[Xen-devel] [PATCH v2 1/2] x86/msr: Carry on after a non-"safe" MSR access fails without !panic_on_oops

[Andy Lutomirski <luto@xxxxxxxxxx>]

This demotes an OOPS and likely panic due to a failed non-"safe" MSR
access to a WARN_ON_ONCE and a return of zero (in the RDMSR case).
We still write a pr_info entry unconditionally for debugging.

To be clear, this type of failure should *not* happen.  This patch
exists to minimize the chance of nasty undebuggable failures due on
systems that used to work due to a now-fixed CONFIG_PARAVIRT=y bug.

Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx>
---
 arch/x86/kernel/traps.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 346eec73f7db..f82987643e32 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -437,6 +437,58 @@ exit_trap:
        do_trap(X86_TRAP_BR, SIGSEGV, "bounds", regs, error_code, NULL);
 }
 
+static bool paper_over_kernel_gpf(struct pt_regs *regs)
+{
+       /*
+        * Try to decode the opcode that failed.  So far, we only care
+        * about boring two-byte unprefixed opcodes, so we don't need
+        * the full instruction decoder machinery.
+        */
+       u16 opcode;
+
+       if (probe_kernel_read(&opcode, (const void *)regs->ip, sizeof(opcode)))
+               return false;
+
+       if (opcode == 0x320f) {
+               /* RDMSR */
+               pr_info("bad kernel RDMSR from non-existent MSR 0x%x",
+                       (unsigned int)regs->cx);
+               if (!panic_on_oops) {
+                       WARN_ON_ONCE(true);
+
+                       /*
+                        * Pretend that RDMSR worked and returned zero.  We
+                        * chose zero because zero seems less likely to
+                        * cause further malfunctions than any other value.
+                        */
+                       regs->ax = 0;
+                       regs->dx = 0;
+                       regs->ip += 2;
+                       return true;
+               } else {
+                       /* Don't fix it up. */
+                       return false;
+               }
+       } else if (opcode == 0x300f) {
+               /* WRMSR */
+               pr_info("bad kernel WRMSR writing 0x%08x%08x to MSR 0x%x",
+                       (unsigned int)regs->dx, (unsigned int)regs->ax,
+                       (unsigned int)regs->cx);
+               if (!panic_on_oops) {
+                       WARN_ON_ONCE(true);
+
+                       /* Pretend it worked and carry on. */
+                       regs->ip += 2;
+                       return true;
+               } else {
+                       /* Don't fix it up. */
+                       return false;
+               }
+       }
+
+       return false;
+}
+
 dotraplinkage void
 do_general_protection(struct pt_regs *regs, long error_code)
 {
@@ -456,6 +508,9 @@ do_general_protection(struct pt_regs *regs, long error_code)
                if (fixup_exception(regs))
                        return;
 
+               if (paper_over_kernel_gpf(regs))
+                       return;
+
                tsk->thread.error_code = error_code;
                tsk->thread.trap_nr = X86_TRAP_GP;
                if (notify_die(DIE_GPF, "general protection fault", regs, 
error_code,
-- 
2.4.3


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel