From: Sasha Levin <sasha.levin@oracle.com>
To: stable@vger.kernel.org, stable-commits@vger.kernel.org
Cc: Marc Zyngier <marc.zyngier@arm.com>,
Christoffer Dall <christoffer.dall@linaro.org>,
Shannon Zhao <shannon.zhao@linaro.org>,
Sasha Levin <sasha.levin@oracle.com>
Subject: [added to the 3.18 stable tree] arm/arm64: KVM: Use kernel mapping to perform invalidation on page fault
Date: Mon, 11 May 2015 07:16:39 -0400 [thread overview]
Message-ID: <1431343152-19437-18-git-send-email-sasha.levin@oracle.com> (raw)
In-Reply-To: <1431343152-19437-1-git-send-email-sasha.levin@oracle.com>
From: Marc Zyngier <marc.zyngier@arm.com>
commit 0d3e4d4fade6b04e933b11e69e80044f35e9cd60 upstream.
When handling a fault in stage-2, we need to resync I$ and D$, just
to be sure we don't leave any old cache line behind.
That's very good, except that we do so using the *user* address.
Under heavy load (swapping like crazy), we may end up in a situation
where the page gets mapped in stage-2 while being unmapped from
userspace by another CPU.
At that point, the DC/IC instructions can generate a fault, which
we handle with kvm->mmu_lock held. The box quickly deadlocks, user
is unhappy.
Instead, perform this invalidation through the kernel mapping,
which is guaranteed to be present. The box is much happier, and so
am I.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
arch/arm/include/asm/kvm_mmu.h | 43 +++++++++++++++++++++++++++++++---------
arch/arm/kvm/mmu.c | 12 +++++++----
arch/arm64/include/asm/kvm_mmu.h | 13 +++++++-----
3 files changed, 50 insertions(+), 18 deletions(-)
diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
index 2f78e22..f95c124 100644
--- a/arch/arm/include/asm/kvm_mmu.h
+++ b/arch/arm/include/asm/kvm_mmu.h
@@ -162,13 +162,10 @@ static inline bool vcpu_has_cache_enabled(struct kvm_vcpu *vcpu)
return (vcpu->arch.cp15[c1_SCTLR] & 0b101) == 0b101;
}
-static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
- unsigned long size,
- bool ipa_uncached)
+static inline void __coherent_cache_guest_page(struct kvm_vcpu *vcpu, pfn_t pfn,
+ unsigned long size,
+ bool ipa_uncached)
{
- if (!vcpu_has_cache_enabled(vcpu) || ipa_uncached)
- kvm_flush_dcache_to_poc((void *)hva, size);
-
/*
* If we are going to insert an instruction page and the icache is
* either VIPT or PIPT, there is a potential problem where the host
@@ -180,10 +177,38 @@ static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
*
* VIVT caches are tagged using both the ASID and the VMID and doesn't
* need any kind of flushing (DDI 0406C.b - Page B3-1392).
+ *
+ * We need to do this through a kernel mapping (using the
+ * user-space mapping has proved to be the wrong
+ * solution). For that, we need to kmap one page at a time,
+ * and iterate over the range.
*/
- if (icache_is_pipt()) {
- __cpuc_coherent_user_range(hva, hva + size);
- } else if (!icache_is_vivt_asid_tagged()) {
+
+ bool need_flush = !vcpu_has_cache_enabled(vcpu) || ipa_uncached;
+
+ VM_BUG_ON(size & PAGE_MASK);
+
+ if (!need_flush && !icache_is_pipt())
+ goto vipt_cache;
+
+ while (size) {
+ void *va = kmap_atomic_pfn(pfn);
+
+ if (need_flush)
+ kvm_flush_dcache_to_poc(va, PAGE_SIZE);
+
+ if (icache_is_pipt())
+ __cpuc_coherent_user_range((unsigned long)va,
+ (unsigned long)va + PAGE_SIZE);
+
+ size -= PAGE_SIZE;
+ pfn++;
+
+ kunmap_atomic(va);
+ }
+
+vipt_cache:
+ if (!icache_is_pipt() && !icache_is_vivt_asid_tagged()) {
/* any kind of VIPT cache */
__flush_icache_all();
}
diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
index 8c66163..d78fcd8 100644
--- a/arch/arm/kvm/mmu.c
+++ b/arch/arm/kvm/mmu.c
@@ -957,6 +957,12 @@ static bool kvm_is_device_pfn(unsigned long pfn)
return !pfn_valid(pfn);
}
+static void coherent_cache_guest_page(struct kvm_vcpu *vcpu, pfn_t pfn,
+ unsigned long size, bool uncached)
+{
+ __coherent_cache_guest_page(vcpu, pfn, size, uncached);
+}
+
static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
struct kvm_memory_slot *memslot, unsigned long hva,
unsigned long fault_status)
@@ -1046,8 +1052,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
kvm_set_s2pmd_writable(&new_pmd);
kvm_set_pfn_dirty(pfn);
}
- coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE,
- fault_ipa_uncached);
+ coherent_cache_guest_page(vcpu, pfn, PMD_SIZE, fault_ipa_uncached);
ret = stage2_set_pmd_huge(kvm, memcache, fault_ipa, &new_pmd);
} else {
pte_t new_pte = pfn_pte(pfn, mem_type);
@@ -1055,8 +1060,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
kvm_set_s2pte_writable(&new_pte);
kvm_set_pfn_dirty(pfn);
}
- coherent_cache_guest_page(vcpu, hva, PAGE_SIZE,
- fault_ipa_uncached);
+ coherent_cache_guest_page(vcpu, pfn, PAGE_SIZE, fault_ipa_uncached);
ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte,
pgprot_val(mem_type) == pgprot_val(PAGE_S2_DEVICE));
}
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index ea1bca2..4788440 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -243,15 +243,18 @@ static inline bool vcpu_has_cache_enabled(struct kvm_vcpu *vcpu)
return (vcpu_sys_reg(vcpu, SCTLR_EL1) & 0b101) == 0b101;
}
-static inline void coherent_cache_guest_page(struct kvm_vcpu *vcpu, hva_t hva,
- unsigned long size,
- bool ipa_uncached)
+static inline void __coherent_cache_guest_page(struct kvm_vcpu *vcpu, pfn_t pfn,
+ unsigned long size,
+ bool ipa_uncached)
{
+ void *va = page_address(pfn_to_page(pfn));
+
if (!vcpu_has_cache_enabled(vcpu) || ipa_uncached)
- kvm_flush_dcache_to_poc((void *)hva, size);
+ kvm_flush_dcache_to_poc(va, size);
if (!icache_is_aliasing()) { /* PIPT */
- flush_icache_range(hva, hva + size);
+ flush_icache_range((unsigned long)va,
+ (unsigned long)va + size);
} else if (!icache_is_aivivt()) { /* non ASID-tagged VIVT */
/* any kind of VIPT cache */
__flush_icache_all();
--
2.1.0
next prev parent reply other threads:[~2015-05-11 11:19 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-11 11:16 [added to the 3.18 stable tree] kvm: add a memslot flag for incoherent memory regions Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm, arm64: KVM: allow forced dcache flush on page faults Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm, arm64: KVM: handle potential incoherency of readonly memslots Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Don't clear the VCPU_POWER_OFF flag Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Correct KVM_ARM_VCPU_INIT power off option Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Reset the HCR on each vcpu when resetting the vcpu Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Turn off vcpus on PSCI shutdown/reboot Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Introduce stage2_unmap_vm Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: vgic: move reset initialization into vgic_init_maps() Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Don't allow creating VCPUs after vgic_initialized Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: vgic: kick the specific vcpu instead of iterating through all Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Initialize the vgic on-demand when injecting IRQs Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Require in-kernel vgic for the arch timers Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] KVM: arm/arm64: vgic: vgic_init returns -ENODEV when no online vcpu Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm64: KVM: Fix TLB invalidation by IPA/VMID Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm64: KVM: Fix HCR setting for 32bit guests Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Invalidate data cache on unmap Sasha Levin
2015-05-11 11:16 ` Sasha Levin [this message]
2015-05-11 11:16 ` [added to the 3.18 stable tree] ARM: KVM: Fix size check in __coherent_cache_guest_page Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm64: KVM: Do not use pgd_index to index stage-2 pgd Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] arm/arm64: KVM: Keep elrsr/aisr in sync with software model Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] mlx4: Fix tx ring affinity_mask creation Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] net/mlx4_en: Schedule napi when RX buffers allocation fails Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] ipv4: Missing sk_nulls_node_init() in ping_unhash() Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] ip_forward: Drop frames with attached skb->sk Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] net: add skb_checksum_complete_unset Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] ppp: call skb_checksum_complete_unset in ppp_receive_frame Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] tcp: fix possible deadlock in tcp_send_fin() Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] tcp: avoid looping " Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] net: do not deplete pfmemalloc reserve Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] net: fix crash in build_skb() Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] x86/asm/decoder: Fix and enforce max instruction size in the insn decoder Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve power savings and to improve performance Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] sched/idle/x86: Optimize unnecessary mwait_idle() resched IPIs Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] Btrfs: fix log tree corruption when fs mounted with -o discard Sasha Levin
2015-05-11 11:16 ` [added to the 3.18 stable tree] btrfs: don't accept bare namespace as a valid xattr Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] Btrfs: fix inode eviction infinite loop after cloning into it Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] Btrfs: fix inode eviction infinite loop after extent_same ioctl Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: gadget: printer: enqueue printer's response for setup request Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] KVM: s390: fix handling of write errors in the tpi handler Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] KVM: s390: reinjection of irqs can fail " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] KVM: s390: Zero out current VMDB of STSI before including level3 data Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] KVM: s390: no need to hold the kvm->mutex for floating interrupts Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] KVM: s390: fix get_all_floating_irqs Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] s390/hibernate: fix save and restore of kernel text section Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] KVM: use slowpath for cross page cached accesses Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] KVM: arm/arm64: check IRQ number on userland injection Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] MIPS: KVM: Handle MSA Disabled exceptions from guest Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] MIPS: lose_fpu(): Disable FPU when MSA enabled Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] MIPS: Malta: Detect and fix bad memsize values Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] MIPS: asm: asm-eva: Introduce kernel load/store variants Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] MIPS: Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] MIPS: Hibernate: flush TLB entries earlier Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] staging: panel: fix lcd type Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] staging: android: sync: Fix memory corruption in sync_timeline_signal() Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] md/raid0: fix bug with chunksize not a power of 2 Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] cdc-wdm: fix endianness bug in debug statements Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] mmc: sunxi: Use devm_reset_control_get_optional() for reset control Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] spi: imx: read back the RX/TX watermark levels earlier Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] spi: spidev: fix possible arithmetic overflow for multi-transfer message Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] compal-laptop: Fix leaking hwmon device Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] compal-laptop: Check return value of power_supply_register Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ring-buffer: Replace this_cpu_*() with __this_cpu_*() Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] power_supply: twl4030_madc: Check return value of power_supply_register Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] power_supply: lp8788-charger: Fix leaked power supply on probe fail Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] power_supply: ipaq_micro_battery: Fix leaking workqueue Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] power_supply: ipaq_micro_battery: Check return values in probe Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] NFS: fix BUG() crash in notify_change() with patch to chown_common() Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ARM: fix broken hibernation Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ARM: mvebu: Disable CPU Idle on Armada 38x Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ARM: dts: dove: Fix uart[23] reg property Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: musb: core: fix TX/RX endpoint order Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: phy: Find the right match in devm_usb_phy_match Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: define a generic USB_RESUME_TIMEOUT macro Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: musb: use new USB_RESUME_TIMEOUT Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: oxu210hp: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: fusbh200: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: uhci: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: fotg210: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: r8a66597: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: isp116x: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: xhci: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: ehci: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: host: sl811: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] usb: core: hub: " Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] clk: at91: usb: propagate rate modification to the parent clk Sasha Levin
2015-05-15 7:16 ` Boris Brezillon
2015-05-16 0:11 ` Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ALSA: emu10k1: don't deadlock in proc-functions Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ALSA: hda - fix "num_steps = 0" error on ALC256 Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ALSA: hda/realtek - Fix Headphone Mic doesn't recording for ALC256 Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] Input: elantech - fix absolute mode setting on some ASUS laptops Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] fs/binfmt_elf.c: fix bug in loading of PIE binaries Sasha Levin
2015-05-11 11:17 ` [added to the 3.18 stable tree] ptrace: fix race between ptrace_resume() and wait_task_stopped() Sasha Levin
2015-05-11 11:18 ` [added to the 3.18 stable tree] NFC: st21nfcb: Retry i2c_master_send if it returns a negative value Sasha Levin
2015-05-11 11:18 ` [added to the 3.18 stable tree] rtlwifi: rtl8192cu: Add new USB ID Sasha Levin
2015-05-11 11:18 ` [added to the 3.18 stable tree] rtlwifi: rtl8192cu: Add new device ID Sasha Levin
2015-05-11 11:18 ` [added to the 3.18 stable tree] ext4: make fsync to sync parent dir in no-journal for real this time Sasha Levin
2015-05-11 11:18 ` [added to the 3.18 stable tree] mnt: Improve the umount_tree flags Sasha Levin
2015-05-11 11:18 ` [added to the 3.18 stable tree] mnt: Don't propagate umounts in __detach_mounts Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1431343152-19437-18-git-send-email-sasha.levin@oracle.com \
--to=sasha.levin@oracle.com \
--cc=christoffer.dall@linaro.org \
--cc=marc.zyngier@arm.com \
--cc=shannon.zhao@linaro.org \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox