Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp365850lqp;
        Thu, 21 Mar 2024 03:59:37 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCX9v/W0gzEdQTvniaCmnmoaHkkYG39k1URlV5AMOITLt1etOIFomiNy3IP6BUpSiwvA45XV7jm+yjAS1vYUYp7oQ7Izx+/0FgBW4fVe7A==
X-Google-Smtp-Source: AGHT+IH0uZRIfPSAp/Yb20jKfl5alLLuO3ZWtFOVk5pvH1yrTg0EcYn5PEWIEt5mh6KQ0BGCiKJv
X-Received: by 2002:a05:622a:255:b0:431:bbd:27c5 with SMTP id c21-20020a05622a025500b004310bbd27c5mr4152311qtx.21.1711018776937;
        Thu, 21 Mar 2024 03:59:36 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711018776; cv=pass;
        d=google.com; s=arc-20160816;
        b=VHbYFfmybcN2ekpcNyOvdR5mLYcQZ4NFKSEXhq/XREwWj6Rw5QHDn1yGK4CGTEChgA
         SJlnP2kq2mH4hZkAHLTRJT3vLCtpzrmBoScFV9xi3xfcClOGWk8axye+rRMJ18hvlpRO
         aLgC88sXzfhbom59yu7/QVEKKK6eLGy/cxFuc+TvqiWWVD6LivNifT4Jg7PM41rV//Il
         /qRk6I27l7LomImyi7ehrlqInMhv2wx3OeQ7Q8m4wcm5SkQQuOD5YcQnos1fO0WRbBh2
         V+eRTqc1Qk1kEDqy1sja4CW/r76POaz2eMPILQyu0XeaZPbWgklwN0qmdU+bSXCbwCPA
         Yv8Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:organization:content-language
         :references:to:subject:reply-to:user-agent:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:date:message-id
         :from:dkim-signature;
        bh=eG4p8QA4YdJE1Wkel/7+Mo6QY3CJ0FlB+PUcD8ZNkIQ=;
        fh=X7mrjfAUk0cQY9Dzl5IG9t4TPFGQj1sLTLs3axruz9M=;
        b=Db5iAM2EYaU2lbPznvBhqK2mOF/adgiKmrMjaZv6XluHlrVOaGF5bTfNUipeUKJ8lq
         4zFaRXQD1Eo17AnmauzvvM9Nq4gh4+MZvFyyVqcNLd9xWowAe7u/CtIBKtBMigTPQGo9
         81Bdf3wJCnSyhiD66iZHnXnWFciUCpla3B77uCuJHsPGkD6iawesoPH3IF5Q7F3mxZZF
         BG+CH4DOm8MIZxZDTG+VZEpvPRovjGLCklVr6/kU/pTRd1RA970deGuHg6d7SH4o8XPX
         BNceiWHdlXwGCqxsEfBPJsNHbFgQmcsHlWmQkgiWY9alrySSFO6DUTYj6T9BpETDH/pZ
         8Sew==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=VvIPbY4h;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-109912-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-109912-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel+bounces-109912-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id a15-20020a05622a02cf00b00430df380e43si6882266qtx.206.2024.03.21.03.59.36
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 21 Mar 2024 03:59:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-109912-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=VvIPbY4h;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-109912-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-109912-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 9E9D01C225C7
	for <linux.lists.archive@gmail.com>; Thu, 21 Mar 2024 10:59:36 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 5D7F957876;
	Thu, 21 Mar 2024 10:59:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VvIPbY4h"
Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D490E57304;
	Thu, 21 Mar 2024 10:59:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.49
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711018767; cv=none; b=FbQjG76yQQGoOKm+BYQAJdUYcvsJpOExkhMBkEytDTwFhWu+4VoK9dksF27MNu+ymDbJ9oDcjbfYx6Hfkmak/pBI7Wt6Rj5vfL04o6urh9m3Z8W5JRXuHsxcmakwKacK7cCCR5lF+RnMIJLSdoCtNnaGjo7QF6alRnGO8G6JxIo=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711018767; c=relaxed/simple;
	bh=SIT4t9WMLr2rFdZLU8jbRHOWoltdDcFzJeJ38E0d+hA=;
	h=From:Message-ID:Date:MIME-Version:Subject:To:References:
	 In-Reply-To:Content-Type; b=urYQeL0Y6hb0+mRkriPvJDTB1ex+hLv8umouwYWJX6mj8vpPPfsgUPVqGq4vnQZUoY+cJjcBNhqxEp2W9pYRFOVlf0LMfuowCYRscyjTPlaUdGnBKXsKDHt5ZZzXfK2PAOv1rBeRCwb34Ogzg2qEKYlnqQl05NqDWgYPRv9Tg8g=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VvIPbY4h; arc=none smtp.client-ip=209.85.221.49
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-33ec7e38b84so494449f8f.1;
        Thu, 21 Mar 2024 03:59:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1711018764; x=1711623564; darn=vger.kernel.org;
        h=content-transfer-encoding:in-reply-to:organization:content-language
         :references:to:subject:reply-to:user-agent:mime-version:date
         :message-id:from:from:to:cc:subject:date:message-id:reply-to;
        bh=eG4p8QA4YdJE1Wkel/7+Mo6QY3CJ0FlB+PUcD8ZNkIQ=;
        b=VvIPbY4hEEabnqRbqZ/uhwCbSudb/QcviBBL3LBpsxC4RTCN08NkZVBqy3Zx08mSdS
         qD4DrGZrG1UlEjykRRslMMzzFoNBTTqWEgEo65wp0waO4Rw/mDFTqEzBC8pM+c7hrAtb
         +CTgas/2KvHxKVsujcO/Hlu0CQgYEdqAef1+gGjDuBU9V/xBhQDyYFE8jPxfh5VRYJ9e
         dpcNH1mpHMFXdQdetJSGw9/HzA9/1U04+IOdvS4UHhbyKrYcgNBnhmZlC4o1PfccX9jT
         fQbJ5A31GJVwWAFR9xmMNgy4yQj33NKBrfh7khO3VCC16QP6ndCDhWDrud7OcgpaVoeW
         PprQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1711018764; x=1711623564;
        h=content-transfer-encoding:in-reply-to:organization:content-language
         :references:to:subject:reply-to:user-agent:mime-version:date
         :message-id:from:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=eG4p8QA4YdJE1Wkel/7+Mo6QY3CJ0FlB+PUcD8ZNkIQ=;
        b=OcprizV5J+/hQZO0uphGp4JM0ypOEb1V0CyfN40TLnXkje+AeOA/oPzwj3WZSGAgM3
         RHUoaw79hG0vgFm7ywRSjkwU3h3DqwePru/RgZEbwMKwgaO0teJOqoALhYvCHn17f7Xg
         XMY1F/I5kHX+IhN7/eLxUqcecHgWo9OOgVEytdEPfZTspuz+EZ54c7Z6BnJQ/jAP5NXT
         W4iEjpgXnpwBWDp/Wz1w5kMLiyVZMajgMqfU4VAc5VS/v1qdOXqyu3ZwN5ATWuDeQB93
         XWX5U+s9GXVe+6aOSNOjgt/Avf5GOBwfOr42Gta1tp/d4CmDGXFW0U9yrcQK9uMT/5Q2
         pQKw==
X-Forwarded-Encrypted: i=1; AJvYcCWHtcMx53eGUWEUz+a0wXshJGMPJq4qamekDxR6o38x1aCb75+GLwXpxIEmJc4Zp8/npuvOI0j2KL9ruIfFdBiJWy461ZHOjJ97uo3rTRrWImW7WwKfC7HX3ihHyejwovpj
X-Gm-Message-State: AOJu0YzxCKdJZsW8A7jSOq5fFI6gxkUjGD+ZNX2I8Kup5ceFdG8c63Iz
	IZSidwEuV4MFxLHJxmk9hPs4oEJhZsANTnMbaXwjrqGpv2Gf+WcT
X-Received: by 2002:adf:ec89:0:b0:33e:afec:e7d8 with SMTP id z9-20020adfec89000000b0033eafece7d8mr1065470wrn.42.1711018764115;
        Thu, 21 Mar 2024 03:59:24 -0700 (PDT)
Received: from [192.168.16.136] (54-240-197-234.amazon.com. [54.240.197.234])
        by smtp.gmail.com with ESMTPSA id b3-20020a05600010c300b0033e7b433498sm16944301wrx.111.2024.03.21.03.59.23
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 21 Mar 2024 03:59:23 -0700 (PDT)
From: Paul Durrant <xadimgnik@gmail.com>
X-Google-Original-From: Paul Durrant <paul@xen.org>
Message-ID: <ad0ad0d3-5be0-447d-8c0b-6b77e763dad9@xen.org>
Date: Thu, 21 Mar 2024 10:59:22 +0000
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Reply-To: paul@xen.org
Subject: Re: [syzbot] [kvm?] WARNING in __kvm_gpc_refresh
To: David Woodhouse <dwmw2@infradead.org>,
 syzbot <syzbot+106a4f72b0474e1d1b33@syzkaller.appspotmail.com>,
 kvm@vger.kernel.org, linux-kernel@vger.kernel.org, pbonzini@redhat.com,
 syzkaller-bugs@googlegroups.com
References: <0000000000005fa5cc0613f1cebd@google.com>
 <b7561e6d6d357fcd8ec1a1257aaf2f97d971061c.camel@infradead.org>
Content-Language: en-US
Organization: Xen Project
In-Reply-To: <b7561e6d6d357fcd8ec1a1257aaf2f97d971061c.camel@infradead.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 18/03/2024 21:25, David Woodhouse wrote:
> On Mon, 2024-03-18 at 09:25 -0700, syzbot wrote:
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit:    277100b3d5fe Merge tag 'block-6.9-20240315' of git://git.k..
>> git tree:       upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=17c96aa5180000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=1c6662240382da2
>> dashboard link: https://syzkaller.appspot.com/bug?extid=106a4f72b0474e1d1b33
>> compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14358231180000
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=110ed231180000
>>
>> Downloadable assets:
>> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-277100b3.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/6872e049b27c/vmlinux-277100b3.xz
>> kernel image: https://storage.googleapis.com/syzbot-assets/68ec7230df0f/bzImage-277100b3.xz
> 
> static int __kvm_gpc_refresh(struct gfn_to_pfn_cache *gpc, gpa_t gpa, unsigned long uhva,
>                               unsigned long len)
> {
>          unsigned long page_offset;
>          bool unmap_old = false;
>          unsigned long old_uhva;
>          kvm_pfn_t old_pfn;
>          bool hva_change = false;
>          void *old_khva;
>          int ret;
> 
>          /* Either gpa or uhva must be valid, but not both */
>          if (WARN_ON_ONCE(kvm_is_error_gpa(gpa) == kvm_is_error_hva(uhva)))
>                  return -EINVAL;
> 
> Hm, that comment doesn't match the code. It says "not both", but the
> code also catches the "neither" case. I think the gpa is in %rbx and
> uhva is in %r12, so this is indeed the 'neither' case.
> 
> Is it expected that we can end up with a cache marked active, but with
> the address not valid? Maybe through a race condition with deactive? or
> more likely than that?
> 
> Paul, we should probably add ourselves to MAINTAINERS for pfncache.c
> 

Sorry, missed this. Yes, given the changes we've made, we ought to step up.

   Paul