From: David Matlack <dmatlack@google.com>
To: Venkatesh Srinivas <venkateshs@chromium.org>
Cc: kvm@vger.kernel.org, jmattson@google.com, seanjc@google.com,
elver@google.com, dvyukov@google.com
Subject: Re: [PATCH] KVM: kvm_vcpu_kick: Do not read potentially-stale vcpu->cpu
Date: Wed, 30 Jun 2021 16:24:41 +0000 [thread overview]
Message-ID: <YNyayUOiDDZ9V3Ex@google.com> (raw)
In-Reply-To: <20210630031037.584190-1-venkateshs@chromium.org>
On Tue, Jun 29, 2021 at 08:10:37PM -0700, Venkatesh Srinivas wrote:
> vcpu->cpu contains the last cpu a vcpu run/is running on;
> kvm_vcpu_kick is used to 'kick' a guest vcpu by sending an IPI
> to the last CPU; vcpu->cpu is updated on sched_in when a vcpu
> moves to a new CPU, so it possible for the vcpu->cpu field to
> be stale.
>
> kvm_vcpu_kick also read vcpu->cpu early with a plain read,
> while vcpu->cpu could be concurrently written. This caused
> a data race, found by kcsan:
>
> write to 0xffff8880274e8460 of 4 bytes by task 30718 on cpu 0:
> kvm_arch_vcpu_load arch/x86/kvm/x86.c:4018
> kvm_sched_in virt/kvm/kvm_main.c:4864
>
> vs
> kvm_vcpu_kick virt/kvm/kvm_main.c:2909
> kvm_arch_async_page_present_queued arch/x86/kvm/x86.c:11287
> async_pf_execute virt/kvm/async_pf.c:79
> ...
>
> Use a READ_ONCE to atomically read vcpu->cpu and avoid the
> data race.
>
> Found by kcsan & syzbot.
>
> Signed-off-by: Venkatesh Srinivas <venkateshs@chromium.org>
Reviewed-by: David Matlack <dmatlack@google.com>
> ---
> virt/kvm/kvm_main.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index 46fb042837d2..0525f42afb7d 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -3058,16 +3058,18 @@ EXPORT_SYMBOL_GPL(kvm_vcpu_wake_up);
> */
> void kvm_vcpu_kick(struct kvm_vcpu *vcpu)
> {
> - int me;
> - int cpu = vcpu->cpu;
> + int me, cpu;
>
> if (kvm_vcpu_wake_up(vcpu))
> return;
>
> me = get_cpu();
> - if (cpu != me && (unsigned)cpu < nr_cpu_ids && cpu_online(cpu))
> - if (kvm_arch_vcpu_should_kick(vcpu))
> + if (kvm_arch_vcpu_should_kick(vcpu)) {
> + cpu = READ_ONCE(vcpu->cpu);
> + WARN_ON_ONCE(cpu == me);
nit: A comment here may be useful to explain the interaction with
kvm_arch_vcpu_should_kick(). Took me a minute to understand why you
added the warning.
> + if ((unsigned)cpu < nr_cpu_ids && cpu_online(cpu))
> smp_send_reschedule(cpu);
> + }
> put_cpu();
> }
> EXPORT_SYMBOL_GPL(kvm_vcpu_kick);
> --
> 2.30.2
>
next prev parent reply other threads:[~2021-06-30 16:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-30 3:10 [PATCH] KVM: kvm_vcpu_kick: Do not read potentially-stale vcpu->cpu Venkatesh Srinivas
2021-06-30 16:24 ` David Matlack [this message]
2021-07-09 17:47 ` Sean Christopherson
2021-07-13 1:45 ` Venkatesh Srinivas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YNyayUOiDDZ9V3Ex@google.com \
--to=dmatlack@google.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=seanjc@google.com \
--cc=venkateshs@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.