From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@amacapital.net>,
x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org,
David Laight <David.Laight@aculab.com>
Subject: Re: [PATCH v2 4/6] kvm: vmx: Extend VMX's #AC handding for split lock in guest
Date: Mon, 10 Feb 2020 13:30:11 -0800 [thread overview]
Message-ID: <20200210213010.GA2510@linux.intel.com> (raw)
In-Reply-To: <2b95a6ef-828d-768c-f9c6-2e798485717e@intel.com>
On Tue, Feb 04, 2020 at 02:46:14PM +0800, Xiaoyao Li wrote:
> On 2/4/2020 5:14 AM, Sean Christopherson wrote:
> >>diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> >>index c475fa2aaae0..93e3370c5f84 100644
> >>--- a/arch/x86/kvm/vmx/vmx.c
> >>+++ b/arch/x86/kvm/vmx/vmx.c
> >>@@ -4233,6 +4233,8 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
> >> vmx->msr_ia32_umwait_control = 0;
> >>+ vmx->disable_split_lock_detect = false;
> >>+
> >
> >I see no reason to give special treatment to RESET/INIT, i.e. leave the
> >flag set. vCPUs are zeroed on allocation.
>
> So when guest reboots, it doesn't need to reset it to false?
No. KVM _could_ clear disable_split_lock_detect, but it's not required.
E.g. KVM could periodically clear disable_split_lock_detect irrespective
of RESET/INIT.
> I am not clear about difference between RESET and INIT, so I didn't
> differentiate them into different case with init_event
...
> >>+ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
> >>+ return 1;
> >>+ }
> >>+ if (get_split_lock_detect_state() == sld_warn) {
> >>+ pr_warn("kvm: split lock #AC happened in %s [%d]\n",
> >>+ current->comm, current->pid);
> >
> >Set TIF_SLD and the MSR bit, then __switch_to_xtra() will automatically
> >handle writing the MSR when necessary.
>
> Right, we can do this.
>
> However, if using TIF_SLD and __switch_to_xtra() to switch MSR bit. Once
> there is a split lock in guest, it set TIF_SLD for the vcpu thread, so it
> loses the capability to find and warn the split locks in the user space
> thread, e.g., QEMU vcpu thread, and also loses the capability to find the
> split lock in KVM.
Finding split locks in KVM is a non-issue, in the (hopefully unlikely) event
KVM ends up with a split lock bug, the odds of the bug being hit *only*
after a guest also hits a split-lock #AC are tiny.
Userspace is a different question. My preference would to keep KVM simple
and rely in TIF_SLD.
> If it's not a problem, I agree to use TIF_SLD.
>
> >Even better would be to export handle_user_split_lock() and call that
> >directly. The EFLAGS.AC logic in handle_user_split_lock() can be moved out
> >to do_alignment_check() to avoid that complication; arguably that should be
> >done in the initial SLD patch.
>
> the warning message of handle_user_split_lock() contains the RIP of
> userspace application. If use it here, what RIP should we use? the guest RIP
> of the faulting instruction?
Yes, guest RIP.
> >>+ vmx->disable_split_lock_detect = true;
> >>+ return 1;
> >>+ }
> >>+ /* fall through*/
> >> default:
> >> kvm_run->exit_reason = KVM_EXIT_EXCEPTION;
> >> kvm_run->ex.exception = ex_no;
> >>@@ -6530,6 +6562,11 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
> >> */
> >> x86_spec_ctrl_set_guest(vmx->spec_ctrl, 0);
> >>+ if (static_cpu_has(X86_FEATURE_SPLIT_LOCK_DETECT) &&
> >>+ unlikely(vmx->disable_split_lock_detect) &&
> >>+ !test_tsk_thread_flag(current, TIF_SLD))
> >>+ split_lock_detect_set(false);
> >>+
> >> /* L1D Flush includes CPU buffer clear to mitigate MDS */
> >> if (static_branch_unlikely(&vmx_l1d_should_flush))
> >> vmx_l1d_flush(vcpu);
> >>@@ -6564,6 +6601,11 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
> >> x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0);
> >>+ if (static_cpu_has(X86_FEATURE_SPLIT_LOCK_DETECT) &&
> >>+ unlikely(vmx->disable_split_lock_detect) &&
> >>+ !test_tsk_thread_flag(current, TIF_SLD))
> >>+ split_lock_detect_set(true);
> >
> >Manually calling split_lock_detect_set() in vmx_vcpu_run() is unnecessary.
> >The MSR only needs to be written on the initial #AC, after that KVM can
> >rely on the stickiness of TIF_SLD to ensure the MSR is set correctly when
> >control transfer to/from this vCPU.
> >
> >>+
> >> /* All fields are clean at this point */
> >> if (static_branch_unlikely(&enable_evmcs))
> >> current_evmcs->hv_clean_fields |=
> >>diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> >>index 7f42cf3dcd70..912eba66c5d5 100644
> >>--- a/arch/x86/kvm/vmx/vmx.h
> >>+++ b/arch/x86/kvm/vmx/vmx.h
> >>@@ -274,6 +274,9 @@ struct vcpu_vmx {
> >> bool req_immediate_exit;
> >>+ /* Disable split-lock detection when running the vCPU */
> >>+ bool disable_split_lock_detect;
> >>+
> >> /* Support for PML */
> >> #define PML_ENTITY_NUM 512
> >> struct page *pml_pg;
> >>--
> >>2.23.0
> >>
>
next prev parent reply other threads:[~2020-02-10 21:30 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-03 15:16 [PATCH v2 0/6] kvm/split_lock: Add feature split lock detection support in kvm Xiaoyao Li
2020-02-03 15:16 ` [PATCH v2 1/6] x86/split_lock: Add and export get_split_lock_detect_state() Xiaoyao Li
2020-02-03 21:45 ` Sean Christopherson
2020-02-03 15:16 ` [PATCH v2 2/6] x86/split_lock: Add and export split_lock_detect_set() Xiaoyao Li
2020-02-03 15:16 ` [PATCH v2 3/6] kvm: x86: Emulate split-lock access as a write Xiaoyao Li
2020-02-03 20:54 ` Sean Christopherson
2020-02-04 2:55 ` Xiaoyao Li
2020-02-11 12:20 ` Paolo Bonzini
2020-02-11 13:22 ` Thomas Gleixner
2020-02-11 13:34 ` Paolo Bonzini
2020-02-11 14:02 ` Xiaoyao Li
2020-02-11 14:34 ` David Laight
2020-02-27 0:11 ` Sean Christopherson
2020-03-12 11:42 ` Xiaoyao Li
2020-03-12 15:00 ` Paolo Bonzini
2020-02-03 15:16 ` [PATCH v2 4/6] kvm: vmx: Extend VMX's #AC handding for split lock in guest Xiaoyao Li
2020-02-03 21:14 ` Sean Christopherson
2020-02-04 6:46 ` Xiaoyao Li
2020-02-10 21:30 ` Sean Christopherson [this message]
2020-02-03 15:16 ` [PATCH v2 5/6] kvm: x86: Emulate MSR IA32_CORE_CAPABILITIES Xiaoyao Li
2020-02-03 21:43 ` Sean Christopherson
2020-02-04 9:19 ` Xiaoyao Li
2020-02-04 9:37 ` Peter Zijlstra
2020-02-11 3:52 ` Andy Lutomirski
2020-02-11 12:38 ` Peter Zijlstra
2020-02-03 15:16 ` [PATCH v2 6/6] x86: vmx: virtualize split lock detection Xiaoyao Li
2020-02-03 15:58 ` Xiaoyao Li
2020-02-03 18:52 ` Andy Lutomirski
2020-02-03 21:42 ` Sean Christopherson
2020-02-04 2:52 ` Xiaoyao Li
2020-02-04 5:35 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200210213010.GA2510@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=David.Laight@aculab.com \
--cc=bp@alien8.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.