Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4593652ybi; Sat, 20 Jul 2019 02:14:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqy5bwxsNzpWLtP6WPfOZIwJPXAFpCAQT46gwxsPcZvpD3ggAyjv80YU13edTdBpZ6qKVTcV X-Received: by 2002:a17:90a:9bca:: with SMTP id b10mr63021985pjw.90.1563614076375; Sat, 20 Jul 2019 02:14:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563614076; cv=none; d=google.com; s=arc-20160816; b=kEGopXv4Ux8DRLUwdH/KcMhyhY9JVESrSp0zPznTlMl02hDuA6Ct9meQjFrP8Q3SPy BQYs3WuP5XUyyWwmUU/2LS7iiDLaIVhwNAnRT3duOlAZ2TCwQ4jl/D/3CA9tdFkwDXQk 2DOH2Kjmfzrd1+N8Ma431132uiMDbGA7H+qFnRwkX1rab7DC+a0fiJjepoZ1+IpZtzBi Oz3hNA5DYClHac6Ia5hZCz6ursN7BNMWzR+Yf7C6ngSfCrEKBvTzuDNx1WWGVc4WTca2 tTm4VW+dDBh9PmwlPVLIdurfv7j7OTqRPVIkzyejl8xy3ku+pQCWw6Xsw2O9M7Av9d8n 2q+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=YEtsyY1ZZYlEwXhbJrDku1WN4LTXS7JRFvqlBEVSnL8=; b=a8lg8yukc78W+cMxuQ96ZKBfUar3qjhMdwrfZ6T7ku/0ALwmp9sdNXn/vcZU1fe5nf 2IZFPsq/7xzjajRNkDs432dWzuMQMxb0BLYYZ4l8RsOZU3uIc8+DyGlDezza48aUzW55 qYn/REIDIC7vZDG4kjGCkdeBJ4v9eH+1DBn9ISrk/F5DtMfUxXeBnJCvTJg7l5ErF3Wr aD9BkIHT+xtWMrcGEMaiDa09JAmWgBkchniSlPxEUvVUXbn/F6D0p3u63qTeE63y+O4Y iJNd3s1z+OfyjLge2eDw3AkiO9QSxYzdL6kuxwQtKmXM4H42lEGLmfJlxpkWgi2QIA5s 7acQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=sWWaJTpS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n63si4117894pjb.36.2019.07.20.02.14.20; Sat, 20 Jul 2019 02:14:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=sWWaJTpS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729933AbfGSWZZ (ORCPT + 99 others); Fri, 19 Jul 2019 18:25:25 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:56258 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727344AbfGSWZZ (ORCPT ); Fri, 19 Jul 2019 18:25:25 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x6JMOJkH153742; Fri, 19 Jul 2019 22:25:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=YEtsyY1ZZYlEwXhbJrDku1WN4LTXS7JRFvqlBEVSnL8=; b=sWWaJTpSMzNmu/rB44M+q7rGn+Lu5WHkh9JimMTmNV0QoNXezVtk4NUXrHXmRYaJ0OGF OhXPG21r16LBv6+3cwP1SOhcxEK5VI8BySjzkIg8y4tuHEndAjyUwmBqBkAcDTATSCuH xeQE0oGT3vvP9XsqF6ysMbhOaJHDzLWpFw2Muwnb7g2C3VxUWzIssWSaoqsU2BCR2FJX p5tls/WxZKnolcSeGFtPKJQ9snZjTKz/2cFlchbtjyzQhGySsI6CCJ7rSw2c/QCBNCI3 7vDDw5nk2+ktBApGlU08H7+NzUKPtHhRlo/qS9UT+fPpMBGIcxh7NNx1zncRJdXhRFx0 ww== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2120.oracle.com with ESMTP id 2tq7xrgsj1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 19 Jul 2019 22:25:14 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x6JMNBDP174143; Fri, 19 Jul 2019 22:23:13 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserp3030.oracle.com with ESMTP id 2ttc8gd7g6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 19 Jul 2019 22:23:13 +0000 Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x6JMNBNl017424; Fri, 19 Jul 2019 22:23:12 GMT Received: from [10.74.126.79] (/10.74.126.79) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 19 Jul 2019 22:23:11 +0000 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) Subject: Re: [PATCH v2] KVM: nVMX: do not use dangling shadow VMCS after guest reset From: Liran Alon In-Reply-To: Date: Sat, 20 Jul 2019 01:23:07 +0300 Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, stable@vger.kernel.org Content-Transfer-Encoding: quoted-printable Message-Id: <9422299F-A088-4FCD-9B0B-80F7B3F9615E@oracle.com> References: <1563572390-28823-1-git-send-email-pbonzini@redhat.com> To: Paolo Bonzini X-Mailer: Apple Mail (2.3445.4.7) X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9323 signatures=668688 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=2 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907190237 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9323 signatures=668688 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=2 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907190237 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On 20 Jul 2019, at 1:21, Paolo Bonzini wrote: >=20 > On 20/07/19 00:06, Liran Alon wrote: >>=20 >>=20 >>> On 20 Jul 2019, at 0:39, Paolo Bonzini wrote: >>>=20 >>> If a KVM guest is reset while running a nested guest, free_nested = will >>> disable the shadow VMCS execution control in the vmcs01. However, >>> on the next KVM_RUN vmx_vcpu_run would nevertheless try to sync >>> the VMCS12 to the shadow VMCS which has since been freed. >>>=20 >>> This causes a vmptrld of a NULL pointer on my machime, but Jan = reports >>> the host to hang altogether. Let's see how much this trivial patch = fixes. >>>=20 >>> Reported-by: Jan Kiszka >>> Cc: Liran Alon >>> Cc: stable@vger.kernel.org >>> Signed-off-by: Paolo Bonzini >>=20 >> 1) Are we sure we prefer WARN_ON() instead of WARN_ON_ONCE()? >=20 > I don't think you can get it to be called in a loop, the calls are > generally guarded by ifs. >=20 >> 2) Should we also check for WARN_ON(!vmcs12)? As free_nested() also = kfree(vmx->nested.cached_vmcs12). >=20 > Well, it doesn't NULL it but it does NULL shadow_vmcs so the extra > warning wouldn't add much. >=20 >> In fact, because free_nested() don=E2=80=99t put NULL in = cached_vmcs12 after kfree() it, I wonder if we shouldn=E2=80=99t create = a separate patch that does: >> (a) Modify free_nested() to put NULL in cached_vmcs12 after kfree(). >> (b) Put BUG_ON(!cached_vmcs12) in get_vmcs12() before returning = value. >=20 > This is useful but a separate improvement (and not a bugfix, I want = this > patch to be small so it applies to older trees). >=20 > Paolo ACK on all the above. :) Reviewed-by: Liran Alon -Liran >=20 >> -Liran >>=20 >>> --- >>> arch/x86/kvm/vmx/nested.c | 8 +++++++- >>> 1 file changed, 7 insertions(+), 1 deletion(-) >>>=20 >>> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c >>> index 4f23e34f628b..0f1378789bd0 100644 >>> --- a/arch/x86/kvm/vmx/nested.c >>> +++ b/arch/x86/kvm/vmx/nested.c >>> @@ -194,6 +194,7 @@ static void vmx_disable_shadow_vmcs(struct = vcpu_vmx *vmx) >>> { >>> secondary_exec_controls_clearbit(vmx, = SECONDARY_EXEC_SHADOW_VMCS); >>> vmcs_write64(VMCS_LINK_POINTER, -1ull); >>> + vmx->nested.need_vmcs12_to_shadow_sync =3D false; >>> } >>>=20 >>> static inline void nested_release_evmcs(struct kvm_vcpu *vcpu) >>> @@ -1341,6 +1342,9 @@ static void copy_shadow_to_vmcs12(struct = vcpu_vmx *vmx) >>> unsigned long val; >>> int i; >>>=20 >>> + if (WARN_ON(!shadow_vmcs)) >>> + return; >>> + >>> preempt_disable(); >>>=20 >>> vmcs_load(shadow_vmcs); >>> @@ -1373,6 +1377,9 @@ static void copy_vmcs12_to_shadow(struct = vcpu_vmx *vmx) >>> unsigned long val; >>> int i, q; >>>=20 >>> + if (WARN_ON(!shadow_vmcs)) >>> + return; >>> + >>> vmcs_load(shadow_vmcs); >>>=20 >>> for (q =3D 0; q < ARRAY_SIZE(fields); q++) { >>> @@ -4436,7 +4443,6 @@ static inline void = nested_release_vmcs12(struct kvm_vcpu *vcpu) >>> /* copy to memory all shadowed fields in case >>> they were modified */ >>> copy_shadow_to_vmcs12(vmx); >>> - vmx->nested.need_vmcs12_to_shadow_sync =3D false; >>> vmx_disable_shadow_vmcs(vmx); >>> } >>> vmx->nested.posted_intr_nv =3D -1; >>> --=20 >>> 1.8.3.1 >>>=20 >>=20 >=20