Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4114876rwl;
        Tue, 28 Mar 2023 02:51:30 -0700 (PDT)
X-Google-Smtp-Source: AKy350Zvo4lX/5YDT6WBQ7VhoJJYyliVKmdrSYixLsYTm6xZRJoCTy7erwGwWR3rVVgxM5aQ6HQD
X-Received: by 2002:a17:90b:4a81:b0:23d:1f5d:7181 with SMTP id lp1-20020a17090b4a8100b0023d1f5d7181mr16435785pjb.7.1679997090295;
        Tue, 28 Mar 2023 02:51:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679997090; cv=none;
        d=google.com; s=arc-20160816;
        b=WIgyXma7NyIFp8Ykfus8FaL2n0Pyp/2Tbs5vV1BmZLMdSgPan7J0M6TjQKEQJUcA85
         jYzSTv3FfN0pNlBiPLsQXPjHjrVj4yWwxZkjRs2KHm+4btbsd/g7lMc6/wh6QsNY6uCT
         vaKWvGidP7K+RqTw+djcqLZ6ssDTLo/xAcdqET1488M1sKIwBxJK2KlcvAaimHuwifNq
         /CasisQkgRtB7Si7C7+haBUWN/+66dP3JtdEgk9we4ncJHlN+xFmb84Vr/7vaqPvdtik
         zlt78cnA3fTVZ+Tv/oLKwRX7UccCBJzZTJkcQvV7Z6n18VFSxLqJ3G45C6TESS5mXsEP
         0S9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:from:dkim-signature;
        bh=h44tjwPWW2IRwuQCXs8ZriqQ5qG2iC4F4mxOhWNfVck=;
        b=WCc35H6uk1cGIOQbde2Wn3u9A7SoV+rI6fpBfJUZOO5N/zkQ12H0gwPkHiJANOlJYs
         kX2kZ+nCz1eYrm4OLdqBipcSVii++wHYIGxalTVEz0r8CAPp7XW69jeq3kg0uwJU8ah4
         tQRSxkqbaEXbw3JDkrH3tGfqxpSnBvPPFY/0kcjo1rTsK6/RegjXYYU5B5GbJFUJ/wJw
         fV4b7p/ZgCqtDsFnuqllMUWX8zl4oq7MAVyvs5T7wXZJUNvE2iHr0B1STdHAFcthynxE
         JOFFSJM3lmsOrP8hnE66NOAy/Yv5M+isuhPIERipOm6O4DLYYz2UlBmYkE7FvGmvRwSR
         ET1Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ellerman.id.au header.s=201909 header.b=F5gJRWm7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id o15-20020a17090ac70f00b0023f248adb0bsi8064427pjt.39.2023.03.28.02.51.16;
        Tue, 28 Mar 2023 02:51:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ellerman.id.au header.s=201909 header.b=F5gJRWm7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232883AbjC1Jpv (ORCPT <rfc822;andrew.melo@gmail.com>
        + 99 others); Tue, 28 Mar 2023 05:45:51 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34462 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232889AbjC1Jp0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 28 Mar 2023 05:45:26 -0400
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A73845FC6
        for <linux-kernel@vger.kernel.org>; Tue, 28 Mar 2023 02:44:59 -0700 (PDT)
Received: from authenticated.ozlabs.org (localhost [127.0.0.1])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
        (No client certificate requested)
        by mail.ozlabs.org (Postfix) with ESMTPSA id 4Pm4Xk2N3Wz4wj7;
        Tue, 28 Mar 2023 20:44:54 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ellerman.id.au;
        s=201909; t=1679996695;
        bh=h44tjwPWW2IRwuQCXs8ZriqQ5qG2iC4F4mxOhWNfVck=;
        h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
        b=F5gJRWm7WYCKGU8Q8KbQ8Da7oWCG2XDwriXfyP60NS1OhQb9+TdIrYsLHNpqTlhiF
         R4Uhpez9mvEBvPvasQa8NQSZZUDDcf7zykZMwRbD4lJJICohazRItWFu+hz42L9kIP
         NnzigE0Fc0+gX7nimp5REAYTGzmdD395VaF1zgu7UNtKlJRHgMgIidbCCbKpSNmjRk
         vMzYtIPuoMcD14nFNidNlNcraSx1+aD/ay3yrSd8dNvswFbBalIErdrAxncLkek7Lh
         Soq5ckLM7ksSOjlq6mHUeR9fbdeeH6PRVeni4wyqlf45qb9a5Y1vq1rAv6vqu6SbzM
         2CpPJwZzloZyA==
From:   Michael Ellerman <mpe@ellerman.id.au>
To:     Kautuk Consul <kconsul@linux.vnet.ibm.com>,
        Nicholas Piggin <npiggin@gmail.com>,
        Christophe Leroy <christophe.leroy@csgroup.eu>,
        Fabiano Rosas <farosas@linux.ibm.com>
Cc:     linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
        Kautuk Consul <kconsul@linux.vnet.ibm.com>
Subject: Re: [PATCH] arch/powerpc/kvm: kvmppc_core_vcpu_create_hv: check for
 kzalloc failure
In-Reply-To: <20230323074718.2810914-1-kconsul@linux.vnet.ibm.com>
References: <20230323074718.2810914-1-kconsul@linux.vnet.ibm.com>
Date:   Tue, 28 Mar 2023 20:44:48 +1100
Message-ID: <87pm8tcir3.fsf@mpe.ellerman.id.au>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Kautuk Consul <kconsul@linux.vnet.ibm.com> writes:
> kvmppc_vcore_create() might not be able to allocate memory through
> kzalloc. In that case the kvm->arch.online_vcores shouldn't be
> incremented.

I agree that looks wrong.

Have you tried to test what goes wrong if it fails? It looks like it
will break the LPCR update, which likely will cause the guest to crash
horribly.

You could use CONFIG_FAIL_SLAB and fail-nth etc. to fail just one
allocation for a guest. Or probably easier to just hack the code to fail
the 4th time it's called using a static counter.

Doesn't really matter but could be interesting.

> Add a check for kzalloc failure and return with -ENOMEM from
> kvmppc_core_vcpu_create_hv().
>
> Signed-off-by: Kautuk Consul <kconsul@linux.vnet.ibm.com>
> ---
>  arch/powerpc/kvm/book3s_hv.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
> index 6ba68dd6190b..e29ee755c920 100644
> --- a/arch/powerpc/kvm/book3s_hv.c
> +++ b/arch/powerpc/kvm/book3s_hv.c
> @@ -2968,13 +2968,17 @@ static int kvmppc_core_vcpu_create_hv(struct kvm_vcpu *vcpu)
>  			pr_devel("KVM: collision on id %u", id);
>  			vcore = NULL;
>  		} else if (!vcore) {
> +			vcore = kvmppc_vcore_create(kvm,
> +					id & ~(kvm->arch.smt_mode - 1));

That line doesn't need to be wrapped, we allow 90 columns.

> +			if (unlikely(!vcore)) {
> +				mutex_unlock(&kvm->lock);
> +				return -ENOMEM;
> +			}

Rather than introducing a new return point here, I think it would be
preferable to use the existing !vcore case below.

>  			/*
>  			 * Take mmu_setup_lock for mutual exclusion
>  			 * with kvmppc_update_lpcr().
>  			 */
> -			err = -ENOMEM;
> -			vcore = kvmppc_vcore_create(kvm,
> -					id & ~(kvm->arch.smt_mode - 1));

So leave that as is (maybe move the comment down).

And wrap the below in:

 +                      if (vcore) {

>  			mutex_lock(&kvm->arch.mmu_setup_lock);
>  			kvm->arch.vcores[core] = vcore;
>  			kvm->arch.online_vcores++;
 			
 			mutex_unlock(&kvm->arch.mmu_setup_lock);
 +                      }
		}
	}

Meaning the vcore == NULL case will fall through to here and return via
this existing path:

	mutex_unlock(&kvm->lock);

	if (!vcore)
		return err;


cheers