KVM: arm/arm64: Simplify active_change_prepare and plug race

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We don't need to stop a specific VCPU when changing the active state,
because private IRQs can only be modified by a running VCPU for the
VCPU itself and it is therefore already stopped.

However, it is also possible for two VCPUs to be modifying the active
state of SPIs at the same time, which can cause the thread being stuck
in the loop that checks other VCPU threads for a potentially very long
time, or to modify the active state of a running VCPU. Fix this by
serializing all accesses to setting and clearing the active state of
interrupts using the KVM mutex.

Reported-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>

Christoffer Dall 9 years ago abd72296 3197191e

+20 -33

5 changed files

expand all

arch

arm

include

asm

kvm_host.h

arm64

include

asm

kvm_host.h

virt

kvm

arm

arm.c

vgic

vgic-mmio.c

vgic.c

-2

arch/arm/include/asm/kvm_host.h

··· 233 233 struct kvm_vcpu __percpu **kvm_get_running_vcpus(void); 234 234 void kvm_arm_halt_guest(struct kvm *kvm); 235 235 void kvm_arm_resume_guest(struct kvm *kvm); 236 - void kvm_arm_halt_vcpu(struct kvm_vcpu *vcpu); 237 - void kvm_arm_resume_vcpu(struct kvm_vcpu *vcpu); 238 236 239 237 int kvm_arm_copy_coproc_indices(struct kvm_vcpu *vcpu, u64 __user *uindices); 240 238 unsigned long kvm_arm_num_coproc_regs(struct kvm_vcpu *vcpu);

-2

arch/arm64/include/asm/kvm_host.h

··· 333 333 struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void); 334 334 void kvm_arm_halt_guest(struct kvm *kvm); 335 335 void kvm_arm_resume_guest(struct kvm *kvm); 336 - void kvm_arm_halt_vcpu(struct kvm_vcpu *vcpu); 337 - void kvm_arm_resume_vcpu(struct kvm_vcpu *vcpu); 338 336 339 337 u64 __kvm_call_hyp(void *hypfn, ...); 340 338 #define kvm_call_hyp(f, ...) __kvm_call_hyp(kvm_ksym_ref(f), ##__VA_ARGS__)

+4 -16

virt/kvm/arm/arm.c

··· 539 539 kvm_make_all_cpus_request(kvm, KVM_REQ_VCPU_EXIT); 540 540 } 541 541 542 - void kvm_arm_halt_vcpu(struct kvm_vcpu *vcpu) 543 - { 544 - vcpu->arch.pause = true; 545 - kvm_vcpu_kick(vcpu); 546 - } 547 - 548 - void kvm_arm_resume_vcpu(struct kvm_vcpu *vcpu) 549 - { 550 - struct swait_queue_head *wq = kvm_arch_vcpu_wq(vcpu); 551 - 552 - vcpu->arch.pause = false; 553 - swake_up(wq); 554 - } 555 - 556 542 void kvm_arm_resume_guest(struct kvm *kvm) 557 543 { 558 544 int i; 559 545 struct kvm_vcpu *vcpu; 560 546 561 - kvm_for_each_vcpu(i, vcpu, kvm) 562 - kvm_arm_resume_vcpu(vcpu); 547 + kvm_for_each_vcpu(i, vcpu, kvm) { 548 + vcpu->arch.pause = false; 549 + swake_up(kvm_arch_vcpu_wq(vcpu)); 550 + } 563 551 } 564 552 565 553 static void vcpu_sleep(struct kvm_vcpu *vcpu)

+10 -8

virt/kvm/arm/vgic/vgic-mmio.c

··· 231 231 * be migrated while we don't hold the IRQ locks and we don't want to be 232 232 * chasing moving targets. 233 233 * 234 - * For private interrupts, we only have to make sure the single and only VCPU 235 - * that can potentially queue the IRQ is stopped. 234 + * For private interrupts we don't have to do anything because userspace 235 + * accesses to the VGIC state already require all VCPUs to be stopped, and 236 + * only the VCPU itself can modify its private interrupts active state, which 237 + * guarantees that the VCPU is not running. 236 238 */ 237 239 static void vgic_change_active_prepare(struct kvm_vcpu *vcpu, u32 intid) 238 240 { 239 - if (intid < VGIC_NR_PRIVATE_IRQS) 240 - kvm_arm_halt_vcpu(vcpu); 241 - else 241 + if (intid > VGIC_NR_PRIVATE_IRQS) 242 242 kvm_arm_halt_guest(vcpu->kvm); 243 243 } 244 244 245 245 /* See vgic_change_active_prepare */ 246 246 static void vgic_change_active_finish(struct kvm_vcpu *vcpu, u32 intid) 247 247 { 248 - if (intid < VGIC_NR_PRIVATE_IRQS) 249 - kvm_arm_resume_vcpu(vcpu); 250 - else 248 + if (intid > VGIC_NR_PRIVATE_IRQS) 251 249 kvm_arm_resume_guest(vcpu->kvm); 252 250 } 253 251 ··· 269 271 { 270 272 u32 intid = VGIC_ADDR_TO_INTID(addr, 1); 271 273 274 + mutex_lock(&vcpu->kvm->lock); 272 275 vgic_change_active_prepare(vcpu, intid); 273 276 274 277 __vgic_mmio_write_cactive(vcpu, addr, len, val); 275 278 276 279 vgic_change_active_finish(vcpu, intid); 280 + mutex_unlock(&vcpu->kvm->lock); 277 281 } 278 282 279 283 void vgic_mmio_uaccess_write_cactive(struct kvm_vcpu *vcpu, ··· 305 305 { 306 306 u32 intid = VGIC_ADDR_TO_INTID(addr, 1); 307 307 308 + mutex_lock(&vcpu->kvm->lock); 308 309 vgic_change_active_prepare(vcpu, intid); 309 310 310 311 __vgic_mmio_write_sactive(vcpu, addr, len, val); 311 312 312 313 vgic_change_active_finish(vcpu, intid); 314 + mutex_unlock(&vcpu->kvm->lock); 313 315 } 314 316 315 317 void vgic_mmio_uaccess_write_sactive(struct kvm_vcpu *vcpu,

+6 -5

virt/kvm/arm/vgic/vgic.c

··· 35 35 36 36 /* 37 37 * Locking order is always: 38 - * its->cmd_lock (mutex) 39 - * its->its_lock (mutex) 40 - * vgic_cpu->ap_list_lock 41 - * kvm->lpi_list_lock 42 - * vgic_irq->irq_lock 38 + * kvm->lock (mutex) 39 + * its->cmd_lock (mutex) 40 + * its->its_lock (mutex) 41 + * vgic_cpu->ap_list_lock 42 + * kvm->lpi_list_lock 43 + * vgic_irq->irq_lock 43 44 * 44 45 * If you need to take multiple locks, always take the upper lock first, 45 46 * then the lower ones, e.g. first take the its_lock, then the irq_lock.