[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] nestedsvm: Clear GIF when injecting VMEXIT
- To: Teddy Astie <teddy.astie@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
- Date: Thu, 7 May 2026 13:58:53 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/fE1ndgcG6sObWdvpqSARqeoeNhyfQzanNO6vhQPI4k=; b=mBeRv3NaZ8SmX8l3rNxlh/BltXn5VVBgxaCpmaEPu4r6F/GPBcCkhPoIUFqQmtRogyCRnOYLvIAGLrs+dZtRAJka4Sw2ycu0Qv3yoIAfDXHbdA2nD8n6kOTYLKc4rtWAF/WqAfEMCl/xFFJmiTzLP4HFmQjtQtvXmxIFI61T2d+peUQSCvw4Wg2LKnc7hWmdLkoNYZ9oqZXUpZxlyuyvRFE1wWfu87PTkzu5/n7X8lm7mEgC6WBb7Lh/HsDrkgq+a+n3PK1b+4J9RgI0va3rUVtdINidbpWd+QFVMHMf3kKl8pqUD1bgGGg+owo7hRgOJTU27ynOw/FRDBJuXZUAfg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dw52WRgRlWYJv8nmjnmBNLG0/13yTXiURKZFlXtZnJmwUnKeksff7kh5/s3hfYqzPDCSauVkbGb5AuWMoc/zF+pOnOvtpKI4vZ0SaEj03QUr5lRCjLMGYvWvmEFUpSA+u1cz451T7aOdZMTY3uJFEiQbkecd/FgAiKJqrH7wUEIYymebPUVqOlcAGyuk43h0lycqPEnlnJ50I5VCCcF47FbzlwB1BMIP/HVCmtc/VPfzqlLbCDgN1iP923/yCeQhDxuUHrEDv7Dxab9V71y2zXqZ2ELq5r6yb8cdVJVxXQVgNvZUVT8QDUm0i3oiqHGM+S5nFqIfDNKVHza0MDHHlg==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>
- Delivery-date: Thu, 07 May 2026 12:59:18 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 4/29/26 5:54 PM, Teddy Astie wrote:
Le 23/04/2026 à 18:13, Ross Lagerwall a écrit :
If L1 executes VMRUN with the GIF set and it fails consistency checks,
Xen will inject a VMEXIT and fail the assert checking the GIF is cleared.
Instead, clear the GIF when injecting a VMEXIT to match what hardware
does.
Fixes: 9a779e4fc161 ("Implement SVM specific part for Nested Virtualization")
Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
---
xen/arch/x86/hvm/svm/nestedsvm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c
index ef6fa5d23b67..f89b087a1155 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -733,9 +733,9 @@ nsvm_vcpu_vmexit_inject(struct vcpu *v, struct
cpu_user_regs *regs,
struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb;
if ( vmcb->_vintr.fields.vgif_enable )
- ASSERT(vmcb->_vintr.fields.vgif == 0);
+ vmcb->_vintr.fields.vgif = 0;
else
- ASSERT(svm->ns_gif == 0);
+ nestedsvm_vcpu_clgi(v);
ns_vmcb = nv->nv_vvmcx;
Looks good to me, though I think we are here looking to make a "guest
CLGI" (clear GIF), so the vGIF specific logic should be collapsed into
nestedsvm_vcpu_clgi() instead of having it as the non-vgif-support case.
(as IIUC, vGIF is a hardware accelration for nested GIF handling ?)
Not 100% sure I follow your point here but v2 of this series removes
nestedsvm_vcpu_clgi() entirely. Does that address your concern?
(also making me notice that svm_vmexit_do_{stgi,clgi}() seems to lack
vGIF specific logic)
Isn't that by design? If vGIF is enabled the hardware should handle
STGI/CLGI without a VMEXIT.
Ross
|
