| Message ID | 20191224153247.48228-1-roger.pau@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/vvmx: virtualize x2APIC mode and APIC accesses can't both be enabled | expand |
On 24/12/2019 15:32, Roger Pau Monne wrote: > According to the Intel SDM, "virtualize x2APIC mode" and "virtualize > APIC accesses" can't be enabled at the same time, or else a > vm{launch/entry} failure will happen. This was seen when running Xen > nested and with x2APIC enabled: > > Dec 23 20:06:54.444025 (XEN) d3v0 VMLAUNCH error: 0x7 > [...] > Dec 23 20:08:33.004078 (XEN) *** Control State *** > Dec 23 20:08:33.004086 (XEN) PinBased=0000003f CPUBased=b6a075fe SecondaryExec=000014fb > [...] > > Fix this by making sure nvmx_update_secondary_exec_control clears the > incompatible bits from the host vmcs before merging it with the nested > vmcs. > > This fixes a regression reported by osstest in the > test-amd64-amd64-qemuu-nested-intel job. > > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> > --- > xen/arch/x86/hvm/vmx/vvmx.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c > index 5dd00e11b5..d8ab167d62 100644 > --- a/xen/arch/x86/hvm/vmx/vvmx.c > +++ b/xen/arch/x86/hvm/vmx/vvmx.c > @@ -594,6 +594,7 @@ void nvmx_update_secondary_exec_control(struct vcpu *v, > u32 shadow_cntrl; > struct nestedvmx *nvmx = &vcpu_2_nvmx(v); > u32 apicv_bit = SECONDARY_EXEC_APIC_REGISTER_VIRT | > + SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY; > > host_cntrl &= ~apicv_bit;
On 24.12.2019 16:32, Roger Pau Monne wrote: > According to the Intel SDM, "virtualize x2APIC mode" and "virtualize > APIC accesses" can't be enabled at the same time, or else a > vm{launch/entry} failure will happen. This was seen when running Xen > nested and with x2APIC enabled: > > Dec 23 20:06:54.444025 (XEN) d3v0 VMLAUNCH error: 0x7 > [...] > Dec 23 20:08:33.004078 (XEN) *** Control State *** > Dec 23 20:08:33.004086 (XEN) PinBased=0000003f CPUBased=b6a075fe SecondaryExec=000014fb > [...] > > Fix this by making sure nvmx_update_secondary_exec_control clears the > incompatible bits from the host vmcs before merging it with the nested > vmcs. > > This fixes a regression reported by osstest in the > test-amd64-amd64-qemuu-nested-intel job. It would surely have been nice to include a reference to the offending commit, despite the bug having been latently there before. Jan
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index 5dd00e11b5..d8ab167d62 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -594,6 +594,7 @@ void nvmx_update_secondary_exec_control(struct vcpu *v, u32 shadow_cntrl; struct nestedvmx *nvmx = &vcpu_2_nvmx(v); u32 apicv_bit = SECONDARY_EXEC_APIC_REGISTER_VIRT | + SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY; host_cntrl &= ~apicv_bit;
According to the Intel SDM, "virtualize x2APIC mode" and "virtualize APIC accesses" can't be enabled at the same time, or else a vm{launch/entry} failure will happen. This was seen when running Xen nested and with x2APIC enabled: Dec 23 20:06:54.444025 (XEN) d3v0 VMLAUNCH error: 0x7 [...] Dec 23 20:08:33.004078 (XEN) *** Control State *** Dec 23 20:08:33.004086 (XEN) PinBased=0000003f CPUBased=b6a075fe SecondaryExec=000014fb [...] Fix this by making sure nvmx_update_secondary_exec_control clears the incompatible bits from the host vmcs before merging it with the nested vmcs. This fixes a regression reported by osstest in the test-amd64-amd64-qemuu-nested-intel job. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- xen/arch/x86/hvm/vmx/vvmx.c | 1 + 1 file changed, 1 insertion(+)