Re: [PATCH 5/7] KVM: SEV: Forcefully invalidate SNP VMSA if its backing gmem page is zapped

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: sashiko-reviews@lists.linux.dev
Cc: kvm@vger.kernel.org
Subject: Re: [PATCH 5/7] KVM: SEV: Forcefully invalidate SNP VMSA if its backing gmem page is zapped
Date: Thu, 25 Jun 2026 16:28:40 -0700	[thread overview]
Message-ID: <aj25qE6KRPcaEnxs@google.com> (raw)
In-Reply-To: <20260625224517.6BB7D1F000E9@smtp.kernel.org>

On Thu, Jun 25, 2026, sashiko-bot@kernel.org wrote:
> > diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
> > index 1618acc3ca647..8ec5041934dbc 100644
> > --- a/virt/kvm/guest_memfd.c
> > +++ b/virt/kvm/guest_memfd.c
> > @@ -185,6 +185,10 @@ static void __kvm_gmem_invalidate_start(struct gmem_file *f, pgoff_t start,
> >  		}
> >  
> >  		flush |= kvm_mmu_unmap_gfn_range(kvm, &gfn_range);
> > +
> > +#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
> > +		kvm_arch_gmem_invalidate_range(kvm, &gfn_range);
> > +#endif
> >  	}
> >  
> >  	if (flush)
> 
> [Severity: Critical]

*sigh*  If it's so critical, why couldn't you have found this in one of the
several times I had you review this off-list?

> Does this invalidation path cover the case where the memslot is unbound before
> the guest_memfd pages are freed?

Yes.  I think this would fix things?  I'll try to verify the bug and the fix...

diff --git arch/x86/kvm/mmu/mmu.c arch/x86/kvm/mmu/mmu.c
index 6c13da942bfc..2beb95394282 100644
--- arch/x86/kvm/mmu/mmu.c
+++ arch/x86/kvm/mmu/mmu.c
@@ -7560,8 +7560,14 @@ static void kvm_mmu_zap_memslot_pages_and_flush(struct kvm *kvm,
        kvm_mmu_remote_flush_or_zap(kvm, &invalid_list, flush);
 }
 
-static void kvm_mmu_zap_memslot(struct kvm *kvm,
-                               struct kvm_memory_slot *slot)
+static inline bool kvm_memslot_flush_zap_all(struct kvm *kvm)
+{
+       return kvm->arch.vm_type == KVM_X86_DEFAULT_VM &&
+              kvm_check_has_quirk(kvm, KVM_X86_QUIRK_SLOT_ZAP_ALL);
+}
+
+void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
+                                  struct kvm_memory_slot *slot)
 {
        struct kvm_gfn_range range = {
                .slot = slot,
@@ -7572,25 +7578,18 @@ static void kvm_mmu_zap_memslot(struct kvm *kvm,
        };
        bool flush;
 
-       write_lock(&kvm->mmu_lock);
-       flush = kvm_unmap_gfn_range(kvm, &range);
-       kvm_mmu_zap_memslot_pages_and_flush(kvm, slot, flush);
-       write_unlock(&kvm->mmu_lock);
-}
-
-static inline bool kvm_memslot_flush_zap_all(struct kvm *kvm)
-{
-       return kvm->arch.vm_type == KVM_X86_DEFAULT_VM &&
-              kvm_check_has_quirk(kvm, KVM_X86_QUIRK_SLOT_ZAP_ALL);
-}
-
-void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
-                                  struct kvm_memory_slot *slot)
-{
-       if (kvm_memslot_flush_zap_all(kvm))
+#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
+       if (slot->gmem.file)
+               kvm_arch_gmem_invalidate_range(kvm, &range);
+#endif
+       if (kvm_memslot_flush_zap_all(kvm)) {
                kvm_mmu_zap_all_fast(kvm);
-       else
-               kvm_mmu_zap_memslot(kvm, slot);
+       } else {
+               write_lock(&kvm->mmu_lock);
+               flush = kvm_unmap_gfn_range(kvm, &range);
+               kvm_mmu_zap_memslot_pages_and_flush(kvm, slot, flush);
+               write_unlock(&kvm->mmu_lock);
+       }
 }
 
 void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm, u64 gen)

next prev parent reply	other threads:[~2026-06-25 23:28 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-25 22:22 [PATCH 0/7] KVM: SEV: Fix RMP #PF due freeing in-use VMSA Sean Christopherson
2026-06-25 22:22 ` [PATCH 1/7] KVM: SEV: Track the GPA of the guest-controlled VMSA used for SNP guests Sean Christopherson
2026-06-25 22:22 ` [PATCH 2/7] KVM: SEV: Extract loading of guest-provided VMSA to a separate helper Sean Christopherson
2026-06-25 22:22 ` [PATCH 3/7] KVM: SEV: Mark vCPU RUNNABLE after AP_CREATE, even if VMSA is unusable Sean Christopherson
2026-06-25 22:22 ` [PATCH 4/7] KVM: Rework .gmem_invalidate() into .gmem_free_folio() Sean Christopherson
2026-06-25 22:39   ` sashiko-bot
2026-06-25 22:22 ` [PATCH 5/7] KVM: SEV: Forcefully invalidate SNP VMSA if its backing gmem page is zapped Sean Christopherson
2026-06-25 22:45   ` sashiko-bot
2026-06-25 23:28     ` Sean Christopherson [this message]
2026-06-25 22:22 ` [PATCH 6/7] KVM: x86: Guard .gmem_prepare() declarations with HAVE_KVM_GMEM_PREPARE=y Sean Christopherson
2026-06-25 22:22 ` [PATCH 7/7] KVM: SEV: Mark vCPU has having guest-provided VMSA even if its invalid Sean Christopherson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6c13da942bf dfblob:2beb9539428 )
 OR (
bs:"Re: [PATCH 5/7] KVM: SEV: Forcefully invalidate SNP VMSA if its backing gmem page is zapped" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aj25qE6KRPcaEnxs@google.com \
    --to=seanjc@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.