From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Graf Subject: Re: [PATCH] KVM: handle exit due to INVD in VMX Date: Sun, 31 Oct 2010 12:01:29 -0700 Message-ID: <829762F0-FA86-4DDD-9AAC-2213CF2F7FC8@suse.de> References: <20101031143635.GW26191@redhat.com> <30710656-1B22-45B9-AC71-7EB744906A6C@suse.de> <20101031182240.GH2764@redhat.com> <20101031185651.GI2764@redhat.com> Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8BIT Cc: mtosatti@redhat.com, avi@redhat.com, kvm@vger.kernel.org To: Gleb Natapov Return-path: Received: from cantor2.suse.de ([195.135.220.15]:44050 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756262Ab0JaTBe convert rfc822-to-8bit (ORCPT ); Sun, 31 Oct 2010 15:01:34 -0400 In-Reply-To: <20101031185651.GI2764@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 31.10.2010, at 11:56, Gleb Natapov wrote: > On Sun, Oct 31, 2010 at 11:26:09AM -0700, Alexander Graf wrote: >> >> On 31.10.2010, at 11:22, Gleb Natapov wrote: >> >>> On Sun, Oct 31, 2010 at 11:00:08AM -0700, Alexander Graf wrote: >>>> >>>> On 31.10.2010, at 07:36, Gleb Natapov wrote: >>>> >>>>> Call into emulator when INVD instruction is executed by a guest. >>>> >>>> Why? This is a poor patch description. >>> Why what? Why we need to handle INVD exit instead of stopping with >>> unhandled exit error? >> >> Ah, so we get the exit already, but don't handle it? That's an important piece of information that belongs in the patch description. Another thing I as a reader would also like to know is where this got triggered, so which guests would break without the patch. >> > I'll add it to the patch description. The guest that triggered it was > open firmware, but I do not think this info belongs to patch description > too. Quite the contrary, I would be very interested in that information in the patch description. The patch description is what people afterwards use to cherry-pick patches. So this is crucial. > >> I'm also wondering why nobody has seen it before. Is this a regression? Is this exit a side-effect of another feature bit of VMX, so only newer CPUs are affected? >> > I guess nobody seen it because not many guests use the instruction. > Actually this instruction is useful only for firmware use. This is not a > regression. This, too, should go in the patch description :). At least the part that usually only firmware uses it. The part where it has been around since the beginning might be interesting as well from a security point of view. After all, the guest can kill its full kvm context without going through qemu interfaces. Thanks! Alex