Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp598126ybe; Thu, 5 Sep 2019 02:57:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqwKx3+njeLrvwCGmxVNJotRXT5HJqYA4qneZ5XCFw95u/WasbYYPL3QM7haTfCHyGohtx+A X-Received: by 2002:a17:902:a418:: with SMTP id p24mr2490081plq.259.1567677440515; Thu, 05 Sep 2019 02:57:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567677440; cv=none; d=google.com; s=arc-20160816; b=Jm4nZpFi83rKrHBdBp+F0ijaUnwu9Z7gKWUmumXy0FUrZa1PqD3PfrgQu32ZybY0Ww pXzpvYfrmaFnQMlPgpc706E/IrtpR5m2i25cMPKtHTvnvdWr4aucfR6NvdRtqkJJQ8ut X1afmt12ZA78k6wYMcaBSqvBgE9gvKSzDnbgZ3rIwTZHGpJ59osBCBCB6UAqOcc7qxXO W4I3XxFG/aIINnuwJx1u62UYJtAVhaygrflVN9OMyvRmIfD89N9qcnZHL0NmgVGVpiDt cOtXMpUQ70WuxkZ23TxdTwPCvVZR/fpmmxtkP0WK9YQShlhGPY48mTy/ao7wqWC3VO5H 7Itw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=3+pXSRqOqGswZRnEhSy741jNtjPPKcx2SpYMkMBJZWc=; b=rvTlXEaT3U6Hi2gzX78ILQz9OtqKs3aZPch9EunxyVKRf7SvhuCGl1+PdEXlw6KMEQ DBDkNFNqFaDtmYSQxk8u0sEV1L/chWDYKN1Z6goDfo0kA+R/bVVGAG0C6xDko/fD1+zP dXEKdP6GpUP++oxVRP3U69gT5ie6AZluYF7Dz1teZGgeKl2mItVEUFl8MLZoB+9TK5xn RhRE1TOU/25fHCSoRQZ4VfVcHkh0tjLBPFOZ7MogcAc+zpIsHVKr6mLERWXqsm2/gHsH swmsA5oEVg2SP7/YQaE7jo3n9j+ReKyYhV/yYkH9s2MNpLGX/yeTl1x1y+1bnv28eNlg YcRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x188si1606935pfd.55.2019.09.05.02.57.02; Thu, 05 Sep 2019 02:57:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732130AbfIEIZG (ORCPT + 99 others); Thu, 5 Sep 2019 04:25:06 -0400 Received: from foss.arm.com ([217.140.110.172]:39202 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726115AbfIEIZF (ORCPT ); Thu, 5 Sep 2019 04:25:05 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0EF7C337; Thu, 5 Sep 2019 01:25:05 -0700 (PDT) Received: from localhost (e113682-lin.copenhagen.arm.com [10.32.144.41]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 94E2A3F67D; Thu, 5 Sep 2019 01:25:04 -0700 (PDT) Date: Thu, 5 Sep 2019 10:25:03 +0200 From: Christoffer Dall To: Peter Maydell Cc: Marc Zyngier , Daniel P =?utf-8?B?LiBCZXJyYW5nw6k=?= , Heinrich Schuchardt , lkml - Kernel Mailing List , Stefan Hajnoczi , kvmarm@lists.cs.columbia.edu, arm-mail-list Subject: Re: [PATCH 1/1] KVM: inject data abort if instruction cannot be decoded Message-ID: <20190905082503.GB4320@e113682-lin.lund.arm.com> References: <20190904180736.29009-1-xypron.glpk@gmx.de> <86r24vrwyh.wl-maz@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 05, 2019 at 09:16:54AM +0100, Peter Maydell wrote: > On Thu, 5 Sep 2019 at 09:04, Marc Zyngier wrote: > > How can you tell that the access would fault? You have no idea at that > > stage (the kernel doesn't know about the MMIO ranges that userspace > > handles). All you know is that you're faced with a memory access that > > you cannot emulate in the kernel. Injecting a data abort at that stage > > is not something that the architecture allows. > > To be fair, locking up the whole CPU (which is effectively > what the kvm_err/ENOSYS is going to do to the VM) isn't > something the architecture allows either :-) > > > Of course, the best thing would be to actually fix the guest so that > > it doesn't use non-emulatable MMIO accesses. In general, that the sign > > of a bug in low-level accessors. > > This is true, but the problem is that barfing out to userspace > makes it harder to debug the guest because it means that > the VM is immediately destroyed, whereas AIUI if we > inject some kind of exception then (assuming you're set up > to do kernel-debug via gdbstub) you can actually examine > the offending guest code with a debugger because at least > your VM is still around to inspect... > Is it really going to be easier to debug a guest that sees behavior which may not be architecturally correct? For example, seeing a data abort on an access to an MMIO region because the guest used a strange instruction? I appreaciate that the current way we handle this is confusing and has led many people down a rabbit hole, so we should do better. Would a better approach not be to return to userspace saying, "we can't handle this in the kernel, you decide", without printing the dubious kernel error message. Then user space could suspend the VM and print a lenghty explanation of all the possible problems there could be, or re-inject something back into the guest, or whatever, for a particular environment. Thoughts? Thanks, Christoffer