| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Sep 2021 14:58:53 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Xiaoyao Li <xiaoyao.li@...el.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
Hao Xiang <hao.xiang@...ux.alibaba.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, chenyi.qiang@...el.com,
shannon.zhao@...ux.alibaba.com
Subject: Re: [PATCH] KVM: VMX: Check if bus lock vmexit was preempted
On Wed, Sep 22, 2021, Xiaoyao Li wrote:
> On 9/22/2021 6:02 PM, Paolo Bonzini wrote:
> > On 18/09/21 13:30, Hao Xiang wrote:
> > > exit_reason.bus_lock_detected is not only set when bus lock VM exit
> > > was preempted, in fact, this bit is always set if bus locks are
> > > detected no matter what the exit_reason.basic is.
> > >
> > > So the bus_lock_vmexit handling in vmx_handle_exit should be duplicated
> > > when exit_reason.basic is EXIT_REASON_BUS_LOCK(74). We can avoid it by
> > > checking if bus lock vmexit was preempted in vmx_handle_exit.
> >
> > I don't understand, does this mean that bus_lock_detected=1 if
> > basic=EXIT_REASON_BUS_LOCK? If so, can we instead replace the contents
> > of handle_bus_lock_vmexit with
> >
> > /* Do nothing and let vmx_handle_exit exit to userspace. */
> > WARN_ON(!to_vmx(vcpu)->exit_reason.bus_lock_detected);
> > return 0;
> >
> > ?
> >
> > That would be doable only if this is architectural behavior and not a
> > processor erratum, of course.
>
> EXIT_REASON.bus_lock_detected may or may not be set when exit reason ==
> EXIT_REASON_BUS_LOCK. Intel will update ISE or SDM to state it.
>
> Maybe we can do below in handle_bus_lock_vmexit handler:
>
> if (!to_vmx(vcpu)->exit_reason.bus_lock_detected)
> to_vmx(vcpu)->exit_reason.bus_lock_detected = 1;
>
> But is manually changing the hardware reported value for software purpose a
> good thing?
In this case, I'd say yes. Hardware having non-deterministic behavior is the not
good thing, KVM would simply be correctly the not-technically-an-erratum erratum.
Set it unconditionally and then handle everything in common path. This has the
added advantage of having only one site that deals with KVM_RUN_X86_BUS_LOCK.
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 33f92febe3ce..aa9372452e49 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -5561,9 +5561,9 @@ static int handle_encls(struct kvm_vcpu *vcpu)
static int handle_bus_lock_vmexit(struct kvm_vcpu *vcpu)
{
- vcpu->run->exit_reason = KVM_EXIT_X86_BUS_LOCK;
- vcpu->run->flags |= KVM_RUN_X86_BUS_LOCK;
- return 0;
+ /* The dedicated flag may or may not be set by hardware. /facepalm. */
+ vcpu->exit_reason.bus_lock_detected = true;
+ return 1;
}
/*
@@ -6050,9 +6050,8 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
int ret = __vmx_handle_exit(vcpu, exit_fastpath);
/*
- * Even when current exit reason is handled by KVM internally, we
- * still need to exit to user space when bus lock detected to inform
- * that there is a bus lock in guest.
+ * Exit to user space when bus lock detected to inform that there is a
+ * bus lock in guest.
*/
if (to_vmx(vcpu)->exit_reason.bus_lock_detected) {
if (ret > 0)
Powered by blists - more mailing lists