projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 835d8d6) | patch
x86/monitor: revert default behavior when monitoring register write events
authorTamas K Lengyel <tamas@tklengyel.com>
Tue, 9 Jun 2020 10:54:17 +0000 (12:54 +0200)
committerJan Beulich <jbeulich@suse.com>
Tue, 9 Jun 2020 10:54:17 +0000 (12:54 +0200)
commit985ba41f66a5bd39897976beb14dc1f575bdd8c2
treebd877eba0b1bf51b24f29cf6dc026238c4119ffbtree | snapshot
parent835d8d69d96aa7feb52ef7b3dd8ecf43f0807578commit | diff
x86/monitor: revert default behavior when monitoring register write events

For the last couple years we have received numerous reports from users of
monitor vm_events of spurious guest crashes when using events. In particular,
it has observed that the problem occurs when vm_events are being disabled. The
nature of the guest crash varied widely and has only occured occasionally. This
made debugging the issue particularly hard. We had discussions about this issue
even here on the xen-devel mailinglist with no luck figuring it out.

The bug has now been identified as a race-condition between register event
handling and disabling the monitor vm_event interface. The default behavior
regarding emulation of register write events is changed so that they get
postponed until the corresponding vm_event handler decides whether to allow such
write to take place. Unfortunately this can only be implemented by performing the
deny/allow step when the vCPU gets scheduled.

Due to that postponed emulation of the event if the user decides to pause the
VM in the vm_event handler and then disable events, the entire emulation step
is skipped the next time the vCPU is resumed. Even if the user doesn't pause
during the vm_event handling but exits immediately and disables vm_event, the
situation becomes racey as disabling vm_event may succeed before the guest's
vCPUs get scheduled with the pending emulation task. This has been particularly
the case with VMS that have several vCPUs as after the VM is unpaused it may
actually take a long time before all vCPUs get scheduled.

In this patch we are reverting the default behavior to always perform emulation
of register write events when the event occurs. To postpone them can be turned
on as an option. In that case the user of the interface still has to take care
of only disabling the interface when its safe as it remains buggy.

Fixes: 96760e2fba10 ('vm_event: deny register writes if refused by vm_event
reply').

Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com>
Reviewed-by: Roger Pau Monné <rogerpau@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Paul Durrant <paul@xen.org>
xen/arch/x86/hvm/hvm.c diff | blob | history
xen/arch/x86/hvm/monitor.c diff | blob | history
xen/include/asm-x86/domain.h diff | blob | history
xen/include/asm-x86/hvm/monitor.h diff | blob | history
xen/include/asm-x86/monitor.h diff | blob | history
xen/include/public/domctl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.