kvm: WARNING In kvm_apic_accept_events

[Dmitry Vyukov]

Hello,

The following program triggers WARNING in kvm_apic_accept_events:
https://gist.githubusercontent.com/dvyukov/95b845a2e637485568ea1ef181a72370/raw/d90717dd67128b21715c5e794568a1600f613d97/gistfile1.txt

On commit 015ed9433be2b476ec7e2e6a9a411a56e3b5b035 (Nov 11).


------------[ cut here ]------------
WARNING: CPU: 1 PID: 23523 at arch/x86/kvm/lapic.c:2330
kvm_apic_accept_events+0x3f6/0x460
Modules linked in:[ 55.632648] CPU: 1 PID: 2812 Comm: a.out Not
tainted 4.9.0-rc4+ #41
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
ffff88006be77978 ffffffff81c2f79b 0000000000000000 0000000000000000
ffffffff8322d6a0 ffffffff81127426 ffff88006be779c0 ffffffff8123ffef
ffffffff811acc46 ffffffff0000091a ffffffff8322d6a0 000000000000091a
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff81c2f79b>] dump_stack+0xb3/0x118 lib/dump_stack.c:51
[<ffffffff8123ffef>] __warn+0x19f/0x1e0 kernel/panic.c:550
[<ffffffff812401fc>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff81127426>] kvm_apic_accept_events+0x3f6/0x460
arch/x86/kvm/lapic.c:2330
[< inline >] vcpu_block arch/x86/kvm/x86.c:6793
[< inline >] vcpu_run arch/x86/kvm/x86.c:6828
[<ffffffff810b8f20>] kvm_arch_vcpu_ioctl_run+0x1580/0x5a90
arch/x86/kvm/x86.c:6984
[<ffffffff8106091e>] kvm_vcpu_ioctl+0x61e/0xdd0
arch/x86/kvm/../../../virt/kvm/kvm_main.c:2557
[< inline >] vfs_ioctl fs/ioctl.c:43
[<ffffffff816b16fc>] do_vfs_ioctl+0x18c/0x1040 fs/ioctl.c:679
[< inline >] SYSC_ioctl fs/ioctl.c:694
[<ffffffff816b263f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
[<ffffffff831ebd01>] entry_SYSCALL_64_fastpath+0x1f/0xc2
arch/x86/entry/entry_64.S:209
---[ end trace b2415ddd1b26dce6 ]---

[Dmitry Vyukov]

ping

[David Hildenbrand]

Our VCPU is in SMM mode but is switched into KVM_MP_STATE_INIT_RECEIVED.

The relevant warning is (arch/x86/kvm/lapic.c:kvm_apic_accept_events())

if (is_smm(vcpu)) {
WARN_ON_ONCE(vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED);
....

Something like that might help (untested):


From: David Hildenbrand <da...@redhat.com>
Date: Mon, 23 Jan 2017 16:42:23 +0100
Subject: [PATCH] KVM: x86: fix illegal MP_STATE when in/entering SMM

If we already entered/are about to enter SMM, don't allow
switching to INIT/SIPI_RECEIVED, otherwise the next call to
kvm_apic_accept_events() will report a warning.

Fixes: cd7764fe9f73 ("KVM: x86: latch INITs while in system management mode")
Reported-by: Dmitry Vyukov <dvy...@google.com>
Signed-off-by: David Hildenbrand <da...@redhat.com>
---
arch/x86/kvm/x86.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 57d8a85..06ffc91 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7247,6 +7247,12 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
mp_state->mp_state != KVM_MP_STATE_RUNNABLE)
return -EINVAL;

+ /* INITs are latched while in SMM */
+ if ((is_smm(vcpu) || vcpu->arch.smi_pending) &&
+ (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED ||
+ mp_state->mp_state == KVM_MP_STATE_INIT_RECEIVED))
+ return -EINVAL;
+
if (mp_state->mp_state == KVM_MP_STATE_SIPI_RECEIVED) {
vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
set_bit(KVM_APIC_SIPI, &vcpu->arch.apic->pending_events);
--
2.9.3



--

David

[Paolo Bonzini]

Looks good, thanks for analyzing it. I'll try making a minimal testcase...

Paolo

[Dmitry Vyukov]

Any progress with this? Should we commit this as is?

[David Hildenbrand]

Paolo, should I resend as a proper notcopieddiff mail?

--
Thanks,

David

[Paolo Bonzini]

On 15/02/2017 10:26, David Hildenbrand wrote:
>>
>> Any progress with this? Should we commit this as is?
>>
> Paolo, should I resend as a proper notcopieddiff mail?

Yes, please do (CCing sta...@vger.kernel.org too).

Paolo

[Dmitry Vyukov]

Has this reached any tree? I don't see this in kvm/master.

[David Hildenbrand]

Whops, seems like I missed Paolo's mail. Will send out the patch in a
minute.

--

Thanks,

David