From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>
Subject: Re: RFC: few questions about hypercall patching in KVM
Date: Thu, 15 Dec 2022 00:53:15 +0000 [thread overview]
Message-ID: <Y5pv+/58UBDAfP19@google.com> (raw)
In-Reply-To: <9c7d86d5fd56aa0e35a9a1533a23c90853382227.camel@redhat.com>
On Wed, Dec 14, 2022, Maxim Levitsky wrote:
> Hi!
>
>
> Recently I had to debug a case of KVM's hypercall patching failing in a
> special case of running qemu under valgrind.
>
> In nutshell what is happening is that qemu uses 'cpuid' instruction to gather
> some info about the host and some of it is passed to the guest cpuid, and
> that includes the vendor string.
>
> Under valgrind it emulates the CPU (aka TCG), so qemu sees virtual cpu, with
> virtual cpuid which has hardcoded vendor string the 'GenuineIntel', so when
> your run qemu with KVM on AMD host, the guest will see Intel's vendor string
> regardless of other '-cpu' settings (even -cpu host)
>
> This ensures that the guest uses the wrong hypercall instruction (vmcall
> instead of vmmcall), and sometimes it will use it after the guest kernel
> write protects its memory. This will lead to a failure of the hypercall
> patching as the kvm writes to the guest memory as if the instruction wrote to
> it, and this checks the permissions in the guest paging.
>
> So the VMCALL instruction gets totally unexpected #PF.
Yep, been there, done that :-)
> 1. Now I suggest that when hypercall patching fails, can we do
> kvm_vm_bugged() instead of forwarding the hypercall? I know that vmmcall can
> be executed from ring 3 as well, so I can limit this to hypercall patching
> that happens when guest ring is 0.
And L1. But why? It's not a KVM bug per se, it's a known deficiency in KVM's
emulator. What to do in response to the failure should be up to userspace. The
real "fix" is to disable the quirk in QEMU.
> 2. Why can't we just emulate the VMCALL/VMMCALL instruction in this case
> instead of patching? Any technical reasons for not doing this? Few guests
> use it so the perf impact should be very small.
Nested is basically impossible to get right[1][2]. IIRC, calling into
kvm_emulate_hypercall() from the emulator also gets messy (I think I tried doing
exactly this at some point).
[1] https://lore.kernel.org/all/Yjyt7tKSDhW66fnR@google.com
[2] https://lore.kernel.org/all/YEZUhbBtNjWh0Zka@google.com
next prev parent reply other threads:[~2022-12-15 0:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-14 17:57 RFC: few questions about hypercall patching in KVM Maxim Levitsky
2022-12-15 0:53 ` Sean Christopherson [this message]
2022-12-15 10:29 ` Maxim Levitsky
2022-12-19 18:27 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y5pv+/58UBDAfP19@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=mlevitsk@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.