From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [PATCH 3/3] Reenter guest after instruction emulation failure if emulation was due to access to non-mmio address. Date: Thu, 08 Jul 2010 12:06:23 +0300 Message-ID: <4C35950F.8010602@redhat.com> References: <1278523006-21645-1-git-send-email-gleb@redhat.com> <1278523006-21645-3-git-send-email-gleb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: mtosatti@redhat.com, kvm@vger.kernel.org To: Gleb Natapov Return-path: Received: from mx1.redhat.com ([209.132.183.28]:36068 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754762Ab0GHJGZ (ORCPT ); Thu, 8 Jul 2010 05:06:25 -0400 Received: from int-mx08.intmail.prod.int.phx2.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o6896P1r026734 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 8 Jul 2010 05:06:25 -0400 Received: from cleopatra.tlv.redhat.com (cleopatra.tlv.redhat.com [10.35.255.11]) by int-mx08.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o6896O9P005497 for ; Thu, 8 Jul 2010 05:06:24 -0400 In-Reply-To: <1278523006-21645-3-git-send-email-gleb@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 07/07/2010 08:16 PM, Gleb Natapov wrote: > When shadow pages are in use sometimes KVM try to emulate an instruction > when it accesses a shadowed page. If emulation fails KVM un-shadows the > page and reenter guest to allow vcpu to execute the instruction. If page > is not in shadow page hash KVM assumes that this was attempt to do MMIO > and reports emulation failure to userspace since there is no way to fix > the situation. This logic has a race though. If two vcpus tries to write > to the same shadowed page simultaneously both will enter emulator, but > only one of them will find the page in shadow page hash since the one who > founds it also removes it from there, so another cpu will report failure > to userspace and will abort the guest. > > Fix this by checking (in addition to checking shadowed page hash) that > page that caused the emulation belongs to valid memory slot. If it is > then reenter the guest to allow vcpu to reexecute the instruction. > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 7070b41..dd7b241 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -4000,6 +4000,8 @@ int emulate_instruction(struct kvm_vcpu *vcpu, > if (r) { > if (kvm_mmu_unprotect_page_virt(vcpu, cr2)) > return EMULATE_DONE; > + if (!kvm_is_error_hva(gfn_to_hva(vcpu->kvm, cr2))) > + return EMULATE_DONE; > cr2 is a gva, not a gfn. cr2 is not always valid, but I guess that's for a later patch. > if (emulation_type& EMULTYPE_SKIP) > return EMULATE_FAIL; > return handle_emulation_failure(vcpu); > @@ -4026,6 +4028,8 @@ restart: > */ > if (kvm_mmu_unprotect_page_virt(vcpu, cr2)) > return EMULATE_DONE; > + if (!kvm_is_error_hva(gfn_to_hva(vcpu->kvm, cr2))) > + return EMULATE_DONE; > > Code is duplicated. Helper? > return handle_emulation_failure(vcpu); > } > -- error compiling committee.c: too many arguments to function