Commit d0111516 authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

Merge branch 'kvm-x86-mmu-6.6' into HEAD 

KVM x86 MMU changes for 6.6:

 - Rip out the ancient MMU_DEBUG crud and replace the useful bits with
   CONFIG_KVM_PROVE_MMU

 - Overhaul KVM's page-track APIs, and KVMGT's usage, to reduce the API surface
   that is needed by external users (currently only KVMGT), and fix a variety
   of issues in the process

 - Fix KVM's handling of !visible guest roots to avoid premature triple fault
   injection by loading a dummy root backed by the zero page
parents 6d5e3c31 d10f3780

arch/x86/include/asm/kvm_host.h

+8 −8
Original line number Diff line number Diff line
@@ -288,13 +288,13 @@ struct kvm_kernel_irq_routing_entry; 
 * kvm_mmu_page_role tracks the properties of a shadow page (where shadow page

 * also includes TDP pages) to determine whether or not a page can be used in

 * the given MMU context.  This is a subset of the overall kvm_cpu_role to

 * minimize the size of kvm_memory_slot.arch.gfn_track, i.e. allows allocating

 * 2 bytes per gfn instead of 4 bytes per gfn.

 * minimize the size of kvm_memory_slot.arch.gfn_write_track, i.e. allows

 * allocating 2 bytes per gfn instead of 4 bytes per gfn.

 *

 * Upper-level shadow pages having gptes are tracked for write-protection via

 * gfn_track.  As above, gfn_track is a 16 bit counter, so KVM must not create

 * more than 2^16-1 upper-level shadow pages at a single gfn, otherwise

 * gfn_track will overflow and explosions will ensure.

 * gfn_write_track.  As above, gfn_write_track is a 16 bit counter, so KVM must

 * not create more than 2^16-1 upper-level shadow pages at a single gfn,

 * otherwise gfn_write_track will overflow and explosions will ensue.

 *

 * A unique shadow page (SP) for a gfn is created if and only if an existing SP

 * cannot be reused.  The ability to reuse a SP is tracked by its role, which
@@ -1023,7 +1023,7 @@ struct kvm_lpage_info { 
struct kvm_arch_memory_slot {

	struct kvm_rmap_head *rmap[KVM_NR_PAGE_SIZES];

	struct kvm_lpage_info *lpage_info[KVM_NR_PAGE_SIZES - 1];

	unsigned short *gfn_track[KVM_PAGE_TRACK_MAX];

	unsigned short *gfn_write_track;

};



/*
@@ -1265,8 +1265,9 @@ struct kvm_arch { 
	 * create an NX huge page (without hanging the guest).

	 */

	struct list_head possible_nx_huge_pages;

	struct kvm_page_track_notifier_node mmu_sp_tracker;

#ifdef CONFIG_KVM_EXTERNAL_WRITE_TRACKING

	struct kvm_page_track_notifier_head track_notifier_head;

#endif

	/*

	 * Protects marking pages unsync during page faults, as TDP MMU page

	 * faults only take mmu_lock for read.  For simplicity, the unsync
@@ -1853,7 +1854,6 @@ void kvm_mmu_zap_collapsible_sptes(struct kvm *kvm, 
				   const struct kvm_memory_slot *memslot);

void kvm_mmu_slot_leaf_clear_dirty(struct kvm *kvm,

				   const struct kvm_memory_slot *memslot);

void kvm_mmu_zap_all(struct kvm *kvm);

void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm, u64 gen);

void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned long kvm_nr_mmu_pages);

arch/x86/include/asm/kvm_page_track.h

+25 −42
Original line number Diff line number Diff line
@@ -2,11 +2,9 @@ 
#ifndef _ASM_X86_KVM_PAGE_TRACK_H

#define _ASM_X86_KVM_PAGE_TRACK_H



enum kvm_page_track_mode {

	KVM_PAGE_TRACK_WRITE,

	KVM_PAGE_TRACK_MAX,

};

#include <linux/kvm_types.h>



#ifdef CONFIG_KVM_EXTERNAL_WRITE_TRACKING

/*

 * The notifier represented by @kvm_page_track_notifier_node is linked into

 * the head which will be notified when guest is triggering the track event.
@@ -26,54 +24,39 @@ struct kvm_page_track_notifier_node { 
	 * It is called when guest is writing the write-tracked page

	 * and write emulation is finished at that time.

	 *

	 * @vcpu: the vcpu where the write access happened.

	 * @gpa: the physical address written by guest.

	 * @new: the data was written to the address.

	 * @bytes: the written length.

	 * @node: this node

	 */

	void (*track_write)(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,

			    int bytes, struct kvm_page_track_notifier_node *node);

	void (*track_write)(gpa_t gpa, const u8 *new, int bytes,

			    struct kvm_page_track_notifier_node *node);



	/*

	 * It is called when memory slot is being moved or removed

	 * users can drop write-protection for the pages in that memory slot

	 * Invoked when a memory region is removed from the guest.  Or in KVM

	 * terms, when a memslot is deleted.

	 *

	 * @kvm: the kvm where memory slot being moved or removed

	 * @slot: the memory slot being moved or removed

	 * @gfn:       base gfn of the region being removed

	 * @nr_pages:  number of pages in the to-be-removed region

	 * @node:      this node

	 */

	void (*track_flush_slot)(struct kvm *kvm, struct kvm_memory_slot *slot,

	void (*track_remove_region)(gfn_t gfn, unsigned long nr_pages,

				    struct kvm_page_track_notifier_node *node);

};



int kvm_page_track_init(struct kvm *kvm);

void kvm_page_track_cleanup(struct kvm *kvm);



bool kvm_page_track_write_tracking_enabled(struct kvm *kvm);

int kvm_page_track_write_tracking_alloc(struct kvm_memory_slot *slot);



void kvm_page_track_free_memslot(struct kvm_memory_slot *slot);

int kvm_page_track_create_memslot(struct kvm *kvm,

				  struct kvm_memory_slot *slot,

				  unsigned long npages);



void kvm_slot_page_track_add_page(struct kvm *kvm,

				  struct kvm_memory_slot *slot, gfn_t gfn,

				  enum kvm_page_track_mode mode);

void kvm_slot_page_track_remove_page(struct kvm *kvm,

				     struct kvm_memory_slot *slot, gfn_t gfn,

				     enum kvm_page_track_mode mode);

bool kvm_slot_page_track_is_active(struct kvm *kvm,

				   const struct kvm_memory_slot *slot,

				   gfn_t gfn, enum kvm_page_track_mode mode);



void

kvm_page_track_register_notifier(struct kvm *kvm,

int kvm_page_track_register_notifier(struct kvm *kvm,

				     struct kvm_page_track_notifier_node *n);

void

kvm_page_track_unregister_notifier(struct kvm *kvm,

void kvm_page_track_unregister_notifier(struct kvm *kvm,

					struct kvm_page_track_notifier_node *n);

void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,

			  int bytes);

void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot);



int kvm_write_track_add_gfn(struct kvm *kvm, gfn_t gfn);

int kvm_write_track_remove_gfn(struct kvm *kvm, gfn_t gfn);

#else

/*

 * Allow defining a node in a structure even if page tracking is disabled, e.g.

 * to play nice with testing headers via direct inclusion from the command line.

 */

struct kvm_page_track_notifier_node {};

#endif /* CONFIG_KVM_EXTERNAL_WRITE_TRACKING */



#endif

arch/x86/kvm/Kconfig

+13 −0
Original line number Diff line number Diff line
@@ -138,6 +138,19 @@ config KVM_XEN 


	  If in doubt, say "N".



config KVM_PROVE_MMU

	bool "Prove KVM MMU correctness"

	depends on DEBUG_KERNEL

	depends on KVM

	depends on EXPERT

	help

	  Enables runtime assertions in KVM's MMU that are too costly to enable

	  in anything remotely resembling a production environment, e.g. this

	  gates code that verifies a to-be-freed page table doesn't have any

	  present SPTEs.



	  If in doubt, say "N".



config KVM_EXTERNAL_WRITE_TRACKING

	bool

arch/x86/kvm/mmu.h

+2 −0
Original line number Diff line number Diff line
@@ -121,6 +121,8 @@ void kvm_mmu_unload(struct kvm_vcpu *vcpu); 
void kvm_mmu_free_obsolete_roots(struct kvm_vcpu *vcpu);

void kvm_mmu_sync_roots(struct kvm_vcpu *vcpu);

void kvm_mmu_sync_prev_roots(struct kvm_vcpu *vcpu);

void kvm_mmu_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,

			 int bytes);



static inline int kvm_mmu_reload(struct kvm_vcpu *vcpu)

{

arch/x86/kvm/mmu/mmu.c

+150 −169

File changed.

Preview size limit exceeded, changes collapsed.