All of lore.kernel.org
 help / color / mirror / Atom feed
From: Tao Xu <tao3.xu@intel.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	"Christopherson, Sean J" <sean.j.christopherson@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"H. Peter Anvin" <hpa@zytor.com>, X86 ML <x86@kernel.org>,
	kvm list <kvm@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Xiaoyao Li <xiaoyao.li@intel.com>
Subject: Re: [PATCH] KVM: VMX: Enable Notify VM exit
Date: Tue, 3 Nov 2020 14:08:59 +0800	[thread overview]
Message-ID: <a5f500ee-51f8-54a7-d927-0e8eee644e26@intel.com> (raw)
In-Reply-To: <CALCETrVqdq4zw=Dcd6dZzSmUZTMXHP50d=SRSaY2AV5sauUzOw@mail.gmail.com>



On 11/3/20 12:43 AM, Andy Lutomirski wrote:
> On Sun, Nov 1, 2020 at 10:14 PM Tao Xu <tao3.xu@intel.com> wrote:
>>
>> There are some cases that malicious virtual machines can cause CPU stuck
>> (event windows don't open up), e.g., infinite loop in microcode when
>> nested #AC (CVE-2015-5307). No event window obviously means no events,
>> e.g. NMIs, SMIs, and IRQs will all be blocked, may cause the related
>> hardware CPU can't be used by host or other VM.
>>
>> To resolve those cases, it can enable a notify VM exit if no
>> event window occur in VMX non-root mode for a specified amount of
>> time (notify window).
>>
>> Expose a module param for setting notify window, default setting it to
>> the time as 1/10 of periodic tick, and user can set it to 0 to disable
>> this feature.
>>
>> TODO:
>> 1. The appropriate value of notify window.
>> 2. Another patch to disable interception of #DB and #AC when notify
>> VM-Exiting is enabled.
> 
> Whoa there.
> 
> A VM control that says "hey, CPU, if you messed up and livelocked for
> a long time, please break out of the loop" is not a substitute for
> fixing the livelocks.  So I don't think you get do disable
> interception of #DB and #AC.  I also think you should print a loud
> warning and have some intelligent handling when this new exit
> triggers.
> 
>> +static int handle_notify(struct kvm_vcpu *vcpu)
>> +{
>> +       unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
>> +
>> +       /*
>> +        * Notify VM exit happened while executing iret from NMI,
>> +        * "blocked by NMI" bit has to be set before next VM entry.
>> +        */
>> +       if (exit_qualification & NOTIFY_VM_CONTEXT_VALID) {
>> +               if (enable_vnmi &&
>> +                   (exit_qualification & INTR_INFO_UNBLOCK_NMI))
>> +                       vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
>> +                                     GUEST_INTR_STATE_NMI);
> 
> This needs actual documentation in the SDM or at least ISE please.
> 
Notify VM-Exit is defined in ISE, chapter 9.2:
https://software.intel.com/content/dam/develop/external/us/en/documents/architecture-instruction-set-extensions-programming-reference.pdf

I will add this information into commit message. Thank you for reminding me.

  parent reply	other threads:[~2020-11-03  6:09 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-02  6:14 [PATCH] KVM: VMX: Enable Notify VM exit Tao Xu
2020-11-02 16:43 ` Andy Lutomirski
2020-11-02 17:31   ` Sean Christopherson
2020-11-02 18:01     ` Andy Lutomirski
2020-11-02 18:25       ` Paolo Bonzini
2020-11-03  6:39         ` Xiaoyao Li
2020-11-02 18:33       ` Sean Christopherson
2021-05-17  7:20         ` Xiaoyao Li
2021-05-17  8:55           ` Xiaoyao Li
2020-11-03  5:35     ` Tao Xu
2020-11-03  6:08   ` Tao Xu [this message]
2020-11-03  7:29     ` Xiaoyao Li
2020-11-02 17:32 ` Sean Christopherson
2020-11-03  5:36   ` Tao Xu
2020-11-02 22:53 ` Jim Mattson
2020-11-03  6:12   ` Tao Xu
2020-11-03  6:24     ` Xiaoyao Li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a5f500ee-51f8-54a7-d927-0e8eee644e26@intel.com \
    --to=tao3.xu@intel.com \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=sean.j.christopherson@intel.com \
    --cc=tglx@linutronix.de \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    --cc=xiaoyao.li@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.