From patchwork Sat Jun  3 03:21:55 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Wanpeng Li <kernellwp@gmail.com>
X-Patchwork-Id: 9763829
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	8A9B36038E for <patchwork-kvm@patchwork.kernel.org>;
	Sat,  3 Jun 2017 03:22:25 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7ECFE285D2
	for <patchwork-kvm@patchwork.kernel.org>;
	Sat,  3 Jun 2017 03:22:25 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 73941285D9; Sat,  3 Jun 2017 03:22:25 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 27C66285D2
	for <patchwork-kvm@patchwork.kernel.org>;
	Sat,  3 Jun 2017 03:22:25 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751161AbdFCDWH (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Fri, 2 Jun 2017 23:22:07 -0400
Received: from mail-pg0-f68.google.com ([74.125.83.68]:34031 "EHLO
	mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751147AbdFCDWF (ORCPT <rfc822; kvm@vger.kernel.org>);
	Fri, 2 Jun 2017 23:22:05 -0400
Received: by mail-pg0-f68.google.com with SMTP id u13so1303970pgb.1;
	Fri, 02 Jun 2017 20:22:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=zV6OPNNdfp5c6NNDU4ak657VP8J+OjhCmjTJUOEX2K4=;
	b=C709XX4kyt4govLPXDZzrTdeIHV8g6i3MrnC9LnDxFWSA+ndH0l1F8faMpkXIQjKZK
	TQ2O1mSTDCcyDHkgXTEBTcCu6HN8cYapqEQUAIRGZaRhHJSCH9riPEc0mLi5YaPfK/AI
	WEgUVvMlv+0C6II0zJSFF63vbo6UfeoqZFT7URh7qUOpzHYXdDQIlBP2BItmX9cnTQJY
	DRVdZ9Moq5vzFkLwB4H3R3w7C6XFGzr4g85FjI701oVfWDg+Mu8gIwwDhbJ/awt+5pMJ
	dfmnQa8pxl9yBXUKGILJpEfVqQceMHs638ty9HrUhR5Lr98LHzg7rEZ6wWOyjjwXW3HJ
	3GhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=zV6OPNNdfp5c6NNDU4ak657VP8J+OjhCmjTJUOEX2K4=;
	b=N/XyhLMXkWEni+Nrk0t+ld6IkyYsIk0JgizNriGMwyx33UJApyW+DYkRspe7/bWFZK
	Uf8A5MLoZm1z4f8rw5F85XJbIsYFaiirtVS8mstrNNDQ8KtzToCbFthT/Rzv/A0e76cT
	waRJlnk4ZagHo6d9Bmyqj0ar15md6NWOnJUe4EhzkVlZVdoEMn5PDVBQ/e5VbaTLtgx5
	/2adRXBrYpECl5GBHL743fUq65WSu8FhTpkv3e7yGBMHGcZczgi6onfgVbjXXOGdDvFn
	rVwvAC9pOuKh/WX3HC6R2jdRcwjCKTrBp3hbpDkIBPW6VbE7RkvvWpg/RLUA856AhG8v
	FeWg==
X-Gm-Message-State: AODbwcB+ej8ctAwOk1al7J5xuYBV/UHDAGmNo1mHOkAgu/5pcLOkdchx
	0cdXgES3ASEc20BI
X-Received: by 10.84.228.194 with SMTP id y2mr3157089pli.13.1496460124615;
	Fri, 02 Jun 2017 20:22:04 -0700 (PDT)
Received: from localhost ([203.205.141.123])
	by smtp.gmail.com with ESMTPSA id
	t17sm40941368pfj.61.2017.06.02.20.22.03
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 02 Jun 2017 20:22:04 -0700 (PDT)
From: Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpeng.li@hotmail.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Wanpeng Li <wanpeng.li@hotmail.com>
Subject: [PATCH] KVM: nVMX: Fix exception injection
Date: Fri,  2 Jun 2017 20:21:55 -0700
Message-Id: <1496460115-12654-1-git-send-email-wanpeng.li@hotmail.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Wanpeng Li <wanpeng.li@hotmail.com>

 WARNING: CPU: 3 PID: 2840 at arch/x86/kvm/vmx.c:10966 nested_vmx_vmexit+0xdcd/0xde0 [kvm_intel]
 CPU: 3 PID: 2840 Comm: qemu-system-x86 Tainted: G           OE   4.12.0-rc3+ #23
 RIP: 0010:nested_vmx_vmexit+0xdcd/0xde0 [kvm_intel]
 Call Trace:
  ? kvm_check_async_pf_completion+0xef/0x120 [kvm]
  ? rcu_read_lock_sched_held+0x79/0x80
  vmx_queue_exception+0x104/0x160 [kvm_intel]
  ? vmx_queue_exception+0x104/0x160 [kvm_intel]
  kvm_arch_vcpu_ioctl_run+0x1171/0x1ce0 [kvm]
  ? kvm_arch_vcpu_load+0x47/0x240 [kvm]
  ? kvm_arch_vcpu_load+0x62/0x240 [kvm]
  kvm_vcpu_ioctl+0x384/0x7b0 [kvm]
  ? kvm_vcpu_ioctl+0x384/0x7b0 [kvm]
  ? __fget+0xf3/0x210
  do_vfs_ioctl+0xa4/0x700
  ? __fget+0x114/0x210
  SyS_ioctl+0x79/0x90
  do_syscall_64+0x81/0x220
  entry_SYSCALL64_slow_path+0x25/0x25

This is triggered occasionally by running both win7 and win2016 in L2, in 
addition, EPT is disabled on both L1 and L2. It can't be reproduced easily.

Commit 0b6ac343fc (KVM: nVMX: Correct handling of exception injection) mentioned 
that "KVM wants to inject page-faults which it got to the guest. This function 
assumes it is called with the exit reason in vmcs02 being a #PF exception". 
Commit e011c663 (KVM: nVMX: Check all exceptions for intercept during delivery to 
L2) allows to check all exceptions for intercept during delivery to L2. However, 
there is no guarantee the exit reason is exception currently, when there is an 
external interrupt occurred on host, maybe a time interrupt for host which should 
not be injected to guest, and somewhere queues an exception, then the function 
nested_vmx_check_exception() will be called and the vmexit emulation codes will 
try to emulate the "Acknowledge interrupt on exit" behavior, the warning is 
triggered.

This patch fixes it by confirming to inject exception to the guest when the exit 
reason in vmcs02 is exception. 

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
---
 arch/x86/kvm/vmx.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 9b4b5d6..778a8f3 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2422,7 +2422,8 @@ static int nested_vmx_check_exception(struct kvm_vcpu *vcpu, unsigned nr)
 {
 	struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
 
-	if (!(vmcs12->exception_bitmap & (1u << nr)))
+	if (to_vmx(vcpu)->exit_reason != EXIT_REASON_EXCEPTION_NMI ||
+		!(vmcs12->exception_bitmap & (1u << nr)))
 		return 0;
 
 	nested_vmx_vmexit(vcpu, to_vmx(vcpu)->exit_reason,