Skip to content

Commit dabc4ff

Browse files
sean-jcsean-jc
committed
KVM: x86: Apply retry protection to "unprotect on failure" path
Use kvm_mmu_unprotect_gfn_and_retry() in reexecute_instruction() to pick up protection against infinite loops, e.g. if KVM somehow manages to encounter an unsupported instruction and unprotecting the gfn doesn't allow the vCPU to make forward progress. Other than that, the retry-on- failure logic is a functionally equivalent, open coded version of kvm_mmu_unprotect_gfn_and_retry(). Note, the emulation failure path still isn't fully protected, as KVM won't update the retry protection fields if no shadow pages are zapped (but this change is still a step forward). That flaw will be addressed in a future patch. Reviewed-by: Yuan Yao <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sean Christopherson <[email protected]>
1 parent 19ab2c8 commit dabc4ff

File tree

1 file changed

+1
-19
lines changed

1 file changed

+1
-19
lines changed

arch/x86/kvm/x86.c

Lines changed: 1 addition & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -8864,8 +8864,6 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu, int emulation_type)
88648864
static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
88658865
int emulation_type)
88668866
{
8867-
gpa_t gpa = cr2_or_gpa;
8868-
88698867
if (!(emulation_type & EMULTYPE_ALLOW_RETRY_PF))
88708868
return false;
88718869

@@ -8882,29 +8880,13 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
88828880
if (emulation_type & EMULTYPE_WRITE_PF_TO_SP)
88838881
return false;
88848882

8885-
if (!vcpu->arch.mmu->root_role.direct) {
8886-
/*
8887-
* Write permission should be allowed since only
8888-
* write access need to be emulated.
8889-
*/
8890-
gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2_or_gpa, NULL);
8891-
8892-
/*
8893-
* If the mapping is invalid in guest, let cpu retry
8894-
* it to generate fault.
8895-
*/
8896-
if (gpa == INVALID_GPA)
8897-
return true;
8898-
}
8899-
89008883
/*
89018884
* If emulation may have been triggered by a write to a shadowed page
89028885
* table, unprotect the gfn (zap any relevant SPTEs) and re-enter the
89038886
* guest to let the CPU re-execute the instruction in the hope that the
89048887
* CPU can cleanly execute the instruction that KVM failed to emulate.
89058888
*/
8906-
if (vcpu->kvm->arch.indirect_shadow_pages)
8907-
kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa));
8889+
kvm_mmu_unprotect_gfn_and_retry(vcpu, cr2_or_gpa);
89088890

89098891
/*
89108892
* Retry even if _this_ vCPU didn't unprotect the gfn, as it's possible

0 commit comments

Comments
 (0)