xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Julien Grall <julien.grall@arm.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>, xen-devel@lists.xen.org
Cc: sstabellini@kernel.org, andre.przywara@linaro.org
Subject: Re: [PATCH 0/3] xen/arm: Inject an exception to the guest rather than crashing it
Date: Tue, 30 Jan 2018 18:46:58 +0000	[thread overview]
Message-ID: <381dfde4-bf8e-0008-3c41-a7f8b143b721@arm.com> (raw)
In-Reply-To: <b6abd6f2-92cf-8bb4-2d96-681a198fb375@citrix.com>

Hi,

On 30/01/18 18:29, Andrew Cooper wrote:
> On 30/01/18 17:00, Julien Grall wrote:
>>
>>
>> On 30/01/18 16:38, Andrew Cooper wrote:
>>> On 30/01/18 16:14, Julien Grall wrote:
>>>> Hi all,
>>>>
>>>> This small series replaces all call to domain_crash_synchronous by
>>>> injecting
>>>> an exception to the guest.
>>>>
>>>> This will result to a nicer trace from the guest (no need to
>>>> manually walk
>>>> the stack) and give a chance to the guest to give a bit more
>>>> information on
>>>> what it was doing.
>>>>
>>>> Cheers,
>>>>
>>>> Julien Grall (3):
>>>>     xen/arm: io: Distinguish unhandled IO from aborted one
>>>>     xen/arm: Don't crash domain on bad MMIO emulation
>>>>     xen/arm: Don't crash the domain on invalid HVC immediate
>>>
>>> Thanks.
>>>
>>> I don't feel qualified to review these, but some notes.
>>>
>>> Patch 1.  s/avodi/avoid/ in the commit message
>>>
>>> Patches 2 and 3.  You probably want to convert the printks to
>>> gdprintk()s, otherwise guests can choke up the ratelimited log.  Doing
>>> so will also mean that the vcpu will be identified consistently, which
>>> it isn't currently.
>> We didn't use g*printk because it would be more confusing to print the
>> current vCPU in some cases (e.g when accessing the re-distributor of
>> another vCPU) or does not matter (e.g for ITS).
> 
> In the former case, you'd want to print both current, and the target
> vcpu.  The latter still matters what current is if something goes wrong.
> 
> We have plenty of similar cases in x86, but at the point you are
> printing an diagnostic message, ignoring current is almost always the
> wrong think to do.

I will look at it on another series.

> 
>>
>> The problem with the debug version is those information are actually
>> quite useful in non-debug build. We found quite a few issues thanks to
>> them.
>>
>> I think it would make more sense for Xen to provide per-guest
>> ratelimited than hiding those messages in non-debug build.
> 
> Per guest is quite a lot more complicated than global, and would still
> require a global limit to prevent a concerted attack from multiple
> guests to avoid DoSing the system.
> 
> Debug vs unilateral is your prerogative as a maintainer, but as you've
> said yourself, the are used for debugging purposes, which proves my point.

So on x86, you always request the user to reproduce it with debug build 
enable?

Stefano, what's your opinion here?

Cheers,

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  reply	other threads:[~2018-01-30 18:46 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-30 16:14 [PATCH 0/3] xen/arm: Inject an exception to the guest rather than crashing it Julien Grall
2018-01-30 16:14 ` [PATCH 1/3] xen/arm: io: Distinguish unhandled IO from aborted one Julien Grall
2018-01-30 18:14   ` Stefano Stabellini
2018-01-30 18:31     ` Julien Grall
2018-01-30 19:09       ` Stefano Stabellini
2018-01-31 12:17         ` Julien Grall
2018-02-01  0:39           ` Stefano Stabellini
2018-01-30 16:14 ` [PATCH 2/3] xen/arm: Don't crash domain on bad MMIO emulation Julien Grall
2018-01-30 18:18   ` Stefano Stabellini
2018-01-30 16:14 ` [PATCH 3/3] xen/arm: Don't crash the domain on invalid HVC immediate Julien Grall
2018-01-30 18:24   ` Stefano Stabellini
2018-01-30 18:26     ` Julien Grall
2018-01-30 16:38 ` [PATCH 0/3] xen/arm: Inject an exception to the guest rather than crashing it Andrew Cooper
2018-01-30 17:00   ` Julien Grall
2018-01-30 18:29     ` Andrew Cooper
2018-01-30 18:46       ` Julien Grall [this message]
2018-01-30 19:09         ` Andrew Cooper
2018-01-30 19:21         ` Stefano Stabellini
2018-01-30 19:23           ` Andrew Cooper
2018-01-31 11:53           ` Julien Grall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=381dfde4-bf8e-0008-3c41-a7f8b143b721@arm.com \
    --to=julien.grall@arm.com \
    --cc=andre.przywara@linaro.org \
    --cc=andrew.cooper3@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).