lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 16 Apr 2019 11:08:44 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Sean Christopherson <sean.j.christopherson@...el.com>
Cc:     linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH] KVM: vmx: print more APICv fields in dump_vmcs

On 15/04/19 20:39, Sean Christopherson wrote:
> On Mon, Apr 15, 2019 at 03:35:32PM +0200, Paolo Bonzini wrote:
>> The SVI, RVI, virtual-APIC page address and APIC-access page address fields
>> were left out of dump_vmcs.  Add them.
>>
>> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
>> ---
>>  arch/x86/kvm/vmx/vmx.c | 13 +++++++++++--
>>  1 file changed, 11 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
>> index ab432a930ae8..f8054dc1de65 100644
>> --- a/arch/x86/kvm/vmx/vmx.c
>> +++ b/arch/x86/kvm/vmx/vmx.c
>> @@ -5723,8 +5723,17 @@ static void dump_vmcs(void)
>>  	if (secondary_exec_control & SECONDARY_EXEC_TSC_SCALING)
>>  		pr_err("TSC Multiplier = 0x%016llx\n",
>>  		       vmcs_read64(TSC_MULTIPLIER));
>> -	if (cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW)
>> -		pr_err("TPR Threshold = 0x%02x\n", vmcs_read32(TPR_THRESHOLD));
>> +	if (cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW) {
>> +		if (secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) {
>> +			u16 status = vmcs_read16(GUEST_INTR_STATUS);
>> +			pr_err("SVI|RVI = %02x|%02x ", status >> 8, status & 0xff);
>> +		}
>> +		pr_err(KERN_CONT "TPR Threshold = 0x%02x\n", vmcs_read32(TPR_THRESHOLD));
> 
> Might be worth adding a blurb in the changelog stating it's ok to use
> KERN_CONT even though it's technically not SMP safe, as the whole
> dump_vmcs() flow isn't exactly SMP safe.
> 
>> +		if (secondary_exec_control & (SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
>> +		    			      SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE))
> 
> Do we really want to dump the APIC access page address for x2APIC?  I
> assume your intent is to show the value that *could* be used if the guest
> were to disable x2APIC, but that might be misleading since APIC_ACCESS_ADDR
> is checked if and only if VIRTUALIZE_APIC_ACCESSES=1, e.g. someone might
> think a VM-Enter failed because APIC_ACCESS_ADDR has a "bad" value even
> though it's ignored.

Indeed, brain fart.  It's the virtual-APIC page that matters for virtual
x2APIC mode, and that one indeed is printed below (because virtual
x2APIC requires TPR shadow).

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ