From: Igor Mammedov <imammedo@redhat.com>
To: gengdongjiu <gengdongjiu@huawei.com>
Cc: peter.maydell@linaro.org, ehabkost@redhat.com,
kvm@vger.kernel.org, mst@redhat.com, mtosatti@redhat.com,
qemu-devel@nongnu.org, linuxarm@huawei.com,
shannon.zhaosl@gmail.com, zhengxiang9@huawei.com,
qemu-arm@nongnu.org, james.morse@arm.com, xuwei5@huawei.com,
jonathan.cameron@huawei.com, pbonzini@redhat.com,
lersek@redhat.com, rth@twiddle.net
Subject: Re: [Qemu-devel] [PATCH v17 10/10] target-arm: kvm64: handle SIGBUS signal from kernel or KVM
Date: Tue, 25 Jun 2019 15:32:12 +0200 [thread overview]
Message-ID: <20190625153212.1fff6b40@redhat.com> (raw)
In-Reply-To: <3059ee08-c041-2006-36b5-fd0e53c08e79@huawei.com>
On Tue, 25 Jun 2019 20:24:32 +0800
gengdongjiu <gengdongjiu@huawei.com> wrote:
> On 2019/6/24 21:08, Igor Mammedov wrote:
> > On Tue, 14 May 2019 04:18:23 -0700
> > Dongjiu Geng <gengdongjiu@huawei.com> wrote:
> >
> >> Add SIGBUS signal handler. In this handler, it checks the SIGBUS type,
> >> translates the host VA delivered by host to guest PA, then fill this PA
> >> to guest APEI GHES memory, then notify guest according to the SIGBUS type.
> >>
> >> If guest accesses the poisoned memory, it generates Synchronous External
> >> Abort(SEA). Then host kernel gets an APEI notification and call memory_failure()
> >> to unmapped the affected page for the guest's stage 2, finally return
> >> to guest.
> >>
> >> Guest continues to access PG_hwpoison page, it will trap to KVM as stage2 fault,
> >> then a SIGBUS_MCEERR_AR synchronous signal is delivered to Qemu, Qemu record this
> >> error address into guest APEI GHES memory and notify guest using
> >> Synchronous-External-Abort(SEA).
> >>
> >> Suggested-by: James Morse <james.morse@arm.com>
> >> Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
> >> ---
> >> hw/acpi/acpi_ghes.c | 177 ++++++++++++++++++++++++++++++++++++++++++++
> >> include/hw/acpi/acpi_ghes.h | 6 +-
> >> include/sysemu/kvm.h | 2 +-
> >> target/arm/kvm64.c | 39 ++++++++++
> >> 4 files changed, 222 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/hw/acpi/acpi_ghes.c b/hw/acpi/acpi_ghes.c
> >> index d03e797..06b7374 100644
> >> --- a/hw/acpi/acpi_ghes.c
> >> +++ b/hw/acpi/acpi_ghes.c
> >> @@ -26,6 +26,101 @@
> >> #include "sysemu/sysemu.h"
> >> #include "qemu/error-report.h"
> >>
> >> +/* UEFI 2.6: N.2.5 Memory Error Section */
> >> +static void build_append_mem_cper(GArray *table, uint64_t error_physical_addr)
> >> +{
> >> + /*
> >> + * Memory Error Record
> >> + */
> >> + build_append_int_noprefix(table,
> >> + (1UL << 14) | /* Type Valid */
> >> + (1UL << 1) /* Physical Address Valid */,
> >> + 8);
> > bad indent
> I will update it
>
> >
> >> + /* Memory error status information */
> >> + build_append_int_noprefix(table, 0, 8);
> >> + /* The physical address at which the memory error occurred */
> >> + build_append_int_noprefix(table, error_physical_addr, 8);
> >> + build_append_int_noprefix(table, 0, 48);
> >> + build_append_int_noprefix(table, 0 /* Unknown error */, 1);
> >> + build_append_int_noprefix(table, 0, 7);
> >> +}
> >> +
> >> +static int ghes_record_mem_error(uint64_t error_block_address,
> >> + uint64_t error_physical_addr)
> > bad indent
> I will update it
>
> >
> >
> >> +{
> >> + GArray *block;
> >> + uint64_t current_block_length;
> >> + uint32_t data_length;
> >> + /* Memory section */
> >> + char mem_section_id_le[] = {0x14, 0x11, 0xBC, 0xA5, 0x64, 0x6F, 0xDE,
> >> + 0x4E, 0xB8, 0x63, 0x3E, 0x83, 0xED, 0x7C,
> >> + 0x83, 0xB1};
> >> + uint8_t fru_id[16] = {0};
> >> + uint8_t fru_text[20] = {0};
> >> +
> >> + /* Generic Error Status Block
> >> + * | +---------------------+
> >> + * | | block_status |
> >> + * | +---------------------+
> >> + * | | raw_data_offset |
> >> + * | +---------------------+
> >> + * | | raw_data_length |
> >> + * | +---------------------+
> >> + * | | data_length |
> >> + * | +---------------------+
> >> + * | | error_severity |
> >> + * | +---------------------+
> >> + */
> >> + block = g_array_new(false, true /* clear */, 1);
> >> +
> >> + /* Get the length of the Generic Error Data Entries */
> >> + cpu_physical_memory_read(error_block_address +
> >> + offsetof(AcpiGenericErrorStatus, data_length), &data_length, 4);
> >> + /* The current whole length of the generic error status block */
> >> + current_block_length = sizeof(AcpiGenericErrorStatus) + le32_to_cpu(data_length);
> > I might be missing something but why do you read length from guest?
> > Isn't it something provided by QEMU/host?
> The length of the Generic Error Data Entries is not fixed, as the CPER number increases, the length will increase.
> there is already a member to record the length for the CPER in the table, this table is in the guest.
> so it is better directly read the length from the table instead of providing by QEMU/host.
If not careful using guest provided length for reading/writing buffers in QEMU opens road for exploits.
So if CPER is provided and managed by QEMU then it's better to calculate length
without relying on guest state. Or even rewrite whole status block without trying
to calculate delta.
next prev parent reply other threads:[~2019-06-25 13:53 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-14 11:18 [Qemu-devel] [PATCH v17 00/10] Add ARMv8 RAS virtualization support in QEMU Dongjiu Geng
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 01/10] hw/arm/virt: Add RAS platform version for migration Dongjiu Geng
2019-06-20 12:04 ` Igor Mammedov
2019-06-24 12:19 ` gengdongjiu
2019-06-25 13:16 ` Igor Mammedov
2019-06-25 13:29 ` gengdongjiu
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 02/10] ACPI: add some GHES structures and macros definition Dongjiu Geng
2019-05-29 3:40 ` Michael S. Tsirkin
2019-05-30 14:58 ` gengdongjiu
2019-06-20 12:10 ` Igor Mammedov
2019-06-20 14:04 ` gengdongjiu
2019-06-20 15:09 ` Igor Mammedov
2019-06-20 17:17 ` gengdongjiu
2019-06-24 11:16 ` Igor Mammedov
2019-06-25 9:56 ` gengdongjiu
2019-06-25 13:33 ` Igor Mammedov
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 03/10] acpi: add build_append_ghes_notify() helper for Hardware Error Notification Dongjiu Geng
2019-06-24 11:21 ` Igor Mammedov
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 04/10] acpi: add build_append_ghes_generic_data() helper for Generic Error Data Entry Dongjiu Geng
2019-06-20 12:28 ` Igor Mammedov
2019-06-24 12:37 ` gengdongjiu
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 05/10] acpi: add build_append_ghes_generic_status() helper for Generic Error Status Block Dongjiu Geng
2019-06-20 12:42 ` Igor Mammedov
2019-06-25 12:11 ` gengdongjiu
2019-06-25 13:41 ` Igor Mammedov
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 06/10] docs: APEI GHES generation and CPER record description Dongjiu Geng
2019-06-24 11:39 ` Igor Mammedov
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 07/10] ACPI: Add APEI GHES table generation support Dongjiu Geng
2019-05-29 3:37 ` Michael S. Tsirkin
2019-05-30 14:47 ` gengdongjiu
2019-06-06 13:43 ` Jonathan Cameron
2019-06-24 12:27 ` Igor Mammedov
2019-06-25 13:48 ` gengdongjiu
2019-06-26 14:25 ` Igor Mammedov
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 08/10] KVM: Move related hwpoison page functions to accel/kvm/ folder Dongjiu Geng
2019-06-24 12:32 ` Igor Mammedov
2019-06-25 12:28 ` gengdongjiu
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 09/10] target-arm: kvm64: inject synchronous External Abort Dongjiu Geng
2019-05-14 11:18 ` [Qemu-devel] [PATCH v17 10/10] target-arm: kvm64: handle SIGBUS signal from kernel or KVM Dongjiu Geng
2019-06-06 13:31 ` Jonathan Cameron
2019-06-24 13:08 ` Igor Mammedov
2019-06-25 12:24 ` gengdongjiu
2019-06-25 13:32 ` Igor Mammedov [this message]
2019-05-15 9:40 ` [Qemu-devel] [PATCH v17 00/10] Add ARMv8 RAS virtualization support in QEMU gengdongjiu
2019-06-08 18:57 [Qemu-devel] [PATCH v17 10/10] target-arm: kvm64: handle SIGBUS signal from kernel or KVM gengdongjiu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190625153212.1fff6b40@redhat.com \
--to=imammedo@redhat.com \
--cc=ehabkost@redhat.com \
--cc=gengdongjiu@huawei.com \
--cc=james.morse@arm.com \
--cc=jonathan.cameron@huawei.com \
--cc=kvm@vger.kernel.org \
--cc=lersek@redhat.com \
--cc=linuxarm@huawei.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=shannon.zhaosl@gmail.com \
--cc=xuwei5@huawei.com \
--cc=zhengxiang9@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).