2022-11-17 15:01:32

by Maxim Levitsky

Subject: [PATCH 12/13] KVM: nSVM: emulate VMEXIT_INVALID case for nested VNMI

From: Santosh Shukla <[email protected]>

If NMI virtualization enabled and NMI_INTERCEPT is unset then next vm
entry will exit with #INVALID exit reason.

In order to emulate above (VMEXIT(#INVALID)) scenario for nested
environment, extending check for V_NMI_ENABLE, NMI_INTERCEPT bit in func
__nested_vmcb_check_controls.

Signed-off-by: Santosh Shukla <[email protected]>
Reviewed-by: Maxim Levitsky <[email protected]>
---
arch/x86/kvm/svm/nested.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index c9fcdd691bb5a1..3ef7e1971a4709 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -275,6 +275,11 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl)))
return false;

+ if (CC((control->int_ctl & V_NMI_ENABLE) &&
+ !vmcb12_is_intercept(control, INTERCEPT_NMI))) {
+ return false;
+ }
+
return true;
}

--
2.34.3

2022-11-17 20:54:13

by Sean Christopherson

Subject: Re: [PATCH 12/13] KVM: nSVM: emulate VMEXIT_INVALID case for nested VNMI

On Thu, Nov 17, 2022, Maxim Levitsky wrote:
> From: Santosh Shukla <[email protected]>
>
> If NMI virtualization enabled and NMI_INTERCEPT is unset then next vm
> entry will exit with #INVALID exit reason.
>
> In order to emulate above (VMEXIT(#INVALID)) scenario for nested
> environment, extending check for V_NMI_ENABLE, NMI_INTERCEPT bit in func
> __nested_vmcb_check_controls.

This belongs in the previous patch, no? I don't see how this isn't just a
natural part of supporting nested vNMI.

> Signed-off-by: Santosh Shukla <[email protected]>
> Reviewed-by: Maxim Levitsky <[email protected]>
> ---
> arch/x86/kvm/svm/nested.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index c9fcdd691bb5a1..3ef7e1971a4709 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -275,6 +275,11 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
> if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl)))
> return false;
>
> + if (CC((control->int_ctl & V_NMI_ENABLE) &&
> + !vmcb12_is_intercept(control, INTERCEPT_NMI))) {

Alignment is off by one:

if (CC((control->int_ctl & V_NMI_ENABLE) &&
!vmcb12_is_intercept(control, INTERCEPT_NMI))) {
return false;
}

> + return false;
> + }
> +
> return true;
> }
>
> --
> 2.34.3
>