From patchwork Fri Jul 29 18:46:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coleman Dietsch X-Patchwork-Id: 12932778 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AB59C19F2C for ; Fri, 29 Jul 2022 18:46:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237336AbiG2Sqv (ORCPT ); Fri, 29 Jul 2022 14:46:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229593AbiG2Sqt (ORCPT ); Fri, 29 Jul 2022 14:46:49 -0400 Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 906005A8A0 for ; Fri, 29 Jul 2022 11:46:48 -0700 (PDT) Received: by mail-il1-x132.google.com with SMTP id y13so2840682ilv.5 for ; Fri, 29 Jul 2022 11:46:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=csp-edu.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=n9k2YMAlV+e8e432QUJ2PyPKup021wpFALKoUT5LbfA=; b=t8xemHbMEOFF8aIZYKKQUu/GtHy43f3Fqg86S8UanB4LEb84lG9couq0EXyiscKOfM vCmBKRhkZZtyGzmbMzuTeGjkAFGdp7rbh9+8ds5DjoILSUOTJGi6YLs1sNpGuZzbUEZH 10iSC8S7U1sRfpantRGB8LOKZN+UfLRp+uJHFQo0q7uiaN5bWWZooFq+yCWCmv31FnDm v7teJTYMhnqt81hUFBaVeJ2NurQ6NaDdiQF5Hl/oHKELjczbj7Odbf59Om4/wVI7kheC eHxwbTXv3982ju0Rm16EYWrRG4XfUdqDanShbkp9Li0zMPdkSh9WLWyx/8scNJsMnA5V NcYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=n9k2YMAlV+e8e432QUJ2PyPKup021wpFALKoUT5LbfA=; b=qxCHr7Vp92anlBmCzKM0DvZ5GqEC27vG3NXWbpduUJHz6e3DFfdi9+sppFqN5ugc5e drWMwPMqp9YfzqGdcKVQyyNcUWydImZPtdf7uQxUNSLtEJQ5rL7BVT1QajuHBDHBe33a IeLWjprB8T0+AoU0bAR6koJf4+ZPuWuE+mSfZGakK/WfDKOfUseS4b2KO8BjstV7EsWD vbw7o9tNIbKuj2lowKHsK387MsF9J+RxVjxWKmzJR572rHbFjNY3jfkxQDSBR1EdZhz8 C7V3Q6ezghHNPXDUeNVZg9Bu/F+uAe/Kd9hY+SKimBGAYEoRH6Ak123MxRmzE2DKpKlc uzkw== X-Gm-Message-State: AJIora/IoXu3nlKzE/liYCWYYIZZvSXzxtLcOagdV7swcSbH5lenmpuW v+3LJ4HLGlySWW2OcLC+kSr+5A== X-Google-Smtp-Source: AGRyM1tMybxHnE1PTpdbKjHoSc/38FzbC7CdYsABqDMQN8d/mR8rV/1QXfGZp0Nt9aj937GQq6ocFg== X-Received: by 2002:a05:6e02:160a:b0:2dc:12db:121 with SMTP id t10-20020a056e02160a00b002dc12db0121mr2026813ilu.117.1659120407979; Fri, 29 Jul 2022 11:46:47 -0700 (PDT) Received: from kernel-dev-1 (75-168-113-69.mpls.qwest.net. [75.168.113.69]) by smtp.gmail.com with ESMTPSA id f24-20020a02a118000000b0033f7d500749sm1949399jag.128.2022.07.29.11.46.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Jul 2022 11:46:47 -0700 (PDT) From: Coleman Dietsch To: kvm@vger.kernel.org Cc: Coleman Dietsch , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, Pavel Skripkin , linux-kernel-mentees@lists.linuxfoundation.org, syzbot+e54f930ed78eb0f85281@syzkaller.appspotmail.com Subject: [PATCH v2 1/2] KVM: x86/xen: Initialize Xen timer only once Date: Fri, 29 Jul 2022 13:46:39 -0500 Message-Id: <20220729184640.244969-2-dietschc@csp.edu> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220729184640.244969-1-dietschc@csp.edu> References: <20220729184640.244969-1-dietschc@csp.edu> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add a check for existing xen timers before initializing a new one. Currently kvm_xen_init_timer() is called on every KVM_XEN_VCPU_ATTR_TYPE_TIMER, which is causing the following ODEBUG crash when vcpu->arch.xen.timer is already set. ODEBUG: init active (active state 0) object type: hrtimer hint: xen_timer_callbac0 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502 Call Trace: __debug_object_init debug_hrtimer_init debug_init hrtimer_init kvm_xen_init_timer kvm_xen_vcpu_set_attr kvm_arch_vcpu_ioctl kvm_vcpu_ioctl vfs_ioctl Link: https://syzkaller.appspot.com/bug?id=8234a9dfd3aafbf092cc5a7cd9842e3ebc45fc42 Reported-by: syzbot+e54f930ed78eb0f85281@syzkaller.appspotmail.com Signed-off-by: Coleman Dietsch Reviewed-by: Sean Christopherson --- arch/x86/kvm/xen.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c index 610beba35907..2dd0f72a62f2 100644 --- a/arch/x86/kvm/xen.c +++ b/arch/x86/kvm/xen.c @@ -713,7 +713,10 @@ int kvm_xen_vcpu_set_attr(struct kvm_vcpu *vcpu, struct kvm_xen_vcpu_attr *data) break; } vcpu->arch.xen.timer_virq = data->u.timer.port; - kvm_xen_init_timer(vcpu); + + /* Check for existing timer */ + if (!vcpu->arch.xen.timer.function) + kvm_xen_init_timer(vcpu); /* Restart the timer if it's set */ if (data->u.timer.expires_ns) From patchwork Fri Jul 29 18:46:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coleman Dietsch X-Patchwork-Id: 12932779 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6FA3C04A68 for ; Fri, 29 Jul 2022 18:46:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237600AbiG2Sqy (ORCPT ); Fri, 29 Jul 2022 14:46:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40546 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237293AbiG2Sqv (ORCPT ); Fri, 29 Jul 2022 14:46:51 -0400 Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A4F065821 for ; Fri, 29 Jul 2022 11:46:50 -0700 (PDT) Received: by mail-io1-xd2c.google.com with SMTP id l24so4236181ion.13 for ; Fri, 29 Jul 2022 11:46:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=csp-edu.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=u9UDEya58Yn4eaL4Ab+cCmUC7ZdMS6RpOm/buj/Q9kM=; b=LiPSLwJZL5dU61oddu6kmisyqSQRKJ61a+GXtpwW5q1wMCl9/YovV5FcE0XLWrrcDT iZ2j88B/wbooCWgqtsgK83DOJOFY4gN8kCJ/C3SwcQp9xpaH9J3gq+TfXAWUEtcB8yv3 nO4KoydFqc1vNjRcFNP48x7Wh2l6mMY4qgFNH7uX9zCJPyd6jbOky6sL1yiKNwk6bakC TsZamQeqAizxF6HByHeGVd1YKYZ2xSuZ5WrR0rkFYcVRhqpzU+g+w1TAzQwBrX7BMjpX aLXrfBmzurxiqnBNI2zLYSK9y0MoKc4lKhAHDX6Bxvn2vxpmyeMw1Q+KYgIdpItrkik9 HFKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=u9UDEya58Yn4eaL4Ab+cCmUC7ZdMS6RpOm/buj/Q9kM=; b=3s1Msjgc1qsvWwwhc2hQh1twBIhwh3HZoae6YnoQzEncYVzDGsPbi8hU8KCv+ZRgHH 4N0+vG72h/6zN/vsiDmSq4VAPNybHzcLg0hiT/oNslK8+Ts6IPRVkryaZNqUhw6H6bv9 SSGe0XhsAJV4ibwpB5yI32V0IbQZvaY0J6sM+ft73e62P/pQ1sa+t2ZnAidaKaGsWWdp WBD6eFQFaLPTtQ1JNbF+kuOUwKMxsnyqVCy5w7WaL5LYyDFKQWRVuKvUaMZ3r5ng+BlA C2nEYcdZwlqWozVMByQjLbW+JUyUPfXD8bAUWWxBNBI2H1BgEPtrw0ZSnhIaMRzia0ka RlDA== X-Gm-Message-State: AJIora/znEYLT0XyGx42EBErib2Amtluv0pyN0RZ1IPlv4Z4J24qVSnW qOiQP3ehi7hxXl8Yn/Sx1vUC+g== X-Google-Smtp-Source: AGRyM1t8c8mcZk2k+Inli2l2P+kqzB6u5o9yb+NDRDNwfhnQ7nvRPfZ+WiCwtTOLu/HspYyoERLtVQ== X-Received: by 2002:a05:6638:238f:b0:33f:774f:5252 with SMTP id q15-20020a056638238f00b0033f774f5252mr1888123jat.216.1659120409992; Fri, 29 Jul 2022 11:46:49 -0700 (PDT) Received: from kernel-dev-1 (75-168-113-69.mpls.qwest.net. [75.168.113.69]) by smtp.gmail.com with ESMTPSA id l21-20020a0566380d9500b00339e2f0a9bfsm1973517jaj.13.2022.07.29.11.46.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Jul 2022 11:46:49 -0700 (PDT) From: Coleman Dietsch To: kvm@vger.kernel.org Cc: Coleman Dietsch , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, Pavel Skripkin , linux-kernel-mentees@lists.linuxfoundation.org, syzbot+e54f930ed78eb0f85281@syzkaller.appspotmail.com Subject: [PATCH v2 2/2] KVM: x86/xen: Stop Xen timer before changing the IRQ vector Date: Fri, 29 Jul 2022 13:46:40 -0500 Message-Id: <20220729184640.244969-3-dietschc@csp.edu> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220729184640.244969-1-dietschc@csp.edu> References: <20220729184640.244969-1-dietschc@csp.edu> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org This moves the stop xen timer call outside of the previously unreachable if else statement as well as making sure that the timer is stopped first before changing IRQ vector. Code was streamlined a bit also. This was contributing to the ODEBUG bug in kvm_xen_vcpu_set_attr crash that was discovered by syzbot. ODEBUG: init active (active state 0) object type: hrtimer hint: xen_timer_callbac0 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502 Call Trace: __debug_object_init debug_hrtimer_init debug_init hrtimer_init kvm_xen_init_timer kvm_xen_vcpu_set_attr kvm_arch_vcpu_ioctl kvm_vcpu_ioctl vfs_ioctl Link: https://syzkaller.appspot.com/bug?id=8234a9dfd3aafbf092cc5a7cd9842e3ebc45fc42 Reported-by: syzbot+e54f930ed78eb0f85281@syzkaller.appspotmail.com Signed-off-by: Coleman Dietsch --- arch/x86/kvm/xen.c | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c index 2dd0f72a62f2..f612fac0e379 100644 --- a/arch/x86/kvm/xen.c +++ b/arch/x86/kvm/xen.c @@ -707,27 +707,26 @@ int kvm_xen_vcpu_set_attr(struct kvm_vcpu *vcpu, struct kvm_xen_vcpu_attr *data) break; case KVM_XEN_VCPU_ATTR_TYPE_TIMER: - if (data->u.timer.port) { - if (data->u.timer.priority != KVM_IRQ_ROUTING_XEN_EVTCHN_PRIO_2LEVEL) { - r = -EINVAL; - break; - } - vcpu->arch.xen.timer_virq = data->u.timer.port; - - /* Check for existing timer */ - if (!vcpu->arch.xen.timer.function) - kvm_xen_init_timer(vcpu); - - /* Restart the timer if it's set */ - if (data->u.timer.expires_ns) - kvm_xen_start_timer(vcpu, data->u.timer.expires_ns, - data->u.timer.expires_ns - - get_kvmclock_ns(vcpu->kvm)); - } else if (kvm_xen_timer_enabled(vcpu)) { - kvm_xen_stop_timer(vcpu); - vcpu->arch.xen.timer_virq = 0; + if (data->u.timer.port && + data->u.timer.priority != KVM_IRQ_ROUTING_XEN_EVTCHN_PRIO_2LEVEL) { + r = -EINVAL; + break; } + /* Check for existing timer */ + if (!vcpu->arch.xen.timer.function) + kvm_xen_init_timer(vcpu); + + /* Stop the timer (if it's running) before changing the vector */ + kvm_xen_stop_timer(vcpu); + vcpu->arch.xen.timer_virq = data->u.timer.port; + + /* Restart the timer if it's set */ + if (data->u.timer.port && data->u.timer.expires_ns) + kvm_xen_start_timer(vcpu, data->u.timer.expires_ns, + data->u.timer.expires_ns - + get_kvmclock_ns(vcpu->kvm)); + r = 0; break;