(no subject)

[Dan Aloni]

Hello,

The following two patches address an integration issue between KVM and
KGDB. The issue described in the patches can be triggered with vanilla
kernels that enable KGDB and KVM together on x86 (more specifically,
we bump into this with Fedora's 3.11 kernel from FC19).

On a kernel enabled with KGDB, running with kvm-unit-tests should
reproduce the issue. On VM hosts servers where an admin accidently
left an active KGDB, and unprivilged guest might be able to bring
the host down.

Patches apply to linux-next and earlier kernels.

[PATCH linux-next 1/2] kgdb-x86: allow to temporarily disable trap activation

[Dan Aloni]

There are some users that would like the ability of a temporary
per-cpu deactivation of the debugger trap.

More specifically, we have seen that when kvm-unit-tests runs with
kgdb enabled, the kernel halts on the debugger during the KVM x86
instruction emulation that performs a test of a division by zero,
and also during fwait.

A second patch depending on this one addresses that issue.

Signed-off-by: Dan Aloni <alonid@stratoscale.com>
Signed-off-by: Muli Ben-Yehuda <muli@stratoscale.com>
---
 arch/x86/include/asm/kgdb.h |  8 ++++++++
 arch/x86/kernel/kgdb.c      | 21 +++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/arch/x86/include/asm/kgdb.h b/arch/x86/include/asm/kgdb.h
index 332f98c..35bec81 100644
--- a/arch/x86/include/asm/kgdb.h
+++ b/arch/x86/include/asm/kgdb.h
@@ -86,4 +86,12 @@ static inline void arch_kgdb_breakpoint(void)
 extern int kgdb_ll_trap(int cmd, const char *str,
 			struct pt_regs *regs, long err, int trap, int sig);
 
+#ifdef CONFIG_KGDB
+extern void kgdb_ll_local_disable(void);
+extern void kgdb_ll_local_enable(void);
+#else
+#define kgdb_ll_local_disable() do {} while (0)
+#define kgdb_ll_local_enable() do {} while (0)
+#endif
+
 #endif /* _ASM_X86_KGDB_H */
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
index 836f832..c269ad8 100644
--- a/arch/x86/kernel/kgdb.c
+++ b/arch/x86/kernel/kgdb.c
@@ -587,6 +587,22 @@ int kgdb_ll_trap(int cmd, const char *str,
 	return __kgdb_notify(&args, cmd);
 }
 
+static DEFINE_PER_CPU(bool, kgdb_swallow_traps);
+
+void kgdb_ll_local_disable(void)
+{
+	__this_cpu_write(kgdb_swallow_traps, true);
+}
+
+EXPORT_SYMBOL(kgdb_ll_local_disable);
+
+void kgdb_ll_local_enable(void)
+{
+	__this_cpu_write(kgdb_swallow_traps, false);
+}
+
+EXPORT_SYMBOL(kgdb_ll_local_enable);
+
 static int
 kgdb_notify(struct notifier_block *self, unsigned long cmd, void *ptr)
 {
@@ -594,6 +610,11 @@ kgdb_notify(struct notifier_block *self, unsigned long cmd, void *ptr)
 	int ret;
 
 	local_irq_save(flags);
+	if (__this_cpu_read(kgdb_swallow_traps) && cmd == DIE_TRAP) {
+		local_irq_restore(flags);
+		return NOTIFY_DONE;
+	}
+
 	ret = __kgdb_notify(ptr, cmd);
 	local_irq_restore(flags);
 
-- 
1.8.3.1

[PATCH linux-next 2/2] kvm-x86: emulator: disable kgdb-x86 on fastop and fpe flush

[Dan Aloni]

We have seen that when kvm-unit-tests runs with kgdb enabled, the
kernel halts on the debugger during the KVM x86 instruction emulation
that performs a test of a division by zero, and also during fwait.

This patch adds calls that temporarily disable the debugger trap.

Signed-off-by: Dan Aloni <alonid@stratoscale.com>
Signed-off-by: Muli Ben-Yehuda <muli@stratoscale.com>
---
 arch/x86/kvm/emulate.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 07ffca0..05e8509 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -24,6 +24,7 @@
 #include "kvm_cache_regs.h"
 #include <linux/module.h>
 #include <asm/kvm_emulate.h>
+#include <asm/kgdb.h>
 #include <linux/stringify.h>
 
 #include "x86.h"
@@ -4438,6 +4439,7 @@ static int flush_pending_x87_faults(struct x86_emulate_ctxt *ctxt)
 {
 	bool fault = false;
 
+	kgdb_ll_local_disable();
 	ctxt->ops->get_fpu(ctxt);
 	asm volatile("1: fwait \n\t"
 		     "2: \n\t"
@@ -4449,6 +4451,7 @@ static int flush_pending_x87_faults(struct x86_emulate_ctxt *ctxt)
 		     _ASM_EXTABLE(1b, 3b)
 		     : [fault]"+qm"(fault));
 	ctxt->ops->put_fpu(ctxt);
+	kgdb_ll_local_enable();
 
 	if (unlikely(fault))
 		return emulate_exception(ctxt, MF_VECTOR, 0, false);
@@ -4468,10 +4471,14 @@ static int fastop(struct x86_emulate_ctxt *ctxt, void (*fop)(struct fastop *))
 	ulong flags = (ctxt->eflags & EFLAGS_MASK) | X86_EFLAGS_IF;
 	if (!(ctxt->d & ByteOp))
 		fop += __ffs(ctxt->dst.bytes) * FASTOP_SIZE;
+
+	kgdb_ll_local_disable();
 	asm("push %[flags]; popf; call *%[fastop]; pushf; pop %[flags]\n"
 	    : "+a"(ctxt->dst.val), "+d"(ctxt->src.val), [flags]"+D"(flags),
 	      [fastop]"+S"(fop)
 	    : "c"(ctxt->src2.val));
+	kgdb_ll_local_enable();
+
 	ctxt->eflags = (ctxt->eflags & ~EFLAGS_MASK) | (flags & EFLAGS_MASK);
 	if (!fop) /* exception is returned in fop variable */
 		return emulate_de(ctxt);
-- 
1.8.3.1

Re: [PATCH linux-next 2/2] kvm-x86: emulator: disable kgdb-x86 on fastop and fpe flush

[Paolo Bonzini]

Il 19/11/2013 15:53, Dan Aloni ha scritto:
> We have seen that when kvm-unit-tests runs with kgdb enabled, the
> kernel halts on the debugger during the KVM x86 instruction emulation
> that performs a test of a division by zero, and also during fwait.
> 
> This patch adds calls that temporarily disable the debugger trap.
> 
> Signed-off-by: Dan Aloni <alonid@stratoscale.com>
> Signed-off-by: Muli Ben-Yehuda <muli@stratoscale.com>
> ---
>  arch/x86/kvm/emulate.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> index 07ffca0..05e8509 100644
> --- a/arch/x86/kvm/emulate.c
> +++ b/arch/x86/kvm/emulate.c
> @@ -24,6 +24,7 @@
>  #include "kvm_cache_regs.h"
>  #include <linux/module.h>
>  #include <asm/kvm_emulate.h>
> +#include <asm/kgdb.h>
>  #include <linux/stringify.h>
>  
>  #include "x86.h"
> @@ -4438,6 +4439,7 @@ static int flush_pending_x87_faults(struct x86_emulate_ctxt *ctxt)
>  {
>  	bool fault = false;
>  
> +	kgdb_ll_local_disable();
>  	ctxt->ops->get_fpu(ctxt);
>  	asm volatile("1: fwait \n\t"
>  		     "2: \n\t"
> @@ -4449,6 +4451,7 @@ static int flush_pending_x87_faults(struct x86_emulate_ctxt *ctxt)
>  		     _ASM_EXTABLE(1b, 3b)
>  		     : [fault]"+qm"(fault));
>  	ctxt->ops->put_fpu(ctxt);
> +	kgdb_ll_local_enable();
>  
>  	if (unlikely(fault))
>  		return emulate_exception(ctxt, MF_VECTOR, 0, false);
> @@ -4468,10 +4471,14 @@ static int fastop(struct x86_emulate_ctxt *ctxt, void (*fop)(struct fastop *))
>  	ulong flags = (ctxt->eflags & EFLAGS_MASK) | X86_EFLAGS_IF;
>  	if (!(ctxt->d & ByteOp))
>  		fop += __ffs(ctxt->dst.bytes) * FASTOP_SIZE;
> +
> +	kgdb_ll_local_disable();
>  	asm("push %[flags]; popf; call *%[fastop]; pushf; pop %[flags]\n"
>  	    : "+a"(ctxt->dst.val), "+d"(ctxt->src.val), [flags]"+D"(flags),
>  	      [fastop]"+S"(fop)
>  	    : "c"(ctxt->src2.val));
> +	kgdb_ll_local_enable();
> +
>  	ctxt->eflags = (ctxt->eflags & ~EFLAGS_MASK) | (flags & EFLAGS_MASK);
>  	if (!fop) /* exception is returned in fop variable */
>  		return emulate_de(ctxt);
> 

Acked-by: Paolo Bonzini <pbonzini@redhat.com>

Re: KVM/KGDB integration

[Gleb Natapov]

Copying KGDB maintainer to get some feedback.

On Tue, Nov 19, 2013 at 04:53:28PM +0200, Dan Aloni wrote:
> Hello,
> 
> The following two patches address an integration issue between KVM and
> KGDB. The issue described in the patches can be triggered with vanilla
> kernels that enable KGDB and KVM together on x86 (more specifically,
> we bump into this with Fedora's 3.11 kernel from FC19).
> 
> On a kernel enabled with KGDB, running with kvm-unit-tests should
> reproduce the issue. On VM hosts servers where an admin accidently
> left an active KGDB, and unprivilged guest might be able to bring
> the host down.
> 
> Patches apply to linux-next and earlier kernels.

--
			Gleb.