[0/2,v2] KVM: nVMX: Defer error from VM-entry MSR-load area to until after hardware verifies VMCS guest state-area
mbox series

Message ID 20191015000446.8099-1-krish.sadhukhan@oracle.com
Headers show
Series
  • KVM: nVMX: Defer error from VM-entry MSR-load area to until after hardware verifies VMCS guest state-area
Related show

Message

Krish Sadhukhan Oct. 15, 2019, 12:04 a.m. UTC
v1 -> v2:
        1. In patch# 1, the invalid VM-entry MSR-load area for vmcs02 is 
           now a system-wide entity. It is allocated and initialized 
           during VMX initialization. The exit qualification is now
           contained in a 32-bit variable in 'struct nested_vmx'.
        2. Patch# 2 is new. It rolls back MSR updates when VM-entry
           fails due to invalid VM-entry MSR-load area.


Some VM-entry checks can be offloaded from KVM to hardware. But if we want to
do that, the current implementation of KVM creates a priority issue where the
order in which VM-entry checks need to be performed according to the SDM, is
not maintained. VM-entry fails in nested_vmx_enter_non_root_mode() if an error
is encountered while processing the entries in VM-entry MSR-load area. This
leads to VM-exit due to a VM-entry check that is supposed to be done after
any guest-state checks done in hardware. This patch fixes this priority issue
so that checks that can be offloaded to hardware can now be offloaded.


[PATCH 1/2 v2] nVMX: Defer error from VM-entry MSR-load area to until
[PATCH 2/2 v2] nVMX: Rollback MSR-load if VM-entry fails due to VM-entry

 arch/x86/kvm/vmx/nested.c | 84 +++++++++++++++++++++++++++++++++++++++++++----
 arch/x86/kvm/vmx/nested.h | 29 ++++++++++++++--
 arch/x86/kvm/vmx/vmx.c    | 18 ++++++++++
 arch/x86/kvm/vmx/vmx.h    | 14 ++++++++
 4 files changed, 136 insertions(+), 9 deletions(-)

Krish Sadhukhan (2):
      nVMX: Defer error from VM-entry MSR-load area to until after hardware verifies VMCS guest state-area
      nVMX: Rollback MSR-load if VM-entry fails due to VM-entry MSR-loading