* [pve-devel] [PATCH pve-kernel 0/2] cherry-pick a patch from kernel.org stable 5.15 for guests hanging during reboot
@ 2023-08-24 14:30 Stoiko Ivanov
2023-08-24 14:30 ` [pve-devel] [PATCH pve-kernel 1/2] refresh patches after ./debian/scripts/export-patchqueue Stoiko Ivanov
2023-08-24 14:30 ` [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot Stoiko Ivanov
0 siblings, 2 replies; 5+ messages in thread
From: Stoiko Ivanov @ 2023-08-24 14:30 UTC (permalink / raw)
To: pve-devel
The patch in
https://lore.kernel.org/lkml/20230608090348.414990-1-gshan@redhat.com/
has been pulled into 5.15.119 at kernel.org stable
It seems like a good fit to fix an issue, which has been present at at least
one user's installation for quite a long time (RHEL guests hanging in edk2
after a guest initiated reboot).
Stefan H. suggested this as a candidate after Friedrich found the link.
Sadly the issue is not really reproducible here in any coherent manner.
The kernel builds with sbuild - the patch applied cleanly
The first patch was the result of running import+export patchqueue.
Stoiko Ivanov (2):
refresh patches after ./debian/scripts/export-patchqueue
cherry-pick fix for uefi guests hanging upon guest-initialized reboot
...ides-for-missing-ACS-capabilities-4..patch | 4 +-
...-smm-add-structs-for-KVM-s-smram-lay.patch | 4 +-
...-smm-use-smram-structs-in-the-common.patch | 14 +-
...-smm-use-smram-struct-for-32-bit-smr.patch | 8 +-
...-smm-use-smram-struct-for-64-bit-smr.patch | 8 +-
.../0022-KVM-x86-SVM-use-smram-structs.patch | 4 +-
...-smm-preserve-interrupt-shadow-in-SM.patch | 12 +-
...l-stage2-mapping-on-invalid-memory-s.patch | 122 ++++++++++++++++++
8 files changed, 149 insertions(+), 27 deletions(-)
create mode 100644 patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH pve-kernel 1/2] refresh patches after ./debian/scripts/export-patchqueue
2023-08-24 14:30 [pve-devel] [PATCH pve-kernel 0/2] cherry-pick a patch from kernel.org stable 5.15 for guests hanging during reboot Stoiko Ivanov
@ 2023-08-24 14:30 ` Stoiko Ivanov
2023-08-24 14:30 ` [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot Stoiko Ivanov
1 sibling, 0 replies; 5+ messages in thread
From: Stoiko Ivanov @ 2023-08-24 14:30 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
...overrides-for-missing-ACS-capabilities-4..patch | 4 ++--
...lator-smm-add-structs-for-KVM-s-smram-lay.patch | 4 ++--
...lator-smm-use-smram-structs-in-the-common.patch | 14 +++++++-------
...lator-smm-use-smram-struct-for-32-bit-smr.patch | 8 ++++----
...lator-smm-use-smram-struct-for-64-bit-smr.patch | 8 ++++----
.../0022-KVM-x86-SVM-use-smram-structs.patch | 4 ++--
...lator-smm-preserve-interrupt-shadow-in-SM.patch | 12 ++++++------
7 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
index 0ac72e7a1483..9de3f0ee340e 100644
--- a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
+++ b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
@@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 111 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 68e20f4f1ad4..28131c19b1c9 100644
+index cad8753be8fa..474342bbb4b4 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -3978,6 +3978,15 @@
+@@ -4001,6 +4001,15 @@
Also, it enforces the PCI Local Bus spec
rule that those bits should be 0 in system reset
events (useful for kexec/kdump cases).
diff --git a/patches/kernel/0018-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch b/patches/kernel/0018-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch
index 242a3c85d6a5..2f018d0f8c2c 100644
--- a/patches/kernel/0018-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch
+++ b/patches/kernel/0018-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch
@@ -267,10 +267,10 @@ index fb09cd22cb7f..0b2bbcce321a 100644
#if defined(CONFIG_X86_32)
#define X86EMUL_MODE_HOST X86EMUL_MODE_PROT32
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 386b92c2e4aa..1b2f6cd3cc8d 100644
+index 3b19e0fdc5b0..f57d81400f21 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -12642,6 +12642,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit);
+@@ -12647,6 +12647,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit);
static int __init kvm_x86_init(void)
{
kvm_mmu_x86_module_init();
diff --git a/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch b/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch
index ab5df66589eb..52ad9170b1e4 100644
--- a/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch
+++ b/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch
@@ -17,7 +17,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 files changed, 28 insertions(+), 20 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index 1172a201d851..c4e382af1853 100644
+index 55d791ad4787..e05a22527585 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -200,6 +200,7 @@ typedef enum exit_fastpath_completion fastpath_t;
@@ -143,10 +143,10 @@ index b0b87c36be3d..545e321998d3 100644
return 0;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
-index 7db4c69ac77b..0e52ddd14c57 100644
+index c3382549fdf2..68a3b2844aed 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
-@@ -7615,7 +7615,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
+@@ -7630,7 +7630,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
return !is_smm(vcpu);
}
@@ -155,7 +155,7 @@ index 7db4c69ac77b..0e52ddd14c57 100644
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
-@@ -7629,7 +7629,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
+@@ -7644,7 +7644,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
return 0;
}
@@ -165,10 +165,10 @@ index 7db4c69ac77b..0e52ddd14c57 100644
struct vcpu_vmx *vmx = to_vmx(vcpu);
int ret;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 1b2f6cd3cc8d..1b7e08590493 100644
+index f57d81400f21..87952db52155 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -7440,9 +7440,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt)
+@@ -7445,9 +7445,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt)
}
static int emulator_leave_smm(struct x86_emulate_ctxt *ctxt,
@@ -180,7 +180,7 @@ index 1b2f6cd3cc8d..1b7e08590493 100644
}
static void emulator_triple_fault(struct x86_emulate_ctxt *ctxt)
-@@ -9321,25 +9321,25 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9326,25 +9326,25 @@ static void enter_smm(struct kvm_vcpu *vcpu)
struct kvm_segment cs, ds;
struct desc_ptr dt;
unsigned long cr0;
diff --git a/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch b/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch
index b13924e488a6..d4975fb4d0d7 100644
--- a/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch
+++ b/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch
@@ -145,10 +145,10 @@ index d3cc1b8e2ea6..0dd18d66f3b7 100644
if (ret != X86EMUL_CONTINUE)
goto emulate_shutdown;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 1b7e08590493..678318e5e0b4 100644
+index 87952db52155..26d6e3c3138f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -9175,22 +9175,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg)
+@@ -9180,22 +9180,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg)
return flags;
}
@@ -179,7 +179,7 @@ index 1b7e08590493..678318e5e0b4 100644
}
#ifdef CONFIG_X86_64
-@@ -9211,54 +9207,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
+@@ -9216,54 +9212,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
}
#endif
@@ -257,7 +257,7 @@ index 1b7e08590493..678318e5e0b4 100644
}
#ifdef CONFIG_X86_64
-@@ -9329,7 +9318,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9334,7 +9323,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
enter_smm_save_state_64(vcpu, (char *)&smram);
else
#endif
diff --git a/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch b/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch
index 1293c870c70e..d1f7ab57a2fe 100644
--- a/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch
+++ b/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch
@@ -154,10 +154,10 @@ index 0dd18d66f3b7..37c1662b5508 100644
#endif
ret = rsm_load_state_32(ctxt, &smram.smram32);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 678318e5e0b4..de1b88836442 100644
+index 26d6e3c3138f..76f7c78c4629 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -9190,20 +9190,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu,
+@@ -9195,20 +9195,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu,
}
#ifdef CONFIG_X86_64
@@ -185,7 +185,7 @@ index 678318e5e0b4..de1b88836442 100644
}
#endif
-@@ -9251,57 +9248,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9256,57 +9253,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
}
#ifdef CONFIG_X86_64
@@ -268,7 +268,7 @@ index 678318e5e0b4..de1b88836442 100644
}
#endif
-@@ -9315,7 +9306,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9320,7 +9311,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
memset(smram.bytes, 0, sizeof(smram.bytes));
#ifdef CONFIG_X86_64
if (guest_cpuid_has(vcpu, X86_FEATURE_LM))
diff --git a/patches/kernel/0022-KVM-x86-SVM-use-smram-structs.patch b/patches/kernel/0022-KVM-x86-SVM-use-smram-structs.patch
index 28ec75d03788..2d02108c3ce8 100644
--- a/patches/kernel/0022-KVM-x86-SVM-use-smram-structs.patch
+++ b/patches/kernel/0022-KVM-x86-SVM-use-smram-structs.patch
@@ -17,10 +17,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 6 insertions(+), 21 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index c4e382af1853..932c0f659468 100644
+index e05a22527585..457071be1f76 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
-@@ -1937,12 +1937,6 @@ static inline int kvm_cpu_get_apicid(int mps_cpu)
+@@ -1939,12 +1939,6 @@ static inline int kvm_cpu_get_apicid(int mps_cpu)
#endif
}
diff --git a/patches/kernel/0024-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch b/patches/kernel/0024-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch
index 1ed9798563b2..0ca385223fe6 100644
--- a/patches/kernel/0024-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch
+++ b/patches/kernel/0024-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch
@@ -128,10 +128,10 @@ index 3b37b3e17379..a64c190abf28 100644
__CHECK_SMRAM64_OFFSET(auto_hlt_restart, 0xFEC9);
__CHECK_SMRAM64_OFFSET(reserved2, 0xFECA);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index de1b88836442..e95c254b450f 100644
+index 76f7c78c4629..e34172783b7f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -7427,6 +7427,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked)
+@@ -7432,6 +7432,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked)
static_call(kvm_x86_set_nmi_mask)(emul_to_vcpu(ctxt), masked);
}
@@ -143,7 +143,7 @@ index de1b88836442..e95c254b450f 100644
static unsigned emulator_get_hflags(struct x86_emulate_ctxt *ctxt)
{
return emul_to_vcpu(ctxt)->arch.hflags;
-@@ -7496,6 +7501,7 @@ static const struct x86_emulate_ops emulate_ops = {
+@@ -7501,6 +7506,7 @@ static const struct x86_emulate_ops emulate_ops = {
.guest_has_fxsr = emulator_guest_has_fxsr,
.guest_has_rdpid = emulator_guest_has_rdpid,
.set_nmi_mask = emulator_set_nmi_mask,
@@ -151,7 +151,7 @@ index de1b88836442..e95c254b450f 100644
.get_hflags = emulator_get_hflags,
.exiting_smm = emulator_exiting_smm,
.leave_smm = emulator_leave_smm,
-@@ -9245,6 +9251,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9250,6 +9256,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
smram->cr4 = kvm_read_cr4(vcpu);
smram->smm_revision = 0x00020000;
smram->smbase = vcpu->arch.smbase;
@@ -160,7 +160,7 @@ index de1b88836442..e95c254b450f 100644
}
#ifdef CONFIG_X86_64
-@@ -9293,6 +9301,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9298,6 +9306,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat
enter_smm_save_seg_64(vcpu, &smram->ds, VCPU_SREG_DS);
enter_smm_save_seg_64(vcpu, &smram->fs, VCPU_SREG_FS);
enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS);
@@ -169,7 +169,7 @@ index de1b88836442..e95c254b450f 100644
}
#endif
-@@ -9329,6 +9339,8 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9334,6 +9344,8 @@ static void enter_smm(struct kvm_vcpu *vcpu)
kvm_set_rflags(vcpu, X86_EFLAGS_FIXED);
kvm_rip_write(vcpu, 0x8000);
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot
2023-08-24 14:30 [pve-devel] [PATCH pve-kernel 0/2] cherry-pick a patch from kernel.org stable 5.15 for guests hanging during reboot Stoiko Ivanov
2023-08-24 14:30 ` [pve-devel] [PATCH pve-kernel 1/2] refresh patches after ./debian/scripts/export-patchqueue Stoiko Ivanov
@ 2023-08-24 14:30 ` Stoiko Ivanov
2023-08-25 7:35 ` Fiona Ebner
1 sibling, 1 reply; 5+ messages in thread
From: Stoiko Ivanov @ 2023-08-24 14:30 UTC (permalink / raw)
To: pve-devel
This was identified as a potential fix for an issue we analyzed in our
Enterprise support, where guests would hang before the boot-loader
after being rebooted from within the guest (after applying updates for
RHEL 8).
https://lore.kernel.org/lkml/20230608090348.414990-1-gshan@redhat.com/
Suggested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
...l-stage2-mapping-on-invalid-memory-s.patch | 122 ++++++++++++++++++
1 file changed, 122 insertions(+)
create mode 100644 patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch
diff --git a/patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch b/patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch
new file mode 100644
index 000000000000..d50aab8e4d7c
--- /dev/null
+++ b/patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch
@@ -0,0 +1,122 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Thu, 15 Jun 2023 15:42:59 +1000
+Subject: [PATCH] KVM: Avoid illegal stage2 mapping on invalid memory slot
+
+commit 2230f9e1171a2e9731422a14d1bbc313c0b719d1 upstream.
+
+We run into guest hang in edk2 firmware when KSM is kept as running on
+the host. The edk2 firmware is waiting for status 0x80 from QEMU's pflash
+device (TYPE_PFLASH_CFI01) during the operation of sector erasing or
+buffered write. The status is returned by reading the memory region of
+the pflash device and the read request should have been forwarded to QEMU
+and emulated by it. Unfortunately, the read request is covered by an
+illegal stage2 mapping when the guest hang issue occurs. The read request
+is completed with QEMU bypassed and wrong status is fetched. The edk2
+firmware runs into an infinite loop with the wrong status.
+
+The illegal stage2 mapping is populated due to same page sharing by KSM
+at (C) even the associated memory slot has been marked as invalid at (B)
+when the memory slot is requested to be deleted. It's notable that the
+active and inactive memory slots can't be swapped when we're in the middle
+of kvm_mmu_notifier_change_pte() because kvm->mn_active_invalidate_count
+is elevated, and kvm_swap_active_memslots() will busy loop until it reaches
+to zero again. Besides, the swapping from the active to the inactive memory
+slots is also avoided by holding &kvm->srcu in __kvm_handle_hva_range(),
+corresponding to synchronize_srcu_expedited() in kvm_swap_active_memslots().
+
+ CPU-A CPU-B
+ ----- -----
+ ioctl(kvm_fd, KVM_SET_USER_MEMORY_REGION)
+ kvm_vm_ioctl_set_memory_region
+ kvm_set_memory_region
+ __kvm_set_memory_region
+ kvm_set_memslot(kvm, old, NULL, KVM_MR_DELETE)
+ kvm_invalidate_memslot
+ kvm_copy_memslot
+ kvm_replace_memslot
+ kvm_swap_active_memslots (A)
+ kvm_arch_flush_shadow_memslot (B)
+ same page sharing by KSM
+ kvm_mmu_notifier_invalidate_range_start
+ :
+ kvm_mmu_notifier_change_pte
+ kvm_handle_hva_range
+ __kvm_handle_hva_range
+ kvm_set_spte_gfn (C)
+ :
+ kvm_mmu_notifier_invalidate_range_end
+
+Fix the issue by skipping the invalid memory slot at (C) to avoid the
+illegal stage2 mapping so that the read request for the pflash's status
+is forwarded to QEMU and emulated by it. In this way, the correct pflash's
+status can be returned from QEMU to break the infinite loop in the edk2
+firmware.
+
+We tried a git-bisect and the first problematic commit is cd4c71835228 ("
+KVM: arm64: Convert to the gfn-based MMU notifier callbacks"). With this,
+clean_dcache_guest_page() is called after the memory slots are iterated
+in kvm_mmu_notifier_change_pte(). clean_dcache_guest_page() is called
+before the iteration on the memory slots before this commit. This change
+literally enlarges the racy window between kvm_mmu_notifier_change_pte()
+and memory slot removal so that we're able to reproduce the issue in a
+practical test case. However, the issue exists since commit d5d8184d35c9
+("KVM: ARM: Memory virtualization setup").
+
+Cc: stable@vger.kernel.org # v3.9+
+Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup")
+Reported-by: Shuai Hu <hshuai@redhat.com>
+Reported-by: Zhenyu Zhang <zhenyzha@redhat.com>
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Reviewed-by: Oliver Upton <oliver.upton@linux.dev>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Sean Christopherson <seanjc@google.com>
+Reviewed-by: Shaoqin Huang <shahuang@redhat.com>
+Message-Id: <20230615054259.14911-1-gshan@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+(cherry picked from commit 953dd7e2df8181d5ce4117fca347992d616f0621)
+Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
+---
+ virt/kvm/kvm_main.c | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
+index db159be9d5b8..6deb43c2d091 100644
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -636,6 +636,24 @@ static __always_inline int kvm_handle_hva_range_no_flush(struct mmu_notifier *mn
+
+ return __kvm_handle_hva_range(kvm, &range);
+ }
++
++static bool kvm_change_spte_gfn(struct kvm *kvm, struct kvm_gfn_range *range)
++{
++ /*
++ * Skipping invalid memslots is correct if and only change_pte() is
++ * surrounded by invalidate_range_{start,end}(), which is currently
++ * guaranteed by the primary MMU. If that ever changes, KVM needs to
++ * unmap the memslot instead of skipping the memslot to ensure that KVM
++ * doesn't hold references to the old PFN.
++ */
++ WARN_ON_ONCE(!READ_ONCE(kvm->mn_active_invalidate_count));
++
++ if (range->slot->flags & KVM_MEMSLOT_INVALID)
++ return false;
++
++ return kvm_set_spte_gfn(kvm, range);
++}
++
+ static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn,
+ struct mm_struct *mm,
+ unsigned long address,
+@@ -656,7 +674,7 @@ static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn,
+ if (!READ_ONCE(kvm->mmu_notifier_count))
+ return;
+
+- kvm_handle_hva_range(mn, address, address + 1, pte, kvm_set_spte_gfn);
++ kvm_handle_hva_range(mn, address, address + 1, pte, kvm_change_spte_gfn);
+ }
+
+ void kvm_inc_notifier_count(struct kvm *kvm, unsigned long start,
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot
2023-08-24 14:30 ` [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot Stoiko Ivanov
@ 2023-08-25 7:35 ` Fiona Ebner
2023-08-25 7:40 ` Stefan Hanreich
0 siblings, 1 reply; 5+ messages in thread
From: Fiona Ebner @ 2023-08-25 7:35 UTC (permalink / raw)
To: Proxmox VE development discussion, Stoiko Ivanov
Am 24.08.23 um 16:30 schrieb Stoiko Ivanov:
>
> https://lore.kernel.org/lkml/20230608090348.414990-1-gshan@redhat.com/
>
Note that this is actually about an older version of the patch.
> +
> +We tried a git-bisect and the first problematic commit is cd4c71835228 ("
> +KVM: arm64: Convert to the gfn-based MMU notifier callbacks"). With this,
> +clean_dcache_guest_page() is called after the memory slots are iterated
> +in kvm_mmu_notifier_change_pte(). clean_dcache_guest_page() is called
> +before the iteration on the memory slots before this commit. This change
> +literally enlarges the racy window between kvm_mmu_notifier_change_pte()
> +and memory slot removal so that we're able to reproduce the issue in a
> +practical test case. However, the issue exists since commit d5d8184d35c9
> +("KVM: ARM: Memory virtualization setup").
> +
> +Cc: stable@vger.kernel.org # v3.9+
> +Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup")
The mentioned commits and reading in the mail thread
>> Cc: stable@vger.kernel.org # v5.13+
>> Fixes: 3039bcc74498 ("KVM: Move x86's MMU notifier memslot walkers to generic code")
>
> This Fixes isn't correct. That change only affected x86, which doesn't have this
> bug. And looking at commit cd4c71835228 ("KVM: arm64: Convert to the gfn-based MMU
> notifier callbacks"), arm64 did NOT skip invalid slots
unfortunately make it sound like it's not an x86 issue. But who knows? I
guess it won't hurt in either case, as it's already in upstream stable.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot
2023-08-25 7:35 ` Fiona Ebner
@ 2023-08-25 7:40 ` Stefan Hanreich
0 siblings, 0 replies; 5+ messages in thread
From: Stefan Hanreich @ 2023-08-25 7:40 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner, Stoiko Ivanov
On 8/25/23 09:35, Fiona Ebner wrote:
> The mentioned commits and reading in the mail thread
>
>>> Cc: stable@vger.kernel.org # v5.13+
>>> Fixes: 3039bcc74498 ("KVM: Move x86's MMU notifier memslot walkers to generic code")
>>
>> This Fixes isn't correct. That change only affected x86, which doesn't have this
>> bug. And looking at commit cd4c71835228 ("KVM: arm64: Convert to the gfn-based MMU
>> notifier callbacks"), arm64 did NOT skip invalid slots
>
> unfortunately make it sound like it's not an x86 issue. But who knows? I
> guess it won't hurt in either case, as it's already in upstream stable.
>
Also looks like the affected systems do not have KSM turned on either
way, so it's quite unlikely to be the fix at this point.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-08-25 7:41 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-24 14:30 [pve-devel] [PATCH pve-kernel 0/2] cherry-pick a patch from kernel.org stable 5.15 for guests hanging during reboot Stoiko Ivanov
2023-08-24 14:30 ` [pve-devel] [PATCH pve-kernel 1/2] refresh patches after ./debian/scripts/export-patchqueue Stoiko Ivanov
2023-08-24 14:30 ` [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot Stoiko Ivanov
2023-08-25 7:35 ` Fiona Ebner
2023-08-25 7:40 ` Stefan Hanreich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox