From: "H. Peter Anvin" <hpa@zytor.com>
To: "Romer, Benjamin M" <Benjamin.Romer@unisys.com>
Cc: Fengguang Wu <fengguang.wu@intel.com>,
Jet Chen <jet.chen@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Borislav Petkov <bp@alien8.de>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [visorchipset] invalid opcode: 0000 [#1] PREEMPT SMP
Date: Fri, 11 Apr 2014 09:33:58 -0700 [thread overview]
Message-ID: <53481976.3020209@zytor.com> (raw)
In-Reply-To: <C97001BC43954D438ACB059713BA5CDF92040F0F10@USEA-EXCH7.na.uis.unisys.com>
On 04/11/2014 06:51 AM, Romer, Benjamin M wrote:
>
>> I'm still confused where KVM comes into the picture. Are you actually
>> using KVM (and thus talking about nested virtualization) or are you
>> using Qemu in JIT mode and running another hypervisor underneath?
>
> The test that Fengguang used to find the problem was running the linux
> kernel directly using KVM. When the kernel was run with "-cpu Haswell,
> +smep,+smap" set, the vmcall failed with invalid op, but when the kernel
> is run with "-cpu qemu64", the vmcall causes a vmexit, as it should.
As far as I know, Fengguang's test doesn't use KVM at all, it runs Qemu
as a JIT. Completely different thing. In that case Qemu probably
should *not* set the hypervisor bit. However, the only thing that the
hypervisor bit means is that you can look for specific hypervisor APIs
in CPUID level 0x40000000+.
> My point is, the vmcall was made because the hypervisor bit was set. If
> this bit had been turned off, as it would be on a real processor, the
> vmcall wouldn't have happened.
And my point is that that is a bug. In the driver. A very serious one.
You cannot call VMCALL until you know *which* hypervisor API(s) you
have available, period.
>> The hypervisor bit is a complete red herring. If the guest CPU is
>> running in VT-x mode, then VMCALL should VMEXIT inside the guest
>> (invoking the guest root VT-x),
>
> The CPU is running in VT-X. That was my point, the kernel is running in
> the KVM guest, and KVM is setting the CPU feature bits such that bit 31
> is enabled.
Which it is because it wants to export the KVM hypercall interface.
However, keying VMCALL *only* on the HYPERVISOR bit is wrong in the extreme.
> I don't think it's a red herring because the kernel uses this bit
> elsewhere - it is reported as X86_FEATURE_HYPERVISOR in the CPU
> features, and can be checked with the cpu_has_hypervisor macro (which
> was not used by the original author of the code in the driver, but
> should have been). VMWare and KVM support in the kernel also check for
> this bit before checking their hypervisor leaves for an ID. If it's not
> properly set it affects more than just the s-Par drivers.
>
>> but the fact still remains that you
>> should never, ever, invoke VMCALL unless you know what hypervisor you
>> have underneath.
>
> From the standpoint of the s-Par drivers, yes, I agree (as I already
> said). However, VMCALL is not a privileged instruction, so anyone could
> use it from user space and go right past the OS straight to the
> hypervisor. IMHO, making it *lethal* to the guest is a bad idea, since
> any user could hard-stop the guest with a couple of lines of C.
Typically the hypervisor wants to generate a #UD inside of the guest for
that case. The guest OS will intercept it and SIGILL the user space
process.
-hpa
next prev parent reply other threads:[~2014-04-11 16:34 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-07 11:17 [visorchipset] invalid opcode: 0000 [#1] PREEMPT SMP Fengguang Wu
2014-04-07 14:04 ` Ken Cox
2014-04-07 14:09 ` Greg Kroah-Hartman
2014-04-07 14:24 ` Ken Cox
2014-04-07 19:23 ` Greg Kroah-Hartman
2014-04-07 19:46 ` Greg Kroah-Hartman
[not found] ` <C97001BC43954D438ACB059713BA5CDF92040F0F00@USEA-EXCH7.na.uis.unisys.com>
2014-04-08 2:53 ` Fengguang Wu
2014-04-08 15:39 ` Romer, Benjamin M
[not found] ` <53444220.50009@intel.com>
[not found] ` <C97001BC43954D438ACB059713BA5CDF92040F0F06@USEA-EXCH7.na.uis.unisys.com>
[not found] ` <53458A3A.1050608@intel.com>
2014-04-09 23:01 ` Fengguang Wu
2014-04-09 23:10 ` H. Peter Anvin
2014-04-10 13:19 ` Romer, Benjamin M
2014-04-11 2:28 ` H. Peter Anvin
2014-04-11 13:51 ` Romer, Benjamin M
2014-04-11 16:33 ` H. Peter Anvin [this message]
2014-04-11 17:35 ` Jet Chen
2014-04-11 17:40 ` H. Peter Anvin
2014-04-11 17:51 ` Romer, Benjamin M
2014-04-30 10:02 ` Paolo Bonzini
2014-04-11 17:49 ` Romer, Benjamin M
2014-04-13 11:51 ` Borislav Petkov
2014-04-13 12:20 ` Jet Chen
2014-04-09 23:10 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53481976.3020209@zytor.com \
--to=hpa@zytor.com \
--cc=Benjamin.Romer@unisys.com \
--cc=bp@alien8.de \
--cc=fengguang.wu@intel.com \
--cc=jet.chen@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.