From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Oliver Upton <oupton@google.com>, Peter Shier <pshier@google.com>
Subject: Re: [PATCH 00/21] KVM: x86: Event/exception fixes and cleanups
Date: Tue, 29 Mar 2022 15:43:37 +0000 [thread overview]
Message-ID: <YkMpKZtwB0n7Ta5C@google.com> (raw)
In-Reply-To: <05378896d9179b1b8652c8d838c764d22aeca2fe.camel@redhat.com>
On Tue, Mar 29, 2022, Maxim Levitsky wrote:
> On Mon, 2022-03-28 at 17:50 +0000, Sean Christopherson wrote:
> > I wouldn't call that abuse, the ioctl() isn't just for migration. Not checking for
> > a pending exception is firmly a userspace bug and not something KVM should try to
> > fix.
>
> yes, but to make the right decision, the userspace has to know if there is a pending
> exception, and if there is, then merge it (which might even involve triple fault),
There's no need for userspace to ever merge exceptions unless KVM supports either
exiting to userspace on an exception that can occur during exception delivery, or
userspace itself is emulating exception delivery. Outside of debug scenarios, #PF
is likely the only exception that might ever be forwarded to userspace. But in
those scenarios, userspace is almost always going to fix the #PF and resume the
guest. If userspace doesn't fix the #PF, the guest is completely hosed because
its IDT will trigger #PF, i.e. it's headed to shutdown regardless of KVM's ABI.
VM introspection is the only use case I can think of that might possibly want to
emulate exception delivery in userspace, and VMI is a completely new set of APIs,
in no small part because supporting something like this in KVM would require far
more hooks than KVM provides.
> On top of that it is possible that pending excpetion is not intercepted by L1,
> but merged result is, so injecting the exception will cause nested VMexit,
> which is something that is hard for userspace to model.
>
> I think that the cleanest way to do this is to add new ioctl, KVM_INJECT_EXCEPTION,
> which can do the right thing in the kernel, but I am not sure that it is worth it,
> knowing that thankfully userspace doesn't inject exceptions much.
>
> >
> > For #DB, I suspect it's a non-issue. The exit is synchronous, so unless userspace
> > is deferring the reflection, which would be architecturally wrong in and of itself,
> > there can never be another pending exception.
> Could very be, but still there could be corner cases. Like what if you set data fetch
> breakpoint on a IDT entry of some exception? I guess during delivery of that exception
> there might be #DB, but I am not 100% expert on when and how #DB is generated, so
> I can't be sure.
Data #DBs are trap-like. The #DB will arrive after exception delivery completes,
i.e. will occur "on" the first instruction in the exception handler.
prev parent reply other threads:[~2022-03-29 15:43 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-11 3:27 [PATCH 00/21] KVM: x86: Event/exception fixes and cleanups Sean Christopherson
2022-03-11 3:27 ` [PATCH 01/21] KVM: x86: Return immediately from x86_emulate_instruction() on code #DB Sean Christopherson
2022-03-11 3:27 ` [PATCH 02/21] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Sean Christopherson
2022-03-11 3:27 ` [PATCH 03/21] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Sean Christopherson
2022-03-11 3:27 ` [PATCH 04/21] KVM: x86: Don't check for code breakpoints when emulating on exception Sean Christopherson
2022-03-11 3:27 ` [PATCH 05/21] KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like Sean Christopherson
2022-03-11 3:27 ` [PATCH 06/21] KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag Sean Christopherson
2022-03-11 3:27 ` [PATCH 07/21] KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) Sean Christopherson
2022-03-11 3:27 ` [PATCH 08/21] KVM: x86: Use DR7_GD macro instead of open coding check in emulator Sean Christopherson
2022-03-11 3:27 ` [PATCH 09/21] KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS Sean Christopherson
2022-03-11 3:27 ` [PATCH 10/21] KVM: nVMX: Unconditionally clear mtf_pending on nested VM-Exit Sean Christopherson
2022-03-11 3:27 ` [PATCH 11/21] KVM: VMX: Inject #PF on ENCLS as "emulated" #PF Sean Christopherson
2022-03-11 3:27 ` [PATCH 12/21] KVM: x86: Rename kvm_x86_ops.queue_exception to inject_exception Sean Christopherson
2022-03-11 3:27 ` [PATCH 13/21] KVM: x86: Make kvm_queued_exception a properly named, visible struct Sean Christopherson
2022-03-11 3:27 ` [PATCH 14/21] KVM: x86: Formalize blocking of nested pending exceptions Sean Christopherson
2022-03-11 3:27 ` [PATCH 15/21] KVM: x86: Use kvm_queue_exception_e() to queue #DF Sean Christopherson
2022-03-11 3:27 ` [PATCH 16/21] KVM: x86: Hoist nested event checks above event injection logic Sean Christopherson
2022-03-11 3:27 ` [PATCH 17/21] KVM: x86: Evaluate ability to inject SMI/NMI/IRQ after potential VM-Exit Sean Christopherson
2022-03-11 3:27 ` [PATCH 18/21] KVM: x86: Morph pending exceptions to pending VM-Exits at queue time Sean Christopherson
2022-03-11 3:27 ` [PATCH 19/21] KVM: VMX: Update MTF and ICEBP comments to document KVM's subtle behavior Sean Christopherson
2022-03-11 3:28 ` [PATCH 20/21] KVM: selftests: Use uapi header to get VMX and SVM exit reasons/codes Sean Christopherson
2022-03-11 3:28 ` [PATCH 21/21] KVM: selftests: Add an x86-only test to verify nested exception queueing Sean Christopherson
2022-03-11 16:30 ` [PATCH 00/21] KVM: x86: Event/exception fixes and cleanups Maciej S. Szmigiero
2022-03-13 9:22 ` Maxim Levitsky
2022-03-24 21:31 ` Sean Christopherson
2022-03-25 21:25 ` Maciej S. Szmigiero
2022-03-25 23:02 ` Sean Christopherson
2022-03-26 0:21 ` Maciej S. Szmigiero
2022-03-27 15:06 ` Maxim Levitsky
2022-03-28 17:50 ` Sean Christopherson
2022-03-29 10:45 ` Maxim Levitsky
2022-03-29 15:43 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YkMpKZtwB0n7Ta5C@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=oupton@google.com \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox