From: Avi Kivity <avi@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: Andrew Morton <akpm@osdl.org>,
kvm@vger.kernel.org, kexec@lists.infradead.org,
Haren Myneni <hbabu@us.ibm.com>,
Simon Horman <horms@verge.net.au>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Vivek Goyal <vgoyal@redhat.com>
Subject: Re: [PATCH 0/2] kvm: disable virtualization on kdump
Date: Mon, 27 Oct 2008 16:02:21 +0200 [thread overview]
Message-ID: <4905C9ED.807@redhat.com> (raw)
In-Reply-To: <20081027122808.GH23893@blackpad>
Eduardo Habkost wrote:
> Can't we just set a flag when we are about to enable vmx, so we run vmxoff
> only when know it's enabled? There will be a tiny window between setting
> this flag and and actually running vmxon where things could go wrong,
> but this doesn't look that bad.
>
It makes more sense to have a vmxon api in the core; you call it, the
kernel enables it and sets a flag; then either you or the core can
disable it.
> Having to handle #UD would make things more messy, in my opinion.
>
It's not too bad, either relying on exception handlers or hacking our own.
> BTW, is this problem vmx-specific? Do we need to do something similar
> for svm?
>
>
svm needs it as well, since it shares some memory with the cpu. It's
less critical though, will likely work even without it.
>> If we trust the exception handlers, there's no problem. Otherwise we
>> need to replace the current #UD handler with an iret (perhaps switching
>> temporarily to another IDT).
>>
>
> I think we can't fully trust anything if we are on the crash dump path,
> so the less code we depend on, the better.
>
So we can point #UD temporarily at an 'addq $3, (%rsp); iret' for the
vmxoff instruction. Or implement the 'enable virt extensions' API.
> The patches I've sent to the kvm mailing list added a notifier interface
> specific for kexec_crash, using raw_notifier_*().
>
> IMO, if a notifier registration interface was acceptable, the raw
> notifiers would be good enough for that. But Eric seems to think that
> adding a notifier registration interface for the crash handler path
> wouldn't be a good idea, and I am starting to agree with him.
>
>
I wouldn't mind notifiers (with a nice comment explaining that you must
know what you're doing, though that's the case with most kernel APIs).
I'm fine with either approach.
>> The general kexec path also wants this fixed.
>>
>
> When I've tested it, kexec called the kvm reboot notifier, so
> everything worked fine.
>
Oh, okay.
--
error compiling committee.c: too many arguments to function
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Avi Kivity <avi@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Simon Horman <horms@verge.net.au>,
kexec@lists.infradead.org, kvm@vger.kernel.org,
Andrew Morton <akpm@osdl.org>, Vivek Goyal <vgoyal@redhat.com>,
Haren Myneni <hbabu@us.ibm.com>
Subject: Re: [PATCH 0/2] kvm: disable virtualization on kdump
Date: Mon, 27 Oct 2008 16:02:21 +0200 [thread overview]
Message-ID: <4905C9ED.807@redhat.com> (raw)
In-Reply-To: <20081027122808.GH23893@blackpad>
Eduardo Habkost wrote:
> Can't we just set a flag when we are about to enable vmx, so we run vmxoff
> only when know it's enabled? There will be a tiny window between setting
> this flag and and actually running vmxon where things could go wrong,
> but this doesn't look that bad.
>
It makes more sense to have a vmxon api in the core; you call it, the
kernel enables it and sets a flag; then either you or the core can
disable it.
> Having to handle #UD would make things more messy, in my opinion.
>
It's not too bad, either relying on exception handlers or hacking our own.
> BTW, is this problem vmx-specific? Do we need to do something similar
> for svm?
>
>
svm needs it as well, since it shares some memory with the cpu. It's
less critical though, will likely work even without it.
>> If we trust the exception handlers, there's no problem. Otherwise we
>> need to replace the current #UD handler with an iret (perhaps switching
>> temporarily to another IDT).
>>
>
> I think we can't fully trust anything if we are on the crash dump path,
> so the less code we depend on, the better.
>
So we can point #UD temporarily at an 'addq $3, (%rsp); iret' for the
vmxoff instruction. Or implement the 'enable virt extensions' API.
> The patches I've sent to the kvm mailing list added a notifier interface
> specific for kexec_crash, using raw_notifier_*().
>
> IMO, if a notifier registration interface was acceptable, the raw
> notifiers would be good enough for that. But Eric seems to think that
> adding a notifier registration interface for the crash handler path
> wouldn't be a good idea, and I am starting to agree with him.
>
>
I wouldn't mind notifiers (with a nice comment explaining that you must
know what you're doing, though that's the case with most kernel APIs).
I'm fine with either approach.
>> The general kexec path also wants this fixed.
>>
>
> When I've tested it, kexec called the kvm reboot notifier, so
> everything worked fine.
>
Oh, okay.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2008-10-27 14:02 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-20 15:01 [PATCH 0/2] kvm: disable virtualization on kdump Eduardo Habkost
2008-10-20 15:01 ` Eduardo Habkost
2008-10-20 15:01 ` [PATCH 1/2] kdump: crash-time CPU halt notifier interface Eduardo Habkost
2008-10-20 15:01 ` Eduardo Habkost
2008-10-20 15:01 ` [PATCH 2/2] kvm: disable virtualization when halting CPUs on crash Eduardo Habkost
2008-10-20 15:01 ` Eduardo Habkost
2008-10-22 23:28 ` [PATCH 0/2] kvm: disable virtualization on kdump Simon Horman
2008-10-22 23:28 ` Simon Horman
2008-10-23 19:41 ` Eduardo Habkost
2008-10-23 19:41 ` Eduardo Habkost
2008-10-23 22:29 ` Simon Horman
2008-10-23 22:29 ` Simon Horman
2008-10-24 1:00 ` Eric W. Biederman
2008-10-24 1:00 ` Eric W. Biederman
2008-10-26 12:49 ` Avi Kivity
2008-10-26 12:49 ` Avi Kivity
2008-10-26 14:46 ` Eric W. Biederman
2008-10-26 14:46 ` Eric W. Biederman
2008-10-26 15:07 ` Avi Kivity
2008-10-26 15:07 ` Avi Kivity
2008-10-26 21:39 ` Eduardo Habkost
2008-10-26 21:39 ` Eduardo Habkost
2008-10-27 2:08 ` Eric W. Biederman
2008-10-27 2:08 ` Eric W. Biederman
2008-10-27 9:13 ` Avi Kivity
2008-10-27 9:13 ` Avi Kivity
2008-10-27 12:28 ` Eduardo Habkost
2008-10-27 12:28 ` Eduardo Habkost
2008-10-27 14:02 ` Avi Kivity [this message]
2008-10-27 14:02 ` Avi Kivity
2008-10-27 17:32 ` Eric W. Biederman
2008-10-27 17:32 ` Eric W. Biederman
2008-10-28 19:45 ` Eduardo Habkost
2008-10-28 19:45 ` Eduardo Habkost
2008-10-28 20:13 ` Eric W. Biederman
2008-10-28 20:13 ` Eric W. Biederman
2008-10-29 9:41 ` Avi Kivity
2008-10-29 9:41 ` Avi Kivity
2008-10-29 14:54 ` Eric W. Biederman
2008-10-29 14:54 ` Eric W. Biederman
2008-10-29 17:03 ` Avi Kivity
2008-10-29 17:03 ` Avi Kivity
2008-10-30 1:33 ` Eric W. Biederman
2008-10-30 1:33 ` Eric W. Biederman
2008-10-30 7:35 ` Chris Lalancette
2008-10-30 7:35 ` Chris Lalancette
2008-10-30 7:43 ` Avi Kivity
2008-10-30 7:43 ` Avi Kivity
2008-10-30 7:52 ` Avi Kivity
2008-10-30 7:52 ` Avi Kivity
2008-10-29 9:31 ` Avi Kivity
2008-10-29 9:31 ` Avi Kivity
2008-10-27 15:05 ` Eric W. Biederman
2008-10-27 15:05 ` Eric W. Biederman
2008-10-27 15:50 ` Eduardo Habkost
2008-10-27 15:50 ` Eduardo Habkost
2008-10-27 8:54 ` Avi Kivity
2008-10-27 8:54 ` Avi Kivity
2008-10-27 13:09 ` Vivek Goyal
2008-10-27 13:09 ` Vivek Goyal
2008-10-27 14:04 ` Avi Kivity
2008-10-27 14:04 ` Avi Kivity
2008-10-29 20:10 ` Eduardo Habkost
2008-10-29 20:10 ` Eduardo Habkost
2008-10-29 20:29 ` Avi Kivity
2008-10-29 20:29 ` Avi Kivity
2008-10-29 21:05 ` Vivek Goyal
2008-10-29 21:05 ` Vivek Goyal
2008-10-30 0:58 ` Eric W. Biederman
2008-10-30 0:58 ` Eric W. Biederman
2008-10-26 21:47 ` Eric W. Biederman
2008-10-26 21:47 ` Eric W. Biederman
2008-10-27 8:59 ` Avi Kivity
2008-10-27 8:59 ` Avi Kivity
2008-10-27 15:02 ` Eric W. Biederman
2008-10-27 15:02 ` Eric W. Biederman
2008-10-27 15:38 ` Eduardo Habkost
2008-10-27 15:38 ` Eduardo Habkost
2008-10-26 12:46 ` Avi Kivity
2008-10-26 12:46 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4905C9ED.807@redhat.com \
--to=avi@redhat.com \
--cc=akpm@osdl.org \
--cc=ebiederm@xmission.com \
--cc=ehabkost@redhat.com \
--cc=hbabu@us.ibm.com \
--cc=horms@verge.net.au \
--cc=kexec@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.