From nobody Fri Jun 19 18:35:26 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4C9230FC1E for ; Thu, 23 Apr 2026 14:08:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953321; cv=none; b=hpBDc6tZbf9suLs3GkGkXSl0QMNcLHlwXEibTckX6iOebnvDgmSdUMhfW3Rq8I5oyaFAvf2Oc5bnP8b8xew8CBJ7SthBZ9VWYWS48h/Rm8650a58yt5pk3puBb0OzmZPc5CJZynlgrV+/Te9uo72VhhZrr8CfTR8kIPTBPrwfhg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953321; c=relaxed/simple; bh=65TgkQMg08z9v98/QTGjXbbOnmeQBFmy04CCI+ysCzk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=r2tDAc3aRIi0uHs5bPqTMW4DpFWSETunws+jFsfjGvWCjtGzFbKLgc10ReOOTBpf705TuYxr1R4+VopgGhLPnYB2oVHdTN4uR8oXMclhb5jFCqkJObJJLZrRaf2/Ehz13SQH1qPy9j6lhXA4lIiozG+zLwvqQRQo8iRwL6oDcR8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Oz3IgbMx; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Oz3IgbMx" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-bce224720d8so3897452a12.1 for ; Thu, 23 Apr 2026 07:08:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1776953319; x=1777558119; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=UfIb6NzFIHZCd+Kbl1hnaEGGr8JTvNw7w7yttxL+M6I=; b=Oz3IgbMxPkbbExU48TIM1lg6tVEXLVS+FdQfqrixe4n0FfWGql2wfIH+c71OgwD7A2 tXpGuY/J51TmNhRcL+ZMDE2St+yFfcxBCWgfcSvM/5Z0j3wGWDtpoSnL9MJFZDa1Hj95 IPxAG5mJFBFG8dHMCOut4PYUa/GwHe+f17TMnV20W5//EuQupAHPrxdMAd7x0Sx9xROo yTzUqZetoPTGUyi+iZqIprZ7DLFnzq6C3bFuEWiPXK82yWmO9MEiDFUBOELn0pOJzVzZ Fq3K4i4aG/mElOh4gZWw6BVZHnGozA5UPYHvJx4a/FTLoCn30ZaaxSA7YESWc4uRS36b vI3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776953319; x=1777558119; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UfIb6NzFIHZCd+Kbl1hnaEGGr8JTvNw7w7yttxL+M6I=; b=LRx8JiN4LEs3qhU7Q2iKht6oRy0S6cXdDUBshCL6h746Z75uRdiYl8toh+P73guWCO SsukqWBeW63KwslKXCuWREWU3cnhoh/oTFoVLFT/TKwhrU+oavc+7hI0SW7/7YT52zoL IEZ9/YQpcfmTkENudtL3Xe1cjX+8RMckY9Xoe687KfZoDft1GAKeLvBWLx3YQrZYopCE VOgjcoSReBaPk6sLyGpiuEsGY2t+/0vDnKAN7Lv/pqZjDRA2lQkE2xSMVDvQp7t1vb3q X98Pct73WZodIdA73WsoKJFRGHJxooUbM5lvlq+y1tYcHTwXDaSeKIzFRl17v/10OzW2 r7Pg== X-Forwarded-Encrypted: i=1; AFNElJ8LYD81HnpaGVQqWPxtIsvvjk/cc76fB0EABTTyUMVT8CYiyAr7c3XicsngsAgEvuG7rE7xechjBT4Yfww=@vger.kernel.org X-Gm-Message-State: AOJu0YxLr15+D3awVsIWfPNqL9pssbEwg+wMN+bsUzCvUyfnEU+HRBUs LD9kuPDVP04NWj/cPdgCsm3LFaEajaw6deusIMdnlIAn2w+xzGAiwV5d8HQh7T6DfBxPSWNspO9 5lr0F/w== X-Received: from pgbfq24.prod.google.com ([2002:a05:6a02:2998:b0:c79:3224:837d]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:a110:b0:398:6bb5:54c4 with SMTP id adf61e73a8af0-3a08d67e3c8mr31388062637.5.1776953319082; Thu, 23 Apr 2026 07:08:39 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 23 Apr 2026 07:08:29 -0700 In-Reply-To: <20260423140833.439512-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260423140833.439512-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260423140833.439512-2-seanjc@google.com> Subject: [PATCH 1/5] KVM: x86/hyperv: Get target FIFO in hv_tlb_flush_enqueue(), not caller From: Sean Christopherson To: Vitaly Kuznetsov , Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When handling Hyper-V PV TLB flushes, retrieve the to-be-used FIFO in hv_tlb_flush_enqueue() instead of having the caller pass in the FIFO. This will make it easier to fix a cross-vCPU race where KVM can access a vCPU's FIFO before it's fully initialized. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/hyperv.c | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 9b140bbdc1d8..3b7e860bd8d4 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -1930,16 +1930,18 @@ static int kvm_hv_get_tlb_flush_entries(struct kvm = *kvm, struct kvm_hv_hcall *hc return kvm_hv_get_hc_data(kvm, hc, hc->rep_cnt, hc->rep_cnt, entries); } =20 -static void hv_tlb_flush_enqueue(struct kvm_vcpu *vcpu, - struct kvm_vcpu_hv_tlb_flush_fifo *tlb_flush_fifo, - u64 *entries, int count) +static void hv_tlb_flush_enqueue(struct kvm_vcpu *vcpu, u64 *entries, int = count, + bool is_guest_mode) { + struct kvm_vcpu_hv_tlb_flush_fifo *tlb_flush_fifo; struct kvm_vcpu_hv *hv_vcpu =3D to_hv_vcpu(vcpu); u64 flush_all_entry =3D KVM_HV_TLB_FLUSHALL_ENTRY; =20 if (!hv_vcpu) return; =20 + tlb_flush_fifo =3D kvm_hv_get_tlb_flush_fifo(vcpu, is_guest_mode); + spin_lock(&tlb_flush_fifo->write_lock); =20 /* @@ -2012,7 +2014,6 @@ static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, st= ruct kvm_hv_hcall *hc) struct kvm *kvm =3D vcpu->kvm; struct hv_tlb_flush_ex flush_ex; struct hv_tlb_flush flush; - struct kvm_vcpu_hv_tlb_flush_fifo *tlb_flush_fifo; /* * Normally, there can be no more than 'KVM_HV_TLB_FLUSH_FIFO_SIZE' * entries on the TLB flush fifo. The last entry, however, needs to be @@ -2138,11 +2139,8 @@ static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, s= truct kvm_hv_hcall *hc) * analyze it here, flush TLB regardless of the specified address space. */ if (all_cpus && !is_guest_mode(vcpu)) { - kvm_for_each_vcpu(i, v, kvm) { - tlb_flush_fifo =3D kvm_hv_get_tlb_flush_fifo(v, false); - hv_tlb_flush_enqueue(v, tlb_flush_fifo, - tlb_flush_entries, hc->rep_cnt); - } + kvm_for_each_vcpu(i, v, kvm) + hv_tlb_flush_enqueue(v, tlb_flush_entries, hc->rep_cnt, false); =20 kvm_make_all_cpus_request(kvm, KVM_REQ_HV_TLB_FLUSH); } else if (!is_guest_mode(vcpu)) { @@ -2152,9 +2150,7 @@ static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, st= ruct kvm_hv_hcall *hc) v =3D kvm_get_vcpu(kvm, i); if (!v) continue; - tlb_flush_fifo =3D kvm_hv_get_tlb_flush_fifo(v, false); - hv_tlb_flush_enqueue(v, tlb_flush_fifo, - tlb_flush_entries, hc->rep_cnt); + hv_tlb_flush_enqueue(v, tlb_flush_entries, hc->rep_cnt, false); } =20 kvm_make_vcpus_request_mask(kvm, KVM_REQ_HV_TLB_FLUSH, vcpu_mask); @@ -2185,9 +2181,7 @@ static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, st= ruct kvm_hv_hcall *hc) continue; =20 __set_bit(i, vcpu_mask); - tlb_flush_fifo =3D kvm_hv_get_tlb_flush_fifo(v, true); - hv_tlb_flush_enqueue(v, tlb_flush_fifo, - tlb_flush_entries, hc->rep_cnt); + hv_tlb_flush_enqueue(v, tlb_flush_entries, hc->rep_cnt, true); } =20 kvm_make_vcpus_request_mask(kvm, KVM_REQ_HV_TLB_FLUSH, vcpu_mask); --=20 2.54.0.545.g6539524ca2-goog From nobody Fri Jun 19 18:35:26 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC4E6315D39 for ; Thu, 23 Apr 2026 14:08:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953323; cv=none; b=i9Og7C+SSxe/yZi9U8qGikNiq+2/XydLl1tLs5KXWeTv3B0dX4kNLHN7ZcJCW//IS3lObnqjYb7ktCDBYzHWplb833m9dzoaytp/RJOfBMuj41V8SCTWXkhFrs0BxUpmYFm3u7r1OE1JaWoeQkgcW2aZSPq1Fmj6jdGoGF6iTHo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953323; c=relaxed/simple; bh=HAAcuTZah9AFCo/cbSobY04EowY8FfFFdtRH4EpAUs0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tiQ5aNUff9Sf+yJ/QY8Z5kq5aP7Of9LusUr4L2Yqf7D5hl4mPttKcqdALHjjiSorg72bMFsUQwF3oEMQn0hHD2agXVjRAd0xSJLKV4TrDKNCKUS35IZMljxa97qp3scIwZ+OXUjr07eej+pCzzgpv7mTcSjR20j3anPS04kv9vY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UKdurXrT; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UKdurXrT" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-c799a65bad2so3041610a12.0 for ; Thu, 23 Apr 2026 07:08:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1776953321; x=1777558121; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=PwFbfJ2PZ5ODAqbR6kNliZRtbznaquS7x/WL4idTvrA=; b=UKdurXrT/Ml/6Tkly4rZ0ZoZkZ+VJyvUWbkRcd4N9MSy5UiPnUxAIRmAUX3YNeMlUQ IW7uqIW0zY+YLBep+AKEsKbJ0Oh1rajBdgQlqoui/Y5KSxazj4axVyscTMZiz2BDKgeZ W3lV+nNRuSCS1mCfKRcouv8KMAUvRHMZasLTKc5ml+6Ic2NA5z6gKx6C/tLpDTP0pgZf OE8b7I9CsoZLIGQCUoUHbxXterVWOrZJdulNBKyJWpmGdyTGFbYCbKQl6f/AGfv+SoLY qCikkaRJvi5m6i8Ivxp6lNq2knqRllNqfJMJ/1h05Sy2xOU5Hn7EfyQdO6IQRrbAJyv2 Xo6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776953321; x=1777558121; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PwFbfJ2PZ5ODAqbR6kNliZRtbznaquS7x/WL4idTvrA=; b=NJimdWfJ3Ffd4h03/CqLFesiEWdLtwqePmOSJq6QG0N4EDE0XJf8u8Jt8wpf8J4sGF r+7hjMJ8pvMy7W6qfAcOV440ZdiMQ8Aexmxeu12teSidxiS948Ehrx2G0Y0jvT7E0JI5 Orf03hkL4GToU+dU4lvr9jW45S1C6CUxHC0vlo0VEVyB9YDRYuJqkDkwsNfwHBSxAP3E 6NFwBHpQXKLeH00tGhapYRVdLKc3Qgo9aAPOpePUCalu3AYusZgPDrh6wKE8agJ+zBv/ 1++VsPR/rBn3Q8HUlMxe+vDqe9FRIRUdvwI9wVSWB/pOyPNPl3eMuCVM/mlUIhF0IGR8 gRVw== X-Forwarded-Encrypted: i=1; AFNElJ+P4dhWHsVehAZsnsWZrcRPoNYQFm7dXQzOQGKTkV10FLflhQLFumkXE0swi3jjCxHuuYLthrLswi3sgbA=@vger.kernel.org X-Gm-Message-State: AOJu0YwaXQ/sp1qvUaix/JM4Nd+Iaa+9TQNwN3ccM2/nk022CDk/yxu1 LSf458xvYj8ExDxEbidVKzlgRm1hFDQxfvpPo4dRMI0AQnmUTQvZTHp+a+61Hs2ikOPdkh3D0Sy fk0jzrg== X-Received: from pfl7.prod.google.com ([2002:a05:6a00:707:b0:82f:7d56:a149]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:189b:b0:82f:9407:d167 with SMTP id d2e1a72fcca58-83181424395mr7125b3a.38.1776953320978; Thu, 23 Apr 2026 07:08:40 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 23 Apr 2026 07:08:30 -0700 In-Reply-To: <20260423140833.439512-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260423140833.439512-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260423140833.439512-3-seanjc@google.com> Subject: [PATCH 2/5] KVM: x86/hyperv: Check for NULL vCPU Hyper-V object in kvm_hv_get_tlb_flush_fifo() From: Sean Christopherson To: Vitaly Kuznetsov , Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Check for a NULL Hyper-V object in kvm_hv_get_tlb_flush_fifo() instead of relying on the caller to do so. This will allow fixing a cross-vCPU race where KVM can access a vCPU's FIFO before it's fully initialized, without having to jump through too many cognitive hoops to reason about the correctness of the logic. Ignoring changes in ordering that only affect the aforementioned race, no functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/hyperv.c | 11 +++++------ arch/x86/kvm/hyperv.h | 7 ++++++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 3b7e860bd8d4..3cf8b3cdfc1c 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -1934,13 +1934,11 @@ static void hv_tlb_flush_enqueue(struct kvm_vcpu *v= cpu, u64 *entries, int count, bool is_guest_mode) { struct kvm_vcpu_hv_tlb_flush_fifo *tlb_flush_fifo; - struct kvm_vcpu_hv *hv_vcpu =3D to_hv_vcpu(vcpu); u64 flush_all_entry =3D KVM_HV_TLB_FLUSHALL_ENTRY; =20 - if (!hv_vcpu) - return; - tlb_flush_fifo =3D kvm_hv_get_tlb_flush_fifo(vcpu, is_guest_mode); + if (!tlb_flush_fifo) + return; =20 spin_lock(&tlb_flush_fifo->write_lock); =20 @@ -1967,15 +1965,16 @@ static void hv_tlb_flush_enqueue(struct kvm_vcpu *v= cpu, u64 *entries, int count, int kvm_hv_vcpu_flush_tlb(struct kvm_vcpu *vcpu) { struct kvm_vcpu_hv_tlb_flush_fifo *tlb_flush_fifo; - struct kvm_vcpu_hv *hv_vcpu =3D to_hv_vcpu(vcpu); u64 entries[KVM_HV_TLB_FLUSH_FIFO_SIZE]; int i, j, count; gva_t gva; =20 - if (!tdp_enabled || !hv_vcpu) + if (!tdp_enabled) return -EINVAL; =20 tlb_flush_fifo =3D kvm_hv_get_tlb_flush_fifo(vcpu, is_guest_mode(vcpu)); + if (!tlb_flush_fifo) + return -EINVAL; =20 count =3D kfifo_out(&tlb_flush_fifo->entries, entries, KVM_HV_TLB_FLUSH_F= IFO_SIZE); =20 diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h index 6301f79fcbae..53534e1004bb 100644 --- a/arch/x86/kvm/hyperv.h +++ b/arch/x86/kvm/hyperv.h @@ -201,6 +201,9 @@ static inline struct kvm_vcpu_hv_tlb_flush_fifo *kvm_hv= _get_tlb_flush_fifo(struc int i =3D is_guest_mode ? HV_L2_TLB_FLUSH_FIFO : HV_L1_TLB_FLUSH_FIFO; =20 + if (!hv_vcpu) + return NULL; + return &hv_vcpu->tlb_flush_fifo[i]; } =20 @@ -208,10 +211,12 @@ static inline void kvm_hv_vcpu_purge_flush_tlb(struct= kvm_vcpu *vcpu) { struct kvm_vcpu_hv_tlb_flush_fifo *tlb_flush_fifo; =20 - if (!to_hv_vcpu(vcpu) || !kvm_check_request(KVM_REQ_HV_TLB_FLUSH, vcpu)) + if (!kvm_check_request(KVM_REQ_HV_TLB_FLUSH, vcpu)) return; =20 tlb_flush_fifo =3D kvm_hv_get_tlb_flush_fifo(vcpu, is_guest_mode(vcpu)); + if (!tlb_flush_fifo) + return; =20 kfifo_reset_out(&tlb_flush_fifo->entries); } --=20 2.54.0.545.g6539524ca2-goog From nobody Fri Jun 19 18:35:26 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C65D30FC0F for ; Thu, 23 Apr 2026 14:08:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953327; cv=none; b=LnirUMlbkAHINrdkMF0D5BUIR2PAijyYPpSd1ZE8IGSc5ZT5rMmUDFcCEt5oZDk6S7RXeh+Js4KbHN/DnLxIdJOEKNSa0lrKQRPvXGwK3d8MCtQZsXRYPfkfZeAJ4hSKFveHwz7VZAc87UkzLeNgzX9aCVvPgp8O8F7KWDN6oQI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953327; c=relaxed/simple; bh=mfJrl10lvotOmOnSukcUToM+lxKzb7mwrxrieNWkXQo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ITGWZlQhAanqrxs6b6PYvIeKUmcly09GVFZDanzZSrk/gmpasisIE8iDT0RmJEbzXTtM0bu0PLsMaUMm68dtIM0cYUDAjqB1bjqV+xupVswDJKFuiDbea3EPd/Tvz9YIJMsSpT7YJYxbbZMlDuCXVnf5FbQ2bkQ80I+278DXfnk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=SFZC6q0k; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="SFZC6q0k" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-82f07078ff0so4565775b3a.1 for ; Thu, 23 Apr 2026 07:08:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1776953323; x=1777558123; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=f2t9JMoRk77rK1Sr4aGibmHn33i7irT0dG+X2ZJUBDQ=; b=SFZC6q0kU8ARvkbFK4I7T0RlBY2B0thcY6tQbiK0XPYV+HaWFBjOinXAqz7grST8+S MVeSAnJF4hVTXrfcIsYPLI16Moh5tSImbi+jh2WGP19IXl3G7LaNbMWHt7b0imk9j1ER sd2hrUn+x218no1G/EkiBCagJgQLlqJG5cTuNqq4zWqCJSRIf+FdNF4aGtJ/709arpHF 2g337+gke0C+gLYZGSZXVD9yGaPSQL78hbMJNUiXhkqA9O427iGIYdi7yyFpF3fG/b3s +2gxSKaHSkEiNMDhKibqVITryVyIs/n/MIqbNwQ+3bBPaJVj5jQNOFmjSXEz9e/fm5R1 f+Ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776953323; x=1777558123; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=f2t9JMoRk77rK1Sr4aGibmHn33i7irT0dG+X2ZJUBDQ=; b=njFxfCppeIx319KVgMxXZYkS8j2pWrMdKatmiWydfWYqW4yOH5nK1fsiPNWZ1SH0Xc jdDZZ04DGcsr9pynlu1orAg+/tl6BznJJg65fmofjOWVvOWkdsDE8e7pKb/SKK/bkdRX MOm0ey8/J+e9OmpDFGtLlTw3IJt66U5tpUeOELb5iuFFYuconAwKuJkab2A+j77ZqRSX S3e+4CHpM8HUPdZVt4OsVhFnrKAXlxZlNuHRgezUawC2GfWU5vfV9xTKir9U5ct92xIq jMLb3lMdyE763vzcDVAo0GmvVTxT7helWFh3dPk2EIMPqBcH70G3swaLat1gqvMyxA/H ROJQ== X-Forwarded-Encrypted: i=1; AFNElJ/zA3deoCyEXvZvU76UAaaDmFc1Rlw2U2Q+nEAYnbR+/FKFAzIjt/dYyYJj/Wd7+sW5baYV4crq/jV5xaU=@vger.kernel.org X-Gm-Message-State: AOJu0Yz53mXJJWducytyK+f5uu+DdMdoK3C5vKjqrIP+1cNb7oXOfpzx eleW1kkulIBXk6dM02KVImKVjC4LYJFv9jI6ApFbhzJOMR+vQrucpzmNghHMH1kAPNW9kiAyXtC Bp3nTwA== X-Received: from pfblh10.prod.google.com ([2002:a05:6a00:710a:b0:82f:bb5e:6021]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:698d:b0:82f:a085:c46e with SMTP id d2e1a72fcca58-82fa085c83emr16404248b3a.41.1776953322730; Thu, 23 Apr 2026 07:08:42 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 23 Apr 2026 07:08:31 -0700 In-Reply-To: <20260423140833.439512-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260423140833.439512-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260423140833.439512-4-seanjc@google.com> Subject: [PATCH 3/5] KVM: x86/hyperv: Ensure vCPU's Hyper-V object is initialized on cross-vCPU accesses From: Sean Christopherson To: Vitaly Kuznetsov , Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When initializing a vCPU's Hyper-V object, ensure the object is fully initialized prior to exposing it through the vCPU, and ensure accesses from other tasks (e.g. other vCPUs) see the fully initialized object if vcpu->arch.hyperv is non-NULL. Lack of ordering manifests as a lockdep splat due to attempting to lock a TLB flush FIFO before the spinlock is initialized. INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 1 PID: 5005 Comm: syz-executor189 Not tainted 6.6.120-smp-DEV #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 03/18/2026 Call Trace: [] dump_stack_lvl+0xcc/0x130 lib/dump_stack.c:106 [] assign_lock_key+0x1fd/0x230 kernel/locking/lockdep= .c:977 [] register_lock_class+0x187/0x7a0 kernel/locking/loc= kdep.c:1291 [] __lock_acquire+0x179/0x7650 kernel/locking/lockdep= .c:5016 [] lock_acquire+0x13f/0x3d0 kernel/locking/lockdep.c:= 5756 [] __raw_spin_lock include/linux/spinlock_api_smp.h:1= 33 [inline] [] _raw_spin_lock+0x2b/0x40 kernel/locking/spinlock.c= :154 [] spin_lock include/linux/spinlock.h:351 [inline] [] hv_tlb_flush_enqueue+0xb4/0x270 arch/x86/kvm/hyper= v.c:1946 [] kvm_hv_flush_tlb+0xa96/0x1dc0 arch/x86/kvm/hyperv.= c:2145 [] kvm_hv_hypercall+0x103b/0x1fe0 arch/x86/kvm/hyperv= .c:-1 [] __vmx_handle_exit arch/x86/kvm/vmx/vmx.c:6624 [inl= ine] [] vmx_handle_exit+0x12e3/0x21f0 arch/x86/kvm/vmx/vmx= .c:6641 [] vcpu_enter_guest arch/x86/kvm/x86.c:11649 [inline] [] vcpu_run+0x4d01/0x79c0 arch/x86/kvm/x86.c:11832 [] kvm_arch_vcpu_ioctl_run+0xb49/0x1c80 arch/x86/kvm/= x86.c:12179 [] kvm_vcpu_ioctl+0xc80/0xff0 virt/kvm/kvm_main.c:6029 [] vfs_ioctl fs/ioctl.c:52 [inline] [] __do_sys_ioctl fs/ioctl.c:872 [inline] [] __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:858 [] do_syscall_x64 arch/x86/entry/common.c:52 [inline] [] do_syscall_64+0x69/0xb0 arch/x86/entry/common.c:93 [] entry_SYSCALL_64_after_hwframe+0x68/0xd2 Use the "safe" variant in all paths that are known to access the Hyper-V object, as detected by an upcoming lockdep assertion. Fixes: 0823570f0198 ("KVM: x86: hyper-v: Introduce TLB flush fifo") Fixes: fc08b628d7c9 ("KVM: x86: hyper-v: Allocate Hyper-V context lazily") Reported-by: syzbot+5b32c49cd8f005e65654@syzkaller.appspotmail.com Signed-off-by: Sean Christopherson --- arch/x86/kvm/hyperv.c | 23 ++++++++++++++++++----- arch/x86/kvm/hyperv.h | 16 ++++++++++++++-- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 3cf8b3cdfc1c..92a715d06d92 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -206,13 +206,19 @@ static struct kvm_vcpu *get_vcpu_by_vpidx(struct kvm = *kvm, u32 vpidx) =20 static struct kvm_vcpu_hv_synic *synic_get(struct kvm *kvm, u32 vpidx) { - struct kvm_vcpu *vcpu; struct kvm_vcpu_hv_synic *synic; + struct kvm_vcpu_hv *hv_vcpu; + struct kvm_vcpu *vcpu; =20 vcpu =3D get_vcpu_by_vpidx(kvm, vpidx); - if (!vcpu || !to_hv_vcpu(vcpu)) + if (!vcpu) return NULL; - synic =3D to_hv_synic(vcpu); + + hv_vcpu =3D to_hv_vcpu_safe(vcpu); + if (!hv_vcpu) + return NULL; + + synic =3D &hv_vcpu->synic; return (synic->active) ? synic : NULL; } =20 @@ -972,7 +978,6 @@ int kvm_hv_vcpu_init(struct kvm_vcpu *vcpu) if (!hv_vcpu) return -ENOMEM; =20 - vcpu->arch.hyperv =3D hv_vcpu; hv_vcpu->vcpu =3D vcpu; =20 synic_init(&hv_vcpu->synic); @@ -988,6 +993,14 @@ int kvm_hv_vcpu_init(struct kvm_vcpu *vcpu) spin_lock_init(&hv_vcpu->tlb_flush_fifo[i].write_lock); } =20 + /* + * Ensure the structure is fully initialized before it's visible to + * other tasks, as much of the state can be legally accessed without + * holding vcpu->mutex. + * + * Pairs with the smp_load_acquire() in to_hv_vcpu_safe(). + */ + smp_store_release(&vcpu->arch.hyperv, hv_vcpu); return 0; } =20 @@ -2159,7 +2172,7 @@ static u64 kvm_hv_flush_tlb(struct kvm_vcpu *vcpu, st= ruct kvm_hv_hcall *hc) bitmap_zero(vcpu_mask, KVM_MAX_VCPUS); =20 kvm_for_each_vcpu(i, v, kvm) { - hv_v =3D to_hv_vcpu(v); + hv_v =3D to_hv_vcpu_safe(v); =20 /* * The following check races with nested vCPUs entering/exiting diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h index 53534e1004bb..ca5366341110 100644 --- a/arch/x86/kvm/hyperv.h +++ b/arch/x86/kvm/hyperv.h @@ -61,6 +61,18 @@ static inline struct kvm_hv *to_kvm_hv(struct kvm *kvm) return &kvm->arch.hyperv; } =20 +static inline struct kvm_vcpu_hv *to_hv_vcpu_safe(struct kvm_vcpu *vcpu) +{ + /* + * Ensure the HyperV structure is fully initialized when accessing it + * without holding vcpu->mutex (or some other guarantee that KVM can't + * concurrently instantiate the structure). + * + * Pairs with the smp_store_release() in kvm_hv_vcpu_init(). + */ + return smp_load_acquire(&vcpu->arch.hyperv); +} + static inline struct kvm_vcpu_hv *to_hv_vcpu(struct kvm_vcpu *vcpu) { return vcpu->arch.hyperv; @@ -87,7 +99,7 @@ static inline struct kvm_hv_syndbg *to_hv_syndbg(struct k= vm_vcpu *vcpu) =20 static inline u32 kvm_hv_get_vpindex(struct kvm_vcpu *vcpu) { - struct kvm_vcpu_hv *hv_vcpu =3D to_hv_vcpu(vcpu); + struct kvm_vcpu_hv *hv_vcpu =3D to_hv_vcpu_safe(vcpu); =20 return hv_vcpu ? hv_vcpu->vp_index : vcpu->vcpu_idx; } @@ -197,7 +209,7 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_= cpuid2 *cpuid, static inline struct kvm_vcpu_hv_tlb_flush_fifo *kvm_hv_get_tlb_flush_fifo= (struct kvm_vcpu *vcpu, bool is_guest_mode) { - struct kvm_vcpu_hv *hv_vcpu =3D to_hv_vcpu(vcpu); + struct kvm_vcpu_hv *hv_vcpu =3D to_hv_vcpu_safe(vcpu); int i =3D is_guest_mode ? HV_L2_TLB_FLUSH_FIFO : HV_L1_TLB_FLUSH_FIFO; =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Fri Jun 19 18:35:26 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5149531619A for ; Thu, 23 Apr 2026 14:08:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953328; cv=none; b=DAe9Mv1lRtJqz3E3Fp/lTDYmoOqIaGn7Nw05ZHvMmQgpZW41dvmRx69q9i7Qin6cLrYJP9mKuLywwc8zsQzO0DjnqJQQW3LmEAI2RcQcETcFRYTcQI1/0HYlulNhFGcbBUKsEVYFG0k4yXURawE6wQttkGRm8O4ZExrqTxMT7PM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953328; c=relaxed/simple; bh=/3cDx3aIf060SuHsn27j2Kp/Fy1op4c4/c+Wag2Nux8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eOW4VIs4Y9ikvd+zPMy0g1Dm85Ew3q8cxkyCGIsHxMjrXPCy0j4O6em5NZome8MmuHFT/MRBLqp90eSH+U3BxngG4sSv+iSKv1d78jjeR2UCHgrEEC0MADyxK2jLvJ/VT71OblQaMoG1qQ5lFW42hAb1u41qNhMY+EjIjsLsajY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Rc3XDYuP; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Rc3XDYuP" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-82fa366fb79so5876806b3a.2 for ; Thu, 23 Apr 2026 07:08:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1776953325; x=1777558125; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=vpe0Pwj50R8sAJb454RBdJG01v3qvgsTWjeq0H4u93I=; b=Rc3XDYuPzMpU4bqUT2flpGc4xy/7F6MCTbJwYPbz8Cwt2Z87Zr0AjddIRYzarlrA1t nrocpMyuGKTmV93e+FcNgiefJ5DvBoM02AH01Q6HNSsFICUSDmpjVslTlL68ViPsVqMv 6pCDgHkitDLOJ7ORbYKhaxIjRCD+DFvDRcz7GuVwTBtBY5BKCPJ4Mjodb9mrEsLz2NAC RlylV+tLRPNiXKNr+6JuzhMwWtwly9ENjJxAFCZ+XxLNl/Qjx9BQdQ4fUnesoxfZtUnI eYnLN44rZzLnyqOkgTDdiCuvahQOc+jUgB+5eBYAsDaaYJgHrd0T3xnLbWyhgZZE3hxV 50fA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776953325; x=1777558125; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vpe0Pwj50R8sAJb454RBdJG01v3qvgsTWjeq0H4u93I=; b=gHf26sbMWZOkxblZoglnjQthsD3hhwn053A8fzRY32Wu3bY5bSj7VTUoZsG3wmeewz 9g/Mng7tQpsarVe1Ymkg3TrxrfwhF0bm3trSSp+aQt89B5h48q2ZmhtP+SR8mW9jkd2G 4+5o2sN3MpWn9LB6f2O0oURn2bJTypuyCn72BNxQzf5f/jp9gK9RU2LIuxGqtlBmmThC LXfpWz9FlS0FZMgAuoEH8DX/Co2qjucVZQ5E/2XiA64CAMH0qH5qxICx5/TLhq0//9Km Dp68Y4Ycrr6b6QNuIaENWs10ysyemgi7JjMvQSujyAukhf/TJFj0L2Y/wOWpzhrQzpVW Bojw== X-Forwarded-Encrypted: i=1; AFNElJ8wrLTJSUUYniTc4hlcZdzQGu64ZQ9/5O+ytHXLs9OU6oGaiynfAi3seGZP/j2vome0HdPpgaQZ3NDCGN8=@vger.kernel.org X-Gm-Message-State: AOJu0Yz6ZM2B/Fxu/7CiIOyK7Xr88wzaU9BhwrSvQax/gFXyrJELQRB6 2VZxskyfKhYOaVvpAAHDHtNpOHzvYFQieNaeZs1eu80CvTGH76z+gny0JmgMugjn9uTMVFohSbw 33haTcw== X-Received: from pfbih24.prod.google.com ([2002:a05:6a00:8c18:b0:82f:36fa:1a58]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:8a82:b0:82f:a6bf:bede with SMTP id d2e1a72fcca58-82fa6bfcb14mr14270676b3a.40.1776953325204; Thu, 23 Apr 2026 07:08:45 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 23 Apr 2026 07:08:32 -0700 In-Reply-To: <20260423140833.439512-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260423140833.439512-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260423140833.439512-5-seanjc@google.com> Subject: [PATCH 4/5] KVM: x86/hyperv: Assert vCPU's mutex is held in to_hv_vcpu() From: Sean Christopherson To: Vitaly Kuznetsov , Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Assert that either vcpu->mutex is held or the VM is otherwise unreachable when using the normal vCPU =3D> HyperV accessor to help detect improper cross-task usage of the HyperV structure. When accessing the structure without holding the vCPU's mutex, e.g. to send interrupts or to queue TLB flushes, KVM needs to use the more paranoid to_hv_vcpu_safe() to guarantee that it can't see a half-baked structure. To avoid false positives, open code accesses to vcpu->arch.hyperv in the Synthetic Timer callbacks (can be reached if and only if HyperV state is fully initialized) and in kvm_hv_set_cpuid() (can unfortunately be reached during vCPU creation, when vcpu->mutex is not held, but otherwise is called only when vcpu->mutex is held). Signed-off-by: Sean Christopherson --- arch/x86/kvm/hyperv.c | 8 +++----- arch/x86/kvm/hyperv.h | 3 +++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 92a715d06d92..a79ccea05a65 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -599,8 +599,7 @@ static void stimer_mark_pending(struct kvm_vcpu_hv_stim= er *stimer, { struct kvm_vcpu *vcpu =3D hv_stimer_to_vcpu(stimer); =20 - set_bit(stimer->index, - to_hv_vcpu(vcpu)->stimer_pending_bitmap); + set_bit(stimer->index, vcpu->arch.hyperv->stimer_pending_bitmap); kvm_make_request(KVM_REQ_HV_STIMER, vcpu); if (vcpu_kick) kvm_vcpu_kick(vcpu); @@ -614,8 +613,7 @@ static void stimer_cleanup(struct kvm_vcpu_hv_stimer *s= timer) stimer->index); =20 hrtimer_cancel(&stimer->timer); - clear_bit(stimer->index, - to_hv_vcpu(vcpu)->stimer_pending_bitmap); + clear_bit(stimer->index, vcpu->arch.hyperv->stimer_pending_bitmap); stimer->msg_pending =3D false; stimer->exp_time =3D 0; } @@ -2311,7 +2309,7 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, str= uct kvm_hv_hcall *hc) =20 void kvm_hv_set_cpuid(struct kvm_vcpu *vcpu, bool hyperv_enabled) { - struct kvm_vcpu_hv *hv_vcpu =3D to_hv_vcpu(vcpu); + struct kvm_vcpu_hv *hv_vcpu =3D vcpu->arch.hyperv; struct kvm_cpuid_entry2 *entry; =20 vcpu->arch.hyperv_enabled =3D hyperv_enabled; diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h index ca5366341110..b7938d45f655 100644 --- a/arch/x86/kvm/hyperv.h +++ b/arch/x86/kvm/hyperv.h @@ -75,6 +75,9 @@ static inline struct kvm_vcpu_hv *to_hv_vcpu_safe(struct = kvm_vcpu *vcpu) =20 static inline struct kvm_vcpu_hv *to_hv_vcpu(struct kvm_vcpu *vcpu) { + lockdep_assert_once(lockdep_is_held(&vcpu->mutex) || + !refcount_read(&vcpu->kvm->users_count)); + return vcpu->arch.hyperv; } =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Fri Jun 19 18:35:26 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC55B318ED2 for ; Thu, 23 Apr 2026 14:08:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953331; cv=none; b=mBKzwPAwfiPLfuzwiYAYkr4ukMgvLznRmYm6AreUzH9U5xtpvJmkGQMKr5q+OWGdiblGU7lwgeBpmUEL63homa4LO3DowbxLGZqGIVEUT6G+CszXf2TnaQnlJyHI/J588bBUFtwagGHFo2RUdDS8Z2M7hOLXRJM50IJyhlUM9cc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776953331; c=relaxed/simple; bh=W23KsFZgezFTtYQBr9LdeXf5DVk60F3J9q7lUAtiI2w=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=rzP5a2X7xcVNiYUIuYrha3h0YmeKel2gw4cq2y7qdNH/agrxKu3R4tbM9hdazvaz27sGqrq8v0xYOKfd+xLOI8HK2r/BwqvBO/CrYvUn76o4OEGuKIxYzjiFS9n7QSajsHuQcOyXH5cSY58+evXTozplWveGKzr6khCApSPHNCc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WQfv95zg; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WQfv95zg" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-c76b69fb9d6so4253990a12.1 for ; Thu, 23 Apr 2026 07:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1776953327; x=1777558127; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=m96tcF9WNVEiTSDqCqgM9HMzPi4cngpQ5Un27mQpg6U=; b=WQfv95zgcWkqk7wr7KMYvhzZRrQHIf278BbJkknMcbgH0sv6W6NdUExBLaFJHuWIpa HHd/cKnp/2e74gOcKayCJ4aSXbms0giw+x1iNWJSAUJFJ2PeyZRy8aWn+c0Ojv8t3IaX 7wYDE/NF0AX9vtVgVWhmvyEEVyMkMLPLz0YPJkkGgXllQzdcKFMFwK4oLOKzDDinAiDw FUU4+f3rI+GPh+aEK/1TfmodG3leUwfU8e79S2zyBD0vPVQaVGY2r5dUBP4+R7Isw1bU NiyVFap3khRdoQHwZpHEEgNKK2Jtf2dNbPQo+T9FuymXlsf4FzSX8q0OzXPAzpnlKR4Y B0tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776953327; x=1777558127; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=m96tcF9WNVEiTSDqCqgM9HMzPi4cngpQ5Un27mQpg6U=; b=VEc70x2Bj8/zXMCCKDM6pnmFYnTQgmiAcX3TYgBMT9UB4h7P+ib7kSMGGFb/DNVKvO dXk0cAUrfFoMgimXkoTvJBdeRPJr/rHOIPvdkAkw/SN45UsHwrQtdfQtj+fcibfV4VaP bPUNfFP1zpXzg/dingZPNKANXVDuriZpfjPC3zYZQeuT4CWlPKexDQbnrVXFYXcJuamw P0RWjNKyNEpZB35MmUDqCun6zyBcNd39/4MiHOIPxRBs3zdLYqhytzNjhx7yracg2/1q I4pbvmTmrC4mOVB3JQp0i2//Y+RoUfI5uVN/q8B4xKVqZKW4HR0qihqzBc+P1abf4UjL Hf6Q== X-Forwarded-Encrypted: i=1; AFNElJ9DHeGVE4P9Ppz7Xozh8nQIIyo+mVQp3EZ2Kd5MInc1KXE4sRNF2Oxry2YDAWptphpm/6yzTbXabGpCH7M=@vger.kernel.org X-Gm-Message-State: AOJu0Yw/xBk9gFiuiCFZYYiXJfKqYBprwSfPVNG9MrAA3Q09V0gkgI5g /F8K7KvPNH8gFAWTC0OhaaOMhgaAE06VZNaTxdbiGdfn7Zsk/aUUgpjzC1JL/auCbFznggBfkVM XrGokRg== X-Received: from pfbay34.prod.google.com ([2002:a05:6a00:3022:b0:82f:a959:4a7f]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:e082:b0:3a2:c7e1:ff93 with SMTP id adf61e73a8af0-3a2c7e20480mr15488136637.8.1776953327192; Thu, 23 Apr 2026 07:08:47 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 23 Apr 2026 07:08:33 -0700 In-Reply-To: <20260423140833.439512-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260423140833.439512-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.545.g6539524ca2-goog Message-ID: <20260423140833.439512-6-seanjc@google.com> Subject: [PATCH 5/5] KVM: x86/hyperv: Use {READ,WRITE}_ONCE for cross-task synic->active accesses From: Sean Christopherson To: Vitaly Kuznetsov , Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When activating Hyper-V's Synthetic Interrupt Controller (SynIC), mark it active with WRITE_ONCE() and query it using READ_ONCE() in synic_get(), the only known cross-task reader, to document that the flag is accessed without holding the vCPU's mutex. Note, there are no data dependencies on the SynIC being marked active, e.g. the vector read by synic_set_irq() is set (usually in response to guest activity) long after the SynIC is initially activated, and a false negative on the SynIC being active would be benign (ignoring that such a race is likely to be problematic for the guest irrespective of what KVM does). Signed-off-by: Sean Christopherson --- arch/x86/kvm/hyperv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index a79ccea05a65..cf35ec93cffb 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -219,7 +219,7 @@ static struct kvm_vcpu_hv_synic *synic_get(struct kvm *= kvm, u32 vpidx) return NULL; =20 synic =3D &hv_vcpu->synic; - return (synic->active) ? synic : NULL; + return READ_ONCE(synic->active) ? synic : NULL; } =20 static void kvm_hv_notify_acked_sint(struct kvm_vcpu *vcpu, u32 sint) @@ -1013,7 +1013,7 @@ int kvm_hv_activate_synic(struct kvm_vcpu *vcpu, bool= dont_zero_synic_pages) =20 synic =3D to_hv_synic(vcpu); =20 - synic->active =3D true; + WRITE_ONCE(synic->active, true); synic->dont_zero_synic_pages =3D dont_zero_synic_pages; synic->control =3D HV_SYNIC_CONTROL_ENABLE; return 0; --=20 2.54.0.545.g6539524ca2-goog