[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 4/4] x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 21 Jan 2022 08:56:18 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aOy6to8HiePAc53m7rmMNsRiypag8/GsIWYCFz1Jw2c=; b=XwWN5ByFXRSHJxGVSkmALeDe5LUQdRQm0LvvmbUm10s692jnPPq5gZ0dUukRfNp3DrXOFIDO5Rjulbj5eilsKDG2MfNwJwK+3eMJMK7exckFUXRO7+bkUfGH8IkElaN8+ML8hGB48tpIqp+OqiU/JoSozivrK7p8SZmAWfK4vj7c+PMm2CwDPlIZNA0uIzqlINRGIaWc6n3Hc63uK3vRwWJcN7M5Vwwspr/x/WCi0STupvbaCvO+CppmC3boNGIe6yD9x0s1IOTlUwI5NJOH0RL/5+d05ybZ9y6fK8WMiGUNh8LI0iWFumDbZajc8ZQ9jx+GJc2qqWm7ui7pi9fXZA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q1QZcBO9ce9RqOSg4GUDPiXjEH9ljbT0hNKRayn43qWgYmvG3Z1cIS0KULofS1aja3rbE3hlVCr9t288FBAHuR0os1swPuHYuo72CUG+4nUtqv+iUw3JzbUXUdQrZRtF0hJNPF8jLrdPmmJFNoZWFgBI8pfkG7ddLrW3smyJB7j8bP92fhGg7LGL13h7eZJ7I0m7vT1Cf5arwcNEqlFSfyLywMGUIwt0O4Jo1exl+mEPZhUtK4BDptsekv6P0Es6uo553fs2YtSAMTHwYIayZSM1dMR8Y/Q3jeQvfOguA15w++x5HBOU9WG1Y+OYygNJWKnlDRH0oLxgUdgd38jnYg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 21 Jan 2022 07:56:26 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 17.01.2022 19:34, Andrew Cooper wrote:
> The logic was based on a mistaken understanding of how NMI blocking on vmexit
> works.  NMIs are only blocked for EXIT_REASON_NMI, and not for general exits.
> Therefore, an NMI can in general hit early in the vmx_asm_vmexit_handler path,
> and the guest's value will be clobbered before it is saved.
> 
> Switch to using MSR load/save lists.  This causes the guest value to be saved
> atomically with respect to NMIs/MCEs/etc.
> 
> First, update vmx_cpuid_policy_changed() to configure the load/save lists at
> the same time as configuring the intercepts.  This function is always used in
> remote context, so extend the vmx_vmcs_{enter,exit}() block to cover the whole
> function, rather than having multiple remote acquisitions of the same VMCS.
> 
> Both of vmx_{add,del}_guest_msr() can fail.  The -ESRCH delete case is fine,
> but all others are fatal to the running of the VM, so handle them using
> domain_crash() - this path is only used during domain construction anyway.
> 
> Second, update vmx_{get,set}_reg() to use the MSR load/save lists rather than
> vcpu_msrs, and update the vcpu_msrs comment to describe the new state
> location.
> 
> Finally, adjust the entry/exit asm.
> 
> Because the guest value is saved and loaded atomically, we do not need to
> manually load the guest value, nor do we need to enable SCF_use_shadow.  This
> lets us remove the use of DO_SPEC_CTRL_EXIT_TO_GUEST.  Additionally,
> SPEC_CTRL_ENTRY_FROM_PV gets removed too, because on an early entry failure,
> we're no longer in the guest MSR_SPEC_CTRL context needing to switch back to
> Xen's context.
> 
> The only action remaining is to load Xen's MSR_SPEC_CTRL value on vmexit.  We
> could in principle use the host msr list, but is expected to complicated
> future work.  Delete DO_SPEC_CTRL_ENTRY_FROM_HVM entirely, and use a shorter
> code sequence to simply reload Xen's setting from the top-of-stack block.
> 
> Adjust the comment at the top of spec_ctrl_asm.h in light of this bugfix.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> CC: Wei Liu <wl@xxxxxxx>
> CC: Jun Nakajima <jun.nakajima@xxxxxxxxx>
> CC: Kevin Tian <kevin.tian@xxxxxxxxx>
> 
> Needs backporting as far as people can tolerate.

Besides the earlier patches in this series, are there any other prereqs
that you're aware of and which aren't there yet in the stable trees?

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.