Received: by 10.223.176.5 with SMTP id f5csp1652017wra; Thu, 8 Feb 2018 00:57:44 -0800 (PST) X-Google-Smtp-Source: AH8x224lBm6MYhrOCn+/H1VlU9DmrK5VMwdD7KBWiRQTsny462kzQ0x1PTWAIUbkz+iiK7latKCY X-Received: by 10.99.116.92 with SMTP id e28mr7336892pgn.227.1518080264508; Thu, 08 Feb 2018 00:57:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518080264; cv=none; d=google.com; s=arc-20160816; b=KzSavZ8SioY/HoL8g4j5F0CVyz0vFtWj3C0zBYbhOdRfW2f1kyLTX41Ixx4tM0s9j0 JZI3C6ZNbU5mlJg4WIaz2Mi+IKB4Z+6C3THWlS3hyMs0B87e1XrsD1ZAECQvik2KB2dm MC/L0FQNPjgXvmZE0/zQ9MXM9Un55QKArCzEFPPcT7wZohxFegd0/f6l2WrseE8mLYXh hKE6K9rjcMq3MrdERA8NRraaMhwsJY/WyfFCXZ7p6yHNtVPI26wX72AyAwOpzoxybbH/ ts+XRCcZfOTOJ9S/p4U7Dd7famTw4ZUGMLgMZOn0NVRJGgYZuamo9/K/zbnsST3YYxzD jlZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=XxnEUclQNpwk4s1q6x+WEGUAhokgo0aEMiC9rQtmHrQ=; b=xYkHy66ELMiEk77um67jL+GepWI53xQ+Au1Zkg0qQMkCCMRNZgNQO8Po1y1Ofa/dlc rk4rcxhM7WqceMb5hpGdaCDet7mzWEhvQHmiG4K6AhHQ6K1kjXZKafuwNkFVP4t6TB1O FTBqgYE8cOz1uuHm3bZYyeS0JQvHN/qT534j5HkQAEL7AFVjTS2CrBYSN7y8nTLCL10v Ft86md2ry226EJhWQ50E0DRy96Ja14UP2qwPaWHz2B4Xa529+hfjDp/FD4Rlake3oFmU plNDn+lBNH/AR82hcPJWp8ItSrIh8iY4zI1L9Zrv/5ZrZNi+nIojn4zp++cjya1geUHn NRqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oiHiKs/5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o190si2150429pga.553.2018.02.08.00.57.30; Thu, 08 Feb 2018 00:57:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oiHiKs/5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752100AbeBHI4m (ORCPT + 99 others); Thu, 8 Feb 2018 03:56:42 -0500 Received: from mail-ot0-f194.google.com ([74.125.82.194]:36301 "EHLO mail-ot0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751986AbeBHI4k (ORCPT ); Thu, 8 Feb 2018 03:56:40 -0500 Received: by mail-ot0-f194.google.com with SMTP id m20so3593980otf.3; Thu, 08 Feb 2018 00:56:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=XxnEUclQNpwk4s1q6x+WEGUAhokgo0aEMiC9rQtmHrQ=; b=oiHiKs/5z3Xo80OxfGeHS+Tnw7tVY3E0d9Qd64eqr57DD1Q8nsiCIRtDTcc0E+6QpP j6vuKYU971RrjO4ROtYR/D5J/sPEkwmy4HmaK67EM4M9UHn/8bEFi6t8j3IoeMINdZTN IFmA0rkqymUjSwNyfhukIaQ7cvUJMyRm6f3ZDwM8lFMlC0NotbtqIKXOmM6LWYDCHPou oG5U6AScbmmUgJ2rasoHw7ucGhGRYk/p+qaAwPetgNc+DBOtmc9gIYfF6g92frbJBE5V 4mn1N6eBKHEzRPCb1k+8QyWL3qpgvfRMZ56eDuDel/RoEL6gkVfb9eRsLmX0RdsjwB+Z CzUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=XxnEUclQNpwk4s1q6x+WEGUAhokgo0aEMiC9rQtmHrQ=; b=FzBJZRwURjIKK2HXOkh2YpnxLfH7LuNlFAX8JQ/o2o5CROBdxVqGSn0VvHqfJf5Frn kkQ4JGOvcExeRCBbGHQt2iMSAEy35DzGBWpHV6HjrdeeXNCUo9PTOegXkovtWJGQ+dVU J60nx7B1OqjVAzJI9fxblWBrpZLta/1KMpUUgz5RMPT3yhScYqKXtPpUwZn49IHL0Vbw uq+cEdxRcnhqFvAWoqxVWWoWtEziRwM3aIridqLeGLOsCA2iDdGG2OFjGc5I6TfKSM6L sqcmHYWnqMjl7YCo69d8yEG5uF2mAV+03Sf1ezNcqIFBDTUMFFh1VvegYTKPK8VuuJsz IxcQ== X-Gm-Message-State: APf1xPD6jR8suJkKSfiKgWnhb2podUTFbhKxWeTTLnmwwXLjZa3aeKHw BQwKtVP/HBIbMVjtEAvkdNg= X-Received: by 10.157.60.246 with SMTP id t51mr2469305otf.135.1518080199699; Thu, 08 Feb 2018 00:56:39 -0800 (PST) Received: from eric.tencent.com ([203.205.141.36]) by smtp.gmail.com with ESMTPSA id r2sm1629679oif.13.2018.02.08.00.56.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Feb 2018 00:56:39 -0800 (PST) Subject: Re: [PATCH] KVM: X86: Fix SMRAM accessing even if VM is shutdown To: Paolo Bonzini , Wanpeng Li , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Dmitry Vyukov References: <1517984706-47244-1-git-send-email-wanpengli@tencent.com> <233cfca3-971e-c3c2-f0fe-b50dd69d2546@redhat.com> From: Xiao Guangrong Message-ID: Date: Thu, 8 Feb 2018 16:57:03 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <233cfca3-971e-c3c2-f0fe-b50dd69d2546@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/07/2018 10:16 PM, Paolo Bonzini wrote: > On 07/02/2018 07:25, Wanpeng Li wrote: >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index 786cd00..445e702 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -7458,6 +7458,11 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) >> goto out; >> } >> >> + if (unlikely(vcpu->run->exit_reason == KVM_EXIT_SHUTDOWN)) { >> + r = -EINVAL; >> + goto out; >> + } >> + >> if (vcpu->run->kvm_dirty_regs) { >> r = sync_regs(vcpu); >> if (r != 0) >> > > This most likely breaks triple faults in the usual case where they > should result in resetting the system; the KVM API doesn't say that you > should clear vcpu->run->exit_reason before entering. > > What exactly causes the EPT misconfig to reach the WARN? That is, how > does kvm_mmu_page_fault end up returning a negative errno value? If I > read the code correctly only tdp_page_fault can do so, so my guess would > be kvm_handle_bad_page: > > if (pfn == KVM_PFN_ERR_RO_FAULT) > return RET_PF_EMULATE; > > if (pfn == KVM_PFN_ERR_HWPOISON) { > kvm_send_hwpoison_signal(kvm_vcpu_gfn_to_hva(vcpu, gfn), > current); > return RET_PF_RETRY; > } > > /* KVM_PFN_ERR_FAULT */ > return -EFAULT; > > Maybe it should return RET_PF_EMULATE, which would cause an emulation > failure and then an exit with KVM_EXIT_INTERNAL_ERROR. So the root cause is that a running vCPU accessing the memory whose memslot is being updated (met the condition KVM_MEMSLOT_INVALID is set on the its memslot). The normal #PF handler breaks KVM_RUN and returns -EFAULT to userspace, we'd better to make ept-misconfig's handler follow this style as well. Actually, the WARN_ON in ept-misconfig's handler is unnecessary as kvm_mmu_page_fault() will warn us if it is the real ept misconfig, so we can simply return kvm_mmu_page_fault().