From patchwork Wed Aug  7 07:06:09 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081161
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F24661395
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:29 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E055F2878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:29 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id CFA292896F; Wed,  7 Aug 2019 07:06:29 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 652E62878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:29 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 7ADCC6B0007; Wed,  7 Aug 2019 03:06:28 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 70F826B0008; Wed,  7 Aug 2019 03:06:28 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5FDD46B000C; Wed,  7 Aug 2019 03:06:28 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com
 [209.85.222.200])
	by kanga.kvack.org (Postfix) with ESMTP id 459BC6B0007
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:28 -0400 (EDT)
Received: by mail-qk1-f200.google.com with SMTP id c207so78092004qkb.11
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=hXDPuh5Kn7pFxSlRRDrUdecWVXcCQZqbNwxxDsR27Vo=;
        b=XRwaiKtx9bzPho2sHWRJw1wCa2kGADgH2vFaa+InW+829yW0ukoYuShaoR3uNdOeAF
         CawJuCZsWGVV3Md3BYXVXDqAR8QbIvWoAt6XBjG5GlcnPDCqayyA4kE74JuWxb7zgk8r
         kh+A6yram1NFVba9ee9++B2qe57xNlH2b4dK1bnBMcTMsy30nFDqSLLXP2xkWPivUofg
         8ocpuNvsHVBfEEEbSY5iTvsGfnviQw30WpCQ8jLYaxDn9lh2m9pAsVkckkOSaHOPQESC
         Y9+bgTCi8YJJlh1rSeJXqlvx4zQ0KoN/OsodCIWbH4UWUQf1hRdCyRTpo2UH2zjBuKf0
         T+Og==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAWQSHlGLvlsKot+cmpXmPeZyHtR0mAPWv3BZstqG/IOpDXlX/Up
	fP8Lgw1aY8wflcC3Wm6zTHNbkR2mfRmWaIHk1oVBPGbecQXdu1S2JKjlj0BQs5cQQJOZ1cKPmHz
	HGGpu2xahMvuDNQFFs0csRNY1ffMp0B2OpwOQ6A1hYtBG/Hweo7MpL6/zrDm8yxUNwA==
X-Received: by 2002:ac8:431e:: with SMTP id z30mr6630029qtm.291.1565161588095;
        Wed, 07 Aug 2019 00:06:28 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqyaYgJ/oiYEXXt3uhvdDSucD05kj/2iWbg0oD0XJL7Zi3VdJv1YpvWUBaXVw0z4PEtd0hvn
X-Received: by 2002:ac8:431e:: with SMTP id z30mr6630010qtm.291.1565161587586;
        Wed, 07 Aug 2019 00:06:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161587; cv=none;
        d=google.com; s=arc-20160816;
        b=XJ+GwiuGKxOaUEB+qwvQW1+G2GGr1XhAJujbtlWPkLh/Yk51gfbUacB7etIoGj4JVr
         MzQqUtUpsu4Abl9j3oaezVtvoUybIOTcFkv0P0N9Xdwb7/riK+BjaE+iXGaZks1am4Bn
         Mc1Dk/yYsjN6qwcMR7xxH4UxH7scPQRO8Qcwp0nnxQOgPZPwlcqaxl/SLKFi83xT022v
         o02Ef2u2jwkZJFFt8tghJNfVBNWZpfRTz67BN70QRKK2SeDa+1Pdm0MUnniEc6cb2g6z
         ojnQPZbmtDVOyENV7E2HmJX00Hk3Os5enJ6TCkEyeM4xxA2G02LTzZmcis/rGK+1xPEi
         NSug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=hXDPuh5Kn7pFxSlRRDrUdecWVXcCQZqbNwxxDsR27Vo=;
        b=MbIGkZH08fWgud2RBPzwBqfHGjQE/yLvZqpBB/D+Z/Mfxo5PRSiP4mQRHBJvxAczaO
         5sM5/cam34M509DD/PUzo1ea4TomSI4rPPcFnsTT+g8VXAtRZbSScYDdQ83bkbfPwwW7
         viOObb8sd5XNwkBGe5XCS5eRvx6lOmjpLi58H6lDQ0J3kKpJdytve6FyQvy+eIPvMt0B
         AfgGVugLy/JCRljB7ThbvWbYnQXiiJ1Q3R2mEPYtnX7OB/ev6SIm3Qn2+35es6vo+ohI
         fsH4nWD9KU9tS8BBMrGKLpGCA2SKwDlNR6909g1DxH25DDl2q22P6mSLaHzMmSlQacDW
         yU/g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id
 l3si51416911qve.218.2019.08.07.00.06.27
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id DC9B17DCC4;
	Wed,  7 Aug 2019 07:06:26 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5D34410016E9;
	Wed,  7 Aug 2019 07:06:24 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 1/9] vhost: don't set uaddr for invalid address
Date: Wed,  7 Aug 2019 03:06:09 -0400
Message-Id: <20190807070617.23716-2-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]);
 Wed, 07 Aug 2019 07:06:26 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

We should not setup uaddr for the invalid address, otherwise we may
try to pin or prefetch mapping of wrong pages.

Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 0536f8526359..488380a581dc 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -2082,7 +2082,8 @@ static long vhost_vring_set_num_addr(struct vhost_dev *d,
 	}
 
 #if VHOST_ARCH_CAN_ACCEL_UACCESS
-	vhost_setup_vq_uaddr(vq);
+	if (r == 0)
+		vhost_setup_vq_uaddr(vq);
 
 	if (d->mm)
 		mmu_notifier_register(&d->mmu_notifier, d->mm);

From patchwork Wed Aug  7 07:06:10 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081163
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BA0411395
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A83E72878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9A87F2896F; Wed,  7 Aug 2019 07:06:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 236722878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:33 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 33FB46B0008; Wed,  7 Aug 2019 03:06:32 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 2CA016B000C; Wed,  7 Aug 2019 03:06:32 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 1B7E66B000E; Wed,  7 Aug 2019 03:06:32 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com
 [209.85.222.198])
	by kanga.kvack.org (Postfix) with ESMTP id EC65A6B0008
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:31 -0400 (EDT)
Received: by mail-qk1-f198.google.com with SMTP id p18so4637554qke.9
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=ObXb8s+P+33YOBHS71fbz/1szBcAnp4vJnFUmXXP1hc=;
        b=fj9c5/Apurf6bKfKeBjeck2fPOdr3k7M0cmxNMKM6mmZ4fzVnbs60Ilgt/6lYpcXMz
         6X9tuRanTZ31uJG9rpLkrzr2kz0or+8Asp96/CakTmbm8lQxlwf6Fc+ONKc5kVNBmGUl
         nUu8dakF57lKdSlkq9t7/4i9gpaGKsOh12Xf86cDZufsB1JWbtgYmgpABuUlhh7UeJCQ
         t0VfpIaqx8dAMGbWAdK3+A51/XYFNZn0n5Lkz9IslFdDUP18ApnfJULTElR4bmJ/CId8
         2LvK3eSakYmmajpdNP+P+xvJVP5lEFihdt3Q6+P0b7du1PH/PXD1LiEs3hqHhLVDrsjg
         ONkw==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAUe7ceydbt0Ld6nWLOrhtP+ytoMlfdLyVqFv1iNCoqW3CEPND/E
	oxmxGo1JelAMGHebB2U242WUbsW5lK//zIh8AG5e9cFNCK3V7IP1pvUQAEtU9ZhAjAfh2X32QGy
	FS9oC+f0f3EuARYhU6voLZyEoW9DDkPH8iRc96MVxAxqUDYJUzHi9nlisr3h5n4kEJg==
X-Received: by 2002:a0c:d11c:: with SMTP id a28mr6687898qvh.180.1565161591685;
        Wed, 07 Aug 2019 00:06:31 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqwsuyN62vbpgyIsGHl3HCDaa0ETouFNmcquNnArpXpo/Yz3tbHxKtUOOnxnOmptPH8vsi5V
X-Received: by 2002:a0c:d11c:: with SMTP id a28mr6687861qvh.180.1565161590656;
        Wed, 07 Aug 2019 00:06:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161590; cv=none;
        d=google.com; s=arc-20160816;
        b=HJJTJp2Ozp9cI0nBO2g9G7utKU+/06AAfoP11LpbrTLEqfbF7KWPNibG2Ehk/F9pbK
         +l/mS/BBt3Bd9VvCi6RsScfFSG1VfCq1/PlsnBH83BRHBP0HVEEsQXScP/ulRXH1QEhU
         ktNtM8ioJCEfEbtmQWJV/mjTqahTTTqB7vCbT/E4NxHh/DS2JguydFxpK2tNhchmirpm
         NCFVMCvhJRiNJRWKVGALVYNxLWGwFdV1eIALDPolrryGW6VuZr5rOVZJNckFJvGjbIyL
         PWw62XCO+sFQoyq+chZrvZ3zhXmbrkYa0dJKZvs4n3HMLS2hnyeLpuXMNB81QwoPywZh
         3Vng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=ObXb8s+P+33YOBHS71fbz/1szBcAnp4vJnFUmXXP1hc=;
        b=n4i+rxgoGUP7NiNT6w0XRPVjjFqf/YxgQ/e9gdPL0l0kuPJy97BzggeVVYtLAEJpWj
         Vx9gJADSvnuogKIAUqk7RIQ47sH1byXGfCizEU4HFE+d1e8eTOZY0V1xiUF97MOcxn02
         utBE78MYEoarMB2S9X61lbUGikiJFyLXzjEeM+ZtVruoM7wNHbQ8sinDK9bLhmhFWeFz
         3X+eGhM1iw5rhML1o9dzK6wTNPwFFmOaaten9e07i8jSCfvfCtcXpjma0oKTfIpTxHi2
         RSQ+8dgfgOkqbSYOwgDxzQOp7EoW2GMMH3rNHxdrVSqmbhyUKDPMEn6nbup49A8/y1Q9
         /Jrw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id 22si9286568qvj.193.2019.08.07.00.06.30
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E00C62CE953;
	Wed,  7 Aug 2019 07:06:29 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 609271001281;
	Wed,  7 Aug 2019 07:06:27 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 2/9] vhost: validate MMU notifier registration
Date: Wed,  7 Aug 2019 03:06:10 -0400
Message-Id: <20190807070617.23716-3-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
 Wed, 07 Aug 2019 07:06:30 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

The return value of mmu_notifier_register() is not checked in
vhost_vring_set_num_addr(). This will cause an out of sync between mm
and MMU notifier thus a double free. To solve this, introduce a
boolean flag to track whether MMU notifier is registered and only do
unregistering when it was true.

Reported-and-tested-by:
syzbot+e58112d71f77113ddb7b@syzkaller.appspotmail.com
Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 19 +++++++++++++++----
 drivers/vhost/vhost.h |  1 +
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 488380a581dc..17f6abea192e 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -629,6 +629,7 @@ void vhost_dev_init(struct vhost_dev *dev,
 	dev->iov_limit = iov_limit;
 	dev->weight = weight;
 	dev->byte_weight = byte_weight;
+	dev->has_notifier = false;
 	init_llist_head(&dev->work_list);
 	init_waitqueue_head(&dev->wait);
 	INIT_LIST_HEAD(&dev->read_list);
@@ -730,6 +731,7 @@ long vhost_dev_set_owner(struct vhost_dev *dev)
 	if (err)
 		goto err_mmu_notifier;
 #endif
+	dev->has_notifier = true;
 
 	return 0;
 
@@ -959,7 +961,11 @@ void vhost_dev_cleanup(struct vhost_dev *dev)
 	}
 	if (dev->mm) {
 #if VHOST_ARCH_CAN_ACCEL_UACCESS
-		mmu_notifier_unregister(&dev->mmu_notifier, dev->mm);
+		if (dev->has_notifier) {
+			mmu_notifier_unregister(&dev->mmu_notifier,
+						dev->mm);
+			dev->has_notifier = false;
+		}
 #endif
 		mmput(dev->mm);
 	}
@@ -2064,8 +2070,10 @@ static long vhost_vring_set_num_addr(struct vhost_dev *d,
 	/* Unregister MMU notifer to allow invalidation callback
 	 * can access vq->uaddrs[] without holding a lock.
 	 */
-	if (d->mm)
+	if (d->has_notifier) {
 		mmu_notifier_unregister(&d->mmu_notifier, d->mm);
+		d->has_notifier = false;
+	}
 
 	vhost_uninit_vq_maps(vq);
 #endif
@@ -2085,8 +2093,11 @@ static long vhost_vring_set_num_addr(struct vhost_dev *d,
 	if (r == 0)
 		vhost_setup_vq_uaddr(vq);
 
-	if (d->mm)
-		mmu_notifier_register(&d->mmu_notifier, d->mm);
+	if (d->mm) {
+		r = mmu_notifier_register(&d->mmu_notifier, d->mm);
+		if (!r)
+			d->has_notifier = true;
+	}
 #endif
 
 	mutex_unlock(&vq->mutex);
diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
index 42a8c2a13ab1..a9a2a93857d2 100644
--- a/drivers/vhost/vhost.h
+++ b/drivers/vhost/vhost.h
@@ -214,6 +214,7 @@ struct vhost_dev {
 	int iov_limit;
 	int weight;
 	int byte_weight;
+	bool has_notifier;
 };
 
 bool vhost_exceeds_weight(struct vhost_virtqueue *vq, int pkts, int total_len);

From patchwork Wed Aug  7 07:06:11 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081165
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 240C1746
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:36 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 145242878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:36 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 086212896F; Wed,  7 Aug 2019 07:06:36 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9E6B22878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:35 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 78B186B000C; Wed,  7 Aug 2019 03:06:34 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 70FA56B000E; Wed,  7 Aug 2019 03:06:34 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5FDAA6B0010; Wed,  7 Aug 2019 03:06:34 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com
 [209.85.160.199])
	by kanga.kvack.org (Postfix) with ESMTP id 43D206B000C
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:34 -0400 (EDT)
Received: by mail-qt1-f199.google.com with SMTP id y19so81415910qtm.0
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=DkgRyBFTw1NOJeXBoWug970nIMArpHVJngzRV71MoTc=;
        b=iq7cxg76IqFv64V77wM4UJtYPaBgw22RMzC7SOILBv2x+xwSqipWnqyMEk5oHX+PL0
         97ts8ugUPyXGYJYgrgJEcyu0h2evIo/Hgx0z+oLsPp/tuZkV+6ouCgrWJ00VZq6dcZNZ
         3xkV2rGhSlVpTKEpOE0LmRzj19RyfBz4FjjSYdShZlBU7DrN3MuORPyZ30CKAyW2bh59
         1LtltFMIQXXDLNmMzwvlBaVFvQfJVKivcTrv43j/OzavnpUW9CA2wUiObded/JnT08eX
         xLiSraCmZk7wdD6K8qG+V3I+AM8cjiDPx7ZMeQPBEoth40Wvx5ByM9dfc8nYCAz/BxbZ
         e29w==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAVimcgL2w2GqH43+hOB4d4oqckNaWTIC+m+ZyT5gmGkF9rMUuJ0
	QLGbkdcGUv0Vf/dLvgVUdzQk6Zpw4qNUGr+jc1OxF0sqxRYq83uSRQYq6km8hgwU1Yq5IXlEA3n
	8UmIVzMKv2WRYop1WqXrgkWIj/Td74iLBGqgwPlD2o7won+CBpvW/B7qrg2nowni/Ug==
X-Received: by 2002:a37:83c4:: with SMTP id
 f187mr6701579qkd.380.1565161594088;
        Wed, 07 Aug 2019 00:06:34 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqxGhD19P5WXbeQdswie9meitmfWG7kOoTboc79S7f+e26POLo6OBOWaApmCc+tC5/Bs7vPH
X-Received: by 2002:a37:83c4:: with SMTP id
 f187mr6701555qkd.380.1565161593608;
        Wed, 07 Aug 2019 00:06:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161593; cv=none;
        d=google.com; s=arc-20160816;
        b=FTYJflfK2XvisGWJbrBcWYa9m3Jde0YHo9eb557WVR7bzHsdfhCG6Q47xHdLmJcL4Y
         p71iMovrBwNNZyXF8F1rN2fubMCyXmWmEDK95AmlcgTqC4R1xCigc/9PagfCztPr3EM3
         spojB/Nx+eWUyHP+VnpHl5vmiDknUiCxMVL37nEZ4HhBwPndbRPd4OeEyBfjPC+AHwnL
         hhxN9VAPK4WXwZQYY1ZjRh0OrzQuNhI69mAj8pd0bCdUc7YiEhhIPULkmmU1KVGP39Qc
         trv4PLpugQzmSbysfQpyKMxuM1t+sSdaleOjZKx1y7Nw+fD3N8zPDS3Pj8YyXuk9Y5bp
         S+gQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=DkgRyBFTw1NOJeXBoWug970nIMArpHVJngzRV71MoTc=;
        b=R97ypvQwebAkja+OXV2mm+eWkahUoHxeiW5WEBSJVughIqzy6oV+eDH7tJOaL0pMDj
         VcpojLC1ztgJ38jQbuE2WvrFMLX2wsodzl6PpP6QUWsoSWoxsKRJqbu1PGMNp8HGW43y
         hmzDCY+VmG8N958oQ1KJ2fkqm9wQBXpTve6+L3ORb6ujSJdxh1DPXnycORasOJgZUA/g
         N6oLXXM67FbK36CmV5mbYeICYhHyEWgD4V8YJq2fwQWMPqLuzlVrmMbpy2ZP6oaRqSgw
         LF6s0oLyaQ2xuNT0qKFiIIg396shWSWZoREhS4agT5kMbyrVAOjmXL5LnczvgucQbsgd
         ZqkQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id
 n1si48093616qtn.402.2019.08.07.00.06.33
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id DAE9C30B27A5;
	Wed,  7 Aug 2019 07:06:32 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5CAA210016E8;
	Wed,  7 Aug 2019 07:06:30 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 3/9] vhost: fix vhost map leak
Date: Wed,  7 Aug 2019 03:06:11 -0400
Message-Id: <20190807070617.23716-4-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]);
 Wed, 07 Aug 2019 07:06:32 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

We don't free map during vhost_map_unprefetch(). This means it could
be leaked. Fixing by free the map.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 17f6abea192e..2a3154976277 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -302,9 +302,7 @@ static void vhost_vq_meta_reset(struct vhost_dev *d)
 static void vhost_map_unprefetch(struct vhost_map *map)
 {
 	kfree(map->pages);
-	map->pages = NULL;
-	map->npages = 0;
-	map->addr = NULL;
+	kfree(map);
 }
 
 static void vhost_uninit_vq_maps(struct vhost_virtqueue *vq)

From patchwork Wed Aug  7 07:06:12 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081169
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 540131395
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:39 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 43E42287CD
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:39 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 385E728995; Wed,  7 Aug 2019 07:06:39 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C688E287CD
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:38 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9A9336B000E; Wed,  7 Aug 2019 03:06:37 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9593E6B0010; Wed,  7 Aug 2019 03:06:37 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 86E166B0269; Wed,  7 Aug 2019 03:06:37 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com
 [209.85.222.200])
	by kanga.kvack.org (Postfix) with ESMTP id 6469B6B000E
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:37 -0400 (EDT)
Received: by mail-qk1-f200.google.com with SMTP id c79so78394967qkg.13
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=xahfPfm1mZfbC4QuU9FoOa3rgOujgUARqGYj2KI+pdA=;
        b=VwagXuDKAdwblMrSwfDGtH21TQ4cj1kam0gsslZ83FbhcfS51WIBoxvZ82OP533qpe
         GK0B9uuO+dK3WFxdWbdq72URSwLSzYvTPn28uPBjMLSA3wmLxNrlIuip42igYEwAQ0PY
         udBCXSIggWDNelhtpDNaPnEvS+HoNWz97bFdARgSwcFR9G3oYdI9a6Y+bjfuYxkjI5S9
         VXQ+gQBu598t/ouHkPI+H3jY2H3PWon49Fmqhnw6OkP5dC/s6aDnTw5TAcB+5C4lj3mT
         T5rUJiHSBrJtxtqkwMVtUfyjmiYBK94soPmSXuohApW6+qZSsU2qtA5UR47vTBK/FDXF
         4yVA==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAXkS9qy3f0mM6V0Ze2fP6iXg3kx0uAzU0NppaC7XC3zulhTcr1Y
	qGfncOeWWpiypogek8im5QR6Xx61cSkA0ze+iVQKAiwRqt2My1+kQcbFFR3ktp8xJ08uvLpqKTK
	SWaZxXS1Xo5YhVLDEt8TK9TKa9aLdwLP3WvbB47eRBn7ZZhiBxbc+TIje41cvEvnRKQ==
X-Received: by 2002:a0c:9e27:: with SMTP id p39mr6580835qve.151.1565161597222;
        Wed, 07 Aug 2019 00:06:37 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqwEOfpxuDNXSc5NL8XP3uKbWtB9i7GOGlOT2L89pkNe2FrzTptK6g371bcqjUTZe/w71aRK
X-Received: by 2002:a0c:9e27:: with SMTP id p39mr6580815qve.151.1565161596603;
        Wed, 07 Aug 2019 00:06:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161596; cv=none;
        d=google.com; s=arc-20160816;
        b=WvxW8AKn5jLed0z4/XmXRZHVd6jwIVLGwZ6ZysZtwBTg2k3t30oqVEH0R0wVnYmWAw
         KQtO5Gy+E9lI1bokVOnwGJ5lPvMgpnoknu0jUdICYtqCucExWRvuaypeWL2QLyTDyZJX
         KcvJ+tCadxZtmUuAoPkd8UyK7kNGcfOWv5GR0zo8y24BZjypSzl8iVRU6WdagaeA6hmG
         LFcs9lkPU4GiYkGboZqUe0T9Vf/xJFMVkx8uCjvnWLzn6ruR2TcJutXSDyYjPdG8pk65
         GDpi7dzbtkMcWFMtcVZRdVFmbSqL2+SAmX05CPVZhqSQzgGJGP9u8RkvJ8xkW2ZeYXaQ
         fBkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=xahfPfm1mZfbC4QuU9FoOa3rgOujgUARqGYj2KI+pdA=;
        b=leabaW6Go9ECZ8gb2OHYrdKo+I/H98/vN1AfATQB/gFh75K6Qh6wKe2Zsl4j2pmRSY
         8759+X7VEu4SK2qSPkuYLHQJkUb6ndi6ViqArnnGxEYvFyD9sZ9E0HlN70w8A8fSy8E7
         jh9ic9djGzKzG3f29fi8LBAFB6tjKG+PLwFPIr1wTPfS4MK2g3HNPM9Rk48EOpnsVCPz
         zHj6bpPT6StyfJV20W1pdPf16+zyuBzK4hT8M4/dWjeAE4D+sSdHTFbgA70igKWefCFM
         iy6o2gas0tOdJ2Bbok3vfUfSPWkiLOz5Q1r+BIgdXaCycgGJzhZnqVs8My806Mc0V9Is
         2RWQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id
 h20si14986299qtb.397.2019.08.07.00.06.36
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id D614730DD076;
	Wed,  7 Aug 2019 07:06:35 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 583AF1001284;
	Wed,  7 Aug 2019 07:06:33 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 4/9] vhost: reset invalidate_count in
 vhost_set_vring_num_addr()
Date: Wed,  7 Aug 2019 03:06:12 -0400
Message-Id: <20190807070617.23716-5-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]);
 Wed, 07 Aug 2019 07:06:35 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

The vhost_set_vring_num_addr() could be called in the middle of
invalidate_range_start() and invalidate_range_end(). If we don't reset
invalidate_count after the un-registering of MMU notifier, the
invalidate_cont will run out of sync (e.g never reach zero). This will
in fact disable the fast accessor path. Fixing by reset the count to
zero.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Jason Gunthorpe <jgg@mellanox.com>
Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 2a3154976277..2a7217c33668 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -2073,6 +2073,10 @@ static long vhost_vring_set_num_addr(struct vhost_dev *d,
 		d->has_notifier = false;
 	}
 
+	/* reset invalidate_count in case we are in the middle of
+	 * invalidate_start() and invalidate_end().
+	 */
+	vq->invalidate_count = 0;
 	vhost_uninit_vq_maps(vq);
 #endif
 

From patchwork Wed Aug  7 07:06:13 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081173
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 51E4314F6
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:42 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 41332287CD
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:42 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2347D2896F; Wed,  7 Aug 2019 07:06:42 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C3B3C287CD
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:41 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 90C656B0010; Wed,  7 Aug 2019 03:06:40 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 89B326B0269; Wed,  7 Aug 2019 03:06:40 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 70FB46B026E; Wed,  7 Aug 2019 03:06:40 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com
 [209.85.160.199])
	by kanga.kvack.org (Postfix) with ESMTP id 4F5AD6B0010
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:40 -0400 (EDT)
Received: by mail-qt1-f199.google.com with SMTP id x10so81203520qti.11
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=JzO6kN8vx263crDqN9GLB46XC0hjzWSfPRcXHfgmC3U=;
        b=oyTUK7O2nwvejw6vt014J3mWoUyEs/+5n9uufcnR+o3y8aFUNi44IToJmRCUwGSGvo
         wJUxRkDQFl8C8G51HOBZnj5dLsN+IgUZqt7FutXPM8aQM6wM/ZAr+QHZ0K1ik/zr64S8
         XrdIJTHcQ/2+HtOPOLrlyVJfcw9/AkwZMpRYTTg0cXYKsXelpybx2oB1aa/cJgepVfSQ
         tcmw2Kt039GW7KdsE69NL9zcu8+6qJx07tdfsOaLt28ncaz2qTU6oORlcrzVnwdVfvw6
         HXd5DPHXvao713LmBEKefpHM6BTgFp2NadKK3a2bo6cafVp5yPePUAz5cGassExJSyq7
         ScHQ==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAU8l0DjljYsBGz8IOhWtDD1PIoi4lmY2qLft2B1FMniYda4ZjK3
	/1pVe/ApT/tYliaYpF+Wh0CJU9j2opIGP/3ctml8GRn0JftuSVnyEdttLPq1vALD8CRD5heIwgZ
	IASi2tz9H9FL9/YCtQklyBy84Zb6Fwl6kSMkpjFuGPausW2B+qCqsWDQLYJED6irEJg==
X-Received: by 2002:a0c:adef:: with SMTP id x44mr6704784qvc.153.1565161600114;
        Wed, 07 Aug 2019 00:06:40 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqxEE7vTmYluJ1xlTCEtJsIOkom2/p41f4fO/icOuiUHfJTXr6z0ALG9plNfKQGeDIbz3Gkc
X-Received: by 2002:a0c:adef:: with SMTP id x44mr6704753qvc.153.1565161599562;
        Wed, 07 Aug 2019 00:06:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161599; cv=none;
        d=google.com; s=arc-20160816;
        b=kRpFaTf9LbD53P2GIUZw2E4Kvn1NowgvsL+spve4sJWVjcKZdWW+t0SpPMcpmgfGwb
         EvWqqmTCT6Dcl5bImr//ttiKd/nMB79w1dvdXYj7k1kRDLz7LD8ZCTrp5OzsbZ6kmPNv
         UR492kbG5akM8JIjNjr+CrhMQnEypRAzjPvJ17L/rfdHWwIbViAatrzFwyk23yJfWvWr
         bedX22FkIv+q1Eozj6eE+qzRLTcXbWeolXDEmc2qPcrdt3IJ6GGDKHQIo7FYihs5ss/v
         9OVC/Dk9geLR4OjxroWov+VyOvwSt1Eubsx4osjLyL0roAv2rkdBQgXA2Us3tilcn1RB
         dINA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=JzO6kN8vx263crDqN9GLB46XC0hjzWSfPRcXHfgmC3U=;
        b=FwijmNR1y1e2rY0tXJY8DA1wQ3KqGVKAPW4ihTS0SPvawuHT0vIwXGky86psUJ2sdx
         0HGuEenKkjiLnDryOIFNGrqP4NdNJXRF5KCfXiYviCt2YjlIIY0vhytS4Md0iEvjkIju
         FF1Xj6G+ixHzEJgjU6agzRj3pINZ5IF+CgAxn8fsmubOrmlqseVl2moPMSxzZBqPBo7w
         thATv6+utQJsz3B7hDj0Nn/nNr6rOYPSJA5C9ezpKHCnqc2zzphy8O46untaJKSepPHj
         psh27dXLC6r1ZF7lYwlOixxXgnIT4bYwdcempdgePkpjvQsEhajkDXiyU5VoN0lTJDRy
         yvsA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id
 n83si35108614qke.91.2019.08.07.00.06.39
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id D4B5F300C22C;
	Wed,  7 Aug 2019 07:06:38 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 579C51001284;
	Wed,  7 Aug 2019 07:06:36 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 5/9] vhost: mark dirty pages during map uninit
Date: Wed,  7 Aug 2019 03:06:13 -0400
Message-Id: <20190807070617.23716-6-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]);
 Wed, 07 Aug 2019 07:06:38 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

We don't mark dirty pages if the map was teared down outside MMU
notifier. This will lead untracked dirty pages. Fixing by marking
dirty pages during map uninit.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 2a7217c33668..c12cdadb0855 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -305,6 +305,18 @@ static void vhost_map_unprefetch(struct vhost_map *map)
 	kfree(map);
 }
 
+static void vhost_set_map_dirty(struct vhost_virtqueue *vq,
+				struct vhost_map *map, int index)
+{
+	struct vhost_uaddr *uaddr = &vq->uaddrs[index];
+	int i;
+
+	if (uaddr->write) {
+		for (i = 0; i < map->npages; i++)
+			set_page_dirty(map->pages[i]);
+	}
+}
+
 static void vhost_uninit_vq_maps(struct vhost_virtqueue *vq)
 {
 	struct vhost_map *map[VHOST_NUM_ADDRS];
@@ -314,8 +326,10 @@ static void vhost_uninit_vq_maps(struct vhost_virtqueue *vq)
 	for (i = 0; i < VHOST_NUM_ADDRS; i++) {
 		map[i] = rcu_dereference_protected(vq->maps[i],
 				  lockdep_is_held(&vq->mmu_lock));
-		if (map[i])
+		if (map[i]) {
+			vhost_set_map_dirty(vq, map[i], i);
 			rcu_assign_pointer(vq->maps[i], NULL);
+		}
 	}
 	spin_unlock(&vq->mmu_lock);
 
@@ -353,7 +367,6 @@ static void vhost_invalidate_vq_start(struct vhost_virtqueue *vq,
 {
 	struct vhost_uaddr *uaddr = &vq->uaddrs[index];
 	struct vhost_map *map;
-	int i;
 
 	if (!vhost_map_range_overlap(uaddr, start, end))
 		return;
@@ -364,10 +377,7 @@ static void vhost_invalidate_vq_start(struct vhost_virtqueue *vq,
 	map = rcu_dereference_protected(vq->maps[index],
 					lockdep_is_held(&vq->mmu_lock));
 	if (map) {
-		if (uaddr->write) {
-			for (i = 0; i < map->npages; i++)
-				set_page_dirty(map->pages[i]);
-		}
+		vhost_set_map_dirty(vq, map, index);
 		rcu_assign_pointer(vq->maps[index], NULL);
 	}
 	spin_unlock(&vq->mmu_lock);

From patchwork Wed Aug  7 07:06:14 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081177
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4C4611395
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:47 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3BD7E2878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:47 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 302642896F; Wed,  7 Aug 2019 07:06:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CC1222878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:46 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id D2B186B0269; Wed,  7 Aug 2019 03:06:45 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id CDAD06B026E; Wed,  7 Aug 2019 03:06:45 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id BC9436B0272; Wed,  7 Aug 2019 03:06:45 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com
 [209.85.160.197])
	by kanga.kvack.org (Postfix) with ESMTP id 9C6F46B0269
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:45 -0400 (EDT)
Received: by mail-qt1-f197.google.com with SMTP id m25so81116122qtn.18
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=B1luxMJLkB4TGmpB4Z6oIauGJZZAFOoy1m4euQKOEm4=;
        b=BwEhYr6aZRQ0ZvrUkeI3rREFqsM7xESQ2mLa4DWY22iLyUW4vQOghZaT2s4+Y70pPR
         aUyrnt/YiONKe8YzpkEEKCfJWRNVCsAyireqTHVpubB7LwpPBtmlk4xGT4GMmKTiN/7a
         bNmGG4E8dMxZ+yoP/CmuCBuH+hTtGxy/c9dOKeK5cGih6Xp7Wi2EDJAyam9WDpTwYwnl
         ktMRiqQ0JsPD9Z6rNg49fWVvBHMZ8A7qMHnVzttFgfiHwhfJt1oXJkH/yWXVtgtjxNJQ
         oxmN8KiBl6eIw3Q3bJPwfjVt7y34ZFwDKJ1L7SG3i0wMvFmj10+YP9kvSOkC5QCL0cpN
         reWA==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAV6+lk23C4CNrwHpajXpLKj710RI7gY7LrFjXi9ReWFJ6kJhfeE
	ERiuPVFAGGYskqbwYktG5JADfWEcRdyhXh39jrvk/bJsT5h9dhO8TEuf/j3PTRhv+tHM8cmLg3H
	BtaovsgToOM/2FKfaxzCTKdUME5RxJohNPtK63/aOfEZWWfs2en7j3z4l0EDqeq/cPw==
X-Received: by 2002:a05:620a:1393:: with SMTP id
 k19mr6813408qki.67.1565161605461;
        Wed, 07 Aug 2019 00:06:45 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqx05zgvJRhhIslkk3zRwYd0akdvdqTQVm5SxjEKIypyWXH4jptpoA9nb4pOEWtk1Jj1XTjm
X-Received: by 2002:a05:620a:1393:: with SMTP id
 k19mr6813389qki.67.1565161604953;
        Wed, 07 Aug 2019 00:06:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161604; cv=none;
        d=google.com; s=arc-20160816;
        b=o05aeMdGgbx42aVpHpIAf1mw10fTrUEn5oKZHHOh33YeLU40qp+ZnEeXVbnq9kYvTc
         28szV31SSPmJHi+qAwyn59DH18ndlJhSnFFv9+raCekF6/Ybpuj/Q611ASn2ty9ipT06
         TmMi7m8QNtVm7ZgUQCYbQ8l2ZbSx4ivkUKbHAEk8bPvbT6Poshh1HaoyTzT0ribWcKgd
         mqzku9x535iutWp4s3+Zlx8r6pCzC4m8eRv2ASIU2R2MARJo+A4HCpCObvbs3IGv2yFz
         h2M6NpsVLrRtq45grpN6GWsP+2RlWoMqR2cGCDq9v0fWQ09nZw1q1JL6Hbh9fPFUSpo4
         zwXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=B1luxMJLkB4TGmpB4Z6oIauGJZZAFOoy1m4euQKOEm4=;
        b=aFfvwOmLW4UYECxVZvLV27LEKy6CytlgjCJnCwP7xgrTc+nsaMUHA3RkFVTJE6ahrs
         rTNFDX35XuHIv70UJVQrw+h/iilKnUTzmBED0wxvzazcQDKdb3TbWfeNWIiT160Svifi
         lXUkvQbNcWus1UyOgtrh0qd6uOn1/nwPE5skjvq6cat0+nSOLrNAX5tJvOw5aBaJg2Rc
         Xygzh+TCaeUgFo3m/i+oOlKbnuhs2o+8iknOVjf5f8nJQJFXZCHR+rXrgXJxbjpYhlB8
         bmm6Fj6eWLrWSjU90pV//PA9UDmfOffy57A4jKVWsCSWwbkLprc+BWyk2ZaN6GZsB4rx
         3MIw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id r21si229909qta.166.2019.08.07.00.06.44
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 3862B30BA1B4;
	Wed,  7 Aug 2019 07:06:44 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A47591001284;
	Wed,  7 Aug 2019 07:06:39 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 6/9] vhost: don't do synchronize_rcu() in
 vhost_uninit_vq_maps()
Date: Wed,  7 Aug 2019 03:06:14 -0400
Message-Id: <20190807070617.23716-7-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]);
 Wed, 07 Aug 2019 07:06:44 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

There's no need for RCU synchronization in vhost_uninit_vq_maps()
since we've already serialized with readers (memory accessors). This
also avoid the possible userspace DOS through ioctl() because of the
possible high latency caused by synchronize_rcu().

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index c12cdadb0855..cfc11f9ed9c9 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -333,7 +333,9 @@ static void vhost_uninit_vq_maps(struct vhost_virtqueue *vq)
 	}
 	spin_unlock(&vq->mmu_lock);
 
-	synchronize_rcu();
+	/* No need for synchronize_rcu() or kfree_rcu() since we are
+	 * serialized with memory accessors (e.g vq mutex held).
+	 */
 
 	for (i = 0; i < VHOST_NUM_ADDRS; i++)
 		if (map[i])

From patchwork Wed Aug  7 07:06:15 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081179
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9CA9C746
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:51 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8AFDE2878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:51 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7E48E2896F; Wed,  7 Aug 2019 07:06:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 979152878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:50 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 7118C6B026E; Wed,  7 Aug 2019 03:06:49 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6C1B56B0272; Wed,  7 Aug 2019 03:06:49 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 588FF6B0273; Wed,  7 Aug 2019 03:06:49 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com
 [209.85.222.198])
	by kanga.kvack.org (Postfix) with ESMTP id 31AF76B026E
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:49 -0400 (EDT)
Received: by mail-qk1-f198.google.com with SMTP id x28so1595681qki.21
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=SYlINvfnQReM9LtiAmH4n0lonK6ltUq2W4/IC64yAX0=;
        b=rQjtkMytvVWfxamEkGYM35WHlmKXShhOGYe95hNu85oUAp/em0YgEwxnUolGM1/0Js
         oBIoEzHAQwkx4of1Z8kiIwoZPnTEWrlHnKnGhIaDXX+VftrZ0LoX4SS3d6X0VM7taobA
         PAdzalYzbigT4ZORCL+ynXzk9Uz2sZy4HgwUYNO1tHIeK3IPgRdk4TGpuPNKpD8o+QdM
         Zs9QpvMzn/47QfcbxzQz/5gL7b8JqnqWEShExv2WL8Yo1qPDxKWHQTp3AuoScxgxoBl5
         6u1fzZpZyb1bOvkQAKdV7odH463uk4NGS2q+hfm7dMIHl+bdaSxd1jvoZC1Akg7Vll8g
         il8A==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAXIB1u4OS9EP3BMTuggWd4HU90xNY7u1+IGdgDY2OLH7MxzjXHG
	Ap91j9Dqf93lO54wd8fKb4JiZ9IhcnPNCDetQ+wmn1M52WG564GYk7gF+zVzFrKwMHMD2aAtGx6
	xo6vJRirbUfqd7ZnQKOR/xnlLA8y6AMxrlJBXUeU9q0G8KiWkTS3DJmNiPTNz9L+oBw==
X-Received: by 2002:ae9:ef0b:: with SMTP id d11mr6750676qkg.295.1565161608974;
        Wed, 07 Aug 2019 00:06:48 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqy67VFJZkBXoHkDYTKBP4oAVYcw1fs/jL+bSf/e9OZBHRCyKCnSkbWidgqdapKNVEQpQX7M
X-Received: by 2002:ae9:ef0b:: with SMTP id d11mr6750643qkg.295.1565161607959;
        Wed, 07 Aug 2019 00:06:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161607; cv=none;
        d=google.com; s=arc-20160816;
        b=OgvzV93CNbvc7dw9SDODR2ncxozR8icX5L9WI+92yvH0YregJXVCv/KFlDlKUyoRA2
         lUccZ2+rpDReySW9xvI5u/aO46Bi9MjHWBfc3L+6C6SXpCJBmjRwtAAT6eUCLERxQ8o2
         CjbkQTpX4swoz/UMLOXWg4gHYewUSDHmmmNxRbe8YdcI2qevy+DmJhiKz3Fts8hmq3Uw
         4FoV0hfE4eZG2V4pSBsUX1LA/ZeKIVVsn1Sg2O0qSxvHqO7isbV1R0DSfd3DyJ45TA3k
         +e5YnbRsfzkcTaXEL38NueK0uhlZEhyqQtiCfSyIa2NpwpXu9LOOVpx+rVDTiOv6yDle
         mktA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=SYlINvfnQReM9LtiAmH4n0lonK6ltUq2W4/IC64yAX0=;
        b=fOi/JjlSeduE6FhnnI43UTas+KnMzf9dJrY4K5DO0WgNNRFHZmrWlal3dGxNwCLQx+
         5vvx35c3NY8UnOusSaT2e8QDPmpnyWiui9ntxEkHfDakxCwuiOD8SU1o5KoSnoUM5AXK
         tKJS2Jk09lFwEMy1zPce9ySgGsyb/Xf9XIAQsOYrI/zFwGqu6wEJjYRm3y/z4SrkfKeD
         Ctvn/LxvjaB4F8NfG/fcWt9nzp3+rLt8RI5IuDzjKSbqS8G0WndUyCcpWDnSii3u11YN
         u6ALlIhRj3WKuO/nnm1Eg2q+aLZWxgpRhlronYo7METEjpN5krebkd0T2u1YigM36xkI
         gbvA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id
 n9si54643894qta.275.2019.08.07.00.06.47
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 304BD30BA1B9;
	Wed,  7 Aug 2019 07:06:47 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A96071001DC0;
	Wed,  7 Aug 2019 07:06:44 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 7/9] vhost: do not use RCU to synchronize MMU notifier with
 worker
Date: Wed,  7 Aug 2019 03:06:15 -0400
Message-Id: <20190807070617.23716-8-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]);
 Wed, 07 Aug 2019 07:06:47 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

We used to use RCU to synchronize MMU notifier with worker. This leads
calling synchronize_rcu() in invalidate_range_start(). But on a busy
system, there would be many factors that may slow down the
synchronize_rcu() which makes it unsuitable to be called in MMU
notifier.

So this patch switches use seqlock counter to track whether or not the
map was used. The counter was increased when vq try to start or finish
uses the map. This means, when it was even, we're sure there's no
readers and MMU notifier is synchronized. When it was odd, it means
there's a reader we need to wait it to be even again then we are
synchronized. Consider the read critical section is pretty small the
synchronization should be done very fast.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 141 ++++++++++++++++++++++++++----------------
 drivers/vhost/vhost.h |   7 ++-
 2 files changed, 90 insertions(+), 58 deletions(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index cfc11f9ed9c9..57bfbb60d960 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -324,17 +324,16 @@ static void vhost_uninit_vq_maps(struct vhost_virtqueue *vq)
 
 	spin_lock(&vq->mmu_lock);
 	for (i = 0; i < VHOST_NUM_ADDRS; i++) {
-		map[i] = rcu_dereference_protected(vq->maps[i],
-				  lockdep_is_held(&vq->mmu_lock));
+		map[i] = vq->maps[i];
 		if (map[i]) {
 			vhost_set_map_dirty(vq, map[i], i);
-			rcu_assign_pointer(vq->maps[i], NULL);
+			vq->maps[i] = NULL;
 		}
 	}
 	spin_unlock(&vq->mmu_lock);
 
-	/* No need for synchronize_rcu() or kfree_rcu() since we are
-	 * serialized with memory accessors (e.g vq mutex held).
+	/* No need for synchronization since we are serialized with
+	 * memory accessors (e.g vq mutex held).
 	 */
 
 	for (i = 0; i < VHOST_NUM_ADDRS; i++)
@@ -362,6 +361,40 @@ static bool vhost_map_range_overlap(struct vhost_uaddr *uaddr,
 	return !(end < uaddr->uaddr || start > uaddr->uaddr - 1 + uaddr->size);
 }
 
+static void inline vhost_vq_access_map_begin(struct vhost_virtqueue *vq)
+{
+	write_seqcount_begin(&vq->seq);
+}
+
+static void inline vhost_vq_access_map_end(struct vhost_virtqueue *vq)
+{
+	write_seqcount_end(&vq->seq);
+}
+
+static void inline vhost_vq_sync_access(struct vhost_virtqueue *vq)
+{
+	unsigned int seq;
+
+	/* Make sure any changes to map was done before checking seq
+	 * counter. Paired with smp_wmb() in write_seqcount_begin().
+	 */
+	smp_mb();
+	seq = raw_read_seqcount(&vq->seq);
+	/* Odd means the map was currently accessed by vhost worker */
+	if (seq & 0x1) {
+		/* When seq changes, we are sure no reader can see
+		 * previous map */
+		while (raw_read_seqcount(&vq->seq) == seq) {
+			if (need_resched())
+				schedule();
+		}
+	}
+	/* Make sure seq counter was checked before map is
+	 * freed. Paired with smp_wmb() in write_seqcount_end().
+	 */
+	smp_mb();
+}
+
 static void vhost_invalidate_vq_start(struct vhost_virtqueue *vq,
 				      int index,
 				      unsigned long start,
@@ -376,16 +409,15 @@ static void vhost_invalidate_vq_start(struct vhost_virtqueue *vq,
 	spin_lock(&vq->mmu_lock);
 	++vq->invalidate_count;
 
-	map = rcu_dereference_protected(vq->maps[index],
-					lockdep_is_held(&vq->mmu_lock));
+	map = vq->maps[index];
 	if (map) {
 		vhost_set_map_dirty(vq, map, index);
-		rcu_assign_pointer(vq->maps[index], NULL);
+		vq->maps[index] = NULL;
 	}
 	spin_unlock(&vq->mmu_lock);
 
 	if (map) {
-		synchronize_rcu();
+		vhost_vq_sync_access(vq);
 		vhost_map_unprefetch(map);
 	}
 }
@@ -457,7 +489,7 @@ static void vhost_init_maps(struct vhost_dev *dev)
 	for (i = 0; i < dev->nvqs; ++i) {
 		vq = dev->vqs[i];
 		for (j = 0; j < VHOST_NUM_ADDRS; j++)
-			RCU_INIT_POINTER(vq->maps[j], NULL);
+			vq->maps[j] = NULL;
 	}
 }
 #endif
@@ -655,6 +687,7 @@ void vhost_dev_init(struct vhost_dev *dev,
 		vq->indirect = NULL;
 		vq->heads = NULL;
 		vq->dev = dev;
+		seqcount_init(&vq->seq);
 		mutex_init(&vq->mutex);
 		spin_lock_init(&vq->mmu_lock);
 		vhost_vq_reset(dev, vq);
@@ -921,7 +954,7 @@ static int vhost_map_prefetch(struct vhost_virtqueue *vq,
 	map->npages = npages;
 	map->pages = pages;
 
-	rcu_assign_pointer(vq->maps[index], map);
+	vq->maps[index] = map;
 	/* No need for a synchronize_rcu(). This function should be
 	 * called by dev->worker so we are serialized with all
 	 * readers.
@@ -1216,18 +1249,18 @@ static inline int vhost_put_avail_event(struct vhost_virtqueue *vq)
 	struct vring_used *used;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_USED]);
+		map = vq->maps[VHOST_ADDR_USED];
 		if (likely(map)) {
 			used = map->addr;
 			*((__virtio16 *)&used->ring[vq->num]) =
 				cpu_to_vhost16(vq, vq->avail_idx);
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1245,18 +1278,18 @@ static inline int vhost_put_used(struct vhost_virtqueue *vq,
 	size_t size;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_USED]);
+		map = vq->maps[VHOST_ADDR_USED];
 		if (likely(map)) {
 			used = map->addr;
 			size = count * sizeof(*head);
 			memcpy(used->ring + idx, head, size);
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1272,17 +1305,17 @@ static inline int vhost_put_used_flags(struct vhost_virtqueue *vq)
 	struct vring_used *used;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_USED]);
+		map = vq->maps[VHOST_ADDR_USED];
 		if (likely(map)) {
 			used = map->addr;
 			used->flags = cpu_to_vhost16(vq, vq->used_flags);
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1298,17 +1331,17 @@ static inline int vhost_put_used_idx(struct vhost_virtqueue *vq)
 	struct vring_used *used;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_USED]);
+		map = vq->maps[VHOST_ADDR_USED];
 		if (likely(map)) {
 			used = map->addr;
 			used->idx = cpu_to_vhost16(vq, vq->last_used_idx);
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1362,17 +1395,17 @@ static inline int vhost_get_avail_idx(struct vhost_virtqueue *vq,
 	struct vring_avail *avail;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_AVAIL]);
+		map = vq->maps[VHOST_ADDR_AVAIL];
 		if (likely(map)) {
 			avail = map->addr;
 			*idx = avail->idx;
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1387,17 +1420,17 @@ static inline int vhost_get_avail_head(struct vhost_virtqueue *vq,
 	struct vring_avail *avail;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_AVAIL]);
+		map = vq->maps[VHOST_ADDR_AVAIL];
 		if (likely(map)) {
 			avail = map->addr;
 			*head = avail->ring[idx & (vq->num - 1)];
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1413,17 +1446,17 @@ static inline int vhost_get_avail_flags(struct vhost_virtqueue *vq,
 	struct vring_avail *avail;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_AVAIL]);
+		map = vq->maps[VHOST_ADDR_AVAIL];
 		if (likely(map)) {
 			avail = map->addr;
 			*flags = avail->flags;
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1438,15 +1471,15 @@ static inline int vhost_get_used_event(struct vhost_virtqueue *vq,
 	struct vring_avail *avail;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
-		map = rcu_dereference(vq->maps[VHOST_ADDR_AVAIL]);
+		vhost_vq_access_map_begin(vq);
+		map = vq->maps[VHOST_ADDR_AVAIL];
 		if (likely(map)) {
 			avail = map->addr;
 			*event = (__virtio16)avail->ring[vq->num];
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1461,17 +1494,17 @@ static inline int vhost_get_used_idx(struct vhost_virtqueue *vq,
 	struct vring_used *used;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_USED]);
+		map = vq->maps[VHOST_ADDR_USED];
 		if (likely(map)) {
 			used = map->addr;
 			*idx = used->idx;
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1486,17 +1519,17 @@ static inline int vhost_get_desc(struct vhost_virtqueue *vq,
 	struct vring_desc *d;
 
 	if (!vq->iotlb) {
-		rcu_read_lock();
+		vhost_vq_access_map_begin(vq);
 
-		map = rcu_dereference(vq->maps[VHOST_ADDR_DESC]);
+		map = vq->maps[VHOST_ADDR_DESC];
 		if (likely(map)) {
 			d = map->addr;
 			*desc = *(d + idx);
-			rcu_read_unlock();
+			vhost_vq_access_map_end(vq);
 			return 0;
 		}
 
-		rcu_read_unlock();
+		vhost_vq_access_map_end(vq);
 	}
 #endif
 
@@ -1843,13 +1876,11 @@ static bool iotlb_access_ok(struct vhost_virtqueue *vq,
 #if VHOST_ARCH_CAN_ACCEL_UACCESS
 static void vhost_vq_map_prefetch(struct vhost_virtqueue *vq)
 {
-	struct vhost_map __rcu *map;
+	struct vhost_map *map;
 	int i;
 
 	for (i = 0; i < VHOST_NUM_ADDRS; i++) {
-		rcu_read_lock();
-		map = rcu_dereference(vq->maps[i]);
-		rcu_read_unlock();
+		map = vq->maps[i];
 		if (unlikely(!map))
 			vhost_map_prefetch(vq, i);
 	}
diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
index a9a2a93857d2..12399e7c7a61 100644
--- a/drivers/vhost/vhost.h
+++ b/drivers/vhost/vhost.h
@@ -115,16 +115,17 @@ struct vhost_virtqueue {
 #if VHOST_ARCH_CAN_ACCEL_UACCESS
 	/* Read by memory accessors, modified by meta data
 	 * prefetching, MMU notifier and vring ioctl().
-	 * Synchonrized through mmu_lock (writers) and RCU (writers
-	 * and readers).
+	 * Synchonrized through mmu_lock (writers) and seqlock
+         * counters,  see vhost_vq_access_map_{begin|end}().
 	 */
-	struct vhost_map __rcu *maps[VHOST_NUM_ADDRS];
+	struct vhost_map *maps[VHOST_NUM_ADDRS];
 	/* Read by MMU notifier, modified by vring ioctl(),
 	 * synchronized through MMU notifier
 	 * registering/unregistering.
 	 */
 	struct vhost_uaddr uaddrs[VHOST_NUM_ADDRS];
 #endif
+	seqcount_t seq;
 	const struct vhost_umem_node *meta_iotlb[VHOST_NUM_ADDRS];
 
 	struct file *kick;

From patchwork Wed Aug  7 07:06:16 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081181
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D5DBD1395
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:53 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C63E32878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:53 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id BAA0D2899E; Wed,  7 Aug 2019 07:06:53 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6A35F287CD
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:53 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id D08826B0272; Wed,  7 Aug 2019 03:06:51 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C43B96B0273; Wed,  7 Aug 2019 03:06:51 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id AE2646B0274; Wed,  7 Aug 2019 03:06:51 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com
 [209.85.160.198])
	by kanga.kvack.org (Postfix) with ESMTP id 8AD9C6B0272
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:51 -0400 (EDT)
Received: by mail-qt1-f198.google.com with SMTP id q9so2033313qtp.20
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=emOCY78+qYrPzYEsa6BTu0t1qLH1xOVvjmlFjmRfsdo=;
        b=FP3XHinKgRS7ahoFgcsn+gnq+uRRnHc0jMfMQjZgZpAHaDttq8Ub06rD/6Mff1ct+R
         ljhyw21DHINadm0CVsBaL5K1wwvSQTAaGLDh8mhljbCL2jm7UZPCj2cF60tpg/KULWBR
         mdz0zooayRCDls6AIXmZPCBZu1adSCJim42PvsTN3Eay2IGBVmnsti+p2yp/S17x2E4u
         yHPbnKAYFcpswI0ItcqObWGa8vTbE8g0zWx5DEdujME0OO+NQ5fp5dBh70x7Tjq9UEWa
         Rm0dGxL/ZM8p1dDDuiLLn3qQJAsSIF2iA1IgCUkv2StsBG5J1rsQNHbtx50Z3ikXw07M
         YTUQ==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAWJGq2N7eFR0Lz5OhS1As8Av824vYsgNKfpC14md7aRj/+TsXPf
	MJuDu7ZWlO5Lipm5AmMtnbVj9oBPrwHkXXTRiFL+Kg+PLcIn8xqzpYq/AEw+QuPtyQtVwZ1Ukdx
	uBsih8uQysdMLODnACKxobI3Af3Ho9x+rFK1JyLo2K4v70aLPgdVRuf5rYFgXo/3YcA==
X-Received: by 2002:aed:3b02:: with SMTP id p2mr6887031qte.62.1565161611364;
        Wed, 07 Aug 2019 00:06:51 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqwCoixfDiFWJyWpiUWjfG5BXTp2y2wsOZlKh0O82SPyMEMIgoskTWO2tnsGrUIlww65hiKd
X-Received: by 2002:aed:3b02:: with SMTP id p2mr6887010qte.62.1565161610865;
        Wed, 07 Aug 2019 00:06:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161610; cv=none;
        d=google.com; s=arc-20160816;
        b=dZHEGjW8J6zX5H9AxuZ1Qqh7opEyoVtHKDs9J2EsrXzJRn7iJoF5oobfW8/ltAaOB5
         0riA0TgSG9m/1ebfdMIbyUpMiEAav6ObLKbnkDA9TBOWxLwFmmXlmNHsR98wFDvn/u16
         1+Wt/DX2cy+lBIAiWI7HTKLVaRZHzkBH9od8dMc/TkQsKFsZ7H5wLA+7VLf6b95MvIDe
         DN/u35rZKndTq1jvEOsOzFkNFqudxniqj8AO8pzBIaW1RRAtT/mOVCkGFzaSFmp3nYVz
         3BH2bJiPqFn+WhEg0q4vcXo0k7pGLJ0zdrILBpruYbDcOFnO3eq/a2sPKkEJ8FOyrdbx
         RXmg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=emOCY78+qYrPzYEsa6BTu0t1qLH1xOVvjmlFjmRfsdo=;
        b=UDRg7IDmVD8sCr4hM0/vwB2eRnijAXun66v0h1EZX14a6WETxbeBxqCuIVocd6BhkR
         p2xuY9hFCC2NJQ1EvlPndZhba4Xn3fxhK30/gqFXjyUXUrormUPoiJNTAAmHJBXJRmtF
         CEbwi9EA4OVG7EYvUYp+g8NUy2CxLSKWbGm0K/rvTd0XtZ7XH+6KpVilYsWbXBOTfsar
         j96BgcLzGBsRDRLh/6wE3XTD3Yfl85QvubW5znAnzzg97b/4wBlvxXUneFhXyJQEuKcf
         GElZuqE7LI+74Nw+5mb43XhOX7TCMDOQbSzgZfO9Fls4p+3/imtNb+m6rXBf1sowvkpQ
         a8tQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id
 s26si55048929qta.169.2019.08.07.00.06.50
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 2E6E6CAA6D;
	Wed,  7 Aug 2019 07:06:50 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A4D861001B02;
	Wed,  7 Aug 2019 07:06:47 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 8/9] vhost: correctly set dirty pages in MMU notifiers
 callback
Date: Wed,  7 Aug 2019 03:06:16 -0400
Message-Id: <20190807070617.23716-9-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Wed, 07 Aug 2019 07:06:50 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

We need make sure there's no reference on the map before trying to
mark set dirty pages.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 57bfbb60d960..6650a3ff88c1 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -410,14 +410,13 @@ static void vhost_invalidate_vq_start(struct vhost_virtqueue *vq,
 	++vq->invalidate_count;
 
 	map = vq->maps[index];
-	if (map) {
-		vhost_set_map_dirty(vq, map, index);
+	if (map)
 		vq->maps[index] = NULL;
-	}
 	spin_unlock(&vq->mmu_lock);
 
 	if (map) {
 		vhost_vq_sync_access(vq);
+		vhost_set_map_dirty(vq, map, index);
 		vhost_map_unprefetch(map);
 	}
 }

From patchwork Wed Aug  7 07:06:17 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jason Wang <jasowang@redhat.com>
X-Patchwork-Id: 11081183
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 18CF91395
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:57 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 03EF82878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:57 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E83DF2896F; Wed,  7 Aug 2019 07:06:56 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5F4D82878F
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed,  7 Aug 2019 07:06:56 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id DEE166B0273; Wed,  7 Aug 2019 03:06:54 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D9E6E6B0274; Wed,  7 Aug 2019 03:06:54 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C41936B0275; Wed,  7 Aug 2019 03:06:54 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com
 [209.85.222.200])
	by kanga.kvack.org (Postfix) with ESMTP id 9D74E6B0273
	for <linux-mm@kvack.org>; Wed,  7 Aug 2019 03:06:54 -0400 (EDT)
Received: by mail-qk1-f200.google.com with SMTP id 5so78283270qki.2
        for <linux-mm@kvack.org>; Wed, 07 Aug 2019 00:06:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=sYjMC87t7lQK71a5hL6RYQpnRJhjlWcFG0kpxjHSl+k=;
        b=X6Sg/4+W/UA0ebVOBX42VAKllfeGHA9WuxU+G5TDCmqObJBHHQIRShd2KjMSotikGo
         rfA5zrKPe0Xn6CiUHe8lwOA9bkovnNncpg+DpCEhH7Ohh6oIZc0uFM+YM713LqB4ecBx
         PKvnTP4TrlM7O7VS0tbyKb/vV5qqgA3m/+QToni68FnbLfgvxCsS9WDXjftJn2pV3LST
         e9+I/n/aLz+OUPqD2TQ1fbszQleG4EhgMaqIaMTjwf0NAUGN/ngG3d/p+9/ffM/ghDDr
         T25NwZQ5niHixuGBojHuk1nuVFIAkQ2VWmGX4YNDpj5WT4Dn/Tj4iJUy/1NDNWtFeWAe
         7hIg==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
X-Gm-Message-State: APjAAAWgQhoASkwDWo9fsywpxY34fR1crd1yf1NVtJFPkbTVR9bDVB/7
	Q3uac983z2nuH6i9/fiQadNT8SGDNmTi7wRbBQhsIxkmuya7xjl/VhCsgL3/kbx5dX0lKpn2Arz
	46yihmhJtX+U0bmiT4qIrqoVd+o71gl/KCQ+/JNWZ3gANRW4uuuT+ptK1Q/ew51m6IQ==
X-Received: by 2002:a0c:d4d0:: with SMTP id y16mr6450918qvh.191.1565161614437;
        Wed, 07 Aug 2019 00:06:54 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqwoC31ruguoTh8erVWvksfV5FKa8nfo8cw7CkjB1PJkQwCn5AW/aiWVfXqghN50PwKYsB9H
X-Received: by 2002:a0c:d4d0:: with SMTP id y16mr6450898qvh.191.1565161613870;
        Wed, 07 Aug 2019 00:06:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565161613; cv=none;
        d=google.com; s=arc-20160816;
        b=appNgWHM9z9Yw2FmK1V5By536D7J7tzY5YkUsShUGbXhU3BeOzgRSxrTSHoui1uncl
         JgyzTW3jqBWaRAqJ79B5xWag9VPqaR8B/gDs8nR+0kJs+EHDZ8+18+WvyEvb5s5Lkxgn
         3ct7oa1+3L5qY8iKmUh50lJVZJ/2GSLsh9vxT4dKaMS4ZJDCpxp0v3sAzmJwQ1tTkwhP
         W3iJpZgVSx/0vBMdlTDPEMzPX9eyLsr6zS+N6eAvzl4YNReAT4vntlkXm3zNTaHLVM5y
         Av9IoLinZn6h+dqjB/wJRg/ucRfqlP4JwjUl7FFyTEJGSjxplNofi214Ct+FMD9S45XO
         Xt1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=sYjMC87t7lQK71a5hL6RYQpnRJhjlWcFG0kpxjHSl+k=;
        b=ikI/5ospfflL6q9ayRhfkOqBQ7+ico/g1YXwRq+mUdc4RoD213EWhHuBregAh5XWnI
         OmWML+Jpl2CdSgV4h4urkc8JsYHzGKIKprZ8prPNl63D9dyRCkkHusKEgNyZIO1KXDAO
         LxyaM8lpFv4hCSMxbVKR9/prWR4x7pRPlO2RZmEX/sg7bOFXxIZQxuPFn6QZ7WYRTiZb
         uNQcLjLlWNYOjRCbn5oVi/semSG70zcyGJ97c3D1lSW03RWJIx/OSRPlUoWKIcNXRRxk
         NzcjPuXH2HKCSlIijPDRKmaipaPKqUf5tGXjhg3LHLx+x49kikeu0hb7oksC57k9LR3h
         zkSw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28])
        by mx.google.com with ESMTPS id
 h7si18225127qkj.360.2019.08.07.00.06.53
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Aug 2019 00:06:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) client-ip=209.132.183.28;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of jasowang@redhat.com designates
 209.132.183.28 as permitted sender) smtp.mailfrom=jasowang@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 2EC3CC009DE2;
	Wed,  7 Aug 2019 07:06:53 +0000 (UTC)
Received: from hp-dl380pg8-01.lab.eng.pek2.redhat.com
 (hp-dl380pg8-01.lab.eng.pek2.redhat.com [10.73.8.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A5BFA1000324;
	Wed,  7 Aug 2019 07:06:50 +0000 (UTC)
From: Jason Wang <jasowang@redhat.com>
To: mst@redhat.com,
	kvm@vger.kernel.org,
	virtualization@lists.linux-foundation.org,
	netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	jgg@ziepe.ca,
	Jason Wang <jasowang@redhat.com>
Subject: [PATCH V4 9/9] vhost: do not return -EAGAIN for non blocking
 invalidation too early
Date: Wed,  7 Aug 2019 03:06:17 -0400
Message-Id: <20190807070617.23716-10-jasowang@redhat.com>
In-Reply-To: <20190807070617.23716-1-jasowang@redhat.com>
References: <20190807070617.23716-1-jasowang@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
 Wed, 07 Aug 2019 07:06:53 +0000 (UTC)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Instead of returning -EAGAIN unconditionally, we'd better do that only
we're sure the range is overlapped with the metadata area.

Reported-by: Jason Gunthorpe <jgg@ziepe.ca>
Fixes: 7f466032dc9e ("vhost: access vq metadata through kernel virtual address")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/vhost/vhost.c | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 6650a3ff88c1..0271f853fa9c 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -395,16 +395,19 @@ static void inline vhost_vq_sync_access(struct vhost_virtqueue *vq)
 	smp_mb();
 }
 
-static void vhost_invalidate_vq_start(struct vhost_virtqueue *vq,
-				      int index,
-				      unsigned long start,
-				      unsigned long end)
+static int vhost_invalidate_vq_start(struct vhost_virtqueue *vq,
+				     int index,
+				     unsigned long start,
+				     unsigned long end,
+				     bool blockable)
 {
 	struct vhost_uaddr *uaddr = &vq->uaddrs[index];
 	struct vhost_map *map;
 
 	if (!vhost_map_range_overlap(uaddr, start, end))
-		return;
+		return 0;
+	else if (!blockable)
+		return -EAGAIN;
 
 	spin_lock(&vq->mmu_lock);
 	++vq->invalidate_count;
@@ -419,6 +422,8 @@ static void vhost_invalidate_vq_start(struct vhost_virtqueue *vq,
 		vhost_set_map_dirty(vq, map, index);
 		vhost_map_unprefetch(map);
 	}
+
+	return 0;
 }
 
 static void vhost_invalidate_vq_end(struct vhost_virtqueue *vq,
@@ -439,18 +444,19 @@ static int vhost_invalidate_range_start(struct mmu_notifier *mn,
 {
 	struct vhost_dev *dev = container_of(mn, struct vhost_dev,
 					     mmu_notifier);
-	int i, j;
-
-	if (!mmu_notifier_range_blockable(range))
-		return -EAGAIN;
+	bool blockable = mmu_notifier_range_blockable(range);
+	int i, j, ret;
 
 	for (i = 0; i < dev->nvqs; i++) {
 		struct vhost_virtqueue *vq = dev->vqs[i];
 
-		for (j = 0; j < VHOST_NUM_ADDRS; j++)
-			vhost_invalidate_vq_start(vq, j,
-						  range->start,
-						  range->end);
+		for (j = 0; j < VHOST_NUM_ADDRS; j++) {
+			ret = vhost_invalidate_vq_start(vq, j,
+							range->start,
+							range->end, blockable);
+			if (ret)
+				return ret;
+		}
 	}
 
 	return 0;