When CONFIG_PARAVIRT is enabled, the kernel is ignoring exceptions on
the {rd,wr}msr instructions. This makes serious issues (either on the
guest kernel, or on the host) be silently ignored, and is different from
the native MSR code (which does not ignore the exceptions).
As paravirt.h already includes linux/bug.h, I don't see what was the
original issue preventing BUG_ON from being used.
Change rdmsr(), wrmsr(), and rdmsrl() to BUG_ON() on errors.
Signed-off-by: Eduardo Habkost <[email protected]>
---
* Build-tested using allyesconfig, with no build errors.
* Tested by being able to detect the following host bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1025868
(#GP exception on wrmsr(0x410, 0xfffffffffffffbff) during MCE
initialization)
---
arch/x86/include/asm/paravirt.h | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index cd6e161..7d42ca4 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -133,24 +133,27 @@ static inline int paravirt_write_msr(unsigned msr, unsigned low, unsigned high)
return PVOP_CALL3(int, pv_cpu_ops.write_msr, msr, low, high);
}
-/* These should all do BUG_ON(_err), but our headers are too tangled. */
#define rdmsr(msr, val1, val2) \
do { \
int _err; \
u64 _l = paravirt_read_msr(msr, &_err); \
+ BUG_ON(_err); \
val1 = (u32)_l; \
val2 = _l >> 32; \
} while (0)
-#define wrmsr(msr, val1, val2) \
-do { \
- paravirt_write_msr(msr, val1, val2); \
+#define wrmsr(msr, val1, val2) \
+do { \
+ int _err; \
+ _err = paravirt_write_msr(msr, val1, val2); \
+ BUG_ON(_err); \
} while (0)
#define rdmsrl(msr, val) \
do { \
int _err; \
val = paravirt_read_msr(msr, &_err); \
+ BUG_ON(_err); \
} while (0)
#define wrmsrl(msr, val) wrmsr(msr, (u32)((u64)(val)), ((u64)(val))>>32)
--
1.9.3
On 07/28/2014 12:04 PM, Eduardo Habkost wrote:
> When CONFIG_PARAVIRT is enabled, the kernel is ignoring exceptions on
> the {rd,wr}msr instructions. This makes serious issues (either on the
> guest kernel, or on the host) be silently ignored, and is different from
> the native MSR code (which does not ignore the exceptions).
>
> As paravirt.h already includes linux/bug.h, I don't see what was the
> original issue preventing BUG_ON from being used.
>
> Change rdmsr(), wrmsr(), and rdmsrl() to BUG_ON() on errors.
How much does this bloat the kernel?
#include <stdparavirtrant.h>
-hpa
On Mon, Jul 28, 2014 at 12:18:10PM -0700, H. Peter Anvin wrote:
> On 07/28/2014 12:04 PM, Eduardo Habkost wrote:
> > When CONFIG_PARAVIRT is enabled, the kernel is ignoring exceptions on
> > the {rd,wr}msr instructions. This makes serious issues (either on the
> > guest kernel, or on the host) be silently ignored, and is different from
> > the native MSR code (which does not ignore the exceptions).
> >
> > As paravirt.h already includes linux/bug.h, I don't see what was the
> > original issue preventing BUG_ON from being used.
> >
> > Change rdmsr(), wrmsr(), and rdmsrl() to BUG_ON() on errors.
>
> How much does this bloat the kernel?
It seems to add 8 bytes to each {wr,rd}msr() call (4 extra instructions:
test, jmp, ud2, jmp).
allyesconfig, paravirt enabled, before:
text data bss dec hex filename
108368312 23500872 55705600 187574784 b2e2a00 vmlinux
allyesconfig, paravirt enabled, after:
text data bss dec hex filename
108384438 23500904 55717888 187603230 b2e991e vmlinux
allyesconfig vmlinux is 28446 bytes larger.
An alternative is to add read_msr_unsafe() & write_msr_unsafe() fields
to pv_cpu_ops, pointing to native_read_msr() & native_write_msr().
--
Eduardo
As much as I hate adding new pvops, it might be the better answer, especially since those are the real native ops.
On July 28, 2014 1:39:55 PM PDT, Eduardo Habkost <[email protected]> wrote:
>On Mon, Jul 28, 2014 at 12:18:10PM -0700, H. Peter Anvin wrote:
>> On 07/28/2014 12:04 PM, Eduardo Habkost wrote:
>> > When CONFIG_PARAVIRT is enabled, the kernel is ignoring exceptions
>on
>> > the {rd,wr}msr instructions. This makes serious issues (either on
>the
>> > guest kernel, or on the host) be silently ignored, and is different
>from
>> > the native MSR code (which does not ignore the exceptions).
>> >
>> > As paravirt.h already includes linux/bug.h, I don't see what was
>the
>> > original issue preventing BUG_ON from being used.
>> >
>> > Change rdmsr(), wrmsr(), and rdmsrl() to BUG_ON() on errors.
>>
>> How much does this bloat the kernel?
>
>It seems to add 8 bytes to each {wr,rd}msr() call (4 extra
>instructions:
>test, jmp, ud2, jmp).
>
>allyesconfig, paravirt enabled, before:
>
> text data bss dec hex filename
>108368312 23500872 55705600 187574784 b2e2a00
>vmlinux
>
>allyesconfig, paravirt enabled, after:
>
> text data bss dec hex filename
>108384438 23500904 55717888 187603230 b2e991e
>vmlinux
>
>allyesconfig vmlinux is 28446 bytes larger.
>
>An alternative is to add read_msr_unsafe() & write_msr_unsafe() fields
>to pv_cpu_ops, pointing to native_read_msr() & native_write_msr().
--
Sent from my mobile phone. Please pardon brevity and lack of formatting.