| Message ID | CAN+hb0U+zdVGrcvqaxBPtAa1enXwO1V-Gmexkz4R3YhKVCbrMQ@mail.gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 2015-04-16 18:41, Benjamin Serebrin wrote: > The host's decision to enable machine check exceptions should remain > in force during non-root mode. KVM was writing 0 to cr4 on VCPU reset > and passed a slightly-modified 0 to the vmcs.guest_cr4 value. > > Tested: Built. > On earlier version, tested by injecting machine check while a guest is spinning. > Before the change, if guest CR4.MCE==0, then the machine check is > escalated to Catastrophic Error (CATERR) and the machine dies. > If guest CR4.MCE==1, then the machine check causes VMEXIT and is > handled normally by host Linux. After the change, injecting a machine > check causes normal Linux machine check handling. > > Signed-off-by: Ben Serebrin <serebrin@google.com> > --- > arch/x86/kvm/vmx.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index f5e8dce..f7b6168 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -3622,8 +3622,16 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, > unsigned long cr3) > > static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) > { > - unsigned long hw_cr4 = cr4 | (to_vmx(vcpu)->rmode.vm86_active ? > - KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON); > + /* > + * Pass through host's Machine Check Enable value to hw_cr4, which > + * is in force while we are in guest mode. Do not let guests control > + * this bit, even if host CR4.MCE == 0. > + */ > + unsigned long hw_cr4 = > + (cr4_read_shadow() & X86_CR4_MCE) | > + (cr4 & ~X86_CR4_MCE) | > + (to_vmx(vcpu)->rmode.vm86_active ? > + KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON); You lost most of your whitespaces - in the webmailer? ;) Jan > > if (cr4 & X86_CR4_VMXE) { > /* >
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index f5e8dce..f7b6168 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3622,8 +3622,16 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) { - unsigned long hw_cr4 = cr4 | (to_vmx(vcpu)->rmode.vm86_active ? - KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON); + /* + * Pass through host's Machine Check Enable value to hw_cr4, which + * is in force while we are in guest mode. Do not let guests control + * this bit, even if host CR4.MCE == 0. + */ + unsigned long hw_cr4 = + (cr4_read_shadow() & X86_CR4_MCE) | + (cr4 & ~X86_CR4_MCE) | + (to_vmx(vcpu)->rmode.vm86_active ? + KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON); if (cr4 & X86_CR4_VMXE) {
The host's decision to enable machine check exceptions should remain in force during non-root mode. KVM was writing 0 to cr4 on VCPU reset and passed a slightly-modified 0 to the vmcs.guest_cr4 value. Tested: Built. On earlier version, tested by injecting machine check while a guest is spinning. Before the change, if guest CR4.MCE==0, then the machine check is escalated to Catastrophic Error (CATERR) and the machine dies. If guest CR4.MCE==1, then the machine check causes VMEXIT and is handled normally by host Linux. After the change, injecting a machine check causes normal Linux machine check handling. Signed-off-by: Ben Serebrin <serebrin@google.com> --- arch/x86/kvm/vmx.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) /* -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html