LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Claudio Imbrenda <imbrenda@linux.ibm.com>
To: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: kvm@vger.kernel.org, cohuck@redhat.com, frankja@linux.ibm.com,
	thuth@redhat.com, pasic@linux.ibm.com, david@redhat.com,
	linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
	Ulrich.Weigand@de.ibm.com
Subject: Re: [PATCH v4 02/14] KVM: s390: pv: avoid double free of sida page
Date: Wed, 8 Sep 2021 20:50:27 +0200	[thread overview]
Message-ID: <20210908205027.4f595c6e@p-imbrenda> (raw)
In-Reply-To: <ad1a386e-3ae9-13d7-430b-c24ed0cc4c85@de.ibm.com>

On Tue, 31 Aug 2021 15:55:07 +0200
Christian Borntraeger <borntraeger@de.ibm.com> wrote:

> On 18.08.21 15:26, Claudio Imbrenda wrote:
> > If kvm_s390_pv_destroy_cpu is called more than once, we risk calling
> > free_page on a random page, since the sidad field is aliased with the
> > gbea, which is not guaranteed to be zero.
> > 
> > The solution is to simply return successfully immediately if the vCPU
> > was already non secure.
> > 
> > Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
> > Fixes: 19e1227768863a1469797c13ef8fea1af7beac2c ("KVM: S390: protvirt: Introduce instruction data area bounce buffer")  
> 
> Patch looks good. Do we have any potential case where we call this twice? In other words,
> do we need the Fixes tag with the code as of today or not?

I think so.

if QEMU calls KVM_PV_DISABLE, and it fails, some VCPUs might have been
made non secure, but the VM itself still counts as secure. QEMU can
then call KVM_PV_DISABLE again, which will try to convert all VCPUs to
non secure again, triggering this bug.

this scenario will not happen in practice (unless the hardware is
broken)

> > ---
> >   arch/s390/kvm/pv.c | 19 +++++++++----------
> >   1 file changed, 9 insertions(+), 10 deletions(-)
> > 
> > diff --git a/arch/s390/kvm/pv.c b/arch/s390/kvm/pv.c
> > index c8841f476e91..0a854115100b 100644
> > --- a/arch/s390/kvm/pv.c
> > +++ b/arch/s390/kvm/pv.c
> > @@ -16,18 +16,17 @@
> >   
> >   int kvm_s390_pv_destroy_cpu(struct kvm_vcpu *vcpu, u16 *rc, u16 *rrc)
> >   {
> > -	int cc = 0;
> > +	int cc;
> >   
> > -	if (kvm_s390_pv_cpu_get_handle(vcpu)) {
> > -		cc = uv_cmd_nodata(kvm_s390_pv_cpu_get_handle(vcpu),
> > -				   UVC_CMD_DESTROY_SEC_CPU, rc, rrc);
> > +	if (!kvm_s390_pv_cpu_get_handle(vcpu))
> > +		return 0;
> > +
> > +	cc = uv_cmd_nodata(kvm_s390_pv_cpu_get_handle(vcpu), UVC_CMD_DESTROY_SEC_CPU, rc, rrc);
> > +
> > +	KVM_UV_EVENT(vcpu->kvm, 3, "PROTVIRT DESTROY VCPU %d: rc %x rrc %x",
> > +		     vcpu->vcpu_id, *rc, *rrc);
> > +	WARN_ONCE(cc, "protvirt destroy cpu failed rc %x rrc %x", *rc, *rrc);
> >   
> > -		KVM_UV_EVENT(vcpu->kvm, 3,
> > -			     "PROTVIRT DESTROY VCPU %d: rc %x rrc %x",
> > -			     vcpu->vcpu_id, *rc, *rrc);
> > -		WARN_ONCE(cc, "protvirt destroy cpu failed rc %x rrc %x",
> > -			  *rc, *rrc);
> > -	}
> >   	/* Intended memory leak for something that should never happen. */
> >   	if (!cc)
> >   		free_pages(vcpu->arch.pv.stor_base,
> >   


  reply	other threads:[~2021-09-08 18:50 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-18 13:26 [PATCH v4 00/14] KVM: s390: pv: implement lazy destroy for reboot Claudio Imbrenda
2021-08-18 13:26 ` [PATCH v4 01/14] KVM: s390: pv: add macros for UVC CC values Claudio Imbrenda
2021-08-31 13:43   ` Christian Borntraeger
2021-08-18 13:26 ` [PATCH v4 02/14] KVM: s390: pv: avoid double free of sida page Claudio Imbrenda
2021-08-31 13:55   ` Christian Borntraeger
2021-09-08 18:50     ` Claudio Imbrenda [this message]
2021-08-31 13:59   ` Janosch Frank
2021-08-18 13:26 ` [PATCH v4 03/14] KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm Claudio Imbrenda
2021-08-31 14:10   ` Christian Borntraeger
2021-08-18 13:26 ` [PATCH v4 04/14] KVM: s390: pv: avoid stalls when making pages secure Claudio Imbrenda
2021-08-31 14:32   ` Christian Borntraeger
2021-08-31 15:00     ` Claudio Imbrenda
2021-08-31 15:11       ` Christian Borntraeger
2021-08-18 13:26 ` [PATCH v4 05/14] KVM: s390: pv: leak the ASCE page when destroy fails Claudio Imbrenda
2021-09-06 15:32   ` Christian Borntraeger
2021-09-06 15:54     ` Claudio Imbrenda
2021-08-18 13:26 ` [PATCH v4 06/14] KVM: s390: pv: properly handle page flags for protected guests Claudio Imbrenda
2021-09-06 15:46   ` Christian Borntraeger
2021-09-06 15:56     ` Claudio Imbrenda
2021-09-06 16:16       ` Christian Borntraeger
2021-09-17 14:57         ` Claudio Imbrenda
2021-08-18 13:26 ` [PATCH v4 07/14] KVM: s390: pv: handle secure storage violations " Claudio Imbrenda
2021-08-18 13:26 ` [PATCH v4 08/14] KVM: s390: pv: handle secure storage exceptions for normal guests Claudio Imbrenda
2021-08-18 13:26 ` [PATCH v4 09/14] KVM: s390: pv: refactor s390_reset_acc Claudio Imbrenda
2021-08-18 13:26 ` [PATCH v4 10/14] KVM: s390: pv: usage counter instead of flag Claudio Imbrenda
2021-08-26  7:58   ` Janis Schoetterl-Glausch
2021-08-18 13:26 ` [PATCH v4 11/14] KVM: s390: pv: add export before import Claudio Imbrenda
2021-08-18 13:26 ` [PATCH v4 12/14] KVM: s390: pv: module parameter to fence lazy destroy Claudio Imbrenda
2021-08-18 13:26 ` [PATCH v4 13/14] KVM: s390: pv: lazy destroy for reboot Claudio Imbrenda
2021-08-26  8:33   ` Janis Schoetterl-Glausch
2021-08-18 13:26 ` [PATCH v4 14/14] KVM: s390: pv: avoid export before import if possible Claudio Imbrenda

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210908205027.4f595c6e@p-imbrenda \
    --to=imbrenda@linux.ibm.com \
    --cc=Ulrich.Weigand@de.ibm.com \
    --cc=borntraeger@de.ibm.com \
    --cc=cohuck@redhat.com \
    --cc=david@redhat.com \
    --cc=frankja@linux.ibm.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=pasic@linux.ibm.com \
    --cc=thuth@redhat.com \
    --subject='Re: [PATCH v4 02/14] KVM: s390: pv: avoid double free of sida page' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).