[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240831001538.336683-1-seanjc@google.com>
Date: Fri, 30 Aug 2024 17:15:15 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Yuan Yao <yuan.yao@...el.com>, Yuan Yao <yuan.yao@...ux.intel.com>
Subject: [PATCH v2 00/22] KVM: x86: Fix multiple #PF RO infinite loop bugs
Fix an amusing number of minor bugs that can lead to KVM putting the guest into
an infinite "retry #PF" loop, and cleanup and consolidate the unprotect+retry
paths (there are four-ish).
As a bonus, adding RET_PF_WRITE_PROTECTED obviates the need for
kvm_lookup_pfn()[*].
[*] https://lore.kernel.org/all/63c41e25-2523-4397-96b4-557394281443@redhat.com
v2:
- Gather reviews.
- Rewrite the comment for the nested NPT "fast" unprotect path to explain what
it actually handles. [Yuan]
- Drop Cc: stable for the remaining patches, as it's extremely unlikely these
fixes would actually prevent a guest from dying. [Paolo]
- Move the patch to replace PFERR_NESTED_GUEST_PAGE much earlier. [Paolo]
- Wrap indirect_shadow_pages with READ_ONCE(). [Paolo]
- Massage a few changelogs to (hopefully) fix weird wordings. [Paolo]
- Always refer directly to last_retry_{addr,eip} in comments, instead of
indirectly referencing them as "infinite loop protection". [Paolo]
- WARN if write-protection hits the MMIO cache. [Yuan]
v1: https://lore.kernel.org/all/20240809190319.1710470-1-seanjc@google.com
Sean Christopherson (22):
KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is
valid
KVM: x86/mmu: Replace PFERR_NESTED_GUEST_PAGE with a more descriptive
helper
KVM: x86/mmu: Trigger unprotect logic only on write-protection page
faults
KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected
KVM: x86: Retry to-be-emulated insn in "slow" unprotect path iff sp is
zapped
KVM: x86: Get RIP from vCPU state when storing it to last_retry_eip
KVM: x86: Store gpa as gpa_t, not unsigned long, when unprotecting for
retry
KVM: x86/mmu: Apply retry protection to "fast nTDP unprotect" path
KVM: x86/mmu: Try "unprotect for retry" iff there are indirect SPs
KVM: x86: Move EMULTYPE_ALLOW_RETRY_PF to x86_emulate_instruction()
KVM: x86: Fold retry_instruction() into x86_emulate_instruction()
KVM: x86/mmu: Don't try to unprotect an INVALID_GPA
KVM: x86/mmu: Always walk guest PTEs with WRITE access when
unprotecting
KVM: x86/mmu: Move event re-injection unprotect+retry into common path
KVM: x86: Remove manual pfn lookup when retrying #PF after failed
emulation
KVM: x86: Check EMULTYPE_WRITE_PF_TO_SP before unprotecting gfn
KVM: x86: Apply retry protection to "unprotect on failure" path
KVM: x86: Update retry protection fields when forcing retry on
emulation failure
KVM: x86: Rename
reexecute_instruction()=>kvm_unprotect_and_retry_on_failure()
KVM: x86/mmu: Subsume kvm_mmu_unprotect_page() into the and_retry()
version
KVM: x86/mmu: Detect if unprotect will do anything based on
invalid_list
KVM: x86/mmu: WARN on MMIO cache hit when emulating write-protected
gfn
arch/x86/include/asm/kvm_host.h | 14 ++-
arch/x86/kvm/mmu/mmu.c | 200 +++++++++++++++++++++++---------
arch/x86/kvm/mmu/mmu_internal.h | 3 +
arch/x86/kvm/mmu/mmutrace.h | 1 +
arch/x86/kvm/mmu/paging_tmpl.h | 2 +-
arch/x86/kvm/mmu/tdp_mmu.c | 6 +-
arch/x86/kvm/vmx/vmx.c | 5 +-
arch/x86/kvm/x86.c | 133 ++++++---------------
8 files changed, 198 insertions(+), 166 deletions(-)
base-commit: a1206bc992c3cd3f758a9b46117dfc7e59e8c10f
--
2.46.0.469.g59c65b2a67-goog
Powered by blists - more mailing lists