Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Dec 2016 23:06:01 -0800
From:      Peter Grehan <grehan@freebsd.org>
To:        "Shen, Zhuojia" <zshen10@cs.rochester.edu>
Cc:        "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>
Subject:   Re: Execute VMXON again without setting CR4.VMXE to 1
Message-ID:  <97006289-6009-d16b-ade4-b70716038d23@freebsd.org>
In-Reply-To: <MWHPR07MB31976DD2E960909F927B0A3896860@MWHPR07MB3197.namprd07.prod.outlook.com>
References:  <MWHPR07MB31976DD2E960909F927B0A3896860@MWHPR07MB3197.namprd07.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

> I believe I have found a bug in the BHyVe VMX implementation for
> Intel platform. Following is the details.
>
> In sys/amd64/vmm/intel/vmx.c, there are three functions, vmx_enable
> (line 500), vmx_disable (line 462), and vmx_restore (line 522), which
> respectively enable, disable, and restore VMX on the current
> processor. There is also a file scope integer array vmxon_enabled
> (line 122) which keeps a record whether VMX on each processor is
> enabled.
>
> I noticed that in function vmx_enable, the kernel sets CR4.VMXE to 1,
> executes the VMXON instruction, and then sets the corresponding cell
> in vmxon_enabled to 1. That is fine. However, in function
> vmx_disable, the kernel executes VMXOFF, clears CR4.VMXE back to 0,
> but does not clear the corresponding cell in vmxon_enabled back to 0.
> This will cause a problem when the function vmx_restore is called, in
> which the kernel executes VMXON again if that the corresponding cell
> in that array is 1. That is, it will execute VMXON without CR4.VMXE
> being set.
>
> Of course, that is only my understanding of the way how these
> functions will be called. If I am wrong, could anyone of you please
> advise me how this works? Thanks.

  vmx_disable is currently only called on vmm module unload, so 
vmx_restore/vmx_enable can never be called again after that.

later,

Peter.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97006289-6009-d16b-ade4-b70716038d23>