[pve-devel] [PATCH pve-kernel 0/2] cherry-pick a patch from kernel.org stable 5.15 for guests hanging during reboot

[pve-devel] [PATCH pve-kernel 0/2] cherry-pick a patch from kernel.org stable 5.15 for guests hanging during reboot

[Stoiko Ivanov]

The patch in
https://lore.kernel.org/lkml/20230608090348.414990-1-gshan@redhat.com/

has been pulled into 5.15.119 at kernel.org stable

It seems like a good fit to fix an issue, which has been present at at least
one user's installation for quite a long time (RHEL guests hanging in edk2
after a guest initiated reboot).

Stefan H. suggested this as a candidate after Friedrich found the link.

Sadly the issue is not really reproducible here in any coherent manner.

The kernel builds with sbuild - the patch applied cleanly
The first patch was the result of running import+export patchqueue.

Stoiko Ivanov (2):
  refresh patches after ./debian/scripts/export-patchqueue
  cherry-pick fix for uefi guests hanging upon guest-initialized reboot

 ...ides-for-missing-ACS-capabilities-4..patch |   4 +-
 ...-smm-add-structs-for-KVM-s-smram-lay.patch |   4 +-
 ...-smm-use-smram-structs-in-the-common.patch |  14 +-
 ...-smm-use-smram-struct-for-32-bit-smr.patch |   8 +-
 ...-smm-use-smram-struct-for-64-bit-smr.patch |   8 +-
 .../0022-KVM-x86-SVM-use-smram-structs.patch  |   4 +-
 ...-smm-preserve-interrupt-shadow-in-SM.patch |  12 +-
 ...l-stage2-mapping-on-invalid-memory-s.patch | 122 ++++++++++++++++++
 8 files changed, 149 insertions(+), 27 deletions(-)
 create mode 100644 patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch

-- 
2.39.2

[pve-devel] [PATCH pve-kernel 1/2] refresh patches after ./debian/scripts/export-patchqueue

[Stoiko Ivanov]

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 ...overrides-for-missing-ACS-capabilities-4..patch |  4 ++--
 ...lator-smm-add-structs-for-KVM-s-smram-lay.patch |  4 ++--
 ...lator-smm-use-smram-structs-in-the-common.patch | 14 +++++++-------
 ...lator-smm-use-smram-struct-for-32-bit-smr.patch |  8 ++++----
 ...lator-smm-use-smram-struct-for-64-bit-smr.patch |  8 ++++----
 .../0022-KVM-x86-SVM-use-smram-structs.patch       |  4 ++--
 ...lator-smm-preserve-interrupt-shadow-in-SM.patch | 12 ++++++------
 7 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
index 0ac72e7a1483..9de3f0ee340e 100644
--- a/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
+++ b/patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
@@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 111 insertions(+)
 
 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 68e20f4f1ad4..28131c19b1c9 100644
+index cad8753be8fa..474342bbb4b4 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -3978,6 +3978,15 @@
+@@ -4001,6 +4001,15 @@
  				Also, it enforces the PCI Local Bus spec
  				rule that those bits should be 0 in system reset
  				events (useful for kexec/kdump cases).
diff --git a/patches/kernel/0018-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch b/patches/kernel/0018-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch
index 242a3c85d6a5..2f018d0f8c2c 100644
--- a/patches/kernel/0018-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch
+++ b/patches/kernel/0018-KVM-x86-emulator-smm-add-structs-for-KVM-s-smram-lay.patch
@@ -267,10 +267,10 @@ index fb09cd22cb7f..0b2bbcce321a 100644
  #if defined(CONFIG_X86_32)
  #define X86EMUL_MODE_HOST X86EMUL_MODE_PROT32
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 386b92c2e4aa..1b2f6cd3cc8d 100644
+index 3b19e0fdc5b0..f57d81400f21 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -12642,6 +12642,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit);
+@@ -12647,6 +12647,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_vmgexit_msr_protocol_exit);
  static int __init kvm_x86_init(void)
  {
  	kvm_mmu_x86_module_init();
diff --git a/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch b/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch
index ab5df66589eb..52ad9170b1e4 100644
--- a/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch
+++ b/patches/kernel/0019-KVM-x86-emulator-smm-use-smram-structs-in-the-common.patch
@@ -17,7 +17,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  6 files changed, 28 insertions(+), 20 deletions(-)
 
 diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index 1172a201d851..c4e382af1853 100644
+index 55d791ad4787..e05a22527585 100644
 --- a/arch/x86/include/asm/kvm_host.h
 +++ b/arch/x86/include/asm/kvm_host.h
 @@ -200,6 +200,7 @@ typedef enum exit_fastpath_completion fastpath_t;
@@ -143,10 +143,10 @@ index b0b87c36be3d..545e321998d3 100644
  		return 0;
  
 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
-index 7db4c69ac77b..0e52ddd14c57 100644
+index c3382549fdf2..68a3b2844aed 100644
 --- a/arch/x86/kvm/vmx/vmx.c
 +++ b/arch/x86/kvm/vmx/vmx.c
-@@ -7615,7 +7615,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
+@@ -7630,7 +7630,7 @@ static int vmx_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
  	return !is_smm(vcpu);
  }
  
@@ -155,7 +155,7 @@ index 7db4c69ac77b..0e52ddd14c57 100644
  {
  	struct vcpu_vmx *vmx = to_vmx(vcpu);
  
-@@ -7629,7 +7629,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
+@@ -7644,7 +7644,7 @@ static int vmx_enter_smm(struct kvm_vcpu *vcpu, char *smstate)
  	return 0;
  }
  
@@ -165,10 +165,10 @@ index 7db4c69ac77b..0e52ddd14c57 100644
  	struct vcpu_vmx *vmx = to_vmx(vcpu);
  	int ret;
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 1b2f6cd3cc8d..1b7e08590493 100644
+index f57d81400f21..87952db52155 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -7440,9 +7440,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt)
+@@ -7445,9 +7445,9 @@ static void emulator_exiting_smm(struct x86_emulate_ctxt *ctxt)
  }
  
  static int emulator_leave_smm(struct x86_emulate_ctxt *ctxt,
@@ -180,7 +180,7 @@ index 1b2f6cd3cc8d..1b7e08590493 100644
  }
  
  static void emulator_triple_fault(struct x86_emulate_ctxt *ctxt)
-@@ -9321,25 +9321,25 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9326,25 +9326,25 @@ static void enter_smm(struct kvm_vcpu *vcpu)
  	struct kvm_segment cs, ds;
  	struct desc_ptr dt;
  	unsigned long cr0;
diff --git a/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch b/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch
index b13924e488a6..d4975fb4d0d7 100644
--- a/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch
+++ b/patches/kernel/0020-KVM-x86-emulator-smm-use-smram-struct-for-32-bit-smr.patch
@@ -145,10 +145,10 @@ index d3cc1b8e2ea6..0dd18d66f3b7 100644
  	if (ret != X86EMUL_CONTINUE)
  		goto emulate_shutdown;
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 1b7e08590493..678318e5e0b4 100644
+index 87952db52155..26d6e3c3138f 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -9175,22 +9175,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg)
+@@ -9180,22 +9180,18 @@ static u32 enter_smm_get_segment_flags(struct kvm_segment *seg)
  	return flags;
  }
  
@@ -179,7 +179,7 @@ index 1b7e08590493..678318e5e0b4 100644
  }
  
  #ifdef CONFIG_X86_64
-@@ -9211,54 +9207,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
+@@ -9216,54 +9212,47 @@ static void enter_smm_save_seg_64(struct kvm_vcpu *vcpu, char *buf, int n)
  }
  #endif
  
@@ -257,7 +257,7 @@ index 1b7e08590493..678318e5e0b4 100644
  }
  
  #ifdef CONFIG_X86_64
-@@ -9329,7 +9318,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9334,7 +9323,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
  		enter_smm_save_state_64(vcpu, (char *)&smram);
  	else
  #endif
diff --git a/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch b/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch
index 1293c870c70e..d1f7ab57a2fe 100644
--- a/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch
+++ b/patches/kernel/0021-KVM-x86-emulator-smm-use-smram-struct-for-64-bit-smr.patch
@@ -154,10 +154,10 @@ index 0dd18d66f3b7..37c1662b5508 100644
  #endif
  		ret = rsm_load_state_32(ctxt, &smram.smram32);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 678318e5e0b4..de1b88836442 100644
+index 26d6e3c3138f..76f7c78c4629 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -9190,20 +9190,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu,
+@@ -9195,20 +9195,17 @@ static void enter_smm_save_seg_32(struct kvm_vcpu *vcpu,
  }
  
  #ifdef CONFIG_X86_64
@@ -185,7 +185,7 @@ index 678318e5e0b4..de1b88836442 100644
  }
  #endif
  
-@@ -9251,57 +9248,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9256,57 +9253,51 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
  }
  
  #ifdef CONFIG_X86_64
@@ -268,7 +268,7 @@ index 678318e5e0b4..de1b88836442 100644
  }
  #endif
  
-@@ -9315,7 +9306,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9320,7 +9311,7 @@ static void enter_smm(struct kvm_vcpu *vcpu)
  	memset(smram.bytes, 0, sizeof(smram.bytes));
  #ifdef CONFIG_X86_64
  	if (guest_cpuid_has(vcpu, X86_FEATURE_LM))
diff --git a/patches/kernel/0022-KVM-x86-SVM-use-smram-structs.patch b/patches/kernel/0022-KVM-x86-SVM-use-smram-structs.patch
index 28ec75d03788..2d02108c3ce8 100644
--- a/patches/kernel/0022-KVM-x86-SVM-use-smram-structs.patch
+++ b/patches/kernel/0022-KVM-x86-SVM-use-smram-structs.patch
@@ -17,10 +17,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 6 insertions(+), 21 deletions(-)
 
 diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index c4e382af1853..932c0f659468 100644
+index e05a22527585..457071be1f76 100644
 --- a/arch/x86/include/asm/kvm_host.h
 +++ b/arch/x86/include/asm/kvm_host.h
-@@ -1937,12 +1937,6 @@ static inline int kvm_cpu_get_apicid(int mps_cpu)
+@@ -1939,12 +1939,6 @@ static inline int kvm_cpu_get_apicid(int mps_cpu)
  #endif
  }
  
diff --git a/patches/kernel/0024-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch b/patches/kernel/0024-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch
index 1ed9798563b2..0ca385223fe6 100644
--- a/patches/kernel/0024-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch
+++ b/patches/kernel/0024-KVM-x86-emulator-smm-preserve-interrupt-shadow-in-SM.patch
@@ -128,10 +128,10 @@ index 3b37b3e17379..a64c190abf28 100644
  	__CHECK_SMRAM64_OFFSET(auto_hlt_restart,	0xFEC9);
  	__CHECK_SMRAM64_OFFSET(reserved2,		0xFECA);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index de1b88836442..e95c254b450f 100644
+index 76f7c78c4629..e34172783b7f 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -7427,6 +7427,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked)
+@@ -7432,6 +7432,11 @@ static void emulator_set_nmi_mask(struct x86_emulate_ctxt *ctxt, bool masked)
  	static_call(kvm_x86_set_nmi_mask)(emul_to_vcpu(ctxt), masked);
  }
  
@@ -143,7 +143,7 @@ index de1b88836442..e95c254b450f 100644
  static unsigned emulator_get_hflags(struct x86_emulate_ctxt *ctxt)
  {
  	return emul_to_vcpu(ctxt)->arch.hflags;
-@@ -7496,6 +7501,7 @@ static const struct x86_emulate_ops emulate_ops = {
+@@ -7501,6 +7506,7 @@ static const struct x86_emulate_ops emulate_ops = {
  	.guest_has_fxsr      = emulator_guest_has_fxsr,
  	.guest_has_rdpid     = emulator_guest_has_rdpid,
  	.set_nmi_mask        = emulator_set_nmi_mask,
@@ -151,7 +151,7 @@ index de1b88836442..e95c254b450f 100644
  	.get_hflags          = emulator_get_hflags,
  	.exiting_smm         = emulator_exiting_smm,
  	.leave_smm           = emulator_leave_smm,
-@@ -9245,6 +9251,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9250,6 +9256,8 @@ static void enter_smm_save_state_32(struct kvm_vcpu *vcpu, struct kvm_smram_stat
  	smram->cr4 = kvm_read_cr4(vcpu);
  	smram->smm_revision = 0x00020000;
  	smram->smbase = vcpu->arch.smbase;
@@ -160,7 +160,7 @@ index de1b88836442..e95c254b450f 100644
  }
  
  #ifdef CONFIG_X86_64
-@@ -9293,6 +9301,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat
+@@ -9298,6 +9306,8 @@ static void enter_smm_save_state_64(struct kvm_vcpu *vcpu, struct kvm_smram_stat
  	enter_smm_save_seg_64(vcpu, &smram->ds, VCPU_SREG_DS);
  	enter_smm_save_seg_64(vcpu, &smram->fs, VCPU_SREG_FS);
  	enter_smm_save_seg_64(vcpu, &smram->gs, VCPU_SREG_GS);
@@ -169,7 +169,7 @@ index de1b88836442..e95c254b450f 100644
  }
  #endif
  
-@@ -9329,6 +9339,8 @@ static void enter_smm(struct kvm_vcpu *vcpu)
+@@ -9334,6 +9344,8 @@ static void enter_smm(struct kvm_vcpu *vcpu)
  	kvm_set_rflags(vcpu, X86_EFLAGS_FIXED);
  	kvm_rip_write(vcpu, 0x8000);
  
-- 
2.39.2

[pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot

[Stoiko Ivanov]

This was identified as a potential fix for an issue we analyzed in our
Enterprise support, where guests would hang before the boot-loader
after being rebooted from within the guest (after applying updates for
RHEL 8).

https://lore.kernel.org/lkml/20230608090348.414990-1-gshan@redhat.com/

Suggested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 ...l-stage2-mapping-on-invalid-memory-s.patch | 122 ++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch

diff --git a/patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch b/patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch
new file mode 100644
index 000000000000..d50aab8e4d7c
--- /dev/null
+++ b/patches/kernel/0025-KVM-Avoid-illegal-stage2-mapping-on-invalid-memory-s.patch
@@ -0,0 +1,122 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Gavin Shan <gshan@redhat.com>
+Date: Thu, 15 Jun 2023 15:42:59 +1000
+Subject: [PATCH] KVM: Avoid illegal stage2 mapping on invalid memory slot
+
+commit 2230f9e1171a2e9731422a14d1bbc313c0b719d1 upstream.
+
+We run into guest hang in edk2 firmware when KSM is kept as running on
+the host. The edk2 firmware is waiting for status 0x80 from QEMU's pflash
+device (TYPE_PFLASH_CFI01) during the operation of sector erasing or
+buffered write. The status is returned by reading the memory region of
+the pflash device and the read request should have been forwarded to QEMU
+and emulated by it. Unfortunately, the read request is covered by an
+illegal stage2 mapping when the guest hang issue occurs. The read request
+is completed with QEMU bypassed and wrong status is fetched. The edk2
+firmware runs into an infinite loop with the wrong status.
+
+The illegal stage2 mapping is populated due to same page sharing by KSM
+at (C) even the associated memory slot has been marked as invalid at (B)
+when the memory slot is requested to be deleted. It's notable that the
+active and inactive memory slots can't be swapped when we're in the middle
+of kvm_mmu_notifier_change_pte() because kvm->mn_active_invalidate_count
+is elevated, and kvm_swap_active_memslots() will busy loop until it reaches
+to zero again. Besides, the swapping from the active to the inactive memory
+slots is also avoided by holding &kvm->srcu in __kvm_handle_hva_range(),
+corresponding to synchronize_srcu_expedited() in kvm_swap_active_memslots().
+
+  CPU-A                    CPU-B
+  -----                    -----
+                           ioctl(kvm_fd, KVM_SET_USER_MEMORY_REGION)
+                           kvm_vm_ioctl_set_memory_region
+                           kvm_set_memory_region
+                           __kvm_set_memory_region
+                           kvm_set_memslot(kvm, old, NULL, KVM_MR_DELETE)
+                             kvm_invalidate_memslot
+                               kvm_copy_memslot
+                               kvm_replace_memslot
+                               kvm_swap_active_memslots        (A)
+                               kvm_arch_flush_shadow_memslot   (B)
+  same page sharing by KSM
+  kvm_mmu_notifier_invalidate_range_start
+        :
+  kvm_mmu_notifier_change_pte
+    kvm_handle_hva_range
+    __kvm_handle_hva_range
+    kvm_set_spte_gfn            (C)
+        :
+  kvm_mmu_notifier_invalidate_range_end
+
+Fix the issue by skipping the invalid memory slot at (C) to avoid the
+illegal stage2 mapping so that the read request for the pflash's status
+is forwarded to QEMU and emulated by it. In this way, the correct pflash's
+status can be returned from QEMU to break the infinite loop in the edk2
+firmware.
+
+We tried a git-bisect and the first problematic commit is cd4c71835228 ("
+KVM: arm64: Convert to the gfn-based MMU notifier callbacks"). With this,
+clean_dcache_guest_page() is called after the memory slots are iterated
+in kvm_mmu_notifier_change_pte(). clean_dcache_guest_page() is called
+before the iteration on the memory slots before this commit. This change
+literally enlarges the racy window between kvm_mmu_notifier_change_pte()
+and memory slot removal so that we're able to reproduce the issue in a
+practical test case. However, the issue exists since commit d5d8184d35c9
+("KVM: ARM: Memory virtualization setup").
+
+Cc: stable@vger.kernel.org # v3.9+
+Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup")
+Reported-by: Shuai Hu <hshuai@redhat.com>
+Reported-by: Zhenyu Zhang <zhenyzha@redhat.com>
+Signed-off-by: Gavin Shan <gshan@redhat.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Reviewed-by: Oliver Upton <oliver.upton@linux.dev>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Sean Christopherson <seanjc@google.com>
+Reviewed-by: Shaoqin Huang <shahuang@redhat.com>
+Message-Id: <20230615054259.14911-1-gshan@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+(cherry picked from commit 953dd7e2df8181d5ce4117fca347992d616f0621)
+Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
+---
+ virt/kvm/kvm_main.c | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
+index db159be9d5b8..6deb43c2d091 100644
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -636,6 +636,24 @@ static __always_inline int kvm_handle_hva_range_no_flush(struct mmu_notifier *mn
+ 
+ 	return __kvm_handle_hva_range(kvm, &range);
+ }
++
++static bool kvm_change_spte_gfn(struct kvm *kvm, struct kvm_gfn_range *range)
++{
++	/*
++	 * Skipping invalid memslots is correct if and only change_pte() is
++	 * surrounded by invalidate_range_{start,end}(), which is currently
++	 * guaranteed by the primary MMU.  If that ever changes, KVM needs to
++	 * unmap the memslot instead of skipping the memslot to ensure that KVM
++	 * doesn't hold references to the old PFN.
++	 */
++	WARN_ON_ONCE(!READ_ONCE(kvm->mn_active_invalidate_count));
++
++	if (range->slot->flags & KVM_MEMSLOT_INVALID)
++		return false;
++
++	return kvm_set_spte_gfn(kvm, range);
++}
++
+ static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn,
+ 					struct mm_struct *mm,
+ 					unsigned long address,
+@@ -656,7 +674,7 @@ static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn,
+ 	if (!READ_ONCE(kvm->mmu_notifier_count))
+ 		return;
+ 
+-	kvm_handle_hva_range(mn, address, address + 1, pte, kvm_set_spte_gfn);
++	kvm_handle_hva_range(mn, address, address + 1, pte, kvm_change_spte_gfn);
+ }
+ 
+ void kvm_inc_notifier_count(struct kvm *kvm, unsigned long start,
-- 
2.39.2

Re: [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot

[Fiona Ebner]

Am 24.08.23 um 16:30 schrieb Stoiko Ivanov:
> 
> https://lore.kernel.org/lkml/20230608090348.414990-1-gshan@redhat.com/
> 

Note that this is actually about an older version of the patch.

> +
> +We tried a git-bisect and the first problematic commit is cd4c71835228 ("
> +KVM: arm64: Convert to the gfn-based MMU notifier callbacks"). With this,
> +clean_dcache_guest_page() is called after the memory slots are iterated
> +in kvm_mmu_notifier_change_pte(). clean_dcache_guest_page() is called
> +before the iteration on the memory slots before this commit. This change
> +literally enlarges the racy window between kvm_mmu_notifier_change_pte()
> +and memory slot removal so that we're able to reproduce the issue in a
> +practical test case. However, the issue exists since commit d5d8184d35c9
> +("KVM: ARM: Memory virtualization setup").
> +
> +Cc: stable@vger.kernel.org # v3.9+
> +Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup")

The mentioned commits and reading in the mail thread

>> Cc: stable@vger.kernel.org # v5.13+
>> Fixes: 3039bcc74498 ("KVM: Move x86's MMU notifier memslot walkers to generic code")
> 
> This Fixes isn't correct.  That change only affected x86, which doesn't have this
> bug.  And looking at commit cd4c71835228 ("KVM: arm64: Convert to the gfn-based MMU
> notifier callbacks"), arm64 did NOT skip invalid slots

unfortunately make it sound like it's not an x86 issue. But who knows? I
guess it won't hurt in either case, as it's already in upstream stable.

Re: [pve-devel] [PATCH pve-kernel 2/2] cherry-pick fix for uefi guests hanging upon guest-initialized reboot

[Stefan Hanreich]

On 8/25/23 09:35, Fiona Ebner wrote:
> The mentioned commits and reading in the mail thread
> 
>>> Cc: stable@vger.kernel.org # v5.13+
>>> Fixes: 3039bcc74498 ("KVM: Move x86's MMU notifier memslot walkers to generic code")
>>
>> This Fixes isn't correct.  That change only affected x86, which doesn't have this
>> bug.  And looking at commit cd4c71835228 ("KVM: arm64: Convert to the gfn-based MMU
>> notifier callbacks"), arm64 did NOT skip invalid slots
> 
> unfortunately make it sound like it's not an x86 issue. But who knows? I
> guess it won't hurt in either case, as it's already in upstream stable.
> 

Also looks like the affected systems do not have KSM turned on either 
way, so it's quite unlikely to be the fix at this point.