From: Peter Zijlstra <peterz@infradead.org>
To: Sean Christopherson <seanjc@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
rangemachine@gmail.com, whanos@sergal.fun,
Ravi Bangoria <ravi.bangoria@amd.com>
Subject: Re: [PATCH 0/3] KVM: SVM: Zero DEBUGCTL before VMRUN if necessary
Date: Tue, 25 Feb 2025 16:56:56 +0100 [thread overview]
Message-ID: <20250225155656.GE34233@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20250224181315.2376869-1-seanjc@google.com>
On Mon, Feb 24, 2025 at 10:13:12AM -0800, Sean Christopherson wrote:
> PeterZ,
>
> Can you confirm that the last patch (snapshot and restore DEBUGCTL with
> IRQs disabled) is actually necessary? I'm 99% certain it is, but I'm
> holding out hope that it somehow isn't, because I don't love the idea of
> adding a RDMSR to every VM-Entry.
I think you're right. I mean, I'd have to go double check and trace the
various call paths again, but I'd be very surprised if we can't change
DEBUGCTL from NMI context.
> Assuming DEBUGCTL can indeed get modified in IRQ context, it probably
> makes sense to add a per-CPU cache to eliminate the RDMSR. Unfortunately,
> there are quite a few open-coded WRMSRs, so it's not a trivial change.
This, I'm surprised we've not yet done that.
> On to the main event...
>
> Fix a long-lurking bug in SVM where KVM runs the guest with the host's
> DEBUGCTL if LBR virtualization is disabled. AMD CPUs rather stupidly
> context switch DEBUGCTL if and only if LBR virtualization is enabled (not
> just supported, but fully enabled).
>
> The bug has gone unnoticed because until recently, the only bits that
> KVM would leave set were things like BTF, which are guest visible but
> won't cause functional problems unless guest software is being especially
> particular about #DBs.
>
> The bug was exposed by the addition of BusLockTrap ("Detect" in the kernel),
> as the resulting #DBs due to split-lock accesses in guest userspace (lol
> Steam) get reflected into the guest by KVM.
Hehe, yeah, games. Yeah we ran into that with bus-lock on intel too :-)
prev parent reply other threads:[~2025-02-25 15:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-24 18:13 [PATCH 0/3] KVM: SVM: Zero DEBUGCTL before VMRUN if necessary Sean Christopherson
2025-02-24 18:13 ` [PATCH 1/3] KVM: x86: Snapshot the host's DEBUGCTL in common x86 Sean Christopherson
2025-02-25 16:19 ` Xiaoyao Li
2025-02-24 18:13 ` [PATCH 2/3] KVM: SVM: Manually zero/restore DEBUGCTL if LBR virtualization is disabled Sean Christopherson
2025-02-26 6:15 ` Ravi Bangoria
2025-02-26 15:42 ` Sean Christopherson
2025-02-24 18:13 ` [PATCH 3/3] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sean Christopherson
2025-02-25 15:56 ` Peter Zijlstra [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250225155656.GE34233@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rangemachine@gmail.com \
--cc=ravi.bangoria@amd.com \
--cc=seanjc@google.com \
--cc=whanos@sergal.fun \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.