Re: [RFC PATCH 3/3] KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM
From: Sean Christopherson
Date: Mon Sep 28 2020 - 23:53:03 EST
On Fri, Sep 25, 2020 at 11:06:10PM +0200, Paolo Bonzini wrote:
> On 25/09/20 19:12, Sean Christopherson wrote:
> >> Do we actually want to prevent *all* ioctls? E.g. when 'vm bugged'
> >> condition is triggered userspace may want to extract some information to
> >> assist debugging but even things like KVM_GET_[S]REGS will just return
> >> -EIO. I'm not sure it is generally safe to enable *everything* (except
> >> for KVM_RUN which should definitely be forbidden) so maybe your approach
> >> is preferable.
> >
> > The answer to this probably depends on the answer to the first question of
> > when it's appropriate to use KVM_BUG(). E.g. if we limit usage to fatal or
> > dangrous cases, then blocking all ioctls() is probably the right thing do do.
>
> I think usage should be limited to dangerous cases, basically WARN_ON
> level. However I agree with Vitaly that KVM_GET_* should be allowed.
Makes sense.
On the topic of feedback from Vitaly, while dredging through my mailbox I
rediscovered his suggestion of kvm->kvm_internal_bug (or maybe just
kvm->internal_bug) instead of kvm->vm_bugged[*]. Like past me, I like the
"internal" variants better.
[*] https://lkml.kernel.org/r/20190930153358.GD14693@xxxxxxxxxxxxxxx
> The other question is whether to return -EIO or KVM_EXIT_INTERNAL_ERROR.
> The latter is more likely to be handled already by userspace.
And probably less confusing for unsuspecting users. E.g. -EIO is most
likely to be interpreted as "I screwed up", whereas KVM_EXIT_INTERNAL_ERROR
will correctly be read as "KVM screwed up".