Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 30bd0c4c authored by Avi Kivity's avatar Avi Kivity
Browse files

KVM: VMX: Disallow NMI while blocked by STI 



While not mandated by the spec, Linux relies on NMI being blocked by an
IF-enabling STI.  VMX also refuses to enter a guest in this state, at
least on some implementations.

Disallow NMI while blocked by STI by checking for the condition, and
requesting an interrupt window exit if it occurs.

Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
parent 64f638c7

arch/x86/kvm/vmx.c

+6 −1
Original line number Diff line number Diff line
@@ -2787,6 +2787,10 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu) 
		return;

	}



	if (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & GUEST_INTR_STATE_STI) {

		enable_irq_window(vcpu);

		return;

	}

	cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);

	cpu_based_vm_exec_control |= CPU_BASED_VIRTUAL_NMI_PENDING;

	vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control);
@@ -2849,7 +2853,8 @@ static int vmx_nmi_allowed(struct kvm_vcpu *vcpu) 
		return 0;



	return	!(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &

			(GUEST_INTR_STATE_MOV_SS | GUEST_INTR_STATE_NMI));

		  (GUEST_INTR_STATE_MOV_SS | GUEST_INTR_STATE_STI

		   | GUEST_INTR_STATE_NMI));

}



static bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu)