From: Sean Christopherson <seanjc@google.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
Huacai Chen <chenhuacai@kernel.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Anup Patel <anup@brainfault.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Tony Krowiak <akrowiak@linux.ibm.com>,
Halil Pasic <pasic@linux.ibm.com>,
Jason Herne <jjherne@linux.ibm.com>,
Harald Freudenberger <freude@linux.ibm.com>,
Alex Williamson <alex.williamson@redhat.com>,
Andy Lutomirski <luto@kernel.org>,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
linux-mips@vger.kernel.org, kvm@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Anish Ghulati <aghulati@google.com>,
Venkatesh Srinivas <venkateshs@chromium.org>,
Andrew Thornton <andrewth@google.com>
Subject: Re: [PATCH 05/26] vfio: KVM: Pass get/put helpers from KVM to VFIO, don't do circular lookup
Date: Tue, 12 Dec 2023 18:22:00 -0800 [thread overview]
Message-ID: <ZXkVSKULLivrMkBl@google.com> (raw)
In-Reply-To: <20231203140756.GI1489931@ziepe.ca>
On Sun, Dec 03, 2023, Jason Gunthorpe wrote:
> On Fri, Dec 01, 2023 at 04:51:55PM -0800, Sean Christopherson wrote:
>
> > There's one more wrinkle: this patch is buggy in that it doesn't ensure the liveliness
> > of KVM-the-module, i.e. nothing prevents userspace from unloading kvm.ko while VFIO
> > still holds a reference to a kvm structure, and so invoking ->put_kvm() could jump
> > into freed code. To fix that, KVM would also need to pass along a module pointer :-(
>
> Maybe we should be refcounting the struct file not the struct kvm?
>
> Then we don't need special helpers and it keeps the module alive correctly.
Huh. It took my brain a while to catch up, but this seems comically obvious in
hindsight. I *love* this approach, both conceptually and from a code perspective.
Handing VFIO (and any other external entities) a file makes it so that KVM effectively
interacts with users via files, regardless of whether the user lives in userspace
or the kernel. That makes it easier to reason about the safety of operations,
e.g. in addition to ensuring KVM-the-module is pinned, having a file pointer allows
KVM to verify that the incoming pointer does indeed represent a VM. Which isn't
necessary by any means, but it's a nice sanity check.
From a code perspective, it's far cleaner than manually grabbing module references,
and having only a file pointers makes it a wee bit harder for non-KVM code to
poke into KVM, e.g. keeps us honest.
Assuming nothing blows up in testing, I'll go this route for v2.
Thanks!
next prev parent reply other threads:[~2023-12-13 2:22 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-16 0:30 [PATCH 00/26] KVM: vfio: Hide KVM internals from others Sean Christopherson
2023-09-16 0:30 ` [PATCH 01/26] vfio: Wrap KVM helpers with CONFIG_KVM instead of CONFIG_HAVE_KVM Sean Christopherson
2023-09-18 15:16 ` Jason Gunthorpe
2023-09-28 22:21 ` Alex Williamson
2023-09-16 0:30 ` [PATCH 02/26] vfio: Move KVM get/put helpers to colocate it with other KVM related code Sean Christopherson
2023-09-18 15:17 ` Jason Gunthorpe
2023-09-28 22:21 ` Alex Williamson
2023-09-16 0:30 ` [PATCH 03/26] virt: Declare and define vfio_file_set_kvm() iff CONFIG_KVM is enabled Sean Christopherson
2023-09-18 15:18 ` Jason Gunthorpe
2023-09-28 22:21 ` Alex Williamson
2023-09-16 0:30 ` [PATCH 04/26] vfio: Add struct to hold KVM assets and dedup group vs. iommufd code Sean Christopherson
2023-09-28 22:21 ` Alex Williamson
2023-09-16 0:30 ` [PATCH 05/26] vfio: KVM: Pass get/put helpers from KVM to VFIO, don't do circular lookup Sean Christopherson
2023-09-18 15:21 ` Jason Gunthorpe
2023-09-18 15:49 ` Sean Christopherson
2023-09-18 16:02 ` Jason Gunthorpe
2023-12-02 0:51 ` Sean Christopherson
2023-12-03 14:07 ` Jason Gunthorpe
2023-12-13 2:22 ` Sean Christopherson [this message]
2023-09-28 22:21 ` Alex Williamson
2023-09-16 0:30 ` [PATCH 06/26] KVM: Drop CONFIG_KVM_VFIO and just look at KVM+VFIO Sean Christopherson
2023-09-18 15:29 ` Jason Gunthorpe
2023-09-18 15:52 ` Sean Christopherson
2023-09-18 16:17 ` Jason Gunthorpe
2023-09-28 22:21 ` Alex Williamson
2023-09-16 0:30 ` [PATCH 07/26] x86/idt: Wrap KVM logic with CONFIG_KVM instead of CONFIG_HAVE_KVM Sean Christopherson
2023-09-16 0:31 ` [PATCH 08/26] KVM: x86: Stop selecting and depending on HAVE_KVM Sean Christopherson
2023-09-16 0:31 ` [PATCH 09/26] KVM: arm64: " Sean Christopherson
2023-09-16 0:31 ` [PATCH 10/26] KVM: s390: " Sean Christopherson
2023-09-18 13:38 ` Claudio Imbrenda
2023-09-16 0:31 ` [PATCH 11/26] KVM: MIPS: Make HAVE_KVM a MIPS-only Kconfig Sean Christopherson
2023-09-16 0:31 ` [PATCH 12/26] KVM: arm64: Move arm_{psci,hypercalls}.h to an internal KVM path Sean Christopherson
2023-09-16 0:31 ` [PATCH 13/26] KVM: arm64: Include KVM headers to get forward declarations Sean Christopherson
2023-09-16 0:31 ` [PATCH 14/26] KVM: arm64: Move ARM specific headers in include/kvm to arch directory Sean Christopherson
2023-09-16 0:31 ` [PATCH 15/26] KVM: Move include/kvm/iodev.h to include/linux as kvm_iodev.h Sean Christopherson
2023-12-14 6:02 ` Anup Patel
2023-09-16 0:31 ` [PATCH 16/26] KVM: MIPS: Stop adding virt/kvm to the arch include path Sean Christopherson
2023-09-16 0:31 ` [PATCH 17/26] KVM: PPC: " Sean Christopherson
2023-09-16 0:31 ` [PATCH 18/26] KVM: s390: " Sean Christopherson
2023-09-18 6:56 ` Thomas Huth
2023-09-18 13:38 ` Claudio Imbrenda
2023-09-16 0:31 ` [PATCH 19/26] KVM: Standardize include paths across all architectures Sean Christopherson
2023-12-14 6:04 ` Anup Patel
2023-09-16 0:31 ` [PATCH 20/26] perf/x86: KVM: Have perf define a dedicated struct for getting guest PEBS data Sean Christopherson
2023-09-16 0:31 ` [PATCH 21/26] entry/kvm: Drop @vcpu param from arch_xfer_to_guest_mode_handle_work() Sean Christopherson
2023-09-16 0:31 ` [PATCH 22/26] entry/kvm: KVM: Move KVM details related to signal/-EINTR into KVM proper Sean Christopherson
2023-12-14 6:13 ` Anup Patel
2023-09-16 0:31 ` [PATCH 23/26] KVM: arm64: Move and consolidate "public" functions in asm/kvm_host.h Sean Christopherson
2023-09-16 0:31 ` [PATCH 24/26] powerpc/xics: Move declaration of xics_wake_cpu() out of kvm_ppc.h Sean Christopherson
2023-09-16 0:31 ` [PATCH 25/26] KVM: PPC: Rearrange code in kvm_ppc.h to isolate "public" information Sean Christopherson
2023-09-16 0:31 ` [PATCH 26/26] KVM: Hide KVM internal data structures and values from kernel at-large Sean Christopherson
2023-12-14 6:20 ` Anup Patel
2024-06-20 10:10 ` [PATCH 00/26] KVM: vfio: Hide KVM internals from others Shameerali Kolothum Thodi
2024-06-24 15:32 ` Sean Christopherson
2024-06-24 19:21 ` Shameerali Kolothum Thodi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZXkVSKULLivrMkBl@google.com \
--to=seanjc@google.com \
--cc=acme@kernel.org \
--cc=aghulati@google.com \
--cc=agordeev@linux.ibm.com \
--cc=akrowiak@linux.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=andrewth@google.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=borntraeger@linux.ibm.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=dave.hansen@linux.intel.com \
--cc=frankja@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=jgg@ziepe.ca \
--cc=jjherne@linux.ibm.com \
--cc=kvm-riscv@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=pasic@linux.ibm.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=venkateshs@chromium.org \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).