| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <86v7qkh1vn.wl-maz@kernel.org>
Date: Thu, 01 May 2025 14:55:08 +0100
From: Marc Zyngier <maz@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Maxim Levitsky <mlevitsk@...hat.com>,
kvm@...r.kernel.org,
linux-riscv@...ts.infradead.org,
Kunkun Jiang <jiangkunkun@...wei.com>,
Waiman Long <longman@...hat.com>,
linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
Catalin Marinas <catalin.marinas@....com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Boqun Feng <boqun.feng@...il.com>,
Borislav Petkov <bp@...en8.de>,
Albert Ou <aou@...s.berkeley.edu>,
Anup Patel <anup@...infault.org>,
Paul Walmsley <paul.walmsley@...ive.com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Palmer Dabbelt <palmer@...belt.com>,
Alexandre Ghiti <alex@...ti.fr>,
Alexander Potapenko <glider@...gle.com>,
Oliver Upton <oliver.upton@...ux.dev>,
Andre Przywara <andre.przywara@....com>,
x86@...nel.org,
Joey Gouly <joey.gouly@....com>,
Thomas Gleixner <tglx@...utronix.de>,
kvm-riscv@...ts.infradead.org,
Atish Patra <atishp@...shpatra.org>,
Ingo Molnar <mingo@...hat.com>,
Jing Zhang <jingzhangos@...gle.com>,
"H. Peter Anvin" <hpa@...or.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
kvmarm@...ts.linux.dev,
Will Deacon <will@...nel.org>,
Keisuke Nishimura <keisuke.nishimura@...ia.fr>,
Sebastian Ott <sebott@...hat.com>,
Shusen Li <lishusen2@...wei.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Randy Dunlap <rdunlap@...radead.org>,
Sean Christopherson <seanjc@...gle.com>,
Zenghui Yu <yuzenghui@...wei.com>
Subject: Re: [PATCH v4 2/5] arm64: KVM: use mutex_trylock_nest_lock when locking all vCPUs
On Thu, 01 May 2025 14:41:26 +0100,
Peter Zijlstra <peterz@...radead.org> wrote:
>
> On Thu, May 01, 2025 at 01:44:28PM +0100, Marc Zyngier wrote:
> > On Thu, 01 May 2025 12:15:52 +0100,
> > Peter Zijlstra <peterz@...radead.org> wrote:
> > >
> > > > > + */
> > > > > +int kvm_trylock_all_vcpus(struct kvm *kvm)
> > > > > +{
> > > > > + struct kvm_vcpu *vcpu;
> > > > > + unsigned long i, j;
> > > > > +
> > > > > + kvm_for_each_vcpu(i, vcpu, kvm)
> > > > > + if (!mutex_trylock_nest_lock(&vcpu->mutex, &kvm->lock))
> > >
> > > This one includes an assertion that kvm->lock is actually held.
> >
> > Ah, cunning. Thanks.
> >
> > > That said, I'm not at all sure what the purpose of all this trylock
> > > stuff is here.
> > >
> > > Can someone explain? Last time I asked someone said something about
> > > multiple VMs, but I don't know enough about kvm to know what that means.
> >
> > Multiple VMs? That'd be real fun. Not.
> >
> > > Are those vcpu->mutex another class for other VMs? Or what gives?
> >
> > Nah. This is firmly single VM.
> >
> > The purpose of this contraption is that there are some rare cases
> > where we need to make sure that if we update some global state, all
> > the vcpus of a VM need to see, or none of them.
> >
> > For these cases, the guarantee comes from luserspace, and it gives the
> > pinky promise that none of the vcpus are running at that point. But
> > being of a suspicious nature, we assert that this is true by trying to
> > take all the vcpu mutexes in one go. This will fail if a vcpu is
> > running, as KVM itself takes the vcpu mutex before doing anything.
> >
> > Similar requirement exists if we need to synthesise some state for
> > userspace from all the individual vcpu states.
>
> Ah, okay. Because x86 is simply doing mutex_lock() instead of
> mutex_trylock() -- which would end up waiting for this activity to
> subside I suppose.
>
> Hence the use of the killable variant I suppose, for when they get tired
> of waiting.
Yeah, I remember some debate around that when this refactoring was
first posted. I quickly paged it out.
> If all the architectures are basically doing the same thing, it might
> make sense to unify this particular behaviour. But what do I know.
I don't know either. The trylock behaviour has been there since day-1
on the arm side, and changing it would have userspace visible effects.
So I'm pretty keen on preserving it, warts and all. The last thing I
need is a VMM person hitting my inbox on the grounds that their toy is
broken.
On the other hand, we're talking about virtualisation, so everything
is more or less broken by design...
M.
--
Without deviation from the norm, progress is not possible.
Powered by blists - more mailing lists