lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 3 Feb 2015 01:21:00 +0000
From:	"Zhang, Yang Z" <yang.z.zhang@...el.com>
To:	Paolo Bonzini <pbonzini@...hat.com>,
	Wincy Van <fanwenyi0529@...il.com>
CC:	"gleb@...nel.org" <gleb@...nel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	Wanpeng Li <wanpeng.li@...ux.intel.com>,
	Jan Kiszka <jan.kiszka@....de>
Subject: RE: [PATCH v4 6/6] KVM: nVMX: Enable nested posted interrupt
 processing

Paolo Bonzini wrote on 2015-02-03:
> 
> 
> On 02/02/2015 16:33, Wincy Van wrote:
>> static void vmx_accomp_nested_posted_intr(struct kvm_vcpu *vcpu) {
>>         struct vcpu_vmx *vmx = to_vmx(vcpu);
>>         
>>         if (is_guest_mode(vcpu) &&
>>             vmx->nested.posted_intr_nv != -1 &&
>>             pi_test_on(vmx->nested.pi_desc))
>>                 kvm_apic_set_irr(vcpu,
>>                         vmx->nested.posted_intr_nv); }
>> Then we will get an nested-vmexit in vmx_check_nested_events, that
>> posted intr will be handled by L1 immediately.
>> This mechanism will also emulate the hardware's behavior: If a
>> posted intr was not accomplished by hardware, we will get an

Actually, we cannot say "not accomplished by hardware". It more like we don't do the job well. See my below answer.

>> interrupt with POSTED_INTR_NV.
> 
> Yes.

This is not enough. From L1's point, L2 is in vmx non-root mode. So we should emulate the posted interrupt in L0 correctly, say:
1. clear ON bit
2. ack interrupt
3, syn pir to virr
4. update RVI.
Then let the hardware(virtual interrupt delivery) to accomplish interrupt injection.

Force a vmexit more like a trick. It's better to follow the hardware's behavior unless we cannot do it. 

> 
>> Would this be better?
> 
> I think you do not even need a new bit.  You can use KVM_REQ_EVENT and
> (to complete my suggestion, which was not enough) do the above in
> vmx_check_nested_events.
> 
> Paolo


Best regards,
Yang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ