From: Thomas Gleixner <tglx@linutronix.de>
To: Nadav Amit <nadav.amit@gmail.com>, Peter Zijlstra <peterz@infradead.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
Steven Rostedt <rostedt@goodmis.org>,
LKML <linux-kernel@vger.kernel.org>,
Sean Christopherson <sean.j.christopherson@intel.com>,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com, x86@kernel.org,
kenny@panix.com, jeyu@kernel.org, rasmus.villemoes@prevas.dk,
fenghua.yu@intel.com, xiaoyao.li@intel.com,
thellstrom@vmware.com, tony.luck@intel.com,
gregkh@linuxfoundation.org, jannh@google.com,
keescook@chromium.org, David.Laight@aculab.com,
dcovelli@vmware.com, mhiramat@kernel.org
Subject: Re: [PATCH 4/4] x86,module: Detect CRn and DRn manipulation
Date: Thu, 09 Apr 2020 23:13:22 +0200 [thread overview]
Message-ID: <87imi8pdl9.fsf@nanos.tec.linutronix.de> (raw)
In-Reply-To: <9A25271A-71F7-4EA1-9D1C-23B53E35C281@gmail.com>
Nadav Amit <nadav.amit@gmail.com> writes:
>> On Apr 9, 2020, at 1:56 AM, Peter Zijlstra <peterz@infradead.org> wrote:
>> Speaking with my virt ignorance hat on, how impossible is it to provide
>> generic/useful VMLAUNCH/VMRESUME wrappers?
>>
>> Because a lot of what happens around VMEXIT/VMENTER is very much like
>> the userspace entry crud, as per that series from Thomas that fixes all
>> that. And surely we don't need various broken copies of that in all the
>> out-of-tree hypervisors.
>>
>> Also, I suppose if you have this, we no longer need to excempt CR2.
>
> It depends on what you mean by “VMLAUNCH/VMRESUME”. If you only consider the
> instructions themselves, as Sean did in vmx_vmenter() and vmx_vmexit(),
> there is no problem. Even if you consider saving the general purpose
> registers as done in __vmx_vcpu_run() - that’s relatively easy.
__vmx_vcpu_run() is roughly the scope, but that wont work.
Looking at the vmmon source:
Task_Switch()
1) Mask all APIC LVTs which have NMI delivery mode enabled, e.g. PERF
2) Disable interrupts
3) Disable PEBS
4) Disable PT
5) Load a magic IDT
According to comments these are stubs to catch any exception which
happens while switching over.
6) Write CR0 and CR4 directly which is "safe" as the the IDT is
redirected to the monitor stubs.
7) VMXON()
8) Invoke monitor on some magic page which switches CR3 and GDT and
clears CR4.PCIDE (at least thats what the comments claim)
The monitor code is loaded from a binary only blob and that does
the actual vmlaunch/vmresume ...
And as this runs with a completely different CR3 sharing that
code is impossible.
When returning the above is undone in reverse order and any catched
exceptions / interrupts are replayed via "int $NR".
So it's pretty much the same mess as with vbox just different and
binary. Oh well...
The "good" news is that it's not involved in any of the context tracking
stuff so RCU wont ever be affected when a vmware vCPU runs. It's not
pretty, but TBH I don't care.
Thanks,
tglx
next prev parent reply other threads:[~2020-04-09 21:13 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 11:02 [PATCH 0/4] x86/module: Out-of-tree module decode and sanitize Peter Zijlstra
2020-04-07 11:02 ` [PATCH 1/4] module: Expose load_info to arch module loader code Peter Zijlstra
2020-04-07 16:52 ` Kees Cook
2020-04-07 11:02 ` [PATCH 2/4] module: Convert module_finalize() to load_info Peter Zijlstra
2020-04-07 16:53 ` Kees Cook
2020-04-07 11:02 ` [PATCH 3/4] x86,module: Detect VMX vs SLD conflicts Peter Zijlstra
2020-04-07 14:35 ` Greg KH
2020-04-07 14:44 ` Paolo Bonzini
2020-04-07 14:55 ` Greg KH
2020-04-07 14:49 ` Steven Rostedt
2020-04-07 15:24 ` Peter Zijlstra
2020-04-07 15:28 ` Paolo Bonzini
2020-04-07 15:44 ` Greg KH
2020-04-07 16:51 ` Masami Hiramatsu
2020-04-07 17:16 ` Andrew Cooper
2020-04-07 23:59 ` Masami Hiramatsu
2020-04-08 7:25 ` Masami Hiramatsu
2020-04-07 18:26 ` kbuild test robot
2020-04-07 21:25 ` David Laight
2020-04-07 23:15 ` Kees Cook
2020-04-08 2:10 ` Xiaoyao Li
2020-04-08 8:09 ` Masami Hiramatsu
2020-04-08 9:56 ` Peter Zijlstra
2020-04-08 10:15 ` Andrew Cooper
2020-04-10 11:25 ` Masami Hiramatsu
2020-04-07 11:02 ` [PATCH 4/4] x86,module: Detect CRn and DRn manipulation Peter Zijlstra
2020-04-07 17:01 ` Kees Cook
2020-04-07 18:13 ` Peter Zijlstra
2020-04-07 18:49 ` Kees Cook
2020-04-07 18:55 ` Nadav Amit
2020-04-07 19:38 ` Peter Zijlstra
2020-04-07 20:27 ` Nadav Amit
2020-04-07 20:50 ` Peter Zijlstra
2020-04-07 21:22 ` Nadav Amit
2020-04-07 21:27 ` Peter Zijlstra
2020-04-07 22:12 ` Paolo Bonzini
2020-04-07 23:51 ` Nadav Amit
2020-04-08 8:45 ` Peter Zijlstra
2020-04-08 5:18 ` Christoph Hellwig
2020-04-07 23:15 ` Andrew Cooper
2020-04-08 0:22 ` Paolo Bonzini
2020-04-08 8:37 ` Peter Zijlstra
2020-04-08 9:52 ` Andrew Cooper
2020-04-07 21:48 ` Steven Rostedt
2020-04-08 5:58 ` Jan Kiszka
2020-04-08 8:03 ` Paolo Bonzini
2020-04-08 8:58 ` Jan Kiszka
2020-04-08 9:04 ` Paolo Bonzini
2020-04-08 10:45 ` Jan Kiszka
2020-04-08 8:51 ` Peter Zijlstra
2020-04-08 8:59 ` Jan Kiszka
2020-04-08 9:25 ` David Laight
2020-04-08 11:13 ` Jan Kiszka
2020-04-08 11:17 ` David Laight
2020-04-08 9:13 ` Peter Zijlstra
2020-04-08 10:50 ` Jan Kiszka
2020-04-08 13:27 ` Steven Rostedt
2020-04-08 15:44 ` Peter Zijlstra
2020-04-08 15:46 ` Christoph Hellwig
2020-04-08 16:02 ` Sean Christopherson
2020-04-08 16:15 ` Paolo Bonzini
2020-04-09 8:56 ` Peter Zijlstra
2020-04-09 10:13 ` Nadav Amit
2020-04-09 21:13 ` Thomas Gleixner [this message]
2020-04-09 22:18 ` Steven Rostedt
2020-04-10 5:37 ` Nadav Amit
2020-04-08 15:54 ` Jessica Yu
2020-04-07 17:23 ` [PATCH 0/4] x86/module: Out-of-tree module decode and sanitize Andrew Cooper
2020-04-07 19:41 ` Peter Zijlstra
2020-04-07 20:11 ` Andrew Cooper
2020-04-07 20:45 ` Peter Zijlstra
2020-04-07 21:21 ` Andrew Cooper
2020-04-07 20:21 ` Andrew Cooper
2020-04-07 20:48 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87imi8pdl9.fsf@nanos.tec.linutronix.de \
--to=tglx@linutronix.de \
--cc=David.Laight@aculab.com \
--cc=bp@alien8.de \
--cc=dcovelli@vmware.com \
--cc=fenghua.yu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=jeyu@kernel.org \
--cc=keescook@chromium.org \
--cc=kenny@panix.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=nadav.amit@gmail.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rasmus.villemoes@prevas.dk \
--cc=rostedt@goodmis.org \
--cc=sean.j.christopherson@intel.com \
--cc=thellstrom@vmware.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox