Re: Supporting default reads of host MSRs [WAS: x2APIC MSR range (XSA-108 follow-up)]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Kevin Tian <kevin.tian@intel.com>,
	Jan Beulich <JBeulich@suse.com>, Matt Wilson <msw@linux.com>,
	Eddie Dong <eddie.dong@intel.com>,
	Donald D Dugger <donald.d.dugger@intel.com>,
	Jun Nakajima <jun.nakajima@intel.com>,
	xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: Supporting default reads of host MSRs [WAS: x2APIC MSR range (XSA-108 follow-up)]
Date: Mon, 13 Oct 2014 14:35:13 +0100	[thread overview]
Message-ID: <543BD511.5040702@citrix.com> (raw)
In-Reply-To: <CA+aC4kvNTdFvQxiiuCMWk64SqMB3WmsJVRZDC6dw-YUGUXa3-g@mail.gmail.com>

On 13/10/14 12:40, Anthony Liguori wrote:
> On Mon, Oct 13, 2014 at 11:52 AM, Andrew Cooper
> <andrew.cooper3@citrix.com> wrote:
>> On 13/10/14 07:45, Jan Beulich wrote:
>>> All,
>>>
>>> during the embargo period of XSA-108 Matt pointed out that restricting
>>> the emulated MSR range to 0x800-0x8ff isn't necessarily the ultimately
>>> correct thing to do (as also noted in commit 61fdda7acf's description):
>>> The x2APIC MSR range really is being specified as 0x800-0xbff, as
>>> opposed to the range considered for virtualization purposes
>>> (0x800-0x8ff). In order to determine proper behavior here we'd like to
>>> get clarification from you, particularly also in the light of probing real
>>> hardware pointing out the existence of (at least) MSRs 0xa00-0xa02.
>>>
>>> With what we currently do (kind of supported by their values at least
>>> not differing across physical CPUs on the probed systems) their values
>>> are getting passed through to guests. The alternative of forcing #GP
>>> for accesses to them as one could imply from the spec seems
>>> undesirable: Guests may imply their existence based on CPU model.
>>> Hence the only apparent reasonable alternative would be to provide
>>> proper virtualization for these registers, requiring to know their
>>> purpose.
>>>
>>> Thanks, Jan
>> Having read this and put  two and two together, permitting default reads
>> of host MSRs is irreconcilable against correctly supporting migration of
>> HVM VMs.
> Yes.
>
>> In the past, XenServer has seen a handful of cases of a Window BSODs
>> because of critical structure corruption in the IA32_MISC_ENABLE MSR.
>> They were unable to be seen again, but were on migration tests.
>>
>> Exactly the same logic applies to the cpuid infrastructure, although
>> that has many more noticeable problems atm.
> Given that a number of these MSRs have functionality that are not
> publicly documented, I think a white list is the only sane approach.
>
> This could be done as an option during domain creation if there was a
> concern about backwards compatibility.

I am uneasy with keeping two codepaths like this as it doubles the test
matrix, and makes it easier for subtle bugs to hide.

On the other hand, there might not be another compatible method of
"migrating" VMs across this boundary.  This is going to require some
thought to solve.

This is yet another large issue to go on the todo list to "make
migration work properly".

~Andrew

next prev parent reply	other threads:[~2014-10-13 13:35 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-13  6:45 x2APIC MSR range (XSA-108 follow-up) Jan Beulich
2014-10-13  9:26 ` Anthony Liguori
2014-10-13  9:45   ` Jan Beulich
2014-10-13  9:52 ` Supporting default reads of host MSRs [WAS: x2APIC MSR range (XSA-108 follow-up)] Andrew Cooper
2014-10-13 11:00   ` Supporting default reads of host MSRs Matt Wilson
2014-10-13 11:40   ` Supporting default reads of host MSRs [WAS: x2APIC MSR range (XSA-108 follow-up)] Anthony Liguori
2014-10-13 13:35     ` Andrew Cooper [this message]
2014-10-13 14:11       ` Anthony Liguori
2014-10-13 10:57 ` x2APIC MSR range (XSA-108 follow-up) Matt Wilson
2014-10-14  3:00   ` Wu, Feng
2014-10-14  6:23     ` Zhang, Yang Z
2014-10-14  9:59       ` Jan Beulich
2014-10-16  7:57       ` Matt Wilson
2014-10-16  9:56         ` Andrew Cooper
2014-10-14  7:07   ` Zhang, Yang Z
2014-10-14  7:55     ` Matt Wilson
2014-10-14  9:59     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=543BD511.5040702@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=JBeulich@suse.com \
    --cc=anthony@codemonkey.ws \
    --cc=donald.d.dugger@intel.com \
    --cc=eddie.dong@intel.com \
    --cc=jun.nakajima@intel.com \
    --cc=kevin.tian@intel.com \
    --cc=msw@linux.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.