Re: [RFC PATCH 0/3] KVM: Introduce "VM bugged" concept

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: Marc Zyngier <maz@kernel.org>,
	Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
	kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	James Morse <james.morse@arm.com>,
	Julien Thierry <julien.thierry.kdev@gmail.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	linux-arm-kernel@lists.infradead.org,
	Huacai Chen <chenhc@lemote.com>,
	Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
	linux-mips@vger.kernel.org, Paul Mackerras <paulus@ozlabs.org>,
	kvm-ppc@vger.kernel.org,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Janosch Frank <frankja@linux.ibm.com>,
	David Hildenbrand <david@redhat.com>,
	Cornelia Huck <cohuck@redhat.com>,
	Claudio Imbrenda <imbrenda@linux.ibm.com>
Subject: Re: [RFC PATCH 0/3] KVM: Introduce "VM bugged" concept
Date: Fri, 25 Sep 2020 23:05:48 +0200	[thread overview]
Message-ID: <100a603f-193c-5a46-d428-cfc0ce0a8fe4@redhat.com> (raw)
In-Reply-To: <874knlrf4a.wl-maz@kernel.org>

On 25/09/20 18:32, Marc Zyngier wrote:
> I'm quite like the idea. However, I wonder whether preventing the
> vcpus from re-entering the guest is enough. When something goes really
> wrong, is it safe to allow the userspace process to terminate normally
> and free the associated memory? And is it still safe to allow new VMs
> to be started?

For something that bad, where e.g. you can't rule out future memory
corruptions via use-after-free bugs or similar, you're probably entering
BUG_ON territory.

Paolo

WARNING: multiple messages have this Message-ID (diff)

From: Paolo Bonzini <pbonzini@redhat.com>
To: Marc Zyngier <maz@kernel.org>,
	Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Cornelia Huck <cohuck@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Janosch Frank <frankja@linux.ibm.com>,
	kvm@vger.kernel.org, Suzuki K Poulose <suzuki.poulose@arm.com>,
	Joerg Roedel <joro@8bytes.org>,
	David Hildenbrand <david@redhat.com>,
	linux-kernel@vger.kernel.org, kvm-ppc@vger.kernel.org,
	linux-mips@vger.kernel.org, Paul Mackerras <paulus@ozlabs.org>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
	James Morse <james.morse@arm.com>,
	linux-arm-kernel@lists.infradead.org,
	Huacai Chen <chenhc@lemote.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Claudio Imbrenda <imbrenda@linux.ibm.com>,
	Julien Thierry <julien.thierry.kdev@gmail.com>,
	Jim Mattson <jmattson@google.com>
Subject: Re: [RFC PATCH 0/3] KVM: Introduce "VM bugged" concept
Date: Fri, 25 Sep 2020 23:05:48 +0200	[thread overview]
Message-ID: <100a603f-193c-5a46-d428-cfc0ce0a8fe4@redhat.com> (raw)
In-Reply-To: <874knlrf4a.wl-maz@kernel.org>

On 25/09/20 18:32, Marc Zyngier wrote:
> I'm quite like the idea. However, I wonder whether preventing the
> vcpus from re-entering the guest is enough. When something goes really
> wrong, is it safe to allow the userspace process to terminate normally
> and free the associated memory? And is it still safe to allow new VMs
> to be started?

For something that bad, where e.g. you can't rule out future memory
corruptions via use-after-free bugs or similar, you're probably entering
BUG_ON territory.

Paolo


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

WARNING: multiple messages have this Message-ID (diff)

From: Paolo Bonzini <pbonzini@redhat.com>
To: Marc Zyngier <maz@kernel.org>,
	Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
	kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	James Morse <james.morse@arm.com>,
	Julien Thierry <julien.thierry.kdev@gmail.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	linux-arm-kernel@lists.infradead.org,
	Huacai Chen <chenhc@lemote.com>,
	Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
	linux-mips@vger.kernel.org, Paul Mackerras <paulus@ozlabs.org>,
	kvm-ppc@vger.kernel.org,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Janosch Frank <frankja@linux.ibm.com>,
	David Hildenbrand <david@redhat.com>,
	Cornelia Huck <cohuck@redhat.com>,
	Claudio Imbrenda <imbrenda@linux.ibm.com>
Subject: Re: [RFC PATCH 0/3] KVM: Introduce "VM bugged" concept
Date: Fri, 25 Sep 2020 21:05:48 +0000	[thread overview]
Message-ID: <100a603f-193c-5a46-d428-cfc0ce0a8fe4@redhat.com> (raw)
In-Reply-To: <874knlrf4a.wl-maz@kernel.org>

On 25/09/20 18:32, Marc Zyngier wrote:
> I'm quite like the idea. However, I wonder whether preventing the
> vcpus from re-entering the guest is enough. When something goes really
> wrong, is it safe to allow the userspace process to terminate normally
> and free the associated memory? And is it still safe to allow new VMs
> to be started?

For something that bad, where e.g. you can't rule out future memory
corruptions via use-after-free bugs or similar, you're probably entering
BUG_ON territory.

Paolo

next prev parent reply	other threads:[~2020-09-25 21:05 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-23 22:45 [RFC PATCH 0/3] KVM: Introduce "VM bugged" concept Sean Christopherson
2020-09-23 22:45 ` Sean Christopherson
2020-09-23 22:45 ` Sean Christopherson
2020-09-23 22:45 ` [RFC PATCH 1/3] KVM: Export kvm_make_all_cpus_request() for use in marking VMs as bugged Sean Christopherson
2020-09-23 22:45   ` Sean Christopherson
2020-09-23 22:45   ` Sean Christopherson
2020-09-23 22:45 ` [RFC PATCH 2/3] KVM: Add infrastructure and macro to mark VM " Sean Christopherson
2020-09-23 22:45   ` Sean Christopherson
2020-09-23 22:45   ` Sean Christopherson
2020-09-23 22:45 ` [RFC PATCH 3/3] KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM Sean Christopherson
2020-09-23 22:45   ` Sean Christopherson
2020-09-23 22:45   ` Sean Christopherson
2020-09-24 12:34   ` Vitaly Kuznetsov
2020-09-24 12:34     ` Vitaly Kuznetsov
2020-09-24 12:34     ` Vitaly Kuznetsov
2020-09-24 18:11     ` Sean Christopherson
2020-09-25  9:50       ` Vitaly Kuznetsov
2020-09-25  9:50         ` Vitaly Kuznetsov
2020-09-25  9:50         ` Vitaly Kuznetsov
2020-09-25 17:12         ` Sean Christopherson
2020-09-25 17:12           ` Sean Christopherson
2020-09-25 17:12           ` Sean Christopherson
2020-09-25 21:06           ` Paolo Bonzini
2020-09-25 21:06             ` Paolo Bonzini
2020-09-25 21:06             ` Paolo Bonzini
2020-09-29  3:52             ` Sean Christopherson
2020-09-29  3:52               ` Sean Christopherson
2020-09-29  3:52               ` Sean Christopherson
2020-09-29  9:15               ` Paolo Bonzini
2020-09-29  9:15                 ` Paolo Bonzini
2020-09-29  9:15                 ` Paolo Bonzini
2020-09-24  6:37 ` [RFC PATCH 0/3] KVM: Introduce "VM bugged" concept Christian Borntraeger
2020-09-24  6:37   ` Christian Borntraeger
2020-09-24  6:37   ` Christian Borntraeger
2020-09-25 16:32 ` Marc Zyngier
2020-09-25 16:32   ` Marc Zyngier
2020-09-25 16:32   ` Marc Zyngier
2020-09-25 17:00   ` Sean Christopherson
2020-09-25 17:00     ` Sean Christopherson
2020-09-25 17:00     ` Sean Christopherson
2020-09-25 21:05   ` Paolo Bonzini [this message]
2020-09-25 21:05     ` Paolo Bonzini
2020-09-25 21:05     ` Paolo Bonzini
2020-09-29  9:27 ` Cornelia Huck
2020-09-29  9:27   ` Cornelia Huck
2020-09-29  9:27   ` Cornelia Huck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=100a603f-193c-5a46-d428-cfc0ce0a8fe4@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=aleksandar.qemu.devel@gmail.com \
    --cc=borntraeger@de.ibm.com \
    --cc=chenhc@lemote.com \
    --cc=cohuck@redhat.com \
    --cc=david@redhat.com \
    --cc=frankja@linux.ibm.com \
    --cc=imbrenda@linux.ibm.com \
    --cc=james.morse@arm.com \
    --cc=jmattson@google.com \
    --cc=joro@8bytes.org \
    --cc=julien.thierry.kdev@gmail.com \
    --cc=kvm-ppc@vger.kernel.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mips@vger.kernel.org \
    --cc=maz@kernel.org \
    --cc=paulus@ozlabs.org \
    --cc=sean.j.christopherson@intel.com \
    --cc=suzuki.poulose@arm.com \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.