Re: [PATCH] kvm: VMX: do not use vm-exit instruction length for fast MMIO

["Michael S. Tsirkin" <mst@redhat.com>]

On Wed, Aug 16, 2017 at 06:56:25PM +0200, Radim Krčmář wrote:
> 2017-08-16 17:10+0300, Michael S. Tsirkin:
> > On Wed, Aug 16, 2017 at 03:34:54PM +0200, Paolo Bonzini wrote:
> > > Microsoft pointed out privately to me that KVM's handling of
> > > KVM_FAST_MMIO_BUS is invalid.  Using skip_emulation_instruction is invalid
> > > in EPT misconfiguration vmexit handlers, because neither EPT violations
> > > nor misconfigurations are listed in the manual among the VM exits that
> > > set the VM-exit instruction length field.
> > > 
> > > While physical processors seem to set the field, this is not architectural
> > > and is just a side effect of the implementation.  I couldn't convince
> > > myself of any condition on the exit qualification where VM-exit
> > > instruction length "has" to be defined; there are no trap-like VM-exits
> > > that can be repurposed; and fault-like VM-exits such as descriptor-table
> > > exits provide no decoding information.  So I don't really see any way
> > > to keep the full speedup.
> > > 
> > > What we can do is use EMULTYPE_SKIP; it only saves 200 clock cycles
> > > because computing the physical RIP and reading the instruction is
> > > expensive, but at least the eventfd is signaled before entering the
> > > emulator.  This saves on latency.  While at it, don't check breakpoints
> > > when skipping the instruction, as presumably any side effect has been
> > > exposed already.
> > > 
> > > Adding a hypercall or MSR write that does a fast MMIO write to a physical
> > > address would do it, but it adds hypervisor knowledge in virtio, including
> > > CPUID handling.  So it would be pretty ugly in the guest-side implementation,
> > > but if somebody wants to do it and the virtio side is acceptable to the
> > > virtio maintainers, I am okay with it.
> > > 
> > > Cc: Michael S. Tsirkin <mst@redhat.com>
> > > Cc: stable@vger.kernel.org
> > > Fixes: 68c3b4d1676d870f0453c31d5a52e7e65c7448ae
> > > Suggested-by: Radim Krčmář <rkrcmar@redhat.com>
> > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > 
> > Jason (cc) who worked on the original optimization said he can
> > work to test the performance impact.
> > I suggest we don't rush this (it's been like this for 2 years),
> > and the issue seems to be largely theoretical.
> 
> Paolo, did Microsoft point it out because they hit the bug when running
> KVM on Hyper-V?
> 
> Thanks.

Seems likely.  If we take this patch and limit it to nested virt (I
would not do just hyper-v) this would be reasonable to merge very
quickly then - maybe even in 4.13 - and we can discuss the theoretical
issue at leasure, maybe after some feedback from intel.

-- 
MST