Message ID | 20241204191349.1730936-2-jthoughton@google.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | KVM: Introduce KVM Userfault | expand |
Hi James, kernel test robot noticed the following build warnings: [auto build test WARNING on 4d911c7abee56771b0219a9fbf0120d06bdc9c14] url: https://github.com/intel-lab-lkp/linux/commits/James-Houghton/KVM-Add-KVM_MEM_USERFAULT-memslot-flag-and-bitmap/20241205-032516 base: 4d911c7abee56771b0219a9fbf0120d06bdc9c14 patch link: https://lore.kernel.org/r/20241204191349.1730936-2-jthoughton%40google.com patch subject: [PATCH v1 01/13] KVM: Add KVM_MEM_USERFAULT memslot flag and bitmap config: x86_64-randconfig-121 (https://download.01.org/0day-ci/archive/20241205/202412051904.GNL7BE1X-lkp@intel.com/config) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241205/202412051904.GNL7BE1X-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412051904.GNL7BE1X-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) arch/x86/kvm/../../../virt/kvm/kvm_main.c: note: in included file: include/linux/kvm_host.h:2080:54: sparse: sparse: array of flexible structures include/linux/kvm_host.h:2082:56: sparse: sparse: array of flexible structures >> arch/x86/kvm/../../../virt/kvm/kvm_main.c:2049:39: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected unsigned long [noderef] __user *userfault_bitmap @@ got unsigned long * @@ arch/x86/kvm/../../../virt/kvm/kvm_main.c:2049:39: sparse: expected unsigned long [noderef] __user *userfault_bitmap arch/x86/kvm/../../../virt/kvm/kvm_main.c:2049:39: sparse: got unsigned long * arch/x86/kvm/../../../virt/kvm/kvm_main.c:626:25: sparse: sparse: context imbalance in 'kvm_mmu_notifier_invalidate_range_start' - different lock contexts for basic block arch/x86/kvm/../../../virt/kvm/kvm_main.c:626:25: sparse: sparse: context imbalance in 'kvm_mmu_notifier_invalidate_range_end' - different lock contexts for basic block arch/x86/kvm/../../../virt/kvm/kvm_main.c:626:25: sparse: sparse: context imbalance in 'kvm_mmu_notifier_clear_flush_young' - different lock contexts for basic block arch/x86/kvm/../../../virt/kvm/kvm_main.c:626:25: sparse: sparse: context imbalance in 'kvm_mmu_notifier_clear_young' - different lock contexts for basic block arch/x86/kvm/../../../virt/kvm/kvm_main.c:626:25: sparse: sparse: context imbalance in 'kvm_mmu_notifier_test_young' - different lock contexts for basic block arch/x86/kvm/../../../virt/kvm/kvm_main.c: note: in included file (through include/linux/mutex.h, include/linux/kvm_types.h, include/kvm/iodev.h): include/linux/list.h:83:21: sparse: sparse: self-comparison always evaluates to true arch/x86/kvm/../../../virt/kvm/kvm_main.c:1960:49: sparse: sparse: self-comparison always evaluates to false include/linux/list.h:83:21: sparse: sparse: self-comparison always evaluates to true vim +2049 arch/x86/kvm/../../../virt/kvm/kvm_main.c 1931 1932 /* 1933 * Allocate some memory and give it an address in the guest physical address 1934 * space. 1935 * 1936 * Discontiguous memory is allowed, mostly for framebuffers. 1937 * 1938 * Must be called holding kvm->slots_lock for write. 1939 */ 1940 int __kvm_set_memory_region(struct kvm *kvm, 1941 const struct kvm_userspace_memory_region2 *mem) 1942 { 1943 struct kvm_memory_slot *old, *new; 1944 struct kvm_memslots *slots; 1945 enum kvm_mr_change change; 1946 unsigned long npages; 1947 gfn_t base_gfn; 1948 int as_id, id; 1949 int r; 1950 1951 r = check_memory_region_flags(kvm, mem); 1952 if (r) 1953 return r; 1954 1955 as_id = mem->slot >> 16; 1956 id = (u16)mem->slot; 1957 1958 /* General sanity checks */ 1959 if ((mem->memory_size & (PAGE_SIZE - 1)) || 1960 (mem->memory_size != (unsigned long)mem->memory_size)) 1961 return -EINVAL; 1962 if (mem->guest_phys_addr & (PAGE_SIZE - 1)) 1963 return -EINVAL; 1964 /* We can read the guest memory with __xxx_user() later on. */ 1965 if ((mem->userspace_addr & (PAGE_SIZE - 1)) || 1966 (mem->userspace_addr != untagged_addr(mem->userspace_addr)) || 1967 !access_ok((void __user *)(unsigned long)mem->userspace_addr, 1968 mem->memory_size)) 1969 return -EINVAL; 1970 if (mem->flags & KVM_MEM_GUEST_MEMFD && 1971 (mem->guest_memfd_offset & (PAGE_SIZE - 1) || 1972 mem->guest_memfd_offset + mem->memory_size < mem->guest_memfd_offset)) 1973 return -EINVAL; 1974 if (as_id >= kvm_arch_nr_memslot_as_ids(kvm) || id >= KVM_MEM_SLOTS_NUM) 1975 return -EINVAL; 1976 if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr) 1977 return -EINVAL; 1978 if ((mem->memory_size >> PAGE_SHIFT) > KVM_MEM_MAX_NR_PAGES) 1979 return -EINVAL; 1980 1981 slots = __kvm_memslots(kvm, as_id); 1982 1983 /* 1984 * Note, the old memslot (and the pointer itself!) may be invalidated 1985 * and/or destroyed by kvm_set_memslot(). 1986 */ 1987 old = id_to_memslot(slots, id); 1988 1989 if (!mem->memory_size) { 1990 if (!old || !old->npages) 1991 return -EINVAL; 1992 1993 if (WARN_ON_ONCE(kvm->nr_memslot_pages < old->npages)) 1994 return -EIO; 1995 1996 return kvm_set_memslot(kvm, old, NULL, KVM_MR_DELETE); 1997 } 1998 1999 base_gfn = (mem->guest_phys_addr >> PAGE_SHIFT); 2000 npages = (mem->memory_size >> PAGE_SHIFT); 2001 2002 if (!old || !old->npages) { 2003 change = KVM_MR_CREATE; 2004 2005 /* 2006 * To simplify KVM internals, the total number of pages across 2007 * all memslots must fit in an unsigned long. 2008 */ 2009 if ((kvm->nr_memslot_pages + npages) < kvm->nr_memslot_pages) 2010 return -EINVAL; 2011 } else { /* Modify an existing slot. */ 2012 /* Private memslots are immutable, they can only be deleted. */ 2013 if (mem->flags & KVM_MEM_GUEST_MEMFD) 2014 return -EINVAL; 2015 if ((mem->userspace_addr != old->userspace_addr) || 2016 (npages != old->npages) || 2017 ((mem->flags ^ old->flags) & KVM_MEM_READONLY)) 2018 return -EINVAL; 2019 2020 if (base_gfn != old->base_gfn) 2021 change = KVM_MR_MOVE; 2022 else if (mem->flags != old->flags) 2023 change = KVM_MR_FLAGS_ONLY; 2024 else /* Nothing to change. */ 2025 return 0; 2026 } 2027 2028 if ((change == KVM_MR_CREATE || change == KVM_MR_MOVE) && 2029 kvm_check_memslot_overlap(slots, id, base_gfn, base_gfn + npages)) 2030 return -EEXIST; 2031 2032 /* Allocate a slot that will persist in the memslot. */ 2033 new = kzalloc(sizeof(*new), GFP_KERNEL_ACCOUNT); 2034 if (!new) 2035 return -ENOMEM; 2036 2037 new->as_id = as_id; 2038 new->id = id; 2039 new->base_gfn = base_gfn; 2040 new->npages = npages; 2041 new->flags = mem->flags; 2042 new->userspace_addr = mem->userspace_addr; 2043 if (mem->flags & KVM_MEM_GUEST_MEMFD) { 2044 r = kvm_gmem_bind(kvm, new, mem->guest_memfd, mem->guest_memfd_offset); 2045 if (r) 2046 goto out; 2047 } 2048 if (mem->flags & KVM_MEM_USERFAULT) > 2049 new->userfault_bitmap = (unsigned long *)mem->userfault_bitmap; 2050 2051 r = kvm_set_memslot(kvm, old, new, change); 2052 if (r) 2053 goto out_unbind; 2054 2055 return 0; 2056 2057 out_unbind: 2058 if (mem->flags & KVM_MEM_GUEST_MEMFD) 2059 kvm_gmem_unbind(new); 2060 out: 2061 kfree(new); 2062 return r; 2063 } 2064 EXPORT_SYMBOL_GPL(__kvm_set_memory_region); 2065
Hi James, kernel test robot noticed the following build warnings: [auto build test WARNING on 4d911c7abee56771b0219a9fbf0120d06bdc9c14] url: https://github.com/intel-lab-lkp/linux/commits/James-Houghton/KVM-Add-KVM_MEM_USERFAULT-memslot-flag-and-bitmap/20241205-032516 base: 4d911c7abee56771b0219a9fbf0120d06bdc9c14 patch link: https://lore.kernel.org/r/20241204191349.1730936-2-jthoughton%40google.com patch subject: [PATCH v1 01/13] KVM: Add KVM_MEM_USERFAULT memslot flag and bitmap config: i386-buildonly-randconfig-006 (https://download.01.org/0day-ci/archive/20241205/202412052133.pTg3UAQm-lkp@intel.com/config) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241205/202412052133.pTg3UAQm-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202412052133.pTg3UAQm-lkp@intel.com/ All warnings (new ones prefixed by >>): arch/x86/kvm/../../../virt/kvm/kvm_main.c: In function '__kvm_set_memory_region': >> arch/x86/kvm/../../../virt/kvm/kvm_main.c:2049:41: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] 2049 | new->userfault_bitmap = (unsigned long *)mem->userfault_bitmap; | ^ vim +2049 arch/x86/kvm/../../../virt/kvm/kvm_main.c 1931 1932 /* 1933 * Allocate some memory and give it an address in the guest physical address 1934 * space. 1935 * 1936 * Discontiguous memory is allowed, mostly for framebuffers. 1937 * 1938 * Must be called holding kvm->slots_lock for write. 1939 */ 1940 int __kvm_set_memory_region(struct kvm *kvm, 1941 const struct kvm_userspace_memory_region2 *mem) 1942 { 1943 struct kvm_memory_slot *old, *new; 1944 struct kvm_memslots *slots; 1945 enum kvm_mr_change change; 1946 unsigned long npages; 1947 gfn_t base_gfn; 1948 int as_id, id; 1949 int r; 1950 1951 r = check_memory_region_flags(kvm, mem); 1952 if (r) 1953 return r; 1954 1955 as_id = mem->slot >> 16; 1956 id = (u16)mem->slot; 1957 1958 /* General sanity checks */ 1959 if ((mem->memory_size & (PAGE_SIZE - 1)) || 1960 (mem->memory_size != (unsigned long)mem->memory_size)) 1961 return -EINVAL; 1962 if (mem->guest_phys_addr & (PAGE_SIZE - 1)) 1963 return -EINVAL; 1964 /* We can read the guest memory with __xxx_user() later on. */ 1965 if ((mem->userspace_addr & (PAGE_SIZE - 1)) || 1966 (mem->userspace_addr != untagged_addr(mem->userspace_addr)) || 1967 !access_ok((void __user *)(unsigned long)mem->userspace_addr, 1968 mem->memory_size)) 1969 return -EINVAL; 1970 if (mem->flags & KVM_MEM_GUEST_MEMFD && 1971 (mem->guest_memfd_offset & (PAGE_SIZE - 1) || 1972 mem->guest_memfd_offset + mem->memory_size < mem->guest_memfd_offset)) 1973 return -EINVAL; 1974 if (as_id >= kvm_arch_nr_memslot_as_ids(kvm) || id >= KVM_MEM_SLOTS_NUM) 1975 return -EINVAL; 1976 if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr) 1977 return -EINVAL; 1978 if ((mem->memory_size >> PAGE_SHIFT) > KVM_MEM_MAX_NR_PAGES) 1979 return -EINVAL; 1980 1981 slots = __kvm_memslots(kvm, as_id); 1982 1983 /* 1984 * Note, the old memslot (and the pointer itself!) may be invalidated 1985 * and/or destroyed by kvm_set_memslot(). 1986 */ 1987 old = id_to_memslot(slots, id); 1988 1989 if (!mem->memory_size) { 1990 if (!old || !old->npages) 1991 return -EINVAL; 1992 1993 if (WARN_ON_ONCE(kvm->nr_memslot_pages < old->npages)) 1994 return -EIO; 1995 1996 return kvm_set_memslot(kvm, old, NULL, KVM_MR_DELETE); 1997 } 1998 1999 base_gfn = (mem->guest_phys_addr >> PAGE_SHIFT); 2000 npages = (mem->memory_size >> PAGE_SHIFT); 2001 2002 if (!old || !old->npages) { 2003 change = KVM_MR_CREATE; 2004 2005 /* 2006 * To simplify KVM internals, the total number of pages across 2007 * all memslots must fit in an unsigned long. 2008 */ 2009 if ((kvm->nr_memslot_pages + npages) < kvm->nr_memslot_pages) 2010 return -EINVAL; 2011 } else { /* Modify an existing slot. */ 2012 /* Private memslots are immutable, they can only be deleted. */ 2013 if (mem->flags & KVM_MEM_GUEST_MEMFD) 2014 return -EINVAL; 2015 if ((mem->userspace_addr != old->userspace_addr) || 2016 (npages != old->npages) || 2017 ((mem->flags ^ old->flags) & KVM_MEM_READONLY)) 2018 return -EINVAL; 2019 2020 if (base_gfn != old->base_gfn) 2021 change = KVM_MR_MOVE; 2022 else if (mem->flags != old->flags) 2023 change = KVM_MR_FLAGS_ONLY; 2024 else /* Nothing to change. */ 2025 return 0; 2026 } 2027 2028 if ((change == KVM_MR_CREATE || change == KVM_MR_MOVE) && 2029 kvm_check_memslot_overlap(slots, id, base_gfn, base_gfn + npages)) 2030 return -EEXIST; 2031 2032 /* Allocate a slot that will persist in the memslot. */ 2033 new = kzalloc(sizeof(*new), GFP_KERNEL_ACCOUNT); 2034 if (!new) 2035 return -ENOMEM; 2036 2037 new->as_id = as_id; 2038 new->id = id; 2039 new->base_gfn = base_gfn; 2040 new->npages = npages; 2041 new->flags = mem->flags; 2042 new->userspace_addr = mem->userspace_addr; 2043 if (mem->flags & KVM_MEM_GUEST_MEMFD) { 2044 r = kvm_gmem_bind(kvm, new, mem->guest_memfd, mem->guest_memfd_offset); 2045 if (r) 2046 goto out; 2047 } 2048 if (mem->flags & KVM_MEM_USERFAULT) > 2049 new->userfault_bitmap = (unsigned long *)mem->userfault_bitmap; 2050 2051 r = kvm_set_memslot(kvm, old, new, change); 2052 if (r) 2053 goto out_unbind; 2054 2055 return 0; 2056 2057 out_unbind: 2058 if (mem->flags & KVM_MEM_GUEST_MEMFD) 2059 kvm_gmem_unbind(new); 2060 out: 2061 kfree(new); 2062 return r; 2063 } 2064 EXPORT_SYMBOL_GPL(__kvm_set_memory_region); 2065
> arch/x86/kvm/../../../virt/kvm/kvm_main.c: In function '__kvm_set_memory_region': > >> arch/x86/kvm/../../../virt/kvm/kvm_main.c:2049:41: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] > 2049 | new->userfault_bitmap = (unsigned long *)mem->userfault_bitmap; > | ^ I realize that, not only have I done this cast slightly wrong, I'm missing a few checks on userfault_bitmap that I should have. Applying this diff, or at least something like it, to fix it: diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index b552cdef2850..30f09141df64 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1977,6 +1977,12 @@ int __kvm_set_memory_region(struct kvm *kvm, return -EINVAL; if ((mem->memory_size >> PAGE_SHIFT) > KVM_MEM_MAX_NR_PAGES) return -EINVAL; + if (mem->flags & KVM_MEM_USERFAULT && + ((mem->userfault_bitmap != untagged_addr(mem->userfault_bitmap)) || + !access_ok((void __user *)(unsigned long)mem->userfault_bitmap, + DIV_ROUND_UP(mem->memory_size >> PAGE_SHIFT, BITS_PER_LONG) + * sizeof(long)))) + return -EINVAL; slots = __kvm_memslots(kvm, as_id); @@ -2053,7 +2059,8 @@ int __kvm_set_memory_region(struct kvm *kvm, goto out; } if (mem->flags & KVM_MEM_USERFAULT) - new->userfault_bitmap = (unsigned long *)mem->userfault_bitmap; + new->userfault_bitmap = + (unsigned long __user *)(unsigned long)mem->userfault_bitmap; r = kvm_set_memslot(kvm, old, new, change); if (r)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 401439bb21e3..f7a3dfd5e224 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -590,6 +590,7 @@ struct kvm_memory_slot { unsigned long *dirty_bitmap; struct kvm_arch_memory_slot arch; unsigned long userspace_addr; + unsigned long __user *userfault_bitmap; u32 flags; short id; u16 as_id; @@ -724,6 +725,11 @@ static inline bool kvm_arch_has_readonly_mem(struct kvm *kvm) } #endif +static inline bool kvm_has_userfault(struct kvm *kvm) +{ + return IS_ENABLED(CONFIG_HAVE_KVM_USERFAULT); +} + struct kvm_memslots { u64 generation; atomic_long_t last_used_slot; @@ -2553,4 +2559,12 @@ long kvm_arch_vcpu_pre_fault_memory(struct kvm_vcpu *vcpu, struct kvm_pre_fault_memory *range); #endif +int kvm_gfn_userfault(struct kvm *kvm, struct kvm_memory_slot *memslot, + gfn_t gfn); + +static inline bool kvm_memslot_userfault(struct kvm_memory_slot *memslot) +{ + return memslot->flags & KVM_MEM_USERFAULT; +} + #endif diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 502ea63b5d2e..94be7e8b46a4 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -40,7 +40,8 @@ struct kvm_userspace_memory_region2 { __u64 guest_memfd_offset; __u32 guest_memfd; __u32 pad1; - __u64 pad2[14]; + __u64 userfault_bitmap; + __u64 pad2[13]; }; /* @@ -51,6 +52,7 @@ struct kvm_userspace_memory_region2 { #define KVM_MEM_LOG_DIRTY_PAGES (1UL << 0) #define KVM_MEM_READONLY (1UL << 1) #define KVM_MEM_GUEST_MEMFD (1UL << 2) +#define KVM_MEM_USERFAULT (1UL << 3) /* for KVM_IRQ_LINE */ struct kvm_irq_level { diff --git a/virt/kvm/Kconfig b/virt/kvm/Kconfig index 54e959e7d68f..9eb1fae238b1 100644 --- a/virt/kvm/Kconfig +++ b/virt/kvm/Kconfig @@ -124,3 +124,6 @@ config HAVE_KVM_ARCH_GMEM_PREPARE config HAVE_KVM_ARCH_GMEM_INVALIDATE bool depends on KVM_PRIVATE_MEM + +config HAVE_KVM_USERFAULT + bool diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index de2c11dae231..23fa3e911c4e 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1541,6 +1541,9 @@ static int check_memory_region_flags(struct kvm *kvm, !(mem->flags & KVM_MEM_GUEST_MEMFD)) valid_flags |= KVM_MEM_READONLY; + if (kvm_has_userfault(kvm)) + valid_flags |= KVM_MEM_USERFAULT; + if (mem->flags & ~valid_flags) return -EINVAL; @@ -2042,6 +2045,8 @@ int __kvm_set_memory_region(struct kvm *kvm, if (r) goto out; } + if (mem->flags & KVM_MEM_USERFAULT) + new->userfault_bitmap = (unsigned long *)mem->userfault_bitmap; r = kvm_set_memslot(kvm, old, new, change); if (r) @@ -6426,3 +6431,26 @@ void kvm_exit(void) kvm_irqfd_exit(); } EXPORT_SYMBOL_GPL(kvm_exit); + +int kvm_gfn_userfault(struct kvm *kvm, struct kvm_memory_slot *memslot, + gfn_t gfn) +{ + unsigned long bitmap_chunk = 0; + off_t offset; + + if (!kvm_memslot_userfault(memslot)) + return 0; + + if (WARN_ON_ONCE(!memslot->userfault_bitmap)) + return 0; + + offset = gfn - memslot->base_gfn; + + if (copy_from_user(&bitmap_chunk, + memslot->userfault_bitmap + offset / BITS_PER_LONG, + sizeof(bitmap_chunk))) + return -EFAULT; + + /* Set in the bitmap means that the gfn is userfault */ + return !!(bitmap_chunk & (1ul << (offset % BITS_PER_LONG))); +}
Use one of the 14 reserved u64s in struct kvm_userspace_memory_region2 for the user to provide `userfault_bitmap`. The memslot flag indicates if KVM should be reading from the `userfault_bitmap` field from the memslot. The user is permitted to provide a bogus pointer. If the pointer cannot be read from, we will return -EFAULT (with no other information) back to the user. Signed-off-by: James Houghton <jthoughton@google.com> --- include/linux/kvm_host.h | 14 ++++++++++++++ include/uapi/linux/kvm.h | 4 +++- virt/kvm/Kconfig | 3 +++ virt/kvm/kvm_main.c | 28 ++++++++++++++++++++++++++++ 4 files changed, 48 insertions(+), 1 deletion(-)