Re: [Xen-devel] [PATCH 3/3] x86/HVM: don't crash guest upon problems occurring in user mode

[Tim Deegan <tim@xxxxxxx>]

At 11:13 +0100 on 20 Nov (1416478386), Jan Beulich wrote:
> This extends commit 5283b310 ("x86/HVM: only kill guest when unknown VM
> exit occurred in guest kernel mode") to further cases, including the
> failed VM entry one that XSA-110 was needed to be issued for.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

This seems like a good idea in general, but I'm not sure it's
appropriate for _all_ of these.  Unhandled exit types and 
overlong instruction decode seem obviously good. 

hvm_hap_nested_page_fault() returns 0: seems only to happen for pvh
guests that write to read-only memory (?).  That seems like a
different class of failure.  I don't think our response should be
different based on the privilege level here, although domain_crash()
does seem harsh.  (I presume this is to avoid emulating an instruction
in PVH mode?)  If we're changing this, I think it should be to #GP
rather than #UD.

p2m_pt_handle_deferred_changes() returns < 0: AFAICS this is basically
ENOMEM when trying to update p2m tables.  It's so unlikely to be
caused by userspace activity that disguising it with #UD is probably
just unhelpful.  It turns a clean failure into an undebuggable
intermittent glitch.

bad vm entry: Here we're basically looking at a Xen bug that we're
just trying to contain the damage on.  I guess maybe if the guest user
can trigger it it's nice to give the kernel a chance.  And at least it
comes with a loud console message, so I'm OK with it. 

Cheers,

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel