| Message ID | 20231220125317.4258-1-borntraeger@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] KVM: s390: vsie: fix race during shadow creation | expand |
On 12/20/23 13:53, Christian Borntraeger wrote: > Right now it is possible to see gmap->private being zero in > kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the > fact that we add gmap->private == kvm after creation: Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
On 20.12.23 13:53, Christian Borntraeger wrote: > Right now it is possible to see gmap->private being zero in > kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the > fact that we add gmap->private == kvm after creation: > > static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, > struct vsie_page *vsie_page) > { > [...] > gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); > if (IS_ERR(gmap)) > return PTR_ERR(gmap); > gmap->private = vcpu->kvm; > > Let children inherit the private field of the parent. > > Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> > Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") > Cc: <stable@vger.kernel.org> > Cc: David Hildenbrand <david@redhat.com> > Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> > --- Reviewed-by: David Hildenbrand <david@redhat.com>
On Wed, 20 Dec 2023 13:53:17 +0100 Christian Borntraeger <borntraeger@linux.ibm.com> wrote: > Right now it is possible to see gmap->private being zero in > kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the > fact that we add gmap->private == kvm after creation: > > static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, > struct vsie_page *vsie_page) > { > [...] > gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); > if (IS_ERR(gmap)) > return PTR_ERR(gmap); > gmap->private = vcpu->kvm; > > Let children inherit the private field of the parent. > > Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> > Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") > Cc: <stable@vger.kernel.org> > Cc: David Hildenbrand <david@redhat.com> > Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> > --- > v1->v2: let the child inherit private from parent instead of accessing > the parent in the notifier > arch/s390/kvm/vsie.c | 1 - > arch/s390/mm/gmap.c | 1 + > 2 files changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c > index 8207a892bbe2..db9a180de65f 100644 > --- a/arch/s390/kvm/vsie.c > +++ b/arch/s390/kvm/vsie.c > @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, > gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); > if (IS_ERR(gmap)) > return PTR_ERR(gmap); > - gmap->private = vcpu->kvm; > vcpu->kvm->stat.gmap_shadow_create++; > WRITE_ONCE(vsie_page->gmap, gmap); > return 0; > diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c > index 6f96b5a71c63..8da39deb56ca 100644 > --- a/arch/s390/mm/gmap.c > +++ b/arch/s390/mm/gmap.c > @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce, > return ERR_PTR(-ENOMEM); > new->mm = parent->mm; > new->parent = gmap_get(parent); > + new->private = parent->private; > new->orig_asce = asce; > new->edat_level = edat_level; > new->initialized = false;
Am 20.12.23 um 13:53 schrieb Christian Borntraeger: > Right now it is possible to see gmap->private being zero in > kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the > fact that we add gmap->private == kvm after creation: > > static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, > struct vsie_page *vsie_page) > { > [...] > gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); > if (IS_ERR(gmap)) > return PTR_ERR(gmap); > gmap->private = vcpu->kvm; > > Let children inherit the private field of the parent. > > Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> > Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") > Cc: <stable@vger.kernel.org> > Cc: David Hildenbrand <david@redhat.com> > Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> queue on kvms390/master.
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 8207a892bbe2..db9a180de65f 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -1220,7 +1220,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); - gmap->private = vcpu->kvm; vcpu->kvm->stat.gmap_shadow_create++; WRITE_ONCE(vsie_page->gmap, gmap); return 0; diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index 6f96b5a71c63..8da39deb56ca 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -1691,6 +1691,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce, return ERR_PTR(-ENOMEM); new->mm = parent->mm; new->parent = gmap_get(parent); + new->private = parent->private; new->orig_asce = asce; new->edat_level = edat_level; new->initialized = false;
Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent. Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization") Cc: <stable@vger.kernel.org> Cc: David Hildenbrand <david@redhat.com> Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> --- v1->v2: let the child inherit private from parent instead of accessing the parent in the notifier arch/s390/kvm/vsie.c | 1 - arch/s390/mm/gmap.c | 1 + 2 files changed, 1 insertion(+), 1 deletion(-)