From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 507DDC4320A for ; Wed, 18 Aug 2021 08:51:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 33C0461075 for ; Wed, 18 Aug 2021 08:51:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231527AbhHRIvg (ORCPT ); Wed, 18 Aug 2021 04:51:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231402AbhHRIvc (ORCPT ); Wed, 18 Aug 2021 04:51:32 -0400 Received: from mail-ot1-x34a.google.com (mail-ot1-x34a.google.com [IPv6:2607:f8b0:4864:20::34a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D87FFC0613D9 for ; Wed, 18 Aug 2021 01:50:57 -0700 (PDT) Received: by mail-ot1-x34a.google.com with SMTP id l16-20020a9d6a90000000b0051a232667abso648353otq.15 for ; Wed, 18 Aug 2021 01:50:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=rNQfKENGbYcrJ9HZ66W2jFFkwNGnpkM8Yc93j0DOK3I=; b=JZQknkW0IVT2PvxhC7VfQrlcLZxIyyzdHEae1uS7jowhGLCjH0nejpybBBY70AjSUs eoMpPIj0h3z8YLUnR/XRd3/dGkGBU3w6IiPAoEv4V/ZeCDtAwemxJ8ITyB8PQ+tKjQRS aPswIdjaOmsGq46ikmF0/dE/HtpxycNcDHq8IWWkB+9dezYmbZ+4eqxw9h13jZTg/vyH oBWqSDPKS8w0uQB7NeEp753jLeyhNlPYdkiuayR0nkO1YDRHqJfRzhyigvdaautysDID Ad631UQ5avZLkJtTCkDNCu8ILAozVRbW44ge5+6GkDwHAlQU2FGo/79zZJFgv6533V8D uK1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=rNQfKENGbYcrJ9HZ66W2jFFkwNGnpkM8Yc93j0DOK3I=; b=uje1cDm9EgYl0I+xoZM20sdM6MTsYcr7uIRnZnMg5g85qFG6lZF4YKX6m60YqdPE0y yu4210m5JZp5syrf50ji1DC4pWIj0fo7Z3HT0ZlQBTwOnuMhCj0Ymcg6QudZ1xZ4nEjL J0eBnqs7qMyisMDRkXFnfBBPKBKQw/UUkdpdQlSj050JqlY9zAqLqh2KOBPCml+v9qGW J/zwTgQU9l3+XulPsJAdIcd5SHKMIyT6yLk96L/YXanI+vjMIDHfxv/fHRhYJtYZ4fiP Xdv7JMAkZJBmdxBULB9xZApyB8DXgsYhtPKLbN3y+8KwrLJGfsb/MraIJ9fP9T2gQaQL 08qg== X-Gm-Message-State: AOAM5312oLLy4iIzgHvxEZspPAM4ixlAaunkO/JLotv6N6hIymy94vbY WRExIDw+yB641cLwv1H19Bk/L1GMub/tua95uzU6yn9WtzkTo8E7rezvuoq0z7AOTft3746UqZV 020HOiEou/TNDaMssctyGCMH8/K50Un1r6YKgVZL91H8+jP8Lb/1M/2niAg== X-Google-Smtp-Source: ABdhPJwfuGAwKos/jHCv5/X8lVFg3EkO9fNMrPdT+KmWoRTXdruJ/tf9EfzPd+lLSYQIBXydzR1x8ORFbOM= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a54:438a:: with SMTP id u10mr6369735oiv.131.1629276657161; Wed, 18 Aug 2021 01:50:57 -0700 (PDT) Date: Wed, 18 Aug 2021 08:50:44 +0000 In-Reply-To: <20210818085047.1005285-1-oupton@google.com> Message-Id: <20210818085047.1005285-2-oupton@google.com> Mime-Version: 1.0 References: <20210818085047.1005285-1-oupton@google.com> X-Mailer: git-send-email 2.33.0.rc1.237.g0d66db33f3-goog Subject: [PATCH 1/4] KVM: arm64: Fix read-side race on updates to vcpu reset state From: Oliver Upton To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: Marc Zyngier , Peter Shier , Ricardo Koller , Jing Zhang , Raghavendra Rao Anata , James Morse , Alexandru Elisei , Suzuki K Poulose , Oliver Upton Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org KVM correctly serializes writes to a vCPU's reset state, however since we do not take the KVM lock on the read side it is entirely possible to read state from two different reset requests. Cure the race for now by taking the KVM lock when reading the reset_state structure. Fixes: 358b28f09f0a ("arm/arm64: KVM: Allow a VCPU to fully reset itself") Signed-off-by: Oliver Upton --- arch/arm64/kvm/reset.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c index 18ffc6ad67b8..3507e64ff8ad 100644 --- a/arch/arm64/kvm/reset.c +++ b/arch/arm64/kvm/reset.c @@ -210,10 +210,16 @@ static bool vcpu_allowed_register_width(struct kvm_vcpu *vcpu) */ int kvm_reset_vcpu(struct kvm_vcpu *vcpu) { + struct vcpu_reset_state reset_state; int ret; bool loaded; u32 pstate; + mutex_lock(&vcpu->kvm->lock); + memcpy(&reset_state, &vcpu->arch.reset_state, sizeof(reset_state)); + vcpu->arch.reset_state.reset = false; + mutex_unlock(&vcpu->kvm->lock); + /* Reset PMU outside of the non-preemptible section */ kvm_pmu_vcpu_reset(vcpu); @@ -276,8 +282,8 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu) * Additional reset state handling that PSCI may have imposed on us. * Must be done after all the sys_reg reset. */ - if (vcpu->arch.reset_state.reset) { - unsigned long target_pc = vcpu->arch.reset_state.pc; + if (reset_state.reset) { + unsigned long target_pc = reset_state.pc; /* Gracefully handle Thumb2 entry point */ if (vcpu_mode_is_32bit(vcpu) && (target_pc & 1)) { @@ -286,13 +292,11 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu) } /* Propagate caller endianness */ - if (vcpu->arch.reset_state.be) + if (reset_state.be) kvm_vcpu_set_be(vcpu); *vcpu_pc(vcpu) = target_pc; - vcpu_set_reg(vcpu, 0, vcpu->arch.reset_state.r0); - - vcpu->arch.reset_state.reset = false; + vcpu_set_reg(vcpu, 0, reset_state.r0); } /* Reset timer */ -- 2.33.0.rc1.237.g0d66db33f3-goog