| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZEcglWoeGS3pc5kK@google.com>
Date: Mon, 24 Apr 2023 17:36:37 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: David Matlack <dmatlack@...gle.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org,
Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>,
Ben Gardon <bgardon@...gle.com>
Subject: Re: [PATCH v2] KVM: x86: Preserve TDP MMU roots until they are
explicitly invalidated
On Mon, Apr 24, 2023, David Matlack wrote:
> It'd be nice to keep around the lockdep assertion though for the other (and
> future) callers. The cleanest options I can think of are:
>
> 1. Pass in a bool "vm_teardown" kvm_tdp_mmu_invalidate_all_roots() and
> use that to gate the lockdep assertion.
> 2. Take the mmu_lock for read in kvm_mmu_uninit_tdp_mmu() and pass
> down bool shared to kvm_tdp_mmu_invalidate_all_roots().
>
> Both would satisfy your concern of not blocking teardown on the async
> worker and my concern of keeping the lockdep check. I think I prefer
> (1) since, as you point out, taking the mmu_lock at all is
> unnecessary.
Hmm, another option:
3. Refactor the code so that kvm_arch_init_vm() doesn't call
kvm_tdp_mmu_invalidate_all_roots() when VM creation fails, and then lockdep
can ignore on users_count==0 without hitting the false positive.
I like (2) the least. Not sure I prefer (1) versus (3). I dislike passing bools
just to ignore lockdep, but reworking code for a "never hit in practice" edge case
is arguably worse :-/
Powered by blists - more mailing lists