From: cdall@cs.columbia.edu (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 1/7] ARM: KVM: be more thorough when invalidating TLBs
Date: Mon, 27 May 2013 18:53:46 -0700 [thread overview]
Message-ID: <20130528015346.GA16071@ubuntu> (raw)
In-Reply-To: <1368529900-22572-2-git-send-email-marc.zyngier@arm.com>
On Tue, May 14, 2013 at 12:11:34PM +0100, Marc Zyngier wrote:
> The KVM/ARM MMU code doesn't take care of invalidating TLBs before
> freeing a {pte,pmd} table. This could cause problems if the page
> is reallocated and then speculated into by another CPU.
>
> Reported-by: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm/kvm/mmu.c | 41 ++++++++++++++++++++++++++---------------
> 1 file changed, 26 insertions(+), 15 deletions(-)
>
> diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
> index 9657065..84ba67b 100644
> --- a/arch/arm/kvm/mmu.c
> +++ b/arch/arm/kvm/mmu.c
> @@ -43,7 +43,14 @@ static phys_addr_t hyp_idmap_vector;
>
> static void kvm_tlb_flush_vmid_ipa(struct kvm *kvm, phys_addr_t ipa)
> {
> - kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, kvm, ipa);
> + /*
> + * This function also gets called when dealing with HYP page
> + * tables. As HYP doesn't have an associated struct kvm (and
> + * the HYP page tables are fairly static), we don't do
> + * anything there.
> + */
> + if (kvm)
> + kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, kvm, ipa);
> }
>
> static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
> @@ -78,18 +85,20 @@ static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc)
> return p;
> }
>
> -static void clear_pud_entry(pud_t *pud)
> +static void clear_pud_entry(struct kvm *kvm, pud_t *pud, phys_addr_t addr)
> {
> pmd_t *pmd_table = pmd_offset(pud, 0);
> pud_clear(pud);
> + kvm_tlb_flush_vmid_ipa(kvm, addr);
> pmd_free(NULL, pmd_table);
> put_page(virt_to_page(pud));
> }
>
> -static void clear_pmd_entry(pmd_t *pmd)
> +static void clear_pmd_entry(struct kvm *kvm, pmd_t *pmd, phys_addr_t addr)
> {
> pte_t *pte_table = pte_offset_kernel(pmd, 0);
> pmd_clear(pmd);
> + kvm_tlb_flush_vmid_ipa(kvm, addr);
> pte_free_kernel(NULL, pte_table);
> put_page(virt_to_page(pmd));
> }
> @@ -100,11 +109,12 @@ static bool pmd_empty(pmd_t *pmd)
> return page_count(pmd_page) == 1;
> }
>
> -static void clear_pte_entry(pte_t *pte)
> +static void clear_pte_entry(struct kvm *kvm, pte_t *pte, phys_addr_t addr)
> {
> if (pte_present(*pte)) {
> kvm_set_pte(pte, __pte(0));
> put_page(virt_to_page(pte));
> + kvm_tlb_flush_vmid_ipa(kvm, addr);
> }
> }
>
> @@ -114,7 +124,8 @@ static bool pte_empty(pte_t *pte)
> return page_count(pte_page) == 1;
> }
>
> -static void unmap_range(pgd_t *pgdp, unsigned long long start, u64 size)
> +static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
> + unsigned long long start, u64 size)
> {
> pgd_t *pgd;
> pud_t *pud;
> @@ -138,15 +149,15 @@ static void unmap_range(pgd_t *pgdp, unsigned long long start, u64 size)
> }
>
> pte = pte_offset_kernel(pmd, addr);
> - clear_pte_entry(pte);
> + clear_pte_entry(kvm, pte, addr);
> range = PAGE_SIZE;
>
> /* If we emptied the pte, walk back up the ladder */
> if (pte_empty(pte)) {
> - clear_pmd_entry(pmd);
> + clear_pmd_entry(kvm, pmd, addr);
> range = PMD_SIZE;
> if (pmd_empty(pmd)) {
> - clear_pud_entry(pud);
> + clear_pud_entry(kvm, pud, addr);
> range = PUD_SIZE;
> }
> }
> @@ -165,14 +176,14 @@ void free_boot_hyp_pgd(void)
> mutex_lock(&kvm_hyp_pgd_mutex);
>
> if (boot_hyp_pgd) {
> - unmap_range(boot_hyp_pgd, hyp_idmap_start, PAGE_SIZE);
> - unmap_range(boot_hyp_pgd, TRAMPOLINE_VA, PAGE_SIZE);
> + unmap_range(NULL, boot_hyp_pgd, hyp_idmap_start, PAGE_SIZE);
> + unmap_range(NULL, boot_hyp_pgd, TRAMPOLINE_VA, PAGE_SIZE);
> kfree(boot_hyp_pgd);
> boot_hyp_pgd = NULL;
> }
>
> if (hyp_pgd)
> - unmap_range(hyp_pgd, TRAMPOLINE_VA, PAGE_SIZE);
> + unmap_range(NULL, hyp_pgd, TRAMPOLINE_VA, PAGE_SIZE);
>
> kfree(init_bounce_page);
> init_bounce_page = NULL;
> @@ -200,9 +211,10 @@ void free_hyp_pgds(void)
>
> if (hyp_pgd) {
> for (addr = PAGE_OFFSET; virt_addr_valid(addr); addr += PGDIR_SIZE)
> - unmap_range(hyp_pgd, KERN_TO_HYP(addr), PGDIR_SIZE);
> + unmap_range(NULL, hyp_pgd, KERN_TO_HYP(addr), PGDIR_SIZE);
> for (addr = VMALLOC_START; is_vmalloc_addr((void*)addr); addr += PGDIR_SIZE)
> - unmap_range(hyp_pgd, KERN_TO_HYP(addr), PGDIR_SIZE);
> + unmap_range(NULL, hyp_pgd, KERN_TO_HYP(addr), PGDIR_SIZE);
> +
> kfree(hyp_pgd);
> hyp_pgd = NULL;
> }
> @@ -393,7 +405,7 @@ int kvm_alloc_stage2_pgd(struct kvm *kvm)
> */
> static void unmap_stage2_range(struct kvm *kvm, phys_addr_t start, u64 size)
> {
> - unmap_range(kvm->arch.pgd, start, size);
> + unmap_range(kvm, kvm->arch.pgd, start, size);
> }
>
> /**
> @@ -675,7 +687,6 @@ static void handle_hva_to_gpa(struct kvm *kvm,
> static void kvm_unmap_hva_handler(struct kvm *kvm, gpa_t gpa, void *data)
> {
> unmap_stage2_range(kvm, gpa, PAGE_SIZE);
> - kvm_tlb_flush_vmid_ipa(kvm, gpa);
> }
>
> int kvm_unmap_hva(struct kvm *kvm, unsigned long hva)
> --
> 1.8.2.3
>
>
I think this could optimized by rewriting the handle_hva_to_gpa function
to use unmap_stage2_range for an actual range, but that funciton should
be rewritten to be generic for KVM anyhow. I'll add it to my todo list.
I'll apply this patch and send it further upstream for an -rc release.
Thanks,
-Chritoffer
next prev parent reply other threads:[~2013-05-28 1:53 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-14 11:11 [PATCH v3 0/7] ARM: KVM: various mmu related fixes for 3.10 Marc Zyngier
2013-05-14 11:11 ` [PATCH v3 1/7] ARM: KVM: be more thorough when invalidating TLBs Marc Zyngier
2013-05-28 1:53 ` Christoffer Dall [this message]
2013-05-14 11:11 ` [PATCH v3 2/7] ARM: KVM: remove dead prototype for __kvm_tlb_flush_vmid Marc Zyngier
2013-05-28 1:54 ` Christoffer Dall
2013-05-14 11:11 ` [PATCH v3 3/7] ARM: KVM: relax cache maintainance when building page tables Marc Zyngier
2013-05-14 13:05 ` Will Deacon
2013-05-28 2:10 ` Christoffer Dall
2013-05-14 11:11 ` [PATCH v3 4/7] ARM: KVM: use phys_addr_t instead of unsigned long long for HYP PGDs Marc Zyngier
2013-05-28 2:11 ` Christoffer Dall
2013-05-14 11:11 ` [PATCH v3 5/7] ARM: KVM: don't special case PC when doing an MMIO Marc Zyngier
2013-05-28 2:11 ` Christoffer Dall
2013-05-14 11:11 ` [PATCH v3 6/7] ARM: KVM: get rid of S2_PGD_SIZE Marc Zyngier
2013-05-28 2:12 ` Christoffer Dall
2013-05-28 2:15 ` Christoffer Dall
2013-05-14 11:11 ` [PATCH v3 7/7] ARM: KVM: drop use of PAGE_S2_DEVICE Marc Zyngier
2013-05-27 20:01 ` Christoffer Dall
2013-05-28 10:11 ` Marc Zyngier
2013-05-28 14:16 ` Christoffer Dall
2013-05-28 14:25 ` Marc Zyngier
2013-05-28 14:29 ` Christoffer Dall
2013-05-21 16:07 ` [PATCH v3 0/7] ARM: KVM: various mmu related fixes for 3.10 Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130528015346.GA16071@ubuntu \
--to=cdall@cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).