From: Sean Christopherson <seanjc@google.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: Tao Xu <tao3.xu@intel.com>,
pbonzini@redhat.com, vkuznets@redhat.com, wanpengli@tencent.com,
jmattson@google.com, joro@8bytes.org, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com, x86@kernel.org,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] KVM: VMX: Enable Notify VM exit
Date: Thu, 2 Sep 2021 16:15:19 +0000 [thread overview]
Message-ID: <YTD4l7L0CKMCQwd5@google.com> (raw)
In-Reply-To: <080602dc-f998-ec13-ddf9-42902aa477de@intel.com>
On Tue, Aug 03, 2021, Xiaoyao Li wrote:
> On 8/2/2021 11:46 PM, Sean Christopherson wrote:
> > > > > @@ -5642,6 +5653,31 @@ static int handle_bus_lock_vmexit(struct kvm_vcpu *vcpu)
> > > > > return 0;
> > > > > }
> > > > > +static int handle_notify(struct kvm_vcpu *vcpu)
> > > > > +{
> > > > > + unsigned long exit_qual = vmx_get_exit_qual(vcpu);
> > > > > +
> > > > > + if (!(exit_qual & NOTIFY_VM_CONTEXT_INVALID)) {
> > > >
> > > > What does CONTEXT_INVALID mean? The ISE doesn't provide any information whatsoever.
> > >
> > > It means whether the VM context is corrupted and not valid in the VMCS.
> >
> > Well that's a bit terrifying. Under what conditions can the VM context become
> > corrupted? E.g. if the context can be corrupted by an inopportune NOTIFY exit,
> > then KVM needs to be ultra conservative as a false positive could be fatal to a
> > guest.
> >
>
> Short answer is no case will set the VM_CONTEXT_INVALID bit.
But something must set it, otherwise it wouldn't exist. The condition(s) under
which it can be set matters because it affects how KVM should respond. E.g. if
the guest can trigger VM_CONTEXT_INVALID at will, then we should probably treat
it as a shutdown and reset the VMCS. But if VM_CONTEXT_INVALID can occur if and
only if there's a hardware/ucode issue, then we can do:
if (KVM_BUG_ON(exit_qual & NOTIFY_VM_CONTEXT_INVALID, vcpu->kvm))
return -EIO;
Either way, to enable this by default we need some form of documentation that
describes what conditions lead to VM_CONTEXT_INVALID.
> VM_CONTEXT_INVALID is so fatal and IMHO it won't be set for any inopportune
> NOTIFY exit.
next prev parent reply other threads:[~2021-09-02 16:30 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-25 5:12 [PATCH v2] KVM: VMX: Enable Notify VM exit Tao Xu
2021-06-02 10:31 ` Vitaly Kuznetsov
2021-06-03 1:23 ` Tao Xu
2021-06-03 13:43 ` Vitaly Kuznetsov
2021-06-03 1:25 ` Xiaoyao Li
2021-06-03 13:35 ` Jim Mattson
2021-06-07 9:24 ` Xiaoyao Li
2021-06-03 13:52 ` Vitaly Kuznetsov
2021-06-07 9:23 ` Xiaoyao Li
2021-06-24 4:52 ` Tao Xu
2021-07-22 3:25 ` Xiaoyao Li
2021-07-30 20:41 ` Sean Christopherson
2021-08-02 12:53 ` Xiaoyao Li
2021-08-02 15:46 ` Sean Christopherson
2021-08-03 0:38 ` Xiaoyao Li
2021-09-02 9:28 ` Chenyi Qiang
2021-09-02 16:29 ` Sean Christopherson
2021-09-07 13:33 ` Xiaoyao Li
2021-09-09 18:47 ` Sean Christopherson
2021-09-10 7:39 ` Xiaoyao Li
2021-09-10 17:55 ` Sean Christopherson
2021-09-02 16:15 ` Sean Christopherson [this message]
2021-09-02 16:36 ` Sean Christopherson
2021-09-07 13:45 ` Xiaoyao Li
2021-09-09 18:59 ` Sean Christopherson
2021-09-13 2:58 ` Xiaoyao Li
2021-10-15 18:29 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YTD4l7L0CKMCQwd5@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tao3.xu@intel.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.