From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
David Woodhouse <dwmw@amazon.co.uk>,
Mingwei Zhang <mizhang@google.com>,
Maxim Levitsky <mlevitsk@redhat.com>
Subject: [PATCH v2 0/8] KVM: Fix mmu_notifier vs. pfncache vs. pfncache races
Date: Wed, 27 Apr 2022 01:39:56 +0000 [thread overview]
Message-ID: <20220427014004.1992589-1-seanjc@google.com> (raw)
Fix races between mmu_notifier invalidation and pfncache refresh, and
within the pfncache itself.
The first two patches are reverts of the patches sitting in kvm/queue,
trying to separate and fix the races independently is nigh impossible.
I assume/hope they can be ignored and the original patches dropped.
I verified internal races using the attached hack-a-test. Running the
test against the current implementation fails due to KVM writing the
current GPA into the wrong page.
I don't think the race with the mmu_notifier is technically proven, e.g. I
never encountered a use-after-free even running with KASAN.
Ran with PROVE_LOCKING and DEBUG_ATOMIC_SLEEP, so in theory there shouldn't
be any lurking locking goofs this time...
v2:
- Map the pfn=>khva outside of gpc->lock. [Maxim]
- Fix a page leak.
- Fix more races.
v1:
https://lore.kernel.org/all/20220420004859.3298837-1-seanjc@google.com
Sean Christopherson (8):
Revert "KVM: Do not speculatively mark pfn cache valid to "fix" race"
Revert "KVM: Fix race between mmu_notifier invalidation and pfncache
refresh"
KVM: Drop unused @gpa param from gfn=>pfn cache's __release_gpc()
helper
KVM: Put the extra pfn reference when reusing a pfn in the gpc cache
KVM: Do not incorporate page offset into gfn=>pfn cache user address
KVM: Fix multiple races in gfn=>pfn cache refresh
KVM: Do not pin pages tracked by gfn=>pfn caches
DO NOT MERGE: Hack-a-test to verify gpc invalidation+refresh
arch/x86/kvm/x86.c | 30 ++++
include/linux/kvm_host.h | 2 +
include/linux/kvm_types.h | 1 +
tools/testing/selftests/kvm/.gitignore | 1 +
tools/testing/selftests/kvm/Makefile | 2 +
tools/testing/selftests/kvm/gpc_test.c | 217 +++++++++++++++++++++++++
virt/kvm/pfncache.c | 188 +++++++++++++--------
7 files changed, 372 insertions(+), 69 deletions(-)
create mode 100644 tools/testing/selftests/kvm/gpc_test.c
base-commit: 2a39d8b39bffdaf1a4223d0d22f07baee154c8f3
--
2.36.0.rc2.479.g8af0fa9b8e-goog
next reply other threads:[~2022-04-27 1:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-27 1:39 Sean Christopherson [this message]
2022-04-27 1:39 ` [PATCH v2 1/8] Revert "KVM: Do not speculatively mark pfn cache valid to "fix" race" Sean Christopherson
2022-04-27 1:39 ` [PATCH v2 2/8] Revert "KVM: Fix race between mmu_notifier invalidation and pfncache refresh" Sean Christopherson
2022-04-27 1:39 ` [PATCH v2 3/8] KVM: Drop unused @gpa param from gfn=>pfn cache's __release_gpc() helper Sean Christopherson
2022-04-27 1:40 ` [PATCH v2 4/8] KVM: Put the extra pfn reference when reusing a pfn in the gpc cache Sean Christopherson
2022-04-27 1:40 ` [PATCH v2 5/8] KVM: Do not incorporate page offset into gfn=>pfn cache user address Sean Christopherson
2022-04-27 1:40 ` [PATCH v2 6/8] KVM: Fix multiple races in gfn=>pfn cache refresh Sean Christopherson
2022-04-27 14:10 ` Sean Christopherson
2022-04-28 3:39 ` Lai Jiangshan
2022-04-28 14:33 ` Sean Christopherson
2022-05-20 14:49 ` Paolo Bonzini
2022-05-20 14:58 ` Paolo Bonzini
2022-05-20 15:02 ` Sean Christopherson
2022-05-20 14:59 ` Sean Christopherson
2022-04-27 1:40 ` [PATCH v2 7/8] KVM: Do not pin pages tracked by gfn=>pfn caches Sean Christopherson
2022-04-27 1:40 ` [PATCH v2 8/8] DO NOT MERGE: Hack-a-test to verify gpc invalidation+refresh Sean Christopherson
2022-04-27 15:17 ` David Woodhouse
2022-04-27 20:23 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220427014004.1992589-1-seanjc@google.com \
--to=seanjc@google.com \
--cc=dwmw@amazon.co.uk \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mizhang@google.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.