KVM: Avoid instruction emulation when event delivery is pending

When an event (such as an interrupt) is injected, and the stack is
shadowed (and therefore write protected), the guest will exit.  The
current code will see that the stack is shadowed and emulate a few
instructions, each time postponing the injection.  Eventually the
injection may succeed, but at that time the guest may be unwilling
to accept the interrupt (for example, the TPR may have changed).

This occurs every once in a while during a Windows 2008 boot.

Fix by unshadowing the fault address if the fault was due to an event
injection.

Signed-off-by: Avi Kivity <avi@qumranet.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 951b789cc913..e2ee264740c7 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1008,10 +1008,13 @@ static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         struct kvm *kvm = svm->vcpu.kvm;
         u64 fault_address;
         u32 error_code;
+        bool event_injection = false;
 
         if (!irqchip_in_kernel(kvm) &&
-                is_external_interrupt(exit_int_info))
+            is_external_interrupt(exit_int_info)) {
+                event_injection = true;
                 push_irq(&svm->vcpu, exit_int_info & SVM_EVTINJ_VEC_MASK);
+        }
 
         fault_address  = svm->vmcb->control.exit_info_2;
         error_code = svm->vmcb->control.exit_info_1;
@@ -1025,6 +1028,8 @@ static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
                             (u32)fault_address, (u32)(fault_address >> 32),
                             handler);
 
+        if (event_injection)
+                kvm_mmu_unprotect_page_virt(&svm->vcpu, fault_address);
         return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code);
 }