lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241002124324.14360-1-mankku@gmail.com>
Date: Wed,  2 Oct 2024 15:42:56 +0300
From: Markku Ahvenjärvi <mankku@...il.com>
To: seanjc@...gle.com
Cc: bp@...en8.de,
	dave.hansen@...ux.intel.com,
	hpa@...or.com,
	janne.karhunen@...il.com,
	kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	mankku@...il.com,
	mingo@...hat.com,
	pbonzini@...hat.com,
	tglx@...utronix.de,
	x86@...nel.org
Subject: Re: [PATCH 1/1] KVM: nVMX: update VPPR on vmlaunch/vmresume

Hi Sean,

> On Fri, Sep 20, 2024, Markku Ahvenjärvi wrote:
> > Running certain hypervisors under KVM on VMX suffered L1 hangs after
> > launching a nested guest. The external interrupts were not processed on
> > vmlaunch/vmresume due to stale VPPR, and L2 guest would resume without
> > allowing L1 hypervisor to process the events.
> > 
> > The patch ensures VPPR to be updated when checking for pending
> > interrupts.
>
> This is architecturally incorrect, PPR isn't refreshed at VM-Enter.

I looked into this and found the following from Intel manual:

"30.1.3 PPR Virtualization

The processor performs PPR virtualization in response to the following
operations: (1) VM entry; (2) TPR virtualization; and (3) EOI virtualization.

..."

The section "27.3.2.5 Updating Non-Register State" further explains the VM
enter:

"If the “virtual-interrupt delivery” VM-execution control is 1, VM entry loads
the values of RVI and SVI from the guest interrupt-status field in the VMCS
(see Section 25.4.2). After doing so, the logical processor first causes PPR
virtualization (Section 30.1.3) and then evaluates pending virtual interrupts
(Section 30.2.1). If a virtual interrupt is recognized, it may be delivered in
VMX non-root operation immediately after VM entry (including any specified
event injection) completes; ..."

According to that, PPR is supposed to be refreshed at VM-Enter, or am I
missing something here?

Kind regards,
Markku

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ