Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls -- infrastructure

From: Avi Kivity
Date: Mon Apr 13 2009 - 02:45:45 EST

Next message: Andrew Morton: "Re: [PATCH 2/7] use smp_call_function_single() inarch/x86/kernel/acpi/cstate.c"
Previous message: KAMEZAWA Hiroyuki: "[BUGFIX][PATCH] memcg: use rcu_dereference to access mm->owner"
In reply to: H. Peter Anvin: "Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls -- infrastructure"
Next in thread: H. Peter Anvin: "Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls -- infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ingo Molnar wrote:

* Avi Kivity <avi@xxxxxxxxxx> wrote:

Ingo Molnar wrote:

Sure, go ahead and wrap them in some kind of "save and restore all registers" wrapping, but nothing fancier than that. It would just be overkill, and likely to break more than it fixes.

Yeah. I only brought up the virtualization thing as a hypothetical: "if" corrupting the main OS ever became a widespread problem. Then i made the argument that this is unlikely to happen, because Windows will be affected by it just as much. (while register state corruptions might go unnoticed much more easily, just via the random call-environment clobbering of registers by Windows itself.)

The only case where i could see virtualization to be useful is the low memory RAM corruption pattern that some people have observed.

You could easily check that by checksumming pages (or actually copying them to high memory) before the call, and verifying after the call.

Yes, we could do memory checks, and ... hey, we already do that:

bb577f9: x86: add periodic corruption check
5394f80: x86: check for and defend against BIOS memory corruption

... and i seem to be the one who implemented it! ;-)

That check resulted in logs showing the BIOS corrupting Linux memory across s2ram cycles or HDMI plug/unplug events on certain boxes (are Hollywood rootkits in the BIOS now?), and resulted in some head-scratching but not much more.

Then there's definitely no point in putting it into a container, is there? I mean, we could track down the exact instruction which caused the corruption, but how would it help us?

I don't think the effort is worth the benefit in this case, but there actually is an interesting use case for this. SMM is known to be harmful to deterministic replay games and to real time response. If we can virtualize SMM, we can increase the range of hardware on which the real time kernel is able to deliver real time guarantees.

Hey, i do have a real sweet spot for deterministic execution - but SMM, while not problem-free (like most of firmware), also has a very real role in not letting various hardware melt. So SMM should be thought of as a flexible extended arm of hardware - not some sw bit.

So i think that the memory of that SMM virtualization chapter you've almost read should be quickly erased from your mind. (Via forceful means if prompt corrective self-action is not forthcoming.)

I'll keep my remaining neurons, thanks.

--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH 2/7] use smp_call_function_single() inarch/x86/kernel/acpi/cstate.c"
Previous message: KAMEZAWA Hiroyuki: "[BUGFIX][PATCH] memcg: use rcu_dereference to access mm->owner"
In reply to: H. Peter Anvin: "Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls -- infrastructure"
Next in thread: H. Peter Anvin: "Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls -- infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]