Merge tag 'kvm-x86-generic-6.5' of https://github.com/kvm-x86/linux into HEAD

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Common KVM changes for 6.5:

- Fix unprotected vcpu->pid dereference via debugfs

- Fix KVM_BUG() and KVM_BUG_ON() macros with 64-bit conditionals

- Refactor failure path in kvm_io_bus_unregister_dev() to simplify the code

- Misc cleanups

Paolo Bonzini 2 years ago d74669eb cc744042

+28 -31

6 changed files

expand all

include

kvm

iodev.h

linux

kvm_host.h

uapi

linux

kvm.h

virt

kvm

coalesced_mmio.c

eventfd.c

kvm_main.c

-6

include/kvm/iodev.h

··· 55 55 : -EOPNOTSUPP; 56 56 } 57 57 58 - static inline void kvm_iodevice_destructor(struct kvm_io_device *dev) 59 - { 60 - if (dev->ops->destructor) 61 - dev->ops->destructor(dev); 62 - } 63 - 64 58 #endif /* __KVM_IODEV_H__ */

+2 -2

include/linux/kvm_host.h

··· 849 849 850 850 #define KVM_BUG(cond, kvm, fmt...) \ 851 851 ({ \ 852 - int __ret = (cond); \ 852 + bool __ret = !!(cond); \ 853 853 \ 854 854 if (WARN_ONCE(__ret && !(kvm)->vm_bugged, fmt)) \ 855 855 kvm_vm_bugged(kvm); \ ··· 858 858 859 859 #define KVM_BUG_ON(cond, kvm) \ 860 860 ({ \ 861 - int __ret = (cond); \ 861 + bool __ret = !!(cond); \ 862 862 \ 863 863 if (WARN_ON_ONCE(__ret && !(kvm)->vm_bugged)) \ 864 864 kvm_vm_bugged(kvm); \

+1 -1

include/uapi/linux/kvm.h

··· 1617 1617 #define KVM_GET_DEBUGREGS _IOR(KVMIO, 0xa1, struct kvm_debugregs) 1618 1618 #define KVM_SET_DEBUGREGS _IOW(KVMIO, 0xa2, struct kvm_debugregs) 1619 1619 /* 1620 - * vcpu version available with KVM_ENABLE_CAP 1620 + * vcpu version available with KVM_CAP_ENABLE_CAP 1621 1621 * vm version available with KVM_CAP_ENABLE_CAP_VM 1622 1622 */ 1623 1623 #define KVM_ENABLE_CAP _IOW(KVMIO, 0xa3, struct kvm_enable_cap)

+2 -7

virt/kvm/coalesced_mmio.c

··· 186 186 coalesced_mmio_in_range(dev, zone->addr, zone->size)) { 187 187 r = kvm_io_bus_unregister_dev(kvm, 188 188 zone->pio ? KVM_PIO_BUS : KVM_MMIO_BUS, &dev->dev); 189 - 190 - kvm_iodevice_destructor(&dev->dev); 191 - 192 189 /* 193 190 * On failure, unregister destroys all devices on the 194 - * bus _except_ the target device, i.e. coalesced_zones 195 - * has been modified. Bail after destroying the target 196 - * device, there's no need to restart the walk as there 197 - * aren't any zones left. 191 + * bus, including the target device. There's no need 192 + * to restart the walk as there aren't any zones left. 198 193 */ 199 194 if (r) 200 195 break;

+3 -5

virt/kvm/eventfd.c

··· 889 889 890 890 unlock_fail: 891 891 mutex_unlock(&kvm->slots_lock); 892 + kfree(p); 892 893 893 894 fail: 894 - kfree(p); 895 895 eventfd_ctx_put(eventfd); 896 896 897 897 return ret; ··· 901 901 kvm_deassign_ioeventfd_idx(struct kvm *kvm, enum kvm_bus bus_idx, 902 902 struct kvm_ioeventfd *args) 903 903 { 904 - struct _ioeventfd *p, *tmp; 904 + struct _ioeventfd *p; 905 905 struct eventfd_ctx *eventfd; 906 906 struct kvm_io_bus *bus; 907 907 int ret = -ENOENT; ··· 915 915 916 916 mutex_lock(&kvm->slots_lock); 917 917 918 - list_for_each_entry_safe(p, tmp, &kvm->ioeventfds, list) { 919 - 918 + list_for_each_entry(p, &kvm->ioeventfds, list) { 920 919 if (p->bus_idx != bus_idx || 921 920 p->eventfd != eventfd || 922 921 p->addr != args->addr || ··· 930 931 bus = kvm_get_bus(kvm, bus_idx); 931 932 if (bus) 932 933 bus->ioeventfd_count--; 933 - ioeventfd_release(p); 934 934 ret = 0; 935 935 break; 936 936 }

+20 -10

virt/kvm/kvm_main.c

··· 3888 3888 static int vcpu_get_pid(void *data, u64 *val) 3889 3889 { 3890 3890 struct kvm_vcpu *vcpu = data; 3891 - *val = pid_nr(rcu_access_pointer(vcpu->pid)); 3891 + 3892 + rcu_read_lock(); 3893 + *val = pid_nr(rcu_dereference(vcpu->pid)); 3894 + rcu_read_unlock(); 3892 3895 return 0; 3893 3896 } 3894 3897 ··· 3993 3990 if (r < 0) 3994 3991 goto kvm_put_xa_release; 3995 3992 3996 - if (KVM_BUG_ON(!!xa_store(&kvm->vcpu_array, vcpu->vcpu_idx, vcpu, 0), kvm)) { 3993 + if (KVM_BUG_ON(xa_store(&kvm->vcpu_array, vcpu->vcpu_idx, vcpu, 0), kvm)) { 3997 3994 r = -EINVAL; 3998 3995 goto kvm_put_xa_release; 3999 3996 } ··· 5316 5313 } 5317 5314 #endif /* CONFIG_KVM_GENERIC_HARDWARE_ENABLING */ 5318 5315 5316 + static void kvm_iodevice_destructor(struct kvm_io_device *dev) 5317 + { 5318 + if (dev->ops->destructor) 5319 + dev->ops->destructor(dev); 5320 + } 5321 + 5319 5322 static void kvm_io_bus_destroy(struct kvm_io_bus *bus) 5320 5323 { 5321 5324 int i; ··· 5545 5536 int kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx, 5546 5537 struct kvm_io_device *dev) 5547 5538 { 5548 - int i, j; 5539 + int i; 5549 5540 struct kvm_io_bus *new_bus, *bus; 5550 5541 5551 5542 lockdep_assert_held(&kvm->slots_lock); ··· 5575 5566 rcu_assign_pointer(kvm->buses[bus_idx], new_bus); 5576 5567 synchronize_srcu_expedited(&kvm->srcu); 5577 5568 5578 - /* Destroy the old bus _after_ installing the (null) bus. */ 5569 + /* 5570 + * If NULL bus is installed, destroy the old bus, including all the 5571 + * attached devices. Otherwise, destroy the caller's device only. 5572 + */ 5579 5573 if (!new_bus) { 5580 5574 pr_err("kvm: failed to shrink bus, removing it completely\n"); 5581 - for (j = 0; j < bus->dev_count; j++) { 5582 - if (j == i) 5583 - continue; 5584 - kvm_iodevice_destructor(bus->range[j].dev); 5585 - } 5575 + kvm_io_bus_destroy(bus); 5576 + return -ENOMEM; 5586 5577 } 5587 5578 5579 + kvm_iodevice_destructor(dev); 5588 5580 kfree(bus); 5589 - return new_bus ? 0 : -ENOMEM; 5581 + return 0; 5590 5582 } 5591 5583 5592 5584 struct kvm_io_device *kvm_io_bus_get_dev(struct kvm *kvm, enum kvm_bus bus_idx,