From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32417C27C48 for ; Fri, 27 Oct 2023 18:22:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9F21F80009; Fri, 27 Oct 2023 14:22:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 95239900002; Fri, 27 Oct 2023 14:22:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 77CDA80009; Fri, 27 Oct 2023 14:22:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 600F8900002 for ; Fri, 27 Oct 2023 14:22:32 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 3A20D1609C0 for ; Fri, 27 Oct 2023 18:22:32 +0000 (UTC) X-FDA: 81392061744.01.1DFB724 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) by imf09.hostedemail.com (Postfix) with ESMTP id 7910F140005 for ; Fri, 27 Oct 2023 18:22:30 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Hg1SIt2q; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf09.hostedemail.com: domain of 35f87ZQYKCAYykgtpimuumrk.iusrot03-ssq1giq.uxm@flex--seanjc.bounces.google.com designates 209.85.219.202 as permitted sender) smtp.mailfrom=35f87ZQYKCAYykgtpimuumrk.iusrot03-ssq1giq.uxm@flex--seanjc.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1698430950; h=from:from:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Fn/2IBJw8IgyOIqoe5CTcghLJbfyq3WPHSyzyGJhcug=; b=Mdo9JMqSn4s3PUKoY9RLy1v7eve218utJkuEi+ufwic4xqUoXtV1XlSUCxdoDXKI9wItRM 7y1HwLo/OohwExTCuz4jm+WGKov244zY9sDHXkyjHOcLwG9Lz7oqjqaKFFFKzFe0LFzqf+ ZyqevW+RVYtVZdVaYGH5e8TUI4ZszBE= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Hg1SIt2q; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf09.hostedemail.com: domain of 35f87ZQYKCAYykgtpimuumrk.iusrot03-ssq1giq.uxm@flex--seanjc.bounces.google.com designates 209.85.219.202 as permitted sender) smtp.mailfrom=35f87ZQYKCAYykgtpimuumrk.iusrot03-ssq1giq.uxm@flex--seanjc.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1698430950; a=rsa-sha256; cv=none; b=DVH5zzHIrHtsHWsfEoxOHV28YdUdnEc5QXyfjFopviqLQ79vktMIpcSC8tjE6778Jp3+53 slxehIftqDFf5ABRkg/XqiLO84DD7bKL0ydpcZX0WrKSwN3LBWXLL1gfRzupHDhBHgn+GO FxFBdxBuGif7mbo17Jh5h+rbVP86HGo= Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-d81e9981ff4so1668505276.3 for ; Fri, 27 Oct 2023 11:22:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1698430949; x=1699035749; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Fn/2IBJw8IgyOIqoe5CTcghLJbfyq3WPHSyzyGJhcug=; b=Hg1SIt2qnkPj02Q5lxiZc/tmhOoM3qD5puaVTGciDl6zlSaKrRqYOQxUa5FI59cP27 8l/WILeq2E8v7ADb5cERxwReP7yL/R/i1efyjpnDaeNvYHbzatL3sPFUZtnnDclQ0KmI uK6SEafZfQ5xZPO+8Pis9dQ/8cPBAurmq9WZXrYFw3BEDXpaN9SmDgANpMctfOQYsSP5 8ZeASuYT0Syz86Z1Mbpi1XHFyevlu5IYax8VMZqMZYciJOhZ/gyYk0xGzOiJX0srgN74 0YhovBjmRA6gq2X/SvBJPR5/EN78Ik1/tP0vD3j3nkVnNAbcMPh5SCzFaPAkXI+HtOtI g8yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698430949; x=1699035749; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Fn/2IBJw8IgyOIqoe5CTcghLJbfyq3WPHSyzyGJhcug=; b=kHwE9n5Ey95kyGgIgxszFQGjQQvT4Do3Fx11gvxeQ4O4H8h52GmL4tyR4zq5DksHL7 ANfijFQMyyJHneo+2+Cx4KAX0SJGAu54v++GoeHtd3D77qQGbfx3PdWeKsJzi31awJpL mVgOun/p+mylMjwX+PjO6YvW1xA3cJVMO4ji4ZJX6+aOwMnbxGD2CEux88qYkxbuLoV8 p48giGTYSlZ6LNSxIp7+bo5dH43wXbQtZ2oXm9tu0Psj+cS/Di3GU3orhFRlr7h2znK9 zEqPB7Agn3VIQW4Bkp4k7cpjqXt1oXrEbSc/+oP/Blu51XV1jahB+l07WC9Qhke1mhpV QxFw== X-Gm-Message-State: AOJu0Yy8dgd73RZaRKC0A3/ngc8ujlpgcxV3zYGHzz4OFAchWo+lJ/4Y JtX2w8wFNQB1cExWDbzJt5h7xY65Atw= X-Google-Smtp-Source: AGHT+IE/2A67BLmFvNwLQGxAeqfnMv4JVTEXFJ3uXVKssW9yJHFYWQUNgIG+FyGEOnQbWZWT52otjVeFu0A= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:1788:b0:da0:c9a5:b529 with SMTP id ca8-20020a056902178800b00da0c9a5b529mr57775ybb.12.1698430949628; Fri, 27 Oct 2023 11:22:29 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 27 Oct 2023 11:21:44 -0700 In-Reply-To: <20231027182217.3615211-1-seanjc@google.com> Mime-Version: 1.0 References: <20231027182217.3615211-1-seanjc@google.com> X-Mailer: git-send-email 2.42.0.820.g83a721a137-goog Message-ID: <20231027182217.3615211-3-seanjc@google.com> Subject: [PATCH v13 02/35] KVM: Assert that mmu_invalidate_in_progress *never* goes negative From: Sean Christopherson To: Paolo Bonzini , Marc Zyngier , Oliver Upton , Huacai Chen , Michael Ellerman , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Sean Christopherson , Alexander Viro , Christian Brauner , "Matthew Wilcox (Oracle)" , Andrew Morton Cc: kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Xiaoyao Li , Xu Yilun , Chao Peng , Fuad Tabba , Jarkko Sakkinen , Anish Moorthy , David Matlack , Yu Zhang , Isaku Yamahata , "=?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?=" , Vlastimil Babka , Vishal Annapurve , Ackerley Tng , Maciej Szmigiero , David Hildenbrand , Quentin Perret , Michael Roth , Wang , Liam Merwick , Isaku Yamahata , "Kirill A . Shutemov" Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 7910F140005 X-Stat-Signature: sef6gfqqisaj48urrnq1i9m57x7otuxx X-Rspam-User: X-HE-Tag: 1698430950-307720 X-HE-Meta: U2FsdGVkX1+H6G1uv+loof34O9jCHvVl5dVIicbNwes99Ax4+S9r+qBkCTSlNuteD2oCK4d8/KIXtBj2XjUGx6CgvAGcKvoGy/06kHjOMZUo2AY7Qe3nWL4/YVtk9WQmHnmG3Uqs12S6Ckokl/fPyoOV9nQRXoySj6+Nkl8AKwAo/OKKuNWw7I3E+aOf6Y4gJMIZG32icB3q7gzuguEInNKqS5r3wv5nXMA3OKAwty5IUfkRKLR9/LB4APmk0go8p0UOzNey6igqoCMgaNxYF+m9+TtWMPcq6BooBxC9NEHACYyvSh7X6mq3f+pLY5g6EDP5D/zaSQkIUupfoiPSNPVcGpy/7NF0ZTMsasEZj+QZj8Mze9LOVFYUwPdOIWg9PEPmpjejcV7bSf9z7HrY3CvSBRbBZfviq4WosyfPg+a3C5ZwjnJpKA/bXgO0UtHtU8OwSH35PMuIYiBvz3RNEQOkKGF48PPZDDIjUzv8jBnjwpo/Frmmr0h83XziAGe6K3/TBTC/YBtgZleKnjMVd9lTdj1naJgf4oRArsFSawzEA5E6N89kdwFBEgeBTfgidQhv/YwZ8ox8yI5xFN2pzjyGXMLGxRkca6y32x3SrrtGyNC7vZM+eT1UeVqIcFJTZGmVjMrQPKS67A/fzEZI+Ku97D5Q4QtnZqewpXkEUJS7NCbA3lIljkRUMoO8E8Dpaew7SoeoEkru0zIR530Xd6jUIKxYn7sBUblcB8Sm9/8QE83nUhk3pZFRG0OlzXps9B9ap671u1mSmyunns9BgZnCA7wm2XUcECjWBdzAHEFVjHwJdFAHRx5xxVU5pM5Tu7Yrxy8fp/dkjSmFXwYWjUE9xqa6VcYQQ29gMk0NBM9TUqbo8ILSZ7pkRXoK8nqgDk+6Bc9dnEjtjTsIunX4TRQzDUDUtUdGndMCl0aG86AymLqhyk2Zx0q5+rW8v4qj6wPH7gQ5IX88Q0vb5H4 bRzixHpt TSypGis66zZSMFsCZb8veR1W+tpjtmwiSN10T5L2Kk7qARs6oudWNqj9+nVZVxuu4OPkSnLsxH09tzRq20vnA2gtbhs6rCY0L+1ziZPAik6zYE1tn9b6h9i8hWlfB4ITm+kMhEd0e74tzsPsa4G9Sup6K2dJgWUdjEAAMwN73XczKc/Y8QzjJXq5v6wRli6MqjxgI3M+di6B7G9oHlScKrotQmAh0lNYF/UeXzMk5khVHUewioxv7sKMTYEvwwFKzReOypWz7CyW6Kt0O/tDhbJ7TajKitaEhv5ivBlJmiW+AzWXpiHDOKgDjELw3BsrB/UTvB9mhQGr2+3qHafcfVAeEbFjiaQkH7eobnO1Ec5dyAr8Fu8+S4CznqWPgxMoWniOIN/JeOKNnk4sXoWWAd+G9b0pD92+L19qcvT6ftZHezahoxSUFDgWfloUW5gWagRmqAjkzViV/ww/LT8FT0oq0yyN7ykmxqJPLF+8XhqSWIevfjmtEfJgzFfSfsJCVH7p5cQlbZJkra0m2cmlGv2YWEvoWWCacZ0CaAwUpuzx+gfVQs5ZVN52QnMQOjQcrB3Koonw1Edurk8vCTKk32w8p1rXiEOp0pSjAE7Gku4nTWcLo7DpyKDZ3Ezf5j6VXD+Ncdk4HKSZq8yiQ3PKrCKMUAcBiAlmEFLcuk5I+5LLPFThhzVwBWsxjIQwmB1g6Sd0NVa7lXcya6mgu56oUlAiQfZR3K8qFesTtP4/lB8oczU9HJi23wi8Cl0Zlx2mIhX9ut+UUCg0VFM9EPa/WpkLFdOzNje/jN77q8JjLq6gjgaIOayGRSlFNtA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Move the assertion on the in-progress invalidation count from the primary MMU's notifier path to KVM's common notification path, i.e. assert that the count doesn't go negative even when the invalidation is coming from KVM itself. Opportunistically convert the assertion to a KVM_BUG_ON(), i.e. kill only the affected VM, not the entire kernel. A corrupted count is fatal to the VM, e.g. the non-zero (negative) count will cause mmu_invalidate_retry() to block any and all attempts to install new mappings. But it's far from guaranteed that an end() without a start() is fatal or even problematic to anything other than the target VM, e.g. the underlying bug could simply be a duplicate call to end(). And it's much more likely that a missed invalidation, i.e. a potential use-after-free, would manifest as no notification whatsoever, not an end() without a start(). Signed-off-by: Sean Christopherson --- virt/kvm/kvm_main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 0524933856d4..5a97e6c7d9c2 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -833,6 +833,7 @@ void kvm_mmu_invalidate_end(struct kvm *kvm, unsigned long start, * in conjunction with the smp_rmb in mmu_invalidate_retry(). */ kvm->mmu_invalidate_in_progress--; + KVM_BUG_ON(kvm->mmu_invalidate_in_progress < 0, kvm); } static void kvm_mmu_notifier_invalidate_range_end(struct mmu_notifier *mn, @@ -863,8 +864,6 @@ static void kvm_mmu_notifier_invalidate_range_end(struct mmu_notifier *mn, */ if (wake) rcuwait_wake_up(&kvm->mn_memslots_update_rcuwait); - - BUG_ON(kvm->mmu_invalidate_in_progress < 0); } static int kvm_mmu_notifier_clear_flush_young(struct mmu_notifier *mn, -- 2.42.0.820.g83a721a137-goog