* [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault @ 2013-07-18 4:52 Xiao Guangrong 2013-07-18 4:55 ` Xiao Guangrong 2013-07-18 5:31 ` Gleb Natapov 0 siblings, 2 replies; 7+ messages in thread From: Xiao Guangrong @ 2013-07-18 4:52 UTC (permalink / raw) To: gleb; +Cc: markus, mtosatti, pbonzini, linux-kernel, kvm, Xiao Guangrong Currently, fast page fault tries to fix mmio page fault when the generation number is invalid (spte.gen != kvm.gen) and returns to guest to retry the fault since it sees the last spte is nonpresent which causes infinity loop It can be triggered only on AMD host since the mmio page fault is recognized as ept-misconfig Fix it by filtering the mmio page fault out in page_fault_can_be_fast Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de> Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de> Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com> --- arch/x86/kvm/mmu.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index bf7af1e..3a9493a 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -2811,6 +2811,13 @@ exit: static bool page_fault_can_be_fast(struct kvm_vcpu *vcpu, u32 error_code) { /* + * Do not fix the mmio spte with invalid generation number which + * need to be updated by slow page fault path. + */ + if (unlikely(error_code & PFERR_RSVD_MASK)) + return false; + + /* * #PF can be fast only if the shadow page table is present and it * is caused by write-protect, that means we just need change the * W bit of the spte which can be done out of mmu-lock. -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault 2013-07-18 4:52 [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault Xiao Guangrong @ 2013-07-18 4:55 ` Xiao Guangrong 2013-07-18 5:31 ` Gleb Natapov 1 sibling, 0 replies; 7+ messages in thread From: Xiao Guangrong @ 2013-07-18 4:55 UTC (permalink / raw) To: Xiao Guangrong; +Cc: gleb, markus, mtosatti, pbonzini, linux-kernel, kvm On 07/18/2013 12:52 PM, Xiao Guangrong wrote: > Currently, fast page fault tries to fix mmio page fault when the > generation number is invalid (spte.gen != kvm.gen) and returns to > guest to retry the fault since it sees the last spte is nonpresent > which causes infinity loop > > It can be triggered only on AMD host since the mmio page fault is > recognized as ept-misconfig Sorry, It should be "recognized as ept-misconfig on Intel host." ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault 2013-07-18 4:52 [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault Xiao Guangrong 2013-07-18 4:55 ` Xiao Guangrong @ 2013-07-18 5:31 ` Gleb Natapov 2013-07-18 6:01 ` Xiao Guangrong 1 sibling, 1 reply; 7+ messages in thread From: Gleb Natapov @ 2013-07-18 5:31 UTC (permalink / raw) To: Xiao Guangrong; +Cc: markus, mtosatti, pbonzini, linux-kernel, kvm On Thu, Jul 18, 2013 at 12:52:37PM +0800, Xiao Guangrong wrote: > Currently, fast page fault tries to fix mmio page fault when the > generation number is invalid (spte.gen != kvm.gen) and returns to > guest to retry the fault since it sees the last spte is nonpresent > which causes infinity loop > > It can be triggered only on AMD host since the mmio page fault is > recognized as ept-misconfig > We still call into regular page fault handler from ept-misconfig handler, but fake zero error_code we provide makes page_fault_can_be_fast() return false. Shouldn't shadow paging trigger this too? I haven't encountered this on Intel without ept. > Fix it by filtering the mmio page fault out in page_fault_can_be_fast > > Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de> > Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de> > Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com> > --- > arch/x86/kvm/mmu.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c > index bf7af1e..3a9493a 100644 > --- a/arch/x86/kvm/mmu.c > +++ b/arch/x86/kvm/mmu.c > @@ -2811,6 +2811,13 @@ exit: > static bool page_fault_can_be_fast(struct kvm_vcpu *vcpu, u32 error_code) > { > /* > + * Do not fix the mmio spte with invalid generation number which > + * need to be updated by slow page fault path. > + */ > + if (unlikely(error_code & PFERR_RSVD_MASK)) > + return false; > + > + /* > * #PF can be fast only if the shadow page table is present and it > * is caused by write-protect, that means we just need change the > * W bit of the spte which can be done out of mmu-lock. > -- > 1.8.1.4 -- Gleb. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault 2013-07-18 5:31 ` Gleb Natapov @ 2013-07-18 6:01 ` Xiao Guangrong 2013-07-18 6:06 ` Gleb Natapov 0 siblings, 1 reply; 7+ messages in thread From: Xiao Guangrong @ 2013-07-18 6:01 UTC (permalink / raw) To: Gleb Natapov; +Cc: markus, mtosatti, pbonzini, linux-kernel, kvm On 07/18/2013 01:31 PM, Gleb Natapov wrote: > On Thu, Jul 18, 2013 at 12:52:37PM +0800, Xiao Guangrong wrote: >> Currently, fast page fault tries to fix mmio page fault when the >> generation number is invalid (spte.gen != kvm.gen) and returns to >> guest to retry the fault since it sees the last spte is nonpresent >> which causes infinity loop >> >> It can be triggered only on AMD host since the mmio page fault is >> recognized as ept-misconfig >> > We still call into regular page fault handler from ept-misconfig > handler, but fake zero error_code we provide makes page_fault_can_be_fast() > return false. Yes. > > Shouldn't shadow paging trigger this too? I haven't encountered this on > Intel without ept. Since currently fast page fault only works for direct mmu. :) ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault 2013-07-18 6:01 ` Xiao Guangrong @ 2013-07-18 6:06 ` Gleb Natapov 2013-07-18 6:25 ` Xiao Guangrong 0 siblings, 1 reply; 7+ messages in thread From: Gleb Natapov @ 2013-07-18 6:06 UTC (permalink / raw) To: Xiao Guangrong; +Cc: markus, mtosatti, pbonzini, linux-kernel, kvm On Thu, Jul 18, 2013 at 02:01:47PM +0800, Xiao Guangrong wrote: > On 07/18/2013 01:31 PM, Gleb Natapov wrote: > > On Thu, Jul 18, 2013 at 12:52:37PM +0800, Xiao Guangrong wrote: > >> Currently, fast page fault tries to fix mmio page fault when the > >> generation number is invalid (spte.gen != kvm.gen) and returns to > >> guest to retry the fault since it sees the last spte is nonpresent > >> which causes infinity loop > >> > >> It can be triggered only on AMD host since the mmio page fault is > >> recognized as ept-misconfig > >> > > We still call into regular page fault handler from ept-misconfig > > handler, but fake zero error_code we provide makes page_fault_can_be_fast() > > return false. > > Yes. > > > > > Shouldn't shadow paging trigger this too? I haven't encountered this on > > Intel without ept. > > Since currently fast page fault only works for direct mmu. :) Ah, yes. So with shadow page and paging disabled in a guest is can happen eventually, but we do not trigger it for some reason? -- Gleb. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault 2013-07-18 6:06 ` Gleb Natapov @ 2013-07-18 6:25 ` Xiao Guangrong 2013-07-18 6:28 ` Gleb Natapov 0 siblings, 1 reply; 7+ messages in thread From: Xiao Guangrong @ 2013-07-18 6:25 UTC (permalink / raw) To: Gleb Natapov; +Cc: markus, mtosatti, pbonzini, linux-kernel, kvm On 07/18/2013 02:06 PM, Gleb Natapov wrote: > On Thu, Jul 18, 2013 at 02:01:47PM +0800, Xiao Guangrong wrote: >> On 07/18/2013 01:31 PM, Gleb Natapov wrote: >>> On Thu, Jul 18, 2013 at 12:52:37PM +0800, Xiao Guangrong wrote: >>>> Currently, fast page fault tries to fix mmio page fault when the >>>> generation number is invalid (spte.gen != kvm.gen) and returns to >>>> guest to retry the fault since it sees the last spte is nonpresent >>>> which causes infinity loop >>>> >>>> It can be triggered only on AMD host since the mmio page fault is >>>> recognized as ept-misconfig >>>> >>> We still call into regular page fault handler from ept-misconfig >>> handler, but fake zero error_code we provide makes page_fault_can_be_fast() >>> return false. >> >> Yes. >> >>> >>> Shouldn't shadow paging trigger this too? I haven't encountered this on >>> Intel without ept. >> >> Since currently fast page fault only works for direct mmu. :) > Ah, yes. So with shadow page and paging disabled in a guest is can > happen eventually, but we do not trigger it for some reason? Yes. I guess so, paging disable is short-lived and the sptes will be invalid after memslot changed for 150 times, so it is hard to be triggered. I should update this to the changelog, thanks for your reminder, Gleb. ====== [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault Currently, fast page fault tries to fix mmio page fault when the generation number is invalid (spte.gen != kvm.gen) and returns to guest to retry the fault since it sees the last spte is nonpresent. It causes infinity loop Since fast page fault only works for direct mmu, the issue exists when 1) tdp is enabled. It is only triggered only on AMD host since on Intel host the mmio page fault is recognized as ept-misconfig whose handler call fault-page path with error_code = 0 2) guest paging is disabled. Under this case, the issue is hardly discovered since paging disable is short-lived and the sptes will be invalid after memslot changed for 150 times Fix it by filtering the mmio page fault out in page_fault_can_be_fast Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de> Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de> Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com> --- arch/x86/kvm/mmu.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index bf7af1e..3a9493a 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -2811,6 +2811,13 @@ exit: static bool page_fault_can_be_fast(struct kvm_vcpu *vcpu, u32 error_code) { /* + * Do not fix the mmio spte with invalid generation number which + * need to be updated by slow page fault path. + */ + if (unlikely(error_code & PFERR_RSVD_MASK)) + return false; + + /* * #PF can be fast only if the shadow page table is present and it * is caused by write-protect, that means we just need change the * W bit of the spte which can be done out of mmu-lock. -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault 2013-07-18 6:25 ` Xiao Guangrong @ 2013-07-18 6:28 ` Gleb Natapov 0 siblings, 0 replies; 7+ messages in thread From: Gleb Natapov @ 2013-07-18 6:28 UTC (permalink / raw) To: Xiao Guangrong; +Cc: markus, mtosatti, pbonzini, linux-kernel, kvm On Thu, Jul 18, 2013 at 02:25:19PM +0800, Xiao Guangrong wrote: > On 07/18/2013 02:06 PM, Gleb Natapov wrote: > > On Thu, Jul 18, 2013 at 02:01:47PM +0800, Xiao Guangrong wrote: > >> On 07/18/2013 01:31 PM, Gleb Natapov wrote: > >>> On Thu, Jul 18, 2013 at 12:52:37PM +0800, Xiao Guangrong wrote: > >>>> Currently, fast page fault tries to fix mmio page fault when the > >>>> generation number is invalid (spte.gen != kvm.gen) and returns to > >>>> guest to retry the fault since it sees the last spte is nonpresent > >>>> which causes infinity loop > >>>> > >>>> It can be triggered only on AMD host since the mmio page fault is > >>>> recognized as ept-misconfig > >>>> > >>> We still call into regular page fault handler from ept-misconfig > >>> handler, but fake zero error_code we provide makes page_fault_can_be_fast() > >>> return false. > >> > >> Yes. > >> > >>> > >>> Shouldn't shadow paging trigger this too? I haven't encountered this on > >>> Intel without ept. > >> > >> Since currently fast page fault only works for direct mmu. :) > > Ah, yes. So with shadow page and paging disabled in a guest is can > > happen eventually, but we do not trigger it for some reason? > > Yes. I guess so, paging disable is short-lived and the sptes will be > invalid after memslot changed for 150 times, so it is hard to be triggered. > > I should update this to the changelog, thanks for your reminder, Gleb. > > ====== > [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault > > Currently, fast page fault tries to fix mmio page fault when the > generation number is invalid (spte.gen != kvm.gen) and returns to > guest to retry the fault since it sees the last spte is nonpresent. > It causes infinity loop > > Since fast page fault only works for direct mmu, the issue exists when > 1) tdp is enabled. It is only triggered only on AMD host since on Intel host > the mmio page fault is recognized as ept-misconfig whose handler call > fault-page path with error_code = 0 > > 2) guest paging is disabled. Under this case, the issue is hardly discovered > since paging disable is short-lived and the sptes will be invalid after > memslot changed for 150 times > > Fix it by filtering the mmio page fault out in page_fault_can_be_fast > > Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de> > Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de> > Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com> Reviewed-by: Gleb Natapov <gleb@redhat.com> > --- > arch/x86/kvm/mmu.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c > index bf7af1e..3a9493a 100644 > --- a/arch/x86/kvm/mmu.c > +++ b/arch/x86/kvm/mmu.c > @@ -2811,6 +2811,13 @@ exit: > static bool page_fault_can_be_fast(struct kvm_vcpu *vcpu, u32 error_code) > { > /* > + * Do not fix the mmio spte with invalid generation number which > + * need to be updated by slow page fault path. > + */ > + if (unlikely(error_code & PFERR_RSVD_MASK)) > + return false; > + > + /* > * #PF can be fast only if the shadow page table is present and it > * is caused by write-protect, that means we just need change the > * W bit of the spte which can be done out of mmu-lock. > -- > 1.8.1.4 > > > -- Gleb. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2013-07-18 6:29 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-07-18 4:52 [PATCH] KVM: MMU: avoid fast page fault fixing mmio page fault Xiao Guangrong 2013-07-18 4:55 ` Xiao Guangrong 2013-07-18 5:31 ` Gleb Natapov 2013-07-18 6:01 ` Xiao Guangrong 2013-07-18 6:06 ` Gleb Natapov 2013-07-18 6:25 ` Xiao Guangrong 2013-07-18 6:28 ` Gleb Natapov
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.