From patchwork Tue Nov 29 19:12:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mingwei Zhang X-Patchwork-Id: 27418 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp522669wrr; Tue, 29 Nov 2022 11:17:28 -0800 (PST) X-Google-Smtp-Source: AA0mqf6cVARShYpA9/HtrsCT3iLoEMWOQ+l/ukRleZm4nQOEvMWOEtWniW46pitA3iA3l0huxjP9 X-Received: by 2002:a17:906:f90:b0:7ba:9c18:11e7 with SMTP id q16-20020a1709060f9000b007ba9c1811e7mr26317230ejj.198.1669749448124; Tue, 29 Nov 2022 11:17:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669749448; cv=none; d=google.com; s=arc-20160816; b=eqYg64MbFaeW/uhkFhFF11lnPPpL1w2T9eoczY8aeuALewbwKIMSWYsLa78tnZuMCs t5pN3+lL8HAbhjtxyzN2oSkJ2CmY6B/lTfVtPgBf6cdwK6P03WP60RZsTmuZVYfNsr8S 3KqurcThFkHX5F0bTjTGXBGMLyz6cxObBrHlLsakKYRDHwZrRo229MzFbwtF81bsJFSE v/PqHN7q99vmL1RtNPrb2wvme/Z+JG0QY9TmSYybC7Z5np7QzH91ZWyt5mx5yu4tygc6 2jNNthAD3JCo2lxv9VwNKAr3n60vfjb6fj9UANAgnaeysRv7CcSlqXuUfTLrmYnzFbCQ yyaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=Os4PbJiT3Ld5Lv/LgXTKbRpBhRE17eV3B/ireIkXlSU=; b=b5CnKJXdrlcioKabtUsJ1JXSfvFgVPlY1DKf6da8RXHQpnMJBbtmwa0OWY89p+fWcY DEY55rznik8aYB3pLASgii7XLRMucAd+G9NsNqPXldpPzHssxYM7+hwWagImGwlEDI2T dutMWFHmJdGuj69ScxA58Bs4OpEssge5ChAJlJXc1ltXvJJIEKu68dUPPqaRc4cGJ9De NhMBlBVIQu46auf3MD/tZDsEqKxxlGr5k183rjvSeVmnMuC2oyeEGuiBenIEn1VVR+9h ESjsiNbksul7fNUFRwZ0Ss4klUtZs02S4xFRJOI3mKlGknjbfgi4pc0311Mk3p/t85Uj hndg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Erx4H4SV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hp42-20020a1709073e2a00b007878144285csi13233864ejc.314.2022.11.29.11.17.04; Tue, 29 Nov 2022 11:17:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Erx4H4SV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235944AbiK2TMy (ORCPT + 99 others); Tue, 29 Nov 2022 14:12:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235850AbiK2TMo (ORCPT ); Tue, 29 Nov 2022 14:12:44 -0500 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5923A5F84C for ; Tue, 29 Nov 2022 11:12:42 -0800 (PST) Received: by mail-pj1-x104a.google.com with SMTP id pa16-20020a17090b265000b0020a71040b4cso9553425pjb.6 for ; Tue, 29 Nov 2022 11:12:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Os4PbJiT3Ld5Lv/LgXTKbRpBhRE17eV3B/ireIkXlSU=; b=Erx4H4SVakvlu7N+u2skn+6Xtm64P8cJ6ropYl5zYMS9nxY65pDMbE9n0sCqHGGde1 SgjDSWbbWfkDEhfQPcYOKQoLRAAm3ch4sNMw1jkCvzLGlYpBcxT9z2zxP0MRxIRr5h1v BVz5f1igjhYbAvjmg9vc0n84wQ2qHIJLvaYbkTbpyaGvsZMbRVLJXEprYXHEtbRBAKqU YDjxmBew3ESnfTyH4B83Gc75L0jPlI6oUqsa0RaoN0VrfRLlA/PUpirR4iSxr7J4TR/c iZJHh5z8vba2kUUR8g+w8LjE1QJvsODdZ+1KuiQ7go0J79fFK7GqZgXOGWKC0vzZrDJ0 lt1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Os4PbJiT3Ld5Lv/LgXTKbRpBhRE17eV3B/ireIkXlSU=; b=XRpEGmiVkZh7tF8NGIh7CRlWrE5xT4dW/ZFHwhb6qYpl9PeC39SBQ3t8Bkni9eercK MjADw7sKtHedtDrxniFFpsB8Us5ND9xwclXFy+1xak3022fcpLxrLVjAS5ptIjQf4frg DrvojkEYsicqhljA70fGCRhg3vCKI5DiRnhyw0qqotPltOkxvcz/SsruzNL0yar2BKCf t8qOL10JWihw3W931QthTijXZSgRfcGh2CMRyYE1Nqcmbb11JAPkbftlRjK4EYwUCkjk x1zZVimlBFBLUuJfbquZJC8fWFI6SZ5D1fVFGed/fTqb9dyPKwDpI2GsXJa0rH2ZH4s6 9oJQ== X-Gm-Message-State: ANoB5pkoJyna4hFn0RLrOujzGPD3E/GzITmSOGIxiporO+MSp7DKC2qj Eyt8kIhmB1ugY7GQsApuwH5RSLxtEpS2 X-Received: from mizhang-super.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:1071]) (user=mizhang job=sendgmr) by 2002:a17:90a:dc06:b0:218:9196:1cd1 with SMTP id i6-20020a17090adc0600b0021891961cd1mr54466231pjv.230.1669749161858; Tue, 29 Nov 2022 11:12:41 -0800 (PST) Reply-To: Mingwei Zhang Date: Tue, 29 Nov 2022 19:12:36 +0000 In-Reply-To: <20221129191237.31447-1-mizhang@google.com> Mime-Version: 1.0 References: <20221129191237.31447-1-mizhang@google.com> X-Mailer: git-send-email 2.38.1.584.g0f3c55d4c2-goog Message-ID: <20221129191237.31447-2-mizhang@google.com> Subject: [RFC PATCH v4 1/2] KVM: x86/mmu: plumb struct kvm all the way to pte_list_remove() From: Mingwei Zhang To: Sean Christopherson , Paolo Bonzini Cc: "H. Peter Anvin" , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Mingwei Zhang , Nagareddy Reddy , Jim Mattson , David Matlack X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750859197075491490?= X-GMAIL-MSGID: =?utf-8?q?1750859197075491490?= Plumb struct kvm all the way to pte_list_remove() to allow the usage of KVM_BUG() and/or KVM_BUG_ON(). This is the prepration step to depricate the usage of BUG() in pte_list_remove() in shadow mmu. Signed-off-by: Mingwei Zhang --- arch/x86/kvm/mmu/mmu.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 4736d7849c60..b5a44b8f5f7b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -947,7 +947,8 @@ pte_list_desc_remove_entry(struct kvm_rmap_head *rmap_head, mmu_free_pte_list_desc(desc); } -static void pte_list_remove(u64 *spte, struct kvm_rmap_head *rmap_head) +static void pte_list_remove(struct kvm *kvm, u64 *spte, + struct kvm_rmap_head *rmap_head) { struct pte_list_desc *desc; struct pte_list_desc *prev_desc; @@ -987,7 +988,7 @@ static void kvm_zap_one_rmap_spte(struct kvm *kvm, struct kvm_rmap_head *rmap_head, u64 *sptep) { mmu_spte_clear_track_bits(kvm, sptep); - pte_list_remove(sptep, rmap_head); + pte_list_remove(kvm, sptep, rmap_head); } /* Return true if at least one SPTE was zapped, false otherwise */ @@ -1077,7 +1078,7 @@ static void rmap_remove(struct kvm *kvm, u64 *spte) slot = __gfn_to_memslot(slots, gfn); rmap_head = gfn_to_rmap(gfn, sp->role.level, slot); - pte_list_remove(spte, rmap_head); + pte_list_remove(kvm, spte, rmap_head); } /* @@ -1730,16 +1731,16 @@ static void mmu_page_add_parent_pte(struct kvm_mmu_memory_cache *cache, pte_list_add(cache, parent_pte, &sp->parent_ptes); } -static void mmu_page_remove_parent_pte(struct kvm_mmu_page *sp, +static void mmu_page_remove_parent_pte(struct kvm *kvm, struct kvm_mmu_page *sp, u64 *parent_pte) { - pte_list_remove(parent_pte, &sp->parent_ptes); + pte_list_remove(kvm, parent_pte, &sp->parent_ptes); } -static void drop_parent_pte(struct kvm_mmu_page *sp, +static void drop_parent_pte(struct kvm *kvm, struct kvm_mmu_page *sp, u64 *parent_pte) { - mmu_page_remove_parent_pte(sp, parent_pte); + mmu_page_remove_parent_pte(kvm, sp, parent_pte); mmu_spte_clear_no_track(parent_pte); } @@ -2382,7 +2383,7 @@ static void validate_direct_spte(struct kvm_vcpu *vcpu, u64 *sptep, if (child->role.access == direct_access) return; - drop_parent_pte(child, sptep); + drop_parent_pte(vcpu->kvm, child, sptep); kvm_flush_remote_tlbs_with_address(vcpu->kvm, child->gfn, 1); } } @@ -2400,7 +2401,7 @@ static int mmu_page_zap_pte(struct kvm *kvm, struct kvm_mmu_page *sp, drop_spte(kvm, spte); } else { child = spte_to_child_sp(pte); - drop_parent_pte(child, spte); + drop_parent_pte(kvm, child, spte); /* * Recursively zap nested TDP SPs, parentless SPs are @@ -2431,13 +2432,13 @@ static int kvm_mmu_page_unlink_children(struct kvm *kvm, return zapped; } -static void kvm_mmu_unlink_parents(struct kvm_mmu_page *sp) +static void kvm_mmu_unlink_parents(struct kvm *kvm, struct kvm_mmu_page *sp) { u64 *sptep; struct rmap_iterator iter; while ((sptep = rmap_get_first(&sp->parent_ptes, &iter))) - drop_parent_pte(sp, sptep); + drop_parent_pte(kvm, sp, sptep); } static int mmu_zap_unsync_children(struct kvm *kvm, @@ -2475,7 +2476,7 @@ static bool __kvm_mmu_prepare_zap_page(struct kvm *kvm, ++kvm->stat.mmu_shadow_zapped; *nr_zapped = mmu_zap_unsync_children(kvm, sp, invalid_list); *nr_zapped += kvm_mmu_page_unlink_children(kvm, sp, invalid_list); - kvm_mmu_unlink_parents(sp); + kvm_mmu_unlink_parents(kvm, sp); /* Zapping children means active_mmu_pages has become unstable. */ list_unstable = *nr_zapped; @@ -2839,7 +2840,7 @@ static int mmu_set_spte(struct kvm_vcpu *vcpu, struct kvm_memory_slot *slot, u64 pte = *sptep; child = spte_to_child_sp(pte); - drop_parent_pte(child, sptep); + drop_parent_pte(vcpu->kvm, child, sptep); flush = true; } else if (pfn != spte_to_pfn(*sptep)) { pgprintk("hfn old %llx new %llx\n", From patchwork Tue Nov 29 19:12:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mingwei Zhang X-Patchwork-Id: 27420 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp523024wrr; Tue, 29 Nov 2022 11:18:16 -0800 (PST) X-Google-Smtp-Source: AA0mqf4G6xg4QWXxFk6RwkpcAXL6+KyH2CMkW0IpB/K8bbKX88S3k/v36Nnn3hHmEQd09wkv300p X-Received: by 2002:a17:90a:ae09:b0:218:ede8:694a with SMTP id t9-20020a17090aae0900b00218ede8694amr32638110pjq.67.1669749495869; Tue, 29 Nov 2022 11:18:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669749495; cv=none; d=google.com; s=arc-20160816; b=qhc7kOhPg2h+2bJAsxE7LdZkNoDbKEF6e1TAHckR1Oee0dIVth7Ajw6ON3OCD2Jzut Kiuyf5/Ezd6pVo3Ipo+BWC+4cun012SIEO42tmfmyVFN6jx9CaYbrmkAfkKROreS3MQS BeOb5Z8UMbEe3cH5K5vMibZCpITPunnCEFic38fpm9HYW3GSx39yAlGnjGaEGWCgttWX 20QSlB6bxjTmR+8EORkjy8UJzr6lQrEtRZZjpsaJCF5aJ6/RnxxzoT1PZ8iLfYUFgd2T 296L1P0O9eHmMEXBqp8m+bCQHcX89bJcaws06sar3oGPCylPxW2tfd8if2/rizMr7jUV rd9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=mEiNt5ftXb0Jkq4g8/ocAWg6a33yQe2tEm6TyHr4HZE=; b=D2+uI3u8J3slnaVUbOgqd+vE4dAA4boovq8+fX2/uIt4GlbVEa82yS9tNFZwMaRJgO fTcQzj4gUiVkkjPFylbVfLhNlaEnom9dcxEogSTCNyE/NoXorNNNpdNDOWPoyVZ4mR6t 3NIMgfJPGT56d7f0/Qg69889+2r9A2raD86niD5qEZeQZY1x8O7wDXBpHfh4o3kpkVfw O7XzlPmh+zi4iP2hmuxmBBssxQZ32raVtfDKQsq2znaJq+z7wz8plnlxnVkNoBbFMhVJ aeKNrk/f0fq0bEhPnMaP0YmkBrgOtXArCB+CRTohAmqfzJ4EE92Bs1Qp4E87VkcQuA22 8u4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=lZqioWnF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k21-20020a056a00135500b00572f208f7basi16989174pfu.149.2022.11.29.11.18.02; Tue, 29 Nov 2022 11:18:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=lZqioWnF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236007AbiK2TM7 (ORCPT + 99 others); Tue, 29 Nov 2022 14:12:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236651AbiK2TMq (ORCPT ); Tue, 29 Nov 2022 14:12:46 -0500 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F1AD6034F for ; Tue, 29 Nov 2022 11:12:43 -0800 (PST) Received: by mail-pg1-x54a.google.com with SMTP id e190-20020a6369c7000000b004777dc6a02aso9861020pgc.19 for ; Tue, 29 Nov 2022 11:12:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=mEiNt5ftXb0Jkq4g8/ocAWg6a33yQe2tEm6TyHr4HZE=; b=lZqioWnFf7DyOm6+UYrYKd/04nt1Aq0D3ZCgGce6on3ZtO4WSRm+HhLYbLnCI+9xlM hKFO1tqcxti6PMQ2mLl8VD69s58nYbxxU+Ql1VzAbnxtstmgiZ4yOjmDXHuauvX16A6E W4j9VMTVe1lsy8oBZxTGU3/853F2KnviDlm2HnQBwe+gZVu8vly/3kECViq/jUQTPusP ssc88dzR4CB7CiWvGR+LlFKfVhx6t1d0HyN108lbRHhcXn55CRpbqLeNdYcV3mC6TFwG 1y/3IRRe+wTctm06tVpWwT0r7iT73qQZ7wEoDdOyQZOlAUrPV3gyrjcUHAz7wvnwJVu1 y4dQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mEiNt5ftXb0Jkq4g8/ocAWg6a33yQe2tEm6TyHr4HZE=; b=5zvWaenR1CiU0u4l0xQM3y0zs624FnEVwUNO14bEDTwRKdwxFeYIZi8cO7HO/Lny04 JiRsDD140ZpiTKT0+lcgm9zqVAmUsdlpGJZ4FYujwBCR7NAkHWPjHSrt/kUjqYwN+T04 lXCUejBKQD8Lnvp8rBT5aHVWCclHDct5+757paNbEnlJ2rIorCXSPa11WGkG/ZRrMHnS fwuB1N2EhUwfttP+IH9OFnHs07i4h506uoE28OKMJ+0t4Sg1k8Q9dF+Bodg/uu0x3L4J m+MZXHsmgulPWcNdZd8ReLSrRdsuZbVdHnRsE1mbgQTsK8Shfpvd7yqGEKeh8NPe2hAb +WPg== X-Gm-Message-State: ANoB5pkXbnW9MwWWGaSoDcxsH9p+2+LLkMz7nQWINB1iWg4/MJ9oZDZG Xz+TlUym9JL1SVFAM2AsUD6CLtkyrMJa X-Received: from mizhang-super.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:1071]) (user=mizhang job=sendgmr) by 2002:a62:5242:0:b0:574:73fc:d260 with SMTP id g63-20020a625242000000b0057473fcd260mr30475727pfb.6.1669749163324; Tue, 29 Nov 2022 11:12:43 -0800 (PST) Reply-To: Mingwei Zhang Date: Tue, 29 Nov 2022 19:12:37 +0000 In-Reply-To: <20221129191237.31447-1-mizhang@google.com> Mime-Version: 1.0 References: <20221129191237.31447-1-mizhang@google.com> X-Mailer: git-send-email 2.38.1.584.g0f3c55d4c2-goog Message-ID: <20221129191237.31447-3-mizhang@google.com> Subject: [RFC PATCH v4 2/2] KVM: x86/mmu: replace BUG() with KVM_BUG() in shadow mmu From: Mingwei Zhang To: Sean Christopherson , Paolo Bonzini Cc: "H. Peter Anvin" , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Mingwei Zhang , Nagareddy Reddy , Jim Mattson , David Matlack X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750859247398592883?= X-GMAIL-MSGID: =?utf-8?q?1750859247398592883?= Replace BUG() in pte_list_remove() with KVM_BUG() to avoid crashing the host. MMU bug is difficult to discover due to various racing conditions and corner cases and thus it extremely hard to debug. The situation gets much worse when it triggers the shutdown of a host. Host machine crash eliminates everything including the potential clues for debugging. BUG() or BUG_ON() is probably no longer appropriate as the host reliability is top priority in many business scenarios. Crashing the physical machine is almost never a good option as it eliminates innocent VMs and cause service outage in a larger scope. Even worse, if attacker can reliably triggers this code by diverting the control flow or corrupting the memory or leveraging a KVM bug, then this becomes vm-of-death attack. This is a huge attack vector to cloud providers, as the death of one single host machine is not the end of the story. Without manual interferences, a failed cloud job may be dispatched to other hosts and continue host crashes until all of them are dead. Because of the above reasons, shrink the scope of crash to the target VM only. Cc: Nagareddy Reddy Cc: Jim Mattson Cc: David Matlack Signed-off-by: Mingwei Zhang --- arch/x86/kvm/mmu/mmu.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index b5a44b8f5f7b..12790ccb8731 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -954,15 +954,16 @@ static void pte_list_remove(struct kvm *kvm, u64 *spte, struct pte_list_desc *prev_desc; int i; - if (!rmap_head->val) { - pr_err("%s: %p 0->BUG\n", __func__, spte); - BUG(); - } else if (!(rmap_head->val & 1)) { + if (KVM_BUG(!rmap_head->val, kvm, "rmap for %p is empty", spte)) + return; + + if (!(rmap_head->val & 1)) { rmap_printk("%p 1->0\n", spte); - if ((u64 *)rmap_head->val != spte) { - pr_err("%s: %p 1->BUG\n", __func__, spte); - BUG(); - } + + if (KVM_BUG((u64 *)rmap_head->val != spte, kvm, + "single rmap for %p doesn't match", spte)) + return; + rmap_head->val = 0; } else { rmap_printk("%p many->many\n", spte); @@ -979,8 +980,7 @@ static void pte_list_remove(struct kvm *kvm, u64 *spte, prev_desc = desc; desc = desc->more; } - pr_err("%s: %p many->many\n", __func__, spte); - BUG(); + KVM_BUG(true, kvm, "no rmap for %p (many->many)", spte); } }