Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls -- infrastructure

From: Avi Kivity
Date: Sun Apr 12 2009 - 14:58:57 EST

Next message: Eric W. Biederman: "Re: [PATCH 2/3] [BUGFIX] x86/x86_64: fix CPU offlining triggered inactive device IRQ interrruption"
Previous message: Jamie Lokier: "Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations"
In reply to: Ingo Molnar: "Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls --infrastructure"
Next in thread: Ingo Molnar: "Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls --infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ingo Molnar wrote:

Sure, go ahead and wrap them in some kind of "save and restore all registers" wrapping, but nothing fancier than that. It would just be overkill, and likely to break more than it fixes.

Yeah. I only brought up the virtualization thing as a hypothetical: "if" corrupting the main OS ever became a widespread problem. Then i made the argument that this is unlikely to happen, because Windows will be affected by it just as much. (while register state corruptions might go unnoticed much more easily, just via the random call-environment clobbering of registers by Windows itself.)

The only case where i could see virtualization to be useful is the low memory RAM corruption pattern that some people have observed.

You could easily check that by checksumming pages (or actually copying them to high memory) before the call, and verifying after the call.

The problem with it, it happens on s2ram transitions, and that is driven by SMM mainly - which is a hypervisor sitting on top of all the other would-be-hypervisors and thus not virtualizable.

AMD in fact has a chapter called "Containerizing Platform SMM" or words to the effect, which describes how to take a running system and drop its SMM mode into a virtualization container. I made a point of skipping over those pages with my eyes closed so I can't tell you how incredibly complex it is.

It's probably even doable on Intel, though much more difficult, due to Intel not supporting big real mode in a guest, and most SMM code using it to access memory. You'd end up running most of the code in the emulator, and performing the transitions by hand.

Of course, the VMM has to be careful not to trigger SMM itself, or much merriment ensues.

Which leaves us without a single practical case. So it's not going to happen.

I don't think the effort is worth the benefit in this case, but there actually is an interesting use case for this. SMM is known to be harmful to deterministic replay games and to real time response. If we can virtualize SMM, we can increase the range of hardware on which the real time kernel is able to deliver real time guarantees.

--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "Re: [PATCH 2/3] [BUGFIX] x86/x86_64: fix CPU offlining triggered inactive device IRQ interrruption"
Previous message: Jamie Lokier: "Re: [RFC][PATCH 8/9] vfs: Implement generic revoked file operations"
In reply to: Ingo Molnar: "Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls --infrastructure"
Next in thread: Ingo Molnar: "Re: [tip:x86/setup] x86, setup: "glove box" BIOS calls --infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]