All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH for 4.19, 5.4] KVM: SVM: Periodically schedule when unregistering regions on destroy
@ 2021-07-08  5:02 Nobuhiro Iwamatsu
  2021-07-08  9:17 ` Paolo Bonzini
  0 siblings, 1 reply; 3+ messages in thread
From: Nobuhiro Iwamatsu @ 2021-07-08  5:02 UTC (permalink / raw)
  To: stable; +Cc: gregkh, sashal, David Rientjes, Paolo Bonzini, Nobuhiro Iwamatsu

From: David Rientjes <rientjes@google.com>

commit 7be74942f184fdfba34ddd19a0d995deb34d4a03 upstream.

There may be many encrypted regions that need to be unregistered when a
SEV VM is destroyed.  This can lead to soft lockups.  For example, on a
host running 4.15:

watchdog: BUG: soft lockup - CPU#206 stuck for 11s! [t_virtual_machi:194348]
CPU: 206 PID: 194348 Comm: t_virtual_machi
RIP: 0010:free_unref_page_list+0x105/0x170
...
Call Trace:
 [<0>] release_pages+0x159/0x3d0
 [<0>] sev_unpin_memory+0x2c/0x50 [kvm_amd]
 [<0>] __unregister_enc_region_locked+0x2f/0x70 [kvm_amd]
 [<0>] svm_vm_destroy+0xa9/0x200 [kvm_amd]
 [<0>] kvm_arch_destroy_vm+0x47/0x200
 [<0>] kvm_put_kvm+0x1a8/0x2f0
 [<0>] kvm_vm_release+0x25/0x30
 [<0>] do_exit+0x335/0xc10
 [<0>] do_group_exit+0x3f/0xa0
 [<0>] get_signal+0x1bc/0x670
 [<0>] do_signal+0x31/0x130

Although the CLFLUSH is no longer issued on every encrypted region to be
unregistered, there are no other changes that can prevent soft lockups for
very large SEV VMs in the latest kernel.

Periodically schedule if necessary.  This still holds kvm->lock across the
resched, but since this only happens when the VM is destroyed this is
assumed to be acceptable.

Signed-off-by: David Rientjes <rientjes@google.com>
Message-Id: <alpine.DEB.2.23.453.2008251255240.2987727@chino.kir.corp.google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[iwamatsu: adjust filename.]
Reference: CVE-2020-36311
Signed-off-by: Nobuhiro Iwamatsu (CIP) <nobuhiro1.iwamatsu@toshiba.co.jp>
---
 arch/x86/kvm/svm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index c5673bda4b66df..3f776e654e3aec 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1910,6 +1910,7 @@ static void sev_vm_destroy(struct kvm *kvm)
 		list_for_each_safe(pos, q, head) {
 			__unregister_enc_region_locked(kvm,
 				list_entry(pos, struct enc_region, list));
+			cond_resched();
 		}
 	}
 
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH for 4.19, 5.4] KVM: SVM: Periodically schedule when unregistering regions on destroy
  2021-07-08  5:02 [PATCH for 4.19, 5.4] KVM: SVM: Periodically schedule when unregistering regions on destroy Nobuhiro Iwamatsu
@ 2021-07-08  9:17 ` Paolo Bonzini
  2021-07-08 18:19   ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Paolo Bonzini @ 2021-07-08  9:17 UTC (permalink / raw)
  To: Nobuhiro Iwamatsu, stable; +Cc: gregkh, sashal, David Rientjes

On 08/07/21 07:02, Nobuhiro Iwamatsu wrote:
> From: David Rientjes <rientjes@google.com>
> 
> commit 7be74942f184fdfba34ddd19a0d995deb34d4a03 upstream.

Part of 5.9.

> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index c5673bda4b66df..3f776e654e3aec 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -1910,6 +1910,7 @@ static void sev_vm_destroy(struct kvm *kvm)
>   		list_for_each_safe(pos, q, head) {
>   			__unregister_enc_region_locked(kvm,
>   				list_entry(pos, struct enc_region, list));
> +			cond_resched();
>   		}
>   	}
>   
> 

Patch is the same as the upstream commit, except for the name of the 
file.  Thanks!

Acked-by: Paolo Bonzini <pbonzini@redhat.com>

Paolo


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH for 4.19, 5.4] KVM: SVM: Periodically schedule when unregistering regions on destroy
  2021-07-08  9:17 ` Paolo Bonzini
@ 2021-07-08 18:19   ` Greg KH
  0 siblings, 0 replies; 3+ messages in thread
From: Greg KH @ 2021-07-08 18:19 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: Nobuhiro Iwamatsu, stable, sashal, David Rientjes

On Thu, Jul 08, 2021 at 11:17:33AM +0200, Paolo Bonzini wrote:
> On 08/07/21 07:02, Nobuhiro Iwamatsu wrote:
> > From: David Rientjes <rientjes@google.com>
> > 
> > commit 7be74942f184fdfba34ddd19a0d995deb34d4a03 upstream.
> 
> Part of 5.9.
> 
> > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> > index c5673bda4b66df..3f776e654e3aec 100644
> > --- a/arch/x86/kvm/svm.c
> > +++ b/arch/x86/kvm/svm.c
> > @@ -1910,6 +1910,7 @@ static void sev_vm_destroy(struct kvm *kvm)
> >   		list_for_each_safe(pos, q, head) {
> >   			__unregister_enc_region_locked(kvm,
> >   				list_entry(pos, struct enc_region, list));
> > +			cond_resched();
> >   		}
> >   	}
> > 
> 
> Patch is the same as the upstream commit, except for the name of the file.
> Thanks!
> 
> Acked-by: Paolo Bonzini <pbonzini@redhat.com>

Now queued up, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-07-08 18:19 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-08  5:02 [PATCH for 4.19, 5.4] KVM: SVM: Periodically schedule when unregistering regions on destroy Nobuhiro Iwamatsu
2021-07-08  9:17 ` Paolo Bonzini
2021-07-08 18:19   ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.