git.baikalelectronics.ru Git - kernel.git/commit

author	Michal Luczaj <mhal@rbox.co>
	Thu, 13 Oct 2022 21:12:19 +0000 (21:12 +0000)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Thu, 27 Oct 2022 10:47:53 +0000 (06:47 -0400)
commit	2d4d9bb9529167e2c0c24b33a97af7de5b4f37ef
tree	5cb93429b46eebe321ca3769e655d8508331ab23	tree \| snapshot
parent	b6560ba6a81553196506b634ac1f21781053e75d	commit \| diff

KVM: Initialize gfn_to_pfn_cache locks in dedicated helper

Move the gfn_to_pfn_cache lock initialization to another helper and
call the new helper during VM/vCPU creation.  There are race
conditions possible due to kvm_gfn_to_pfn_cache_init()'s
ability to re-initialize the cache's locks.

For example: a race between ioctl(KVM_XEN_HVM_EVTCHN_SEND) and
kvm_gfn_to_pfn_cache_init() leads to a corrupted shinfo gpc lock.

                (thread 1)                |           (thread 2)
                                          |
kvm_xen_set_evtchn_fast                  |
  read_lock_irqsave(&gpc->lock, ...)      |
                                          | kvm_gfn_to_pfn_cache_init
                                          |  rwlock_init(&gpc->lock)
  read_unlock_irqrestore(&gpc->lock, ...) |

Rename "cache_init" and "cache_destroy" to activate+deactivate to
avoid implying that the cache really is destroyed/freed.

Note, there more races in the newly named kvm_gpc_activate() that will
be addressed separately.

Fixes: 6c84388d65b5 ("KVM: Reinstate gfn_to_pfn_cache with invalidation support")
Cc: stable@vger.kernel.org
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Michal Luczaj <mhal@rbox.co>
[sean: call out that this is a bug fix]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20221013211234.1318131-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/kvm/x86.c		diff \| blob \| history
arch/x86/kvm/xen.c		diff \| blob \| history
include/linux/kvm_host.h		diff \| blob \| history
virt/kvm/pfncache.c		diff \| blob \| history