From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH for-4.5] x86/HVM: Partial revert of 28b4baacd5 Date: Tue, 25 Nov 2014 10:46:11 +0000 Message-ID: <54745DF3.8020603@citrix.com> References: <1416910138-9417-1-git-send-email-andrew.cooper3@citrix.com> <54746B24020000780004A9C5@mail.emea.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <54746B24020000780004A9C5@mail.emea.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: Keir Fraser , Xen-devel List-Id: xen-devel@lists.xenproject.org On 25/11/14 10:42, Jan Beulich wrote: >>>> On 25.11.14 at 11:08, wrote: >> A failed vmentry is overwhelmingly likely to be caused by corrupt VMCS state. >> As a result, injecting a fault and retrying the the vmentry is likely to >> fail >> in the same way. > That's not all that unlikely - remember that the change was prompted > by the XSA-110 fix. There CS pieces being in a bad state would get > corrected by the exception injection. > >> One other alternative, which I would pursue if we were not already in -rc2 >> would be to add some extra logic to detect repeated vmentry failure and >> allow >> one attempt to shoot userspace before giving up and crashing the domain. > That's not even needed afaict (and if it really is, it can't be all that > difficult/intrusive): Did you observe what you attempt to fix here in > practice, or is this just from theoretical considerations? I ask because > I don't think it can actually happen, as the second time we get here > the guest ought to be in kernel mode (due to the exception injection) > and hence would get crashed anyway. Only from theoretical considerations. A bad CS (and possibly SS) would be fixed by this, but there are many others which wouldn't ~Andrew