KVM: x86: fix possible infinite loop caused by reexecute_instruction

Currently, we reexecute all unhandleable instructions if they do not
access on the mmio, however, it can not work if host map the readonly
memory to guest. If the instruction try to write this kind of memory,
it will fault again when guest retry it, then we will goto a infinite
loop: retry instruction -> write #PF -> emulation fail ->
retry instruction -> ...

Fix it by retrying the instruction only when it faults on the writable
memory

Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

1 files changed, 11 insertions, 1 deletions

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index fb0d93788bfb..704680d0fa3e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4473,6 +4473,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu)
 static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t gva)
 {
         gpa_t gpa;
+        pfn_t pfn;
 
         if (tdp_enabled)
                 return false;
@@ -4490,8 +4491,17 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t gva)
         if (gpa == UNMAPPED_GVA)
                 return true; /* let cpu generate fault */
 
-        if (!kvm_is_error_hva(gfn_to_hva(vcpu->kvm, gpa >> PAGE_SHIFT)))
+        /*
+         * Do not retry the unhandleable instruction if it faults on the
+         * readonly host memory, otherwise it will goto a infinite loop:
+         * retry instruction -> write #PF -> emulation fail -> retry
+         * instruction -> ...
+         */
+        pfn = gfn_to_pfn(vcpu->kvm, gpa_to_gfn(gpa));
+        if (!is_error_pfn(pfn)) {
+                kvm_release_pfn_clean(pfn);
                 return true;
+        }
 
         return false;
 }