Re: [PATCH v9 09/17] x86/split_lock: Handle #AC exception for split lock
From: Thomas Gleixner
Date: Wed Oct 16 2019 - 10:43:48 EST
On Wed, 16 Oct 2019, Xiaoyao Li wrote:
> On 10/16/2019 7:26 PM, Paolo Bonzini wrote:
> > Old guests are prevalent enough that enabling split-lock detection by
> > default would be a big usability issue. And even ignoring that, you
> > would get the issue you describe below:
>
> Right, whether enabling split-lock detection is made by the administrator. The
> administrator is supposed to know the consequence of enabling it. Enabling it
> means don't want any split-lock happens in userspace, of course VMM softwares
> are under control.
I have no idea what you are talking about, but the whole thing is trivial
enough to describe in a decision matrix:
N | #AC | #AC enabled | SMT | Ctrl | Guest | Action
R | available | on host | | exposed | #AC |
--|-----------|-------------|-----|---------|-------|---------------------
| | | | | |
0 | N | x | x | N | x | None
| | | | | |
1 | Y | N | x | N | x | None
| | | | | |
2 | Y | Y | x | Y | Y | Forward to guest
| | | | | |
3 | Y | Y | N | Y | N | A) Store in vCPU and
| | | | | | toggle on VMENTER/EXIT
| | | | | |
| | | | | | B) SIGBUS or KVM exit code
| | | | | |
4 | Y | Y | Y | Y | N | A) Disable globally on
| | | | | | host. Store in vCPU/guest
| | | | | | state and evtl. reenable
| | | | | | when guest goes away.
| | | | | |
| | | | | | B) SIGBUS or KVM exit code
[234] need proper accounting and tracepoints in KVM
[34] need a policy decision in KVM
Now there are a two possible state transitions:
#AC enabled on host during runtime
Existing guests are not notified. Nothing changes.
#AC disabled on host during runtime
That only affects state #2 from the above table and there are two
possible solutions:
1) Do nothing.
2) Issue a notification to the guest. This would be doable at least
for Linux guests because any guest kernel which handles #AC is
at least the same generation as the host which added #AC.
Whether it's worth it, I don't know, but it makes sense at least
for consistency reasons.
For a first step I'd go for 'Do nothing'
SMT state transitions could be handled in a similar way, but I don't think
it's worth the trouble. The above should cover everything at least on a
best effort basis.
Thanks,
tglx