From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754526AbbKJQJ7 (ORCPT ); Tue, 10 Nov 2015 11:09:59 -0500 Received: from mail-wm0-f41.google.com ([74.125.82.41]:37263 "EHLO mail-wm0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753567AbbKJQJ5 (ORCPT ); Tue, 10 Nov 2015 11:09:57 -0500 Subject: Re: [PATCH 0/3] Infinite loops in microcode while running guests To: Jan Kiszka , linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <1447158174-10484-1-git-send-email-pbonzini@redhat.com> <56420F59.7080506@siemens.com> Cc: digitaleric@google.com From: Paolo Bonzini X-Enigmail-Draft-Status: N1110 Message-ID: <564216CE.5020500@redhat.com> Date: Tue, 10 Nov 2015 17:09:50 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <56420F59.7080506@siemens.com> Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/11/2015 16:38, Jan Kiszka wrote: > On 2015-11-10 13:22, Paolo Bonzini wrote: >> Yes, these can happen. The issue is that benign exceptions are >> delivered serially, but two of them (#DB and #AC) can also happen >> during exception delivery itself. The subsequent infinite stream >> of exceptions causes the processor to never exit guest mode. >> >> Paolo >> >> Eric Northup (1): >> KVM: x86: work around infinite loop in microcode when #AC is delivered >> >> Paolo Bonzini (2): >> KVM: svm: unconditionally intercept #DB >> KVM: x86: rename update_db_bp_intercept to update_bp_intercept >> >> arch/x86/include/asm/kvm_host.h | 2 +- >> arch/x86/include/uapi/asm/svm.h | 1 + >> arch/x86/kvm/svm.c | 22 +++++++++++----------- >> arch/x86/kvm/vmx.c | 7 +++++-- >> arch/x86/kvm/x86.c | 2 +- >> 5 files changed, 19 insertions(+), 15 deletions(-) >> > > So this affects both Intel and AMD CPUs equally? Nice cross-vendor > "compatibility". Yes, it's for both. > And it can only be triggered via #AC and #DB, or also other exceptions > (that KVM already happens to intercept)? Yes, these are the sole benign exceptions that can occur during exception delivery. All other benign exceptions only occur as the result of executing instructions. > You may guess why I'm asking... > Is any of the issues already documented in a vendor errata? No idea. As far as I understood, processor engineers consider this to be intended behavior (!) though they admit that the outcome for virtualization is bad. I don't have a reproducer for this yet (I have only tested the patches by ensuring that they do not regress on the legal cases), but from what I heard at least on Intel the #AC injection actually causes a failed VM-entry... Yet, nothing in the manual suggests _why_. Paolo