Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4554465pxb; Tue, 22 Feb 2022 01:02:36 -0800 (PST) X-Google-Smtp-Source: ABdhPJyFkg+caF+ZFM3cAqSMS2G4et5liqiIVAD8OeL/Pqd26zPaUgmQRMbMyvhBLduaqKIMtU9l X-Received: by 2002:aa7:d415:0:b0:410:a0fa:dc40 with SMTP id z21-20020aa7d415000000b00410a0fadc40mr25237167edq.46.1645520556687; Tue, 22 Feb 2022 01:02:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645520556; cv=none; d=google.com; s=arc-20160816; b=HpgUJhrRJNeXl8dk291pBURnw6m3jg1jhGFbAahj/M54Y7ZqF2rsW7QQJAVjt7hgl2 yMxswLY7SPZF60aNXVhg9Z82H34bG6F28jz9BdV50TnQoJroX/tErOOcJIpNOKkK34mI 33xgEL5wa+DCCfnGKZkvyq/1gmUSPrvBaFkhUqZOa0PL7WIVd37wfWKoKM3qUSGY61PR k+o37wQY96KBUqpveu4kh9EnVFCZpzrjzRWc0QnQCBrdN7UMN22Hya4O19an2hFe+/FP 4J3bNQILA3Z4HP1jp+kTmwqMlqK2EEw7fAJw0SzFF0PPbh5Z8Re/rDhGmBHbbSWFpWUy sLfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=6Tu9QL7WsIDCY+RdsCeRWYUzvZbj9M0i130tiIYSbeY=; b=h/oSiPkd0QYg/foJPS5GfADblNOqshZBzMlcjCRLzsEydJPPt6/NPYDis/hVPkbgCp ijplj3vUsTIaXbbGjcF5jk5LB3VIRAkqjmi3SItbKjDLoAAWSWo+0LUvToQve91PeC8N 2BKnKklhwrHOZsAdv5e1xbk5dcqRwa+CucX2wrmTJzMk0OnugSB0MQNZ6fb1I0yUOTQk yXxjGvvOkPudlsczXeEjLGgMOPkAaFbMTM5oqZYoT8c6bJD3dFBnnJoJCSqEBGcnN7p8 UfLpykkWpsGubfd6wNaT7hpMD8sL4HjzP+KDzfnBYkTeyQeDzOIpdYznsuRxIMF+kj8M ajhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UiWo4H6s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h2si12106210edz.27.2022.02.22.01.02.14; Tue, 22 Feb 2022 01:02:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UiWo4H6s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229887AbiBVIjM (ORCPT + 99 others); Tue, 22 Feb 2022 03:39:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229503AbiBVIjL (ORCPT ); Tue, 22 Feb 2022 03:39:11 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5BA539A9B0 for ; Tue, 22 Feb 2022 00:38:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1645519125; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6Tu9QL7WsIDCY+RdsCeRWYUzvZbj9M0i130tiIYSbeY=; b=UiWo4H6sYNO/2FNhl57jdaniD6YyoOVepolESBY+hroReXQgUqW9M9p6ZklVbRNzFjjyp6 j6cM2EHzr/gnSFkdcBYe77n9HfF1UA+hSZadg3gIG4hDeSPi7nj4icYC+3hxocNaGkVj6b YbBRBEzPfvyWXhAkN10KFmIDTzrUITg= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-279-ulJXWzjDPtC9xZLRWoOOig-1; Tue, 22 Feb 2022 03:38:44 -0500 X-MC-Unique: ulJXWzjDPtC9xZLRWoOOig-1 Received: by mail-wr1-f70.google.com with SMTP id g15-20020adfbc8f000000b001e9506e27ddso5587332wrh.22 for ; Tue, 22 Feb 2022 00:38:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=6Tu9QL7WsIDCY+RdsCeRWYUzvZbj9M0i130tiIYSbeY=; b=MoOMFfrl4o8S1kVhogV5IFdaE7q1pDj7Fhh0ncdbmHHcoJGUqenvuWALBuDTU0unt/ 7FA8fHCYvCJCkevENBCsuEjIAde2oa06Li6YCy6RPM+lPXkDJlFp3BHB4mcl/MGRk3Ff qws6TE5VIMzQpHvsZgy+Pap0FDNR4+qD12ye2WyD0hHsUw+wSWiFwqBFawABXI05Dhhs FsRtanqd7/i/JgsjSrwK3myYnSeRMF8/Or9Ar9Lxidb8Tol4i31tybG6F/JWbUb6Wk6V Zl/jiZKgiJ0fl3NHr/1umPMUEUXC8edZiK26xAN6cedJZhpYz4R3ZK4r7eICZ9FeLDe1 2+/g== X-Gm-Message-State: AOAM532Vxs2lZ13YJKvHo4OFjGIBSF86uKaN/Z8ty5/26+SiX1uHOpvv 3VD2PniT2qE7JDYnaDVASMOGjoKkuOBvwzKBoHV3CAgZrTmQhvkM1HECKhqhKmjMmO3szwEMWtk Ap80t1i/YfX8PxVxhjUu+Nc+s X-Received: by 2002:a5d:55cd:0:b0:1e3:30ee:858 with SMTP id i13-20020a5d55cd000000b001e330ee0858mr18458334wrw.344.1645519121336; Tue, 22 Feb 2022 00:38:41 -0800 (PST) X-Received: by 2002:a5d:55cd:0:b0:1e3:30ee:858 with SMTP id i13-20020a5d55cd000000b001e330ee0858mr18458314wrw.344.1645519121089; Tue, 22 Feb 2022 00:38:41 -0800 (PST) Received: from ?IPV6:2001:b07:6468:f312:c8dd:75d4:99ab:290a? ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.googlemail.com with ESMTPSA id u7sm41296850wrm.15.2022.02.22.00.38.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 22 Feb 2022 00:38:40 -0800 (PST) Message-ID: <6b5b8f01-6676-e7e4-d6d6-55c69f99a86d@redhat.com> Date: Tue, 22 Feb 2022 09:38:38 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [RESEND PATCH] KVM: x86/mmu: make apf token non-zero to fix bug Content-Language: en-US To: Liang Zhang , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org Cc: seanjc@google.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, wangzhigang17@huawei.com References: <20220222031239.1076682-1-zhangliang5@huawei.com> From: Paolo Bonzini In-Reply-To: <20220222031239.1076682-1-zhangliang5@huawei.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2/22/22 04:12, Liang Zhang wrote: > In current async pagefault logic, when a page is ready, KVM relies on > kvm_arch_can_dequeue_async_page_present() to determine whether to deliver > a READY event to the Guest. This function test token value of struct > kvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a > READY event is finished by Guest. If value is zero meaning that a READY > event is done, so the KVM can deliver another. > But the kvm_arch_setup_async_pf() may produce a valid token with zero > value, which is confused with previous mention and may lead the loss of > this READY event. > > This bug may cause task blocked forever in Guest: > INFO: task stress:7532 blocked for more than 1254 seconds. > Not tainted 5.10.0 #16 > "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. > task:stress state:D stack: 0 pid: 7532 ppid: 1409 > flags:0x00000080 > Call Trace: > __schedule+0x1e7/0x650 > schedule+0x46/0xb0 > kvm_async_pf_task_wait_schedule+0xad/0xe0 > ? exit_to_user_mode_prepare+0x60/0x70 > __kvm_handle_async_pf+0x4f/0xb0 > ? asm_exc_page_fault+0x8/0x30 > exc_page_fault+0x6f/0x110 > ? asm_exc_page_fault+0x8/0x30 > asm_exc_page_fault+0x1e/0x30 > RIP: 0033:0x402d00 > RSP: 002b:00007ffd31912500 EFLAGS: 00010206 > RAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0 > RDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0 > RBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086 > R10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000 > R13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000 > > Signed-off-by: Liang Zhang > --- > arch/x86/kvm/mmu/mmu.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c > index 593093b52395..8e24f73bf60b 100644 > --- a/arch/x86/kvm/mmu/mmu.c > +++ b/arch/x86/kvm/mmu/mmu.c > @@ -3889,12 +3889,23 @@ static void shadow_page_table_clear_flood(struct kvm_vcpu *vcpu, gva_t addr) > walk_shadow_page_lockless_end(vcpu); > } > > +static u32 alloc_apf_token(struct kvm_vcpu *vcpu) > +{ > + /* make sure the token value is not 0 */ > + u32 id = vcpu->arch.apf.id; > + > + if (id << 12 == 0) > + vcpu->arch.apf.id = 1; > + > + return (vcpu->arch.apf.id++ << 12) | vcpu->vcpu_id; > +} > + > static bool kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, > gfn_t gfn) > { > struct kvm_arch_async_pf arch; > > - arch.token = (vcpu->arch.apf.id++ << 12) | vcpu->vcpu_id; > + arch.token = alloc_apf_token(vcpu); > arch.gfn = gfn; > arch.direct_map = vcpu->arch.mmu->direct_map; > arch.cr3 = vcpu->arch.mmu->get_guest_pgd(vcpu); Queued, thanks. Paolo