Re: [PATCH v3] KVM: nVMX: Fix incorrect preemption timer vmexit in nested guest
From: Wanpeng Li
Date: Wed Jul 06 2016 - 23:55:26 EST
2016-07-07 1:11 GMT+08:00 Paolo Bonzini <pbonzini@xxxxxxxxxx>:
>
>
> On 06/07/2016 18:03, Haozhong Zhang wrote:
>>>> This patch also fixed the crash of L1 Xen with L2 HVM guest. Xen does
>>>> not enable preemption timer for HVM guests, and will get panic if it
>>>> receives a preemption timer vmexit.
>>>
>>> Thanks! I'm still not sure why the bit is set in the vmcs02 though...
>>
>> Yes, it looks really weird.
>>
>> I replaced "return false" in Wanpeng's patch by
>>
>> pr_info("VMCS: preemption timer enabled = %d\n",
>> !!(vmcs_read32(PIN_BASED_VM_EXEC_CONTROL) & PIN_BASED_VMX_PREEMPTION_TIMER));
>>
>> and redid my test. As expected, L1 Xen crashed due to the unexpected
>> preemption timer vmexit. I got a log from above statement just before crash:
>>
>> VMCS: preemption timer enabled = 1
>>
>> which is expected to be 0, because preemption timer is disabled in
>> vmcs02. I also modified L1 Xen to dump VMCS at crash, and it says
>> preemption timer is disabled.
>>
>> I noticed Jim Mattson recently sent a patch "KVM: nVMX: Fix memory
>> corruption when using VMCS shadowing" to fix the inconsistency between
>> vmcs12 and its shadow. Is it relevant here? I'll test his patch
>> tomorrow.
>
> No, it shouldn't have any effect.
>
> I think it happens when the post_block hook switches back from sw_timer
Please review my another patch 'KVM: nVMX: Fix preemption timer bit
set in vmcs02 even if L1 doesn't enable it', which can fix the vmcs02
bit set.
> to hv_timer, and L2 is running. So the right fix should be along the
> lines of what I posted earlier. If you don't beat me to it, I'll take
> another look tomorrow.
Maybe you can continue "L1 TSC deadline timer to trigger while L2 is
running" work based on my two bugfixes, however, your patch is still
calltrace on top of my two fixes.
Regards,
Wanpeng Li