KVM: x86: Apply retry protection to "unprotect on failure" path

Use kvm_mmu_unprotect_gfn_and_retry() in reexecute_instruction() to pick
up protection against infinite loops, e.g. if KVM somehow manages to
encounter an unsupported instruction and unprotecting the gfn doesn't
allow the vCPU to make forward progress.  Other than that, the retry-on-
failure logic is a functionally equivalent, open coded version of
kvm_mmu_unprotect_gfn_and_retry().

Note, the emulation failure path still isn't fully protected, as KVM
won't update the retry protection fields if no shadow pages are zapped
(but this change is still a step forward).  That flaw will be addressed
in a future patch.

Reviewed-by: Yuan Yao <yuan.yao@intel.com>
Link: https://lore.kernel.org/r/20240831001538.336683-18-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 7170eee23597a4f2241a71dd709dd7fc1db11ddc..ad942892fa2c5eb3e4597a0fe90c71dc3d808b00 100644 (file)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8864,8 +8864,6 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu, int emulation_type)
 static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
                                  int emulation_type)
 {
-       gpa_t gpa = cr2_or_gpa;
-
        if (!(emulation_type & EMULTYPE_ALLOW_RETRY_PF))
                return false;
 
@@ -8882,29 +8880,13 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
        if (emulation_type & EMULTYPE_WRITE_PF_TO_SP)
                return false;
 
-       if (!vcpu->arch.mmu->root_role.direct) {
-               /*
-                * Write permission should be allowed since only
-                * write access need to be emulated.
-                */
-               gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2_or_gpa, NULL);
-
-               /*
-                * If the mapping is invalid in guest, let cpu retry
-                * it to generate fault.
-                */
-               if (gpa == INVALID_GPA)
-                       return true;
-       }
-
        /*
         * If emulation may have been triggered by a write to a shadowed page
         * table, unprotect the gfn (zap any relevant SPTEs) and re-enter the
         * guest to let the CPU re-execute the instruction in the hope that the
         * CPU can cleanly execute the instruction that KVM failed to emulate.
         */
-       if (vcpu->kvm->arch.indirect_shadow_pages)
-               kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa));
+       kvm_mmu_unprotect_gfn_and_retry(vcpu, cr2_or_gpa);
 
        /*
         * Retry even if _this_ vCPU didn't unprotect the gfn, as it's possible