KVM: LAPIC: Fix reentrancy issues with preempt notifiers

Wanpeng Li · bonzini · commit 1d518c6820da · 2017-07-26T19:04:53.000+02:00
Preempt can occur in the preemption timer expiration handler: CPU0 CPU1 preemption timer vmexit handle_preemption_timer(vCPU0) kvm_lapic_expired_hv_timer hv_timer_is_use == true sched_out sched_in kvm_arch_vcpu_load kvm_lapic_restart_hv_timer restart_apic_timer start_hv_timer already-expired timer or sw timer triggerd in the window start_sw_timer cancel_hv_timer /* back in kvm_lapic_expired_hv_timer */ cancel_hv_timer WARN_ON(!apic->lapic_timer.hv_timer_in_use); ==> Oops This can be reproduced if CONFIG_PREEMPT is enabled. ------------[ cut here ]------------ WARNING: CPU: 4 PID: 2972 at /home/kernel/linux/arch/x86/kvm//lapic.c:1563 kvm_lapic_expired_hv_timer+0x9e/0xb0 [kvm] CPU: 4 PID: 2972 Comm: qemu-system-x86 Tainted: G OE 4.13.0-rc2+ #16 RIP: 0010:kvm_lapic_expired_hv_timer+0x9e/0xb0 [kvm] Call Trace: handle_preemption_timer+0xe/0x20 [kvm_intel] vmx_handle_exit+0xb8/0xd70 [kvm_intel] kvm_arch_vcpu_ioctl_run+0xdd1/0x1be0 [kvm] ? kvm_arch_vcpu_load+0x47/0x230 [kvm] ? kvm_arch_vcpu_load+0x62/0x230 [kvm] kvm_vcpu_ioctl+0x340/0x700 [kvm] ? kvm_vcpu_ioctl+0x340/0x700 [kvm] ? __fget+0xfc/0x210 do_vfs_ioctl+0xa4/0x6a0 ? __fget+0x11d/0x210 SyS_ioctl+0x79/0x90 do_syscall_64+0x81/0x220 entry_SYSCALL64_slow_path+0x25/0x25 ------------[ cut here ]------------ WARNING: CPU: 4 PID: 2972 at /home/kernel/linux/arch/x86/kvm//lapic.c:1498 cancel_hv_timer.isra.40+0x4f/0x60 [kvm] CPU: 4 PID: 2972 Comm: qemu-system-x86 Tainted: G W OE 4.13.0-rc2+ #16 RIP: 0010:cancel_hv_timer.isra.40+0x4f/0x60 [kvm] Call Trace: kvm_lapic_expired_hv_timer+0x3e/0xb0 [kvm] handle_preemption_timer+0xe/0x20 [kvm_intel] vmx_handle_exit+0xb8/0xd70 [kvm_intel] kvm_arch_vcpu_ioctl_run+0xdd1/0x1be0 [kvm] ? kvm_arch_vcpu_load+0x47/0x230 [kvm] ? kvm_arch_vcpu_load+0x62/0x230 [kvm] kvm_vcpu_ioctl+0x340/0x700 [kvm] ? kvm_vcpu_ioctl+0x340/0x700 [kvm] ? __fget+0xfc/0x210 do_vfs_ioctl+0xa4/0x6a0 ? __fget+0x11d/0x210 SyS_ioctl+0x79/0x90 do_syscall_64+0x81/0x220 entry_SYSCALL64_slow_path+0x25/0x25 This patch fixes it by making the caller of cancel_hv_timer, start_hv_timer and start_sw_timer be in preemption-disabled regions, which trivially avoid any reentrancy issue with preempt notifier. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com> [Add more WARNs. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
@@ -1495,18 +1495,18 @@ EXPORT_SYMBOL_GPL(kvm_lapic_hv_timer_in_use);
 
 static void cancel_hv_timer(struct kvm_lapic *apic)
 {
+	WARN_ON(preemptible());
 	WARN_ON(!apic->lapic_timer.hv_timer_in_use);
-	preempt_disable();
 	kvm_x86_ops->cancel_hv_timer(apic->vcpu);
 	apic->lapic_timer.hv_timer_in_use = false;
-	preempt_enable();
 }
 
 static bool start_hv_timer(struct kvm_lapic *apic)
 {
 	struct kvm_timer *ktimer = &apic->lapic_timer;
 	int r;
 
+	WARN_ON(preemptible());
 	if (!kvm_x86_ops->set_hv_timer)
 		return false;
 
@@ -1538,6 +1538,8 @@ static bool start_hv_timer(struct kvm_lapic *apic)
 static void start_sw_timer(struct kvm_lapic *apic)
 {
 	struct kvm_timer *ktimer = &apic->lapic_timer;
+
+	WARN_ON(preemptible());
 	if (apic->lapic_timer.hv_timer_in_use)
 		cancel_hv_timer(apic);
 	if (!apic_lvtt_period(apic) && atomic_read(&ktimer->pending))
@@ -1552,15 +1554,20 @@ static void start_sw_timer(struct kvm_lapic *apic)
 
 static void restart_apic_timer(struct kvm_lapic *apic)
 {
+	preempt_disable();
 	if (!start_hv_timer(apic))
 		start_sw_timer(apic);
+	preempt_enable();
 }
 
 void kvm_lapic_expired_hv_timer(struct kvm_vcpu *vcpu)
 {
 	struct kvm_lapic *apic = vcpu->arch.apic;
 
-	WARN_ON(!apic->lapic_timer.hv_timer_in_use);
+	preempt_disable();
+	/* If the preempt notifier has already run, it also called apic_timer_expired */
+	if (!apic->lapic_timer.hv_timer_in_use)
+		goto out;
 	WARN_ON(swait_active(&vcpu->wq));
 	cancel_hv_timer(apic);
 	apic_timer_expired(apic);
@@ -1569,6 +1576,8 @@ void kvm_lapic_expired_hv_timer(struct kvm_vcpu *vcpu)
 		advance_periodic_target_expiration(apic);
 		restart_apic_timer(apic);
 	}
+out:
+	preempt_enable();
 }
 EXPORT_SYMBOL_GPL(kvm_lapic_expired_hv_timer);
 
@@ -1582,9 +1591,11 @@ void kvm_lapic_switch_to_sw_timer(struct kvm_vcpu *vcpu)
 {
 	struct kvm_lapic *apic = vcpu->arch.apic;
 
+	preempt_disable();
 	/* Possibly the TSC deadline timer is not enabled yet */
 	if (apic->lapic_timer.hv_timer_in_use)
 		start_sw_timer(apic);
+	preempt_enable();
 }
 EXPORT_SYMBOL_GPL(kvm_lapic_switch_to_sw_timer);
 

Original file line number	Diff line number	Diff line change
`@@ -1495,18 +1495,18 @@ EXPORT_SYMBOL_GPL(kvm_lapic_hv_timer_in_use);`
`1495`	`1495`
`1496`	`1496`	`static void cancel_hv_timer(struct kvm_lapic *apic)`
`1497`	`1497`	`{`
	`1498`	`+ WARN_ON(preemptible());`
`1498`	`1499`	`WARN_ON(!apic->lapic_timer.hv_timer_in_use);`
`1499`		`- preempt_disable();`
`1500`	`1500`	`kvm_x86_ops->cancel_hv_timer(apic->vcpu);`
`1501`	`1501`	`apic->lapic_timer.hv_timer_in_use = false;`
`1502`		`- preempt_enable();`
`1503`	`1502`	`}`
`1504`	`1503`
`1505`	`1504`	`static bool start_hv_timer(struct kvm_lapic *apic)`
`1506`	`1505`	`{`
`1507`	`1506`	`struct kvm_timer *ktimer = &apic->lapic_timer;`
`1508`	`1507`	`int r;`
`1509`	`1508`
	`1509`	`+ WARN_ON(preemptible());`
`1510`	`1510`	`if (!kvm_x86_ops->set_hv_timer)`
`1511`	`1511`	`return false;`
`1512`	`1512`
`@@ -1538,6 +1538,8 @@ static bool start_hv_timer(struct kvm_lapic *apic)`
`1538`	`1538`	`static void start_sw_timer(struct kvm_lapic *apic)`
`1539`	`1539`	`{`
`1540`	`1540`	`struct kvm_timer *ktimer = &apic->lapic_timer;`
	`1541`	`+`
	`1542`	`+ WARN_ON(preemptible());`
`1541`	`1543`	`if (apic->lapic_timer.hv_timer_in_use)`
`1542`	`1544`	`cancel_hv_timer(apic);`
`1543`	`1545`	`if (!apic_lvtt_period(apic) && atomic_read(&ktimer->pending))`
`@@ -1552,15 +1554,20 @@ static void start_sw_timer(struct kvm_lapic *apic)`
`1552`	`1554`
`1553`	`1555`	`static void restart_apic_timer(struct kvm_lapic *apic)`
`1554`	`1556`	`{`
	`1557`	`+ preempt_disable();`
`1555`	`1558`	`if (!start_hv_timer(apic))`
`1556`	`1559`	`start_sw_timer(apic);`
	`1560`	`+ preempt_enable();`
`1557`	`1561`	`}`
`1558`	`1562`
`1559`	`1563`	`void kvm_lapic_expired_hv_timer(struct kvm_vcpu *vcpu)`
`1560`	`1564`	`{`
`1561`	`1565`	`struct kvm_lapic *apic = vcpu->arch.apic;`
`1562`	`1566`
`1563`		`- WARN_ON(!apic->lapic_timer.hv_timer_in_use);`
	`1567`	`+ preempt_disable();`
	`1568`	`+ /* If the preempt notifier has already run, it also called apic_timer_expired */`
	`1569`	`+ if (!apic->lapic_timer.hv_timer_in_use)`
	`1570`	`+ goto out;`
`1564`	`1571`	`WARN_ON(swait_active(&vcpu->wq));`
`1565`	`1572`	`cancel_hv_timer(apic);`
`1566`	`1573`	`apic_timer_expired(apic);`
`@@ -1569,6 +1576,8 @@ void kvm_lapic_expired_hv_timer(struct kvm_vcpu *vcpu)`
`1569`	`1576`	`advance_periodic_target_expiration(apic);`
`1570`	`1577`	`restart_apic_timer(apic);`
`1571`	`1578`	`}`
	`1579`	`+out:`
	`1580`	`+ preempt_enable();`
`1572`	`1581`	`}`
`1573`	`1582`	`EXPORT_SYMBOL_GPL(kvm_lapic_expired_hv_timer);`
`1574`	`1583`
`@@ -1582,9 +1591,11 @@ void kvm_lapic_switch_to_sw_timer(struct kvm_vcpu *vcpu)`
`1582`	`1591`	`{`
`1583`	`1592`	`struct kvm_lapic *apic = vcpu->arch.apic;`
`1584`	`1593`
	`1594`	`+ preempt_disable();`
`1585`	`1595`	`/* Possibly the TSC deadline timer is not enabled yet */`
`1586`	`1596`	`if (apic->lapic_timer.hv_timer_in_use)`
`1587`	`1597`	`start_sw_timer(apic);`
	`1598`	`+ preempt_enable();`
`1588`	`1599`	`}`
`1589`	`1600`	`EXPORT_SYMBOL_GPL(kvm_lapic_switch_to_sw_timer);`
`1590`	`1601`