Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4733499pxj; Wed, 12 May 2021 11:59:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyKRkBFyr9CkYqdWcBPxL0aAbVK52AO2LjxO4QSQb1S++EXlDhk2HlfDdYmrv+fhO6N4hh5 X-Received: by 2002:a05:6402:2786:: with SMTP id b6mr4554986ede.20.1620845881316; Wed, 12 May 2021 11:58:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620845881; cv=none; d=google.com; s=arc-20160816; b=MrPDPX1Y8rFjCrgbdn4iDWttSTx9HRaXPoI6xwlFL3J4XrHMh/kiZ7Dk15lXFvIkcO a1J2jz4+S3CTqXTSSbt4N8nMEXiFrBQ0wlQhRnK3qqnhpJGZ7tJ4KaqiYEyDYoMPTXre 7ANLxLWfrgQZp2G0lHfT9v3WqGg62BkNKJcGNeh6sdEVpM9TEONFcFuj6XCiKuBcsm7R z+TLgBqA/px5BobaLX206JXvdqcPxDO8e1lNeXpDJjxbh4vUDnJs7+wVd13mHM2RsFHU 9q9WezYXApCgcIhMgkEYPLW5G0idV6B3l4sA2zGt8ggC8yQG0b/ufsu/vfleiIdmwX+g GKWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6Xfr4UivmxBut6eQL58V0TbmMIsW2l6VhjM0lWZbzBk=; b=hHiozZyEWjHA56SoQQcedeP3SfF0DAZDOKhlZiq/w/KrAF3iv8jSWNl72YPnwl5Ghs 2FJS5gf4yIdHxsv46X+lJ2LDcF4hur62osgKRR+Wl1wGVr/ajOX56HI4Dezpk/FT+KH/ E+mFxSIOvMvjGw1OYuMuxgYUSvnvKRnqNXoP1jjrKQ310zDX/4UB8UfmtH9yGLSe/bf0 E9acj0LYXzP2Kwo9/mu3rfOaGbfbTlSYX0BQUGxe9rDdvcgHxvwn+Mt57DxKrFLVL/Sd c86wRgv0yY1O9MIyg/fDRUm8P4N0wknyqh/QpExuiUFKEx6oHihLX+FirzVzxNvHO3ik Kqwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=cKiyea19; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id mb14si718869ejb.101.2021.05.12.11.57.37; Wed, 12 May 2021 11:58:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=cKiyea19; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1359349AbhELSw7 (ORCPT + 99 others); Wed, 12 May 2021 14:52:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:35834 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243907AbhELQmN (ORCPT ); Wed, 12 May 2021 12:42:13 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id EF45D6198B; Wed, 12 May 2021 16:08:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620835696; bh=YzUWQN0Jig4aO07Jss6yhvW8gEjZwBQGFBV675T/W6w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cKiyea19K0e85T9t6wFk97/vY+55Pyb5d/bSHZRVId7fLuE88iqCN1cF62JSfGc6a Du4f28UZT/Uo8F0IRa+CltxNL09kH2Kg8csj79E2UA7gMsIYW8fN9rmMBE9CqWPzw0 4GH4Yfvo+706GTZjUoVC5W6UEFcORI7Zgf7Px7yA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ben Gardon , Sean Christopherson , Paolo Bonzini , Sasha Levin Subject: [PATCH 5.12 447/677] KVM: x86/mmu: Retry page faults that hit an invalid memslot Date: Wed, 12 May 2021 16:48:13 +0200 Message-Id: <20210512144852.218531466@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210512144837.204217980@linuxfoundation.org> References: <20210512144837.204217980@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson [ Upstream commit e0c378684b6545ad2d4403bb701d0ac4932b4e95 ] Retry page faults (re-enter the guest) that hit an invalid memslot instead of treating the memslot as not existing, i.e. handling the page fault as an MMIO access. When deleting a memslot, SPTEs aren't zapped and the TLBs aren't flushed until after the memslot has been marked invalid. Handling the invalid slot as MMIO means there's a small window where a page fault could replace a valid SPTE with an MMIO SPTE. The legacy MMU handles such a scenario cleanly, but the TDP MMU assumes such behavior is impossible (see the BUG() in __handle_changed_spte()). There's really no good reason why the legacy MMU should allow such a scenario, and closing this hole allows for additional cleanups. Fixes: 2f2fad0897cb ("kvm: x86/mmu: Add functions to handle changed TDP SPTEs") Cc: Ben Gardon Signed-off-by: Sean Christopherson Message-Id: <20210225204749.1512652-6-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/mmu/mmu.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 4d37dfc0d3a8..cd0faa187674 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3665,6 +3665,14 @@ static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn, struct kvm_memory_slot *slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn); bool async; + /* + * Retry the page fault if the gfn hit a memslot that is being deleted + * or moved. This ensures any existing SPTEs for the old memslot will + * be zapped before KVM inserts a new MMIO SPTE for the gfn. + */ + if (slot && (slot->flags & KVM_MEMSLOT_INVALID)) + return true; + /* Don't expose private memslots to L2. */ if (is_guest_mode(vcpu) && !kvm_is_visible_memslot(slot)) { *pfn = KVM_PFN_NOSLOT; -- 2.30.2