From: Chao Gao <chao.gao@intel.com>
Current TD guest doesn't invoke MAP_GPA to convert MMIO range to shared
before accessing it. It implies that current TD guest assumes MMIOs are
shared.
When TD tries to access assigned device's MMIO as shared, an EPT violation
is raised first. kvm_mem_is_private() checks the page shared or private
attribute against the access type (shared bit in GPA). Then since no
MAP_GPA is called for the MMIO, KVM thinks the MMIO is private and refuses
shared access and doesn't set up shared EPT. Then KVM returns to TD and TD
just retries and this causes an infinite loop.
Instead of requiring guest to invoke MAP_GPA for MMIOs, assume guest MMIOs
are shared in KVM as well and don't expect explicit calls of MAP_GAP for
guest MMIOs (i.e., GPAs either have no kvm_memory_slot or are backed by
host MMIOs). So, allow shared access to guest MMIOs and move the page type
check after the corresponding pfn is available.
Signed-off-by: Chao Gao <chao.gao@intel.com>
---
arch/x86/kvm/mmu/mmu.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 5883ab95ff07..ce8a896a3cfa 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -4314,7 +4314,12 @@ static int __kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault
return RET_PF_EMULATE;
}
- if (fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn))
+ /*
+ * !fault->slot means MMIO. Don't require explicit GPA conversion for
+ * MMIO because MMIO is assigned at the boot time.
+ */
+ if (fault->slot &&
+ fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn))
return kvm_do_memory_fault_exit(vcpu, fault);
if (fault->is_private)
--
2.25.1
Current TD guest doesn't invoke MAP_GPA to convert MMIO range to shared
before accessing it. It implies that current TD guest assumes MMIOs are
shared.
When TD tries to access assigned device's MMIO as shared, an EPT violation
is raised first. kvm_mem_is_private() checks the page shared or private
attribute against the access type (shared bit in GPA). Then since no
MAP_GPA is called for the MMIO, KVM thinks the MMIO is private and refuses
shared access and doesn't set up shared EPT. Then KVM returns to TD and TD
just retries and this causes an infinite loop.
Instead of requiring guest to invoke MAP_GPA for MMIOs, assume guest MMIOs
are shared in KVM as well and don't expect explicit calls of MAP_GAP for
guest MMIOs (i.e., GPAs either have no kvm_memory_slot or are backed by
host MMIOs). So, allow shared access to guest MMIOs and move the page type
check after the corresponding pfn is available.
Signed-off-by: Chao Gao <chao.gao@intel.com>
---
arch/x86/kvm/mmu/mmu.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 5883ab95ff07..ce8a896a3cfa 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -4314,7 +4314,12 @@ static int __kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault
return RET_PF_EMULATE;
}
- if (fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn))
+ /*
+ * !fault->slot means MMIO. Don't require explicit GPA conversion for
+ * MMIO because MMIO is assigned at the boot time.
+ */
+ if (fault->slot &&
+ fault->is_private != kvm_mem_is_private(vcpu->kvm, fault->gfn))
return kvm_do_memory_fault_exit(vcpu, fault);
if (fault->is_private)
--
2.25.1