enabled, hardare sets V_NMI_MASKED if an NMI is injected through event_inj. static void svm_inject_nmi(struct kvm_vcpu *vcpu, bool reinjected) { struct vcpu_svm *svm = to_svm(vcpu); /* * Except for re-injection, KVM should never inject an NMI into L2 if * NMIs are supposed to exit from L2 to L1. */ WARN_ON_ONCE(!reinjected && is_guest_mode(vcpu) && nested_exit_on_nmi(svm)); if (is_vnmi_enabled(svm)) { if (!reinjected) svm->vmcb->control.int_ctl |= V_NMI_PENDING; else svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; ++vcpu->stat.nmi_injections; return; } svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; if (svm->nmi_l1_to_l2) return; vcpu->arch.hflags |= HF_NMI_MASK; if (!sev_es_guest(vcpu->kvm)) svm_set_intercept(svm, INTERCEPT_IRET); ++vcpu->stat.nmi_injections; }