[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall

To: Jan Beulich <JBeulich@xxxxxxxx>, Dongxiao Xu <dongxiao.xu@xxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Wed, 23 Jul 2014 10:09:33 +0100
Cc: "keir@xxxxxxx" <keir@xxxxxxx>, "Ian.Campbell@xxxxxxxxxx" <Ian.Campbell@xxxxxxxxxx>, "George.Dunlap@xxxxxxxxxxxxx" <George.Dunlap@xxxxxxxxxxxxx>, "stefano.stabellini@xxxxxxxxxxxxx" <stefano.stabellini@xxxxxxxxxxxxx>, "Ian.Jackson@xxxxxxxxxxxxx" <Ian.Jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, "dgdegra@xxxxxxxxxxxxx" <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Wed, 23 Jul 2014 09:10:04 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 23/07/14 08:45, Jan Beulich wrote:
>>>> On 15.07.14 at 12:00, <andrew.cooper3@xxxxxxxxxx> wrote:
>> Hmm - I am very sorry for pushing at continue_hypercall_on_cpu(), but
>> looking at the code, there is no possible way it can be made to work in
>> its current form.  It will BUG() at the second attempt to nest, making
>> it inappropriate to use.
> Not sure why - look at microcode.c's use of it, which also makes
> use of it more than once for a single hypercall.
>
> Jan
>

Eugh.  That highlights several more issues.

Any two continue_hypercall_on_cpu()'s which target the same cpu may fall
over the BUG_ON(info->nest != 0).  A microcode update and this proposed
hypercall run a very real risk of intersecting.

The vcpu_pause_nosync(curr); in continue_hypercall_on_cpu() is bogus
given the do_microcode_update() example, as it will be pausing the wrong
vcpu.

As a result, the vcpu which made the hypercall will be unpaused after
the first continue_hypercall_on_cpu() returns, which is before the
hypercall has actually completed.

Irrespective of that, copying data back to guest context from the
continue_hypercall_tasklet is in the wrong vcpu context, and likely even
the wrong domain context.

Finally, we have seen in the past that using AMD SVM with mismatched
microcode patch levels can result in hardware lockup.  The only safe way
to apply microcode in these circumstances would be to rendezvous in Xen
and update every core at once, ensuring that no SVM operations are being
performed on sibling processors.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Jan Beulich

References:
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Xu, Dongxiao
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] Xen 4.5 development update (July update)
Next by Date: Re: [Xen-devel] Commit dd6d87 breaks serial console
Previous by thread: Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
Next by thread: Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.