From patchwork Fri Jun 2 23:32:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 102721 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1372870vqr; Fri, 2 Jun 2023 16:59:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4111oMud1+eiMiLix+SW2gGRICocA7ShUWFOyzwnR/lrs6Er5CxUAt/Lwv5KhuMXv58Eyt X-Received: by 2002:a05:6358:e497:b0:123:1637:45d1 with SMTP id by23-20020a056358e49700b00123163745d1mr12439538rwb.14.1685750384116; Fri, 02 Jun 2023 16:59:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685750384; cv=none; d=google.com; s=arc-20160816; b=ghWPrvBjrQYl352q4SumA2rS+QADsMAeH18cMkRYCoBEhzDnKGP6i6As16JRlm0+Tj Vmhk4wo8UETQ0NyLRpG8Klf12fJILZzGEeZwEm9etMKapMqAJDDt9e8obVNeWFIKIto7 jZ1fSVhI77B4sABXBiZFmVwbcBrkruDT9nCkQitDotP4Ok0+sVWQnj2j7OqHh+o7NTN6 fzN493LiBcStuRlTVKJFvdSp1c5IfDSbY6JV8yHyPVRr0G7UDo/yiYPkjkYKMj7swXHq ltDjv3pHJYzYfGaFAssnNUaqaSvyeJQpZxs4jZ8XQvPjtaFw9m2SUVEe8QH39hiokvJ2 KkIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=j6nYf/jOBntGS2igA5vSyIxcer0Y2dnZYEhcRt0bNGM=; b=a68cFReFLnr3My07SU0lLhdHTDZjr0ezR5zhbsgLd0M6y+ZmmlCAjCLFovjI4jnw9x kNbqSQgyDUO6klfZZF5Kbwot9SPUy4aG+1yOqblfJ4kuQk9m+2jJKoS0E0nA/yxqiZwo QwYps6h9Ykt6q2X9VLQMQ2RU4OyBnpGrjrR925HrMDW32owSTbXtGHLl2h6KmbAB63wx PGNuiqY65Xzhe1TRZ5D4tCLiSQEedI0TSbXpFgWdshyyj0c1/mO0h0I866bcFZSBJ1dc KHHvWRJMlkBkh9e26AgJohXv4+b7whcSXEWXZf5wMjgeynXECurkeHwsDJRhHS2NRk44 1lIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Wi3H0k9B; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w66-20020a623045000000b0063f032d78efsi1454223pfw.269.2023.06.02.16.59.32; Fri, 02 Jun 2023 16:59:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Wi3H0k9B; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236889AbjFBXdP (ORCPT + 99 others); Fri, 2 Jun 2023 19:33:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49724 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236871AbjFBXdJ (ORCPT ); Fri, 2 Jun 2023 19:33:09 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 81025E43 for ; Fri, 2 Jun 2023 16:33:08 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id 41be03b00d2f7-5343c1d114cso2557611a12.0 for ; Fri, 02 Jun 2023 16:33:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1685748788; x=1688340788; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=j6nYf/jOBntGS2igA5vSyIxcer0Y2dnZYEhcRt0bNGM=; b=Wi3H0k9BpFJWJAoAjhZGH+/ORYMPc9rbgUFp0V7StYibnfR5Xj/2eL6uRo+vy2ORjC t7IhWOLboZOtaFGAZUE5ovIvkiLsDV+67SAoJ01MJRK09U02fJoLAa4AUpOGsfC1kS7P +hjP1kmcc8hDU9rMT9LiNwBTg5BYbmCeWKvHScZv9HRM/kblDg9yNpxucaTAI3D5S7nI jQFbapqcnP3k3m32lzqRcCZH4s+IoewCx1fJp3P83YZ2/GpgKpGBLg6fcwxRiNZHIxPk 9nAJ5vbHtv8f6sqcuBQySNHOow5IdMVwxGuFB065jqUKW3dyVjnL9DouUtA0ENGMulPM nIDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685748788; x=1688340788; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=j6nYf/jOBntGS2igA5vSyIxcer0Y2dnZYEhcRt0bNGM=; b=OTDlYrlLmEmbYHUUpY6Idu59r0Bd/ko7S+r+rGWUPnj54TgR5GN8Uqig93EY0Aylbp PcUMXVUI6U+29wIcq27JI81JtXLi5WV2QDBcIGIusIp9t8wrJI8/AEpDKtzwJHeK+zuX kKkwTLE8lyMNIqdVEptcT1qE7SAcB8568y5qdY/ATJwRo0m3nepsUjGnbgFG7vWAOXH9 y6AKHF03neVgdApFZNl/dU40OVgUyd/i24Anf9W/LXlTqtueES0Op5LcwpcFZm0Sw5cw NaYwNKB1vZ4WNfFvrrwboBN+jzQk4qoSCj5fAh0ojUQ6XndXSBKxIWt6rJ0XY5oUEzDH lSvg== X-Gm-Message-State: AC+VfDyT9/rnVNu11ljd+5rMsj886QtOahF9YqHCnn+rttegiYlTHYfK hGUENARuiRg0TFK4FvXW2KvZwqLse3o= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a65:4284:0:b0:542:96b5:b5e4 with SMTP id j4-20020a654284000000b0054296b5b5e4mr648446pgp.11.1685748787993; Fri, 02 Jun 2023 16:33:07 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 2 Jun 2023 16:32:50 -0700 In-Reply-To: <20230602233250.1014316-1-seanjc@google.com> Mime-Version: 1.0 References: <20230602233250.1014316-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.rc2.161.g9c6817b8e7-goog Message-ID: <20230602233250.1014316-4-seanjc@google.com> Subject: [PATCH v3 3/3] KVM: selftests: Add test for race in kvm_recalculate_apic_map() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michal Luczaj X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767637394583780513?= X-GMAIL-MSGID: =?utf-8?q?1767637394583780513?= From: Michal Luczaj Keep switching between LAPIC_MODE_X2APIC and LAPIC_MODE_DISABLED during APIC map construction to hunt for TOCTOU bugs in KVM. KVM's optimized map recalc makes multiple passes over the list of vCPUs, and the calculations ignore vCPU's whose APIC is hardware-disabled, i.e. there's a window where toggling LAPIC_MODE_DISABLED is quite interesting. Signed-off-by: Michal Luczaj Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/Makefile | 1 + .../kvm/x86_64/recalc_apic_map_test.c | 74 +++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86_64/recalc_apic_map_test.c diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 7a5ff646e7e7..4761b768b773 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -116,6 +116,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/sev_migrate_tests TEST_GEN_PROGS_x86_64 += x86_64/amx_test TEST_GEN_PROGS_x86_64 += x86_64/max_vcpuid_cap_test TEST_GEN_PROGS_x86_64 += x86_64/triple_fault_event_test +TEST_GEN_PROGS_x86_64 += x86_64/recalc_apic_map_test TEST_GEN_PROGS_x86_64 += access_tracking_perf_test TEST_GEN_PROGS_x86_64 += demand_paging_test TEST_GEN_PROGS_x86_64 += dirty_log_test diff --git a/tools/testing/selftests/kvm/x86_64/recalc_apic_map_test.c b/tools/testing/selftests/kvm/x86_64/recalc_apic_map_test.c new file mode 100644 index 000000000000..4c416ebe7d66 --- /dev/null +++ b/tools/testing/selftests/kvm/x86_64/recalc_apic_map_test.c @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Test edge cases and race conditions in kvm_recalculate_apic_map(). + */ + +#include +#include +#include + +#include "processor.h" +#include "test_util.h" +#include "kvm_util.h" +#include "apic.h" + +#define TIMEOUT 5 /* seconds */ + +#define LAPIC_DISABLED 0 +#define LAPIC_X2APIC (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE) +#define MAX_XAPIC_ID 0xff + +static void *race(void *arg) +{ + struct kvm_lapic_state lapic = {}; + struct kvm_vcpu *vcpu = arg; + + while (1) { + /* Trigger kvm_recalculate_apic_map(). */ + vcpu_ioctl(vcpu, KVM_SET_LAPIC, &lapic); + pthread_testcancel(); + } + + return NULL; +} + +int main(void) +{ + struct kvm_vcpu *vcpus[KVM_MAX_VCPUS]; + struct kvm_vcpu *vcpuN; + struct kvm_vm *vm; + pthread_t thread; + time_t t; + int i; + + kvm_static_assert(KVM_MAX_VCPUS > MAX_XAPIC_ID); + + /* + * Create the max number of vCPUs supported by selftests so that KVM + * has decent amount of work to do when recalculating the map, i.e. to + * make the problematic window large enough to hit. + */ + vm = vm_create_with_vcpus(KVM_MAX_VCPUS, NULL, vcpus); + + /* + * Enable x2APIC on all vCPUs so that KVM doesn't bail from the recalc + * due to vCPUs having aliased xAPIC IDs (truncated to 8 bits). + */ + for (i = 0; i < KVM_MAX_VCPUS; i++) + vcpu_set_msr(vcpus[i], MSR_IA32_APICBASE, LAPIC_X2APIC); + + ASSERT_EQ(pthread_create(&thread, NULL, race, vcpus[0]), 0); + + vcpuN = vcpus[KVM_MAX_VCPUS - 1]; + for (t = time(NULL) + TIMEOUT; time(NULL) < t;) { + vcpu_set_msr(vcpuN, MSR_IA32_APICBASE, LAPIC_X2APIC); + vcpu_set_msr(vcpuN, MSR_IA32_APICBASE, LAPIC_DISABLED); + } + + ASSERT_EQ(pthread_cancel(thread), 0); + ASSERT_EQ(pthread_join(thread, NULL), 0); + + kvm_vm_free(vm); + + return 0; +}