[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 3/3] x86/vmx: implement Notify VM Exit

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 12 Jan 2023 08:42:29 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ynWFmUUDTwFMF3VF0PVzuuKnBb1tVw4O41z9x4c9Hmg=; b=ED13Bm7XDb6/7fhGMEnjUbVMim+8EyQiHY5J+s35rF9nyB3eyuR5UMHXFfi3g+3miQYvJ0S1TN8tD4yIZ32ZFpNxPFwPU9At6RYX/3VC5ENMw7rQ5N7mR2Yf1bz/EDDGFJ6KabQNK+XgEwlaUI9qLAkLtrJzmxOig6oTOZJEcmPNjwfnclHfwclM2Ij6EnDMozBZYQay2S2o1Z3IOHQwmtqpxQSUTD0QMnh76/6AN6qj2wz/GWfuefMwkwRKHWJJyqyg/pwf4rn1z+D2AU3qCY2lzPxEBL0/45a/FJFmshDocX2ya+Wlj7+F+QXVdwy0e4SqCyis0Y4kpStI6RKTSA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FkMgOd0XJmfbjlMJ8p7VTxFagW30Y6OKXGXHMz5HqA/SMJLGPqBjVxjgRr7GNkDxu3+ZlqfPyPPuNGjwNZvuMuLiaQVgM7AzfXnJRWKlW4xIC83dHK8bSmy9Qma6/oTvMz7bBz87ZMFYsyK50LGlA56VC+1RV50HU11DY5TTJi3e3RtKNFRq3KxSRl/UXcfc2Lrx1VaEdE1oPHuLz7ttazinwAe1dYWHzsg3lIUqgpEgHy/x4RE/GKDVHZbbwHHDXw8fOvVXXEsRPAhEwqR9WQciiMSKaI9o1YOSRk+ARBb1G5cXw5TReUnKXy1sqc3rGVTqb6Qz1gxW+29pKAH8Vg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: George Dunlap <George.Dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Delivery-date: Thu, 12 Jan 2023 07:42:45 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11.01.2023 22:05, Andrew Cooper wrote:
> On 13/12/2022 4:31 pm, Roger Pau Monne wrote:
>> --- a/xen/arch/x86/hvm/vmx/vmx.c
>> +++ b/xen/arch/x86/hvm/vmx/vmx.c
>> @@ -1428,10 +1428,19 @@ static void cf_check vmx_update_host_cr3(struct vcpu 
>> *v)
>>  
>>  void vmx_update_debug_state(struct vcpu *v)
>>  {
>> +    unsigned int mask = 1u << TRAP_int3;
>> +
>> +    if ( !cpu_has_monitor_trap_flag && cpu_has_vmx_notify_vm_exiting )
>> +        /*
>> +         * Only allow toggling TRAP_debug if notify VM exit is enabled, as
>> +         * unconditionally setting TRAP_debug is part of the XSA-156 fix.
>> +         */
>> +        mask |= 1u << TRAP_debug;
>> +
>>      if ( v->arch.hvm.debug_state_latch )
>> -        v->arch.hvm.vmx.exception_bitmap |= 1U << TRAP_int3;
>> +        v->arch.hvm.vmx.exception_bitmap |= mask;
>>      else
>> -        v->arch.hvm.vmx.exception_bitmap &= ~(1U << TRAP_int3);
>> +        v->arch.hvm.vmx.exception_bitmap &= ~mask;
>>  
>>      vmx_vmcs_enter(v);
>>      vmx_update_exception_bitmap(v);
>> @@ -4180,6 +4189,9 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
>>          switch ( vector )
>>          {
>>          case TRAP_debug:
>> +            if ( cpu_has_monitor_trap_flag && cpu_has_vmx_notify_vm_exiting 
>> )
>> +                goto exit_and_crash;
> 
> This breaks GDBSX and introspection.
> 
> For XSA-156, we were forced to intercept #DB unilaterally for safety,
> but both GDBSX and Introspection can optionally intercepting #DB for
> logical reasons too.
> 
> i.e. we can legitimately end up here even on an system with VM Notify.
> 
> 
> What I can't figure out is why made any reference to MTF.  MTF has
> absolutely nothing to do with TRAP_debug.

Looking back I see that the two seemingly asymmetric conditions puzzled
me during review, but for some reason I didn't question the MTF part
as a whole; I think I simply wasn't sure and hence left it to the
VMX maintainers. I think you're right and that part of the condition
wants deleting from vmx_update_debug_state() (on top of deleting the
entire if() above).

> Furthermore, there's no CPU in practice that has VM Notify but lacks
> MTF, so the head of vmx_update_debug_state() looks like dead code...

"No CPU in practice" is not an applicable argument as long as the spec
doesn't spell out a connection. When running virtualized ourselves, any
valid feature combination may be found (seeing that we similarly
may ourselves surface feature combinations to guests which no real
hardware equivalent exists for).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.