mirror of
https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
synced 2025-10-25 23:05:23 +10:00
fa808ed4e1
Vladimir reports that a race condition to attach a VMID to a stage-2 MMU
sometimes results in a vCPU entering the guest with a VMID of 0:
| CPU1 | CPU2
| |
| | kvm_arch_vcpu_ioctl_run
| | vcpu_load <= load VTTBR_EL2
| | kvm_vmid->id = 0
| |
| kvm_arch_vcpu_ioctl_run |
| vcpu_load <= load VTTBR_EL2 |
| with kvm_vmid->id = 0|
| kvm_arm_vmid_update <= allocates fresh |
| kvm_vmid->id and |
| reload VTTBR_EL2 |
| |
| | kvm_arm_vmid_update <= observes that kvm_vmid->id
| | already allocated,
| | skips reload VTTBR_EL2
Oh yeah, it's as bad as it looks. Remember that VHE loads the stage-2
MMU eagerly but a VMID only gets attached to the MMU later on in the
KVM_RUN loop.
Even in the "best case" where VTTBR_EL2 correctly gets reprogrammed
before entering the EL1&0 regime, there is a period of time where
hardware is configured with VMID 0. That's completely insane. So, rather
than decorating the 'late' binding with another hack, just allocate the
damn thing up front.
Attaching a VMID from vcpu_load() is still rollover safe since
(surprise!) it'll always get called after a vCPU was preempted.
Excuse me while I go find a brown paper bag.
Cc: stable@vger.kernel.org
Fixes:
|
||
|---|---|---|
| .. | ||
| hyp | ||
| vgic | ||
| .gitignore | ||
| arch_timer.c | ||
| arm.c | ||
| at.c | ||
| debug.c | ||
| emulate-nested.c | ||
| fpsimd.c | ||
| guest.c | ||
| handle_exit.c | ||
| hypercalls.c | ||
| inject_fault.c | ||
| Kconfig | ||
| Makefile | ||
| mmio.c | ||
| mmu.c | ||
| nested.c | ||
| pauth.c | ||
| pkvm.c | ||
| pmu-emul.c | ||
| pmu.c | ||
| psci.c | ||
| ptdump.c | ||
| pvtime.c | ||
| reset.c | ||
| stacktrace.c | ||
| sys_regs.c | ||
| sys_regs.h | ||
| trace_arm.h | ||
| trace_handle_exit.h | ||
| trace.h | ||
| trng.c | ||
| va_layout.c | ||
| vgic-sys-reg-v3.c | ||
| vmid.c | ||