From: Maxim Levitsky <mlevitsk@redhat.com>
To: kvm@vger.kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
Sean Christopherson <seanjc@google.com>,
Wanpeng Li <wanpengli@tencent.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Joerg Roedel <joro@8bytes.org>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
linux-kernel@vger.kernel.org (open list:X86 ARCHITECTURE (32-BIT
AND 64-BIT)),
x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)),
Jim Mattson <jmattson@google.com>,
Maxim Levitsky <mlevitsk@redhat.com>
Subject: [PATCH 02/10] KVM: x86: APICv: fix race in kvm_request_apicv_update on SVM
Date: Wed, 23 Jun 2021 14:29:54 +0300 [thread overview]
Message-ID: <20210623113002.111448-3-mlevitsk@redhat.com> (raw)
In-Reply-To: <20210623113002.111448-1-mlevitsk@redhat.com>
Currently on SVM, the kvm_request_apicv_update calls the
'pre_update_apicv_exec_ctrl' without doing any synchronization
and that function toggles the APIC_ACCESS_PAGE_PRIVATE_MEMSLOT.
If there is a mismatch between that memslot state and the AVIC state,
while a vCPU is in guest mode, an APIC mmio write can be lost:
For example:
VCPU0: enable the APIC_ACCESS_PAGE_PRIVATE_MEMSLOT
VCPU1: write to an APIC mmio register.
Since AVIC is still disabled on VCPU1, the access will not be intercepted
by it, and neither will it cause MMIO fault, but rather it will just update
the dummy page mapped into the APIC_ACCESS_PAGE_PRIVATE_MEMSLOT.
Fix that by blocking guest entries while we update the memslot.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
arch/x86/kvm/x86.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9af2fbbe0521..6f0d9c231249 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -9231,6 +9231,8 @@ void kvm_request_apicv_update(struct kvm *kvm, bool activate, ulong bit)
if (!!old == !!new)
return;
+ kvm_block_guest_entries(kvm);
+
trace_kvm_apicv_update_request(activate, bit);
if (kvm_x86_ops.pre_update_apicv_exec_ctrl)
static_call(kvm_x86_pre_update_apicv_exec_ctrl)(kvm, activate);
@@ -9243,6 +9245,8 @@ void kvm_request_apicv_update(struct kvm *kvm, bool activate, ulong bit)
except = kvm_get_running_vcpu();
kvm_make_all_cpus_request_except(kvm, KVM_REQ_APICV_UPDATE,
except);
+
+ kvm_allow_guest_entries(kvm);
if (except)
kvm_vcpu_update_apicv(except);
}
--
2.26.3
next prev parent reply other threads:[~2021-06-23 11:30 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-23 11:29 [PATCH 00/10] My AVIC patch queue Maxim Levitsky
2021-06-23 11:29 ` [PATCH 01/10] KVM: x86: extract block/allow guest enteries Maxim Levitsky
2021-06-23 11:29 ` Maxim Levitsky [this message]
2021-06-23 21:50 ` [PATCH 02/10] KVM: x86: APICv: fix race in kvm_request_apicv_update on SVM Paolo Bonzini
2021-06-24 8:07 ` Maxim Levitsky
2021-07-07 12:57 ` Maxim Levitsky
2021-07-07 13:58 ` Paolo Bonzini
2021-06-23 11:29 ` [PATCH 03/10] KVM: x86: rename apic_access_page_done to apic_access_memslot_enabled Maxim Levitsky
2021-06-23 21:50 ` Paolo Bonzini
2021-06-23 11:29 ` [PATCH 04/10] KVM: SVM: add warning for mistmatch between AVIC state and AVIC access page state Maxim Levitsky
2021-06-23 21:53 ` Paolo Bonzini
2021-06-24 8:13 ` Maxim Levitsky
2021-06-23 11:29 ` [PATCH 05/10] KVM: SVM: svm_set_vintr don't warn if AVIC is active but is about to be deactivated Maxim Levitsky
2021-06-23 11:29 ` [PATCH 06/10] KVM: SVM: tweak warning about enabled AVIC on nested entry Maxim Levitsky
2021-06-23 21:52 ` Paolo Bonzini
2021-06-23 11:29 ` [PATCH 07/10] KVM: SVM: use vmcb01 in svm_refresh_apicv_exec_ctrl Maxim Levitsky
2021-06-23 21:54 ` Paolo Bonzini
2021-06-24 8:16 ` Maxim Levitsky
2021-06-23 11:30 ` [PATCH 08/10] KVM: x86: APICv: drop immediate APICv disablement on current vCPU Maxim Levitsky
2021-06-23 11:30 ` [PATCH 09/10] KVM: SVM: call avic_vcpu_load/avic_vcpu_put when enabling/disabling AVIC Maxim Levitsky
2021-06-23 11:30 ` [PATCH 10/10] KVM: x86: hyper-v: Deactivate APICv only when AutoEOI feature is in use Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210623113002.111448-3-mlevitsk@redhat.com \
--to=mlevitsk@redhat.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).