From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5149531619A
	for <linux-kernel@vger.kernel.org>; Thu, 23 Apr 2026 14:08:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776953328; cv=none; b=DAe9Mv1lRtJqz3E3Fp/lTDYmoOqIaGn7Nw05ZHvMmQgpZW41dvmRx69q9i7Qin6cLrYJP9mKuLywwc8zsQzO0DjnqJQQW3LmEAI2RcQcETcFRYTcQI1/0HYlulNhFGcbBUKsEVYFG0k4yXURawE6wQttkGRm8O4ZExrqTxMT7PM=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776953328; c=relaxed/simple;
	bh=/3cDx3aIf060SuHsn27j2Kp/Fy1op4c4/c+Wag2Nux8=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type; b=eOW4VIs4Y9ikvd+zPMy0g1Dm85Ew3q8cxkyCGIsHxMjrXPCy0j4O6em5NZome8MmuHFT/MRBLqp90eSH+U3BxngG4sSv+iSKv1d78jjeR2UCHgrEEC0MADyxK2jLvJ/VT71OblQaMoG1qQ5lFW42hAb1u41qNhMY+EjIjsLsajY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Rc3XDYuP; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Rc3XDYuP"
Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-82fa366fb79so5876806b3a.2
        for <linux-kernel@vger.kernel.org>; Thu, 23 Apr 2026 07:08:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1776953325; x=1777558125; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=vpe0Pwj50R8sAJb454RBdJG01v3qvgsTWjeq0H4u93I=;
        b=Rc3XDYuPzMpU4bqUT2flpGc4xy/7F6MCTbJwYPbz8Cwt2Z87Zr0AjddIRYzarlrA1t
         nrocpMyuGKTmV93e+FcNgiefJ5DvBoM02AH01Q6HNSsFICUSDmpjVslTlL68ViPsVqMv
         6pCDgHkitDLOJ7ORbYKhaxIjRCD+DFvDRcz7GuVwTBtBY5BKCPJ4Mjodb9mrEsLz2NAC
         RlylV+tLRPNiXKNr+6JuzhMwWtwly9ENjJxAFCZ+XxLNl/Qjx9BQdQ4fUnesoxfZtUnI
         eYnLN44rZzLnyqOkgTDdiCuvahQOc+jUgB+5eBYAsDaaYJgHrd0T3xnLbWyhgZZE3hxV
         50fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1776953325; x=1777558125;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=vpe0Pwj50R8sAJb454RBdJG01v3qvgsTWjeq0H4u93I=;
        b=gHf26sbMWZOkxblZoglnjQthsD3hhwn053A8fzRY32Wu3bY5bSj7VTUoZsG3wmeewz
         9g/Mng7tQpsarVe1Ymkg3TrxrfwhF0bm3trSSp+aQt89B5h48q2ZmhtP+SR8mW9jkd2G
         4+5o2sN3MpWn9LB6f2O0oURn2bJTypuyCn72BNxQzf5f/jp9gK9RU2LIuxGqtlBmmThC
         LXfpWz9FlS0FZMgAuoEH8DX/Co2qjucVZQ5E/2XiA64CAMH0qH5qxICx5/TLhq0//9Km
         Dp68Y4Ycrr6b6QNuIaENWs10ysyemgi7JjMvQSujyAukhf/TJFj0L2Y/wOWpzhrQzpVW
         Bojw==
X-Forwarded-Encrypted: i=1; AFNElJ8wrLTJSUUYniTc4hlcZdzQGu64ZQ9/5O+ytHXLs9OU6oGaiynfAi3seGZP/j2vome0HdPpgaQZ3NDCGN8=@vger.kernel.org
X-Gm-Message-State: AOJu0Yz6ZM2B/Fxu/7CiIOyK7Xr88wzaU9BhwrSvQax/gFXyrJELQRB6
	2VZxskyfKhYOaVvpAAHDHtNpOHzvYFQieNaeZs1eu80CvTGH76z+gny0JmgMugjn9uTMVFohSbw
	33haTcw==
X-Received: from pfbih24.prod.google.com ([2002:a05:6a00:8c18:b0:82f:36fa:1a58])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:8a82:b0:82f:a6bf:bede
 with SMTP id d2e1a72fcca58-82fa6bfcb14mr14270676b3a.40.1776953325204; Thu, 23
 Apr 2026 07:08:45 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 23 Apr 2026 07:08:32 -0700
In-Reply-To: <20260423140833.439512-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260423140833.439512-1-seanjc@google.com>
X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog
Message-ID: <20260423140833.439512-5-seanjc@google.com>
Subject: [PATCH 4/5] KVM: x86/hyperv: Assert vCPU's mutex is held in to_hv_vcpu()
From: Sean Christopherson <seanjc@google.com>
To: Vitaly Kuznetsov <vkuznets@redhat.com>, Sean Christopherson <seanjc@google.com>, 
	Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"

Assert that either vcpu->mutex is held or the VM is otherwise unreachable
when using the normal vCPU => HyperV accessor to help detect improper
cross-task usage of the HyperV structure.  When accessing the structure
without holding the vCPU's mutex, e.g. to send interrupts or to queue TLB
flushes, KVM needs to use the more paranoid to_hv_vcpu_safe() to guarantee
that it can't see a half-baked structure.

To avoid false positives, open code accesses to vcpu->arch.hyperv in the
Synthetic Timer callbacks (can be reached if and only if HyperV state is
fully initialized) and in kvm_hv_set_cpuid() (can unfortunately be reached
during vCPU creation, when vcpu->mutex is not held, but otherwise is called
only when vcpu->mutex is held).

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/hyperv.c | 8 +++-----
 arch/x86/kvm/hyperv.h | 3 +++
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
index 92a715d06d92..a79ccea05a65 100644
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -599,8 +599,7 @@ static void stimer_mark_pending(struct kvm_vcpu_hv_stimer *stimer,
 {
 	struct kvm_vcpu *vcpu = hv_stimer_to_vcpu(stimer);
 
-	set_bit(stimer->index,
-		to_hv_vcpu(vcpu)->stimer_pending_bitmap);
+	set_bit(stimer->index, vcpu->arch.hyperv->stimer_pending_bitmap);
 	kvm_make_request(KVM_REQ_HV_STIMER, vcpu);
 	if (vcpu_kick)
 		kvm_vcpu_kick(vcpu);
@@ -614,8 +613,7 @@ static void stimer_cleanup(struct kvm_vcpu_hv_stimer *stimer)
 				    stimer->index);
 
 	hrtimer_cancel(&stimer->timer);
-	clear_bit(stimer->index,
-		  to_hv_vcpu(vcpu)->stimer_pending_bitmap);
+	clear_bit(stimer->index, vcpu->arch.hyperv->stimer_pending_bitmap);
 	stimer->msg_pending = false;
 	stimer->exp_time = 0;
 }
@@ -2311,7 +2309,7 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc)
 
 void kvm_hv_set_cpuid(struct kvm_vcpu *vcpu, bool hyperv_enabled)
 {
-	struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu);
+	struct kvm_vcpu_hv *hv_vcpu = vcpu->arch.hyperv;
 	struct kvm_cpuid_entry2 *entry;
 
 	vcpu->arch.hyperv_enabled = hyperv_enabled;
diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h
index ca5366341110..b7938d45f655 100644
--- a/arch/x86/kvm/hyperv.h
+++ b/arch/x86/kvm/hyperv.h
@@ -75,6 +75,9 @@ static inline struct kvm_vcpu_hv *to_hv_vcpu_safe(struct kvm_vcpu *vcpu)
 
 static inline struct kvm_vcpu_hv *to_hv_vcpu(struct kvm_vcpu *vcpu)
 {
+	lockdep_assert_once(lockdep_is_held(&vcpu->mutex) ||
+			    !refcount_read(&vcpu->kvm->users_count));
+
 	return vcpu->arch.hyperv;
 }
 
-- 
2.54.0.545.g6539524ca2-goog