[patch v7 08/10] KVM: x86: process isolation work from VM-entry code path

From: Marcelo Tosatti
Date: Fri Nov 12 2021 - 07:44:16 EST


VM-entry code path is an entry point similar to userspace return
when task isolation is concerned.

Call isolation_exit_to_user_mode before VM-enter.

Signed-off-by: Marcelo Tosatti <mtosatti@xxxxxxxxxx>

---
include/linux/entry-kvm.h | 4 +++-
kernel/entry/kvm.c | 18 ++++++++++++++----
2 files changed, 17 insertions(+), 5 deletions(-)

Index: linux-2.6/kernel/entry/kvm.c
===================================================================
--- linux-2.6.orig/kernel/entry/kvm.c
+++ linux-2.6/kernel/entry/kvm.c
@@ -2,8 +2,11 @@

#include <linux/entry-kvm.h>
#include <linux/kvm_host.h>
+#include <linux/task_isolation.h>

-static int xfer_to_guest_mode_work(struct kvm_vcpu *vcpu, unsigned long ti_work)
+static int xfer_to_guest_mode_work(struct kvm_vcpu *vcpu,
+ unsigned long ti_work,
+ unsigned long tsk_isol_work)
{
do {
int ret;
@@ -26,14 +29,20 @@ static int xfer_to_guest_mode_work(struc
if (ret)
return ret;

+ if (tsk_isol_work)
+ isolation_exit_to_user_mode();
+
ti_work = READ_ONCE(current_thread_info()->flags);
- } while (ti_work & XFER_TO_GUEST_MODE_WORK || need_resched());
+ tsk_isol_work = task_isol_has_work();
+ } while (ti_work & XFER_TO_GUEST_MODE_WORK || need_resched() ||
+ tsk_isol_work);
return 0;
}

int xfer_to_guest_mode_handle_work(struct kvm_vcpu *vcpu)
{
unsigned long ti_work;
+ unsigned long tsk_isol_work;

/*
* This is invoked from the outer guest loop with interrupts and
@@ -44,9 +53,10 @@ int xfer_to_guest_mode_handle_work(struc
* to disable interrupts here.
*/
ti_work = READ_ONCE(current_thread_info()->flags);
- if (!(ti_work & XFER_TO_GUEST_MODE_WORK))
+ tsk_isol_work = task_isol_has_work();
+ if (!((ti_work & XFER_TO_GUEST_MODE_WORK) || tsk_isol_work))
return 0;

- return xfer_to_guest_mode_work(vcpu, ti_work);
+ return xfer_to_guest_mode_work(vcpu, ti_work, tsk_isol_work);
}
EXPORT_SYMBOL_GPL(xfer_to_guest_mode_handle_work);
Index: linux-2.6/include/linux/entry-kvm.h
===================================================================
--- linux-2.6.orig/include/linux/entry-kvm.h
+++ linux-2.6/include/linux/entry-kvm.h
@@ -8,6 +8,7 @@
#include <linux/seccomp.h>
#include <linux/sched.h>
#include <linux/tick.h>
+#include <linux/task_isolation.h>

/* Transfer to guest mode work */
#ifdef CONFIG_KVM_XFER_TO_GUEST_WORK
@@ -76,8 +77,9 @@ static inline void xfer_to_guest_mode_pr
static inline bool __xfer_to_guest_mode_work_pending(void)
{
unsigned long ti_work = READ_ONCE(current_thread_info()->flags);
+ unsigned long tsk_isol_work = task_isol_has_work();

- return !!(ti_work & XFER_TO_GUEST_MODE_WORK);
+ return !!((ti_work & XFER_TO_GUEST_MODE_WORK) || tsk_isol_work);
}

/**