Re: KVM: Warn if mark_page_dirty() is called without an active vCPU

From: Sean Christopherson <seanjc@google.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	butt3rflyh4ck <butterflyhuangxx@gmail.com>,
	kvm@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: KVM: Warn if mark_page_dirty() is called without an active vCPU
Date: Mon, 22 Nov 2021 18:49:38 +0000	[thread overview]
Message-ID: <YZvmQjgdI/gQj6T6@google.com> (raw)
In-Reply-To: <ee872549432eaf62c0c5a722b94ac4390ef3df83.camel@infradead.org>

On Mon, Nov 22, 2021, David Woodhouse wrote:
> On Mon, 2021-11-22 at 17:01 +0000, Sean Christopherson wrote:
> > On Sat, Nov 20, 2021, David Woodhouse wrote:
> > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> > > index 6c5083f2eb50..72c6453bcef4 100644
> > > --- a/virt/kvm/kvm_main.c
> > > +++ b/virt/kvm/kvm_main.c
> > > @@ -3020,12 +3020,17 @@ void mark_page_dirty_in_slot(struct kvm *kvm,
> > >  			     struct kvm_memory_slot *memslot,
> > >  		 	     gfn_t gfn)
> > >  {
> > > +	struct kvm_vcpu *vcpu = kvm_get_running_vcpu();
> > > +
> > > +	if (WARN_ON_ONCE(!vcpu) || WARN_ON_ONCE(vcpu->kvm != kvm))
> > 
> > Maybe use KVM_BUG_ON?  And two separate WARNs are probably overkill.
> > 
> > 	if (KVM_BUG_ON(!vcpu || vcpu->kvm != kvm, kvm))
> > 
> > 
> > I'd also prefer to not retrieve the vCPU in the dirty_bitmap path, at least not
> > until it's necessary (for the proposed dirty quota throttling), though that's not
> > a strong preference.
> 
> I don't think that would achieve my objective. This was my reaction to
> learning that I was never supposed to have called kvm_write_guest()
> when I didn't have an active vCPU context¹. I wanted there to have been
> a *warning* about that, right there and then when I first did it
> instead of waiting for syzkaller to find it.

Fair enough.  And probably a moot point since Paolo hasn't vehemently objected
to the dirty quota idea.