[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 3/3] x86/vmx: implement Notify VM Exit

  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Wed, 11 Jan 2023 21:05:12 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HAvb2Mg1S0uuzH1onFjGMe88MbP+3GiSjiHHn55VMlw=; b=C3QcbFnDP7NRP1TmWbFtPUcieeXF+o59O/KxfJhHF1nrlNhmaj7eQwln8AURsJ5y8af399MK2Y0ALLg9fJ/fhn62zNPBgp5VoqO18UZRag8uuR86XBGjvLg0qy/4XNyvqC9//XeyGihzlHVGpNYYVWqXR9m1ZH9SDpOwSgf/QlJWyqCXJ3+qSOI+thx02QrqVbi0J73R9n0qoUrroxhmGdqdnGAdveOVswba4jNeVN+ItcylDylKUPb0qOuJ2dHi6fzyzuB7zTDWketAO9Y6s0GtDcviPm/vD6CGTx1LvxX+amhXXq7aS3zjahCPm5W6VQZn4zNcw0dKydXgbPqS3w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FKTT/sluGpc0hw0VdTyxzbS8NC0aVlYy8NO1NnfTAUn8UMQHh59MiSGRsHGqTesHZa5uJN93HFURMLiZrlAcPHoIiN0ngTN/obGMISM+eyNnLEMgkeSewFwMKLfPCtRwGTei3b+htU0cuS5ZAPrTjB2+lbF0aeWdxOXAAEPU9CVYzENLflersyIpwvJMoRkCKByQId8I6xmNtC/p/mdyZ6fvQtAlo5yTjkeYLOKR7ak6VaMjuIfHTYRU8p/0CL140WFxU0SVGtXi/puyOOgmvVG7PnLBSzqjhvLQOhlAvYcUSlNGm9en1XbBAJOCgq8359TyXPiur9SCy8ZWL2c5Ng==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: George Dunlap <George.Dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>
  • Delivery-date: Wed, 11 Jan 2023 21:05:46 +0000
  • Ironport-data: A9a23:pRP0A6LKfUcMfgJeFE+RKJQlxSXFcZb7ZxGr2PjKsXjdYENSgTIFy TEfUT+OPP7eZzDxft9/bdzg8R8FvcfUydMwSgFlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHv+kUrWs1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPdwP9TlK6q4mhA5wVnPaojUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5mD1ENy qEGMwlQMEvAvqWmw6+LZrlV05FLwMnDZOvzu1lG5BSBUbMKZM6GRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/VspTSNpOBy+OGF3N79U9qGX8hK2G2fo XrL5T/RCRAGLt2PjzGC9xpAg8eex32iBthJTNVU8NZb2QyexzceDCYVD1uRiOuGtRWQWO5Af hl8Fi0G6PJaGFaQZsnwWVi0rWCJujYYWsFMCKsq5QeV0K3W7g2FQG8eQVZpatYrqcs3TjwCz UKSkpXiAjkHmL+ITXOQ8J+EoDX0PjIaRUcZfjMNRwYB59jloakwgwjJQ9IlF7S65vXqHRngz jbMqzIx750RkMhN0ay49FLGhjuEp57VQwpz7QLSNkqm4x14Ysi5ZoWuwVnd8ftEao2eSzG8U GMsnsGf6KUCCM+LnSnVHOEVRun1ubCCLSHWhkNpE9857TOx9nW/fIdWpjZjOENuNcVCcjjsC KPOhT5sCFZoFCPCRcdKj0iZVKzGEYCI+QzZa83p
  • Ironport-hdrordr: A9a23:8EEw46yxh1stJ6KsbVSJKrPxAugkLtp133Aq2lEZdPULSKGlfp GV9sjziyWetN9IYgBapTiBUJPwIk81bfZOkMUs1MSZLXPbUQyTXc5fBOrZsnDd8kjFmtK1up 0QFJSWZOeQMbE+t7eD3ODaKadv/DDkytHPuQ629R4EIm9XguNbnn5E422gYy9LrXx9dP4E/e 2nl696TlSbGUg/X4CePD0oTuLDr9rEmNbPZgMHPQcu7E2jnC6l87nzFjmfx1M7XylUybkv3G DZm0ihj5/T882T+1v57Sv+/p5WkNzuxp9qA9GNsNEcLnHBmxulf4NoXpyFpXQQrPu04Fgnvd HQq1MLPth16VnWYmapyCGdmjXI4XIL0TvP2FWYiXzsrYjSXzQhEfdMgopfb1/w91cglMsU6t MI40up875sST/QliX04NbFEztwkFCvnHYkmekPy1RCTIolbqNLp4B3xjIRLH5AJlO/1GkUKp gpMCju3ocOTbpcVQGAgoBb+q3qYp30JGbcfqFNgL3O79EcpgEF86JR/r1iop5HzuN/d3AM3Z W7Dkwj/os+MfM+fOZzAvwMTtCwDXGISRXQMHiKKVCiD60fPWnRwqSHqIndS9vaCqDg4aFC7q gpamko/FIaagbrE4mDzZdL+hfCTCG0Wins0NhX49x8tqfnTLTmPCWfQBR2+vHQ6ck3E4neQb K+KZhWC/jsIS/nHptIxRT3X91XJWMFWMMYt94nUxaFo97NKIftquvHGcyjb4bFAHIhQCfyE3 EDVD/8KIFJ6V2qQGbxhFzLV3bkaiXEjOVN+WjhjpwuIaQ2R/5xW1Iu+CWED+mwWE1/m71zel diK7X6la7+rXWq/A/znhBUBiY=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZDxB+OJsGEBOWPkStgY7+/Eiq966Z4qgA
  • Thread-topic: [PATCH v4 3/3] x86/vmx: implement Notify VM Exit
On 13/12/2022 4:31 pm, Roger Pau Monne wrote:
> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
> index a0d5e8d6ab..3d7c471a3f 100644
> --- a/xen/arch/x86/hvm/vmx/vmcs.c
> +++ b/xen/arch/x86/hvm/vmx/vmcs.c
> @@ -1290,6 +1296,17 @@ static int construct_vmcs(struct vcpu *v)
>      v->arch.hvm.vmx.exception_bitmap = HVM_TRAP_MASK
>                | (paging_mode_hap(d) ? 0 : (1U << TRAP_page_fault))
>                | (v->arch.fully_eager_fpu ? 0 : (1U << TRAP_no_device));
> +    if ( cpu_has_vmx_notify_vm_exiting )
> +    {
> +        __vmwrite(NOTIFY_WINDOW, vm_notify_window);
> +        /*
> +         * Disable #AC and #DB interception: by using VM Notify Xen is
> +         * guaranteed to get a VM exit even if the guest manages to lock the
> +         * CPU.
> +         */
> +        v->arch.hvm.vmx.exception_bitmap &= ~((1U << TRAP_debug) |
> +                                              (1U << TRAP_alignment_check));
> +    }
>      vmx_update_exception_bitmap(v);
>  
>      v->arch.hvm.guest_cr[0] = X86_CR0_PE | X86_CR0_ET;
> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
> index dabf4a3552..b11578777a 100644
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -1428,10 +1428,19 @@ static void cf_check vmx_update_host_cr3(struct vcpu 
> *v)
>  
>  void vmx_update_debug_state(struct vcpu *v)
>  {
> +    unsigned int mask = 1u << TRAP_int3;
> +
> +    if ( !cpu_has_monitor_trap_flag && cpu_has_vmx_notify_vm_exiting )
> +        /*
> +         * Only allow toggling TRAP_debug if notify VM exit is enabled, as
> +         * unconditionally setting TRAP_debug is part of the XSA-156 fix.
> +         */
> +        mask |= 1u << TRAP_debug;
> +
>      if ( v->arch.hvm.debug_state_latch )
> -        v->arch.hvm.vmx.exception_bitmap |= 1U << TRAP_int3;
> +        v->arch.hvm.vmx.exception_bitmap |= mask;
>      else
> -        v->arch.hvm.vmx.exception_bitmap &= ~(1U << TRAP_int3);
> +        v->arch.hvm.vmx.exception_bitmap &= ~mask;
>  
>      vmx_vmcs_enter(v);
>      vmx_update_exception_bitmap(v);
> @@ -4180,6 +4189,9 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
>          switch ( vector )
>          {
>          case TRAP_debug:
> +            if ( cpu_has_monitor_trap_flag && cpu_has_vmx_notify_vm_exiting )
> +                goto exit_and_crash;

This breaks GDBSX and introspection.

For XSA-156, we were forced to intercept #DB unilaterally for safety,
but both GDBSX and Introspection can optionally intercepting #DB for
logical reasons too.

i.e. we can legitimately end up here even on an system with VM Notify.


What I can't figure out is why made any reference to MTF.  MTF has
absolutely nothing to do with TRAP_debug.

Furthermore, there's no CPU in practice that has VM Notify but lacks
MTF, so the head of vmx_update_debug_state() looks like dead code...

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.