1. Patchew
  2. linux
  3. View series

[PATCH 0/8] KVM: x86/xen: Clean up 32-bit vs. 64-bit shared info mode handling

David Woodhouse posted 8 patches 2 days, 14 hours ago 
arch/x86/kvm/xen.c | 186 +++++++++++++++++++++++++++++++++++------------------
arch/x86/kvm/xen.h |   5 ++
2 files changed, 127 insertions(+), 64 deletions(-)
[PATCH 0/8] KVM: x86/xen: Clean up 32-bit vs. 64-bit shared info mode handling
Posted by David Woodhouse 2 days, 14 hours ago 
This series addresses issues in KVM's Xen event channel delivery paths,
triggered by review of a patch from Hyunwoo Kim which fixed a TOCTOU
race in kvm_xen_set_evtchn_fast().

The first three patches are preparatory cleanups:
 • Rename the 'longmode' hypercall parameter to 'is_64bit' to
   distinguish it from the VM-wide shinfo mode.
 • Introduce kvm_xen_has_64bit_shinfo() with READ_ONCE() semantics.
 • Rename max_evtchn_port() to kvm_max_evtchn_port() in preparation
   for adding a variant that takes a latched bool.

Patches 4-5 fix TOCTOU races where kvm->arch.xen.long_mode is read 
multiple times without consistency. In practice these are harmless since 
the bitmaps are at the same offset in both layouts and corruption is 
limited to the guest's own shared_info page which doesn't get converted 
when switched between 32-bit and 64-bit anyway, but the fixes ensure 
internal consistency for any given invocation of the given function.

Patches 6-8 address a split-lock DoS vector identified by Sashiko: 
locked atomic operations on vcpu_info->evtchn_pending_sel can trigger
an #AC exception on hosts with split_lock_detect=fatal if the guest 
registers vcpu_info at a misaligned address. Patch 6 adds Xen-compatible 
alignment enforcement at registration time. Patches 7-8 switch to 32-bit 
locked operations which only require 4-byte alignment, handling the case 
where a 32-bit guest registers vcpu_info at a 4-byte-aligned address and 
later switches to 64-bit mode — which Xen supports, so so should KVM.

Based on v7.1-rc6.

(Sorry Sean, this conflicts with some stuff you have outstanding but
should probably go first?)

David Woodhouse (7):
      KVM: x86/xen: Rename 'longmode' to 'is_64bit' in hypercall handling
      KVM: x86/xen: Introduce kvm_xen_has_64bit_shinfo() macro
      KVM: x86/xen: Rename max_evtchn_port() to kvm_max_evtchn_port()
      KVM: x86/xen: Latch shinfo mode in kvm_xen_schedop_poll()
      KVM: x86/xen: Enforce alignment of vcpu_info registration
      KVM: x86/xen: Use 32-bit locked bts for vcpu_info evtchn_pending_sel
      KVM: x86/xen: Use 32-bit locked ops in kvm_xen_inject_pending_events()

Hyunwoo Kim (1):
      KVM: x86/xen: Latch shinfo mode in kvm_xen_set_evtchn_fast()

 arch/x86/kvm/xen.c | 186 +++++++++++++++++++++++++++++++++++------------------
 arch/x86/kvm/xen.h |   5 ++
 2 files changed, 127 insertions(+), 64 deletions(-)

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.