From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: kvm@vger.kernel.org, Jim Mattson <jmattson@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Borislav Petkov <bp@alien8.de>, Joerg Roedel <joro@8bytes.org>,
Ingo Molnar <mingo@redhat.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
linux-kernel@vger.kernel.org,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
stable@vger.kernel.org
Subject: Re: [PATCH 1/8] KVM: x86: avoid loading a vCPU after .vm_destroy was called
Date: Wed, 30 Mar 2022 00:27:55 +0000 [thread overview]
Message-ID: <YkOkCwUgMD1SVfaD@google.com> (raw)
In-Reply-To: <20220322172449.235575-2-mlevitsk@redhat.com>
On Tue, Mar 22, 2022, Maxim Levitsky wrote:
> This can cause various unexpected issues, since VM is partially
> destroyed at that point.
>
> For example when AVIC is enabled, this causes avic_vcpu_load to
> access physical id page entry which is already freed by .vm_destroy.
Hmm, the SEV unbinding of ASIDs should be done after MMU teardown too (which your
patch also does).
>
> Fixes: 8221c1370056 ("svm: Manage vcpu load/unload when enable AVIC")
> Cc: stable@vger.kernel.org
>
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
> arch/x86/kvm/x86.c | 10 +++-------
> 1 file changed, 3 insertions(+), 7 deletions(-)
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index d3a9ce07a565..ba920e537ddf 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -11759,20 +11759,15 @@ static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
> vcpu_put(vcpu);
> }
>
> -static void kvm_free_vcpus(struct kvm *kvm)
> +static void kvm_unload_vcpu_mmus(struct kvm *kvm)
> {
> unsigned long i;
> struct kvm_vcpu *vcpu;
>
> - /*
> - * Unpin any mmu pages first.
> - */
> kvm_for_each_vcpu(i, vcpu, kvm) {
> kvm_clear_async_pf_completion_queue(vcpu);
> kvm_unload_vcpu_mmu(vcpu);
> }
> -
> - kvm_destroy_vcpus(kvm);
> }
>
> void kvm_arch_sync_events(struct kvm *kvm)
> @@ -11878,11 +11873,12 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
> __x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, 0, 0);
> mutex_unlock(&kvm->slots_lock);
> }
> + kvm_unload_vcpu_mmus(kvm);
> static_call_cond(kvm_x86_vm_destroy)(kvm);
> kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
> kvm_pic_destroy(kvm);
> kvm_ioapic_destroy(kvm);
> - kvm_free_vcpus(kvm);
> + kvm_destroy_vcpus(kvm);
Rather than split kvm_free_vcpus(), can we instead move the call to svm_vm_destroy()
by adding a second hook, .vm_teardown(), which is needed for TDX? I.e. keep VMX
where it is by using vm_teardown, but effectively move SVM?
https://lore.kernel.org/all/1fa2d0db387a99352d44247728c5b8ae5f5cab4d.1637799475.git.isaku.yamahata@intel.com
> kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
> kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
> kvm_mmu_uninit_vm(kvm);
> --
> 2.26.3
>
next prev parent reply other threads:[~2022-03-30 0:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-22 17:24 [PATCH 0/8] SVM fixes + refactoring Maxim Levitsky
2022-03-22 17:24 ` [PATCH 1/8] KVM: x86: avoid loading a vCPU after .vm_destroy was called Maxim Levitsky
2022-03-30 0:27 ` Sean Christopherson [this message]
2022-03-30 12:07 ` Paolo Bonzini
2022-04-28 5:47 ` Maxim Levitsky
2022-03-22 17:24 ` [PATCH 2/8] KVM: x86: SVM: use vmcb01 in avic_init_vmcb and init_vmcb Maxim Levitsky
2022-03-24 18:12 ` Paolo Bonzini
2022-03-27 15:15 ` Maxim Levitsky
2022-03-22 17:24 ` [PATCH 3/8] kvm: x86: SVM: use vmcb* instead of svm->vmcb where it makes sense Maxim Levitsky
2022-03-22 17:24 ` [PATCH 4/8] KVM: x86: SVM: fix avic spec based definitions again Maxim Levitsky
2022-03-22 17:24 ` [PATCH 5/8] KVM: x86: SVM: move tsc ratio definitions to svm.h Maxim Levitsky
2022-03-22 17:24 ` [PATCH 6/8] kvm: x86: SVM: remove unused defines Maxim Levitsky
2022-03-22 17:24 ` [PATCH 7/8] KVM: x86: SVM: fix tsc scaling when the host doesn't support it Maxim Levitsky
2022-03-22 17:24 ` [PATCH 8/8] KVM: x86: SVM: remove vgif_enabled() Maxim Levitsky
2022-03-30 0:20 ` Sean Christopherson
2022-03-30 12:08 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YkOkCwUgMD1SVfaD@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=stable@vger.kernel.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.