Re: [RFC PATCH v2 15/26] KVM: VMX: Convert vcpu_vmx.exit_reason to a union

Jarkko Sakkinen <jarkko@xxxxxxxxxx> · Fri, 22 Jan 2021 19:29:22 +0200

On Thu, Jan 21, 2021 at 08:33:43AM -0800, Sean Christopherson wrote:
> On Thu, Jan 21, 2021, Jarkko Sakkinen wrote:
> > On Wed, Jan 20, 2021 at 08:39:26AM -0800, Sean Christopherson wrote:
> > > On Wed, Jan 20, 2021, Jarkko Sakkinen wrote:
> > > > On Mon, Jan 18, 2021 at 04:28:26PM +1300, Kai Huang wrote:
> > > > > ---
> > > > >  arch/x86/kvm/vmx/nested.c | 42 +++++++++++++++---------
> > > > >  arch/x86/kvm/vmx/vmx.c    | 68 ++++++++++++++++++++-------------------
> > > > >  arch/x86/kvm/vmx/vmx.h    | 25 +++++++++++++-
> > > > >  3 files changed, 86 insertions(+), 49 deletions(-)
> > > > > 
> > > > > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > > > > index 0fbb46990dfc..f112c2482887 100644
> > > > > --- a/arch/x86/kvm/vmx/nested.c
> > > > > +++ b/arch/x86/kvm/vmx/nested.c
> > > > > @@ -3311,7 +3311,11 @@ enum nvmx_vmentry_status nested_vmx_enter_non_root_mode(struct kvm_vcpu *vcpu,
> > > > >  	struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
> > > > >  	enum vm_entry_failure_code entry_failure_code;
> > > > >  	bool evaluate_pending_interrupts;
> > > > > -	u32 exit_reason, failed_index;
> > > > > +	u32 failed_index;
> > > > > +	union vmx_exit_reason exit_reason = {
> > > > > +		.basic = -1,
> > > > > +		.failed_vmentry = 1,
> > > > > +	};
> > > > 
> > > > Instead, put this declaration to the correct place, following the
> > > > reverse christmas tree ordering:
> > > > 
> > > >         union vmx_exit_reason exit_reason = {};
> > > > 
> > > > And after declarations:
> > > > 
> > > >         exit_reason.basic = -1;
> > > >         exit_reason.failed_vmentry = 1;
> > > > 
> > > > More pleasing for the eye.
> > > 
> > > I disagree (obviously, since I wrote the patch).  Initializing the fields to
> > > their respective values is a critical, but subtle, aspect of this code.  Making
> > > the code stand out via explicit initialization is a good thing, and we really
> > > don't want any possibility of code touching exit_reason before it is initialized.
> > 
> > The struct does get initialized to zero, and fields get initialized
> > to their respective values. What is the critical aspect that is gone?
> > I'm not following.
> 
> Setting exit_reason.failed_vmentry from time zero.  This code should never
> synthesize a nested VM-Exit with failed_vmentry=0.  There have been bugs around
> the exit_reason in this code in the past, I strongly prefer to not have any
> window where exit_reason has the "wrong" value.

OK, I see.  Thanks for the explanation.

/Jarkko