Re: [RFC KVM 06/27] KVM: x86: Exit KVM isolation on IRQ entry

From: Andy Lutomirski
Date: Mon May 13 2019 - 14:15:25 EST


On Mon, May 13, 2019 at 9:28 AM Alexandre Chartre
<alexandre.chartre@xxxxxxxxxx> wrote:
>
>
>
> On 5/13/19 5:51 PM, Andy Lutomirski wrote:
> > On Mon, May 13, 2019 at 7:39 AM Alexandre Chartre
> > <alexandre.chartre@xxxxxxxxxx> wrote:
> >>
> >> From: Liran Alon <liran.alon@xxxxxxxxxx>
> >>
> >> Next commits will change most of KVM #VMExit handlers to run
> >> in KVM isolated address space. Any interrupt handler raised
> >> during execution in KVM address space needs to switch back
> >> to host address space.
> >>
> >> This patch makes sure that IRQ handlers will run in full
> >> host address space instead of KVM isolated address space.
> >
> > IMO this needs to be somewhere a lot more central. What about NMI and
> > MCE? Or async page faults? Or any other entry?
> >
>
> Actually, I am not sure this is effectively useful because the IRQ
> handler is probably faulting before it tries to exit isolation, so
> the isolation exit will be done by the kvm page fault handler. I need
> to check that.
>

The whole idea of having #PF exit with a different CR3 than was loaded
on entry seems questionable to me. I'd be a lot more comfortable with
the whole idea if a page fault due to accessing the wrong data was an
OOPS and the code instead just did the right thing directly.

--Andy