Re: large page support for kvm

[Avi Kivity <avi@qumranet.com>]

Marcelo Tosatti wrote:
>>>  
>>>       
>> I don't follow. Can you describe the scenario in more detail? The state 
>> of the guest and shadow page tables, and what actually happens?
>>     
>
> Have a kernel level-3 table at guest physical address 0x2800000.
> The kernel direct translation which maps to that address is
> 0xffff810002800000.
>
> The problem will occur if an instruction which can't be emulated
> attempts to write via 0xffff810002800000 (optionally +4KB), with the
> 3-level table not yet shadowed.
>
> What happens then is:
>
> - mmu_page_fault()
> - is_largepage_backed() finds no entry in the 0x2800000+2MB
> shadow page count, happily saying its OK to use a largepage.
> - shadow the 4-level entry
> - shadow the 3-level entry (at 0x2800000).
> - mmu_set_spte() sets the 2MB translation to be read-only, pt_write=1.
> - the instruction emulation fails (because its not supported).
> - kvm_mmu_unprotect_page() zaps the 3-level shadow table at 0x2800000.
> - repeat 
>
> Thinking this was an issue related to largepages only I decided to never
> have 2MB forced-read-only pages around.
>
> But I just noted that the same issue happens with 4kB pages too, even
> though the chance of having one of the roots cached in the area being
> mapped is much larger with 2MB pages.
>
> I could not reproduce this anymore (though I have logs of that happening
> on a stock kernel, attached), but a modified kernel allocating the
> 3-level entries at the proper place and writing to one of them through
> the virtual mapping with an instruction which can't be emulated triggers
> the issue (and its a valid scenario).
>
> That said, it does not seem this problem should be dealt with in this
> largepage patch (it can be made comparable to the current problem if we
> never attempt to emulate instructions when a forced-read-only large page
> is instantiated).
>
> Do you see any way to fix that?
>   

A write to page that is a page table that also maps the instruction 
itself or one of the operands must be emulated.  The best fix IMO is to 
implement the missing instruction in the emulator (I'm surprised we have 
such a missing instruction, btw, I thought it was reasonably complete 
wrt paging).

There are other potential fixes, like single-stepping the instruction in 
the guest and re-shadowing the page, but they are a can of worms and I 
don't think we want to go that way.

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/