Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp2896084pxb; Mon, 18 Apr 2022 10:30:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwgGGuUP224NJF5w/RJtPihNYp+vMsu6FDulqYy3dEKXI3OwLsqh0fiAN+zyI8kHmNghPtb X-Received: by 2002:a65:5acd:0:b0:399:24bc:bbfd with SMTP id d13-20020a655acd000000b0039924bcbbfdmr11041784pgt.323.1650303028218; Mon, 18 Apr 2022 10:30:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650303028; cv=none; d=google.com; s=arc-20160816; b=Sca6q7xavwlpzUpJpmoK3Q4HZi8GH9zxj7uhJMwXrG7UR+8VBKHjpE+6PqneUP+pns 4pV8K2GisYGpcVe8a63llzU5DZFa48gp9qUF114HsKwDPPRKRQHSTPCaQ3nMJxclVsWB xbzppzyUoIVv+9U3hM5yBkNj1n9bkPEe5eAhheXDaSi/Zv+l2VQ80ngJkQxJAz7BsAe9 MUlCe9YE61KEMW/GyNDOpykYTvfb8pDVDI4/K76plH6E1FMXhmM776lSEiNQOxqb/i+3 hcrfQD7615M9C/AsNj8VwFL71N/U/WZJGcqi3wTkb3+IHOSuCkG0+WSD5w7lu5qTx0oM uDCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=2SMV1pYf4R2bO5mNBpYb/a//zLa6Sj3SjCfQ+e5k2wE=; b=ku5iqB9amx7IGFJ4zRJ7ifY+nBcNN+BUXBlJHNAXGyDMb2Kj/i+6cQj6dqcgFaWwBn 2+poRB5Nw1gtrYyuVNPdIb8ZVDsNepITmYPLOeP7gmmv+Mnbv9qib8oAiHTVio+XLBGh Vg1QVQ+qfMOdovnuGY1TTGaeJa2JcMKYFub8HBCE5e0dTe6pU8lhoRZwfPQum+69IiFV Xw388t8xFqK3FcwrsEXL+bdwi1KiiCszS9ykAJ7bMZJ2fyou/KU8MHGRY9i8IoyQNG4Y yS/hmGj8Wly4tDEiuviiQgD4zkxS4lvFqL0HKPSX5Vjz6xQplZZjqJVXVzt0x59A5QuP H9kQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=kjrtrl0y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j13-20020a056a00234d00b004fa8d031f1dsi10793579pfj.117.2022.04.18.10.30.08; Mon, 18 Apr 2022 10:30:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=kjrtrl0y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236415AbiDRMlN (ORCPT + 99 others); Mon, 18 Apr 2022 08:41:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239062AbiDRMbj (ORCPT ); Mon, 18 Apr 2022 08:31:39 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 51188DF44; Mon, 18 Apr 2022 05:24:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7FC8BB80EDC; Mon, 18 Apr 2022 12:24:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CB7C8C385A8; Mon, 18 Apr 2022 12:24:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1650284643; bh=wJm47E6R0VD1i5A84/nqrHc9/278wZiiN/0GWqJeu/g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kjrtrl0yo8+RmRUOhPGMaNtxlTD8W6CFYaZFZIa2Kt1gueRpglUsSBkFFMkjYPL3i dtS8BQorGe2mStNnbd9rpFP2+854hiwzF1A/TARBhLnkDuYu5ehDTR2G9It2nIfjtp pGOKVxBgo9DwZQaS1tEoW2C+UyzNBRpGGGgO7ZdY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Bruno Goncalves , Jan Stancek , Sean Christopherson , Paolo Bonzini Subject: [PATCH 5.17 182/219] KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded Date: Mon, 18 Apr 2022 14:12:31 +0200 Message-Id: <20220418121211.971773008@linuxfoundation.org> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220418121203.462784814@linuxfoundation.org> References: <20220418121203.462784814@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson commit 1d0e84806047f38027d7572adb4702ef7c09b317 upstream. Resolve nx_huge_pages to true/false when kvm.ko is loaded, leaving it as -1 is technically undefined behavior when its value is read out by param_get_bool(), as boolean values are supposed to be '0' or '1'. Alternatively, KVM could define a custom getter for the param, but the auto value doesn't depend on the vendor module in any way, and printing "auto" would be unnecessarily unfriendly to the user. In addition to fixing the undefined behavior, resolving the auto value also fixes the scenario where the auto value resolves to N and no vendor module is loaded. Previously, -1 would result in Y being printed even though KVM would ultimately disable the mitigation. Rename the existing MMU module init/exit helpers to clarify that they're invoked with respect to the vendor module, and add comments to document why KVM has two separate "module init" flows. ========================================================================= UBSAN: invalid-load in kernel/params.c:320:33 load of value 255 is not a valid value for type '_Bool' CPU: 6 PID: 892 Comm: tail Not tainted 5.17.0-rc3+ #799 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: dump_stack_lvl+0x34/0x44 ubsan_epilogue+0x5/0x40 __ubsan_handle_load_invalid_value.cold+0x43/0x48 param_get_bool.cold+0xf/0x14 param_attr_show+0x55/0x80 module_attr_show+0x1c/0x30 sysfs_kf_seq_show+0x93/0xc0 seq_read_iter+0x11c/0x450 new_sync_read+0x11b/0x1a0 vfs_read+0xf0/0x190 ksys_read+0x5f/0xe0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae ========================================================================= Fixes: b8e8c8303ff2 ("kvm: mmu: ITLB_MULTIHIT mitigation") Cc: stable@vger.kernel.org Reported-by: Bruno Goncalves Reported-by: Jan Stancek Signed-off-by: Sean Christopherson Message-Id: <20220331221359.3912754-1-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/asm/kvm_host.h | 5 +++-- arch/x86/kvm/mmu/mmu.c | 20 ++++++++++++++++---- arch/x86/kvm/x86.c | 20 ++++++++++++++++++-- 3 files changed, 37 insertions(+), 8 deletions(-) --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1574,8 +1574,9 @@ static inline int kvm_arch_flush_remote_ #define kvm_arch_pmi_in_guest(vcpu) \ ((vcpu) && (vcpu)->arch.handling_intr_from_guest) -int kvm_mmu_module_init(void); -void kvm_mmu_module_exit(void); +void kvm_mmu_x86_module_init(void); +int kvm_mmu_vendor_module_init(void); +void kvm_mmu_vendor_module_exit(void); void kvm_mmu_destroy(struct kvm_vcpu *vcpu); int kvm_mmu_create(struct kvm_vcpu *vcpu); --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -6144,12 +6144,24 @@ static int set_nx_huge_pages(const char return 0; } -int kvm_mmu_module_init(void) +/* + * nx_huge_pages needs to be resolved to true/false when kvm.ko is loaded, as + * its default value of -1 is technically undefined behavior for a boolean. + */ +void kvm_mmu_x86_module_init(void) { - int ret = -ENOMEM; - if (nx_huge_pages == -1) __set_nx_huge_pages(get_nx_auto_mode()); +} + +/* + * The bulk of the MMU initialization is deferred until the vendor module is + * loaded as many of the masks/values may be modified by VMX or SVM, i.e. need + * to be reset when a potentially different vendor module is loaded. + */ +int kvm_mmu_vendor_module_init(void) +{ + int ret = -ENOMEM; /* * MMU roles use union aliasing which is, generally speaking, an @@ -6197,7 +6209,7 @@ void kvm_mmu_destroy(struct kvm_vcpu *vc mmu_free_memory_caches(vcpu); } -void kvm_mmu_module_exit(void) +void kvm_mmu_vendor_module_exit(void) { mmu_destroy_caches(); percpu_counter_destroy(&kvm_total_used_mmu_pages); --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8846,7 +8846,7 @@ int kvm_arch_init(void *opaque) } kvm_nr_uret_msrs = 0; - r = kvm_mmu_module_init(); + r = kvm_mmu_vendor_module_init(); if (r) goto out_free_percpu; @@ -8894,7 +8894,7 @@ void kvm_arch_exit(void) cancel_work_sync(&pvclock_gtod_work); #endif kvm_x86_ops.hardware_enable = NULL; - kvm_mmu_module_exit(); + kvm_mmu_vendor_module_exit(); free_percpu(user_return_msrs); kmem_cache_destroy(x86_emulator_cache); #ifdef CONFIG_KVM_XEN @@ -12887,3 +12887,19 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_exit); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_enter); EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit); + +static int __init kvm_x86_init(void) +{ + kvm_mmu_x86_module_init(); + return 0; +} +module_init(kvm_x86_init); + +static void __exit kvm_x86_exit(void) +{ + /* + * If module_init() is implemented, module_exit() must also be + * implemented to allow module unload. + */ +} +module_exit(kvm_x86_exit);