RE: The necessity of injecting a hardware exception reported in VMX IDT vectoring information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Wed, Apr 5, 2023 at 11:34 AM Li, Xin3 <xin3.li@xxxxxxxxx> wrote:
> > The question is, must KVM inject a hardware exception from the IDT
> > vectoring information field? Is there any correctness issue if KVM does not?
> 
> Fault exceptions probably can be handled as you say, but traps definitely have to
> be reinjected. For example, not reinjecting a singlestep #DB would cause the
> guest to miss the exception for that instruction.

Good point, we need to inject #DB otherwise it's lost.

> > If no correctness issue, it's better to not do it, because the
> > injected event from IDT vectoring could trigger another exception,
> > i.e., a nested exception, and after the nested exception is handled,
> > the CPU resumes to re-trigger the original event, which makes not much sense
> to inject it.
> 
> (Let's use "second" exception instead of "nested" exception).
> 
> The CPU doesn't re-trigger the original event unless the second exception causes
> a vmexit and the hypervisor moves the IDT-vectored event fields to the event
> injection fields. In this case, the first exception wasn't injected at all.
> 
> If the second exception does not cause a vmexit, it is handled as usual by the
> processor (by checking if the two exceptions are benign, contributory or page
> faults). The behavior is the same even if the first exception comes from VMX
> event injection.

The case I was thinking is, both the first and the second exception don't cause
any VM exit, however the first exception triggered an EPT violation. Later
KVM injects the first exception and delivering of the first exception by the
CPU triggers the second exception, then the information about the first
KVM-injected exception is lost, and it can be re-generated once the second
exception is correctly handled.

  Xin
> 
> Paolo
> 
> > In addition, the benefits of not doing so are:
> > 1) Less code.
> > 2) Faster execution. Calling
> kvm_requeue_exception_e()/kvm_requeue_exception()
> >    consumes a few hundred cycles at least, although it's a rare case with EPT,
> >    but a lot with shadow (who cares?). And vmx_inject_exception() also has a
> >    cost.
> > 3) An IDT vectoring could trigger more than one VM exit, e.g., the first is an
> >    EPT violation, and the second a PML full, KVM needs to reinject it twice
> >    (extremely rare).
> >
> > Thanks!
> >   Xin
> >





[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux