Eduardo Habkost
2014-Jul-28 19:04 UTC
[PATCH] x86, paravirt: BUG_ON on {rd,wr}msr exceptions
When CONFIG_PARAVIRT is enabled, the kernel is ignoring exceptions on
the {rd,wr}msr instructions. This makes serious issues (either on the
guest kernel, or on the host) be silently ignored, and is different from
the native MSR code (which does not ignore the exceptions).
As paravirt.h already includes linux/bug.h, I don't see what was the
original issue preventing BUG_ON from being used.
Change rdmsr(), wrmsr(), and rdmsrl() to BUG_ON() on errors.
Signed-off-by: Eduardo Habkost <ehabkost at redhat.com>
---
* Build-tested using allyesconfig, with no build errors.
* Tested by being able to detect the following host bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1025868
(#GP exception on wrmsr(0x410, 0xfffffffffffffbff) during MCE
initialization)
---
arch/x86/include/asm/paravirt.h | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index cd6e161..7d42ca4 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -133,24 +133,27 @@ static inline int paravirt_write_msr(unsigned msr,
unsigned low, unsigned high)
return PVOP_CALL3(int, pv_cpu_ops.write_msr, msr, low, high);
}
-/* These should all do BUG_ON(_err), but our headers are too tangled. */
#define rdmsr(msr, val1, val2) \
do { \
int _err; \
u64 _l = paravirt_read_msr(msr, &_err); \
+ BUG_ON(_err); \
val1 = (u32)_l; \
val2 = _l >> 32; \
} while (0)
-#define wrmsr(msr, val1, val2) \
-do { \
- paravirt_write_msr(msr, val1, val2); \
+#define wrmsr(msr, val1, val2) \
+do { \
+ int _err; \
+ _err = paravirt_write_msr(msr, val1, val2); \
+ BUG_ON(_err); \
} while (0)
#define rdmsrl(msr, val) \
do { \
int _err; \
val = paravirt_read_msr(msr, &_err); \
+ BUG_ON(_err); \
} while (0)
#define wrmsrl(msr, val) wrmsr(msr, (u32)((u64)(val)), ((u64)(val))>>32)
--
1.9.3
H. Peter Anvin
2014-Jul-28 19:18 UTC
[PATCH] x86, paravirt: BUG_ON on {rd,wr}msr exceptions
On 07/28/2014 12:04 PM, Eduardo Habkost wrote:> When CONFIG_PARAVIRT is enabled, the kernel is ignoring exceptions on > the {rd,wr}msr instructions. This makes serious issues (either on the > guest kernel, or on the host) be silently ignored, and is different from > the native MSR code (which does not ignore the exceptions). > > As paravirt.h already includes linux/bug.h, I don't see what was the > original issue preventing BUG_ON from being used. > > Change rdmsr(), wrmsr(), and rdmsrl() to BUG_ON() on errors.How much does this bloat the kernel? #include <stdparavirtrant.h> -hpa
Eduardo Habkost
2014-Jul-28 20:39 UTC
[PATCH] x86, paravirt: BUG_ON on {rd,wr}msr exceptions
On Mon, Jul 28, 2014 at 12:18:10PM -0700, H. Peter Anvin wrote:> On 07/28/2014 12:04 PM, Eduardo Habkost wrote: > > When CONFIG_PARAVIRT is enabled, the kernel is ignoring exceptions on > > the {rd,wr}msr instructions. This makes serious issues (either on the > > guest kernel, or on the host) be silently ignored, and is different from > > the native MSR code (which does not ignore the exceptions). > > > > As paravirt.h already includes linux/bug.h, I don't see what was the > > original issue preventing BUG_ON from being used. > > > > Change rdmsr(), wrmsr(), and rdmsrl() to BUG_ON() on errors. > > How much does this bloat the kernel?It seems to add 8 bytes to each {wr,rd}msr() call (4 extra instructions: test, jmp, ud2, jmp). allyesconfig, paravirt enabled, before: text data bss dec hex filename 108368312 23500872 55705600 187574784 b2e2a00 vmlinux allyesconfig, paravirt enabled, after: text data bss dec hex filename 108384438 23500904 55717888 187603230 b2e991e vmlinux allyesconfig vmlinux is 28446 bytes larger. An alternative is to add read_msr_unsafe() & write_msr_unsafe() fields to pv_cpu_ops, pointing to native_read_msr() & native_write_msr(). -- Eduardo