[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 03/22] x86/msr: always allow a pinned Dom0 to read any unknown MSR

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Edwin Torok <edwin.torok@xxxxxxxxx>
Date: Tue, 31 Oct 2023 09:31:20 +0000
Cc: Edwin Török <edvin.torok@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 31 Oct 2023 09:31:41 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

> On 30 Oct 2023, at 16:29, Jan Beulich <jbeulich@xxxxxxxx> wrote:
> 
> On 25.10.2023 21:29, Edwin Török wrote:
>> This can be useful if you realize you have to inspect the value of an
>> MSR in production, without having to change into a new Xen first that
>> handles the MSR.
> 
> Yet on a non-pinned Dom0 you'd still be lost. Since iirc we generally
> advise against pinning,

You can temporarily pin while debugging the issue (e.g. pin just 1 CPU from 
Dom0, and "walk" all your physical CPUs with it if you have to,
so that you query them all), e.g. with 'xl vcpu-pin'.
Although that is more invasive than reading a value.

Or alternatively have another (privileged) interface to read the MSR for a 
given core without exposing it to any guests, that way you don't affect the 
running system at all
(which would be preferable in a production environment), i.e. a Xen equivalent 
of 'rdmsr'.

> I wonder of how much use such a change would be,
> when it effectively undoes what we deliberately did a while ago.
> 
>> --- a/xen/arch/x86/hvm/svm/svm.c
>> +++ b/xen/arch/x86/hvm/svm/svm.c
>> @@ -1933,6 +1933,9 @@ static int cf_check svm_msr_read_intercept(
>>         break;
>> 
>>     default:
>> +        if ( is_hwdom_pinned_vcpu(v) && !rdmsr_safe(msr, *msr_content) )
>> +            break;
>> +
>>         if ( d->arch.msr_relaxed && !rdmsr_safe(msr, tmp) )
>>         {
>>             *msr_content = 0;
> 
> If we went as far as undoing some of what was done, I'd then wonder
> whether instead we should mandate relaxed mode to be enabled on such a
> Dom0. Then, instead of returning fake 0 here, the actual value could
> be returned in the specific case of (pinned?) Dom0.

Can relaxed mode be enabled at runtime? I'd be happy with either solution, but 
it should be something that can be enabled at runtime
(if you have to reboot Xen then you may lose the bug repro that you want to 
gather more information on).
Although changing such a setting in a production environment may still be 
risky, because the guest will then become very confused that it has previously 
read some 0s, now there are some real values, and later when you flip the 
switch off it gets 0s again.

Best regards,
--Edwin

Follow-Ups:
- Re: [RFC PATCH 03/22] x86/msr: always allow a pinned Dom0 to read any unknown MSR
  - From: Jan Beulich

References:
- [RFC PATCH 00/22] vPMU bugfixes and support for PMUv5
  - From: Edwin Török
- [RFC PATCH 03/22] x86/msr: always allow a pinned Dom0 to read any unknown MSR
  - From: Edwin Török
- Re: [RFC PATCH 03/22] x86/msr: always allow a pinned Dom0 to read any unknown MSR
  - From: Jan Beulich

Prev by Date: [XEN PATCH v2] xen/domain_page: address violations of MISRA C:2012 Rule 8.3
Next by Date: Re: [RFC PATCH 02/22] x86/msr: implement MSR_SMI_COUNT for Dom0 on Intel
Previous by thread: Re: [RFC PATCH 03/22] x86/msr: always allow a pinned Dom0 to read any unknown MSR
Next by thread: Re: [RFC PATCH 03/22] x86/msr: always allow a pinned Dom0 to read any unknown MSR
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.