[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/2] x86/monitor: Add new monitor event to catch all vmexits


  • To: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 7 Apr 2022 08:01:19 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XrYNGUzlWUG8eVswJNjylNqEWaClHkCSLOhcEYeBcIU=; b=FbQl50AGcN64SeVT+jqBBaIbrlIANNSEHGNpd2vrmpygFJQhNTz2N9DUfr74ib3UjSaIvRuTXHpvO7qobbmBaqpm73D4DX/harfAoUSYcss7AK4xspmx+seGDs1mmkpYtaMW8XFXqGyqHW6T9vrh7mrYOLaRI/ZcUYIe6tJ+JqUJo5zdNd9o+fiV2F9+7Cvl0256C/yDW0ZkjoG61KIiTG6BTeQeyduVwScqaUWQTaumYng1763LIYr6YUvXjEb88Ipafn1OewNGsuEUFeI1vhELIPNkD0hA4ghOvAD2nKd31N5pzKE7BW5dFrhB/f5pGpS3GXjq+/DeMdMmOYrTiw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Op2b7HuAR8oCUDMJvyQyu/WcLbh2rfeRGR8wpIvce/GLHLCi2BxpYLLfMExlwcqRLQTEDHPahlZyeo7NvQJmI2hYibcVV96edhsJTNslwt/AuiXgJvfgjQKJCaYlHGTN2JA+VmmLW8rjgA1NVYniyBcL3u/UiWDZY4UqqhwfEfe430iV/RwT6J755JjQ9xPp+4fUwvgCZ4H3C0CYPug2/pwapBwR3qRkZjZaYvgiNK1p9HLMnH61jEe5uEfVrx1fZ8Hgjej6fc34hdEoTcb6i8tqMF8gQ8q+uIm45hx+SWU0OybpurTJi5uyb+6ozzLTXpMn16fCIppGsTtDpjx4jg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Tamas K Lengyel <tamas.lengyel@xxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <JGross@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, Petre Pircalabu <ppircalabu@xxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 07 Apr 2022 06:01:51 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 06.04.2022 20:02, Tamas K Lengyel wrote:
> On Wed, Apr 6, 2022 at 11:14 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>> On 06.04.2022 16:58, Tamas K Lengyel wrote:
>>> --- a/xen/arch/x86/hvm/vmx/vmx.c
>>> +++ b/xen/arch/x86/hvm/vmx/vmx.c
>>> @@ -4008,6 +4008,18 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
>>>          }
>>>      }
>>>
>>> +    if ( unlikely(currd->arch.monitor.vmexit_enabled) )
>>> +    {
>>> +        int rc;
>>> +        __vmread(EXIT_QUALIFICATION, &exit_qualification);
>>> +
>>> +        rc = hvm_monitor_vmexit(exit_reason, exit_qualification);
>>> +        if ( rc < 0 )
>>> +            goto exit_and_crash;
>>> +        else if ( rc )
>>> +            return;
>>> +    }
>>> +
>>>      /* XXX: This looks ugly, but we need a mechanism to ensure
>>>       * any pending vmresume has really happened
>>>       */
>>
>> A few lines down from here failed VM entry is being handled? Wouldn't
>> you want to place your code after that? And wouldn't you want to avoid
>> invoking the monitor for e.g. EXIT_REASON_EXTERNAL_INTERRUPT,
>> EXIT_REASON_MCE_DURING_VMENTRY, and at least the NMI sub-case of
>> EXIT_REASON_EXCEPTION_NMI?
> 
> No, the placement is necessary to be where it is to be able to collect
> information about all vmexits, no matter the root cause. Failed
> vmentry & mce during vmentry would be interesting exits to see if we
> can induce during fuzzing from within the guest (indicating some
> serious state corruption) while the external interrupt and nmi cases
> are for the most part just ignored and the fuzz-case restarted, but
> could be still interesting to collect their frequencies. So in effect,
> we want to avoid Xen hiding any of the events from the monitoring
> agent by handling it one way or another and just let the agent decide
> what to do next. We most certainly want to avoid Xen crashing the VM
> for us.

Okay, I can accept this reasoning. But then don't you need to move
your code _up_, ahead of an earlier "return" (i.e. immediately after
IRQ enabling)? Also may I ask that you transform your reasoning into
some form of a code comment?

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.