KVM: x86: Don't take kvm->lock when iterating over vCPUs in suspend notifier

sean-jc · sean-jc · commit d9c5ed0a9b52 · 2025-02-12T10:45:54.000-08:00
When queueing vCPU PVCLOCK updates in response to SUSPEND or HIBERNATE, don't take kvm->lock as doing so can trigger a largely theoretical deadlock, it is perfectly safe to iterate over the xarray of vCPUs without holding kvm->lock, and kvm->lock doesn't protect kvm_set_guest_paused() in any way (pv_time.active and pvclock_set_guest_stopped_request are protected by vcpu->mutex, not kvm->lock). Reported-by: syzbot+352e553a86e0d75f5120@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/677c0f36.050a0220.3b3668.0014.GAE@google.com Fixes: 7d62874 ("kvm: x86: implement KVM PM-notifier") Reviewed-by: Paul Durrant <paul@xen.org> Link: https://lore.kernel.org/r/20250201013827.680235-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
@@ -6907,7 +6907,6 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)
 	unsigned long i;
 	int ret = 0;
 
-	mutex_lock(&kvm->lock);
 	kvm_for_each_vcpu(i, vcpu, kvm) {
 		if (!vcpu->arch.pv_time.active)
 			continue;
@@ -6919,7 +6918,6 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)
 			break;
 		}
 	}
-	mutex_unlock(&kvm->lock);
 
 	return ret ? NOTIFY_BAD : NOTIFY_DONE;
 }

Original file line number	Diff line number	Diff line change
`@@ -6907,7 +6907,6 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)`
`6907`	`6907`	`unsigned long i;`
`6908`	`6908`	`int ret = 0;`
`6909`	`6909`
`6910`		`- mutex_lock(&kvm->lock);`
`6911`	`6910`	`kvm_for_each_vcpu(i, vcpu, kvm) {`
`6912`	`6911`	`if (!vcpu->arch.pv_time.active)`
`6913`	`6912`	`continue;`
`@@ -6919,7 +6918,6 @@ static int kvm_arch_suspend_notifier(struct kvm *kvm)`
`6919`	`6918`	`break;`
`6920`	`6919`	`}`
`6921`	`6920`	`}`
`6922`		`- mutex_unlock(&kvm->lock);`
`6923`	`6921`
`6924`	`6922`	`return ret ? NOTIFY_BAD : NOTIFY_DONE;`
`6925`	`6923`	`}`