Hello,
As part of my research, I’ve been looking to modify Jailhouse slightly to take
advantage of the preemption timer provided by VMX for Intel x86-64. I know
Jailhouse already uses it, but I was hoping to also use it to have the root
cell periodically “check up” on the inmate (the intended use case of the
preemption timer). I guess it’s similar to this topic, but for x86, not arm:
https://groups.google.com/d/topic/jailhouse-dev/F074sQtFvao/discussion
Reading the 2014 LWN Jailhouse article, I found this paragraph:
“Currently, NMIs can only come from the hypervisor itself which uses them to
control CPUs... When NMI occurs in VM, it exits and Jailhouse re-throws NMI in
host mode. The CPU dispatches it through the host IDT... It schedules another
VM exit using VMX feature known as preemption timer. vmcs_setup() sets this
timer to zero, so if it is enabled, VM exit occurs immediately after VM entry.
The reason behind this indirection is serialization: this way, NMIs (which are
asynchronous by nature) are always delivered after guest entries (VM entry).”
So I have a few questions about this:
* What does ‘serializing NMIs’ mean?
* Why is that important?
* How does Jailhouse reinject/deliver the NMI to the guest?
This is my current understanding of the code:
1) NMI occurs in guest, causing a VM exit.
2) vm_exit --> vcpu_handle_exit() --> vmx_handle_exception_nmi()
3) asm volatile("int %0" : : "i" (NMI_VECTOR));
4) nmi_entry --> vcpu_nmi_handler() --> enable preemption timer
5) vcpu_nmi_handler() returns
6) nmi_entry returns
7) vmx_check_events() --> disable preemption timer, x86_check_events()
8) vmx_check_events() returns
9) vmx_handle_exception_nmi() returns
10) vcpu_handle_exit() returns, (triggering a VM entry?)
There must be a VM entry somehow between steps 4 and 7, or else the preemption
timer would continue to be disabled after step 10 and would never trigger (but
it does). So where is the VM entry?
Also, I don’t understand how this serializes the NMI, because I don’t see how
the host delivers the NMI interrupt to the guest. Steps 2-10 are all on the
host, correct?
Thanks for the help,
-Michael
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/87722b75-7f3a-4aab-8b7d-421fdcb11620%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
