KVM: x86/mmu: Plumb "struct kvm" all the way to pte_list_remove()

mzhang3579 · bonzini · commit 069f30c61979 · 2023-08-31T13:48:49.000-04:00
Plumb "struct kvm" all the way to pte_list_remove() to allow the usage of KVM_BUG() and/or KVM_BUG_ON(). This will allow killing only the offending VM instead of doing BUG() if the kernel is built with CONFIG_BUG_ON_DATA_CORRUPTION=n, i.e. does NOT want to BUG() if KVM's data structures (rmaps) appear to be corrupted. Signed-off-by: Mingwei Zhang <mizhang@google.com> [sean: tweak changelog] Link: https://lore.kernel.org/r/20230729004722.1056172-12-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
@@ -961,7 +961,8 @@ static int pte_list_add(struct kvm_mmu_memory_cache *cache, u64 *spte,
 	return count;
 }
 
-static void pte_list_desc_remove_entry(struct kvm_rmap_head *rmap_head,
+static void pte_list_desc_remove_entry(struct kvm *kvm,
+				       struct kvm_rmap_head *rmap_head,
 				       struct pte_list_desc *desc, int i)
 {
 	struct pte_list_desc *head_desc = (struct pte_list_desc *)(rmap_head->val & ~1ul);
@@ -997,7 +998,8 @@ static void pte_list_desc_remove_entry(struct kvm_rmap_head *rmap_head,
 	mmu_free_pte_list_desc(head_desc);
 }
 
-static void pte_list_remove(u64 *spte, struct kvm_rmap_head *rmap_head)
+static void pte_list_remove(struct kvm *kvm, u64 *spte,
+			    struct kvm_rmap_head *rmap_head)
 {
 	struct pte_list_desc *desc;
 	int i;
@@ -1016,7 +1018,8 @@ static void pte_list_remove(u64 *spte, struct kvm_rmap_head *rmap_head)
 		while (desc) {
 			for (i = 0; i < desc->spte_count; ++i) {
 				if (desc->sptes[i] == spte) {
-					pte_list_desc_remove_entry(rmap_head, desc, i);
+					pte_list_desc_remove_entry(kvm, rmap_head,
+								   desc, i);
 					return;
 				}
 			}
@@ -1031,7 +1034,7 @@ static void kvm_zap_one_rmap_spte(struct kvm *kvm,
 				  struct kvm_rmap_head *rmap_head, u64 *sptep)
 {
 	mmu_spte_clear_track_bits(kvm, sptep);
-	pte_list_remove(sptep, rmap_head);
+	pte_list_remove(kvm, sptep, rmap_head);
 }
 
 /* Return true if at least one SPTE was zapped, false otherwise */
@@ -1106,7 +1109,7 @@ static void rmap_remove(struct kvm *kvm, u64 *spte)
 	slot = __gfn_to_memslot(slots, gfn);
 	rmap_head = gfn_to_rmap(gfn, sp->role.level, slot);
 
-	pte_list_remove(spte, rmap_head);
+	pte_list_remove(kvm, spte, rmap_head);
 }
 
 /*
@@ -1753,16 +1756,16 @@ static void mmu_page_add_parent_pte(struct kvm_mmu_memory_cache *cache,
 	pte_list_add(cache, parent_pte, &sp->parent_ptes);
 }
 
-static void mmu_page_remove_parent_pte(struct kvm_mmu_page *sp,
+static void mmu_page_remove_parent_pte(struct kvm *kvm, struct kvm_mmu_page *sp,
 				       u64 *parent_pte)
 {
-	pte_list_remove(parent_pte, &sp->parent_ptes);
+	pte_list_remove(kvm, parent_pte, &sp->parent_ptes);
 }
 
-static void drop_parent_pte(struct kvm_mmu_page *sp,
+static void drop_parent_pte(struct kvm *kvm, struct kvm_mmu_page *sp,
 			    u64 *parent_pte)
 {
-	mmu_page_remove_parent_pte(sp, parent_pte);
+	mmu_page_remove_parent_pte(kvm, sp, parent_pte);
 	mmu_spte_clear_no_track(parent_pte);
 }
 
@@ -2477,7 +2480,7 @@ static void validate_direct_spte(struct kvm_vcpu *vcpu, u64 *sptep,
 		if (child->role.access == direct_access)
 			return;
 
-		drop_parent_pte(child, sptep);
+		drop_parent_pte(vcpu->kvm, child, sptep);
 		kvm_flush_remote_tlbs_sptep(vcpu->kvm, sptep);
 	}
 }
@@ -2495,7 +2498,7 @@ static int mmu_page_zap_pte(struct kvm *kvm, struct kvm_mmu_page *sp,
 			drop_spte(kvm, spte);
 		} else {
 			child = spte_to_child_sp(pte);
-			drop_parent_pte(child, spte);
+			drop_parent_pte(kvm, child, spte);
 
 			/*
 			 * Recursively zap nested TDP SPs, parentless SPs are
@@ -2526,13 +2529,13 @@ static int kvm_mmu_page_unlink_children(struct kvm *kvm,
 	return zapped;
 }
 
-static void kvm_mmu_unlink_parents(struct kvm_mmu_page *sp)
+static void kvm_mmu_unlink_parents(struct kvm *kvm, struct kvm_mmu_page *sp)
 {
 	u64 *sptep;
 	struct rmap_iterator iter;
 
 	while ((sptep = rmap_get_first(&sp->parent_ptes, &iter)))
-		drop_parent_pte(sp, sptep);
+		drop_parent_pte(kvm, sp, sptep);
 }
 
 static int mmu_zap_unsync_children(struct kvm *kvm,
@@ -2571,7 +2574,7 @@ static bool __kvm_mmu_prepare_zap_page(struct kvm *kvm,
 	++kvm->stat.mmu_shadow_zapped;
 	*nr_zapped = mmu_zap_unsync_children(kvm, sp, invalid_list);
 	*nr_zapped += kvm_mmu_page_unlink_children(kvm, sp, invalid_list);
-	kvm_mmu_unlink_parents(sp);
+	kvm_mmu_unlink_parents(kvm, sp);
 
 	/* Zapping children means active_mmu_pages has become unstable. */
 	list_unstable = *nr_zapped;
@@ -2929,7 +2932,7 @@ static int mmu_set_spte(struct kvm_vcpu *vcpu, struct kvm_memory_slot *slot,
 			u64 pte = *sptep;
 
 			child = spte_to_child_sp(pte);
-			drop_parent_pte(child, sptep);
+			drop_parent_pte(vcpu->kvm, child, sptep);
 			flush = true;
 		} else if (pfn != spte_to_pfn(*sptep)) {
 			drop_spte(vcpu->kvm, sptep);

Original file line number	Diff line number	Diff line change
`@@ -961,7 +961,8 @@ static int pte_list_add(struct kvm_mmu_memory_cache cache, u64 spte,`
`961`	`961`	`return count;`
`962`	`962`	`}`
`963`	`963`
`964`		`-static void pte_list_desc_remove_entry(struct kvm_rmap_head *rmap_head,`
	`964`	`+static void pte_list_desc_remove_entry(struct kvm *kvm,`
	`965`	`+ struct kvm_rmap_head *rmap_head,`
`965`	`966`	`struct pte_list_desc *desc, int i)`
`966`	`967`	`{`
`967`	`968`	`struct pte_list_desc head_desc = (struct pte_list_desc )(rmap_head->val & ~1ul);`
`@@ -997,7 +998,8 @@ static void pte_list_desc_remove_entry(struct kvm_rmap_head *rmap_head,`
`997`	`998`	`mmu_free_pte_list_desc(head_desc);`
`998`	`999`	`}`
`999`	`1000`
`1000`		`-static void pte_list_remove(u64 spte, struct kvm_rmap_head rmap_head)`
	`1001`	`+static void pte_list_remove(struct kvm kvm, u64 spte,`
	`1002`	`+ struct kvm_rmap_head *rmap_head)`
`1001`	`1003`	`{`
`1002`	`1004`	`struct pte_list_desc *desc;`
`1003`	`1005`	`int i;`
`@@ -1016,7 +1018,8 @@ static void pte_list_remove(u64 spte, struct kvm_rmap_head rmap_head)`
`1016`	`1018`	`while (desc) {`
`1017`	`1019`	`for (i = 0; i < desc->spte_count; ++i) {`
`1018`	`1020`	`if (desc->sptes[i] == spte) {`
`1019`		`- pte_list_desc_remove_entry(rmap_head, desc, i);`
	`1021`	`+ pte_list_desc_remove_entry(kvm, rmap_head,`
	`1022`	`+ desc, i);`
`1020`	`1023`	`return;`
`1021`	`1024`	`}`
`1022`	`1025`	`}`
`@@ -1031,7 +1034,7 @@ static void kvm_zap_one_rmap_spte(struct kvm *kvm,`
`1031`	`1034`	`struct kvm_rmap_head rmap_head, u64 sptep)`
`1032`	`1035`	`{`
`1033`	`1036`	`mmu_spte_clear_track_bits(kvm, sptep);`
`1034`		`- pte_list_remove(sptep, rmap_head);`
	`1037`	`+ pte_list_remove(kvm, sptep, rmap_head);`
`1035`	`1038`	`}`
`1036`	`1039`
`1037`	`1040`	`/* Return true if at least one SPTE was zapped, false otherwise */`
`@@ -1106,7 +1109,7 @@ static void rmap_remove(struct kvm kvm, u64 spte)`
`1106`	`1109`	`slot = __gfn_to_memslot(slots, gfn);`
`1107`	`1110`	`rmap_head = gfn_to_rmap(gfn, sp->role.level, slot);`
`1108`	`1111`
`1109`		`- pte_list_remove(spte, rmap_head);`
	`1112`	`+ pte_list_remove(kvm, spte, rmap_head);`
`1110`	`1113`	`}`
`1111`	`1114`
`1112`	`1115`	`/*`
`@@ -1753,16 +1756,16 @@ static void mmu_page_add_parent_pte(struct kvm_mmu_memory_cache *cache,`
`1753`	`1756`	`pte_list_add(cache, parent_pte, &sp->parent_ptes);`
`1754`	`1757`	`}`
`1755`	`1758`
`1756`		`-static void mmu_page_remove_parent_pte(struct kvm_mmu_page *sp,`
	`1759`	`+static void mmu_page_remove_parent_pte(struct kvm kvm, struct kvm_mmu_page sp,`
`1757`	`1760`	`u64 *parent_pte)`
`1758`	`1761`	`{`
`1759`		`- pte_list_remove(parent_pte, &sp->parent_ptes);`
	`1762`	`+ pte_list_remove(kvm, parent_pte, &sp->parent_ptes);`
`1760`	`1763`	`}`
`1761`	`1764`
`1762`		`-static void drop_parent_pte(struct kvm_mmu_page *sp,`
	`1765`	`+static void drop_parent_pte(struct kvm kvm, struct kvm_mmu_page sp,`
`1763`	`1766`	`u64 *parent_pte)`
`1764`	`1767`	`{`
`1765`		`- mmu_page_remove_parent_pte(sp, parent_pte);`
	`1768`	`+ mmu_page_remove_parent_pte(kvm, sp, parent_pte);`
`1766`	`1769`	`mmu_spte_clear_no_track(parent_pte);`
`1767`	`1770`	`}`
`1768`	`1771`
`@@ -2477,7 +2480,7 @@ static void validate_direct_spte(struct kvm_vcpu vcpu, u64 sptep,`
`2477`	`2480`	`if (child->role.access == direct_access)`
`2478`	`2481`	`return;`
`2479`	`2482`
`2480`		`- drop_parent_pte(child, sptep);`
	`2483`	`+ drop_parent_pte(vcpu->kvm, child, sptep);`
`2481`	`2484`	`kvm_flush_remote_tlbs_sptep(vcpu->kvm, sptep);`
`2482`	`2485`	`}`
`2483`	`2486`	`}`
`@@ -2495,7 +2498,7 @@ static int mmu_page_zap_pte(struct kvm kvm, struct kvm_mmu_page sp,`
`2495`	`2498`	`drop_spte(kvm, spte);`
`2496`	`2499`	`} else {`
`2497`	`2500`	`child = spte_to_child_sp(pte);`
`2498`		`- drop_parent_pte(child, spte);`
	`2501`	`+ drop_parent_pte(kvm, child, spte);`
`2499`	`2502`
`2500`	`2503`	`/*`
`2501`	`2504`	`* Recursively zap nested TDP SPs, parentless SPs are`
`@@ -2526,13 +2529,13 @@ static int kvm_mmu_page_unlink_children(struct kvm *kvm,`
`2526`	`2529`	`return zapped;`
`2527`	`2530`	`}`
`2528`	`2531`
`2529`		`-static void kvm_mmu_unlink_parents(struct kvm_mmu_page *sp)`
	`2532`	`+static void kvm_mmu_unlink_parents(struct kvm kvm, struct kvm_mmu_page sp)`
`2530`	`2533`	`{`
`2531`	`2534`	`u64 *sptep;`
`2532`	`2535`	`struct rmap_iterator iter;`
`2533`	`2536`
`2534`	`2537`	`while ((sptep = rmap_get_first(&sp->parent_ptes, &iter)))`
`2535`		`- drop_parent_pte(sp, sptep);`
	`2538`	`+ drop_parent_pte(kvm, sp, sptep);`
`2536`	`2539`	`}`
`2537`	`2540`
`2538`	`2541`	`static int mmu_zap_unsync_children(struct kvm *kvm,`
`@@ -2571,7 +2574,7 @@ static bool __kvm_mmu_prepare_zap_page(struct kvm *kvm,`
`2571`	`2574`	`++kvm->stat.mmu_shadow_zapped;`
`2572`	`2575`	`*nr_zapped = mmu_zap_unsync_children(kvm, sp, invalid_list);`
`2573`	`2576`	`*nr_zapped += kvm_mmu_page_unlink_children(kvm, sp, invalid_list);`
`2574`		`- kvm_mmu_unlink_parents(sp);`
	`2577`	`+ kvm_mmu_unlink_parents(kvm, sp);`
`2575`	`2578`
`2576`	`2579`	`/* Zapping children means active_mmu_pages has become unstable. */`
`2577`	`2580`	`list_unstable = *nr_zapped;`
`@@ -2929,7 +2932,7 @@ static int mmu_set_spte(struct kvm_vcpu vcpu, struct kvm_memory_slot slot,`
`2929`	`2932`	`u64 pte = *sptep;`
`2930`	`2933`
`2931`	`2934`	`child = spte_to_child_sp(pte);`
`2932`		`- drop_parent_pte(child, sptep);`
	`2935`	`+ drop_parent_pte(vcpu->kvm, child, sptep);`
`2933`	`2936`	`flush = true;`
`2934`	`2937`	`} else if (pfn != spte_to_pfn(*sptep)) {`
`2935`	`2938`	`drop_spte(vcpu->kvm, sptep);`