Kernel KVM virtualization development
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Sean Christopherson" <seanjc@google.com>
Cc: kvm@vger.kernel.org
Subject: Re: [PATCH v2 7/9] KVM: SEV: Forcefully invalidate SNP VMSA if its backing gmem page is zapped
Date: Fri, 26 Jun 2026 23:39:04 +0000	[thread overview]
Message-ID: <20260626233904.ABDE11F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260626231416.3943216-8-seanjc@google.com>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Low] Data Race on lockless access to `snp_guest_vmsa_gpa` without READ_ONCE/WRITE_ONCE.
--

commit 0384ec40691742221905a1f869e903471b8acac7
Author: Sean Christopherson <seanjc@google.com>

KVM: SEV: Forcefully invalidate SNP VMSA if its backing gmem page is zapped

This commit wires up a gmem_invalid_range() call for SNP VMs. It forces
vCPUs to reload or recheck their guest-provided VMSA if the backing
guest_memfd page is being invalidated.

Link: https://lore.kernel.org/all/aimMWzAf5b3luM0b@v4bel

> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 3d90aa723dc25..04be49b1af57d 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c

[ ... ]

> @@ -5135,6 +5154,31 @@ int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order)
>  
>  	return 0;
>  }
> +void sev_gmem_invalidate_range(struct kvm *kvm, struct kvm_gfn_range *range)
> +{
> +	struct kvm_vcpu *vcpu;
> +	unsigned long i;
> +
> +	lockdep_assert_held_write(&kvm->mmu_lock);
> +
> +	/*
> +	 * An unstable result for "is SNP" is a-ok here, thanks to mmu_lock.
> +	 * The vCPU's VMSA GPA is invalidated before the vCPU is made visible
> +	 * to other tasks, and can only become valid while holding mmu_lock,
> +	 * after the VM is fully committed to being an SNP VM.
> +	 */
> +	if (!____sev_snp_guest(kvm))
> +		return;
> +
> +	kvm_for_each_vcpu(i, vcpu, kvm) {
> +		gpa_t gpa = to_svm(vcpu)->sev_es.snp_guest_vmsa_gpa;
> +
> +		if (VALID_PAGE(gpa) &&

[Severity: Low]
Can this lead to a data race or KCSAN splat?

Here snp_guest_vmsa_gpa is read locklessly relative to snp_vmsa_mutex. It is
read under mmu_lock, but in __sev_snp_reload_vmsa(), snp_guest_vmsa_gpa is
cleared (set to INVALID_PAGE) while holding snp_vmsa_mutex without mmu_lock.

Since they don't share a common lock for this variable's lifecycle, should
this read and the corresponding write in __sev_snp_reload_vmsa() use
READ_ONCE() and WRITE_ONCE() to prevent compiler refetching or optimization
artifacts?

> +		    gpa_to_gfn(gpa) >= range->start &&
> +		    gpa_to_gfn(gpa) < range->end)
> +			kvm_make_request_and_kick(KVM_REQ_VMSA_PAGE_RELOAD, vcpu);
> +	}
> +}

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260626231416.3943216-1-seanjc@google.com?part=7

  reply	other threads:[~2026-06-26 23:39 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-26 23:14 [PATCH v2 0/9] KVM: SEV: Fix RMP #PF due freeing in-use VMSA Sean Christopherson
2026-06-26 23:14 ` [PATCH v2 1/9] KVM: SEV: Track the GPA of the guest-controlled VMSA used for SNP guests Sean Christopherson
2026-06-26 23:14 ` [PATCH v2 2/9] KVM: SEV: Extract loading of guest-provided VMSA to a separate helper Sean Christopherson
2026-06-26 23:14 ` [PATCH v2 3/9] KVM: SEV: Mark vCPU RUNNABLE after AP_CREATE, even if VMSA is unusable Sean Christopherson
2026-06-26 23:14 ` [PATCH v2 4/9] KVM: Rework .gmem_invalidate() into .gmem_free_folio() Sean Christopherson
2026-06-29 21:50   ` Ackerley Tng
2026-06-29 22:02     ` Sean Christopherson
2026-06-30  0:09       ` Ackerley Tng
2026-06-30  0:18         ` Sean Christopherson
2026-06-26 23:14 ` [PATCH v2 5/9] KVM: x86/mmu: Fold kvm_mmu_zap_memslot() into kvm_arch_flush_shadow_memslot() Sean Christopherson
2026-06-26 23:14 ` [PATCH v2 6/9] KVM: x86/mmu: Split kvm_mmu_zap_all_fast() into "front" and "back" halves Sean Christopherson
2026-06-26 23:29   ` sashiko-bot
2026-06-26 23:14 ` [PATCH v2 7/9] KVM: SEV: Forcefully invalidate SNP VMSA if its backing gmem page is zapped Sean Christopherson
2026-06-26 23:39   ` sashiko-bot [this message]
2026-06-29 21:59   ` Ackerley Tng
2026-06-29 23:49     ` Sean Christopherson
2026-06-26 23:14 ` [PATCH v2 8/9] KVM: x86: Guard .gmem_prepare() declarations with HAVE_KVM_GMEM_PREPARE=y Sean Christopherson
2026-06-26 23:14 ` [PATCH v2 9/9] KVM: SEV: Mark vCPU has having guest-provided VMSA even if its invalid Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260626233904.ABDE11F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=kvm@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    --cc=seanjc@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox