On Sun, May 24, 2020 at 8:33 PM Tian, Kevin <kevin.t...@intel.com> wrote: > > > From: Lengyel, Tamas <tamas.leng...@intel.com> > > Sent: Saturday, May 23, 2020 12:34 AM > > > > When running shallow forks without device models it may be undesirable for > > Xen > > what is shallow forks? and why interrupt injection is not desired without > device model? If it means just without Qemu thing, you still get local APIC > interrupts such as timers, PMI, etc.
I refer to shallow forks as VM forks that run without a device model (ie. QEMU). Effectively these are domains that run only with CPU and memory, both of which are copied from the parent VM as needed. When an interrupt is injected into a VM fork (because its state is copied from a parent where an interrupt might be pending) the interrupt handler might want to talk to the device model which is not present for the fork. In such situations the VM fork ends up executing the interrupt handler instead of the code we want to fuzz, which we want to avoid for obvious reasons. > > > to inject interrupts. With Windows forks we have observed the kernel going > > into > > infinite loops when trying to process such interrupts, likely because it > > attempts > > what is the relationship between shallow forks and windows forks then? They are the same, but we only observed this behavior with Windows forks. > > > to interact with devices that are not responding without QEMU running. By > > disabling interrupt injection the fuzzer can exercise the target code > > without > > interference. > > what is the fuzzer? https://github.com/intel/kernel-fuzzer-for-xen-project/ > > > > > Forks & memory sharing are only available on Intel CPUs so this only applies > > to vmx. > > I feel lots of background is missing thus difficult to judge whether below > change > is desired... You may find the VM forking series worthwhile to review to get some context: https://lists.xenproject.org/archives/html/xen-devel/2020-04/msg01162.html. In a nutshell, it's an experimental feature geared towards fuzzing and it's disabled by default (note that it's gated on CONFIG_MEM_SHARING being enabled). Tamas
