From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@qumranet.com>
Subject: Re: [patch 4/5] KVM: ignore zapped root pagetables
Date: Sun, 17 Feb 2008 10:52:58 +0200
Message-ID: <47B7F5EA.9010208@qumranet.com>
References: <20080216220924.733723618@redhat.com>>
	<20080216221221.002948712@redhat.com>>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: kvm-devel@lists.sourceforge.net
To: Marcelo Tosatti <mtosatti@redhat.com>
Return-path: <kvm-devel-bounces@lists.sourceforge.net>
In-Reply-To: <20080216221221.002948712@redhat.com>>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel@lists.sourceforge.net>
List-Help: <mailto:kvm-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=subscribe>
Sender: kvm-devel-bounces@lists.sourceforge.net
Errors-To: kvm-devel-bounces@lists.sourceforge.net
List-Id: kvm.vger.kernel.org

Marcelo Tosatti wrote:
> Mark zapped root pagetables as invalid and ignore such pages during lookup.
>
> This is a problem with the cr3-target feature, where a zapped root table fools
> the faulting code into creating a read-only mapping. The result is a lockup
> if the instruction can't be emulated.
>   

> @@ -796,8 +797,10 @@ static void kvm_mmu_zap_page(struct kvm 
>  	if (!sp->root_count) {
>  		hlist_del(&sp->hash_link);
>  		kvm_mmu_free_page(kvm, sp);
> -	} else
> +	} else {
>  		list_move(&sp->link, &kvm->arch.active_mmu_pages);
> +		sp->role.invalid = 1;
> +	}
>  	kvm_mmu_reset_last_pte_updated(kvm)

There's an smp issue here.  You're marking a shadow page as invalid, but 
it may be currently in use by another vcpu.  So the shadow page and the 
guest page may be out of sync.

A fix is to send an IPI to all vcpus in such a situation, and request 
them to unload the mmu.

Also, we can't rely on memory pressure to flush out the invalid shadow 
pages, because for many workloads the shadow cache is large enough (the 
"mmu_recycled" counter never increments).  So a check for (root_count == 
0 && role.invalid) when decrementing root_count can help to zap those pages.

-- 
Any sufficiently difficult bug is indistinguishable from a feature.


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/