From patchwork Sat Feb 3 00:23:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 196116 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp774243dyc; Fri, 2 Feb 2024 16:24:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IFBFrqvSzrMnll8iJeebk1BZvuIB846QHVmGLvl6QTL6kuC4n5rB2eI5eoevZafvz/PzShb X-Received: by 2002:a05:6a00:939d:b0:6db:d1b4:1b27 with SMTP id ka29-20020a056a00939d00b006dbd1b41b27mr5188158pfb.4.1706919871922; Fri, 02 Feb 2024 16:24:31 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706919871; cv=pass; d=google.com; s=arc-20160816; b=yF6fxona1otZjIcwaoUVog1NNSN+RsIdYwJVx9jje+cBA6ETxIltq+xQUGZEQfPzZ7 f+OuyFDprKL85N91NlaZZWONY5T3V8qerCDVYlu5+hi7s7TXSg7E1zSofooK7FxtQgkr V/+XVfiIFsUjun4lFja2zJb7Y2yzTRlOVFl7L5i3xQLIoS8FSLw3zQinWUC1N1AmYY0x juFbjlZE120TC4OA0gxIBpsWMKwaRQlJMfDG9vj7pCiNpX0w24GpOhVK4fClXvKna6KV zUfydnXKrtFA8KGRJmm1In9hDmaCGRGfXKB7/7ufAkoQ9nb/lSgZmXPIvzLbnOb1855a L6rg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :reply-to:dkim-signature; bh=uDSqele7NE0OONssRlZQ9urUuntmdp88j24rPAm3SJc=; fh=F60lAbnXbtO8SUzAMgvNnPFXWxWzOBhGtWM6k/JZIYQ=; b=cQvl39xU+ffVZdrAQZrBQh/ETLe0kn57kcduTei5lGEMhjAhhUGNGH/zFvzkCsTP53 RVnjgrTJib2xSpsvfkt9vi9LMWCXTCG3g/TBWGKEePYpB9PI2ctr2l6uidKIJrqBpA7P VqyabxtX2j3jQcPBnxjrOHrm50r6Op7joNz8T1wRpeVld4BdDspkXKg5B5y7yd3rknyj sC634DVkfhr+0C+r9WOAxnBLX0KyUWQ4yPgxufT5ijnRzo6vIwx7GpCXCudCTUqWyJLI K86hnsC7jNGssB5IiHxcf7fuoajxMp1/wKgh9ZTq9s0FGPfbIZszxG8eQNm3oeHybRSl 28aQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=E5M0nWAW; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50770-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50770-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCV9a3iwTbVjPBCXAGTu4cZ455bjwTozIWiQlhIoNRddizNu1ZsIRTQL545KxWFAJOpUSmkeq7Rh5Zqhfe/F+wHhwpCdyg== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id f16-20020a056a001ad000b006dbdcd88bb1si2326562pfv.44.2024.02.02.16.24.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 16:24:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-50770-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=E5M0nWAW; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50770-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50770-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 30A2B283D54 for ; Sat, 3 Feb 2024 00:24:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DC0B96FC7; Sat, 3 Feb 2024 00:23:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="E5M0nWAW" Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DCA164E for ; Sat, 3 Feb 2024 00:23:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706919830; cv=none; b=QGBXXEo1a2dzQp6pgP1586vACeyaLElhnXJ3V4YFSCcoP0kxQC6OtzA3nNyOKuvikJqPei+lSTnCPlKY2vYJaexxEUn2aqQMb4T00vSpSi8qIyUfyb0nViYy9QA4m7eQZUjayBFpKpyNJ0mSBR4QxVjMlD/cTQ3g7VEGj8Mygiw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706919830; c=relaxed/simple; bh=F3gM+mRPBb7pChqqTVYezZoTdDnp7w6wvEhOfKxw6A8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=LcU6U2cCmV/Bi0605/027EkEK7E7pK3a2HRHnaO/jPsur50IY0niR0QaSwrElIovr2P9GXzDcwWB2Z0Ddq4GZffbr1B4FTXkhMu9d9aYvKLefpaWEY8dm2kxpQ54wConzSMyOSu9W8n9/I7moenUl3JsNELveyOUWb0mlFj1h0s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=E5M0nWAW; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-290e7a0a585so2657086a91.3 for ; Fri, 02 Feb 2024 16:23:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706919828; x=1707524628; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=uDSqele7NE0OONssRlZQ9urUuntmdp88j24rPAm3SJc=; b=E5M0nWAW8IvkBQKGzVtATR37ylWds7zkYJd4IH6XutkuptQ0M4hYmSC3dQosiUo8+R HGf1LRG6sUqcCNudx7Dn77aI1u9TgHXjQHZtstHL7yF8eK2d69XMjw7h7abYnr+e0uKj sdBWRF/Jxo4Fux9X5yKCt7BanLpEkqNYdCvU0dENN+2dd912mych3zZoOiTKiRjqyefG MSNjoghukRTpA8/DWANl5E6mfJsfoKBOwU0S2QCQOwbzYQnC00U1CjL+ZKfiWRdRwVwc r+8XhjBBe1Ok5nJDGjpqRYFI2iAGja+ZHtci17sKzmy4sPPSxZ4iQdxisqsCigeptyeo sYWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706919828; x=1707524628; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uDSqele7NE0OONssRlZQ9urUuntmdp88j24rPAm3SJc=; b=WH51Qqjzao9DQoD2DLfItyYI762TUk349bFMB/bWe0RTO8iBB9u7MX+VBljE96TDvY pCIJ+Chx4/n26Xqsn6XhuJpjyCNbiKzzMQ/nms++jH8HgTdIf7JmB+WyRgTVW8VnNlQy VhQJ0y8QdhOtT7K8cxbmRpx8H691rgYpU8OgESZyWHWIQuBC0Vl+tONbidoPLm9MJ9yi pbIOYlKBxJCDzM6ildr0rKV/h5XrmOrfAYiuVoZqCQJnor9VnvSblr2JwmllzRsh09YN sxsz2+CEu+mtAOHlEKHScUSVcg0VZB44ZIizjHg8YZfZGiqSBZSqwop00vU+2NbKYQ0n Mx+g== X-Gm-Message-State: AOJu0Yx1PgSTj1Rqst5QawcaoJlzfdv4FP6v6gFHF+u9oMEWZG/WSj27 a/GPqGJhQJvNFdi6/yybHqxLnTjyLkUV4zUWXMxGg1t2RaAWrPTHtbOxg4EtfHYecMyaMwiXDFX WRA== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90b:48cd:b0:296:30e4:2c2d with SMTP id li13-20020a17090b48cd00b0029630e42c2dmr82613pjb.6.1706919827886; Fri, 02 Feb 2024 16:23:47 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 2 Feb 2024 16:23:40 -0800 In-Reply-To: <20240203002343.383056-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240203002343.383056-1-seanjc@google.com> X-Mailer: git-send-email 2.43.0.594.gd9cf4e227d-goog Message-ID: <20240203002343.383056-2-seanjc@google.com> Subject: [PATCH v2 1/4] KVM: x86/mmu: Don't acquire mmu_lock when using indirect_shadow_pages as a heuristic From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jim Mattson , Mingwei Zhang X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789835211628107571 X-GMAIL-MSGID: 1789835211628107571 From: Mingwei Zhang Drop KVM's completely pointless acquisition of mmu_lock when deciding whether or not to unprotect any shadow pages residing at the gfn before resuming the guest to let it retry an instruction that KVM failed to emulated. In this case, indirect_shadow_pages is used as a coarse-grained heuristic to check if there is any chance of there being a relevant shadow page to unprotected. But acquiring mmu_lock largely defeats any benefit to the heuristic, as taking mmu_lock for write is likely far more costly to the VM as a whole than unnecessarily walking mmu_page_hash. Furthermore, the current code is already prone to false negatives and false positives, as it drops mmu_lock before checking the flag and unprotecting shadow pages. And as evidenced by the lack of bug reports, neither false positives nor false negatives are problematic. A false positive simply means that KVM will try to unprotect shadow pages that have already been zapped. And a false negative means that KVM will resume the guest without unprotecting the gfn, i.e. if a shadow page was _just_ created, the vCPU will hit the same page fault and do the whole dance all over again, and detect and unprotect the shadow page the second time around (or not, if something else zaps it first). Reported-by: Jim Mattson Signed-off-by: Mingwei Zhang [sean: drop READ_ONCE() and comment change, rewrite changelog] Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c339d9f95b4b..2ec3e1851f2f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8787,13 +8787,7 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, /* The instructions are well-emulated on direct mmu. */ if (vcpu->arch.mmu->root_role.direct) { - unsigned int indirect_shadow_pages; - - write_lock(&vcpu->kvm->mmu_lock); - indirect_shadow_pages = vcpu->kvm->arch.indirect_shadow_pages; - write_unlock(&vcpu->kvm->mmu_lock); - - if (indirect_shadow_pages) + if (vcpu->kvm->arch.indirect_shadow_pages) kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa)); return true; From patchwork Sat Feb 3 00:23:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 196117 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp776125dyc; Fri, 2 Feb 2024 16:30:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IHoU34azVOsjGfhm6zqTcYrMjWP6HeL0NBMXTmSBW7lnR09NjNxQHW4F1mL2qcELC1yPKY/ X-Received: by 2002:a05:6358:5bd6:b0:176:9e87:412c with SMTP id i22-20020a0563585bd600b001769e87412cmr9909963rwf.7.1706920224730; Fri, 02 Feb 2024 16:30:24 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706920224; cv=pass; d=google.com; s=arc-20160816; b=y9+SRSTifEXkrZrDxTmUYv1ezq9rrvRHXPW0cANlWogTe4E+IOv6wYWB/8QZ0/Pdl9 W7oM6ZVIyt5BCZIf9SB2VOkT+nZIVLzSs6Hr2y4InIsNLRO7PlmqsqDBysCdndlE12uI tDJFNcG5pUOO58aiV6PCoJvEOs2k1ZwE65tf9UyuYcNZr9doAUmTp13NQOzdmMS0B3g1 tGZGzlKjrN/8KB/LyA01DKLH8lhpm2jZLWedzUh93mShpe8/3EzbKQFGsai1vijzyGRG aO16yu4Li7XBLzta57wiuKIOfoeTLu54A+rrXXl/VlSU3ljjAWzuY7cI+2nl0N0z6Hr0 tobQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :reply-to:dkim-signature; bh=gdrXXYnWw+bLoNL2lm3uC9b/C5lFzeIuJK5MljquSco=; fh=Isd2ITQ/sPTqp61dhvNKzC0KvmoW5QtW2fC6rXvSqFM=; b=FAO6GJ7pI//ULTilOHDEj2BJl6SsyhB/Fw5bDBvxAIvEG+GB9UWSaI47sCFnI7kOkG yQnZxUeaSugv/ATGvDMx8ZR4NILHQkdqfjqOzYS7DYLglJ0g3tFGdMlDBr79FioDqyc6 yMQosP4/puoMf0Ef3MGGuyJmPJSzPY60nEi/a7QY1a+8Fm98mhuygnJZmojpph4HA76o QgqUnZKatCZWC2cZTGgQRtysbMnIguFpZfJFuzk8fBEIQiCu9qpp9yRZQ6u0b/QZACIK xrw309ii/gpOZSP33enBQI9QJtVMYmBcpoq5ebsdaVMl4os6LeVlI4SS9VC95rAPtafZ CczA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=2EnIrlHC; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50771-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50771-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCUDqtpZnR0SswDZUYMrxea25IPqkPgaCSZRpBce/1jhBQh04rONZB+0RnOzKZW9CwbUDGsD30fz+LpyG8I8YsZicAtbig== Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id c5-20020a63da05000000b005ca4098bf5fsi2387448pgh.620.2024.02.02.16.30.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 16:30:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-50771-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=2EnIrlHC; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50771-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50771-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id E9DACB25B1D for ; Sat, 3 Feb 2024 00:24:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 960608C1D; Sat, 3 Feb 2024 00:23:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2EnIrlHC" Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0534646A4 for ; Sat, 3 Feb 2024 00:23:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706919832; cv=none; b=ErdbMh+jjJYX/CyPZDnbhL2/MV/NdpBaH54BCvmfPTwmTnR+7ftsHINvlzKI7DpHPgO/esA9MjbTEgOSWjgWBkRsKg2cJsYeDWqWbwJfLI/OGc9HsD8Htfh09cSOZcOkNi0TvDU1O5XdztUk+KDNZE5RStcMAnmV1Xvzds3FUf8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706919832; c=relaxed/simple; bh=+txod2hID5r4KzljZQHI8kZJi4ylAzG2GvBBhxnFqJs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tiZwAOujONSWAw3DIE3Z0ZdGeyNnuqcLWEkH7XGmWNzlNWY03b5XryNRrFp15zWTUUfKL7p3kNIX3gLGr/hXAWOGnEeVlnJgZgNEtfgoY0el3JsC2YF810VKN3hNOVIy4YXL0805+U5UUd+SLzXoF1l8fVoYd33n4NOj6cwrLiA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2EnIrlHC; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dc6b5d1899eso4899349276.0 for ; Fri, 02 Feb 2024 16:23:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706919830; x=1707524630; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=gdrXXYnWw+bLoNL2lm3uC9b/C5lFzeIuJK5MljquSco=; b=2EnIrlHCTa0QDVqrK5SXKWbVSnY9Q5aNcoylD8hqad54bzA+m179YKbCBskIg2/sUu J39i3Tyj35w9CR8T/ESiYE5mj8AtB3HR7/Re2s/7/EYq2q/jsKyVig49i9cxPpiomnru yPwDEECDccrwfknqvvuRNUiLVE1Y3bs+e4vdAz7otOZC18sjmpMeF2XbW+dh9PtddqkT uEsko5VPT1He9zFO19qWgfQNH6lbi9HzrmTUALmomZ8ZNznvZoKrY1+ICrL/uSW3Eihs +D/jBkD4r0V4sx45sK6rxHyvc2dgH95wTDL8mn0qKeZjssnyp+O9Rwpi3YZjvtNP9Wj9 wSqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706919830; x=1707524630; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gdrXXYnWw+bLoNL2lm3uC9b/C5lFzeIuJK5MljquSco=; b=k1K8CZ/t8yLOx6g8pHpJwR93EDyfsXfAkZWBUeJ7+rNzoXjewqyDnuzOl7k+y+2AAQ KcIRacIRDGAHIHBHG4FHsm4bbDkmihanPaDdedz41aDumYYrq7roEiIQSar4EYn0cF6y w4JAdQC0hsQm3479stsl85HJoDKwod1z2OzSv0piEmWgQtqot55HY1HTRslvKnEVtm91 L2JcsxcsdX91VgbqTqbes2wf7yxrQOw0WE5SbqaIYjgB/5/RK0/lCoHH8w/aIk4BBspI GyGhqsPV55RhXcuzNIC20WXeX6mlyqxqq3HewgskBBUwgyEwqnBSxqKXIIo20TmZrC0g smpw== X-Gm-Message-State: AOJu0YyELD6+ocW28HH/+Vo3N2MLWzz05if4fbn8Ps8klD/2nwSD5rvk rCq0lcnjTdAgTq4rhzwLoBmX1r3+2nGf9AhrIfcbMOTbbCIXgl48yzKRZyhaFitA2FPiqUxHmZA hCQ== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:2208:b0:dc6:c9e8:8b0d with SMTP id dm8-20020a056902220800b00dc6c9e88b0dmr43666ybb.1.1706919830060; Fri, 02 Feb 2024 16:23:50 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 2 Feb 2024 16:23:41 -0800 In-Reply-To: <20240203002343.383056-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240203002343.383056-1-seanjc@google.com> X-Mailer: git-send-email 2.43.0.594.gd9cf4e227d-goog Message-ID: <20240203002343.383056-3-seanjc@google.com> Subject: [PATCH v2 2/4] KVM: x86: Drop dedicated logic for direct MMUs in reexecute_instruction() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jim Mattson , Mingwei Zhang X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789835581577553080 X-GMAIL-MSGID: 1789835581577553080 Now that KVM doesn't pointlessly acquire mmu_lock for direct MMUs, drop the dedicated path entirely and always query indirect_shadow_pages when deciding whether or not to try unprotecting the gfn. For indirect, a.k.a. shadow MMUs, checking indirect_shadow_pages is harmless; unless *every* shadow page was somehow zapped while KVM was attempting to emulate the instruction, indirect_shadow_pages is guaranteed to be non-zero. Well, unless the instruction used a direct hugepage with 2-level paging for its code page, but in that case, there's obviously nothing to unprotect. And in the extremely unlikely case all shadow pages were zapped, there's again obviously nothing to unprotect. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 2ec3e1851f2f..c502121b7bee 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8785,27 +8785,27 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, kvm_release_pfn_clean(pfn); - /* The instructions are well-emulated on direct mmu. */ - if (vcpu->arch.mmu->root_role.direct) { - if (vcpu->kvm->arch.indirect_shadow_pages) - kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa)); - - return true; - } - /* - * if emulation was due to access to shadowed page table - * and it failed try to unshadow page and re-enter the - * guest to let CPU execute the instruction. + * If emulation may have been triggered by a write to a shadowed page + * table, unprotect the gfn (zap any relevant SPTEs) and re-enter the + * guest to let the CPU re-execute the instruction in the hope that the + * CPU can cleanly execute the instruction that KVM failed to emulate. */ - kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa)); + if (vcpu->kvm->arch.indirect_shadow_pages) + kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa)); /* - * If the access faults on its page table, it can not - * be fixed by unprotecting shadow page and it should - * be reported to userspace. + * If the failed instruction faulted on an access to page tables that + * are used to translate any part of the instruction, KVM can't resolve + * the issue by unprotecting the gfn, as zapping the shadow page will + * result in the instruction taking a !PRESENT page fault and thus put + * the vCPU into an infinite loop of page faults. E.g. KVM will create + * a SPTE and write-protect the gfn to resolve the !PRESENT fault, and + * then zap the SPTE to unprotect the gfn, and then do it all over + * again. Report the error to userspace. */ - return !(emulation_type & EMULTYPE_WRITE_PF_TO_SP); + return vcpu->arch.mmu->root_role.direct || + !(emulation_type & EMULTYPE_WRITE_PF_TO_SP); } static bool retry_instruction(struct x86_emulate_ctxt *ctxt, From patchwork Sat Feb 3 00:23:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 196118 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp776234dyc; Fri, 2 Feb 2024 16:30:43 -0800 (PST) X-Google-Smtp-Source: AGHT+IGehCwDduhAWni4FARbG6tA2Wa2GLF28l1O5E3AAP4/QrqQfrqDak3VCg4Q5eLMP5/qxg5C X-Received: by 2002:a05:6e02:2185:b0:363:8919:814d with SMTP id j5-20020a056e02218500b003638919814dmr12874442ila.22.1706920242769; Fri, 02 Feb 2024 16:30:42 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706920242; cv=pass; d=google.com; s=arc-20160816; b=h8i7yGFyPKEvWb6CM65bJqUru0pxp+OK8BO7lNwWb6XZG4N17oqJP2CrvwydY6tmvg YFPenNY1mzkA8706iZBxeV7MC05fWMZW1We9onZ4ALZsuATpywGh3xE6HT6TW/7eKe+y hGyp73YcsqR0PYASr52zDqz2iFH+HZAeP0Aay7l/16jt3nLFIEC+NGhi41Jgs2eQLXQV o2KWxKtTbIf6qee0mpamyXdBhIEWdYdvet3EW0HVdxea/x6luHqOaL1mSJhs+oijE+6Y lGyVA3Xqs6BIFhxw2EtQlrT/PB+TpN4E4BQyY7gte1/dYiMzkx8ICWg4Vx50aBOK9Mrr Nq/A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :reply-to:dkim-signature; bh=cwT/GAm9mwG3ErXCbNNgFODtOKZ2Q++g1RjuNuyLwPU=; fh=DDV367v4kCCr9xA31YOaPVzLZAPUaC4+J0X+1IhPYdQ=; b=s6SA+lJmOCOopD/zMCQseIP8dJGjB0T30PLG3Em2oSYFlnICJ/ymsi6o1EeIMOg9LM osnLTvVjaDsu5YRnbo8lxzHNgnG9CLyVHgEhZTGLGY9UUTxrWWQEJ3mnAeshbYYWOG3W RruuBcW3Q6mRz+XyDuDmahSQlkaUZLQhzACpaLTVVfVyQ4bcxxnhTeja7jZQvE5poapb SNtdctz5r/kt/hclDN5qASwDwp9b4R5RdSYrtFfh1Zz935W1MWyMGVOim85mWrfyDdzZ 6OeAKmMyaZiBRE2DPD1TraKsaa+oRwPh13q9sOO+2xrnwDP7tEHDAGxUdfFmd4jDCzhj xaWw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=MYQpIBes; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50772-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50772-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCVDjCzEZqIczLSo605GoWMtOenlTDb/Qh0x8F33KhE2DBM97SS+Nov4mvY8Mjc8vH0Uw6hxauVJia/ynZvl+vqHNNxMvQ== Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id r19-20020a632b13000000b005be1e55546esi2329066pgr.51.2024.02.02.16.30.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 16:30:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-50772-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=MYQpIBes; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50772-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50772-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 5C60AB26B4A for ; Sat, 3 Feb 2024 00:25:16 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E1634F51F; Sat, 3 Feb 2024 00:23:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MYQpIBes" Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AFB776FB6 for ; Sat, 3 Feb 2024 00:23:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706919834; cv=none; b=KiWjIt46STqDfa+Przzk0SPr8uFMoZSsA/XVTA6JHuL7o7wnCJJ33mRXjtOAJ/IQKd/WB5q9Hu5jtk9dy2MDVLw1NWSrLGackcZNvQpDSMqXKXgnQ07TI6TNHMcnafrsYkqZfGCDIATD2r8gPD1PbtGm2a1zcJHAm7WRMtoWi/8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706919834; c=relaxed/simple; bh=WRSYmBjqMlFqc1HY3FJ4/F7rWHbJJwswChlMeIjfn2s=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GfRN9Z/LWMM1CmIZZycIKeYpyG2bp6tQMViauWtDrVJ3xGd9pTTQkmtsezqf8kbhaGuBkRAcLVhmPMLux5tsBvkT4JbZuQ5x7TTRj47xK52uQr2N2Ms9ZqMMNqhgth8zGVfHw1M3M6noDUbQnD8S7p0GWT/fBytGqPxXCRZxj8Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MYQpIBes; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-60406626b50so58783837b3.0 for ; Fri, 02 Feb 2024 16:23:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706919832; x=1707524632; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=cwT/GAm9mwG3ErXCbNNgFODtOKZ2Q++g1RjuNuyLwPU=; b=MYQpIBesBVEjCYCp6g1CTdewc+ZsdG8kpcQH1gDUz5v/sl5O1droXSteg2xJxuamku EdEaFpdIMAp9xoHlOn0bAco/w3f2ubMxaTHbGsTQmwqsFWPiU/FWn79kS2r3G7bE9zMp m4WI0zykIV2skMPXkZB+uMyeMUA5hM6ltchfwLA2syzY+V4OPGI91q446RHFnAydkcbl vyuixMeU/6247uCJfD2c3cpeiV87jXegttCu+/ahB/0CDo8TVWXSykJEst/EMMkz9u9T ZF4Qe8y2gMQWYtIv77G3wkEdf3BH8GSNKWCRrY8he48lnBB5G6q145aR/LuqU4Yb3uKw abRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706919832; x=1707524632; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cwT/GAm9mwG3ErXCbNNgFODtOKZ2Q++g1RjuNuyLwPU=; b=eGVw7Gqx1tY2YtXTOvj0Tyv/sjdcEeZw8lnTowMZKQbE61/SXKsV5ROhGDA9MXOqL2 yY5RSp8odCpA6VYXlwdnc3wzyH+oU1GzH0W53pJBgjDlBldps1MfItVden7yNFysIrB+ NZvWoh9ckcpcfsmCq7K4R/i8IcoPGPWCbeBh8ZTmG5EpfTxlACujS7EBHSh5kLyURRD3 2irlWhRjV7rVxCAPikSMzrZeRpgGa8XM0EWNfdezo82esFt1ipIMW6tUPn4AhVg5FwwT RNpdeaFji73mL1YggHfISkJH5Aj1Yt6GsacP3QI8h1gO/kk3QL61D16gpBQRmYXQZraV GASw== X-Gm-Message-State: AOJu0YzxY1kE3c/gGN59i9M9THBtDs58QWKB0tpiEnTj6GULbotkF2th Qauk+UpU547SQQY/fSjOmAyWQoXs4Db22gJJI/QENXl/7E9StNmpzoF+PRUllJxAMmfvvMpcYWQ y1g== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:690c:9:b0:5d3:5a95:2338 with SMTP id bc9-20020a05690c000900b005d35a952338mr939298ywb.9.1706919831997; Fri, 02 Feb 2024 16:23:51 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 2 Feb 2024 16:23:42 -0800 In-Reply-To: <20240203002343.383056-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240203002343.383056-1-seanjc@google.com> X-Mailer: git-send-email 2.43.0.594.gd9cf4e227d-goog Message-ID: <20240203002343.383056-4-seanjc@google.com> Subject: [PATCH v2 3/4] KVM: x86: Drop superfluous check on direct MMU vs. WRITE_PF_TO_SP flag From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jim Mattson , Mingwei Zhang X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789835600745624440 X-GMAIL-MSGID: 1789835600745624440 Remove reexecute_instruction()'s final check on the MMU being direct, as EMULTYPE_WRITE_PF_TO_SP is only ever set if the MMU is indirect, i.e. is a shadow MMU. Prior to commit 93c05d3ef252 ("KVM: x86: improve reexecute_instruction"), the flag simply didn't exist (and KVM actually returned "true" unconditionally for both types of MMUs). I.e. the explicit check for a direct MMU is simply leftover artifact from old code. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c502121b7bee..5fe94b2de1dc 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8804,8 +8804,7 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, * then zap the SPTE to unprotect the gfn, and then do it all over * again. Report the error to userspace. */ - return vcpu->arch.mmu->root_role.direct || - !(emulation_type & EMULTYPE_WRITE_PF_TO_SP); + return !(emulation_type & EMULTYPE_WRITE_PF_TO_SP); } static bool retry_instruction(struct x86_emulate_ctxt *ctxt, From patchwork Sat Feb 3 00:23:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 196120 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp776328dyc; Fri, 2 Feb 2024 16:30:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IEJeugaIK/yUt7oXJ+rYxuZHeF0mkoFOZDIJmVpqP05LVAGna5ZW7vTRPg1pF2OVpdXxYmX X-Received: by 2002:a17:903:2a8d:b0:1d9:6c08:39bd with SMTP id lv13-20020a1709032a8d00b001d96c0839bdmr4280178plb.28.1706920255449; Fri, 02 Feb 2024 16:30:55 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706920255; cv=pass; d=google.com; s=arc-20160816; b=DNH1v9v6ZGpebHBaPR4gBQbdsV690nIbE2B3n48nAxR40bRnw0ge7D8+igIpAIkMab efxqPF9tj7o2uw5+GsszHUHcsUaK27lGwY6KOc1yKKgoSxJBYN2nsWihEBsUua1/Rh6M 5CBFJNU2ExUFugwtI2YFjrVCeA9TsbeTTrWRx0Wt8siN5/QP6zc4FFOJ6EqejQsyr1jb CgcawKWrrwbeH65HlseiNgSKmi5us768BKFdxdNqdKe8AcJl0R5eu0Y5u8cQgpZvv/wZ BSmY7M29eyhOeEtEVS5uQGHPFFr1l0jhDqs+0MSBGa9Y7Fqwwq4fUuUjp8aYlZuqQWCC 4GJg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :reply-to:dkim-signature; bh=YMTbLD7fakVliu9PWzNdDCpL894AL7erRJ6ZL070HUM=; fh=37254yoVa9bcfyo70olVAI/NDDdRLQQakLutnMOjTUY=; b=BqpqqGpLaCo85laUvD1PkrW0fXGjlCm4RDh2wxE9+oeY2Hac0L8pyk41ZnjIWU0hc5 j7P3T/hUkLRmWZnRe1uC+Ic2seMakgdOEu9iYcydBgO7gJk+cYYi0OKsOJQSXBtYnu08 QsAA9qJhngl+7jBW7m324cNHqosu31hbQvQjbGO8s5sxj7i9ZKzFpcFUVljM/CCr8Fw3 Kh1nrG0Pm186SaAXcXlOj/dSqxS2WyFsSE8my7gXuT4kSKO/R+VhVTp/Zs2AwErvUTtJ 25q114WXLmF3VJobCTY/cTDYVdITiUPbRMO60aktEeROkj49MX3HscAhgUcwMF4CFTqf xO2g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="Q/OYFDCz"; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50773-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50773-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCX4xbunX1Bz+coSEdNAk+/InS1V5+xwGRvvT2CWIWnhWW0zzx9lFzaGfUh1jnxWu/sXPAcE9iyzhp8xJmZoBPHi9C5PXQ== Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id i2-20020a170902eb4200b001d7852b689csi2360080pli.461.2024.02.02.16.30.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 16:30:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-50773-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="Q/OYFDCz"; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-50773-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50773-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 25DE3B27407 for ; Sat, 3 Feb 2024 00:25:26 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8E00E10A09; Sat, 3 Feb 2024 00:23:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Q/OYFDCz" Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BBF879D0 for ; Sat, 3 Feb 2024 00:23:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706919835; cv=none; b=DMsfm/LdhTVZdwZbDfuPDPceAChBlP6yMbE7N7L9j5pcZs4LbiHoMNwiND9Zja6EcKHsTLUCuPCvE1G/UYlQn+ZsFQGBc097JaZzqEwysf9nFwTWjWAoS7LqItHGlmDg9AJ1KuVs3OoEtokerTUD4DfqL8ggVuwg1XTbyex32uk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706919835; c=relaxed/simple; bh=bj+xt0tQx/aHe27FVFwz6GpRQEJPlX/TxMKuiSnFpKQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YjqRen465QtgeAXBZisesg7xn5u3DT72+0UgYMWRcS8t11OYs7NcCHwn/lmZ4gb3LRfpH7fiFtyUdR2h0nORltwYFbDP770ovOwrb71EzUaRtU8x+akvLuZ728Qc1k4SviPDdgzOSRZML6nfWt1Nk3MSBnVfSrQrTejOQvyqBDs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Q/OYFDCz; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-6de3141f061so2342497b3a.1 for ; Fri, 02 Feb 2024 16:23:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706919833; x=1707524633; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=YMTbLD7fakVliu9PWzNdDCpL894AL7erRJ6ZL070HUM=; b=Q/OYFDCzEaEi2/ExUkal7KFup9u8uyc315UNMDCVabluK+X1gZhwFt8Onb9m8UR2Vv 0yKEA45jTgqAZP2Xtl3ZrJfrtxiouT4c1zQ3ByDHU4uJ4/apoeauRdt6eci/i5S77eoE xCRMnuspDTra4KVyMUqucpKgita6vxg/seqSHhQMNFwqcdbCaZqpKRqFnngNY1MSQQtU c+eO3+v3Y/K83to0GVC7d1OjxLJ8HT0LVRNbxEhMlLCu7jgwE1Axu/FhLQ7gv4iaTFcg KfrTQskfdMkZSCdvTD/Bkw9Bp4HwUnhobQgqa6pezTCx249YsoElHKAscAoDjFuLp2LH CVmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706919833; x=1707524633; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YMTbLD7fakVliu9PWzNdDCpL894AL7erRJ6ZL070HUM=; b=OB8lKDncenlr5TTCh7MVIVns2xh4Z0bGZfqNKCrM/z6mIUUiIp3XqXeEABkeB1oCZg 1A93ojnGszcemXeinZXCYxhcCm1ESuwSds/xK2d/4R0vIiNKcREKTTj6660XZjTuqHGU s6tvJ8gx36IT32q55BS4KOlT+ZcdE01adtOgYRXGYby7Wk6IcpS6fNFfDD796idsu/ex jEW8zIvm/V4T0Sp0Ff63cAsxhKQzpssJIH8pqzxlsNwYC2WaigrbcomSxIRHhFqWiOzE 2BKjYqoT7Toxv/7cUbGThQ2u3UpHJ6lEOtc17696sypavY8u/DvPvRg1yiOr8t9gaHy9 HIrA== X-Gm-Message-State: AOJu0Yz34YHy/BcqmaNfLhxJHQOBRDeSNSbm/t/Wls5m1dVVj/7ObVql Ysqa0nSpBDkiFaCC8wurGBWpZ/NKPgFz8kwzg+AwH5NnWZwJoph8Wd0ypUSK2dMmhAR4oIYM46X nBA== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:1797:b0:6df:eae5:79bd with SMTP id s23-20020a056a00179700b006dfeae579bdmr185067pfg.0.1706919833504; Fri, 02 Feb 2024 16:23:53 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 2 Feb 2024 16:23:43 -0800 In-Reply-To: <20240203002343.383056-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240203002343.383056-1-seanjc@google.com> X-Mailer: git-send-email 2.43.0.594.gd9cf4e227d-goog Message-ID: <20240203002343.383056-5-seanjc@google.com> Subject: [PATCH v2 4/4] KVM: x86/mmu: Fix a *very* theoretical race in kvm_mmu_track_write() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jim Mattson , Mingwei Zhang X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789835613660169455 X-GMAIL-MSGID: 1789835613660169455 Add full memory barriers in kvm_mmu_track_write() and account_shadowed() to plug a (very, very theoretical) race where kvm_mmu_track_write() could miss a 0->1 transition of indirect_shadow_pages and fail to zap relevant, *stale* SPTEs. Without the barriers, because modern x86 CPUs allow (per the SDM): Reads may be reordered with older writes to different locations but not with older writes to the same location. it's (again, super theoretically) possible that the following could happen (terms of values being visible/resolved): CPU0 CPU1 read memory[gfn] (=Y) memory[gfn] Y=>X read indirect_shadow_pages (=0) indirect_shadow_pages 0=>1 or conversely: CPU0 CPU1 indirect_shadow_pages 0=>1 read indirect_shadow_pages (=0) read memory[gfn] (=Y) memory[gfn] Y=>X In practice, this bug is likely benign as both the 0=>1 transition and reordering of this scope are extremely rare occurrences. Note, if the cost of the barrier (which is simply a locked ADD, see commit 450cbdd0125c ("locking/x86: Use LOCK ADD for smp_mb() instead of MFENCE")), is problematic, KVM could avoid the barrier by bailing earlier if checking kvm_memslots_have_rmaps() is false. But the odds of the barrier being problematic is extremely low, *and* the odds of the extra checks being meaningfully faster overall is also low. Signed-off-by: Sean Christopherson --- arch/x86/kvm/mmu/mmu.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 3c193b096b45..86b85060534d 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -830,6 +830,14 @@ static void account_shadowed(struct kvm *kvm, struct kvm_mmu_page *sp) struct kvm_memory_slot *slot; gfn_t gfn; + /* + * Ensure indirect_shadow_pages is elevated prior to re-reading guest + * child PTEs in FNAME(gpte_changed), i.e. guarantee either in-flight + * emulated writes are visible before re-reading guest PTEs, or that + * an emulated write will see the elevated count and acquire mmu_lock + * to update SPTEs. Pairs with the smp_mb() in kvm_mmu_track_write(). + */ + smp_mb(); kvm->arch.indirect_shadow_pages++; gfn = sp->gfn; slots = kvm_memslots_for_spte_role(kvm, sp->role); @@ -5747,10 +5755,15 @@ void kvm_mmu_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new, bool flush = false; /* - * If we don't have indirect shadow pages, it means no page is - * write-protected, so we can exit simply. + * When emulating guest writes, ensure the written value is visible to + * any task that is handling page faults before checking whether or not + * KVM is shadowing a guest PTE. This ensures either KVM will create + * the correct SPTE in the page fault handler, or this task will see + * a non-zero indirect_shadow_pages. Pairs with the smp_mb() in + * account_shadowed(). */ - if (!READ_ONCE(vcpu->kvm->arch.indirect_shadow_pages)) + smp_mb(); + if (!vcpu->kvm->arch.indirect_shadow_pages) return; write_lock(&vcpu->kvm->mmu_lock);