[v2] x86: svm: Always clear event_inj on vmexit

Message ID	4C05FEEA.20909@web.de
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Message-ID: <4C05FEEA.20909@web.de> Date: Wed, 02 Jun 2010 08:49:14 +0200 From: Jan Kiszka <jan.kiszka@web.de> User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Erik van der Kouwe <vdkouwe@cs.vu.nl> References: <4C05479E.3010705@siemens.com> <4C056F16.8000906@cs.vu.nl> In-Reply-To: <4C056F16.8000906@cs.vu.nl> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig29C956848C79664098EF6B1A" Cc: Joerg Roedel <joerg.roedel@amd.com>, qemu-devel <qemu-devel@nongnu.org>, Gleb Natapov <gleb@redhat.com> Subject: [Qemu-devel] [PATCH v2] x86: svm: Always clear event_inj on vmexit Precedence: list Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

4C05FEEA.20909@web.de

State

New

Headers

Message-ID: <4C05FEEA.20909@web.de>
Date: Wed, 02 Jun 2010 08:49:14 +0200
From: Jan Kiszka <jan.kiszka@web.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de;
	rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12
	Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Erik van der Kouwe <vdkouwe@cs.vu.nl>
References: <4C05479E.3010705@siemens.com> <4C056F16.8000906@cs.vu.nl>
In-Reply-To: <4C056F16.8000906@cs.vu.nl>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig29C956848C79664098EF6B1A"
Cc: Joerg Roedel <joerg.roedel@amd.com>, qemu-devel <qemu-devel@nongnu.org>, 
	Gleb Natapov <gleb@redhat.com>
Subject: [Qemu-devel] [PATCH v2] x86: svm: Always clear event_inj on vmexit
Precedence: list
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Jan Kiszka June 2, 2010, 6:49 a.m. UTC

Erik van der Kouwe wrote:
> Hi,
> 
>> We currently only clear SVM_EVTINJ_VALID after successful interrupt
>> delivery. This apparently does not match real hardware which clears the
>> whole event_inj field on every vmexit, including unsuccessful interrupt
>> delivery.
> 
> Thanks for the patch. It is a bit hard for me to test right now as I
> messed up my test setup, but I will do so ASAP and let you know.
> 
> However, I'm worried that this patch may introduce a new problem (I may
> be mistaken though). There is still this code to load the exit interrupt
> info:
> 
> stl_phys(env->vm_vmcb + offsetof(struct vmcb,
>   control.exit_int_info_err),
>   ldl_phys(env->vm_vmcb + offsetof(struct vmcb,
>   control.event_inj_err)));
> 
> Now that event_inj is no longer loaded, won't this mean that
> exit_int_info and exit_int_info_err also won't be loaded?

Sorry, can't follow this ATM. But maybe you mean this: there is indeed a
problem with removing the clearance of event_inj.invalid as it may be
later on transferred into exit_int_info. And if we succeed with
injecting the event, that field must not remaind valid.

OK, here is v2:

------->

From: Jan Kiszka <jan.kiszka@siemens.com>

We currently only clear SVM_EVTINJ_VALID after successful interrupt
delivery. This apparently does not match real hardware which clears the
whole event_inj field on every vmexit, including unsuccessful interrupt
delivery.

Reported-by: Erik van der Kouwe <vdkouwe@cs.vu.nl>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 target-i386/op_helper.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

Comments

Erik van der Kouwe June 2, 2010, 7:19 a.m. UTC | #1

Hi,

> Sorry, can't follow this ATM. But maybe you mean this: there is indeed a
> problem with removing the clearance of event_inj.invalid as it may be
> later on transferred into exit_int_info. And if we succeed with
> injecting the event, that field must not remaind valid.

Correct.

> OK, here is v2:

I tested this and AFAICS this one works fine and fixes the problem.

Thanks,
Erik

Aurelien Jarno June 30, 2010, 7 p.m. UTC | #2

On Wed, Jun 02, 2010 at 08:49:14AM +0200, Jan Kiszka wrote:
> Erik van der Kouwe wrote:
> > Hi,
> > 
> >> We currently only clear SVM_EVTINJ_VALID after successful interrupt
> >> delivery. This apparently does not match real hardware which clears the
> >> whole event_inj field on every vmexit, including unsuccessful interrupt
> >> delivery.
> > 
> > Thanks for the patch. It is a bit hard for me to test right now as I
> > messed up my test setup, but I will do so ASAP and let you know.
> > 
> > However, I'm worried that this patch may introduce a new problem (I may
> > be mistaken though). There is still this code to load the exit interrupt
> > info:
> > 
> > stl_phys(env->vm_vmcb + offsetof(struct vmcb,
> >   control.exit_int_info_err),
> >   ldl_phys(env->vm_vmcb + offsetof(struct vmcb,
> >   control.event_inj_err)));
> > 
> > Now that event_inj is no longer loaded, won't this mean that
> > exit_int_info and exit_int_info_err also won't be loaded?
> 
> Sorry, can't follow this ATM. But maybe you mean this: there is indeed a
> problem with removing the clearance of event_inj.invalid as it may be
> later on transferred into exit_int_info. And if we succeed with
> injecting the event, that field must not remaind valid.
> 
> OK, here is v2:
> 
> ------->
> 
> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> We currently only clear SVM_EVTINJ_VALID after successful interrupt
> delivery. This apparently does not match real hardware which clears the
> whole event_inj field on every vmexit, including unsuccessful interrupt
> delivery.
> 
> Reported-by: Erik van der Kouwe <vdkouwe@cs.vu.nl>
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
>  target-i386/op_helper.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)

Thanks, applied.

> diff --git a/target-i386/op_helper.c b/target-i386/op_helper.c
> index dcbdfe7..52e8910 100644
> --- a/target-i386/op_helper.c
> +++ b/target-i386/op_helper.c
> @@ -5388,6 +5388,7 @@ void helper_vmexit(uint32_t exit_code, uint64_t exit_info_1)
>               ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj)));
>      stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_int_info_err),
>               ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err)));
> +    stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj), 0);
>  
>      env->hflags2 &= ~HF2_GIF_MASK;
>      /* FIXME: Resets the current ASID register to zero (host ASID). */
> -- 
> 1.6.0.2
>

diff --git a/target-i386/op_helper.c b/target-i386/op_helper.c
index dcbdfe7..52e8910 100644
--- a/target-i386/op_helper.c
+++ b/target-i386/op_helper.c
@@ -5388,6 +5388,7 @@  void helper_vmexit(uint32_t exit_code, uint64_t exit_info_1)
              ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj)));
     stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_int_info_err),
              ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err)));
+    stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj), 0);
 
     env->hflags2 &= ~HF2_GIF_MASK;
     /* FIXME: Resets the current ASID register to zero (host ASID). */

[v2] x86: svm: Always clear event_inj on vmexit

Commit Message

Comments

Patch