[PATCH 00/13] SVM: vNMI (with my fixes)

From: Maxim Levitsky
Date: Thu Nov 17 2022 - 09:34:12 EST


Hi!

This is the vNMI patch series from Santosh Shukla with few
small fixes from me:

1. When a vNMI injection is pending, then to allow to not
delay for an unbounded time the injection of another NMI that could
arrive before the first vNMI injection is done, I added the code
that would intercept IRET/RSM/STGI and then try the injection again.

2. I slighlty modified the 'KVM: SVM: Add VNMI support in get/set_nmi_mask'
to have WARN_ON in vNMI functions when called without vNMI enabled.
Also NMI mask/unmask should be allowed regardless if SMM is active,
to support migration.

3. I did some refactoring in the code which updates the int_ctl in vmcb12
on nested VM exit, and updated the patch 'KVM: nSVM: implement nested VNMI'
to use this.

4. I added my reviewed-by to all the patches which I didn't change.

I only tested this on a machine which doesn't have vNMI, so this does need
some testing to ensure that nothing is broken.

Another thing I haven't looked at in depth yet is migration, I think there is a bug
because with vNMI, now in practise we can have 2 NMIs injected to the guest,
one in service, one 'pending injection' but no longer pending from KVM point of view,
and the KVM doesn't take this in account in kvm_vcpu_ioctl_x86_get_vcpu_events,a
and maybe more.

Best regards,
Maxim Levitsky

Maxim Levitsky (5):
KVM: nSVM: don't sync back tlb_ctl on nested VM exit
KVM: nSVM: don't call nested_sync_control_from_vmcb02 on each VM exit
KVM: nSVM: rename nested_sync_control_from_vmcb02 to
nested_sync_int_ctl_from_vmcb02
KVM: nSVM: clean up copying of int_ctl fields back to vmcb01/vmcb12
KVM: SVM: allow NMI window with vNMI

Santosh Shukla (8):
x86/cpu: Add CPUID feature bit for VNMI
KVM: SVM: Add VNMI bit definition
KVM: SVM: Add VNMI support in get/set_nmi_mask
KVM: SVM: Report NMI not allowed when Guest busy handling VNMI
KVM: SVM: Add VNMI support in inject_nmi
KVM: nSVM: implement nested VNMI
KVM: nSVM: emulate VMEXIT_INVALID case for nested VNMI
KVM: SVM: Enable VNMI feature

arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/svm.h | 7 +++
arch/x86/kvm/svm/nested.c | 84 +++++++++++++++++++++---------
arch/x86/kvm/svm/svm.c | 60 ++++++++++++++++++---
arch/x86/kvm/svm/svm.h | 70 ++++++++++++++++++++++++-
5 files changed, 189 insertions(+), 33 deletions(-)

--
2.34.3