From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Nadav Amit <namit@vmware.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
"Kenneth R. Crudup" <kenny@panix.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Fenghua Yu <fenghua.yu@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Thomas Hellstrom <thellstrom@vmware.com>,
Tony Luck <tony.luck@intel.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Jessica Yu <jeyu@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>
Subject: Re: [patch 2/2] x86/kvm/vmx: Prevent split lock detection induced #AC wreckage
Date: Thu, 2 Apr 2020 09:04:43 -0700 [thread overview]
Message-ID: <20200402160443.GC13879@linux.intel.com> (raw)
In-Reply-To: <18758F52-BB97-4F47-9481-F66AF4465A06@vmware.com>
On Thu, Apr 02, 2020 at 03:44:00PM +0000, Nadav Amit wrote:
> > On Apr 2, 2020, at 8:30 AM, Sean Christopherson <sean.j.christopherson@intel.com> wrote:
> >
> > On Thu, Apr 02, 2020 at 02:33:00PM +0200, Thomas Gleixner wrote:
> >> Without at least minimal handling for split lock detection induced #AC, VMX
> >> will just run into the same problem as the VMWare hypervisor, which was
> >> reported by Kenneth.
> >>
> >> It will inject the #AC blindly into the guest whether the guest is prepared
> >> or not.
> >>
> >> Add the minimal required handling for it:
> >>
> >> - Check guest state whether CR0.AM is enabled and EFLAGS.AC is set. If
> >> so, then the #AC originated from CPL3 and the guest has is prepared to
> >> handle it. In this case it does not matter whether the #AC is due to a
> >> split lock or a regular unaligned check.
> >>
> >> - Invoke a minimal split lock detection handler. If the host SLD mode is
> >> sld_warn, then handle it in the same way as user space handling works:
> >> Emit a warning, disable SLD and mark the current task with TIF_SLD.
> >> With that resume the guest without injecting #AC.
> >>
> >> If the host mode is sld_fatal or sld_off, emit a warning and deliver
> >> the exception to user space which can crash and burn itself.
> >>
> >> Mark the module with MOD_INFO(sld_safe, "Y") so the module loader does not
> >> force SLD off.
> >
> > Some comments below. But, any objection to taking Xiaoyao's patches that
> > do effectively the same things, minus the MOD_INFO()? I'll repost them in
> > reply to this thread.
>
> IIUC they also deal with emulated split-lock accesses in the host, during
> instruction emulation [1]. This seems also to be required, although I am not
> sure the approach that he took once emulation encounters a split-lock is
> robust.
Yep. It's "robust" in the sense that KVM won't panic the host. It's not
robust from the perspective that it could possibly hose the guest. But, no
sane, well-behaved guest should reach that particular emulator path on a
split-lock enabled system.
> [1] https://lore.kernel.org/lkml/20200324151859.31068-5-xiaoyao.li@intel.com/
next prev parent reply other threads:[~2020-04-02 16:04 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 12:32 [patch 0/2] x86: Prevent Split-Lock-Detection wreckage on VMX hypervisors Thomas Gleixner
2020-04-02 12:32 ` [patch 1/2] x86,module: Detect VMX modules and disable Split-Lock-Detect Thomas Gleixner
2020-04-02 15:23 ` [patch v2 " Peter Zijlstra
2020-04-02 16:20 ` Xiaoyao Li
2020-04-02 16:25 ` Peter Zijlstra
2020-04-02 16:39 ` Nadav Amit
2020-04-02 16:41 ` Xiaoyao Li
2020-04-02 17:34 ` Thomas Gleixner
2020-04-02 17:51 ` Sean Christopherson
2020-04-02 18:51 ` Peter Zijlstra
2020-04-02 20:23 ` Sean Christopherson
2020-04-02 21:04 ` Thomas Gleixner
2020-04-02 21:16 ` Sean Christopherson
2020-04-03 8:09 ` David Laight
2020-04-03 14:33 ` Peter Zijlstra
2020-04-02 23:42 ` [patch " Rasmus Villemoes
2020-04-03 14:35 ` Jessica Yu
2020-04-03 15:21 ` Peter Zijlstra
2020-04-03 16:01 ` Sean Christopherson
2020-04-03 16:12 ` Peter Zijlstra
2020-04-03 16:16 ` David Laight
2020-04-03 16:39 ` Peter Zijlstra
2020-04-03 16:25 ` Sean Christopherson
2020-04-03 16:40 ` Peter Zijlstra
2020-04-03 16:48 ` Nadav Amit
2020-04-03 17:21 ` Sean Christopherson
2020-04-03 18:53 ` Thomas Gleixner
2020-04-03 20:58 ` Andy Lutomirski
2020-04-03 21:49 ` Thomas Gleixner
2020-04-03 11:29 ` kbuild test robot
2020-04-03 11:29 ` [patch 1/2] x86, module: " kbuild test robot
2020-04-03 14:43 ` [patch 1/2] x86,module: " kbuild test robot
2020-04-03 14:43 ` [patch 1/2] x86, module: " kbuild test robot
2020-04-03 16:36 ` [patch 1/2] x86,module: " Sean Christopherson
2020-04-03 16:41 ` Peter Zijlstra
2020-04-03 18:35 ` Jessica Yu
2020-04-06 12:23 ` Christoph Hellwig
2020-04-06 14:40 ` Peter Zijlstra
2020-04-06 15:18 ` Christoph Hellwig
2020-04-06 15:22 ` Peter Zijlstra
2020-04-06 18:27 ` Steven Rostedt
2020-04-02 12:33 ` [patch 2/2] x86/kvm/vmx: Prevent split lock detection induced #AC wreckage Thomas Gleixner
2020-04-02 15:30 ` Sean Christopherson
2020-04-02 15:44 ` Nadav Amit
2020-04-02 16:04 ` Sean Christopherson [this message]
2020-04-02 16:56 ` Thomas Gleixner
2020-04-02 15:55 ` [PATCH 0/3] x86: KVM: VMX: Add basic split-lock #AC handling Sean Christopherson
2020-04-02 15:55 ` [PATCH 1/3] KVM: x86: Emulate split-lock access as a write in emulator Sean Christopherson
2020-04-02 15:55 ` [PATCH 2/3] x86/split_lock: Refactor and export handle_user_split_lock() for KVM Sean Christopherson
2020-04-02 17:01 ` Thomas Gleixner
2020-04-02 17:19 ` Sean Christopherson
2020-04-02 19:06 ` Thomas Gleixner
2020-04-10 4:39 ` Xiaoyao Li
2020-04-10 10:21 ` Paolo Bonzini
2020-04-02 15:55 ` [PATCH 3/3] KVM: VMX: Extend VMX's #AC interceptor to handle split lock #AC in guest Sean Christopherson
2020-04-02 17:19 ` Thomas Gleixner
2020-04-02 17:40 ` Sean Christopherson
2020-04-02 20:07 ` Thomas Gleixner
2020-04-02 20:36 ` Andy Lutomirski
2020-04-02 20:48 ` Peter Zijlstra
2020-04-02 20:51 ` Sean Christopherson
2020-04-02 22:27 ` Thomas Gleixner
2020-04-02 22:40 ` Nadav Amit
2020-04-02 23:03 ` Thomas Gleixner
2020-04-02 23:08 ` Steven Rostedt
2020-04-02 23:16 ` Kenneth R. Crudup
2020-04-02 23:18 ` Jim Mattson
2020-04-03 12:16 ` Thomas Gleixner
2020-04-10 10:23 ` [PATCH 0/3] x86: KVM: VMX: Add basic split-lock #AC handling Paolo Bonzini
2020-04-10 11:14 ` Thomas Gleixner
2020-04-02 13:43 ` [patch 0/2] x86: Prevent Split-Lock-Detection wreckage on VMX hypervisors Kenneth R. Crudup
2020-04-02 14:32 ` Peter Zijlstra
2020-04-02 14:41 ` Kenneth R. Crudup
2020-04-02 14:46 ` Peter Zijlstra
2020-04-02 14:53 ` Kenneth R. Crudup
2020-04-02 14:37 ` Thomas Gleixner
2020-04-02 14:47 ` Nadav Amit
2020-04-02 15:11 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200402160443.GC13879@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=fenghua.yu@intel.com \
--cc=jeyu@kernel.org \
--cc=kenny@panix.com \
--cc=linux-kernel@vger.kernel.org \
--cc=namit@vmware.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=thellstrom@vmware.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.