Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1159609pxb; Tue, 29 Mar 2022 19:01:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJztW5Ve/hjkDmZejkeX8dJ2eOSPN6LY1ZN/+RhBAZLJt8BxKcu/Kh9AoDdLoIto/gD9SO3g X-Received: by 2002:a17:90b:4b43:b0:1c9:85b0:2db8 with SMTP id mi3-20020a17090b4b4300b001c985b02db8mr2286097pjb.23.1648605667656; Tue, 29 Mar 2022 19:01:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648605667; cv=none; d=google.com; s=arc-20160816; b=JQPX9aVAMaW5QVqci1AVM/hi4+JEL4PslYP1HjmlefHrPdHvGUO+jl0lu7jwM6Q3Jz l6rouodTkcqfb/TqWcU8MnvLGal1HTnyOEVOI5I6juabo7NPtTRuj2hkCZ/z7EsvP1hS dkLc3eSLIu1q1IF4ULsmfywD2IP9lLpqmH3sRcey6Httj2E30Yzp8lEsby2EsxGoZVNa qN6X75vM/8yyAQzQpfJ9mxEuNb35KTOWJ384+U4ZShtRcARJK/i7eNR7MDo/IUbV5+Z+ mpzUK2NkxUqa3B8j5huxK5q/+S9mgIcFT55bmEJd8/Im+cugA2V7ZwQ1rb26kmxzFUZK lkFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=J43aAyOGGZvT9Vv7ZNK3e57N5DvirFPv9LjFAAhW5Zw=; b=p4P1NdvEmkZQfC/jZ+BUHqn5l58h2Af4Fusw6EJL92nXwqvKiU6fVk+n2Ha+9dNzwN gKZZ+Enj6TW0IAl4cWmnNLYgsdEr58yg/JvtVsfuXFLB8DSrFPjZGF9DCFBO9BjU+SMK ccKMWCbWWsu/hV4mKf4iO5X18A/+9lGP5VBHMTqOX7feQP2GC8huulgeOWchBGLUYcah zg3oRonXqmIeME3Ifw7TEHWnuWo17D+WxpSZ60t3Fehw6hEPpDyr/gu4Usuv5+5rYODo XsvyydMK5zbYeYnTGSj427EeQWBD8xkbV3NN/5JBf/L+0eEbELYO6o0dUm9qsT9YYgMy AReg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=tYdePrtA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l13-20020a170903120d00b001544015be4bsi21053512plh.355.2022.03.29.19.00.50; Tue, 29 Mar 2022 19:01:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=tYdePrtA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238923AbiC2Pp0 (ORCPT + 99 others); Tue, 29 Mar 2022 11:45:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234206AbiC2PpZ (ORCPT ); Tue, 29 Mar 2022 11:45:25 -0400 Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3796CBE0A for ; Tue, 29 Mar 2022 08:43:42 -0700 (PDT) Received: by mail-pl1-x635.google.com with SMTP id m18so13099930plx.3 for ; Tue, 29 Mar 2022 08:43:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=J43aAyOGGZvT9Vv7ZNK3e57N5DvirFPv9LjFAAhW5Zw=; b=tYdePrtADvRN9CmYHQ03NsvQLWogzm8wjMyWdodChxhW1IykOuUE1gJwaCdC6W3MHh lLtx4ihtUi1U9HbMvQDO1efd8SCacOechf5gNFQBdTEjk+XT1bnqmnCgrEDus4N2t3XN 6XcrAgOEGpaf8FxSc+SzL5DAF4lanwEaSbuvB85apTSLqTAijLtvtGUDWU3hTEvrU/LN n5lHUbtHrVYsg5XuTea8vAchjE7Uq33xajpmV44dMAnYogHf3RgfIL/XE6QP9TW/ZHdk dBEdsV/qI/73/NiGYwAZUZF+8jjabw1G5+1J/afFA84KZGHOJMXV5wQlthw5pEW+3s2B KlAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=J43aAyOGGZvT9Vv7ZNK3e57N5DvirFPv9LjFAAhW5Zw=; b=0GrL/d5UdNzmTgcqA15yNpgOfXjaqMm4VFdjDeulKXlhMFo+/8t8VZWop/oaSqnUgE Qa29aW7fAEwGjws7pDHng1aOV1w3uQyJJW33uCa7UcSNKudmCZ3MaQa0BAUd4OMxpPFB HKyq2JTayfC2SByr2XYo074C8CmOrYmcq+GlE5NGML2pambnQzitNCCRimWOqJhjsk1R 9wlb0Mo/XlPWt0/ga7i6sNRX0RQtfBIJuJBM7FSieIkoaRyK6Gmnfh3pumBrt5MeFIdC udrwX8SkLzUsZlb/yEHpSLDHodfnh8gA1+B3/WYAJykKJfZzWE1ez1OXntMfSV6J/T+P ECSw== X-Gm-Message-State: AOAM531bl/1c4jD3TdFAC1wuWSVwH2HhZCCmVtOdesSBRkU9yP9Ayuy8 IMgOvyLq1lExmci6Ozkdy2PNwA== X-Received: by 2002:a17:90b:1d82:b0:1c6:d549:7b94 with SMTP id pf2-20020a17090b1d8200b001c6d5497b94mr195381pjb.49.1648568621304; Tue, 29 Mar 2022 08:43:41 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id gt14-20020a17090af2ce00b001c701e0a129sm3456661pjb.38.2022.03.29.08.43.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Mar 2022 08:43:40 -0700 (PDT) Date: Tue, 29 Mar 2022 15:43:37 +0000 From: Sean Christopherson To: Maxim Levitsky Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Oliver Upton , Peter Shier Subject: Re: [PATCH 00/21] KVM: x86: Event/exception fixes and cleanups Message-ID: References: <20220311032801.3467418-1-seanjc@google.com> <08548cb00c4b20426e5ee9ae2432744d6fa44fe8.camel@redhat.com> <05378896d9179b1b8652c8d838c764d22aeca2fe.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <05378896d9179b1b8652c8d838c764d22aeca2fe.camel@redhat.com> X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 29, 2022, Maxim Levitsky wrote: > On Mon, 2022-03-28 at 17:50 +0000, Sean Christopherson wrote: > > I wouldn't call that abuse, the ioctl() isn't just for migration. Not checking for > > a pending exception is firmly a userspace bug and not something KVM should try to > > fix. > > yes, but to make the right decision, the userspace has to know if there is a pending > exception, and if there is, then merge it (which might even involve triple fault), There's no need for userspace to ever merge exceptions unless KVM supports either exiting to userspace on an exception that can occur during exception delivery, or userspace itself is emulating exception delivery. Outside of debug scenarios, #PF is likely the only exception that might ever be forwarded to userspace. But in those scenarios, userspace is almost always going to fix the #PF and resume the guest. If userspace doesn't fix the #PF, the guest is completely hosed because its IDT will trigger #PF, i.e. it's headed to shutdown regardless of KVM's ABI. VM introspection is the only use case I can think of that might possibly want to emulate exception delivery in userspace, and VMI is a completely new set of APIs, in no small part because supporting something like this in KVM would require far more hooks than KVM provides. > On top of that it is possible that pending excpetion is not intercepted by L1, > but merged result is, so injecting the exception will cause nested VMexit, > which is something that is hard for userspace to model. > > I think that the cleanest way to do this is to add new ioctl, KVM_INJECT_EXCEPTION, > which can do the right thing in the kernel, but I am not sure that it is worth it, > knowing that thankfully userspace doesn't inject exceptions much. > > > > > For #DB, I suspect it's a non-issue. The exit is synchronous, so unless userspace > > is deferring the reflection, which would be architecturally wrong in and of itself, > > there can never be another pending exception. > Could very be, but still there could be corner cases. Like what if you set data fetch > breakpoint on a IDT entry of some exception? I guess during delivery of that exception > there might be #DB, but I am not 100% expert on when and how #DB is generated, so > I can't be sure. Data #DBs are trap-like. The #DB will arrive after exception delivery completes, i.e. will occur "on" the first instruction in the exception handler.