| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Sep 2021 15:15:25 +0800
From: Hao Xiang <hao.xiang@...ux.alibaba.com>
To: Sean Christopherson <seanjc@...gle.com>,
Xiaoyao Li <xiaoyao.li@...el.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, chenyi.qiang@...el.com,
shannon.zhao@...ux.alibaba.com
Subject: Re: [PATCH] KVM: VMX: Check if bus lock vmexit was preempted
On 2021/9/22 22:58, Sean Christopherson wrote:
> On Wed, Sep 22, 2021, Xiaoyao Li wrote:
>> On 9/22/2021 6:02 PM, Paolo Bonzini wrote:
>>> On 18/09/21 13:30, Hao Xiang wrote:
>>>> exit_reason.bus_lock_detected is not only set when bus lock VM exit
>>>> was preempted, in fact, this bit is always set if bus locks are
>>>> detected no matter what the exit_reason.basic is.
>>>>
>>>> So the bus_lock_vmexit handling in vmx_handle_exit should be duplicated
>>>> when exit_reason.basic is EXIT_REASON_BUS_LOCK(74). We can avoid it by
>>>> checking if bus lock vmexit was preempted in vmx_handle_exit.
>>> I don't understand, does this mean that bus_lock_detected=1 if
>>> basic=EXIT_REASON_BUS_LOCK? If so, can we instead replace the contents
>>> of handle_bus_lock_vmexit with
>>>
>>> /* Do nothing and let vmx_handle_exit exit to userspace. */
>>> WARN_ON(!to_vmx(vcpu)->exit_reason.bus_lock_detected);
>>> return 0;
>>>
>>> ?
>>>
>>> That would be doable only if this is architectural behavior and not a
>>> processor erratum, of course.
>> EXIT_REASON.bus_lock_detected may or may not be set when exit reason ==
>> EXIT_REASON_BUS_LOCK. Intel will update ISE or SDM to state it.
>>
>> Maybe we can do below in handle_bus_lock_vmexit handler:
>>
>> if (!to_vmx(vcpu)->exit_reason.bus_lock_detected)
>> to_vmx(vcpu)->exit_reason.bus_lock_detected = 1;
>>
>> But is manually changing the hardware reported value for software purpose a
>> good thing?
> In this case, I'd say yes. Hardware having non-deterministic behavior is the not
> good thing, KVM would simply be correctly the not-technically-an-erratum erratum.
>
> Set it unconditionally and then handle everything in common path. This has the
> added advantage of having only one site that deals with KVM_RUN_X86_BUS_LOCK.
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 33f92febe3ce..aa9372452e49 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -5561,9 +5561,9 @@ static int handle_encls(struct kvm_vcpu *vcpu)
>
> static int handle_bus_lock_vmexit(struct kvm_vcpu *vcpu)
> {
> - vcpu->run->exit_reason = KVM_EXIT_X86_BUS_LOCK;
> - vcpu->run->flags |= KVM_RUN_X86_BUS_LOCK;
> - return 0;
> + /* The dedicated flag may or may not be set by hardware. /facepalm. */
> + vcpu->exit_reason.bus_lock_detected = true;
> + return 1;
> }
>
> /*
> @@ -6050,9 +6050,8 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
> int ret = __vmx_handle_exit(vcpu, exit_fastpath);
>
> /*
> - * Even when current exit reason is handled by KVM internally, we
> - * still need to exit to user space when bus lock detected to inform
> - * that there is a bus lock in guest.
> + * Exit to user space when bus lock detected to inform that there is a
> + * bus lock in guest.
> */
> if (to_vmx(vcpu)->exit_reason.bus_lock_detected) {
> if (ret > 0)
I agree with your modifications. And I will re-submit the patch. Thanks.
Powered by blists - more mailing lists