From: Sean Christopherson <seanjc@google.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: syzbot <syzbot+106a4f72b0474e1d1b33@syzkaller.appspotmail.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, syzkaller-bugs@googlegroups.com,
paul <paul@xen.org>
Subject: Re: [syzbot] [kvm?] WARNING in __kvm_gpc_refresh
Date: Tue, 19 Mar 2024 08:23:30 -0700 [thread overview]
Message-ID: <Zfmt8rxlF1ag1iA_@google.com> (raw)
In-Reply-To: <33bcc5778e39780c6895ffa9f52f4b12cf83ad89.camel@infradead.org>
On Mon, Mar 18, 2024, David Woodhouse wrote:
> On Mon, 2024-03-18 at 14:34 -0700, Sean Christopherson wrote:
> > On Mon, Mar 18, 2024, David Woodhouse wrote:
> > >
> > > /* Either gpa or uhva must be valid, but not both */
> > > if (WARN_ON_ONCE(kvm_is_error_gpa(gpa) == kvm_is_error_hva(uhva)))
> > > return -EINVAL;
> > >
> > > Hm, that comment doesn't match the code. It says "not both", but the
> > > code also catches the "neither" case. I think the gpa is in %rbx and
> > > uhva is in %r12, so this is indeed the 'neither' case.
> > >
> > > Is it expected that we can end up with a cache marked active, but with
> > > the address not valid? Maybe through a race condition with deactive? or
> > > more likely than that?
> >
> > It's the darn PV system time MSR, which allows the guest to triggering activation
> > with any GPA value. That results in the cache being marked active without KVM
> > ever setting the GPA (or any other fields). The fix I'm testing is to move the
> > offset+len check up into activate() and refresh().
>
> Not sure I even want a gpc of length 1 to work at INVALID_GPA; I don't
> think it's the offset+length check we want to be looking at?
>
> If we've activated the gpc with gpa==INVALID_GPA, surely the right
This particular issue isn't due to activating with gpa==INVALID_GPA, it's due to
marking the gpc as active without actually activating it. The offset+length
check is simply what causes KVM to prematurely bail from activation.
> thing to do is just let it fail (perhaps with an explicit check or just
> letting the memslot lookup fail). After fixing that WARN_ON be
>
> if (WARN_ON_ONCE(!kvm_is_error_gpa(gpa) && !kvm_is_error_hva(uhva)))
I really don't want to relax the sanity check, as I feel strongly that KVM needs
an invariant that an active cache is either GPA-based or HVA-based, i.e. that at
least one of GPA or HVA is "valid". In quotes because the GPA doesn't need to
be fully validated, just something that doesn't trip kvm_is_error_gpa().
next prev parent reply other threads:[~2024-03-19 15:23 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-18 16:25 [syzbot] [kvm?] WARNING in __kvm_gpc_refresh syzbot
2024-03-18 19:55 ` Sean Christopherson
2024-03-18 21:25 ` David Woodhouse
2024-03-18 21:34 ` Sean Christopherson
2024-03-18 21:55 ` David Woodhouse
2024-03-19 15:23 ` Sean Christopherson [this message]
2024-03-19 15:57 ` David Woodhouse
2024-03-21 10:59 ` Paul Durrant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zfmt8rxlF1ag1iA_@google.com \
--to=seanjc@google.com \
--cc=dwmw2@infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@xen.org \
--cc=pbonzini@redhat.com \
--cc=syzbot+106a4f72b0474e1d1b33@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.