lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Dec 2021 16:15:06 +0800
From:   Chao Gao <chao.gao@...el.com>
To:     kvm@...r.kernel.org, pbonzini@...hat.com, kevin.tian@...el.com,
        tglx@...utronix.de
Cc:     Chao Gao <chao.gao@...el.com>, Albert Ou <aou@...s.berkeley.edu>,
        Aleksandar Markovic <aleksandar.qemu.devel@...il.com>,
        Alexander Gordeev <agordeev@...ux.ibm.com>,
        Alexandru Elisei <alexandru.elisei@....com>,
        Anup Patel <anup.patel@....com>,
        Atish Patra <atish.patra@....com>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Bharata B Rao <bharata@...ux.ibm.com>,
        Borislav Petkov <bp@...en8.de>,
        Catalin Marinas <catalin.marinas@....com>,
        Cédric Le Goater <clg@...d.org>,
        Christian Borntraeger <borntraeger@...ux.ibm.com>,
        Claudio Imbrenda <imbrenda@...ux.ibm.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        David Hildenbrand <david@...hat.com>,
        Fabiano Rosas <farosas@...ux.ibm.com>,
        Guo Ren <guoren@...ux.alibaba.com>,
        Heiko Carstens <hca@...ux.ibm.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Huacai Chen <chenhuacai@...nel.org>,
        Ingo Molnar <mingo@...hat.com>,
        James Morse <james.morse@....com>,
        Janosch Frank <frankja@...ux.ibm.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>,
        John Garry <john.garry@...wei.com>,
        kvmarm@...ts.cs.columbia.edu, kvm-riscv@...ts.infradead.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-mips@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
        linux-riscv@...ts.infradead.org, linux-s390@...r.kernel.org,
        "Maciej S. Szmigiero" <maciej.szmigiero@...cle.com>,
        Marc Zyngier <maz@...nel.org>,
        Mel Gorman <mgorman@...hsingularity.net>,
        Michael Ellerman <mpe@...erman.id.au>,
        Nicholas Piggin <npiggin@...il.com>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Palmer Dabbelt <palmer@...belt.com>,
        Paul Mackerras <paulus@...ba.org>,
        Paul Walmsley <paul.walmsley@...ive.com>,
        Ravi Bangoria <ravi.bangoria@...ux.ibm.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Shaokun Zhang <zhangshaokun@...ilicon.com>,
        Sumanth Korikkar <sumanthk@...ux.ibm.com>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        Thomas Richter <tmricht@...ux.ibm.com>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Will Deacon <will@...nel.org>, x86@...nel.org
Subject: [PATCH 0/6] Improve KVM's interaction with CPU hotplug

KVM registers its CPU hotplug callback to CPU starting section. And in the
callback, KVM enables hardware virtualization on hotplugged CPUs if any VM
is running on existing CPUs.

There are two problems in the process:
1. KVM doesn't do compatibility checks before enabling hardware
virtualization on hotplugged CPUs. This may cause #GP if VMX isn't
supported or vmentry failure if some in-use VMX features are missing on
hotplugged CPUs. Both break running VMs.
2. Callbacks in CPU STARTING section cannot fail. So, even if KVM finds
some incompatible CPUs, its callback cannot block CPU hotplug.

This series improves KVM's interaction with CPU hotplug to avoid
incompatible CPUs breaking running VMs. Following changes are made:

1. move KVM's CPU hotplug callback to ONLINE section (suggested by Thomas)
2. do compatibility checks on hotplugged CPUs.
3. abort onlining incompatible CPUs if there is a running VM.

This series is a follow-up to the discussion about KVM and CPU hotplug
https://lore.kernel.org/lkml/3d3296f0-9245-40f9-1b5a-efffdb082de9@redhat.com/T/

Note: this series is tested only on Intel systems.

Chao Gao (6):
  KVM: x86: Move check_processor_compatibility from init ops to runtime
    ops
  KVM: x86: Use kvm_x86_ops in kvm_arch_check_processor_compat
  KVM: Remove opaque from kvm_arch_check_processor_compat
  KVM: Rename and move CPUHP_AP_KVM_STARTING to ONLINE section
  KVM: x86: Remove WARN_ON in kvm_arch_check_processor_compat
  KVM: Do compatibility checks on hotplugged CPUs

 arch/arm64/kvm/arm.c            |  2 +-
 arch/mips/kvm/mips.c            |  2 +-
 arch/powerpc/kvm/powerpc.c      |  2 +-
 arch/riscv/kvm/main.c           |  2 +-
 arch/s390/kvm/kvm-s390.c        |  2 +-
 arch/x86/include/asm/kvm_host.h |  2 +-
 arch/x86/kvm/svm/svm.c          |  4 +-
 arch/x86/kvm/vmx/evmcs.c        |  2 +-
 arch/x86/kvm/vmx/evmcs.h        |  2 +-
 arch/x86/kvm/vmx/vmx.c          | 12 +++---
 arch/x86/kvm/x86.c              |  7 +---
 include/linux/cpuhotplug.h      |  2 +-
 include/linux/kvm_host.h        |  2 +-
 virt/kvm/kvm_main.c             | 74 ++++++++++++++++++++++++---------
 14 files changed, 74 insertions(+), 43 deletions(-)

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ