On Thu, Aug 22, 2019 at 02:10:48PM +0200, Alexander Graf wrote: > On 22.08.19 10:44, Anup Patel wrote: ... > > +static int emulate_load(struct kvm_vcpu *vcpu, struct kvm_run *run, > > + unsigned long fault_addr) ... > > + /* Exit to userspace for MMIO emulation */ > > + vcpu->stat.mmio_exit_user++; > > + run->exit_reason = KVM_EXIT_MMIO; > > + run->mmio.is_write = false; > > + run->mmio.phys_addr = fault_addr; > > + run->mmio.len = len; > > + > > + /* Move to next instruction */ > > + vcpu->arch.guest_context.sepc += INSN_LEN(insn); > > Doesn't that make more sense on the reentry path? What if you want to inject > an MCE on access to unmapped addresses from user space? > I agree. See commit 0d640732dbeb for arm's justification for moving the instruction skip. But also see https://patchwork.kernel.org/patch/11109063/ for a needed fix to avoid skipping the instructions multiple times. It looks like riscv's KVM_RUN ioctl would be vulnerable to that as well. Thanks, drew
