From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [PATCH 3/3] Reenter guest after instruction emulation failure if emulation was due to access to non-mmio address. Date: Thu, 08 Jul 2010 12:15:18 +0300 Message-ID: <4C359726.8090908@redhat.com> References: <1278523006-21645-1-git-send-email-gleb@redhat.com> <1278523006-21645-3-git-send-email-gleb@redhat.com> <4C35950F.8010602@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: mtosatti@redhat.com, kvm@vger.kernel.org To: Gleb Natapov Return-path: Received: from mx1.redhat.com ([209.132.183.28]:45567 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752794Ab0GHJPU (ORCPT ); Thu, 8 Jul 2010 05:15:20 -0400 Received: from int-mx05.intmail.prod.int.phx2.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.18]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o689FKSE011816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 8 Jul 2010 05:15:20 -0400 Received: from cleopatra.tlv.redhat.com (cleopatra.tlv.redhat.com [10.35.255.11]) by int-mx05.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o689FJDi013555 for ; Thu, 8 Jul 2010 05:15:20 -0400 In-Reply-To: <4C35950F.8010602@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 07/08/2010 12:06 PM, Avi Kivity wrote: > On 07/07/2010 08:16 PM, Gleb Natapov wrote: >> When shadow pages are in use sometimes KVM try to emulate an instruction >> when it accesses a shadowed page. If emulation fails KVM un-shadows the >> page and reenter guest to allow vcpu to execute the instruction. If page >> is not in shadow page hash KVM assumes that this was attempt to do MMIO >> and reports emulation failure to userspace since there is no way to fix >> the situation. This logic has a race though. If two vcpus tries to write >> to the same shadowed page simultaneously both will enter emulator, but >> only one of them will find the page in shadow page hash since the one >> who >> founds it also removes it from there, so another cpu will report failure >> to userspace and will abort the guest. >> >> Fix this by checking (in addition to checking shadowed page hash) that >> page that caused the emulation belongs to valid memory slot. If it is >> then reenter the guest to allow vcpu to reexecute the instruction. >> >> >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index 7070b41..dd7b241 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -4000,6 +4000,8 @@ int emulate_instruction(struct kvm_vcpu *vcpu, >> if (r) { >> if (kvm_mmu_unprotect_page_virt(vcpu, cr2)) >> return EMULATE_DONE; >> + if (!kvm_is_error_hva(gfn_to_hva(vcpu->kvm, cr2))) >> + return EMULATE_DONE; > > cr2 is a gva, not a gfn. btw, that will mean another page walk, so better fold into kvm_mmu_unprotect_page_virt() (which needs a new name, since it does more than unprotect a page now). Say, kvm_make_guest_writeable(). -- error compiling committee.c: too many arguments to function