Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp7530070rwd; Tue, 6 Jun 2023 12:06:16 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7HDa1TaRhTj+zdZWpZKOcSukTA94oKX7DVn3VPaa0umxddz58i2Daqqvpzzk0zHe7yy7Dx X-Received: by 2002:a05:6a00:1a87:b0:654:100f:bffc with SMTP id e7-20020a056a001a8700b00654100fbffcmr2490067pfv.4.1686078376223; Tue, 06 Jun 2023 12:06:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686078376; cv=none; d=google.com; s=arc-20160816; b=S7hz5iFrarH779sGkyTEf1tBdR1Ojyz7LohNEhNh/seNc6H4+T4iuFruuWAw3G7Aii c9MDakwD9YrbBDiNVUkaVlfCFx9KSoOZhvP9K8avXsafWmuY622umKATao48B3gilbNE xvuGdfv6CTUYKbXxWuVVis3a37ig6ZZmaqcaVSRtGvGhWVthW514VwhagiE3qorTxMzB 6gIQsOP3bpWgzYfNEmK2GImYb4WbNbGc9zQqY65Yxa3bkEFqcaZvHSwW87w/vdMO5ebm ekAjEwDNzdKCKfKVNOR1F69OkDFD30zaORCawddLPZQcjcff0dEN4B3Anitm2iSpiAuk k6CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:from:subject :message-id:references:mime-version:in-reply-to:date:dkim-signature; bh=Cq1bDTjZKQu+8FokSAcd9i/aEeyRO+1V7yxU6QcDPDg=; b=dIyAzCx0D9VYQSrdbkRciRsmFVauO8Mi7BMI4EgAkPX1j0ug3/DvkqPQahWbUEMhXY /g+HePb8ldinhUbrfpak1Qei0OPrqC4tJ3n9X163d58vnFuND5It5t3HMsnQoZpn1RdX /gCkNC084QpU3qWyUQk2FZRhwRX1zVGIaV95tjKscWCG1QI1m5Vf8QMi1GeBjmv+o+45 lODRp6tMVMtOgVqD8dxy3CJYFI73YN2nqfM2psx6l8+Ko3qS+LyaCCfC0i/0F/R/6T41 mdZ+Z7HfzHRCgXX3AtyRQwwYpqQK+FqQl/RGTFbFJfrgErFS8nx+HNrfUq5v2a+6k/Kz 2Wqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=SyQHi7u1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s21-20020a632c15000000b00543e3449f28si2064113pgs.616.2023.06.06.12.06.03; Tue, 06 Jun 2023 12:06:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=SyQHi7u1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239055AbjFFSpR (ORCPT + 99 others); Tue, 6 Jun 2023 14:45:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238906AbjFFSpQ (ORCPT ); Tue, 6 Jun 2023 14:45:16 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97629101 for ; Tue, 6 Jun 2023 11:45:15 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-1b0314f0aadso38964415ad.0 for ; Tue, 06 Jun 2023 11:45:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1686077115; x=1688669115; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=Cq1bDTjZKQu+8FokSAcd9i/aEeyRO+1V7yxU6QcDPDg=; b=SyQHi7u1uXQBjZVKJZN8e+jiLgy7KNnOamKu5YqvFnqqdbxz/rNypLYRdIIfE4dElN Zqyihiljdoq2kKIYbI4lbxrOqROU4pQHCeoxinn2lDSeR66K2IZuPg/euOFjngLZQCPl 88MTYPnpV/vEv9sWX0mq6WSnoOQKFu0jxDqRliufQvJRZd9T43QR/paYL+fUvAEhyLgQ +yvG4ANvxz80w0p48/95PiutNn2xR9aFlyFYzaQ1RZTnqD7PkcnMBGCmxf2gW4bYVDE3 L6VoP6/SC7bbV6V5R8/lX/ChtAZ/SyjZBRrFMVljEPFIyOKw+59ZmzeeI8UaX0UNhuts 47Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686077115; x=1688669115; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=Cq1bDTjZKQu+8FokSAcd9i/aEeyRO+1V7yxU6QcDPDg=; b=Je6hSOCuAT8TYYxqzRUSJupj9QNDLwfl6cGWDhxA8FxxGSU+D/poLMEYJ4SvLyGqDG NqKysXi28+JNvvcS07zwr9lqw/QX53Q8tGM8tWlxV1qoPZDGYFtYKMSvPE7Dn711s+wy Nt4b4qcHl3NZOk+lY37d62PXMgJ3h9c8877dWjtFZu6w7JLGMXoJRnfeHIwhsf8vLj8C Mghd1fMECseg7ZQVsirhSDsXGQ63pv7lw2eLuztSu/Hlj7WPSLfpBVWjwYEo++DfMuFK 9dJt242EwaMKnb0sEJWJVs1jm/Ct3gmJQw2YhYPFVPQ0VWhwUM0ZI65C6xekdPAnu7d5 7YGA== X-Gm-Message-State: AC+VfDxwwNIiNYJfvwjvcUL6v3MjFTv7FQDrElJwMyVjQegXc82sDPNj CHaPP0cDaFg/IG7jO+y3ERvWc1f6pdU= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:eb4d:b0:1a6:8a07:960a with SMTP id i13-20020a170902eb4d00b001a68a07960amr2129137pli.0.1686077115103; Tue, 06 Jun 2023 11:45:15 -0700 (PDT) Date: Tue, 6 Jun 2023 11:45:13 -0700 In-Reply-To: <20230522161249.800829-2-aleksandr.mikhalitsyn@canonical.com> Mime-Version: 1.0 References: <20230522161249.800829-1-aleksandr.mikhalitsyn@canonical.com> <20230522161249.800829-2-aleksandr.mikhalitsyn@canonical.com> Message-ID: Subject: Re: [PATCH v2 1/2] KVM: SVM: free sev_*asid_bitmap init if SEV init fails From: Sean Christopherson To: Alexander Mikhalitsyn Cc: pbonzini@redhat.com, "=?iso-8859-1?Q?St=E9phane?= Graber" , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 22, 2023, Alexander Mikhalitsyn wrote: > If misc_cg_set_capacity() fails for some reason then we have > a memleak for sev_reclaim_asid_bitmap/sev_asid_bitmap. It's > not a case right now, because misc_cg_set_capacity() just can't > fail and check inside it is always successful. >=20 > But let's fix that for code consistency. >=20 > Cc: Sean Christopherson > Cc: Paolo Bonzini > Cc: St=EF=BF=BDphane Graber > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Signed-off-by: Alexander Mikhalitsyn > --- > arch/x86/kvm/svm/sev.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) >=20 > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 69ae5e1b3120..cc832a8d1bca 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -2216,8 +2216,13 @@ void __init sev_hardware_setup(void) > } > =20 > sev_asid_count =3D max_sev_asid - min_sev_asid + 1; > - if (misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)) > + if (misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)) { > + bitmap_free(sev_reclaim_asid_bitmap); > + sev_reclaim_asid_bitmap =3D NULL; > + bitmap_free(sev_asid_bitmap); > + sev_asid_bitmap =3D NULL; > goto out; > + } Blech, didn't look close enough at v1. I think I'd rather yell and continu= e on. If misc_cg_set_capacity() were to fail, debugging would be unnecessarily pa= inful, and at least as things stand today, there's nothing userspace can do to rem= edy the problem except by manually disabling SEV and/or SEV-ES. --- From: Sean Christopherson Date: Tue, 6 Jun 2023 11:34:28 -0700 Subject: [PATCH] KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fa= ils WARN and continue if misc_cg_set_capacity() fails, as the only scenario in which it can fail is if the specified resource is invalid, which should never happen when CONFIG_KVM_AMD_SEV=3Dy. Deliberately not bailing "fixes" a theoretical bug where KVM would leak the ASID bitmaps on failure, which again can't happen. If the impossible should happen, the end result is effectively the same with respect to SEV and SEV-ES (they are unusable), while continuing on has the advantage of letting KVM load, i.e. userspace can still run non-SEV guests. Reported-by: Alexander Mikhalitsyn Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d65578d8784d..07756b7348ae 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2216,9 +2216,7 @@ void __init sev_hardware_setup(void) } =20 sev_asid_count =3D max_sev_asid - min_sev_asid + 1; - if (misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)) - goto out; - + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV, sev_asid_count)); sev_supported =3D true; =20 /* SEV-ES support requested? */ @@ -2243,9 +2241,7 @@ void __init sev_hardware_setup(void) goto out; =20 sev_es_asid_count =3D min_sev_asid - 1; - if (misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count)) - goto out; - + WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count))= ; sev_es_supported =3D true; =20 out: base-commit: 6d1bc9754b04075d938b47cf7f7800814b8911a7 --=20