Date: Sat, 10 Dec 2016 20:01:20 +0000 From: "Shen, Zhuojia" <zshen10@cs.rochester.edu> To: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Execute VMXON again without setting CR4.VMXE to 1 Message-ID: <MWHPR07MB31976DD2E960909F927B0A3896860@MWHPR07MB3197.namprd07.prod.outlook.com>
next in thread | raw e-mail | index | archive | help
Hi All, I believe I have found a bug in the BHyVe VMX implementation for Intel plat= form. Following is the details. In sys/amd64/vmm/intel/vmx.c, there are three functions, vmx_enable (line 5= 00), vmx_disable (line 462), and vmx_restore (line 522), which respectively= enable, disable, and restore VMX on the current processor. There is also a= file scope integer array vmxon_enabled (line 122) which keeps a record whe= ther VMX on each processor is enabled. I noticed that in function vmx_enable, the kernel sets CR4.VMXE to 1, execu= tes the VMXON instruction, and then sets the corresponding cell in vmxon_en= abled to 1. That is fine. However, in function vmx_disable, the kernel exec= utes VMXOFF, clears CR4.VMXE back to 0, but does not clear the correspondin= g cell in vmxon_enabled back to 0. This will cause a problem when the funct= ion vmx_restore is called, in which the kernel executes VMXON again if that= the corresponding cell in that array is 1. That is, it will execute VMXON = without CR4.VMXE being set. Of course, that is only my understanding of the way how these functions wil= l be called. If I am wrong, could anyone of you please advise me how this w= orks? Thanks. Bests, Zhuojia Shen --- Zhuojia Shen Graduate Student Department of Computer Science University of Rochester
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MWHPR07MB31976DD2E960909F927B0A3896860>