From patchwork Thu Nov 10 03:41:22 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yan Zhao <yan.y.zhao@intel.com>
X-Patchwork-Id: 17948
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp714915wru;
        Wed, 9 Nov 2022 20:10:47 -0800 (PST)
X-Google-Smtp-Source: 
 AMsMyM6w9GeFC3s2t+UUH3kKI5AZCmSqefzdYXSvHGaty8OUdqoHx1x101boiXyHfo+NVslHRk2d
X-Received: by 2002:a63:5022:0:b0:457:bc51:dd71 with SMTP id
 e34-20020a635022000000b00457bc51dd71mr1722212pgb.402.1668053447163;
        Wed, 09 Nov 2022 20:10:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668053447; cv=none;
        d=google.com; s=arc-20160816;
        b=cW6pc22BJgwqxejr8ZkGYCv0ZBjH94EbVq+zzzAAENoelz2YwMxMywSXP1kFXYRQ17
         bIQDkEW//RgXAMYJb5k5JdsoD+lPG6IZ7QzdBskpNoTUzxiuDBvINLg8Mt+kRT0Kf3RC
         lHI7+k+50KT7wzIzANvRWU+YbiZQ6DHR3gg3gBV0j6Mt4kx8i5nztK1LNFpIU5KgPzrq
         iTndGMTvCzyLGV0FbIPkynynGhf4G2ILVZrfDYYTGMgXd3Qyc7fVjSRHKmAsl+cR1i1S
         MM2toUHv2BIIM1BjbtZta9Zy0T1LYXMCNVMyvJLJl8Kl7pDUkk/t3Iv7IHihNrWtmaSY
         +kOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=Ady39PZuoXUhX2DeAm3mVsojDAiDF30DSSmhLvhMM7U=;
        b=CKtk++yj74XG2TCVQwzFitJlzyhPWHCrjTMcMgp3ieCZGtUpxMbdLVte64cmwM5ZF2
         7aKfD4WJeKutuHxtWN/fN2v9gE5E1aEVPFvHyS22t+CQOzkKpq7zaakKAh1D53rRxF+R
         YLotYbTbB95zfYO/VszXDSdrqu93u73yFC0IHJBaJ2/IGpAGXR/PqUMd4soL5mwtnlQI
         VV3Zujs/O0vuAsFtaIEfS6eyqWaJP4HjVo2MQODlXuMH+Zv1Bhb7HhcwXzwz4wokYywR
         TzBN9A7pGcTHynuuySJYZbsh/v4biv9F7qJ+K/FrEeGaq8JvE6unR7FmAg+IrU7YOGGZ
         gsVg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=FO5QaFx2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 l16-20020a170902f69000b0018388edd187si22677871plg.56.2022.11.09.20.10.33;
        Wed, 09 Nov 2022 20:10:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=FO5QaFx2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232533AbiKJEEa (ORCPT <rfc822;dexuan.linux@gmail.com>
        + 99 others); Wed, 9 Nov 2022 23:04:30 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57804 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230093AbiKJEE0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Nov 2022 23:04:26 -0500
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5A1E1B799;
        Wed,  9 Nov 2022 20:04:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1668053066; x=1699589066;
  h=from:to:cc:subject:date:message-id;
  bh=IuypqxgY8qtYaoRik5R/iYUQhD+/hT5Hbcf2oINORCk=;
  b=FO5QaFx2dA3nsAdBm1u3jmi2B6gwGF+TjJl2lq0N+mOThpwSK7NaVcwF
   9Craev6kABzVujymSTTW+ipL6wYkLvvr3NlgN1WQgmJiW9pHQVsCVD+tC
   L34lZ99rKGaRS0MB8q8RsT+2af6Do5pYMnTxocfk7bpmZfGjEwBLsi2cW
   U2WtFZF8cq+Vb0645XMRT92shL37i2g4+26TYdpwA9/CXrX0t3e3G28L0
   NFvV0mTDdxhxiGXGeLf8mZxPycJD2jqC1dQ9IoeBgmpw9VCQ4Qcx1GChH
   1UAqQMeR8OpC9szTHsZwXOfXquB11BWZgpjPi7LLFLpcQ7toQmxOKGsIo
   A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10526"; a="312334022"
X-IronPort-AV: E=Sophos;i="5.96,152,1665471600";
   d="scan'208";a="312334022"
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 09 Nov 2022 20:04:25 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10526"; a="811889757"
X-IronPort-AV: E=Sophos;i="5.96,152,1665471600";
   d="scan'208";a="811889757"
Received: from yzhao56-desk.sh.intel.com ([10.238.200.254])
  by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 09 Nov 2022 20:04:23 -0800
From: Yan Zhao <yan.y.zhao@intel.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: pbonzini@redhat.com, seanjc@google.com,
        Yan Zhao <yan.y.zhao@intel.com>
Subject: [PATCH] KVM: x86/mmu: avoid accidentally go to shadow path for 0
 count tdp root
Date: Thu, 10 Nov 2022 11:41:22 +0800
Message-Id: <20221110034122.9892-1-yan.y.zhao@intel.com>
X-Mailer: git-send-email 2.17.1
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749080811306689198?=
X-GMAIL-MSGID: =?utf-8?q?1749080811306689198?=

kvm mmu uses "if (is_tdp_mmu(vcpu->arch.mmu))" to choose between tdp mmu
and shadow path.
If a root is a tdp mmu page while its root_count is 0, it's not valid to
go to the shadow path.

So, return true and add a warn on zero root count.

Signed-off-by: Yan Zhao <yan.y.zhao@intel.com>
---
 arch/x86/kvm/mmu/tdp_mmu.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/mmu/tdp_mmu.h b/arch/x86/kvm/mmu/tdp_mmu.h
index c163f7cc23ca..58b4881654a9 100644
--- a/arch/x86/kvm/mmu/tdp_mmu.h
+++ b/arch/x86/kvm/mmu/tdp_mmu.h
@@ -74,6 +74,7 @@ static inline bool is_tdp_mmu(struct kvm_mmu *mmu)
 {
 	struct kvm_mmu_page *sp;
 	hpa_t hpa = mmu->root.hpa;
+	bool is_tdp;
 
 	if (WARN_ON(!VALID_PAGE(hpa)))
 		return false;
@@ -84,7 +85,10 @@ static inline bool is_tdp_mmu(struct kvm_mmu *mmu)
 	 * pae_root page, not a shadow page.
 	 */
 	sp = to_shadow_page(hpa);
-	return sp && is_tdp_mmu_page(sp) && sp->root_count;
+	is_tdp = sp && is_tdp_mmu_page(sp);
+	WARN_ON(is_tdp && !refcount_read(&sp->tdp_mmu_root_count));
+
+	return is_tdp;
 }
 #else
 static inline int kvm_mmu_init_tdp_mmu(struct kvm *kvm) { return 0; }