Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp336754pxb; Thu, 21 Apr 2022 00:18:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwbPA+0BOTUa3RuQiUGcg1qzQ8mL2IDHpQNcnkRKN79FKoLfTebFCrm8P7MTDraiww4lrQD X-Received: by 2002:a65:56cb:0:b0:378:82ed:d74 with SMTP id w11-20020a6556cb000000b0037882ed0d74mr22900741pgs.491.1650525521321; Thu, 21 Apr 2022 00:18:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650525521; cv=none; d=google.com; s=arc-20160816; b=lJDg992Tz7vr3kG4ZJo4xPBYIB6Wgb5tQQdoVTjVkI8+QzaenAqpm7Kj18JGmTws6T 8I9k7SpidcILXk9xIpITIO/rx9qnmRgeG860vDNvpA1Y+OmaB1AXedmmLgVeXDeiikML Q8ThXTdyb7ADWT5oGuSyisaYkGWX8PFUyo/2Gp8Ep/3/THohOJM0i7zjEJL8Tg9AgM8L EvYAigH+Fe3HwHcGMIvd42SiLY518pzoQ/ifcn5+w1wRODzeRaYgS+D0lo7UnqD76C8g +yO8C8kI9sqsGswac7X9+FGEAZ/0LRJdAvsR9jNDiZNUwkX3ugojRxeiMQtK7+k+F3q2 nVzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=hcC70nEaEjCrZOBwR+bHJFoY8sXKM5tdaihGvVikeUA=; b=Ub4nwHKfuQvq3+A3vS+IWdpWlnhh31HLXZGrWmeUdnEDAcdY4+pctB8XknSUYpXG8A focdcz2MgeXnR5wyX9SB+jovBFRZ4HczqnhxcI7/EBWimKHbGcbWdqDhAgmAbcQtSgWj FggGgm+/cYdXhsm590X+uuexbfR3ZBSElEzOyex5XyiAVeZxD9A3RbLllo3QkS1Rx+GR DkUFM07QIUzVr1fYYtjgzqhP5gAunWx70NBGzhRMOJYCo2Yks5KCOJJ+47keQvk9SQNE PAFmnvuf0tCuLTGkJMKKgJnl48MWLluo8T3LCv14YNeFtxhLrmsrsz2v4/nyeLirtKv/ nlVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=nllDsrmM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q10-20020a170902eb8a00b001587db93e4asi4374427plg.160.2022.04.21.00.18.16; Thu, 21 Apr 2022 00:18:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=nllDsrmM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354009AbiDSPsn (ORCPT + 99 others); Tue, 19 Apr 2022 11:48:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49642 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243401AbiDSPsl (ORCPT ); Tue, 19 Apr 2022 11:48:41 -0400 Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41690B1C5 for ; Tue, 19 Apr 2022 08:45:58 -0700 (PDT) Received: by mail-pf1-x429.google.com with SMTP id x80so18809pfc.1 for ; Tue, 19 Apr 2022 08:45:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=hcC70nEaEjCrZOBwR+bHJFoY8sXKM5tdaihGvVikeUA=; b=nllDsrmMLB7AAvdsCYhHwzGAwZygD09xcbijCyvxam19T71okMswczeidyoTR5SpG0 rh2btGFKQ8mFqLW0jb05ZgH7OBBqFC3qd+RSoYqhjbcOEfsOApUER19sCRfFMfoBIpEI yKTQvKsy4m5GlAWzFu8NEv3LhxslcTTwe6M8afBDFsE8xE+g+gSVzSH2Y6X7wQTu3bZ0 kdi4zB98HqqFf25muMksptD1m9ilqCPvrI6q21hqYsF4bYqxNptCkUe1YhNdH7I5dLV1 d2lkK/LTT2KCvd4gEIWUsK4t0WNBMIpaja6VIf/jz4mIVCTT2/Ja8zo91SL4YY1Ex4Nu siWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=hcC70nEaEjCrZOBwR+bHJFoY8sXKM5tdaihGvVikeUA=; b=0oL89IvoWHyCfyFan0iVZmvNyDWRP+GixoDAg2p67KOGVDO47bwNyNDgX2U77NSfKy uoJm/wvPwmlSG6KQkrxhnBIgOVS5IwgkJt35rboAMl5CGi4Y7t/ai2ueL/H6KFAkmw9e qffkHeojWV0K0/1PcltSmsPjjC3GlVb+x0j7Q1J+DqteFguvRCCeDueqBIGxHpEj4LwY ZEbdNofD9XqJfuQfeMOJMTrFRm+xv8L52rK+haoeaShMEC2E6En/Do+ZJiwqgrk0fhr3 vOnVg2QFMYC6zYql9HrhSnRj98UCA4GDtUeSL8Ls4ofgOvWPNGgBy7+TdHL9N8a/e8IF hD4w== X-Gm-Message-State: AOAM533ORU2pTV0jQS/z58U49L7Hyz0cc2vMUJxYNe1ZGOLzycAusHs9 KPeVr8e3zYU2fc4lEPdLVZm69g== X-Received: by 2002:a05:6a00:b4d:b0:509:1ed1:570e with SMTP id p13-20020a056a000b4d00b005091ed1570emr18500672pfo.19.1650383157493; Tue, 19 Apr 2022 08:45:57 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id z4-20020a17090a66c400b001d0e448810asm13613064pjl.36.2022.04.19.08.45.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Apr 2022 08:45:56 -0700 (PDT) Date: Tue, 19 Apr 2022 15:45:52 +0000 From: Sean Christopherson To: Maxim Levitsky Cc: Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Paolo Bonzini , Atish Patra , David Hildenbrand , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 3/3] KVM: Add helpers to wrap vcpu->srcu_idx and yell if it's abused Message-ID: References: <20220415004343.2203171-1-seanjc@google.com> <20220415004343.2203171-4-seanjc@google.com> <5b561bf1a0bbf140ea09d516f946a4e8fee8dd2d.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5b561bf1a0bbf140ea09d516f946a4e8fee8dd2d.camel@redhat.com> X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 19, 2022, Maxim Levitsky wrote: > On Fri, 2022-04-15 at 00:43 +0000, Sean Christopherson wrote: > > Add wrappers to acquire/release KVM's SRCU lock when stashing the index > > in vcpu->src_idx, along with rudimentary detection of illegal usage, > > e.g. re-acquiring SRCU and thus overwriting vcpu->src_idx. Because the > > SRCU index is (currently) either 0 or 1, illegal nesting bugs can go > > unnoticed for quite some time and only cause problems when the nested > > lock happens to get a different index. > > > > Wrap the WARNs in PROVE_RCU=y, and make them ONCE, otherwise KVM will > > likely yell so loudly that it will bring the kernel to its knees. > > > > Signed-off-by: Sean Christopherson > > --- ... > Looks good to me overall. > > Note that there are still places that acquire the lock and store the idx into > a local variable, for example kvm_xen_vcpu_set_attr and such. > I didn't check yet if these should be converted as well. Using a local variable is ok, even desirable. Nested/multiple readers is not an issue, the bug fixed by patch 1 is purely that kvm_vcpu.srcu_idx gets corrupted. In an ideal world, KVM would _only_ track the SRCU index in local variables, but that would require plumbing the local variable down into vcpu_enter_guest() and kvm_vcpu_block() so that SRCU can be unlocked prior to entering the guest or scheduling out the vCPU.