From owner-freebsd-virtualization@freebsd.org Sat Dec 10 20:01:30 2016 Return-Path: Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2914C70CE5 for ; Sat, 10 Dec 2016 20:01:30 +0000 (UTC) (envelope-from zshen10@cs.rochester.edu) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0103.outbound.protection.outlook.com [104.47.34.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 642291107 for ; Sat, 10 Dec 2016 20:01:29 +0000 (UTC) (envelope-from zshen10@cs.rochester.edu) Received: from MWHPR07MB3197.namprd07.prod.outlook.com (10.172.96.143) by MWHPR07MB3200.namprd07.prod.outlook.com (10.172.96.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.761.9; Sat, 10 Dec 2016 20:01:20 +0000 Received: from MWHPR07MB3197.namprd07.prod.outlook.com ([10.172.96.143]) by MWHPR07MB3197.namprd07.prod.outlook.com ([10.172.96.143]) with mapi id 15.01.0761.020; Sat, 10 Dec 2016 20:01:21 +0000 From: "Shen, Zhuojia" To: "freebsd-virtualization@freebsd.org" Subject: Execute VMXON again without setting CR4.VMXE to 1 Thread-Topic: Execute VMXON again without setting CR4.VMXE to 1 Thread-Index: AQHSUxsYQ5EC4zJOCE6bHVqnTeXTpw== Date: Sat, 10 Dec 2016 20:01:20 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=zshen10@cs.rochester.edu; x-originating-ip: [25.173.33.132] x-ms-office365-filtering-correlation-id: 9c530daa-e4b2-4d7b-ea38-08d421374fbb x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:MWHPR07MB3200; x-microsoft-exchange-diagnostics: 1; MWHPR07MB3200; 7:667jCuxL9v7lGb9Ij0XtpDOtgkuoBY2teA9gMpyjCV+CdHRyRI0w48ILfrnEMF1u8+FdN6YEh2F6an253aJD6KLuLFpQdV1fjx8j+/bonYtoHGxD2lBGskFKjvROrqtlba3Ml7mpmlZ+ONoGFQrP0OYI2AQKwd7U0CVGIiBQfTViCNKdtxE4BQyYl37IvwAcrapvZGFE04KSfTaxeFKr3UauhuPhrDhkpD2xolK2/WSGPqNirFQLA1mu8Mr90VXf719nitEU/+4nPRsfkr4Id5hxlkjmjiVntKvd450fBKt7WlFy6Wil8rg8+utJMecFF8+jnrkPLJ2BXI7ZOylNuije4S1fI/YKlcdRO3hJEEZnw7wvIsnmmTo2K7pNnRBem5zRhIWPnMUYijVay9lxiPQz6h1Nngza4gF2LDsS7F7hY7AgNVrZjVkE+PX/ueJcNOd76EQkMjYY6Lg0xu0vMw== x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6041248)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(6072148); SRVR:MWHPR07MB3200; BCL:0; PCL:0; RULEID:; SRVR:MWHPR07MB3200; x-forefront-prvs: 0152EBA40F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39840400002)(39850400002)(39450400003)(39410400002)(53754006)(199003)(189002)(19627405001)(106356001)(8936002)(106116001)(77096006)(122556002)(105586002)(99286002)(86362001)(97736004)(102836003)(3846002)(6116002)(38730400001)(2900100001)(6436002)(2501003)(92566002)(66066001)(6506006)(75432002)(5640700002)(68736007)(189998001)(7736002)(7696004)(54356999)(6916009)(110136003)(42882006)(9686002)(74316002)(107886002)(3280700002)(101416001)(3660700001)(5660300001)(450100001)(6606003)(33656002)(88552002)(8676002)(2906002)(50986999)(81156014)(76576001)(81166006)(89122001)(2351001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR07MB3200; H:MWHPR07MB3197.namprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: cs.rochester.edu does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: cs.rochester.edu X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Dec 2016 20:01:20.8023 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 374e17f4-cf11-4ce2-b3ef-5de76bf4ce41 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR07MB3200 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Dec 2016 20:01:30 -0000 Hi All, I believe I have found a bug in the BHyVe VMX implementation for Intel plat= form. Following is the details. In sys/amd64/vmm/intel/vmx.c, there are three functions, vmx_enable (line 5= 00), vmx_disable (line 462), and vmx_restore (line 522), which respectively= enable, disable, and restore VMX on the current processor. There is also a= file scope integer array vmxon_enabled (line 122) which keeps a record whe= ther VMX on each processor is enabled. I noticed that in function vmx_enable, the kernel sets CR4.VMXE to 1, execu= tes the VMXON instruction, and then sets the corresponding cell in vmxon_en= abled to 1. That is fine. However, in function vmx_disable, the kernel exec= utes VMXOFF, clears CR4.VMXE back to 0, but does not clear the correspondin= g cell in vmxon_enabled back to 0. This will cause a problem when the funct= ion vmx_restore is called, in which the kernel executes VMXON again if that= the corresponding cell in that array is 1. That is, it will execute VMXON = without CR4.VMXE being set. Of course, that is only my understanding of the way how these functions wil= l be called. If I am wrong, could anyone of you please advise me how this w= orks? Thanks. Bests, Zhuojia Shen --- Zhuojia Shen Graduate Student Department of Computer Science University of Rochester