From: Sean Christopherson <seanjc@google.com>
To: Xin Li <xin3.li@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Xiaoyao Li <xiaoyao.li@intel.com>, Yuan Yao <yuan.yao@intel.com>,
Eddit Dong <eddie.dong@intel.com>,
Kevin Tian <kevin.tian@intel.com>,
Jun Nakajima <jun.nakajima@intel.com>,
"H.Peter Anvin" <hpa@zytor.com>,
Asit Mallick <asit.k.mallick@intel.com>
Subject: Re: The necessity of injecting a hardware exception reported in VMX IDT vectoring information
Date: Wed, 5 Apr 2023 18:33:42 -0700 [thread overview]
Message-ID: <ZC4hdsFve9hUgWJO@google.com> (raw)
In-Reply-To: <SA1PR11MB673463616F7B1318874D11A3A8909@SA1PR11MB6734.namprd11.prod.outlook.com>
On Wed, Apr 05, 2023, Li, Xin3 wrote:
> The VMCS IDT vectoring information field is used to report basic information
> associated with the event that was being delivered when a VM exit occurred.
> such an event itself doesn't trigger a VM exit, however, a condition to deliver
> the event is not met, e.g., EPT violation.
>
> When the IDT vectoring information field reports a maskable external interrupt,
> KVM reinjects this external interrupt after handling the VM exit. Otherwise,
> the external interrupt is lost.
>
> KVM handles a hardware exception reported in the IDT vectoring information
> field in the same way, which makes nothing wrong. This piece of code is in
> __vmx_complete_interrupts():
>
> case INTR_TYPE_SOFT_EXCEPTION:
> vcpu->arch.event_exit_inst_len = vmcs_read32(instr_len_field);
> fallthrough;
> case INTR_TYPE_HARD_EXCEPTION:
> if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) {
> u32 err = vmcs_read32(error_code_field);
> kvm_requeue_exception_e(vcpu, vector, err);
> } else
> kvm_requeue_exception(vcpu, vector);
> break;
>
> But if KVM just ignores any hardware exception in such a case, the CPU will
> re-generate it once it resumes guest execution, which looks cleaner.
That's not strictly guaranteed, especially if KVM injected the exception in the
first place. It's definitely broken if KVM is running L2 and L1 injected an
exception, in which case the exception (from L1) doesn't necessarily have anything
at all to do with the code being executed by L2. Ditto for exceptions synthesized
and/or migrated from userspace.
And as Paolo called out, it doesn't work for traps.
There are also likely edge cases around Accessed bits and whatnot.
> The question is, must KVM inject a hardware exception from the IDT vectoring
> information field? Is there any correctness issue if KVM does not?
Yes. I'm guessing if we start walking through the myriad flows and edge cases,
we'll find more.
> If no correctness issue, it's better to not do it,
In a vacuum, if we were developing a hypervisor from scratch, maybe. It's most
definitely not better when we're talking about undoing ~15 years of behavior (and
bugs and fixes) in one of the most gnarly areas in x86 virtualization. E.g. see
https://lore.kernel.org/all/20220830231614.3580124-1-seanjc@google.com
for all the work it took to get KVM to correctly handle L1 exception intercept,
and the messy history of the many hacks that came before.
In short, I am not willing to even consider such a change without an absolutely
insane amount of tests and documentation proving correctness, _and_ very strong
evidence that such a change would actually benefit anyone.
next prev parent reply other threads:[~2023-04-06 1:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-05 9:34 The necessity of injecting a hardware exception reported in VMX IDT vectoring information Li, Xin3
2023-04-05 12:30 ` Paolo Bonzini
2023-04-05 18:03 ` Li, Xin3
2023-04-06 7:34 ` Paolo Bonzini
2023-04-07 5:59 ` Li, Xin3
2023-04-06 1:33 ` Sean Christopherson [this message]
[not found] ` <BYAPR11MB37173810AE3328B5E28A18D795919@BYAPR11MB3717.namprd11.prod.outlook.com>
2023-04-06 7:33 ` Paolo Bonzini
2023-04-06 10:31 ` Yao, Yuan
2023-04-07 6:31 ` Li, Xin3
2023-04-07 7:15 ` Li, Xin3
2023-04-07 7:49 ` Xiaoyao Li
2023-04-07 20:16 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZC4hdsFve9hUgWJO@google.com \
--to=seanjc@google.com \
--cc=asit.k.mallick@intel.com \
--cc=eddie.dong@intel.com \
--cc=hpa@zytor.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=xiaoyao.li@intel.com \
--cc=xin3.li@intel.com \
--cc=yuan.yao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.