xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@amacapital.net>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: KVM list <kvm@vger.kernel.org>,
	Peter Zijlstra <peterz@infradead.org>, X86 ML <x86@kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	xen-devel <Xen-devel@lists.xen.org>,
	Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Arjan van de Ven <arjan@linux.intel.com>
Subject: Re: [PATCH v4 2/5] x86/msr: Carry on after a non-"safe" MSR access fails without !panic_on_oops
Date: Mon, 14 Mar 2016 10:17:07 -0700	[thread overview]
Message-ID: <CALCETrXhXPj_b6rUMn=SR0QwE92rL=k5DCFraZwBj9FpUgadYw__38183.0381732017$1457975940$gmane$org@mail.gmail.com> (raw)
In-Reply-To: <CA+55aFwhBA8yPhuP8FfHjgbfDj3dwEjR86kkTH3rymYZqikhjw@mail.gmail.com>

On Mon, Mar 14, 2016 at 10:11 AM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Mar 14, 2016 10:05 AM, "Andy Lutomirski" <luto@amacapital.net> wrote:
>>
>> We could probably remove that check and let custom fixups run early.
>> I don't see any compelling reason to keep them disabled.  That should
>> probably be a separate change, though.
>
> Or we could just use the existing wrmsr_safe() code and not add this new
> special code at all.
>
> Look, why are you doing this? We should get rid of the difference between
> wrmsr and wrmsr_safe(), not make it bigger.
>
> Just make everything safe. There has never in the history of anything been
> an advantage to making things oops and to making things more complicated.
>
> Why is rd/wrmsr() so magically important?

Because none of this is actually safe unless the code that calls
whatever_safe actually does something intelligent with the return
value.  I think that most code that does rdmsr or wrmsr actually
thinks "I know that this MSR exists and I want to access it" and the
code may actually malfunction if the access fails.  So I think we
really do want the warning so we can fix the bugs if they happen.  And
I wouldn't be at all surprised if there's a bug or two in perf where
some perf event registers itself incorrectly in some cases because it
messed up the probe sequence.  We don't want to totally ignore the
resulting failure of the perf event -- we want to get a warning so
that we know about the bug.

Or suppose we're writing some important but easy-to-miss MSR, like PAT
or one of the excessive number of system call setup MSRs.  If the
write fails, the system could easily still appear to work until
something unfortunate happens.

So yes, let's please warn.  I'm okay with removing the panic_on_oops
thing though.  (But if anyone suggests that we should stop OOPSing on
bad kernel page faults, I *will* fight back.)

--Andy

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

  reply	other threads:[~2016-03-14 17:17 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <cover.1457805972.git.luto@kernel.org>
2016-03-12 18:08 ` [PATCH v4 1/5] x86/paravirt: Add _safe to the read_msr and write_msr PV hooks Andy Lutomirski
2016-03-12 18:08 ` [PATCH v4 2/5] x86/msr: Carry on after a non-"safe" MSR access fails without !panic_on_oops Andy Lutomirski
2016-03-12 18:08 ` [PATCH v4 3/5] x86/paravirt: Add paravirt_{read, write}_msr Andy Lutomirski
2016-03-12 18:08 ` [PATCH v4 4/5] x86/paravirt: Make "unsafe" MSR accesses unsafe even if PARAVIRT=y Andy Lutomirski
2016-03-12 18:08 ` [PATCH v4 5/5] x86/msr: Set the return value to zero when native_rdmsr_safe fails Andy Lutomirski
     [not found] ` <7e72cd6ce08b946872a462fad13eca1810b8671d.1457805972.git.luto@kernel.org>
2016-03-14 11:57   ` [PATCH v4 1/5] x86/paravirt: Add _safe to the read_msr and write_msr PV hooks Borislav Petkov
     [not found]   ` <20160314115729.GC15800@pd.tnic>
2016-03-14 17:07     ` Andy Lutomirski
     [not found] ` <a3b871a4eb533340d04255409dfecc94f88c647d.1457805972.git.luto@kernel.org>
2016-03-14 12:02   ` [PATCH v4 2/5] x86/msr: Carry on after a non-"safe" MSR access fails without !panic_on_oops Borislav Petkov
     [not found]   ` <20160314120202.GD15800@pd.tnic>
2016-03-14 17:05     ` Andy Lutomirski
     [not found]     ` <CALCETrW6E0Nz6gSmRKTvHbQDhnHVpuhzmgZB1nZ3m-DL-Bt=tQ@mail.gmail.com>
2016-03-14 17:11       ` Linus Torvalds
2016-03-14 17:17         ` Andy Lutomirski [this message]
     [not found]         ` <CALCETrXhXPj_b6rUMn=SR0QwE92rL=k5DCFraZwBj9FpUgadYw@mail.gmail.com>
2016-03-14 18:04           ` Linus Torvalds
     [not found]           ` <CA+55aFwr80aZ3-1H4VPB5=jeU_Yt=hYFfFvZC5-cNXzgXxGf3A@mail.gmail.com>
2016-03-14 18:10             ` Andy Lutomirski
2016-03-14 18:10             ` Linus Torvalds
     [not found]             ` <CALCETrV16vh5U0TRzdroSTBR_QHDX1C78t0DDW9qtKjOmV+2sQ@mail.gmail.com>
2016-03-14 18:15               ` Linus Torvalds
     [not found]               ` <CA+55aFz=PdvMWSsXExrpQC2UV6aLS+=+VOo+K4=njQoU5B9hgA@mail.gmail.com>
2016-03-14 18:24                 ` Andy Lutomirski
     [not found]                 ` <CALCETrXAAOcGP7DK+7aKn=2pu=SQ0n_PhG9bV4DcoYcv9epn4A@mail.gmail.com>
2016-03-14 18:40                   ` Linus Torvalds
     [not found]                   ` <CA+55aFy2dNgBJwjd+fRUYQf9OxqGkkcjUEarv+o3QSFTJ6+gJQ@mail.gmail.com>
2016-03-14 18:48                     ` Andy Lutomirski
     [not found]                     ` <CALCETrWxSBwwFTFsRoR_9AVBoC0iJ1pdWwOq_cnFf3NHUpG4QA@mail.gmail.com>
2016-03-15 10:22                       ` Ingo Molnar
     [not found]                       ` <20160315102230.GB23406@gmail.com>
2016-03-15 10:26                         ` Ingo Molnar
2016-03-14 20:18               ` Peter Zijlstra
2016-03-15 10:21             ` Ingo Molnar
2016-03-14 14:32 ` [PATCH v4 0/5] [PATCH v3 0/5] Improve non-"safe" MSR access failure handling Boris Ostrovsky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALCETrXhXPj_b6rUMn=SR0QwE92rL=k5DCFraZwBj9FpUgadYw__38183.0381732017$1457975940$gmane$org@mail.gmail.com' \
    --to=luto@amacapital.net \
    --cc=Xen-devel@lists.xen.org \
    --cc=akpm@linux-foundation.org \
    --cc=arjan@linux.intel.com \
    --cc=bp@alien8.de \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=torvalds@linux-foundation.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).