Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp1727468ybd; Thu, 27 Jun 2019 00:13:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqwRD2iv0dZGORgbvtj+bRDTEQv8fXj2LjD9jzbOg7DYhKRhVLhIYiDKrmUO4EVqE3jDWWGG X-Received: by 2002:a63:1365:: with SMTP id 37mr2284195pgt.266.1561619617411; Thu, 27 Jun 2019 00:13:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561619617; cv=none; d=google.com; s=arc-20160816; b=G92w7OJUY/47Ip1oJ5KxwH3iI8zK9SVzOEl3/62JZdGq+3l9SZhgWUdME6OoLZxsMx jwPwGKgS1CsBDi3ou5YsNmNGGo/lhc0QrS4eaAttrZy3LWryoXUoenJGFOgGdZ3ph/xm hstENBpZOKZXv6rTvOOYdxse9xpAC8h1giQFhXwEwmLY89XptGSOrDZeMmHb4SoOO3CS EmZEu4+0PHAbpqrvF26Bs68y6v6Skxf0iQAsP9pjZcUS+te83r2YGmMSy5o9RCremr9N 4dG6cUFubzjNJBmFdv5YuTX6NxHwuEjG/keebp0UEl0ujQzMCZ/OM1HdtP+4SPn1F6PG i+fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=1Gvks/bQJx3Ypm1EZ8ewq8HXb8P/PYMkZCmeqpdCahs=; b=aaPHjWGtBWAn1aW7P1HUiVElGjYe9LHuo5T0pnr3zvNMD56M9CbUlb86Z+MqkMVamg HkcKu856+XRegYVkkx6MbuGNiRFUPl6msmvgmSoVc2dd4FA04lm5uIVp/IeZbAzDKnzF onmTp3ONNLCrbdhvAhWelFyHYRix6auFw2mFl+po3DihI5rYySUGnRtIMJoEI7wxazdh JlvcaoGO0Hu6drHmOgBeka2gtfLkiBjXbdPUS+en0vBnujNxbEG8mmSPlJbzt8wOd508 jQwhGK3d/q/U6KyUeAiRN8J5FEXoA9joQuJphL0thKtoRtxqSVoopvwNFbkrCIloe3jC sblw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 65si1681809ple.240.2019.06.27.00.13.19; Thu, 27 Jun 2019 00:13:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726443AbfF0HMh (ORCPT + 99 others); Thu, 27 Jun 2019 03:12:37 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:52547 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725787AbfF0HMh (ORCPT ); Thu, 27 Jun 2019 03:12:37 -0400 Received: from p5b06daab.dip0.t-ipconnect.de ([91.6.218.171] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hgOZu-0003ul-58; Thu, 27 Jun 2019 09:12:18 +0200 Date: Thu, 27 Jun 2019 09:12:16 +0200 (CEST) From: Thomas Gleixner To: Xiaoyao Li cc: Fenghua Yu , Ingo Molnar , Borislav Petkov , H Peter Anvin , Peter Zijlstra , Andrew Morton , Dave Hansen , Paolo Bonzini , Radim Krcmar , Christopherson Sean J , Ashok Raj , Tony Luck , Dan Williams , Xiaoyao Li , Sai Praneeth Prakhya , Ravi V Shankar , linux-kernel , x86 , kvm@vger.kernel.org Subject: Re: [PATCH v9 11/17] kvm/vmx: Emulate MSR TEST_CTL In-Reply-To: Message-ID: References: <1560897679-228028-1-git-send-email-fenghua.yu@intel.com> <1560897679-228028-12-git-send-email-fenghua.yu@intel.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? A: No. Q: Should I include quotations after my reply? http://daringfireball.net/2007/07/on_top A: Yes Q: Should I trim all irrelevant context? On Thu, 27 Jun 2019, Xiaoyao Li wrote: > > Do you have any comments on this one as the policy of how to expose split lock > detection (emulate TEST_CTL) for guest changed. > > This patch makes the implementation as below: > > Host |Guest |Actual value in guest |split lock happen in guest > ------------------------------------------------------------------ > on |off | on |report #AC to userspace > |on | on |inject #AC back to guest > ------------------------------------------------------------------ > off |off | off |No #AC > |on | on |inject #AC back to guest A: Because it's way better to provide implementation details and useless references to the SDM. Q: What's the reason that this table is _NOT_ part of the changelog? > In case 2, when split lock detection of both host and guest on, if there is a > split lock is guest, it will inject #AC back to userspace. Then if #AC is from > guest userspace apps, guest kernel sends SIGBUS to userspace apps instead of > whole guest killed by host. If #AC is from guest kernel, guest kernel may > clear it's split lock bit in test_ctl msr and re-execute the instruction, then > it goes into case 1, the #AC will report to host userspace, e.g., QEMU. The real interesting question is whether the #AC on split lock prevents the actual bus lock or not. If it does then the above is fine. If not, then it would be trivial for a malicious guest to set the SPLIT_LOCK_ENABLE bit and "handle" the exception pro forma, return to the offending instruction and trigger another one. It lowers the rate, but that doesn't make it any better. The SDM is as usual too vague to be useful. Please clarify. Thanks, tglx