Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2551080pxb;
        Tue, 12 Oct 2021 08:51:29 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy7M1TE/kfY0pT8XSfBU1z6Cq/Vn7sXFTAWxzXjwRZWbE8rDo8aJw0z5XcpW09GxiUiXjJQ
X-Received: by 2002:a62:5ec2:0:b0:44d:47e2:4b3b with SMTP id s185-20020a625ec2000000b0044d47e24b3bmr1961491pfb.38.1634053889753;
        Tue, 12 Oct 2021 08:51:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1634053889; cv=none;
        d=google.com; s=arc-20160816;
        b=Cpcq/EuF7X/33r1F1WKpPsZb12vbGybx9UqHRdekTF2+I/wG519LkCxS5920UE13Dp
         42ya4J8HjdadWBuFc0CYQUpQ7UY7y3kfuN1jnGuoIgvrudaIN9XHGtz76kHvP5YGZfiu
         nLMKBDZ2yHBytkQkbrwsfD8Zw0nBh5i+f0FB6Kx9nRJM0/wo1d7sC3iWb4ifgHB1aN74
         se3k7DGW2DDqHQ14rZ5Z3oFBpxcbQcDGOf34MxhcyR31sozu1tdvbZsEkpc0frDZWZBD
         TOtJeKduD6PGAdk4WRONacvrztOHVigKM3RTUf600KfGcIXZBCQPZNGGDVoDuS7EnWbr
         FsUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=OM6B3jqNboU2Hh/f2/hFxqXgrecxQ65nrQV6OMB0FCQ=;
        b=ccJJr1LJGIME/tTO/7MgrPnK9UXgt/nR3r98Up7I65LESOQ0h4f+yO3we9IBhfhUgS
         am7q7QHZ6D9/tG/UeyIWak81qr8NbMZyYnSCLVd2Wx1lXTLQxizsNTx8JROZGg5ZPCKW
         uqUF4oZt9Zev21jJjzZeNI6psj1+Xwjjcr9eEUU+3NFOtA2y+QJZxAdNw2owzphvQY8D
         51WNWIL4woJcu//eGNrGsA+4QdktJTF11r/hddUH5Ek60IV+NscqLtn5xzOw6j4aC+Xw
         el2nqaZUNwAZtlTDnTVAncNLtwPhXsNeVxTCIhZXwvmB9rUCrJ6mIpbIocGJV0Nsppiu
         p0KA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IKcMn2vV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r17si16095333pgh.182.2021.10.12.08.51.15;
        Tue, 12 Oct 2021 08:51:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IKcMn2vV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237476AbhJLPwQ (ORCPT <rfc822;lowstz@gmail.com> + 99 others);
        Tue, 12 Oct 2021 11:52:16 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:20417 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S234892AbhJLPwP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Oct 2021 11:52:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1634053813;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding;
        bh=OM6B3jqNboU2Hh/f2/hFxqXgrecxQ65nrQV6OMB0FCQ=;
        b=IKcMn2vVbKGx1fKoyodZ4axKVttH63vofgLV6H09GVD7nTzY7t6m0gwfuSvC6iqKkdBv7c
        7yYfgzZE7UdA2y+fXPmtvZaDQ7kTKdxAFrx/D1Q3XdpJ6a9d5GRJl7CHXHJ+I14TV6e+3s
        bJByet8suo/x4Eu+Sn/7Oolq4f5dGyQ=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-120-UbqnepxiPXOWbjzgLEmkiQ-1; Tue, 12 Oct 2021 11:50:10 -0400
X-MC-Unique: UbqnepxiPXOWbjzgLEmkiQ-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CC82F91271;
        Tue, 12 Oct 2021 15:50:08 +0000 (UTC)
Received: from vitty.brq.redhat.com (unknown [10.40.195.5])
        by smtp.corp.redhat.com (Postfix) with ESMTP id BCD1C5F4EA;
        Tue, 12 Oct 2021 15:50:06 +0000 (UTC)
From:   Vitaly Kuznetsov <vkuznets@redhat.com>
To:     linux-hyperv@vger.kernel.org, Wei Liu <wei.liu@kernel.org>
Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Michael Kelley <mikelley@microsoft.com>,
        "K. Y. Srinivasan" <kys@microsoft.com>,
        Haiyang Zhang <haiyangz@microsoft.com>,
        Stephen Hemminger <sthemmin@microsoft.com>,
        Dexuan Cui <decui@microsoft.com>
Subject: [PATCH] x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
Date:   Tue, 12 Oct 2021 17:50:05 +0200
Message-Id: <20211012155005.1613352-1-vkuznets@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The following issue is observed with CONFIG_DEBUG_PREEMPT when KVM loads:

 KVM: vmx: using Hyper-V Enlightened VMCS
 BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/488
 caller is set_hv_tscchange_cb+0x16/0x80
 CPU: 1 PID: 488 Comm: systemd-udevd Not tainted 5.15.0-rc5+ #396
 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019
 Call Trace:
  dump_stack_lvl+0x6a/0x9a
  check_preemption_disabled+0xde/0xe0
  ? kvm_gen_update_masterclock+0xd0/0xd0 [kvm]
  set_hv_tscchange_cb+0x16/0x80
  kvm_arch_init+0x23f/0x290 [kvm]
  kvm_init+0x30/0x310 [kvm]
  vmx_init+0xaf/0x134 [kvm_intel]
  ...

set_hv_tscchange_cb() can get preempted in between acquiring
smp_processor_id() and writing to HV_X64_MSR_REENLIGHTENMENT_CONTROL. This
is not an issue by itself: HV_X64_MSR_REENLIGHTENMENT_CONTROL is a
partition-wide MSR and it doesn't matter which particular CPU will be
used to receive reenlightenment notifications. The only real problem can
(in theory) be observed if the CPU whose id was acquired with
smp_processor_id() goes offline before we manage to write to the MSR,
the logic in hv_cpu_die() won't be able to reassign it correctly.

Reported-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/hyperv/hv_init.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
index 708a2712a516..179fc173104d 100644
--- a/arch/x86/hyperv/hv_init.c
+++ b/arch/x86/hyperv/hv_init.c
@@ -139,7 +139,6 @@ void set_hv_tscchange_cb(void (*cb)(void))
 	struct hv_reenlightenment_control re_ctrl = {
 		.vector = HYPERV_REENLIGHTENMENT_VECTOR,
 		.enabled = 1,
-		.target_vp = hv_vp_index[smp_processor_id()]
 	};
 	struct hv_tsc_emulation_control emu_ctrl = {.enabled = 1};
 
@@ -153,8 +152,12 @@ void set_hv_tscchange_cb(void (*cb)(void))
 	/* Make sure callback is registered before we write to MSRs */
 	wmb();
 
+	re_ctrl.target_vp = hv_vp_index[get_cpu()];
+
 	wrmsrl(HV_X64_MSR_REENLIGHTENMENT_CONTROL, *((u64 *)&re_ctrl));
 	wrmsrl(HV_X64_MSR_TSC_EMULATION_CONTROL, *((u64 *)&emu_ctrl));
+
+	put_cpu();
 }
 EXPORT_SYMBOL_GPL(set_hv_tscchange_cb);
 
-- 
2.31.1