[PATCH RESEND 18/30] KVM: x86: mmu: add strict mmu mode

From: Maxim Levitsky
Date: Mon Feb 07 2022 - 11:02:59 EST

Next message: Maxim Levitsky: "[PATCH RESEND 12/30] KVM: x86: SVM: allow AVIC to co-exist with a nested guest running"
Previous message: Maxim Levitsky: "[PATCH RESEND 14/30] KVM: x86: lapic: don't allow to change local apic id when using older x2apic api"
In reply to: Maxim Levitsky: "[PATCH RESEND 14/30] KVM: x86: lapic: don't allow to change local apic id when using older x2apic api"
Next in thread: Maxim Levitsky: "[PATCH RESEND 12/30] KVM: x86: SVM: allow AVIC to co-exist with a nested guest running"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Add an (mostly debug) option to force KVM's shadow mmu
to never have unsync pages.

This is useful in some cases to debug it.

It is also useful for some legacy guest OSes which don't
flush TLBs correctly, and thus don't work on modern
CPUs which have speculative MMUs.

Using this option together with legacy paging (npt/ept=0)
allows to correctly simulate such old MMU while still
getting most of the benefits of the virtualization.

Signed-off-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
---
arch/x86/kvm/mmu/mmu.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 43c7abdd6b70f..fa2da6990703f 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -91,6 +91,10 @@ __MODULE_PARM_TYPE(nx_huge_pages_recovery_period_ms, "uint");
static bool __read_mostly force_flush_and_sync_on_reuse;
module_param_named(flush_on_reuse, force_flush_and_sync_on_reuse, bool, 0644);

+
+bool strict_mmu;
+module_param(strict_mmu, bool, 0644);
+
/*
* When setting this variable to true it enables Two-Dimensional-Paging
* where the hardware walks 2 page tables:
@@ -2703,7 +2707,7 @@ static int mmu_set_spte(struct kvm_vcpu *vcpu, struct kvm_memory_slot *slot,
}

wrprot = make_spte(vcpu, sp, slot, pte_access, gfn, pfn, *sptep, prefetch,
- true, host_writable, &spte);
+ !strict_mmu, host_writable, &spte);

if (*sptep == spte) {
ret = RET_PF_SPURIOUS;
@@ -5139,6 +5143,11 @@ static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa,
*/
static bool detect_write_flooding(struct kvm_mmu_page *sp)
{
+ /*
+ * When using non speculating MMU, use a bit higher threshold
+ * for write flood detection
+ */
+ int threshold = strict_mmu ? 10 : 3;
/*
* Skip write-flooding detected for the sp whose level is 1, because
* it can become unsync, then the guest page is not write-protected.
@@ -5147,7 +5156,7 @@ static bool detect_write_flooding(struct kvm_mmu_page *sp)
return false;

atomic_inc(&sp->write_flooding_count);
- return atomic_read(&sp->write_flooding_count) >= 3;
+ return atomic_read(&sp->write_flooding_count) >= threshold;
}

/*
--
2.26.3

Next message: Maxim Levitsky: "[PATCH RESEND 12/30] KVM: x86: SVM: allow AVIC to co-exist with a nested guest running"
Previous message: Maxim Levitsky: "[PATCH RESEND 14/30] KVM: x86: lapic: don't allow to change local apic id when using older x2apic api"
In reply to: Maxim Levitsky: "[PATCH RESEND 14/30] KVM: x86: lapic: don't allow to change local apic id when using older x2apic api"
Next in thread: Maxim Levitsky: "[PATCH RESEND 12/30] KVM: x86: SVM: allow AVIC to co-exist with a nested guest running"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]