From patchwork Wed Jan 10 13:44:42 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Haozhong Zhang <haozhong.zhang@intel.com>
X-Patchwork-Id: 10155177
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	A687760223 for <patchwork-kvm@patchwork.kernel.org>;
	Wed, 10 Jan 2018 13:45:28 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 996F828517
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed, 10 Jan 2018 13:45:28 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8D96C2856E; Wed, 10 Jan 2018 13:45:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC23C28517
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed, 10 Jan 2018 13:45:27 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S964814AbeAJNpZ (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 10 Jan 2018 08:45:25 -0500
Received: from mga11.intel.com ([192.55.52.93]:42854 "EHLO mga11.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932526AbeAJNpX (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 10 Jan 2018 08:45:23 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga003.jf.intel.com ([10.7.209.27])
	by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	10 Jan 2018 05:45:23 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,340,1511856000"; d="scan'208";a="18980417"
Received: from hz-desktop.sh.intel.com (HELO localhost) ([10.239.159.142])
	by orsmga003.jf.intel.com with ESMTP; 10 Jan 2018 05:45:21 -0800
From: Haozhong Zhang <haozhong.zhang@intel.com>
To: kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>, rkrcmar@redhat.com,
	Ross Zwisler <zwisler@gmail.com>,
	Wanpeng Li <kernellwp@gmail.com>, Alec Blayne <ab@tevsa.net>,
	Liran Alon <liran.alon@oracle.com>,
	Haozhong Zhang <haozhong.zhang@intel.com>
Subject: [PATCH] KVM MMU: check pending exception before injecting APF
Date: Wed, 10 Jan 2018 21:44:42 +0800
Message-Id: <20180110134442.21244-1-haozhong.zhang@intel.com>
X-Mailer: git-send-email 2.14.1
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

When a guest expection is already pending, injecting APF may result in
guest #DF.

For example, when two APF's for page ready happen after an exit, the
first APF will be pending. If injecting the second one regardless of
the pending one, the second APF injection will be converted an
injection of #DF.

Reported-by: Ross Zwisler <zwisler@gmail.com>
Message-ID: <CAOxpaSUBf8QoOZQ1p4KfUp0jq76OKfGY4Uxs-Gg8ngReD99xww@mail.gmail.com>
Reported-by: Alec Blayne <ab@tevsa.net>
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
---
 arch/x86/kvm/mmu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 89da688784fa..a8d0230ea40d 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -3781,7 +3781,8 @@ static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn)
 bool kvm_can_do_async_pf(struct kvm_vcpu *vcpu)
 {
 	if (unlikely(!lapic_in_kernel(vcpu) ||
-		     kvm_event_needs_reinjection(vcpu)))
+		     kvm_event_needs_reinjection(vcpu) ||
+		     vcpu->arch.exception.pending))
 		return false;
 
 	if (!vcpu->arch.apf.delivery_as_pf_vmexit && is_guest_mode(vcpu))