Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1221691pxu; Wed, 6 Jan 2021 16:22:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJyj+pwG+9z3lkaa375BD4KAr+JExYUhEi8Nc+y197zolmx36T01NZ7mvkHoghCUpvgUimEn X-Received: by 2002:aa7:d919:: with SMTP id a25mr5426243edr.81.1609978941216; Wed, 06 Jan 2021 16:22:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609978941; cv=none; d=google.com; s=arc-20160816; b=OFk0FmyafYNlBtz3NZEnJmsOCziu9oN/R9bvF5+Ns5ImF2q8SgxYsd6Ubzy/sage7Z u+h2ybkgVF7KB6+mlRBT5m4llOaZPQIymfVKlardJPXyRBizQtcK85a+ez/OzFmX1gfQ 8JgNWfVnkSCoubNtKyiiKYc+lTrvhaBrX2sDUAkFfJQh/yh+W+ia8h2smHioj1vXk8NM QxYYpVQrRMeKtOcnReUXx0GG7nwcfC74nZyaDcXAgn3i6IKL55hnoK5N9kPH9ka1387c fHFhfh4fCf+0Xy7Id7fS2e8G3sB2E2bvKBxu1SDre2eZLsLYcNLZ4gvir2d28pab/ujY NGOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date :sender:dkim-signature; bh=YAdMZ4HVtsNign4zck7MQfm5DpVic4jEJ5rVA3Cqe+I=; b=r5T0wBfLJXAB1qAEwTV/voF2cXweESQ+soFkILPmCGrBcsE6xKueVDAnBwujnAnozs O7g+h5bliTFpNqz8ykEcp5zkq1QAWkRY8vJG/CTjBkKAa1c3szx2TNxkBrLvpDHtFrys FsK7M996rpZlQjbIg4ZjBsDrWU3429ebTUnNr2L/rGpgGnvhF+ihvRiShcd9mhGhChAa m8HhY0XzWn7BXtSX8j7ilXeHlWrlgHWjPTZny+epRyGswt0Wd8RjLegbwOF+tsYwva3G kcZ/PT7d9DXJ1hiQi1/zKSyj39Qw8YjYsMADJVwVYAXz482lgTUI2bkPOwl2z25bTZGr nsqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CmXcwBZJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f20si1574547edy.12.2021.01.06.16.21.57; Wed, 06 Jan 2021 16:22:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CmXcwBZJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726666AbhAGAUV (ORCPT + 99 others); Wed, 6 Jan 2021 19:20:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726375AbhAGAUU (ORCPT ); Wed, 6 Jan 2021 19:20:20 -0500 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 308F9C061370 for ; Wed, 6 Jan 2021 16:19:40 -0800 (PST) Received: by mail-qk1-x74a.google.com with SMTP id y187so4184497qke.20 for ; Wed, 06 Jan 2021 16:19:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:message-id:mime-version:subject:from:to:cc; bh=YAdMZ4HVtsNign4zck7MQfm5DpVic4jEJ5rVA3Cqe+I=; b=CmXcwBZJAfbCWX7/Zs58wTI0vo1u9HDZQ8ZtZrSWLI7giiVKMzDztOCJ1dHXIj55Fc n8Gl/FFNXiXEEu9Tzg0E+HT8Qq7gUkAMlXk1OGuk9O1PPJztSyvlugWSSvgIUxbBUHRd tL7cmhDmvGt0ml3bb1/X+YsX+ueWHrIpme0j58W3TvIP3RPrvByjwwFKxh6VcfmXwwC4 ZyV4YjmpOe5Hs8hjbp3PsvDIoOwzq55Cd1iwEfB4ME3JT0jaeUfHgRThKaTuxU3gOrUo qrk9QlRixlww+fQG0Ki0gUnrkqpnfd/J+Wm3dW75EbaODtGhlpdonuKszaVO5zg/r9sJ x0cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:message-id:mime-version:subject:from :to:cc; bh=YAdMZ4HVtsNign4zck7MQfm5DpVic4jEJ5rVA3Cqe+I=; b=PIePe42Wn2byr1nvjMwkrKJKro+7VWGeGfjARf4oqt74fdPAXMLkcC8q8AIzE9wXMQ VwAgfC/MNl6hDUYpRjvGWlR5K26dviYlMU3Pgj5m8QiNMe0Yqv4zmv+w0A+sJGaZRlJV y6X8cZ+lwDnEBQsLnBaST1wU75FQt4rKGfLXTQGQ1tjRw7/a0mkXirwmlHmL5NVPFe4c LSoRls3UmC3uE+MtanhVRCXLMAYSTLgWVNxyZO1Oa32Z83wlraVKA/rmEEMJAIBafXrx wAE9CoDwmU1fxecar2/O1bNUILSC7wr0T4St/QGL3lJtLrRCaux/7bT1vbFo4eP5BDiv oQ8g== X-Gm-Message-State: AOAM531JtU+qW/ia+L9HsRXVQoxHdLQzlCctgA5AxY7mQ2ltiDPeGcUQ DYIDpuhgSuoCAEDA2kJ4WjCGeog1njLaBOlh5+mnMvpOnCJPqjH40Dv6xShQSwyLaEe1wPiA9of L9yTN0MjtmnfezbJVLF4vFBB5WLdhRL4PiZBq67xoXQ9rm4yfRe/E5A+zz+24L65ADi0PylRI Sender: "bgardon via sendgmr" X-Received: from bgardon.sea.corp.google.com ([2620:15c:100:202:f693:9fff:fef4:a293]) (user=bgardon job=sendgmr) by 2002:a0c:e651:: with SMTP id c17mr6479465qvn.34.1609978779192; Wed, 06 Jan 2021 16:19:39 -0800 (PST) Date: Wed, 6 Jan 2021 16:19:34 -0800 Message-Id: <20210107001935.3732070-1-bgardon@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.29.2.729.g45daf8777d-goog Subject: [PATCH v3 1/2] KVM: x86/mmu: Ensure TDP MMU roots are freed after yield From: Ben Gardon To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Peter Shier , "Maciej S . Szmigiero" , Leo Hou , Ben Gardon Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Many TDP MMU functions which need to perform some action on all TDP MMU roots hold a reference on that root so that they can safely drop the MMU lock in order to yield to other threads. However, when releasing the reference on the root, there is a bug: the root will not be freed even if its reference count (root_count) is reduced to 0. To simplify acquiring and releasing references on TDP MMU root pages, and to ensure that these roots are properly freed, move the get/put operations into another TDP MMU root iterator macro. Moving the get/put operations into an iterator macro also helps simplify control flow when a root does need to be freed. Note that using the list_for_each_entry_safe macro would not have been appropriate in this situation because it could keep a pointer to the next root across an MMU lock release + reacquire, during which time that root could be freed. Reported-by: Maciej S. Szmigiero Suggested-by: Paolo Bonzini Fixes: faaf05b00aec ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU") Fixes: 063afacd8730 ("kvm: x86/mmu: Support invalidate range MMU notifier for TDP MMU") Fixes: a6a0b05da9f3 ("kvm: x86/mmu: Support dirty logging for the TDP MMU") Fixes: 14881998566d ("kvm: x86/mmu: Support disabling dirty logging for the tdp MMU") Signed-off-by: Ben Gardon --- arch/x86/kvm/mmu/tdp_mmu.c | 104 +++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 56 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 75db27fda8f3..d4191ed193cd 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -44,7 +44,48 @@ void kvm_mmu_uninit_tdp_mmu(struct kvm *kvm) WARN_ON(!list_empty(&kvm->arch.tdp_mmu_roots)); } -#define for_each_tdp_mmu_root(_kvm, _root) \ +static void tdp_mmu_put_root(struct kvm *kvm, struct kvm_mmu_page *root) +{ + if (kvm_mmu_put_root(kvm, root)) + kvm_tdp_mmu_free_root(kvm, root); +} + +static inline bool tdp_mmu_next_root_valid(struct kvm *kvm, + struct kvm_mmu_page *root) +{ + lockdep_assert_held(&kvm->mmu_lock); + + if (list_entry_is_head(root, &kvm->arch.tdp_mmu_roots, link)) + return false; + + kvm_mmu_get_root(kvm, root); + return true; + +} + +static inline struct kvm_mmu_page *tdp_mmu_next_root(struct kvm *kvm, + struct kvm_mmu_page *root) +{ + struct kvm_mmu_page *next_root; + + next_root = list_next_entry(root, link); + tdp_mmu_put_root(kvm, root); + return next_root; +} + +/* + * Note: this iterator gets and puts references to the roots it iterates over. + * This makes it safe to release the MMU lock and yield within the loop, but + * if exiting the loop early, the caller must drop the reference to the most + * recent root. (Unless keeping a live reference is desirable.) + */ +#define for_each_tdp_mmu_root_yield_safe(_kvm, _root) \ + for (_root = list_first_entry(&_kvm->arch.tdp_mmu_roots, \ + typeof(*_root), link); \ + tdp_mmu_next_root_valid(_kvm, _root); \ + _root = tdp_mmu_next_root(_kvm, _root)) + +#define for_each_tdp_mmu_root(_kvm, _root) \ list_for_each_entry(_root, &_kvm->arch.tdp_mmu_roots, link) bool is_tdp_mmu_root(struct kvm *kvm, hpa_t hpa) @@ -447,18 +488,9 @@ bool kvm_tdp_mmu_zap_gfn_range(struct kvm *kvm, gfn_t start, gfn_t end) struct kvm_mmu_page *root; bool flush = false; - for_each_tdp_mmu_root(kvm, root) { - /* - * Take a reference on the root so that it cannot be freed if - * this thread releases the MMU lock and yields in this loop. - */ - kvm_mmu_get_root(kvm, root); - + for_each_tdp_mmu_root_yield_safe(kvm, root) flush |= zap_gfn_range(kvm, root, start, end, true); - kvm_mmu_put_root(kvm, root); - } - return flush; } @@ -619,13 +651,7 @@ static int kvm_tdp_mmu_handle_hva_range(struct kvm *kvm, unsigned long start, int ret = 0; int as_id; - for_each_tdp_mmu_root(kvm, root) { - /* - * Take a reference on the root so that it cannot be freed if - * this thread releases the MMU lock and yields in this loop. - */ - kvm_mmu_get_root(kvm, root); - + for_each_tdp_mmu_root_yield_safe(kvm, root) { as_id = kvm_mmu_page_as_id(root); slots = __kvm_memslots(kvm, as_id); kvm_for_each_memslot(memslot, slots) { @@ -647,8 +673,6 @@ static int kvm_tdp_mmu_handle_hva_range(struct kvm *kvm, unsigned long start, ret |= handler(kvm, memslot, root, gfn_start, gfn_end, data); } - - kvm_mmu_put_root(kvm, root); } return ret; @@ -838,21 +862,13 @@ bool kvm_tdp_mmu_wrprot_slot(struct kvm *kvm, struct kvm_memory_slot *slot, int root_as_id; bool spte_set = false; - for_each_tdp_mmu_root(kvm, root) { + for_each_tdp_mmu_root_yield_safe(kvm, root) { root_as_id = kvm_mmu_page_as_id(root); if (root_as_id != slot->as_id) continue; - /* - * Take a reference on the root so that it cannot be freed if - * this thread releases the MMU lock and yields in this loop. - */ - kvm_mmu_get_root(kvm, root); - spte_set |= wrprot_gfn_range(kvm, root, slot->base_gfn, slot->base_gfn + slot->npages, min_level); - - kvm_mmu_put_root(kvm, root); } return spte_set; @@ -906,21 +922,13 @@ bool kvm_tdp_mmu_clear_dirty_slot(struct kvm *kvm, struct kvm_memory_slot *slot) int root_as_id; bool spte_set = false; - for_each_tdp_mmu_root(kvm, root) { + for_each_tdp_mmu_root_yield_safe(kvm, root) { root_as_id = kvm_mmu_page_as_id(root); if (root_as_id != slot->as_id) continue; - /* - * Take a reference on the root so that it cannot be freed if - * this thread releases the MMU lock and yields in this loop. - */ - kvm_mmu_get_root(kvm, root); - spte_set |= clear_dirty_gfn_range(kvm, root, slot->base_gfn, slot->base_gfn + slot->npages); - - kvm_mmu_put_root(kvm, root); } return spte_set; @@ -1029,21 +1037,13 @@ bool kvm_tdp_mmu_slot_set_dirty(struct kvm *kvm, struct kvm_memory_slot *slot) int root_as_id; bool spte_set = false; - for_each_tdp_mmu_root(kvm, root) { + for_each_tdp_mmu_root_yield_safe(kvm, root) { root_as_id = kvm_mmu_page_as_id(root); if (root_as_id != slot->as_id) continue; - /* - * Take a reference on the root so that it cannot be freed if - * this thread releases the MMU lock and yields in this loop. - */ - kvm_mmu_get_root(kvm, root); - spte_set |= set_dirty_gfn_range(kvm, root, slot->base_gfn, slot->base_gfn + slot->npages); - - kvm_mmu_put_root(kvm, root); } return spte_set; } @@ -1089,21 +1089,13 @@ void kvm_tdp_mmu_zap_collapsible_sptes(struct kvm *kvm, struct kvm_mmu_page *root; int root_as_id; - for_each_tdp_mmu_root(kvm, root) { + for_each_tdp_mmu_root_yield_safe(kvm, root) { root_as_id = kvm_mmu_page_as_id(root); if (root_as_id != slot->as_id) continue; - /* - * Take a reference on the root so that it cannot be freed if - * this thread releases the MMU lock and yields in this loop. - */ - kvm_mmu_get_root(kvm, root); - zap_collapsible_spte_range(kvm, root, slot->base_gfn, slot->base_gfn + slot->npages); - - kvm_mmu_put_root(kvm, root); } } -- 2.29.2.729.g45daf8777d-goog