From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4D92C4363D for ; Thu, 24 Sep 2020 12:37:41 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 79A7921D24 for ; Thu, 24 Sep 2020 12:37:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="rHQz1QTK"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Gr/y0O9b" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 79A7921D24 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=0+SchN3/3/JE8xs8Rc8MoUfoY8blb3JzaqnEFzY8OP4=; b=rHQz1QTKbvmrOWI4NhI85mlHF ABgB9LrDsur4zVju65c7Zb+ECbBopRhiTu2YlItJ2ba6qASrW2/cmzbLGJ9RVSbgynhc7a4ohzCXt Xp8vr/oXur0K0KXIS0ORT883BbIm24AhslirP7r6XdC7wINY5m0oaxgG1oqr6nnUI9lxPG4Kf9vaz meqjMOCUN11Za52CNAISLDMKatOeu+xtvPUBoHGK5/F+rvgXm+8Zv9LUX7jRK015kQiTfk059iapE RJ5fSKsiPM2TiSpzbcywDCH4qhg3JguuvT3usOJMaEgHNXynsRjIRHr0XiwP0rZ52Zi2MwnDDFpgd oN62yXIow==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLQTk-00030k-9t; Thu, 24 Sep 2020 12:36:04 +0000 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLQTi-0002zu-Hz for linux-arm-kernel@lists.infradead.org; Thu, 24 Sep 2020 12:36:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1600950961; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=XJM2zsAmjHPtnBVFf6cltcdoLV4SPiJ7BDBnMHvxMEQ=; b=Gr/y0O9bwpr2DXLrSaNIpZCVQwbzhKnZwfRJY+svYH7s6xxLPilwPkbVDburVlvIvMbt0m 0wnk+Jc/2A6dZ3CrUjH+ODQpWdvfmRDNWUuB4vwxMIA1UUQSz+buSA4xK3sjCVLbc3R5ZO xyRP3hTWZn9sBVS0EGqpeHFsT+GMufg= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-568-os5HtNoQOeaj3v6zizqUYw-1; Thu, 24 Sep 2020 08:34:19 -0400 X-MC-Unique: os5HtNoQOeaj3v6zizqUYw-1 Received: by mail-ej1-f71.google.com with SMTP id md9so1229856ejb.8 for ; Thu, 24 Sep 2020 05:34:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=XJM2zsAmjHPtnBVFf6cltcdoLV4SPiJ7BDBnMHvxMEQ=; b=FzaNVD22w1/k/3rFzX/tD9RBg6RwPf3MrS9oavOU/OYQ2gsvaEZlT1O26hV7W4gpDb XTrp9IneJKTLfFOk86GVIwDg8SWyOyEczcgynj4HzkOgGw5NF2mI9oFvh4RN+I0g7j/t VKqUyYCeSiUdIcjju3+RRerNc86FlLy9ddVFoTE2MftySw0VG5ywUXfeKQHxAvy/Ycdl xjJ4BNAhssYrM5kFzuFxfzf2c91ywDox1Ww/HiAPca4CroZFKqTvdn4oTMpzSIP1Syrq yp3CP6tBgNxNex8NI8fXtrZp4+nj5QKznc3rOU62aWGLbqJbs/zxPrqbCDJhWajJkZPs Z3Kw== X-Gm-Message-State: AOAM533mHUo/s19cPKy8/JI3pG5Xh0wp7H9/mbu7xy1928jRbv3UybwH MMMWjHUeS4ZIHnXOEAq3bcIAMcRma5sQoy8dMZcJiQzfsIWuSbxys1bXDHOai3lRyP1IcOOKzYj S/mmntUDwmqJDyiqmHuTZq5hMZRp12Mv45f8= X-Received: by 2002:a05:6402:1148:: with SMTP id g8mr775007edw.271.1600950857413; Thu, 24 Sep 2020 05:34:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz9aag4YDAgIGYQ9EHrDOFNyx4QU0hniTeVNf02iQ7RJLkNK/cPK0RyizBQjwquCkPtgxllpw== X-Received: by 2002:a05:6402:1148:: with SMTP id g8mr774981edw.271.1600950857170; Thu, 24 Sep 2020 05:34:17 -0700 (PDT) Received: from vitty.brq.redhat.com (g-server-2.ign.cz. [91.219.240.2]) by smtp.gmail.com with ESMTPSA id t3sm2383180edv.59.2020.09.24.05.34.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Sep 2020 05:34:15 -0700 (PDT) From: Vitaly Kuznetsov To: Sean Christopherson , Paolo Bonzini Subject: Re: [RFC PATCH 3/3] KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM In-Reply-To: <20200923224530.17735-4-sean.j.christopherson@intel.com> References: <20200923224530.17735-1-sean.j.christopherson@intel.com> <20200923224530.17735-4-sean.j.christopherson@intel.com> Date: Thu, 24 Sep 2020 14:34:14 +0200 Message-ID: <878scze4l5.fsf@vitty.brq.redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=vkuznets@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200924_083602_630630_11D2AD88 X-CRM114-Status: GOOD ( 21.76 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Cornelia Huck , Wanpeng Li , Janosch Frank , kvm@vger.kernel.org, Suzuki K Poulose , Marc Zyngier , Joerg Roedel , David Hildenbrand , linux-kernel@vger.kernel.org, kvm-ppc@vger.kernel.org, linux-mips@vger.kernel.org, Paul Mackerras , Christian Borntraeger , Aleksandar Markovic , James Morse , linux-arm-kernel@lists.infradead.org, Huacai Chen , Claudio Imbrenda , Julien Thierry , Jim Mattson Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Sean Christopherson writes: > Add support for KVM_REQ_VM_BUGG in x86, and replace a variety of WARNs > with KVM_BUG() and KVM_BUG_ON(). Return -EIO if a KVM_BUG is hit to > align with the common KVM behavior of rejecting iocts() with -EIO if the > VM is bugged. > > Signed-off-by: Sean Christopherson > --- > arch/x86/kvm/svm/svm.c | 2 +- > arch/x86/kvm/vmx/vmx.c | 23 ++++++++++++++--------- > arch/x86/kvm/x86.c | 4 ++++ > 3 files changed, 19 insertions(+), 10 deletions(-) > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index 3da5b2f1b4a1..e684794c6249 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -1380,7 +1380,7 @@ static void svm_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg) > load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu)); > break; > default: > - WARN_ON_ONCE(1); > + KVM_BUG_ON(1, vcpu->kvm); > } > } > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index 6f9a0c6d5dc5..810d46ab0a47 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -2250,7 +2250,7 @@ static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg) > vcpu->arch.cr4 |= vmcs_readl(GUEST_CR4) & guest_owned_bits; > break; > default: > - WARN_ON_ONCE(1); > + KVM_BUG_ON(1, vcpu->kvm); > break; > } > } > @@ -4960,6 +4960,7 @@ static int handle_cr(struct kvm_vcpu *vcpu) > return kvm_complete_insn_gp(vcpu, err); > case 3: > WARN_ON_ONCE(enable_unrestricted_guest); > + > err = kvm_set_cr3(vcpu, val); > return kvm_complete_insn_gp(vcpu, err); > case 4: > @@ -4985,14 +4986,13 @@ static int handle_cr(struct kvm_vcpu *vcpu) > } > break; > case 2: /* clts */ > - WARN_ONCE(1, "Guest should always own CR0.TS"); > - vmx_set_cr0(vcpu, kvm_read_cr0_bits(vcpu, ~X86_CR0_TS)); > - trace_kvm_cr_write(0, kvm_read_cr0(vcpu)); > - return kvm_skip_emulated_instruction(vcpu); > + KVM_BUG(1, vcpu->kvm, "Guest always owns CR0.TS"); > + return -EIO; > case 1: /*mov from cr*/ > switch (cr) { > case 3: > WARN_ON_ONCE(enable_unrestricted_guest); > + Here, were you intended to replace WARN_ON_ONCE() with KVM_BUG_ON() or this is just a stray newline added? > val = kvm_read_cr3(vcpu); > kvm_register_write(vcpu, reg, val); > trace_kvm_cr_read(cr, val); > @@ -5330,7 +5330,9 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu) > > static int handle_nmi_window(struct kvm_vcpu *vcpu) > { > - WARN_ON_ONCE(!enable_vnmi); > + if (KVM_BUG_ON(!enable_vnmi, vcpu->kvm)) > + return -EIO; > + > exec_controls_clearbit(to_vmx(vcpu), CPU_BASED_NMI_WINDOW_EXITING); > ++vcpu->stat.nmi_window_exits; > kvm_make_request(KVM_REQ_EVENT, vcpu); > @@ -5908,7 +5910,8 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath) > * below) should never happen as that means we incorrectly allowed a > * nested VM-Enter with an invalid vmcs12. > */ > - WARN_ON_ONCE(vmx->nested.nested_run_pending); > + if (KVM_BUG_ON(vmx->nested.nested_run_pending, vcpu->kvm)) > + return -EIO; > > /* If guest state is invalid, start emulating */ > if (vmx->emulation_required) > @@ -6258,7 +6261,9 @@ static int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu) > int max_irr; > bool max_irr_updated; > > - WARN_ON(!vcpu->arch.apicv_active); > + if (KVM_BUG_ON(!vcpu->arch.apicv_active, vcpu->kvm)) > + return -EIO; > + > if (pi_test_on(&vmx->pi_desc)) { > pi_clear_on(&vmx->pi_desc); > /* > @@ -6345,7 +6350,7 @@ static void handle_external_interrupt_irqoff(struct kvm_vcpu *vcpu) > gate_desc *desc; > u32 intr_info = vmx_get_intr_info(vcpu); > > - if (WARN_ONCE(!is_external_intr(intr_info), > + if (KVM_BUG(!is_external_intr(intr_info), vcpu->kvm, > "KVM: unexpected VM-Exit interrupt info: 0x%x", intr_info)) > return; > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 17f4995e80a7..672eb5142b34 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -8363,6 +8363,10 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) > bool req_immediate_exit = false; > > if (kvm_request_pending(vcpu)) { > + if (kvm_check_request(KVM_REQ_VM_BUGGED, vcpu)) { Do we want to allow userspace to continue executing the guest or should we make KVM_REQ_VM_BUGGED permanent by replacing kvm_check_request() with kvm_test_request()? > + r = -EIO; > + goto out; > + } > if (kvm_check_request(KVM_REQ_GET_VMCS12_PAGES, vcpu)) { > if (unlikely(!kvm_x86_ops.nested_ops->get_vmcs12_pages(vcpu))) { > r = 0; -- Vitaly _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel