Received: by 2002:a05:7412:a9a2:b0:e2:908c:2ebd with SMTP id o34csp1348891rdh;
        Fri, 27 Oct 2023 11:23:32 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGeSEIO6eqEM/kGc/vLX/61rMU66X9QV/DntUalWiZocbOfAGrf8JP4dFEnKeZ6i+JNQHyE
X-Received: by 2002:a25:ab88:0:b0:da0:47b0:5241 with SMTP id v8-20020a25ab88000000b00da047b05241mr3951756ybi.34.1698431011893;
        Fri, 27 Oct 2023 11:23:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698431011; cv=none;
        d=google.com; s=arc-20160816;
        b=Nmzc+LLvopv1NNmADlWr8unjXgZO59krtie4cJK55nIIDL3E/s79MXXi95I5DljxDk
         F9EtsWAIhv0Gfgm2oCYjpO14xg5D9fArKMd6qIacgCwz9Ef2w05N02t5eFzUNNv984wZ
         Vqob/91fGuqz88ilxdLotpKnA1kSVsrVbc5LjL8rUSyRJe7TMWjQgvozCF2a1Bz40DCm
         njWyu/ZTlrTQGt+HrbC+sZE5o5sPMeUntjbi5AjMMEFvjs/R9/yXDALrDlYUMv3qro7C
         ChffE5PGdtQIJitmbHEEuLVUEPVs7mg3fQJ/KwLa0DvfkRUxJZKvjXYCXDLLItsHnYC3
         Y71g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:dkim-signature;
        bh=QjG+iTAl+MysAoCDX0shLrWGCG7e9aCGlo9+qs2tVnE=;
        fh=lhteFENhZrfxRoH7K7/E/bqXvDWa/XLvUszFia9mLtM=;
        b=hBFCtQPZ1j6cm15Z9PoGBQdTzkvuFPlMclkF0Nu1J3LA50rpoId3V2zQEZSvA7eSGl
         oi4TXgHVtNEI1+DD8c6KOCSwXJh607zP0c1CcRKSmsaOhxJKvD9Pvu8LbYRci2TbfcuG
         SCvmOrBNXCBCn358Red/n0B1a20Eu8EsjwET7mcn5Ct6KcueFaYUxVs6VeL4Fgs9w50+
         2nOEwIuL5dqBclPY+J3Rb7GScOeKL5ADxYHq/zRPkUJSeFBj3dEivJUcDQwpbEH1XotW
         CntIxx6B3rUqcLcP4+t9QnbkeImvIe/tPUrPUMY5UkShIVWNdigR65WPjFmh9Oag0Ds9
         Auqw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=GboxU9hF;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2])
        by mx.google.com with ESMTPS id q188-20020a2575c5000000b00da02790c22asi3374699ybc.715.2023.10.27.11.23.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Oct 2023 11:23:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=GboxU9hF;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id EC52B8260C3C;
	Fri, 27 Oct 2023 11:23:23 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235154AbjJ0SW4 (ORCPT <rfc822;gvb.lkml@gmail.com> + 99 others);
        Fri, 27 Oct 2023 14:22:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45604 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232550AbjJ0SWt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Oct 2023 14:22:49 -0400
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C4331AA
        for <linux-kernel@vger.kernel.org>; Fri, 27 Oct 2023 11:22:34 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-5b053454aeeso2262117b3.0
        for <linux-kernel@vger.kernel.org>; Fri, 27 Oct 2023 11:22:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1698430953; x=1699035753; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=QjG+iTAl+MysAoCDX0shLrWGCG7e9aCGlo9+qs2tVnE=;
        b=GboxU9hFYFXO5qn1IjUEXGWAanotm5uv6d1ExTIDSU+CqAkB5bQGwMOPxnCJiJ2RcF
         rskBiwmzeF4LFtGn05KtzZc75mc7Fgb1tJROrIoWu5x8TpL0w3dPacXbh1tFP2rkx4wi
         aKr41d8xZlA/twTU1EYsPqhC92vHOhoVPRVkM2QUSKue3+CrrAY+LR1b8XsZ7NhNdzkP
         RuAIuodjVsYyG9G7SKhfxPO9w9gLQaacaqP/LkACm2yD8+oEK0Mnymy6Sytll2Bz4HnH
         kxkLvjPS6LQTMuXn5GOk95y+c5bBGTJXGiDyVCQoyuvspd3vv8mBveA59LuCK6aL+udl
         bA9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698430953; x=1699035753;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=QjG+iTAl+MysAoCDX0shLrWGCG7e9aCGlo9+qs2tVnE=;
        b=P470daxJ+ef5E4MIrIWl5wsHHs5kxP6dUHleRBXw6AWgVxz465D2w+0WoQO4xAekZ6
         /9knWuEAhi7u+QaYGRk1FmrZ/y9GMBZLhklX4QXdTizWQkrRLmn9E5f7Ttd8sZWUsEP7
         gg6yPKeUjgGjQzH7JVLoDxcDKrO5ol6TapEOtSKD5Lz1wNyK5H0/POVk9GS03SNJ/Q/Z
         1wxPWf779XXwNdImpUbkMcYNPHt1/7JHJrNY/sBO8r/G1G2Nh9Q1MtHvc+HZt/6cNzlw
         3iQCZ+BOv5JqNWU6bKMZJZWk37vmfe6c19FwsKimxY5g1rf3bGCs9HhurpeA3zqoPphU
         teBg==
X-Gm-Message-State: AOJu0YyG6BkAODmYFdAMy/DUUewSN+t84yWeAKQQ4QYbPie6ljF/7kF7
        dCF9MCLI+pOg5GjhX9e5+3cJ9DA3mro=
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6902:1083:b0:da0:567d:f819 with SMTP id
 v3-20020a056902108300b00da0567df819mr78680ybu.10.1698430953673; Fri, 27 Oct
 2023 11:22:33 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date:   Fri, 27 Oct 2023 11:21:46 -0700
In-Reply-To: <20231027182217.3615211-1-seanjc@google.com>
Mime-Version: 1.0
References: <20231027182217.3615211-1-seanjc@google.com>
X-Mailer: git-send-email 2.42.0.820.g83a721a137-goog
Message-ID: <20231027182217.3615211-5-seanjc@google.com>
Subject: [PATCH v13 04/35] KVM: WARN if there are dangling MMU invalidations
 at VM destruction
From:   Sean Christopherson <seanjc@google.com>
To:     Paolo Bonzini <pbonzini@redhat.com>, Marc Zyngier <maz@kernel.org>,
        Oliver Upton <oliver.upton@linux.dev>,
        Huacai Chen <chenhuacai@kernel.org>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Anup Patel <anup@brainfault.org>,
        Paul Walmsley <paul.walmsley@sifive.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Albert Ou <aou@eecs.berkeley.edu>,
        Sean Christopherson <seanjc@google.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>,
        "Matthew Wilcox (Oracle)" <willy@infradead.org>,
        Andrew Morton <akpm@linux-foundation.org>
Cc:     kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
        kvmarm@lists.linux.dev, linux-mips@vger.kernel.org,
        linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org,
        linux-riscv@lists.infradead.org, linux-fsdevel@vger.kernel.org,
        linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        Xiaoyao Li <xiaoyao.li@intel.com>,
        Xu Yilun <yilun.xu@intel.com>,
        Chao Peng <chao.p.peng@linux.intel.com>,
        Fuad Tabba <tabba@google.com>,
        Jarkko Sakkinen <jarkko@kernel.org>,
        Anish Moorthy <amoorthy@google.com>,
        David Matlack <dmatlack@google.com>,
        Yu Zhang <yu.c.zhang@linux.intel.com>,
        Isaku Yamahata <isaku.yamahata@intel.com>,
        "=?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?=" <mic@digikod.net>,
        Vlastimil Babka <vbabka@suse.cz>,
        Vishal Annapurve <vannapurve@google.com>,
        Ackerley Tng <ackerleytng@google.com>,
        Maciej Szmigiero <mail@maciej.szmigiero.name>,
        David Hildenbrand <david@redhat.com>,
        Quentin Perret <qperret@google.com>,
        Michael Roth <michael.roth@amd.com>,
        Wang <wei.w.wang@intel.com>,
        Liam Merwick <liam.merwick@oracle.com>,
        Isaku Yamahata <isaku.yamahata@gmail.com>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 27 Oct 2023 11:23:24 -0700 (PDT)

Add an assertion that there are no in-progress MMU invalidations when a
VM is being destroyed, with the exception of the scenario where KVM
unregisters its MMU notifier between an .invalidate_range_start() call and
the corresponding .invalidate_range_end().

KVM can't detect unpaired calls from the mmu_notifier due to the above
exception waiver, but the assertion can detect KVM bugs, e.g. such as the
bug that *almost* escaped initial guest_memfd development.

Link: https://lore.kernel.org/all/e397d30c-c6af-e68f-d18e-b4e3739c5389@linux.intel.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 virt/kvm/kvm_main.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 1a577a25de47..4dba682586ee 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1356,9 +1356,16 @@ static void kvm_destroy_vm(struct kvm *kvm)
 	 * No threads can be waiting in kvm_swap_active_memslots() as the
 	 * last reference on KVM has been dropped, but freeing
 	 * memslots would deadlock without this manual intervention.
+	 *
+	 * If the count isn't unbalanced, i.e. KVM did NOT unregister its MMU
+	 * notifier between a start() and end(), then there shouldn't be any
+	 * in-progress invalidations.
 	 */
 	WARN_ON(rcuwait_active(&kvm->mn_memslots_update_rcuwait));
-	kvm->mn_active_invalidate_count = 0;
+	if (kvm->mn_active_invalidate_count)
+		kvm->mn_active_invalidate_count = 0;
+	else
+		WARN_ON(kvm->mmu_invalidate_in_progress);
 #else
 	kvm_flush_shadow_all(kvm);
 #endif
-- 
2.42.0.820.g83a721a137-goog