From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2A71C3DA6E for ; Mon, 8 Jan 2024 15:53:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2074A6B0074; Mon, 8 Jan 2024 10:53:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1DE756B0075; Mon, 8 Jan 2024 10:53:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0CEF46B0078; Mon, 8 Jan 2024 10:53:07 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id F273A6B0074 for ; Mon, 8 Jan 2024 10:53:06 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id B20B04076E for ; Mon, 8 Jan 2024 15:53:06 +0000 (UTC) X-FDA: 81656587572.12.0F6EE3C Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf29.hostedemail.com (Postfix) with ESMTP id 0810112000E for ; Mon, 8 Jan 2024 15:53:04 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=bug3tHv9; spf=pass (imf29.hostedemail.com: domain of 3YBqcZQYKCDknZVieXbjjbgZ.Xjhgdips-hhfqVXf.jmb@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3YBqcZQYKCDknZVieXbjjbgZ.Xjhgdips-hhfqVXf.jmb@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1704729185; a=rsa-sha256; cv=none; b=24F6RE07ouSZ/L1+D9/ynnACdjCoFx+zpo5Hn21bAGYbotw/rCP2Swfw5SmPUZU5iNpciw cPNw9k2A1dMqSxmHwykeyYavu9NHqGMtx1OqSKvKUjCprlT4FDrg0HHDVoMhYY7Z+8Vdet 2mLpGz3hfPVN20BJ9G10OD3bcJSXvkg= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=bug3tHv9; spf=pass (imf29.hostedemail.com: domain of 3YBqcZQYKCDknZVieXbjjbgZ.Xjhgdips-hhfqVXf.jmb@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3YBqcZQYKCDknZVieXbjjbgZ.Xjhgdips-hhfqVXf.jmb@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1704729185; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LXpfvDdR25mi61ZRv+hUGYfziJrbv6+q0uR9W3pdtgw=; b=sw67lbOB83QORI/E03BLh1t2h1jssC9dzh6j4zIrCHA7Ut94HsQgpKuyque6+5pn52wekE BO6RzSs3AEBuF1N1dUswLQFjjq6gNL8bCRChSVZEsPlaWrrO7hXG+IHKZkIFv0WHZNucZ6 jmuPaeDXNvUkjYdpXYUcTcIMevpBiaM= Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5f8ffd9fb8aso4821537b3.3 for ; Mon, 08 Jan 2024 07:53:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1704729184; x=1705333984; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=LXpfvDdR25mi61ZRv+hUGYfziJrbv6+q0uR9W3pdtgw=; b=bug3tHv9yvwoQZHZsHVsfQ2wJKlQG6ZGXUKy0DzDBF+BNA4EQtvR3SawC5KXiB4yMz GrrRiUI0UqFLyStJvUhPOfl55Dq2/k3/8L3ATlBcniNbxCHNkldDaTkQidmC20ZTSd2r +AtuXUZM6+pp4zBWHv8ElHnt8qN9qVlnNCKn0CM3erj2W/ya0tzvkgcOHReu3FYSUKS9 58AqQPViDtQn9JXSJn56jt5yq45HzYt+NdTJtqyDgCEn03cSPLIoXCODVpaOVpn9hd1P sJXMdOg2c9p+tzT0lUBjhFMBAAzPb/ArthOwCm4t5+DkjARwmq/nASkclXfpNkEKCiJn fk8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704729184; x=1705333984; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LXpfvDdR25mi61ZRv+hUGYfziJrbv6+q0uR9W3pdtgw=; b=WxWutU7DtEMku0Uwb1CGnn7aIEBocBZq0oXJNXm+jyb39rdCXRzPiU/gEB4pTMgvWi aiPAtYyg740Euy1XKHMzrei9LSFJHWGPXwVHso0yqnTaZMshi8TlM3uSKw4tK+3C/YzR XvoNtg0OMBxeb7jD5ORDLg33mZw2yG2Bp/07uY0K6Ty2d/PWDqJPE5cCBLrGYPzaeo4D TYLV8EwmFqY1Eh2se+Rsm0YNNn6wbSeYsGcSWii8f/k9PTQoP9QzyqvGG+L7R9RuqJUc couYtYNkpR9c7EHIlHlvktVLQlngHLE5i4CT4ERDaeBuLloa2v3ixfNUn33Q/sckz/5R zxfg== X-Gm-Message-State: AOJu0Yy4uxDnfq69LCsuz92qxV/a/Nsnmexdqa7zhzuTHBMNuzr2INsA 4c7CaulRaohEsE6Buy1ZjTrx2QZnEeVB3DElAA== X-Google-Smtp-Source: AGHT+IH6tgug6GZXuthKAIt2m3rWLQls/sRxvnIhe9rTO176GAtStoSNma4aHNycx8stxCAgF2wzux11TeA= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:83d0:0:b0:dbe:a20a:6330 with SMTP id v16-20020a2583d0000000b00dbea20a6330mr1497318ybm.9.1704729184054; Mon, 08 Jan 2024 07:53:04 -0800 (PST) Date: Mon, 8 Jan 2024 07:53:02 -0800 In-Reply-To: Mime-Version: 1.0 References: <20231230172351.574091-1-michael.roth@amd.com> <20231230172351.574091-27-michael.roth@amd.com> Message-ID: Subject: Re: [PATCH v11 26/35] KVM: SEV: Support SEV-SNP AP Creation NAE event From: Sean Christopherson To: Jacob Xu Cc: Michael Roth , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh , Adam Dunlap Content-Type: text/plain; charset="us-ascii" X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 0810112000E X-Stat-Signature: cxoj97fyw84cnwepwtwypkcsby1x97bx X-Rspam-User: X-HE-Tag: 1704729184-103201 X-HE-Meta: U2FsdGVkX1/HqI4+VrP7PdNQaQxay0ISRrhcDuaYkLINPuvduPHtexendHz69fVeC98dfFaW8kphWUBj7aIYkU8xZGNQMmDd3QFXYacfH1CpLInj9QYeJrwwPpxv1x6zc+47021GRmwsnrgeaxnZY6Co2qEUS46z80CUuOgBInStF671qpMt2nHQJyYEkw+O9jTUy3n9a+McyOGK87sMDR0o52ICeihd3xQ8pdqfUKVuDrZeKyfhp4RbCn5X1UFc63CCmt1tR0pdDY6Zop8TwOIDZwJY/EWSBv521YWCz/ajxsLXB48BD7uTjZc78ABgz2lcfY3EpkF80wra4Ip4z2NxGybxBSHRDKavvxeQeS19UPJ+8oSxghWbcgxHeUIUZaW8A3+KSORP6uTv+TuSD+ACyX978S5vQ042qr0/2wMY2O8xyh8bRUPjHWGtqF4BmxUwDiW1EXXueb3K1hTBZb5gFn7zpIVMZLmMKkhav0NVne5gKPEZQPjLgxbGehRbwbmL3T4kFpldpUc2ei/6lIXxqRC6aQ6f7lQIp+l3qnT70LR/mRb37jAqzTF6Ffdq+gQRKPvsaw19Oi8yhKQJfpRZFqeFjO5ow2nPY7ZHRM62bDHyJyfa+Ypja5yNQBUkNcEbos+uaAmGj86ddBubQwC69gPPZeGC2VJYZalPlz+wyvstOx72b8JCOV+nkF8D/oQhumE5o7/+vSsUSAOlRZJkWETYsHlR4cO8ShQUP1qZUMQz6+gv/UsgWeyjWnkde0ELkGn2EBwA0ahYX5krrZaa5Vlk6Wr2fqD51G3dkXXnr5MYb2Je9BWpTqlMtBJUnbGTqMpnikL+SU10AeNJfJQkic8SHuJYRNpIzd4apAoQgDw1mVjwxXGcrZINOfP4HXbzYFdMSPfsthDj7JwfDgNUFFzwkvxifKhwFEVk2foiLFIYiYjyChQ8H7ad9ShSsR8l/huSLveP4lZtbs3 VVxhX9ud ueYRAQR2DkB/jnS9AuJqlSdsciUbALxgpvp4IJCR7E2tpOsQiT0fJ1wI9mUmlJ2MuzjBMFTPky18KZoXVZhhgX1WPy/W7QyCr0oMPRA8JdPJFJHnP0W4uEHB+waUiIn1KaGhuguklhlL3KrhyUfYggbtfzKAvPJsa1NYna7aIMAcw8Hjin2ttUNBv5iIvSCdqxOT1LZqZrYVXXyTavMMqMTYp9LDasz95iEbaFx29E54am9NUjOrF6F7Uvp5iJagKy33PCmm8PXYeiVlQkf4hGkDXcDoKuQuVAQJNrpVzBvrFe1w4ntgpIf0GWERfwL2hRAplkJOfwPJxwUU6nmRdxIa5pi9WnBZtDN1ePlHw+vYhBZoRZvb+xVr0OsM6btYX0arVNsCJ/3s19w2ARNpOFV9gJAt+JALqQx74WgQbmkbtSlBJPMkodv4wTLWkjpFfOsV010yBkDsSgYrNhk4sdA8h9mnqFZ6P6mCPLt91vwmIobEIJD0wP7eDiEWbgfTlyof8KluQ4EjDAayC1pM3v2CcB3k58AhtxDsScz+FQgyZekbU7W/54WdH4janHxeAQkVzvXh5plrH6o9UdjDyEhLCgA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jan 05, 2024, Jacob Xu wrote: > > + if (kick) { > > + if (target_vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED) > > + target_vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; > > + > > + kvm_make_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, target_vcpu); > > I think we should switch the order of these two statements for > setting mp_state and for making the request for > KVM_REQ_UPDATE_PROTECTED_GUEST_STATE. > There is a race condition I observed when booting with SVSM where: > 1. BSP sets target vcpu to KVM_MP_STATE_RUNNABLE > 2. AP thread within the loop of arch/x86/kvm.c:vcpu_run() checks > vm_vcpu_running() > 3. AP enters the guest without having updated the VMSA state from > KVM_REQ_UPDATE_PROTECTED_GUEST_STATE > > This results in the AP executing on a bad RIP and then crashing. > If we set the request first, then we avoid the race condition. That just introducs a different race, e.g. if this task gets delayed and the target vCPU processes KVM_REQ_UPDATE_PROTECTED_GUEST_STATE before its marked RUNNABLE, then the target vCPU could end up stuck in the UNINITIALIZED loop. Reading and writing arch.mp_state across vCPUs is simply not safe. There's a reason why KVM atomically manages INITs and SIPIs and only modifies mp_state when processing events on the target vCPU. > > + kvm_vcpu_kick(target_vcpu); ... > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > index 87b78d63e81d..df9ec357d538 100644 > > --- a/arch/x86/kvm/x86.c > > +++ b/arch/x86/kvm/x86.c > > @@ -10858,6 +10858,14 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) > > > > if (kvm_check_request(KVM_REQ_UPDATE_CPU_DIRTY_LOGGING, vcpu)) > > static_call(kvm_x86_update_cpu_dirty_logging)(vcpu); > > + > > + if (kvm_check_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, vcpu)) { > > + kvm_vcpu_reset(vcpu, true); > > + if (vcpu->arch.mp_state != KVM_MP_STATE_RUNNABLE) { > > + r = 1; > > + goto out; > > + } > > + } > > } > > > > if (kvm_check_request(KVM_REQ_EVENT, vcpu) || req_int_win || > > @@ -13072,6 +13080,9 @@ static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu) > > if (kvm_test_request(KVM_REQ_PMI, vcpu)) > > return true; > > > > + if (kvm_test_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, vcpu)) > > + return true; > > + > > if (kvm_arch_interrupt_allowed(vcpu) && > > (kvm_cpu_has_interrupt(vcpu) || > > kvm_guest_apic_has_interrupt(vcpu))) > > -- > > 2.25.1 > > > >