[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/svm: Intercept and terminate RDPRU with #UD


  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 9 Sep 2021 13:47:07 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0JzcPlTJl3BbF5ISgULEF5qWV4rb7xfJfe1oGQ4LpKw=; b=OizRKQGZRz+Cs/ditIXgmd444vnnSqsvPQEXucIxrKH3fwqxJtwcp1OZ8bfs79yoA0CEOCPUiwESxKqxPSIb4S0CBxLYljGtu1OP/8gFJNgv4PK9Dsdk72/dAr/WCNDBxP7TvTiFaInksK5o0VZn9dehCKYfV+rhUZZbWqICK7TzQ3gw023wE7q6JEMKMtl1TM4fPn3fgAjdT2OSn1+ezcG+MPyDK7ldEe2kowrYFeefR2bwd54v3JrV9Nhdi08UEEmzqBZdb8kmSIkIVbPzVKNyTFWpzlvdaqYEcf77s5fTWxmUXhOzEAMkJ1eASlOISWJjSziGAiTCfRaVOVqfiA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KDBVUTZCF6obwKU3FSpBfoXBvrxSb4WTOk5+IJSglRSP2r0Zgu8/eXhWwlnKbTZidVSgyAFXzoYu125xhVy97ywsWDFayyIgUVlAj2RrwCGBANfUIp+mRzjFBd9EjtNPa1A3dwP2jZfxBwankccqvw/PQJYkHSkyAnSTgODupxGMOgsv/ELXAUeZHZyGaPzDq/qsm2Dgz4OGYfCwIw8ANXYxYpmlDkdx6qaFShe2PYZEdip36N73/LCYziPNTwGBx5Qikx2vWots21px+wuN/eJnBX86KVpvJcsGErEIrE5Ux5pIlS5CBLDmyNmzwr4z5Ur1BtN7PHb3U3YazJwdrw==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 09 Sep 2021 11:47:15 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 09.09.2021 13:34, Andrew Cooper wrote:
> On 09/09/2021 10:57, Jan Beulich wrote:
>> On 08.09.2021 18:19, Andrew Cooper wrote:
>>> --- a/xen/arch/x86/hvm/svm/vmcb.c
>>> +++ b/xen/arch/x86/hvm/svm/vmcb.c
>>> @@ -70,7 +70,8 @@ static int construct_vmcb(struct vcpu *v)
>>>          GENERAL2_INTERCEPT_STGI        | GENERAL2_INTERCEPT_CLGI        |
>>>          GENERAL2_INTERCEPT_SKINIT      | GENERAL2_INTERCEPT_MWAIT       |
>>>          GENERAL2_INTERCEPT_WBINVD      | GENERAL2_INTERCEPT_MONITOR     |
>>> -        GENERAL2_INTERCEPT_XSETBV      | GENERAL2_INTERCEPT_ICEBP;
>>> +        GENERAL2_INTERCEPT_XSETBV      | GENERAL2_INTERCEPT_ICEBP       |
>>> +        GENERAL2_INTERCEPT_RDPRU;
>> Some of the other intercepts here suggest it is okay to enable ones
>> in the absence of support in the underlying hardware, but I thought
>> I'd double check. I couldn't find any statement either way in the PM.
>> Assuming this is fine
> 
> They're just bits in memory.  Older CPUs will ignore them, and indeed -
> pre-RDPRU hardware is fine running with this intercept bit set.
> 
> Honestly, I've got half a mind to default the intercepts to ~0 rather
> than 0.  For running older Xen on new hardware, it will lead to fewer
> unexpected surprises.

I, too, was considering this, but then we have

    default:
    unexpected_exit_type:
        gprintk(XENLOG_ERR, "Unexpected vmexit: reason %#"PRIx64", "
                "exitinfo1 %#"PRIx64", exitinfo2 %#"PRIx64"\n",
                exit_reason, vmcb->exitinfo1, vmcb->exitinfo2);
    crash_or_fault:
        svm_crash_or_fault(v);
        break;
    }

at the bottom of the switch() statement handling the exit codes.
Getting crashed (or crashing because of an unexpected fault) is
surely a surprise as well (to a guest).

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.