From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Matlack Subject: Re: [PATCH v2] kvm: x86: fix stale mmio cache bug Date: Tue, 5 Aug 2014 11:56:41 -0700 Message-ID: References: <1407186620-1999-1-git-send-email-dmatlack@google.com> <20140805003113.GA14438@kernel> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: Gleb Natapov , Paolo Bonzini , Xiao Guangrong , kvm@vger.kernel.org, x86@kernel.org, Eric Northup To: Wanpeng Li Return-path: Received: from mail-pa0-f45.google.com ([209.85.220.45]:45212 "EHLO mail-pa0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753377AbaHES5C (ORCPT ); Tue, 5 Aug 2014 14:57:02 -0400 Received: by mail-pa0-f45.google.com with SMTP id eu11so1920464pac.4 for ; Tue, 05 Aug 2014 11:57:02 -0700 (PDT) In-Reply-To: <20140805003113.GA14438@kernel> Sender: kvm-owner@vger.kernel.org List-ID: On Mon, Aug 4, 2014 at 5:31 PM, Wanpeng Li wrote: > Hi David, > On Mon, Aug 04, 2014 at 02:10:20PM -0700, David Matlack wrote: >>The following events can lead to an incorrect KVM_EXIT_MMIO bubbling >>up to userspace: >> >>(1) Guest accesses gpa X without a memory slot. The gfn is cached in >>struct kvm_vcpu_arch (mmio_gfn). On Intel EPT-enabled hosts, KVM sets >>the SPTE write-execute-noread so that future accesses cause >>EPT_MISCONFIGs. >> >>(2) Host userspace creates a memory slot via KVM_SET_USER_MEMORY_REGION >>covering the page just accessed. >> > > One question: > > Who trigger host userspace creates a mmio memslot? It will be created > just after first mmio #PF? Devices such as vga can be in modes where their memory behaves like ram and using a memslot to back the memory makes sense. In other modes, reading and writing to vga memory has side-effects and so mmio makes sense (delete memslot). Switching between these modes is a guest initiated event.