Re: KCSAN + KVM = host reset

From: Marco Elver <elver@google.com>
To: Qian Cai <cai@lca.pw>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	"paul E. McKenney" <paulmck@kernel.org>,
	kasan-dev <kasan-dev@googlegroups.com>,
	LKML <linux-kernel@vger.kernel.org>,
	kvm@vger.kernel.org
Subject: Re: KCSAN + KVM = host reset
Date: Mon, 13 Apr 2020 10:35:38 +0200	[thread overview]
Message-ID: <CANpmjNPSLkiEer3xQHHxJm_4o5Em0i3bvM7TMmNO46Vzv2cwWQ@mail.gmail.com> (raw)
In-Reply-To: <C4FED226-E3DE-44AE-BBED-2B56B9F5B12F@lca.pw>

On Fri, 10 Apr 2020 at 21:57, Qian Cai <cai@lca.pw> wrote:
>
>
>
> > On Apr 10, 2020, at 7:35 AM, Marco Elver <elver@google.com> wrote:
> >
> > On Fri, 10 Apr 2020 at 13:25, Qian Cai <cai@lca.pw> wrote:
> >>
> >>
> >>
> >>> On Apr 10, 2020, at 5:47 AM, Marco Elver <elver@google.com> wrote:
> >>>
> >>> That would contradict what you said about it working if KCSAN is
> >>> "off". What kernel are you attempting to use in the VM?
> >
> > Ah, sorry this was a typo,
> >  s/working if KCSAN/not working if KCSAN/
> >
> >> Well, I said set KCSAN debugfs to “off” did not help, i.e., it will reset the host running kvm.sh. It is the vanilla ubuntu 18.04 kernel in VM.
> >>
> >> github.com/cailca/linux-mm/blob/master/kvm.sh
> >
> > So, if you say that CONFIG_KCSAN_INTERRUPT_WATCHER=n works, that
> > contradicts it not working when KCSAN is "off". Because if KCSAN is
> > off, it never sets up any watchpoints, and whether or not
> > KCSAN_INTERRUPT_WATCHER is selected or not shouldn't matter. Does that
> > make more sense?
>
> Yes, you are right. CONFIG_KCSAN_INTERRUPT_WATCHER=n does not
> make it work. It was a mistake when I tested it because there was a stale svm.o
> leftover from the previous run, and then it will not trigger a rebuild (a bug?) when
> only modify the Makefile to remove KCSAN_SANITIZE := n. Sorry for the misleading
> information. I should be checking if svm.o was really recompiled in the first place.
>
> Anyway, I’ll send a patch to add __no_kcsan for svm_vcpu_run() because I tried
> to narrow down more with a kcsan_[disable|enable]_current() pair, but it does NOT
> work even by enclosing the almost whole function below until Marcro has more ideas?

This is expected. Instrumentation is not removed if you add
kcsan_{disable,enable}_current() (it has the same effect as a
localized "off"). Since it seems just the instrumentation and
associated calls before every memory access is enough, this won't
work. The attribute __no_kcsan removes instrumentation entirely from
the function. If the non-instrumented code should be reduced, it is
conceivable to take the problematic portion of code and factor it into
a function that has attribute '__no_kcsan_or_inline'.

Thanks,
-- Marco

> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 2be5bbae3a40..e58b2d5a575c 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -3286,6 +3286,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
>         svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
>         svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
>
> +       kcsan_disable_current();
>         /*
>          * A vmexit emulation is required before the vcpu can be executed
>          * again.
> @@ -3410,6 +3411,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
>                 svm_handle_mce(svm);
>
>         mark_all_clean(svm->vmcb);
> +       kcsan_enable_current();
>  }
>  STACK_FRAME_NON_STANDARD(svm_vcpu_run);
>
>
>
>
>
>