[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86emul: allow ->write_msr() to distinguish origins of writes

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Fri, 30 Jan 2026 15:26:12 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PqBZceQU8Si33A1G4vH33efcvvXOMvAWcQqV0kmX25A=; b=ZDOMrjuYTmx8wGp0OAVwxQsi60ndFMRWCIQSAwTm9PiJI+kSSv4rcEGeyge9lnZ/nzzKXjQsOr0/iZPCxKAjR/K4NxQRudue/QHKakuOvAAgwPsRVCr4C8YzSRqTpibswaN34ds1JjrKryezyoGQi7fUGZSVWMv28PZEF7Qq0Mfx1rXw4B+6f+JglrowQXsxmho5bUs//3jSiRcAP/k6jo+MAxVRSi3zcYsyjBE8Pz0hYVEUaPodp9cp7giyYo1gYWntjSTtQPcqbeUjxFq2GKOqqnPb9KUY2EpUmcvyQMSCnsb58y5AdulxFNVUGic+qWgJpky6Yggq9T1P2AHzdQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Re/fyCKarahq8nlKwHC/r2+q3cKOEOTHSSKu8aIkIdNjnLntWHNxAF3/YWjmWmXHe+aWgr7li/BgHUxz397j7S6qz21/jD9KtvAAe3oa8twNZb0y5fRB4K418Kdp0bGzPH8tkCiZ6rgjVCRdBrIhLSceik0d8K0VLOXVVq1CtiVXun8nWBjmQVSFK4oAcy6UbiewprbhqdY7t+kqKvIjqKPQSV6gGh+yxf+yCIYKb65+YWyj1ydr21SkfzCfZ1IKGllFfF9f2B7lTXKdoJZqROl+8+iL4RvmHf5P/lT49S6so7tqAcMh6DWqpNniGEqOVcboZJ6l1tH91HDtZqdv0Q==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Delivery-date: Fri, 30 Jan 2026 14:26:30 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri, Jan 30, 2026 at 03:01:28PM +0100, Jan Beulich wrote:
> On 30.01.2026 11:00, Roger Pau Monné wrote:
> > On Tue, Jan 27, 2026 at 11:21:06AM +0100, Jan Beulich wrote:
> >> Only explicit writes are subject to e.g. the checking of the MSR intercept
> >> bitmap, which extends to VM-event's hvm_monitor_msr(). Indicate, by way of
> >> a new boolean parameter, to the hook functions which variant it is.
> >>
> >> Fixes: 6eb43fcf8a0b ("x86emul: support SWAPGS")
> >> Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> > 
> > Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> 
> Thanks.
> 
> >> ---
> >> Later, in particular for nested, ->read_msr() may need to gain a similar
> >> parameter.
> >>
> >> Prior to nested making use of it, the new parameter is effectively dead
> >> code with VM_EVENT=n. If we accepted Misra rule 2.2, something would
> >> likely need doing about this.
> > 
> > Hm, yes, it propagates into hvm_msr_write_intercept() which then turns
> > into `if ( may_defer && false )` in the VM_EVENT=n.  But then you
> > could say the same about the code inside the if block above for the
> > VM_EVENT=n, it's also effectively unreachable code.
> 
> Unreachable and dead code are different things to Misra, though. It is my
> understanding that we deliberately permit constructs reducing to "if (0)"
> in certain configurations, relying on DCE: There's then no generated code
> for the construct, and hence nothing that cannot be reached. The
> situation is different for a parameter that has no use: Its removal (in
> the specific configuration) wouldn't alter the behavior. Hence the
> parameter and all arguments passed for it are "dead".

Yeah, I think dead is a good definition, the variable is possible
evaluated, but it's value doesn't change the flow of execution in the
VM_EVENT=n case.

> >> @@ -2427,9 +2428,10 @@ static int cf_check hvmemul_read_msr(
> >>  static int cf_check hvmemul_write_msr(
> >>      unsigned int reg,
> >>      uint64_t val,
> >> -    struct x86_emulate_ctxt *ctxt)
> >> +    struct x86_emulate_ctxt *ctxt,
> >> +    bool explicit)
> >>  {
> >> -    int rc = hvm_msr_write_intercept(reg, val, true);
> >> +    int rc = hvm_msr_write_intercept(reg, val, explicit);
> > 
> > I've wondered whether we also want to rename the parameter of
> > hvm_msr_write_intercept() into something different than may_defer.  It
> > feels weird to translate a parameter that denotes an explicit MSR
> > access into one that signals whether it's fine to defer the operation
> > or not.
> 
> I did think the same, just that - considering all use sites - I couldn't
> even come close to thinking of some sensible new name.

Let's leave as-is then.  Since maybe_defer is tied to the monitor
logic it might be helpful to give it that meaning, but I'm having a
hard time coming with a proper way to name it that's not too verbose.
Let's leave as-is for now then.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.