Re: [PATCH v6 2/2] i386: Add notify VM exit support

2022-09-20 Thread Chenyi Qiang
On 9/20/2022 9:59 PM, Peter Xu wrote: On Tue, Sep 20, 2022 at 01:55:20PM +0800, Chenyi Qiang wrote: @@ -5213,6 +5213,7 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) break; case KVM_EXIT_NOTIFY: ret = 0; +warn_report_once("KVM: notify windo

Re: [PATCH v6 2/2] i386: Add notify VM exit support

2022-09-20 Thread Peter Xu
On Tue, Sep 20, 2022 at 01:55:20PM +0800, Chenyi Qiang wrote: > > > @@ -5213,6 +5213,7 @@ int kvm_arch_handle_exit(CPUState *cs, struct > > > kvm_run > > > *run) > > > break; > > > case KVM_EXIT_NOTIFY: > > > ret = 0; > > > +warn_report_once("KVM: notify window wa

Re: [PATCH v6 2/2] i386: Add notify VM exit support

2022-09-19 Thread Chenyi Qiang
On 9/19/2022 11:53 PM, Peter Xu wrote: On Mon, Sep 19, 2022 at 01:46:38PM +0800, Chenyi Qiang wrote: On 9/17/2022 5:57 AM, Peter Xu wrote: On Thu, Sep 15, 2022 at 05:28:39PM +0800, Chenyi Qiang wrote: There are cases that malicious virtual machine can cause CPU stuck (due to event windows

Re: [PATCH v6 2/2] i386: Add notify VM exit support

2022-09-19 Thread Peter Xu
On Mon, Sep 19, 2022 at 01:46:38PM +0800, Chenyi Qiang wrote: > > > On 9/17/2022 5:57 AM, Peter Xu wrote: > > On Thu, Sep 15, 2022 at 05:28:39PM +0800, Chenyi Qiang wrote: > > > There are cases that malicious virtual machine can cause CPU stuck (due > > > to event windows don't open up), e.g., in

Re: [PATCH v6 2/2] i386: Add notify VM exit support

2022-09-18 Thread Xiaoyao Li
On 9/19/2022 1:46 PM, Chenyi Qiang wrote: Not sure some warning would be also useful here, but I really don't know the whole context so I can't tell whether there can easily be false positives to pollute qemu log. The false positive case is not easy to happen unless some potential issues in s

Re: [PATCH v6 2/2] i386: Add notify VM exit support

2022-09-18 Thread Chenyi Qiang
On 9/17/2022 5:57 AM, Peter Xu wrote: On Thu, Sep 15, 2022 at 05:28:39PM +0800, Chenyi Qiang wrote: There are cases that malicious virtual machine can cause CPU stuck (due to event windows don't open up), e.g., infinite loop in microcode when nested #AC (CVE-2015-5307). No event window means

Re: [PATCH v6 2/2] i386: Add notify VM exit support

2022-09-16 Thread Peter Xu
On Thu, Sep 15, 2022 at 05:28:39PM +0800, Chenyi Qiang wrote: > There are cases that malicious virtual machine can cause CPU stuck (due > to event windows don't open up), e.g., infinite loop in microcode when > nested #AC (CVE-2015-5307). No event window means no event (NMI, SMI and > IRQ) can be d

[PATCH v6 2/2] i386: Add notify VM exit support

2022-09-15 Thread Chenyi Qiang
There are cases that malicious virtual machine can cause CPU stuck (due to event windows don't open up), e.g., infinite loop in microcode when nested #AC (CVE-2015-5307). No event window means no event (NMI, SMI and IRQ) can be delivered. It leads the CPU to be unavailable to host or other VMs. Not