Re: [PATCH V4 0/4] Fast MMIO eventfd fixes

["Michael S. Tsirkin" <mst@redhat.com>]

On Fri, Sep 11, 2015 at 11:17:33AM +0800, Jason Wang wrote:
> Hi:
> 
> This series fixes two issues of fast mmio eventfd:
> 
> 1) A single iodev instance were registerd on two buses: KVM_MMIO_BUS
>    and KVM_FAST_MMIO_BUS. This will cause double in
>    ioeventfd_destructor()
> 2) A zero length iodev on KVM_MMIO_BUS will never be found but
>    kvm_io_bus_cmp(). This will lead e.g the eventfd will be trapped by
>    qemu instead of host.
> 
> 1 is fixed by allocating two instances of iodev. 2 is fixed by ignore
> the actual length if the length of iodev is zero in kvm_io_bus_cmp().
> 
> Please review.

I think we should add a capability for fast mmio.
This way, userspace can avoid crashing buggy kernels.

> Changes from V3:
> 
> - Don't do search on two buses when trying to do write on
>   KVM_MMIO_BUS. This fixes a small regression found by vmexit.flat.
> - Since we don't do search on two buses, change kvm_io_bus_cmp() to
>   let it can find zero length iodevs.
> - Fix the unnecessary lines in tracepoint patch.
> 
> Changes from V2:
> - Tweak styles and comment suggested by Cornelia.
> 
> Changes from v1:
> - change ioeventfd_bus_from_flags() to return KVM_FAST_MMIO_BUS when
>   needed to save lots of unnecessary changes.
> 
> Jason Wang (4):
>   kvm: factor out core eventfd assign/deassign logic
>   kvm: fix double free for fast mmio eventfd
>   kvm: fix zero length mmio searching
>   kvm: add tracepoint for fast mmio
> 
>  arch/x86/kvm/trace.h |  18 ++++++++
>  arch/x86/kvm/vmx.c   |   1 +
>  arch/x86/kvm/x86.c   |   1 +
>  virt/kvm/eventfd.c   | 124 ++++++++++++++++++++++++++++++---------------------
>  virt/kvm/kvm_main.c  |   4 +-
>  5 files changed, 96 insertions(+), 52 deletions(-)
> 
> -- 
> 2.1.4