From: Sean Christopherson <seanjc@google.com>
To: kvm-riscv@lists.infradead.org
Subject: [PATCH v3 08/12] KVM: Propagate vcpu explicitly to mark_page_dirty_in_slot()
Date: Thu, 18 Nov 2021 18:40:47 +0000 [thread overview]
Message-ID: <YZaeL5YztL3p1nLM@google.com> (raw)
In-Reply-To: <20b5952e76c54a3a5dfe5a898e3b835404ac6fb1.camel@infradead.org>
On Thu, Nov 18, 2021, David Woodhouse wrote:
> That leaves the one in TDP MMU handle_changed_spte_dirty_log() which
> AFAICT can trigger the same crash seen by butt3rflyh4ck ? can't that
> happen from a thread where kvm_get_running_vcpu() is NULL too? For that
> one I'm not sure.
I think could be trigger in the TDP MMU via kvm_mmu_notifier_release()
-> kvm_mmu_zap_all(), e.g. if the userspace VMM exits while dirty logging is
enabled. That should be easy to (dis)prove via a selftest.
And for the record :-)
On Mon, Dec 02, 2019 at 12:10:36PM -0800, Sean Christopherson wrote:
> IMO, adding kvm_get_running_vcpu() is a hack that is just asking for future
> abuse and the vcpu/vm/as_id interactions in mark_page_dirty_in_ring()
> look extremely fragile.
On 03/12/19 20:01, Sean Christopherson wrote:
> In case it was clear, I strongly dislike adding kvm_get_running_vcpu().
> IMO, it's a unnecessary hack. The proper change to ensure a valid vCPU is
> seen by mark_page_dirty_in_ring() when there is a current vCPU is to
> plumb the vCPU down through the various call stacks.
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <seanjc@google.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Anup Patel <anup.patel@wdc.com>,
"wanpengli @ tencent . com" <wanpengli@tencent.com>,
kvm <kvm@vger.kernel.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Joao Martins <joao.m.martins@oracle.com>,
Will Deacon <will@kernel.org>,
kvmarm@lists.cs.columbia.edu, linux-s390@vger.kernel.org,
Michael Ellerman <mpe@ellerman.id.au>,
"joro @ 8bytes . org" <joro@8bytes.org>,
Huacai Chen <chenhuacai@kernel.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
karahmed@amazon.com, Catalin Marinas <catalin.marinas@arm.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"jmattson @ google . com" <jmattson@google.com>,
"mtosatti @ redhat . com" <mtosatti@redhat.com>,
linux-mips@vger.kernel.org, kvm-riscv@lists.infradead.org,
Marc Zyngier <maz@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
"vkuznets @ redhat . com" <vkuznets@redhat.com>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v3 08/12] KVM: Propagate vcpu explicitly to mark_page_dirty_in_slot()
Date: Thu, 18 Nov 2021 18:40:47 +0000 [thread overview]
Message-ID: <YZaeL5YztL3p1nLM@google.com> (raw)
In-Reply-To: <20b5952e76c54a3a5dfe5a898e3b835404ac6fb1.camel@infradead.org>
On Thu, Nov 18, 2021, David Woodhouse wrote:
> That leaves the one in TDP MMU handle_changed_spte_dirty_log() which
> AFAICT can trigger the same crash seen by butt3rflyh4ck — can't that
> happen from a thread where kvm_get_running_vcpu() is NULL too? For that
> one I'm not sure.
I think could be trigger in the TDP MMU via kvm_mmu_notifier_release()
-> kvm_mmu_zap_all(), e.g. if the userspace VMM exits while dirty logging is
enabled. That should be easy to (dis)prove via a selftest.
And for the record :-)
On Mon, Dec 02, 2019 at 12:10:36PM -0800, Sean Christopherson wrote:
> IMO, adding kvm_get_running_vcpu() is a hack that is just asking for future
> abuse and the vcpu/vm/as_id interactions in mark_page_dirty_in_ring()
> look extremely fragile.
On 03/12/19 20:01, Sean Christopherson wrote:
> In case it was clear, I strongly dislike adding kvm_get_running_vcpu().
> IMO, it's a unnecessary hack. The proper change to ensure a valid vCPU is
> seen by mark_page_dirty_in_ring() when there is a current vCPU is to
> plumb the vCPU down through the various call stacks.
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <seanjc@google.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>, kvm <kvm@vger.kernel.org>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Joao Martins <joao.m.martins@oracle.com>,
"jmattson @ google . com" <jmattson@google.com>,
"wanpengli @ tencent . com" <wanpengli@tencent.com>,
"vkuznets @ redhat . com" <vkuznets@redhat.com>,
"mtosatti @ redhat . com" <mtosatti@redhat.com>,
"joro @ 8bytes . org" <joro@8bytes.org>,
karahmed@amazon.com, Marc Zyngier <maz@kernel.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Huacai Chen <chenhuacai@kernel.org>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Anup Patel <anup.patel@wdc.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
kvmarm@lists.cs.columbia.edu,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
kvm-riscv@lists.infradead.org, linux-s390@vger.kernel.org
Subject: Re: [PATCH v3 08/12] KVM: Propagate vcpu explicitly to mark_page_dirty_in_slot()
Date: Thu, 18 Nov 2021 18:40:47 +0000 [thread overview]
Message-ID: <YZaeL5YztL3p1nLM@google.com> (raw)
In-Reply-To: <20b5952e76c54a3a5dfe5a898e3b835404ac6fb1.camel@infradead.org>
On Thu, Nov 18, 2021, David Woodhouse wrote:
> That leaves the one in TDP MMU handle_changed_spte_dirty_log() which
> AFAICT can trigger the same crash seen by butt3rflyh4ck — can't that
> happen from a thread where kvm_get_running_vcpu() is NULL too? For that
> one I'm not sure.
I think could be trigger in the TDP MMU via kvm_mmu_notifier_release()
-> kvm_mmu_zap_all(), e.g. if the userspace VMM exits while dirty logging is
enabled. That should be easy to (dis)prove via a selftest.
And for the record :-)
On Mon, Dec 02, 2019 at 12:10:36PM -0800, Sean Christopherson wrote:
> IMO, adding kvm_get_running_vcpu() is a hack that is just asking for future
> abuse and the vcpu/vm/as_id interactions in mark_page_dirty_in_ring()
> look extremely fragile.
On 03/12/19 20:01, Sean Christopherson wrote:
> In case it was clear, I strongly dislike adding kvm_get_running_vcpu().
> IMO, it's a unnecessary hack. The proper change to ensure a valid vCPU is
> seen by mark_page_dirty_in_ring() when there is a current vCPU is to
> plumb the vCPU down through the various call stacks.
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <seanjc@google.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Anup Patel <anup.patel@wdc.com>,
"wanpengli @ tencent . com" <wanpengli@tencent.com>,
kvm <kvm@vger.kernel.org>,
Joao Martins <joao.m.martins@oracle.com>,
Will Deacon <will@kernel.org>,
kvmarm@lists.cs.columbia.edu, linux-s390@vger.kernel.org,
"joro @ 8bytes . org" <joro@8bytes.org>,
Huacai Chen <chenhuacai@kernel.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
karahmed@amazon.com, Catalin Marinas <catalin.marinas@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"jmattson @ google . com" <jmattson@google.com>,
"mtosatti @ redhat . com" <mtosatti@redhat.com>,
linux-mips@vger.kernel.org, James Morse <james.morse@arm.com>,
kvm-riscv@lists.infradead.org, Marc Zyngier <maz@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
"vkuznets @ redhat . com" <vkuznets@redhat.com>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v3 08/12] KVM: Propagate vcpu explicitly to mark_page_dirty_in_slot()
Date: Thu, 18 Nov 2021 18:40:47 +0000 [thread overview]
Message-ID: <YZaeL5YztL3p1nLM@google.com> (raw)
In-Reply-To: <20b5952e76c54a3a5dfe5a898e3b835404ac6fb1.camel@infradead.org>
On Thu, Nov 18, 2021, David Woodhouse wrote:
> That leaves the one in TDP MMU handle_changed_spte_dirty_log() which
> AFAICT can trigger the same crash seen by butt3rflyh4ck — can't that
> happen from a thread where kvm_get_running_vcpu() is NULL too? For that
> one I'm not sure.
I think could be trigger in the TDP MMU via kvm_mmu_notifier_release()
-> kvm_mmu_zap_all(), e.g. if the userspace VMM exits while dirty logging is
enabled. That should be easy to (dis)prove via a selftest.
And for the record :-)
On Mon, Dec 02, 2019 at 12:10:36PM -0800, Sean Christopherson wrote:
> IMO, adding kvm_get_running_vcpu() is a hack that is just asking for future
> abuse and the vcpu/vm/as_id interactions in mark_page_dirty_in_ring()
> look extremely fragile.
On 03/12/19 20:01, Sean Christopherson wrote:
> In case it was clear, I strongly dislike adding kvm_get_running_vcpu().
> IMO, it's a unnecessary hack. The proper change to ensure a valid vCPU is
> seen by mark_page_dirty_in_ring() when there is a current vCPU is to
> plumb the vCPU down through the various call stacks.
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <seanjc@google.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>, kvm <kvm@vger.kernel.org>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Joao Martins <joao.m.martins@oracle.com>,
"jmattson @ google . com" <jmattson@google.com>,
"wanpengli @ tencent . com" <wanpengli@tencent.com>,
"vkuznets @ redhat . com" <vkuznets@redhat.com>,
"mtosatti @ redhat . com" <mtosatti@redhat.com>,
"joro @ 8bytes . org" <joro@8bytes.org>,
karahmed@amazon.com, Marc Zyngier <maz@kernel.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Huacai Chen <chenhuacai@kernel.org>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Anup Patel <anup.patel@wdc.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
kvmarm@lists.cs.columbia.edu,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
kvm-riscv@lists.infradead.org, linux-s390@vger.kernel.org
Subject: Re: [PATCH v3 08/12] KVM: Propagate vcpu explicitly to mark_page_dirty_in_slot()
Date: Thu, 18 Nov 2021 18:40:47 +0000 [thread overview]
Message-ID: <YZaeL5YztL3p1nLM@google.com> (raw)
In-Reply-To: <20b5952e76c54a3a5dfe5a898e3b835404ac6fb1.camel@infradead.org>
On Thu, Nov 18, 2021, David Woodhouse wrote:
> That leaves the one in TDP MMU handle_changed_spte_dirty_log() which
> AFAICT can trigger the same crash seen by butt3rflyh4ck — can't that
> happen from a thread where kvm_get_running_vcpu() is NULL too? For that
> one I'm not sure.
I think could be trigger in the TDP MMU via kvm_mmu_notifier_release()
-> kvm_mmu_zap_all(), e.g. if the userspace VMM exits while dirty logging is
enabled. That should be easy to (dis)prove via a selftest.
And for the record :-)
On Mon, Dec 02, 2019 at 12:10:36PM -0800, Sean Christopherson wrote:
> IMO, adding kvm_get_running_vcpu() is a hack that is just asking for future
> abuse and the vcpu/vm/as_id interactions in mark_page_dirty_in_ring()
> look extremely fragile.
On 03/12/19 20:01, Sean Christopherson wrote:
> In case it was clear, I strongly dislike adding kvm_get_running_vcpu().
> IMO, it's a unnecessary hack. The proper change to ensure a valid vCPU is
> seen by mark_page_dirty_in_ring() when there is a current vCPU is to
> plumb the vCPU down through the various call stacks.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-11-18 18:40 UTC|newest]
Thread overview: 135+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-17 17:39 [PATCH v3 00/12] KVM: x86/xen: Add in-kernel Xen event channel delivery David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` [PATCH v3 01/12] KVM: Introduce CONFIG_HAVE_KVM_DIRTY_RING David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` [PATCH v3 02/12] KVM: Add Makefile.kvm for common files, use it for x86 David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 17:39 ` [PATCH v3 03/12] KVM: s390: Use Makefile.kvm for common files David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` [PATCH v3 04/12] KVM: mips: " David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` [PATCH v3 05/12] KVM: RISC-V: " David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` [PATCH v3 06/12] KVM: powerpc: " David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 23:50 ` Michael Ellerman
2021-11-17 23:50 ` Michael Ellerman
2021-11-17 23:50 ` Michael Ellerman
2021-11-17 23:50 ` Michael Ellerman
2021-11-17 23:50 ` Michael Ellerman
2021-11-17 17:39 ` [PATCH v3 07/12] KVM: arm64: " David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 18:11 ` Marc Zyngier
2021-11-17 17:39 ` [PATCH v3 08/12] KVM: Propagate vcpu explicitly to mark_page_dirty_in_slot() David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 17:39 ` David Woodhouse
2021-11-17 18:13 ` Marc Zyngier
2021-11-17 18:13 ` Marc Zyngier
2021-11-17 18:13 ` Marc Zyngier
2021-11-17 18:13 ` Marc Zyngier
2021-11-17 18:13 ` Marc Zyngier
2021-11-17 18:31 ` David Woodhouse
2021-11-17 18:31 ` David Woodhouse
2021-11-17 18:31 ` David Woodhouse
2021-11-17 18:31 ` David Woodhouse
2021-11-17 18:31 ` David Woodhouse
2021-11-17 19:30 ` David Woodhouse
2021-11-17 19:30 ` David Woodhouse
2021-11-17 19:30 ` David Woodhouse
2021-11-17 19:30 ` David Woodhouse
2021-11-17 19:30 ` David Woodhouse
2021-11-17 21:09 ` David Woodhouse
2021-11-17 21:09 ` David Woodhouse
2021-11-17 21:09 ` David Woodhouse
2021-11-17 21:09 ` David Woodhouse
2021-11-17 21:09 ` David Woodhouse
2021-11-18 12:04 ` Paolo Bonzini
2021-11-18 12:04 ` Paolo Bonzini
2021-11-18 12:04 ` Paolo Bonzini
2021-11-18 12:04 ` Paolo Bonzini
2021-11-18 12:04 ` Paolo Bonzini
2021-11-18 14:22 ` David Woodhouse
2021-11-18 14:22 ` David Woodhouse
2021-11-18 14:22 ` David Woodhouse
2021-11-18 14:22 ` David Woodhouse
2021-11-18 14:22 ` David Woodhouse
2021-11-18 18:40 ` Sean Christopherson [this message]
2021-11-18 18:40 ` Sean Christopherson
2021-11-18 18:40 ` Sean Christopherson
2021-11-18 18:40 ` Sean Christopherson
2021-11-18 18:40 ` Sean Christopherson
2021-11-18 18:50 ` Sean Christopherson
2021-11-18 18:50 ` Sean Christopherson
2021-11-18 18:50 ` Sean Christopherson
2021-11-18 18:50 ` Sean Christopherson
2021-11-18 18:50 ` Sean Christopherson
2021-11-18 19:23 ` David Woodhouse
2021-11-18 19:23 ` David Woodhouse
2021-11-18 19:23 ` David Woodhouse
2021-11-18 19:23 ` David Woodhouse
2021-11-18 19:23 ` David Woodhouse
2021-11-18 19:46 ` Sean Christopherson
2021-11-18 19:46 ` Sean Christopherson
2021-11-18 19:46 ` Sean Christopherson
2021-11-18 19:46 ` Sean Christopherson
2021-11-18 19:46 ` Sean Christopherson
2021-11-19 9:23 ` David Woodhouse
2021-11-19 9:23 ` David Woodhouse
2021-11-19 9:23 ` David Woodhouse
2021-11-19 9:23 ` David Woodhouse
2021-11-19 9:23 ` David Woodhouse
2021-11-17 17:40 ` [PATCH v3 09/12] KVM: Reinstate gfn_to_pfn_cache with invalidation support David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` [PATCH v3 10/12] KVM: x86/xen: Maintain valid mapping of Xen shared_info page David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` [PATCH v3 11/12] KVM: x86/xen: Add KVM_IRQ_ROUTING_XEN_EVTCHN and event channel delivery David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` [PATCH v3 12/12] KVM: x86: First attempt at converting nested virtual APIC page to gpc David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
2021-11-17 17:40 ` David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YZaeL5YztL3p1nLM@google.com \
--to=seanjc@google.com \
--cc=kvm-riscv@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.