From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B66C2800 for ; Sat, 25 Jan 2025 00:10:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737763849; cv=none; b=dARYdNzXVMYj5yxWFom+fb15uEYQT+91R0HWD8SU+MOhNSb+0kEw8OKC8pQacgg1lqwyY2M1WJt7cbMH2ASrtEHlVqJw967XruMAHces7cHuX0DhCzPGK4IDBiwkZXTpbxHus+Z485BytvwD1CDJwUaYAd0tSNiDcpXWzXYWF3c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737763849; c=relaxed/simple; bh=vUGqW9hRUo6yTSS0XX3LufamipqZvYQXssBdlkbaMDw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=EPf4UZLa0f+9ty99RyMa8mnJzicfuZ1GnwcAXBuwz1LSAAi713CMocdlItwadi0CTQY0M8yhut7KwoX6vVIQapC1QNnH+rQyZ7pGj5eXfEganDUj5y0ppJ7mTWsGrmc1Kq437Mk3rWtuHr6DDMwOHMnMesL61o52Dzh6X2pbEDQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=M0WhqAWf; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="M0WhqAWf" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2166855029eso51397805ad.0 for ; Fri, 24 Jan 2025 16:10:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737763847; x=1738368647; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=lLBwqek7dAIeuACyAn1wHDWn/eOmVHui0aCFeRl2CPg=; b=M0WhqAWfXlLUBHH4P3DivvEuiySJSOAMnXRZOKmpHmJ5KOyakKVWAwhdCry/tANyyy CGVaBgHoELP9h/Tf02n/+yV/FNlyGSo2C6GsTxphXFYWwnyEhqC5CScdhq1TjavM7ent XdBiB6a116lA1ePpZyiWwcck/zH1y1vWU9Yk/XJazlNMxAnNXD0BUoWpVRyZGQqXo2qU AWg6cv8GjbyqwnlP65jtGjJFFD/e8oNjjUI2p1hPnz4WoAKyeTN463GyseWYF8TAA0Mz ZaD6UR1pJG6AjNrRttTwc/RvC5PH38+gqcRjKjklkDyi6DoXz0DuJy5RI1GAc5cTYtuy N8Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737763847; x=1738368647; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lLBwqek7dAIeuACyAn1wHDWn/eOmVHui0aCFeRl2CPg=; b=VpV13aGgayelZcc5OkznKYegW0kJO3w+IW0ZrCeKYYX0UpAKhEsW4VKPQx9VmpDNbi Xlty406BaQCC4iNyiWMdWQK2DMUY6ZfF0ND8ktZrF5FFHXfHO5/eFrm1hVtkvYs6Y3jT 8a23FYQ3Nt76en19hkQGySMheLbab5qCHmO5X98dQ95UmwOLygoQ2AhktzodhKuIP4mT JyOZ7BLRI/0HVTidIE5KYNiqzPZYOtCvWTE6zuJ94lbrlS5PRCl5IzTGY/WcU1cLPnno BeTxy2kyO7EryMyO+8vAl/4tuvCeSTO/K6qpNh5izZ3tXqfzVqzR3ZscELzd2adev8FY kcBw== X-Forwarded-Encrypted: i=1; AJvYcCXJal5lL2qFp/d8P242pSIddAKq1STbEEFx2QVnuLBOWeHitB61mdjxjiIFf0NTnAbjKG81oH5YOLr5oUM=@vger.kernel.org X-Gm-Message-State: AOJu0YzgS9jn5TQPfWrFej6YiyjvGPUMu06t8XDrUm72aWBQ8F722GF8 gE7I60mH03AGXNPUHDKJ4VlDaJ7TAByc2BzoVQvejbWqCP4lJyCV9sDyGOBdL399BBisYBUkpka yEQ== X-Google-Smtp-Source: AGHT+IFpy3P4veqv3F3dWouqbdgVpGzdZe9YYIEXXZ4ArJcsgxQiSvHAO44CHe0DkODVGsEgPjRaJAtco+8= X-Received: from plbme16.prod.google.com ([2002:a17:902:fc50:b0:216:21cb:2dfe]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:f688:b0:215:aee1:7e3e with SMTP id d9443c01a7336-21c352d664fmr461166135ad.5.1737763846919; Fri, 24 Jan 2025 16:10:46 -0800 (PST) Date: Fri, 24 Jan 2025 16:10:45 -0800 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250123153543.2769928-1-kbusch@meta.com> Message-ID: Subject: Re: [PATCH] kvm: defer huge page recovery vhost task to later From: Sean Christopherson To: Keith Busch Cc: Keith Busch , kvm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Vlad Poenaru , tj@kernel.org, Paolo Bonzini , Alyssa Ross Content-Type: text/plain; charset="us-ascii" On Fri, Jan 24, 2025, Keith Busch wrote: > On Fri, Jan 24, 2025 at 12:07:24PM -0800, Sean Christopherson wrote: > > This is broken. If the module param is toggled before the first KVM_RUN, KVM > > will hit a NULL pointer deref due to trying to start a non-existent vhost task: > > > > BUG: kernel NULL pointer dereference, address: 0000000000000040 > > #PF: supervisor read access in kernel mode > > #PF: error_code(0x0000) - not-present page > > PGD 0 P4D 0 > > Oops: Oops: 0000 [#1] SMP > > CPU: 16 UID: 0 PID: 1190 Comm: bash Not tainted 6.13.0-rc3-9bb02e874121-x86/xen_msr_fixes-vm #2382 > > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 > > RIP: 0010:vhost_task_wake+0x5/0x10 > > Call Trace: > > > > set_nx_huge_pages+0xcc/0x1e0 [kvm] > > Thanks for pointing out this gap. It looks like we'd have to hold the > kvm_lock in kvm_mmu_post_init_vm(), and add NULL checks in > set_nx_huge_pages() and set_nx_huge_pages_recovery_param() to prevent > the NULL deref. Is that okay? I don't _think_ we need to take kvm_lock. And I don't want to take kvm_lock, because we're also trying to eliminate a (very theoretical) deadlock[1] due to taking kvm_lock in the params helpers. There is a race that can happen with my proposed fix[2], but I'm not sure we care enough to address it. If kvm_nx_huge_page_recovery_worker() runs before the params are set, and the param setter processes the VM before nx_huge_page_recovery_thread is set, then the worker could sleep for too long, relative to what userspace expects. I suppose if we care then we could fix that by taking kvm->arch.nx_once.mutex when waking the task? [1] https://lore.kernel.org/all/20250124191109.205955-2-pbonzini@redhat.com [2] https://lore.kernel.org/all/20250124234623.3609069-1-seanjc@google.com