Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2480930pxa; Mon, 24 Aug 2020 15:46:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxO7rDFOhmT2QhRVIDszSUh49dRbO/V67E5nVWgEWrTwpIulwSgm+NbZNJZvc6d7Qoko85d X-Received: by 2002:a17:906:97ca:: with SMTP id ef10mr7236808ejb.202.1598309212364; Mon, 24 Aug 2020 15:46:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598309212; cv=none; d=google.com; s=arc-20160816; b=JCzvXKN7R9cQ6MS1dD6Rs2Fl4mbk5Ub0TbmVJ/U+Q7WBBQkPNSkXh1hXpsldPg6wK4 LWzByEoedkwS0Kng/bWsg5jSF8DXH1vSHW3yVm+onbZHgKgrfkaYJuY0NfD9qebq1rIA C4jqhM1lE0NaJqnz5iUdpvtS5ahYNPz7dAceU7gi3kqgfTfnmRp6LtTQB6HLKk3dVSLw vt5vu2ytjXWMprw4XV5ay0Y25CfQ/Vuqw3qnk80NAssPnMBaZlLPAK/Le+oj4PPEA2Na 3w7aQoX/hbM7fqpQSohg+Mpt3fWbg2+0Fkd8pnYs5Kxch4gjLPl0XfVluR582u9AEJav FwuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Kz/k9wb2FtFBpuN0H9LrQExFH8jcMXPO4pczO7F26a8=; b=d6oMYXEj0cLye7pxaTCRFOiMkEYd4aTKG7aYi49V0BNGlieQ2Tc5NcYrGBVAmR0m40 X9aFE+ns+Nu/4FG0JolynxtKuJFZF0BXmFSP+Ae7EmUAlJloISjr9Ks8IZyKIm1ylU5W rmDgZrygOxc72uCkGBdLDmyzksv61mohFfWJfKsyZdorIvq5aXT6tg4TA6g4pbFSI3pE iRsnmoKDI2jmAnApX+n0ebxyRz1nDPl9ySCZ3m3WDTbLN3pRixoLoADawykWaAjiq+DR 3DZAUdkt8IImkVV9cANunhcaTwClrb5RpuZ+tJmLuYGvwJDPQXB1svwzSQRCokl8aY9a y8Pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RzJVZWj2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y27si1347232ejf.210.2020.08.24.15.46.29; Mon, 24 Aug 2020 15:46:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RzJVZWj2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726532AbgHXWpj (ORCPT + 99 others); Mon, 24 Aug 2020 18:45:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54876 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726531AbgHXWpi (ORCPT ); Mon, 24 Aug 2020 18:45:38 -0400 Received: from mail-oo1-xc43.google.com (mail-oo1-xc43.google.com [IPv6:2607:f8b0:4864:20::c43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C8252C061755 for ; Mon, 24 Aug 2020 15:45:38 -0700 (PDT) Received: by mail-oo1-xc43.google.com with SMTP id j19so2291536oor.2 for ; Mon, 24 Aug 2020 15:45:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Kz/k9wb2FtFBpuN0H9LrQExFH8jcMXPO4pczO7F26a8=; b=RzJVZWj2odYP6gj+fnANkDRiVVO5QhynntjYJvZQrziuYBLmg36YoSiEn+/tuSF6+l jSWpep4dxnzhgbca667Rpo5Mxk50/9gFQ6tQQBsZdz9Im5PIRnsfTdqdFJtoDKSu3KmC GABfjj4dKx0Ga2DUHZLRTUfZ/IE9hSQCBP0tLGFRDLgfEh2eV4Ge8e79ZidlpZso4sq1 TJeK+3yi4N9NYShqELK6tdREyDCjIj52z0iXQRbLKKyy9oY74rVPBsXko1Y+Xueqw5ao 0b5zrHgEFx/lPxfBW0oU3vY/nREloWj4xuxW7R/pQZIZY+GrfTpqK+z1MZAkAcyVWd3c Zg/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Kz/k9wb2FtFBpuN0H9LrQExFH8jcMXPO4pczO7F26a8=; b=nQC7WinXoOhn39nUZg+OnohzwQrecknZPkn3xPzJcHTw2OrJ9LSK5jqrltcmztCmDX VuPIp/jW3Pqw06UvvkQimoqlmVfOKfVvx603l4yFf8sFRchZg+GJZq/GvQrGX1OaeTQh Tdeueb3NPtxUXEoTXqH4RtsFpOdAg6Wyiz5aGLP7UrD6hUgQajqD+Qw33llzT+3hESIU ucwL3koRaxg+BzttBGEYf1jG6felCZvChNZoc5CqwgXI3zR++h8ZTDlPDkWCMutbiEAn Jr5SYJoTXJCId/upnNtEWMYV3py3Zhz52TVK7q1WHJyVASbtXHPtPRGqogrAn/+9MZ+W sE9Q== X-Gm-Message-State: AOAM533KCXw9+03i/WR+THB59wfmzlz7S/e+Hb2HeH82j8WgzH8EoKbh UCOcQ6nYJm8Xq6qPYKp9y/Ny9XG13sxwOmUiL2TECA== X-Received: by 2002:a4a:87c8:: with SMTP id c8mr5196624ooi.81.1598309137774; Mon, 24 Aug 2020 15:45:37 -0700 (PDT) MIME-Version: 1.0 References: <20200401081348.1345307-1-vkuznets@redhat.com> <20200822034046.GE4769@sjchrist-ice> In-Reply-To: From: Jim Mattson Date: Mon, 24 Aug 2020 15:45:26 -0700 Message-ID: Subject: Re: [PATCH] KVM: VMX: fix crash cleanup when KVM wasn't used To: Sean Christopherson Cc: Vitaly Kuznetsov , Paolo Bonzini , Wanpeng Li , kvm list , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 24, 2020 at 11:57 AM Jim Mattson wrote: > > On Fri, Aug 21, 2020 at 8:40 PM Sean Christopherson > wrote: > > > > On Thu, Aug 20, 2020 at 01:08:22PM -0700, Jim Mattson wrote: > > > On Wed, Apr 1, 2020 at 1:13 AM Vitaly Kuznetsov wrote: > > > > --- > > > > arch/x86/kvm/vmx/vmx.c | 12 +++++++----- > > > > 1 file changed, 7 insertions(+), 5 deletions(-) > > > > > > > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > > > > index 3aba51d782e2..39a5dde12b79 100644 > > > > --- a/arch/x86/kvm/vmx/vmx.c > > > > +++ b/arch/x86/kvm/vmx/vmx.c > > > > @@ -2257,10 +2257,6 @@ static int hardware_enable(void) > > > > !hv_get_vp_assist_page(cpu)) > > > > return -EFAULT; > > > > > > > > - INIT_LIST_HEAD(&per_cpu(loaded_vmcss_on_cpu, cpu)); > > > > - INIT_LIST_HEAD(&per_cpu(blocked_vcpu_on_cpu, cpu)); > > > > - spin_lock_init(&per_cpu(blocked_vcpu_on_cpu_lock, cpu)); > > > > - > > > > r = kvm_cpu_vmxon(phys_addr); > > > > if (r) > > > > return r; > > > > @@ -8006,7 +8002,7 @@ module_exit(vmx_exit); > > > > > > > > static int __init vmx_init(void) > > > > { > > > > - int r; > > > > + int r, cpu; > > > > > > > > #if IS_ENABLED(CONFIG_HYPERV) > > > > /* > > > > @@ -8060,6 +8056,12 @@ static int __init vmx_init(void) > > > > return r; > > > > } > > > > > > > > + for_each_possible_cpu(cpu) { > > > > + INIT_LIST_HEAD(&per_cpu(loaded_vmcss_on_cpu, cpu)); > > > > + INIT_LIST_HEAD(&per_cpu(blocked_vcpu_on_cpu, cpu)); > > > > + spin_lock_init(&per_cpu(blocked_vcpu_on_cpu_lock, cpu)); > > > > + } > > > > > > Just above this chunk, we have: > > > > > > r = vmx_setup_l1d_flush(vmentry_l1d_flush_param); > > > if (r) { > > > vmx_exit(); > > > ... > > > > > > If we take that early exit, because vmx_setup_l1d_flush() fails, we > > > won't initialize loaded_vmcss_on_cpu. However, vmx_exit() calls > > > kvm_exit(), which calls on_each_cpu(hardware_disable_nolock, NULL, 1). > > > Hardware_disable_nolock() then calls kvm_arch_hardware_disable(), > > > which calls kvm_x86_ops.hardware_disable() [the vmx.c > > > hardware_disable()], which calls vmclear_local_loaded_vmcss(). > > > > > > I believe that vmclear_local_loaded_vmcss() will then try to > > > dereference a NULL pointer, since per_cpu(loaded_vmcss_on_cpu, cpu) is > > > uninitialzed. > > > > I agree the code is a mess (kvm_init() and kvm_exit() included), but I'm > > pretty sure hardware_disable_nolock() is guaranteed to be a nop as it's > > impossible for kvm_usage_count to be non-zero if vmx_init() hasn't > > finished. > > Unless I'm missing something, there's no check for a non-zero > kvm_usage_count on this path. There is such a check in > hardware_disable_all_nolock(), but not in hardware_disable_nolock(). However, cpus_hardware_enabled shouldn't have any bits set, so everything's fine. Nothing to see here, after all.