Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5575200pxj;
        Wed, 23 Jun 2021 04:31:20 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyOTG/ER3d/4Hpl16K4sMR3BwH+MBuHWq4ovUD+PRubbn6jHwTgphL6pRJ8L2IgKw6YuZlx
X-Received: by 2002:a02:5b45:: with SMTP id g66mr8759363jab.62.1624447879921;
        Wed, 23 Jun 2021 04:31:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624447879; cv=none;
        d=google.com; s=arc-20160816;
        b=s+G463vIoqP7HqPSgNJIm6qKqUpgy88IzDOB39IrvympveaHyTv8zakAfvswsMX5aO
         17jZz3OTZu+qCSlQbYaOhpWrVvIHwB5IWxEfTyuBl3yFig4jMIZmCTgQkTl3OM96vwbN
         TZ23Qms8W+h80oq6CH4uonRHQ3wi8Dis4uT8XAiNtnFT1U3jrn/98ljaBAu1BDfWSD60
         PS8tMAxi/5JZ1jtnStegP4cw5iqsCOPIbVlXsmsv9st5SSv7UgBNRsYlgJAVOnxNtvzM
         2fozFak0Uygn8SD8wy/2vvtSGGMkFQ/TRFLn4YQ+q1a5PMzfapkp1itriQOdcybsiGeS
         +o+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=n0QdAravaiJgcCAZHuZxgNOdFK0/TUBAd16VZTru7CQ=;
        b=FWKWdQxIVr6gXFY9/Kynj1wKn42IschUFOSC7YTE5I/0pqOmVj4eB5H4xVvO0CcSSx
         vhSKmNRKi5XPbv+6zO9Ebks78JARIxtaJCSCun5y80s7PnnKENM1me7pOGue3zpRHv3R
         lfX/x4FlaF8YiYy6ShsMr2xLmDynvFRfz/qgcO1r7ib3i9h3Sm5RcGCKNEBK5LQfqMOW
         IRycuYhVOCfUk0r3cw7n+F3Ps0QcAdGrzntfXWQeaGFz1rlF69IflblBV3xAbBoUrSAq
         WBxi7lOzrHMkLnv6+SUT2BbKNS8uy3+E0PywmDn1JicxQAaN9iqmdJlLQ7iq9/oiUy/t
         XPfg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="F/rlP+Rm";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b6si1251135ilj.58.2021.06.23.04.31.08;
        Wed, 23 Jun 2021 04:31:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="F/rlP+Rm";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230326AbhFWLcm (ORCPT <rfc822;macmurkernel@gmail.com>
        + 99 others); Wed, 23 Jun 2021 07:32:42 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:42306 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S230239AbhFWLcj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Jun 2021 07:32:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1624447821;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=n0QdAravaiJgcCAZHuZxgNOdFK0/TUBAd16VZTru7CQ=;
        b=F/rlP+RmgTgR9Z66XBW1bGFAwIfL6uco2FXKQED46CszrR81LN/+m6bGlF97ShyFtmeLYL
        ncK/YYcnPQrjH3UpDUMekbZX88IDx/B9wH7/J6Ia4S6oC1XBbCFMRGCfiy3JOLu0JS6pTi
        GPQbVUEPLadj29g81GbMEtdOvBmCsLc=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-220-zWudiY2LPaaJFC9prhqvMg-1; Wed, 23 Jun 2021 07:30:20 -0400
X-MC-Unique: zWudiY2LPaaJFC9prhqvMg-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0D19B362FB;
        Wed, 23 Jun 2021 11:30:19 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.40.192.10])
        by smtp.corp.redhat.com (Postfix) with ESMTP id B82D85D6D7;
        Wed, 23 Jun 2021 11:30:13 +0000 (UTC)
From:   Maxim Levitsky <mlevitsk@redhat.com>
To:     kvm@vger.kernel.org
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Sean Christopherson <seanjc@google.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Joerg Roedel <joro@8bytes.org>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT AND
        64-BIT)),
        x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)),
        Jim Mattson <jmattson@google.com>,
        Maxim Levitsky <mlevitsk@redhat.com>
Subject: [PATCH 02/10] KVM: x86: APICv: fix race in kvm_request_apicv_update on SVM
Date:   Wed, 23 Jun 2021 14:29:54 +0300
Message-Id: <20210623113002.111448-3-mlevitsk@redhat.com>
In-Reply-To: <20210623113002.111448-1-mlevitsk@redhat.com>
References: <20210623113002.111448-1-mlevitsk@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Currently on SVM, the kvm_request_apicv_update calls the
'pre_update_apicv_exec_ctrl' without doing any synchronization
and that function toggles the APIC_ACCESS_PAGE_PRIVATE_MEMSLOT.

If there is a mismatch between that memslot state and the AVIC state,
while a vCPU is in guest mode, an APIC mmio write can be lost:

For example:

VCPU0: enable the APIC_ACCESS_PAGE_PRIVATE_MEMSLOT
VCPU1: write to an APIC mmio register.

Since AVIC is still disabled on VCPU1, the access will not be intercepted
by it, and neither will it cause MMIO fault, but rather it will just update
the dummy page mapped into the APIC_ACCESS_PAGE_PRIVATE_MEMSLOT.

Fix that by blocking guest entries while we update the memslot.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 arch/x86/kvm/x86.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9af2fbbe0521..6f0d9c231249 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -9231,6 +9231,8 @@ void kvm_request_apicv_update(struct kvm *kvm, bool activate, ulong bit)
 	if (!!old == !!new)
 		return;
 
+	kvm_block_guest_entries(kvm);
+
 	trace_kvm_apicv_update_request(activate, bit);
 	if (kvm_x86_ops.pre_update_apicv_exec_ctrl)
 		static_call(kvm_x86_pre_update_apicv_exec_ctrl)(kvm, activate);
@@ -9243,6 +9245,8 @@ void kvm_request_apicv_update(struct kvm *kvm, bool activate, ulong bit)
 	except = kvm_get_running_vcpu();
 	kvm_make_all_cpus_request_except(kvm, KVM_REQ_APICV_UPDATE,
 					 except);
+
+	kvm_allow_guest_entries(kvm);
 	if (except)
 		kvm_vcpu_update_apicv(except);
 }
-- 
2.26.3