KVM: VMX: handle IO when emulation is due to #GP in real mode.

With emulate_invalid_guest_state=0 if a vcpu is in real mode VMX can enter the vcpu with smaller segment limit than guest configured. If the guest tries to access pass this limit it will get #GP at which point instruction will be emulated with correct segment limit applied. If during the emulation IO is detected it is not handled correctly. Vcpu thread should exit to userspace to serve the IO, but it returns to the guest instead. Since emulation is not completed till userspace completes the IO the faulty instruction is re-executed ad infinitum. The patch fixes that by exiting to userspace if IO happens during instruction emulation. Reported-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
author: Gleb Natapov <gleb@redhat.com> 2012-12-20 09:57:47 -0500
committer: Marcelo Tosatti <mtosatti@redhat.com> 2013-01-02 16:36:31 -0500
commit: 0ca1b4f4ba3a9f75bb099ccaf6c4bd8bb6db7a74 (patch)
tree: edd7943dc03ffec9ed3055a499b9b98a1e4996bd
parent: d54d07b2ca19a2908aa89e0c67715ca2e8e62a4c (diff)
1 files changed, 41 insertions, 34 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index a101dd488f23..55dfc375f1ab 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -4230,28 +4230,9 @@ static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
        return 0;
 }
-static int handle_rmode_exception(struct kvm_vcpu *vcpu,
+static bool rmode_exception(struct kvm_vcpu *vcpu, int vec)
-                                  int vec, u32 err_code)
 {
-        /*
-         * Instruction with address size override prefix opcode 0x67
-         * Cause the #SS fault with 0 error code in VM86 mode.
-         */
-        if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0)
-                if (emulate_instruction(vcpu, 0) == EMULATE_DONE)
-                        return 1;
-        /*
-         * Forward all other exceptions that are valid in real mode.
-         * FIXME: Breaks guest debugging in real mode, needs to be fixed with
-         *        the required debugging infrastructure rework.
-         */
        switch (vec) {
-        case DB_VECTOR:
-                if (vcpu->guest_debug &
-                    (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
-                        return 0;
-                kvm_queue_exception(vcpu, vec);
-                return 1;
        case BP_VECTOR:
                /*
                 * Update instruction length as we may reinject the exception
@@ -4260,7 +4241,12 @@ static int handle_rmode_exception(struct kvm_vcpu *vcpu,
                to_vmx(vcpu)->vcpu.arch.event_exit_inst_len =
                        vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
                if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
-                        return 0;
+                        return false;
+                /* fall through */
+        case DB_VECTOR:
+                if (vcpu->guest_debug &
+                        (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
+                        return false;
                /* fall through */
        case DE_VECTOR:
        case OF_VECTOR:
@@ -4270,10 +4256,37 @@ static int handle_rmode_exception(struct kvm_vcpu *vcpu,
        case SS_VECTOR:
        case GP_VECTOR:
        case MF_VECTOR:
-                kvm_queue_exception(vcpu, vec);
+                return true;
-                return 1;
+        break;
        }
-        return 0;
+        return false;
+}
+static int handle_rmode_exception(struct kvm_vcpu *vcpu,
+                                  int vec, u32 err_code)
+{
+        /*
+         * Instruction with address size override prefix opcode 0x67
+         * Cause the #SS fault with 0 error code in VM86 mode.
+         */
+        if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0) {
+                if (emulate_instruction(vcpu, 0) == EMULATE_DONE) {
+                        if (vcpu->arch.halt_request) {
+                                vcpu->arch.halt_request = 0;
+                                return kvm_emulate_halt(vcpu);
+                        }
+                        return 1;
+                }
+                return 0;
+        }
+        /*
+         * Forward all other exceptions that are valid in real mode.
+         * FIXME: Breaks guest debugging in real mode, needs to be fixed with
+         *        the required debugging infrastructure rework.
+         */
+        kvm_queue_exception(vcpu, vec);
+        return 1;
 }
 /*
@@ -4361,17 +4374,11 @@ static int handle_exception(struct kvm_vcpu *vcpu)
                return kvm_mmu_page_fault(vcpu, cr2, error_code, NULL, 0);
        }
-        if (vmx->rmode.vm86_active &&
-            handle_rmode_exception(vcpu, intr_info & INTR_INFO_VECTOR_MASK,
-                                                                error_code)) {
-                if (vcpu->arch.halt_request) {
-                        vcpu->arch.halt_request = 0;
-                        return kvm_emulate_halt(vcpu);
-                }
-                return 1;
-        }
        ex_no = intr_info & INTR_INFO_VECTOR_MASK;
+        if (vmx->rmode.vm86_active && rmode_exception(vcpu, ex_no))
+                return handle_rmode_exception(vcpu, ex_no, error_code);
        switch (ex_no) {
        case DB_VECTOR:
                dr6 = vmcs_readl(EXIT_QUALIFICATION);
author	Gleb Natapov <gleb@redhat.com>	2012-12-20 09:57:47 -0500
committer	Marcelo Tosatti <mtosatti@redhat.com>	2013-01-02 16:36:31 -0500
commit	0ca1b4f4ba3a9f75bb099ccaf6c4bd8bb6db7a74 (patch)
tree	edd7943dc03ffec9ed3055a499b9b98a1e4996bd
parent	d54d07b2ca19a2908aa89e0c67715ca2e8e62a4c (diff)