• Michal Luczaj's avatar
    KVM: Initialize gfn_to_pfn_cache locks in dedicated helper · 52491a38
    Michal Luczaj authored
    Move the gfn_to_pfn_cache lock initialization to another helper and
    call the new helper during VM/vCPU creation.  There are race
    conditions possible due to kvm_gfn_to_pfn_cache_init()'s
    ability to re-initialize the cache's locks.
    
    For example: a race between ioctl(KVM_XEN_HVM_EVTCHN_SEND) and
    kvm_gfn_to_pfn_cache_init() leads to a corrupted shinfo gpc lock.
    
                    (thread 1)                |           (thread 2)
                                              |
     kvm_xen_set_evtchn_fast                  |
      read_lock_irqsave(&gpc->lock, ...)      |
                                              | kvm_gfn_to_pfn_cache_init
                                              |  rwlock_init(&gpc->lock)
      read_unlock_irqrestore(&gpc->lock, ...) |
    
    Rename "cache_init" and "cache_destroy" to activate+deactivate to
    avoid implying that the cache really is destroyed/freed.
    
    Note, there more races in the newly named kvm_gpc_activate() that will
    be addressed separately.
    
    Fixes: 982ed0de ("KVM: Reinstate gfn_to_pfn_cache with invalidation support")
    Cc: stable@vger.kernel.org
    Suggested-by: default avatarSean Christopherson <seanjc@google.com>
    Signed-off-by: default avatarMichal Luczaj <mhal@rbox.co>
    [sean: call out that this is a bug fix]
    Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
    Message-Id: <20221013211234.1318131-2-seanjc@google.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    52491a38
xen.c 49.6 KB