On Wed, Jan 20, 2021, Jarkko Sakkinen wrote:
> On Mon, Jan 18, 2021 at 04:28:26PM +1300, Kai Huang wrote:
> > From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> >
> > Convert vcpu_vmx.exit_reason from a u32 to a union (of size u32). The
> > full VM_EXIT_REASON field is comprised of a 16-bit basic exit reason in
> > bits 15:0, and single-bit modifiers in bits 31:16.
> >
> > Historically, KVM has only had to worry about handling the "failed
> > VM-Entry" modifier, which could only be set in very specific flows and
> > required dedicated handling. I.e. manually stripping the FAILED_VMENTRY
> > bit was a somewhat viable approach. But even with only a single bit to
> > worry about, KVM has had several bugs related to comparing a basic exit
> > reason against the full exit reason store in vcpu_vmx.
> >
> > Upcoming Intel features, e.g. SGX, will add new modifier bits that can
> > be set on more or less any VM-Exit, as opposed to the significantly more
> > restricted FAILED_VMENTRY, i.e. correctly handling everything in one-off
> > flows isn't scalable. Tracking exit reason in a union forces code to
> > explicitly choose between consuming the full exit reason and the basic
> > exit, and is a convenient way to document and access the modifiers.
> >
> > No functional change intended.
> >
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> > Signed-off-by: Kai Huang <kai.huang@xxxxxxxxx>
> > ---
> > arch/x86/kvm/vmx/nested.c | 42 +++++++++++++++---------
> > arch/x86/kvm/vmx/vmx.c | 68 ++++++++++++++++++++-------------------
> > arch/x86/kvm/vmx/vmx.h | 25 +++++++++++++-
> > 3 files changed, 86 insertions(+), 49 deletions(-)
> >
> > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > index 0fbb46990dfc..f112c2482887 100644
> > --- a/arch/x86/kvm/vmx/nested.c
> > +++ b/arch/x86/kvm/vmx/nested.c
> > @@ -3311,7 +3311,11 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
> > struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
> > enum vm_entry_failure_code entry_failure_code;
> > bool evaluate_pending_interrupts;
> > - u32 exit_reason, failed_index;
> > + u32 failed_index;
> > + union vmx_exit_reason exit_reason = {
> > + .basic = -1,
> > + .failed_vmentry = 1,
> > + };
>
> Instead, put this declaration to the correct place, following the
> reverse christmas tree ordering:
>
> union vmx_exit_reason exit_reason = {};
>
> And after declarations:
>
> exit_reason.basic = -1;
> exit_reason.failed_vmentry = 1;
>
> More pleasing for the eye.
I disagree (obviously, since I wrote the patch). Initializing the fields to
their respective values is a critical, but subtle, aspect of this code. Making
the code stand out via explicit initialization is a good thing, and we really
don't want any possibility of code touching exit_reason before it is initialized.
