Re: [PATCH] KVM: VMX: Enable Notify VM exit

[Tao Xu]

On 11/3/20 1:32 AM, Sean Christopherson wrote:
> On Mon, Nov 02, 2020 at 02:14:45PM +0800, Tao Xu wrote:
> > There are some cases that malicious virtual machines can cause CPU stuck
> > (event windows don't open up), e.g., infinite loop in microcode when
> > nested #AC (CVE-2015-5307). No event window obviously means no events,
> > e.g. NMIs, SMIs, and IRQs will all be blocked, may cause the related
> > hardware CPU can't be used by host or other VM.
> >
> > To resolve those cases, it can enable a notify VM exit if no
> > event window occur in VMX non-root mode for a specified amount of
> > time (notify window).
> >
> > Expose a module param for setting notify window, default setting it to
> > the time as 1/10 of periodic tick, and user can set it to 0 to disable
> > this feature.
> >
> > TODO:
> > 1. The appropriate value of notify window.
> > 2. Another patch to disable interception of #DB and #AC when notify
> > VM-Exiting is enabled.
> >
> > Co-developed-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
> > Signed-off-by: Tao Xu <tao3.xu@xxxxxxxxx>
> > Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
>
> Incorrect ordering, since you're sending the patch, you "handled" it last,
> therefore your SOB should come last, i.e.:
>
>    Co-developed-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
>    Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
>    Signed-off-by: Tao Xu <tao3.xu@xxxxxxxxx>
OK, I will correct this.