Re: [PATCH v3 3/4] LoongArch: KVM: Implement guest-side PV TLB flush

All of lore.kernel.org
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Tao Cui" <cui.tao@linux.dev>
Cc: kvm@vger.kernel.org
Subject: Re: [PATCH v3 3/4] LoongArch: KVM: Implement guest-side PV TLB flush
Date: Tue, 02 Jun 2026 02:46:03 +0000	[thread overview]
Message-ID: <20260602024603.E9F661F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260602021819.2373404-4-cui.tao@linux.dev>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] kvm_flush_tlb_mask() accesses a per-CPU cpumask without disabling preemption, creating a severe data race.
--

commit d7f218c526b255a23f8247a1f67b9091d6410ff4
Author: Tao Cui <cuitao@kylinos.cn>

LoongArch: KVM: Implement guest-side PV TLB flush

Add the guest-side implementation of PV TLB flush for LoongArch KVM
guests, complementing the host-side support added in the previous commit.

> diff --git a/arch/loongarch/kernel/paravirt.c b/arch/loongarch/kernel/paravirt.c
> index 10821cce554c0..34e3ae2d25016 100644
> --- a/arch/loongarch/kernel/paravirt.c
> +++ b/arch/loongarch/kernel/paravirt.c
[ ... ]
> @@ -208,6 +210,58 @@ int __init pv_ipi_init(void)
>  	return 0;
>  }
>  
> +#ifdef CONFIG_SMP
> +void kvm_flush_tlb_mask(const struct cpumask *cpumask,
> +			       smp_call_func_t func, void *info)
> +{
> +	int cpu;
> +	struct kvm_steal_time *src;
> +	struct cpumask *flushmask = this_cpu_cpumask_var_ptr(__pv_cpu_mask);
> +
> +	cpumask_copy(flushmask, cpumask);

[Severity: High]
Does this per-CPU mask access require preemption to be disabled?

Looking at callers like flush_tlb_all(), flush_tlb_kernel_range(), and
flush_tlb_one(), it appears they call kvm_flush_tlb_mask() directly without
first disabling preemption. The fallback on_each_cpu() macro disables
preemption internally, but this new paravirt path does not.

If the task is preempted and migrated to another CPU after fetching the
local CPU's flushmask pointer, could it concurrently modify the original
CPU's mask alongside another task scheduled on that CPU?

Also, would this trigger a warning with CONFIG_DEBUG_PREEMPT since
this_cpu_cpumask_var_ptr() uses this_cpu_ptr() under the hood?

[ ... ]
> diff --git a/arch/loongarch/kernel/smp.c b/arch/loongarch/kernel/smp.c
> index 50922610758ba..bb3451b057ed2 100644
> --- a/arch/loongarch/kernel/smp.c
> +++ b/arch/loongarch/kernel/smp.c
> @@ -727,7 +727,10 @@ static void flush_tlb_all_ipi(void *info)
>  
>  void flush_tlb_all(void)
>  {
> -	on_each_cpu(flush_tlb_all_ipi, NULL, 1);
> +	if (pv_tlb_flush_enabled())
> +		kvm_flush_tlb_mask(cpu_online_mask, flush_tlb_all_ipi, NULL);
> +	else
> +		on_each_cpu(flush_tlb_all_ipi, NULL, 1);
>  }

[Severity: High]
Are we missing a preempt_disable() around this call to kvm_flush_tlb_mask()?

Because kvm_flush_tlb_mask() accesses a per-CPU cpumask immediately upon
entry, calling it with preemption enabled could cause data races if the
task migrates to another CPU.

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260602021819.2373404-1-cui.tao@linux.dev?part=3

next prev parent reply	other threads:[~2026-06-02  2:46 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-02  2:18 [PATCH v3 0/4] LoongArch: KVM: Add PV TLB flush support Tao Cui
2026-06-02  2:18 ` [PATCH v3 1/4] LoongArch: KVM: Preserve auto-enabled PV features on userspace override Tao Cui
2026-06-02  2:26   ` sashiko-bot
2026-06-02  2:18 ` [PATCH v3 2/4] LoongArch: KVM: Add PV TLB flush support via steal-time shared memory Tao Cui
2026-06-02  2:37   ` sashiko-bot
2026-06-02  2:18 ` [PATCH v3 3/4] LoongArch: KVM: Implement guest-side PV TLB flush Tao Cui
2026-06-02  2:46   ` sashiko-bot [this message]
2026-06-02  2:18 ` [PATCH v3 4/4] KVM: selftests: loongarch: Add PV TLB flush performance test Tao Cui
2026-06-02  2:52   ` sashiko-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260602024603.E9F661F00893@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=cui.tao@linux.dev \
    --cc=kvm@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.