From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,HK_RANDOM_FROM,MAILING_LIST_MULTI,NICE_REPLY_A, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 024FAC388F9 for ; Tue, 3 Nov 2020 06:24:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B1C4522277 for ; Tue, 3 Nov 2020 06:24:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726727AbgKCGYc (ORCPT ); Tue, 3 Nov 2020 01:24:32 -0500 Received: from mga02.intel.com ([134.134.136.20]:53522 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725968AbgKCGYc (ORCPT ); Tue, 3 Nov 2020 01:24:32 -0500 IronPort-SDR: 1Dtmk1tdDVAsU3gXt1g5PBq0UtUO/BDorc2kugtHxJHKYKLQskwToHO+Myl3Dhpcf85hFSjRnG wQa0JfwziHXg== X-IronPort-AV: E=McAfee;i="6000,8403,9793"; a="155993800" X-IronPort-AV: E=Sophos;i="5.77,447,1596524400"; d="scan'208";a="155993800" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Nov 2020 22:24:28 -0800 IronPort-SDR: /kmhGLNnzYaQ+04Ndb6V/0sv8KG0lxtDXF442YpiDYyGOG2j7kXZDb4r4LxT/J67mXqjqZ5ZDl JhcIs6IvIypQ== X-IronPort-AV: E=Sophos;i="5.77,447,1596524400"; d="scan'208";a="470669617" Received: from xiaoyaol-mobl.ccr.corp.intel.com (HELO [10.239.13.118]) ([10.239.13.118]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Nov 2020 22:24:24 -0800 Subject: Re: [PATCH] KVM: VMX: Enable Notify VM exit To: Tao Xu , Jim Mattson Cc: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , the arch/x86 maintainers , kvm list , LKML References: <20201102061445.191638-1-tao3.xu@intel.com> From: Xiaoyao Li Message-ID: <24fd6383-2360-8a1a-3c4c-1a3ee1b1db1c@intel.com> Date: Tue, 3 Nov 2020 14:24:22 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org On 11/3/2020 2:12 PM, Tao Xu wrote: > > > On 11/3/20 6:53 AM, Jim Mattson wrote: >> On Sun, Nov 1, 2020 at 10:14 PM Tao Xu wrote: >>> >>> There are some cases that malicious virtual machines can cause CPU stuck >>> (event windows don't open up), e.g., infinite loop in microcode when >>> nested #AC (CVE-2015-5307). No event window obviously means no events, >>> e.g. NMIs, SMIs, and IRQs will all be blocked, may cause the related >>> hardware CPU can't be used by host or other VM. >>> >>> To resolve those cases, it can enable a notify VM exit if no >>> event window occur in VMX non-root mode for a specified amount of >>> time (notify window). >>> >>> Expose a module param for setting notify window, default setting it to >>> the time as 1/10 of periodic tick, and user can set it to 0 to disable >>> this feature. >>> >>> TODO: >>> 1. The appropriate value of notify window. >>> 2. Another patch to disable interception of #DB and #AC when notify >>> VM-Exiting is enabled. >>> >>> Co-developed-by: Xiaoyao Li >>> Signed-off-by: Tao Xu >>> Signed-off-by: Xiaoyao Li >> >> Do you have test cases? >> yes we have. The nested #AC (CVE-2015-5307) is a known test case, though we need to tweak KVM to disable interception #AC for it. > Not yet, because we are waiting real silicon to do some test. I should > add RFC next time before I test it in hardware.