Hi everyone,

I am trying to play around with the VMX non-root mode on a  E5-2640v4 CPU. I want to boot a Linux kernel at non-root mode. At first I disabled EPT and virtual APIC, then called vmlaunch to enter the non-root mode. It works well. Then I tried to enable EPT but still left the virtual APIC disabled and after the kernel entered the non-root mode, the Local APIC stopped work(cannot dispatch interrupt pending in the IRR and ISR).

I found a workaround that first triggering a PF or UD and after the kernel going back from the .fixup section, writing to the EOI manually, then the APIC will work as usual. I believe this is not a good solution and I must did something wrong. But I cannot find it.

Does anyone have some ideas? Thanks a lot!

Here is the code snippet of my workaround:

void *uaddr = NULL;
unsigned long newval = uval = 0;
unsigned long ret = 0;

asm volatile ("\n"
        /* trigger a PF by dereference a NULL pointer*/
        "1:\t" LOCK_PREFIX "cmpxchg %4, %2\n"
        /* (or trigger UD instead) */
        //"1:\tud2\n"
        "2:\n"
        "\t.section .fixup, \"ax\"\n"
        "3:\tmov     %3, %0\n"
        "\tjmp     2b\n"
        "\t.previous\n"
        _ASM_EXTABLE_UA(1b, 3b)
        : "+r" (ret), "=a" (uval), "+m" (*(uaddr))
        : "i" (-EFAULT), "q" (newval), "1" (uval)
        : "memory"
);
/* Write to EOI */
ack_APIC_irq();

Possibly related VMCS config:

PinBased=00000016H(All 0)

CPUBased=94006172H(ACTIVATE_SECONDARY_CONTROLS, USE_MSR_BITMAPS)

SecondaryExec=00000000H

EntryControls=000053ffH(unrelated?)

ExitControls=000fefffH / 000f6fffH (ACK_INTR_ON_EXIT set and unset both don't work)

ExceptionBitmap=00004000 PFECmask=00000000 PFECmatch=ffffffff (No VMEXIT on PF)