From patchwork Fri May 26 23:50:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 99727 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp51085vqr; Fri, 26 May 2023 17:51:48 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7fVQOP1c9uvQK+dPyPNDVFrLuI9T7hdh8txg9PdbLV9Q7UChoOs/DaaeqO5D+EDFZhI3Dk X-Received: by 2002:a17:902:ebd2:b0:1a6:8031:59e7 with SMTP id p18-20020a170902ebd200b001a6803159e7mr4739349plg.46.1685148707746; Fri, 26 May 2023 17:51:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685148707; cv=none; d=google.com; s=arc-20160816; b=DnY2VH0LfU6p2TbRwiAJ4eOx2S3ug43FhGCuhje7gEkvQMh8sGs6pHk+lK5BIdR+y4 H79nnYg82ERujWzrDsYnzDK9b2HEuGnwjnqGLytz1ktRlAwaRyANJoI8IS1IZProkSZn cwiyDWh8Evx86RIvL1t1rZAKHq4dks1fPQvPgnnkyh4LgbMqkKP3a7yEnl+AVUGGynw8 MEuz9atKlH9xcaIP8SfAGZ8PvQ1OIoDgj3uAOC9g6+ypNj9CEgVhZGuD0kOSsUOOL+6t uBdOaE1Uyqaz8ZZb65lpMVwysCfQFVC9zcd+rhfXJd17JAq0VJP8vDJr+86aVOXdqYXz 2TEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=Bk1UDmvPC4i4QcCcByGound/sEkJg+oDBKjGWlXb8JU=; b=Pi16joxn3B/R2EUwnXRPzHAcedgLAl+mK0hqQcnMdpTYsRE/2LU1KzXFKqRLPHeibq 5xaWiXgWMFpFdu3FrXApOc7HwSeV6uCPOgZu2tMgWwntC4tADvJV0NG0VFtKLjzmvgXn Wt+J0SgEHWo0ejTSaVrA93mp+PpaS5ePJUHA2bPE5GsA6Wl5y3+Z/WRHwuK4fPVFpow/ qarhHUzfOQYSnUi1qxUKyS3H521dQNC530rZaF/s2aoV9+mla+5rGS2dNjwwUrZHlNVb SqDPkzpTzXpLZVBUbZMTwfqHnmpIUjsPfXk2q91XuJdggZa6CCQP4eL+hBGup0oo9EsY P9Jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="b/S5rioS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m6-20020a170902db8600b001aad8686ebasi4822035pld.251.2023.05.26.17.51.36; Fri, 26 May 2023 17:51:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="b/S5rioS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237792AbjEZXvC (ORCPT + 99 others); Fri, 26 May 2023 19:51:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35488 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237428AbjEZXu7 (ORCPT ); Fri, 26 May 2023 19:50:59 -0400 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B97881A2 for ; Fri, 26 May 2023 16:50:56 -0700 (PDT) Received: by mail-pf1-x449.google.com with SMTP id d2e1a72fcca58-64d1c53cad8so1632233b3a.3 for ; Fri, 26 May 2023 16:50:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1685145056; x=1687737056; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Bk1UDmvPC4i4QcCcByGound/sEkJg+oDBKjGWlXb8JU=; b=b/S5rioSyiILJQs6UKnM3duZoCNlAbzAiw9wfNE+A0VSgXSpbWDc9bAXYZ0cLdL+DZ 2uEnOSwSL/9N6VTbCO+GDRzecVuGUcIp1MW7e/WVy3U+6EXro8ItKlYOl2uhHuvWrsOg p6JSZ3CtSyfneC1g5UW5/tU7cDnIK/CmNCczY+MlhjqwAH6wBmtxSHcNTRF6h6B+41uc vMBYdeJ0HzcoKczzVjIvuHERnJDS2dopnEyzqp2e/YZ8edaTDKqz8JbytR4XMFerZFBE FJlWWkSzYrPKODDIxJfZfd0LKpiUyKP6bhpDYzO3DCZ0YLH9zhVCqo48cSABG2v9SAmc ChFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685145056; x=1687737056; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Bk1UDmvPC4i4QcCcByGound/sEkJg+oDBKjGWlXb8JU=; b=V6LAO0JQc0fRbQPaBNwCgJokCElvPqoendw7dgtxTXPJqOwGN7zJeoEskd7pS4drUd 0wBMEOn8HZfO/WydJz94o7Mhkj0FoWcptKZ3m+cr7CZERsdfBQiqSJFaSq9KT1SYzor1 HeKjogjv1hZG2iXqbIfUzeTCeKr7h8WGB1CpAxGyxR+eff6Ts+Cw6O9MRp8fcjUGDani 5IJCJ/6yHnhxBP/r5etvD9uzelaRKu6qPYDO7lKdfRRFSyoCdYRq54YyYnmlnKniAWJK kaJ54v8nNPiV03sC3W/rlU00Hjs8wq45kItlnTH8arGqEGyeEvI5WvJJMCj5n1qFQyDF 7j/A== X-Gm-Message-State: AC+VfDxyCftgLhJwuMntY2yArxkZ+jAITlgCMj+WnviQftA9VG3BeGRy 7C8ERuZa2oq6lo+RSRU77+x3m+Y1h44= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:1797:b0:64f:c0b1:6967 with SMTP id s23-20020a056a00179700b0064fc0b16967mr4749pfg.1.1685145056321; Fri, 26 May 2023 16:50:56 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 26 May 2023 16:50:48 -0700 In-Reply-To: <20230526235048.2842761-1-seanjc@google.com> Mime-Version: 1.0 References: <20230526235048.2842761-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.rc0.172.g3f132b7071-goog Message-ID: <20230526235048.2842761-4-seanjc@google.com> Subject: [PATCH v2 3/3] KVM: selftests: Add test for race in kvm_recalculate_apic_map() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michal Luczaj X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767006491043862639?= X-GMAIL-MSGID: =?utf-8?q?1767006491043862639?= From: Michal Luczaj Keep switching between LAPIC_MODE_X2APIC and LAPIC_MODE_DISABLED during APIC map construction to hunt for TOCTOU bugs in KVM. KVM's optimized map recalc makes multiple passes over the list of vCPUs, and the calculations ignore vCPU's whose APIC is hardware-disabled, i.e. there's a window where toggling LAPIC_MODE_DISABLED is quite interesting. Signed-off-by: Michal Luczaj Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/Makefile | 1 + .../kvm/x86_64/recalc_apic_map_race.c | 76 +++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86_64/recalc_apic_map_race.c diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 7a5ff646e7e7..c9b8f16fb23f 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -116,6 +116,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/sev_migrate_tests TEST_GEN_PROGS_x86_64 += x86_64/amx_test TEST_GEN_PROGS_x86_64 += x86_64/max_vcpuid_cap_test TEST_GEN_PROGS_x86_64 += x86_64/triple_fault_event_test +TEST_GEN_PROGS_x86_64 += x86_64/recalc_apic_map_race TEST_GEN_PROGS_x86_64 += access_tracking_perf_test TEST_GEN_PROGS_x86_64 += demand_paging_test TEST_GEN_PROGS_x86_64 += dirty_log_test diff --git a/tools/testing/selftests/kvm/x86_64/recalc_apic_map_race.c b/tools/testing/selftests/kvm/x86_64/recalc_apic_map_race.c new file mode 100644 index 000000000000..09516548c11a --- /dev/null +++ b/tools/testing/selftests/kvm/x86_64/recalc_apic_map_race.c @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * recalc_apic_map_race + * + * Test for a race condition in kvm_recalculate_apic_map(). + */ + +#include +#include +#include + +#include "processor.h" +#include "test_util.h" +#include "kvm_util.h" +#include "apic.h" + +#define TIMEOUT 5 /* seconds */ + +#define LAPIC_DISABLED 0 +#define LAPIC_X2APIC (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE) +#define MAX_XAPIC_ID 0xff + +static void *race(void *arg) +{ + struct kvm_lapic_state lapic = {}; + struct kvm_vcpu *vcpu = arg; + + while (1) { + /* Trigger kvm_recalculate_apic_map(). */ + vcpu_ioctl(vcpu, KVM_SET_LAPIC, &lapic); + pthread_testcancel(); + } + + return NULL; +} + +int main(void) +{ + struct kvm_vcpu *vcpus[KVM_MAX_VCPUS]; + struct kvm_vcpu *vcpuN; + struct kvm_vm *vm; + pthread_t thread; + time_t t; + int i; + + kvm_static_assert(KVM_MAX_VCPUS > MAX_XAPIC_ID); + + /* + * Creating the max number of vCPUs supported by selftests so that KVM + * has decent amount of work to do when recalculating the map, i.e. to + * make the problematic window large enough to hit. + */ + vm = vm_create_with_vcpus(KVM_MAX_VCPUS, NULL, vcpus); + + /* + * Enable x2APIC on all vCPUs so that KVM doesn't bail from the recalc + * due to vCPUs having aliased xAPIC IDs (truncated to 8 bits). + */ + for (i = 0; i < KVM_MAX_VCPUS; i++) + vcpu_set_msr(vcpus[i], MSR_IA32_APICBASE, LAPIC_X2APIC); + + ASSERT_EQ(pthread_create(&thread, NULL, race, vcpus[0]), 0); + + vcpuN = vcpus[KVM_MAX_VCPUS - 1]; + for (t = time(NULL) + TIMEOUT; time(NULL) < t;) { + vcpu_set_msr(vcpuN, MSR_IA32_APICBASE, LAPIC_X2APIC); + vcpu_set_msr(vcpuN, MSR_IA32_APICBASE, LAPIC_DISABLED); + } + + ASSERT_EQ(pthread_cancel(thread), 0); + ASSERT_EQ(pthread_join(thread, NULL), 0); + + kvm_vm_release(vm); + + return 0; +}