From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80E9437DEBF
	for <linux-kernel@vger.kernel.org>; Tue, 16 Jun 2026 16:19:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1781626766; cv=none; b=huVs4m1oeS6wPfmRlm15PEyx0WTnGlzpNna/CEOdiLanJP+8OvEtM18Hd9PgQKm60g0LRfvg7fRHrw7t+n7K1Uj0KfwBqjeBOUfHs//dwcWRadaMpusr2gKUVVfel9mWWGqJzcsu3wa2dTbEaV6d6G6w22KLMoHMKtwzxC/l9NE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1781626766; c=relaxed/simple;
	bh=tPH+WRsy5SwraqWnhh28dvKm+INysH0yq5/S01S6nZE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type; b=JYCfXqLFuH4c9ejcfySLCgKMlivDf5tQCjIR6CxWXUevvLThue/FOFAG4Pz4h+4/cJHxlnzav0DEBZLUGZ8VTnaAN5bOPJHoK9tC6e+Bvnf5gylPW1Fb+JvHJCVfNx+4aTGynq5boq4MPdYe+DrWkdMNhVI6DsWes4I7f9qEnFs=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sAJjUqdl; arc=none smtp.client-ip=209.85.216.73
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sAJjUqdl"
Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-36d98b5a68fso8473525a91.2
        for <linux-kernel@vger.kernel.org>; Tue, 16 Jun 2026 09:19:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1781626764; x=1782231564; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=TXAbDgyEZMHiNWK9p2PL3xdiINhXLiA968E1ozdg5N4=;
        b=sAJjUqdlltaHMLgahjISS55U5GQq1abANxbXbPIeDNy/0P/uG+u9onQ3njyb1p7Eqn
         WH9qWbTIxyqxn0S7q4CrF8NYD/w93o+qrYz+Ea5DGc1XQ2g1iM0HpTPxDj5lPc4wubQd
         SRKifuwWKsH5hCVykFew+9+g9SCX+kgGwDikAvjc1Mna1wFMvmv3brfzoEPF4wwBYTEK
         ZDiFjszzZ8UhODZnRmBM0eRASv17ycbTnnTPeVOAtAVa5rwIE7o+njLkWfim+6DMvhjO
         iTbZq3sooVy97I0WXOGoPFQX88+p4cOtmTM63LMYw+4js9QnhwdTxjT6wn5fLp7+EyY2
         /aMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1781626764; x=1782231564;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=TXAbDgyEZMHiNWK9p2PL3xdiINhXLiA968E1ozdg5N4=;
        b=PYxhfmENfmFw6oMhCgxFlgTQ+85ueOWdsf97ZDNEdEXuWPUH7/dp1akrEYajrpiZLa
         bsTQcyJd6g+8+LavBqc+ziHfVXF9jWTjYlOmkITTJrM2AGKi/jN6U7BD99GbbJnd5m8j
         5EZauhx2q0tIZgW6LzPANEw/4MPFS/zSmLY8GInxsH23DWVFc//HWsYtuKCtk4rtTErp
         HNFTVTOYmL/w1KcrXJtOwv+MMLi7MMFwiGeT2QydTmG10ROWtN2ZcgxSn32CNzT4Ak3E
         AqylH0HEIUYqUdaqpVG0Sw+E4UJIswgfyRt69QyWkWf2NHEzCg977CySbXieq1n9U9Ry
         DlVA==
X-Forwarded-Encrypted: i=1; AFNElJ/9EQkBp40sOH72IokDaDEmwzpn5dq9tuzCgKFevN7wnl/UhLETZMaxBgRcrC3D9jz3TiTy8We/i243+1k=@vger.kernel.org
X-Gm-Message-State: AOJu0Yzm/VWPcoU44uMoLWyvQL/qULe6/AWJTeAkPH4oARIroIHOqPHf
	qZVVwyL1zOOsGaCeBTDl066zV3beN6OCY2VeeGyUjCN6OQ7XRi6ZRCzwZOfC5YtBnZkhBgYsyj0
	VQuYc+A==
X-Received: from pjuw5.prod.google.com ([2002:a17:90a:d605:b0:36b:ba98:4e9])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1d81:b0:36b:7f69:c152
 with SMTP id 98e67ed59e1d1-37c9391c8d4mr137487a91.18.1781626763569; Tue, 16
 Jun 2026 09:19:23 -0700 (PDT)
Date: Tue, 16 Jun 2026 09:19:22 -0700
In-Reply-To: <b6721d022187966290f8ea04766ffb1268407ca1.camel@intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260613000329.732085-1-seanjc@google.com> <20260613000329.732085-19-seanjc@google.com>
 <906e9797-08d4-4ebe-aed3-34002aa1f917@linux.intel.com> <3be528f30351ae8744276107fe1060cb222077ca.camel@intel.com>
 <144cfc22-10fb-46db-a42e-f4ea8986d353@linux.intel.com> <b6721d022187966290f8ea04766ffb1268407ca1.camel@intel.com>
Message-ID: <ajF3il4nLemXBOle@google.com>
Subject: Re: [PATCH v4 18/30] KVM: x86: Move "struct kvm_x86_msr_filter"
 definition to msrs.c
From: Sean Christopherson <seanjc@google.com>
To: Kai Huang <kai.huang@intel.com>
Cc: "binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>, "kvm@vger.kernel.org" <kvm@vger.kernel.org>, 
	"pbonzini@redhat.com" <pbonzini@redhat.com>, 
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "vkuznets@redhat.com" <vkuznets@redhat.com>, 
	"yosry@kernel.org" <yosry@kernel.org>
Content-Type: text/plain; charset="us-ascii"

On Tue, Jun 16, 2026, Kai Huang wrote:
> On Tue, 2026-06-16 at 15:43 +0800, Binbin Wu wrote:
> > > However, does moving the structure definition to "msrs.h" fix the problem?
> > 
> > Yes, it does.
> > 
> > Similar issue for struct kvm_x86_pmu_event_filter also could be resolved
> > by moving the structure definition to "pmu.h"
> 
> Thanks for confirming.  I think we should do this.

I really don't want to go that route, especially since there's absolutely no
reason to use srcu_dereference_check() during destruction.  KVM isn't actually
checking anything, and the (S)RCU pointers _must_ be protected during destruction,
otherwise use-after-free is all but guaranteed.

Unfortunately, every RCU macro I can find does typeof(*p) somewhere in its flow.
But I would still strongly prefer to open code a __force to strip the __rcu than
expose the structures outside of msrs.c and pmu.c.

This makes gcc8 and gcc9 happy on my end.  I'll squash the changes into their
respective patches, and update the changelogs.

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 95b3bc7b449e..b3c180e16e29 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -9975,13 +9975,13 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
        if (kvm->arch.created_mediated_pmu)
                perf_release_mediated_pmu();
        kvm_destroy_vcpus(kvm);
-       kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
+       kvm_free_msr_filter((void * __force)kvm->arch.msr_filter);
 #ifdef CONFIG_KVM_IOAPIC
        kvm_pic_destroy(kvm);
        kvm_ioapic_destroy(kvm);
 #endif
        kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
-       kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
+       kfree((void * __force)kvm->arch.pmu_event_filter);
        kvm_mmu_uninit_vm(kvm);
        kvm_page_track_cleanup(kvm);
        kvm_xen_destroy_vm(kvm);