Re: [PATCH v3 3/6] KVM: Move mmu reload out of line

[Avi Kivity <avi@redhat.com>]

On 07/10/2012 06:57 AM, Xiao Guangrong wrote:
> On 07/10/2012 01:05 AM, Avi Kivity wrote:
> > Currently we check that the mmu root exits before every entry.  Use the
> > existing KVM_REQ_MMU_RELOAD mechanism instead, by making it really reload
> > the mmu, and by adding the request to mmu initialization code.
> > 
> > Signed-off-by: Avi Kivity <avi@redhat.com>
> > ---
> >  arch/x86/kvm/mmu.c |  4 +++-
> >  arch/x86/kvm/svm.c |  1 +
> >  arch/x86/kvm/x86.c | 13 +++++++------
> >  3 files changed, 11 insertions(+), 7 deletions(-)
> > 
> > diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> > index 569cd66..136d757 100644
> > --- a/arch/x86/kvm/mmu.c
> > +++ b/arch/x86/kvm/mmu.c
> > @@ -3180,7 +3180,8 @@ void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
> >  static void paging_new_cr3(struct kvm_vcpu *vcpu)
> >  {
> >  	pgprintk("%s: cr3 %lx\n", __func__, kvm_read_cr3(vcpu));
> > -	mmu_free_roots(vcpu);
> > +	kvm_mmu_unload(vcpu);
> > +	kvm_mmu_load(vcpu);
> >  }
> > 
> >  static unsigned long get_cr3(struct kvm_vcpu *vcpu)
> > @@ -3469,6 +3470,7 @@ static int init_kvm_nested_mmu(struct kvm_vcpu *vcpu)
> > 
> >  static int init_kvm_mmu(struct kvm_vcpu *vcpu)
> >  {
> > +	kvm_make_request(KVM_REQ_MMU_RELOAD, vcpu);
> >  	if (mmu_is_nested(vcpu))
> >  		return init_kvm_nested_mmu(vcpu);
> >  	else if (tdp_enabled)
> > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> > index 7a41878..d77ad8c 100644
> > --- a/arch/x86/kvm/svm.c
> > +++ b/arch/x86/kvm/svm.c
> > @@ -2523,6 +2523,7 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
> > 
> >  	if (nested_vmcb->control.nested_ctl) {
> >  		kvm_mmu_unload(&svm->vcpu);
> > +		kvm_make_request(KVM_REQ_MMU_RELOAD, &svm->vcpu);
> >  		svm->nested.nested_cr3 = nested_vmcb->control.nested_cr3;
> >  		nested_svm_init_mmu_context(&svm->vcpu);
> >  	}
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index 959e5a9..162231f 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> > @@ -5226,8 +5226,14 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
> >  		kvm_make_request(KVM_REQ_EVENT, vcpu);
> > 
> >  	if (vcpu->requests) {
> > -		if (kvm_check_request(KVM_REQ_MMU_RELOAD, vcpu))
> > +		if (kvm_check_request(KVM_REQ_MMU_RELOAD, vcpu)) {
> >  			kvm_mmu_unload(vcpu);
> > +			r = kvm_mmu_reload(vcpu);
> > +			if (unlikely(r)) {
> > +				kvm_make_request(KVM_REQ_MMU_RELOAD, vcpu);
> > +				goto out;
> > +			}
>
> Now, reload mmu is before event injecting, can below bug be triggered again?
>
> commit d8368af8b46b904def42a0f341d2f4f29001fa77
> Author: Avi Kivity <avi@redhat.com>
> Date:   Mon May 14 18:07:56 2012 +0300
>
>     KVM: Fix mmu_reload() clash with nested vmx event injection
>
>     Currently the inject_pending_event() call during guest entry happens after
>     kvm_mmu_reload().  This is for historical reasons - we used to
>     inject_pending_event() in atomic context, while kvm_mmu_reload() needs task
>     context.
>
>     A problem is that nested vmx can cause the mmu context to be reset, if event
>     injection is intercepted and causes a #VMEXIT instead (the #VMEXIT resets
>     CR0/CR3/CR4).  If this happens, we end up with invalid root_hpa, and since
>     kvm_mmu_reload() has already run, no one will fix it and we end up entering
>     the guest this way.
>
>     Fix by reordering event injection to be before kvm_mmu_reload().  Use
>     ->cancel_injection() to undo if kvm_mmu_reload() fails.
>

I haven't considered it, but I think the patch is safe.  If
init_kvm_mmu() is called as part of event injection then it will set
KVM_REQ_MMU_RELOAD and we will process the requests again before
entering the guest.

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.