From patchwork Mon Feb 24 23:55:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13989118 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 75753C021B6 for ; Mon, 24 Feb 2025 23:59:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Reply-To:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To: From:Subject:Message-ID:References:Mime-Version:In-Reply-To:Date: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=VUFWBiQUtkyxtQjLqO6VHI65Q9aVoo/tjEK11vAPqoc=; b=CAVeKmhUNTEGDg1gXyuYlApoWI T4HbZVLBH1L1MddGCtcsp7e/5R8AlFYe9XHDzHZUzLopi6SaBUTEaxqePSjWgtreI02/9SfCvAKD2 7ODCVJr37nm6RdJ3pkgEMkfRbBSDMyWQhfGlmGehyHzf/5CWHA/MNgekjfPAuGnyfhTCHf79FjhCq AVmWsLBUEP6g0i34fKjzlUTNr1putOVQ084ZbfsyKk66qOh4kdhF3+1h6sMJz4OwY+7A3gqH4xBtI SoJZtt3JlZkRr/MUXIxR9PWJnCF7KNfIcqGNL2W4y0RPzyUMw6TKIzVQhEGXOJY31NF5OWpVXkMwL /2JtYf3Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tmiLj-0000000FZ2f-2Fjl; Mon, 24 Feb 2025 23:58:59 +0000 Received: from mail-pj1-x1049.google.com ([2607:f8b0:4864:20::1049]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tmiIe-0000000FXuF-0EF9 for linux-arm-kernel@lists.infradead.org; Mon, 24 Feb 2025 23:55:49 +0000 Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-2fce2954a10so13725320a91.1 for ; Mon, 24 Feb 2025 15:55:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740441347; x=1741046147; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=VUFWBiQUtkyxtQjLqO6VHI65Q9aVoo/tjEK11vAPqoc=; b=O/259i2+o40P2BZWY1LN65FqqacPGrB1mk5tiHrf30lVGEZQinEwJbOJGOSYkE5I8m 9ucS72Nc0Rr6oFT/i0gqyWEsYeCeZrbQlqyuh4uFJ9JHQ8ESmlsb33HPLOndT5cDWUaM hm+ffjdKbqfoNS67EAM6BxlLFeg0BxBonl/auF9S4WsYJSQVzV+QH8//vuM59/r5qt8O 7q71Jaw2W5PbqFRWw1goiy0CYCoWDSeBPjooN90gTneuFGpst35R/YLJAYgg7Ke3Kazo Guqcmv1AUiuEqJHE7hocFKoHNRBtrF62+hlBl+m0xhcSEzjBrQ5CrdM9xwouZ4upafIM JzZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740441347; x=1741046147; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VUFWBiQUtkyxtQjLqO6VHI65Q9aVoo/tjEK11vAPqoc=; b=ps7y6pzFLRu/9Y6UIUvXJ3eaXkpH7WbjcFUJzkBNAHtALy6iryyaihBKooBmCmnr80 q9+1JqREMYE/TFgNJEMZkHXSGa4VZWLBs5QIeRZXp0TY/nRBbm7MfGygUXFlSKoARLfp G66URFOChRYxuRgZB9i7vdwq3+mLt9vVQ28c0qyaJI27NPP6U4SM/pdLcQsgWVh4zpNi 3LvrNaZwzy2QZEmiVPaZffk4TlC5mAXMeRCs64TDFiM6cuohpBkk1FJGTDJ1eEOpruhp VeWp7MQczTqVz9rEzpjoyCGk81yMo0K/0QIACdSWOdAmK907H8wR2CrNv0Zf6LHEOX8A /T1g== X-Gm-Message-State: AOJu0YySX+DnfiCOrHi7o4yDxrk0QkcqKKR/kWCgt3brXYW6QJEy/mTU efuggMJSxHaag+pF6Xvv3AQwLzulLN9LL3JRDOo2kPFEQTUrD+yjZjtntz90uEsznQHbuOZc/SJ q7Q== X-Google-Smtp-Source: AGHT+IEskcg8NGcMgI3lzGvHxN+7n9pLx0XcpaLq7IsEpPM2kCgPZOpZWimEzcKRut1Ut1sQ02q7DWsQk2M= X-Received: from pjuw11.prod.google.com ([2002:a17:90a:d60b:b0:2fa:1771:e276]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:e18c:b0:2ea:bf1c:1e3a with SMTP id 98e67ed59e1d1-2fce86ae2cbmr28015424a91.12.1740441347216; Mon, 24 Feb 2025 15:55:47 -0800 (PST) Date: Mon, 24 Feb 2025 15:55:36 -0800 In-Reply-To: <20250224235542.2562848-1-seanjc@google.com> Mime-Version: 1.0 References: <20250224235542.2562848-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250224235542.2562848-2-seanjc@google.com> Subject: [PATCH 1/7] KVM: x86: Free vCPUs before freeing VM state From: Sean Christopherson To: Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Madhavan Srinivasan , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Sean Christopherson , Paolo Bonzini Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, loongarch@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Aaron Lewis , Jim Mattson , Yan Zhao , Rick P Edgecombe , Kai Huang , Isaku Yamahata X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250224_155548_097041_50303D38 X-CRM114-Status: GOOD ( 13.19 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Free vCPUs before freeing any VM state, as both SVM and VMX may access VM state when "freeing" a vCPU that is currently "in" L2, i.e. that needs to be kicked out of nested guest mode. Commit 6fcee03df6a1 ("KVM: x86: avoid loading a vCPU after .vm_destroy was called") partially fixed the issue, but for unknown reasons only moved the MMU unloading before VM destruction. Complete the change, and free all vCPU state prior to destroying VM state, as nVMX accesses even more state than nSVM. In addition to the AVIC, KVM can hit a use-after-free on MSR filters: kvm_msr_allowed+0x4c/0xd0 __kvm_set_msr+0x12d/0x1e0 kvm_set_msr+0x19/0x40 load_vmcs12_host_state+0x2d8/0x6e0 [kvm_intel] nested_vmx_vmexit+0x715/0xbd0 [kvm_intel] nested_vmx_free_vcpu+0x33/0x50 [kvm_intel] vmx_free_vcpu+0x54/0xc0 [kvm_intel] kvm_arch_vcpu_destroy+0x28/0xf0 kvm_vcpu_destroy+0x12/0x50 kvm_arch_destroy_vm+0x12c/0x1c0 kvm_put_kvm+0x263/0x3c0 kvm_vm_release+0x21/0x30 and an upcoming fix to process injectable interrupts on nested VM-Exit will access the PIC: BUG: kernel NULL pointer dereference, address: 0000000000000090 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page CPU: 23 UID: 1000 PID: 2658 Comm: kvm-nx-lpage-re RIP: 0010:kvm_cpu_has_extint+0x2f/0x60 [kvm] Call Trace: kvm_cpu_has_injectable_intr+0xe/0x60 [kvm] nested_vmx_vmexit+0x2d7/0xdf0 [kvm_intel] nested_vmx_free_vcpu+0x40/0x50 [kvm_intel] vmx_vcpu_free+0x2d/0x80 [kvm_intel] kvm_arch_vcpu_destroy+0x2d/0x130 [kvm] kvm_destroy_vcpus+0x8a/0x100 [kvm] kvm_arch_destroy_vm+0xa7/0x1d0 [kvm] kvm_destroy_vm+0x172/0x300 [kvm] kvm_vcpu_release+0x31/0x50 [kvm] Inarguably, both nSVM and nVMX need to be fixed, but punt on those cleanups for the moment. Conceptually, vCPUs should be freed before VM state. Assets like the I/O APIC and PIC _must_ be allocated before vCPUs are created, so it stands to reason that they must be freed _after_ vCPUs are destroyed. Reported-by: Aaron Lewis Closes: https://lore.kernel.org/all/20240703175618.2304869-2-aaronlewis@google.com Cc: Jim Mattson Cc: Yan Zhao Cc: Rick P Edgecombe Cc: Kai Huang Cc: Isaku Yamahata Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 58b82d6fd77c..045c61cc7e54 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12890,11 +12890,11 @@ void kvm_arch_destroy_vm(struct kvm *kvm) mutex_unlock(&kvm->slots_lock); } kvm_unload_vcpu_mmus(kvm); + kvm_destroy_vcpus(kvm); kvm_x86_call(vm_destroy)(kvm); kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1)); kvm_pic_destroy(kvm); kvm_ioapic_destroy(kvm); - kvm_destroy_vcpus(kvm); kvfree(rcu_dereference_check(kvm->arch.apic_map, 1)); kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1)); kvm_mmu_uninit_vm(kvm); From patchwork Mon Feb 24 23:55:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13989119 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 67A80C021B6 for ; Tue, 25 Feb 2025 00:00:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Reply-To:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To: From:Subject:Message-ID:References:Mime-Version:In-Reply-To:Date: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=TGU0ybTwy223eIpDzZVLI/W8vnqy8rZ9uLMIqzhcN/c=; b=eCYusd2gbcFOQr0Vp5wU8nhnaC 7KH1BefUuFB6f880zb1zxGQr01m2nmIzQaIkbncO1Zj/3N/q8bWep0INzMsEA7632JucggEVtx1YH sUdsFYP6V9+bEWsO2I8R8VBnPban4FDl4M+pypoA33Oy5kU2MKhpBZKP7U2lihLclrwKslBpit0qZ oynQQXOLA2AwwjhMUove86HmY4ZFTwRvzCJt98zjtrxC06+sriy/eC5BYHw3NT7CktiqjIZxNDRUE 0D/fSf+W6HbDQ/HuAl3Bv6pq/LapdKPzbeL6QRgtSI+4GXRU0BvOA4OSFoFwdwveu4Xbze5bwDvWV BGzG7bWg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tmiNG-0000000FZNA-2vBD; Tue, 25 Feb 2025 00:00:34 +0000 Received: from mail-pj1-x1049.google.com ([2607:f8b0:4864:20::1049]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tmiIg-0000000FXvs-0qBh for linux-arm-kernel@lists.infradead.org; Mon, 24 Feb 2025 23:55:51 +0000 Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-2fc404aaed5so16606370a91.3 for ; Mon, 24 Feb 2025 15:55:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740441349; x=1741046149; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=TGU0ybTwy223eIpDzZVLI/W8vnqy8rZ9uLMIqzhcN/c=; b=3XMCoqtsr798n0f6HhXhnV6oQFCHAsUVbS0Mg3Aj074V86Ptdv9WyCqGdO74gUK3sO JYxpixMVnrGjTfcvGby7hnpo0YZbTVJ8JCjj2eTNrZ73wPgyzTyJdQIepkCtpv02R9yN 8R3abCAtm+5262z2jnAG/Q7vxICihK1upCVW84gu5Cxzq5rKfagESHmKpwq2wsx2GTW+ zeapiLUkC0HUtPpanwL8uSu+AVI++yRxH02LdfZKZmzb4aS/ewAXhFeHHsvRBxu5+Pyz 2l5uiswSSLPHOKaiqBXoR4Ma6eppKHrW75q6AoR2Q2Od2fvrfv251pSLCHf5vislVZ8S BbWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740441349; x=1741046149; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TGU0ybTwy223eIpDzZVLI/W8vnqy8rZ9uLMIqzhcN/c=; b=JYE6Zb7joVxLmvGe8G19uFe0KQEiDhjzuQmNMEf2IgyzBGbiELOWqNU7GwwPx0SVO+ LHR0qJQ+vSx5AvO7orrouvEUqo++lndFRMe8kHFDVLn5tlTAhUfkAnZjrCAFKOZqSOZL kFVvy/IEv1NXR2x1SvbImpEQGvsKO138k8WUhDI1uYiZolK0N7UqcztvFzWHRhgo6Wgy 5MN0jfnSTNOormni7eIBkqg8CocNBeAFB15cdyzRPlwHLVP+8mw7qoOrhCAe5LI7weLg ooaL9A5ebAWJ+KI20gNN5wRGf0JXC0XE7wDflhp/ib1l0FN9jhsFcXrivn0PoI/WXR+A UUJQ== X-Gm-Message-State: AOJu0YxlwU5m39pBdnF1MZHac7Q8El9zAOHWHqM6nRNMAShgv3oxiJL8 wKtdftvTG28qzAR2BEoys/wHGoJ+rSq3xz/fwnznpDUfCq/VpSt72F1wZNzV3QMO5GWKJx0UbLv J6w== X-Google-Smtp-Source: AGHT+IHcos0szxLwYcsW2Q/WbhHjoZ/1wFjhF3Xa+8fw1kzKNZT2q6/VDS58iA2uFYrVe3USusRDS/R8AlY= X-Received: from pjbnb15.prod.google.com ([2002:a17:90b:35cf:b0:2fc:b544:749e]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:e7cd:b0:2fa:17d2:166 with SMTP id 98e67ed59e1d1-2fce7b40077mr23992311a91.31.1740441348957; Mon, 24 Feb 2025 15:55:48 -0800 (PST) Date: Mon, 24 Feb 2025 15:55:37 -0800 In-Reply-To: <20250224235542.2562848-1-seanjc@google.com> Mime-Version: 1.0 References: <20250224235542.2562848-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250224235542.2562848-3-seanjc@google.com> Subject: [PATCH 2/7] KVM: nVMX: Process events on nested VM-Exit if injectable IRQ or NMI is pending From: Sean Christopherson To: Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Madhavan Srinivasan , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Sean Christopherson , Paolo Bonzini Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, loongarch@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Aaron Lewis , Jim Mattson , Yan Zhao , Rick P Edgecombe , Kai Huang , Isaku Yamahata X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250224_155550_248996_8CC2480F X-CRM114-Status: GOOD ( 11.45 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Process pending events on nested VM-Exit if the vCPU has an injectable IRQ or NMI, as the event may have become pending while L2 was active, i.e. may not be tracked in the context of vmcs01. E.g. if L1 has passed its APIC through to L2 and an IRQ arrives while L2 is active, then KVM needs to request an IRQ window prior to running L1, otherwise delivery of the IRQ will be delayed until KVM happens to process events for some other reason. The missed failure is detected by vmx_apic_passthrough_tpr_threshold_test in KVM-Unit-Tests, but has effectively been masked due to a flaw in KVM's PIC emulation that causes KVM to make spurious KVM_REQ_EVENT requests (and apparently no one ever ran the test with split IRQ chips). Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index bca2575837ce..8220b09e91ce 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5084,6 +5084,17 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason, load_vmcs12_host_state(vcpu, vmcs12); + /* + * Process events if an injectable IRQ or NMI is pending, even + * if the event is blocked (RFLAGS.IF is cleared on VM-Exit). + * If an event became pending while L2 was active, KVM needs to + * either inject the event or request an IRQ/NMI window. SMIs + * don't need to be processed as SMM is mutually exclusive with + * non-root mode. INIT/SIPI don't need to be checked as INIT + * is blocked post-VMXON, and SIPIs are ignored. + */ + if (kvm_cpu_has_injectable_intr(vcpu) || vcpu->arch.nmi_pending) + kvm_make_request(KVM_REQ_EVENT, vcpu); return; } From patchwork Mon Feb 24 23:55:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13989132 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 56179C021A4 for ; Tue, 25 Feb 2025 00:02:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Reply-To:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To: From:Subject:Message-ID:References:Mime-Version:In-Reply-To:Date: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=cX82JgrIVLcCgP8NY5WI6d8YhxJG+M3Mihkk6f4MOJg=; b=wylqZ8sEBR24nWyBl2vY1KXzHj 8l9tjtEgijW/BFu85YxU4YsaHUaxK9Yzh+O8GsEJhR70NMg5O3xoK3PFCfX4HR6gvfhdIQOschMbz /fT/gqgDmXx27VoLLf/Ku2NkKgN4a7OARHtQHkN9WIRS1rdeyZ9jXLu8nxVxJAr72G0w4N1XwtWAQ K+epjUkr+uqoMHkscYv0oSXxW8BFVO8aeMeDmuxnbV44njHFoupRtmlytaWQjSjape6QLqo+ETXK2 M9gXZNXRVYA52iD992Rh6UmuossIeKAA8BB4t6brtc1FLciYrV8ylZFTjefblMsPu/LVkmZtsRHDJ 5mUy3yiw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tmiOm-0000000FZka-1Xvl; Tue, 25 Feb 2025 00:02:08 +0000 Received: from mail-pl1-x64a.google.com ([2607:f8b0:4864:20::64a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tmiIi-0000000FXwz-0JFp for linux-arm-kernel@lists.infradead.org; Mon, 24 Feb 2025 23:55:53 +0000 Received: by mail-pl1-x64a.google.com with SMTP id d9443c01a7336-220fff23644so34907315ad.0 for ; Mon, 24 Feb 2025 15:55:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740441350; x=1741046150; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=cX82JgrIVLcCgP8NY5WI6d8YhxJG+M3Mihkk6f4MOJg=; b=3nh84VgVLnx0IeX/0dOOd1PrUaTs9ZeMugaA8ECFuK2BB0AY+JFlSu2f3CXz4+g69C n+FnDOeoluJdpalQLDG/P88ZkawgOWlRW7tN7xaHrvIlkWimsHccRRWdcc80mCZbu1K8 2KPVFxobEVV8HbNxT07BgGaUqz8seg0OBq4mncbVCGQZYlKy/LToFfBR33A7E1pN7KZ6 /+uLZJnkyAKN7Hre1fW0EZaDmypRwRNLmQtrHtXHz1HUNI3nyhBNHnDVXFPQEb+S7IJN KFrwkuFbsn+Amy7din4sWE7oXVQ5aNmc6LCzljehXc8oRRwQXp0FahhTgDajN8ItpyAL aa/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740441350; x=1741046150; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cX82JgrIVLcCgP8NY5WI6d8YhxJG+M3Mihkk6f4MOJg=; b=ENRhdzX271GgZg90vV/IHr0sY0bbfQ03y0ni6VVBgTOQdF3JUzBAxRSjBJn0JC/fhT ctCzvqW3rkUD+PJ218jaBG27ZT0f0Sjj8cOZTX9TeG5ZZAuV86yqFOv0Flz2Ws2xgw+Y /tii6PFQz1GNOVTdGYiOmisFXxaXztmEybe5LHcd7BKvrSN9z92I2yXiQd4/EdiwUezq YPsDG3eDBFj0sOTT3MjWkxfsfbjkl/cIP9fvedlLz3yVQQqTu+yeTXSOZ+n8C/J0OeJW c+6r7N0kh95z9Bg/I1Z2SY9zVdBnYtJhQdlAjEQ/XFikOHJjaFL/AjG7iwperV1DHmcc G2Yg== X-Gm-Message-State: AOJu0YzWSKHHd1gjCrfxdmUv/LagjiUZiLAO8no4aJy0SOo2XmSaByiG hUTOVVNqH3A+V2kjRwSmi6vImRnMgCaINvegk7KUPEfn9tuJkF5ELIY94E+ZnWq0jaJx2YSU2i0 mNA== X-Google-Smtp-Source: AGHT+IGsyGC9C+MeujnUnW2nPba4jsQ7IgXXOkNko0b7VAiFOZ5bP8OY6ummej4/xlJQLwWUr2RcXaF45Ig= X-Received: from pjbse14.prod.google.com ([2002:a17:90b:518e:b0:2ef:78ff:bc3b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:2f8d:b0:220:d81d:f521 with SMTP id d9443c01a7336-22307e72198mr15100345ad.51.1740441350608; Mon, 24 Feb 2025 15:55:50 -0800 (PST) Date: Mon, 24 Feb 2025 15:55:38 -0800 In-Reply-To: <20250224235542.2562848-1-seanjc@google.com> Mime-Version: 1.0 References: <20250224235542.2562848-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250224235542.2562848-4-seanjc@google.com> Subject: [PATCH 3/7] KVM: Assert that a destroyed/freed vCPU is no longer visible From: Sean Christopherson To: Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Madhavan Srinivasan , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Sean Christopherson , Paolo Bonzini Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, loongarch@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Aaron Lewis , Jim Mattson , Yan Zhao , Rick P Edgecombe , Kai Huang , Isaku Yamahata X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250224_155552_113056_FAFDD0BD X-CRM114-Status: GOOD ( 12.10 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org After freeing a vCPU, assert that it is no longer reachable, and that kvm_get_vcpu() doesn't return garbage or a pointer to some other vCPU. While KVM obviously shouldn't be attempting to access a freed vCPU, it's all too easy for KVM to make a VM-wide request, e.g. via KVM_BUG_ON() or kvm_flush_remote_tlbs(). Alternatively, KVM could short-circuit problematic paths if the VM's refcount has gone to zero, e.g. in kvm_make_all_cpus_request(), or KVM could try disallow making global requests during teardown. But given that deleting the vCPU from the array Just Works, adding logic to the requests path is unnecessary, and trying to make requests illegal during teardown would be a fool's errand. Signed-off-by: Sean Christopherson --- virt/kvm/kvm_main.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 201c14ff476f..991e8111e88b 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -489,6 +489,14 @@ void kvm_destroy_vcpus(struct kvm *kvm) kvm_for_each_vcpu(i, vcpu, kvm) { kvm_vcpu_destroy(vcpu); xa_erase(&kvm->vcpu_array, i); + + /* + * Assert that the vCPU isn't visible in any way, to ensure KVM + * doesn't trigger a use-after-free if destroying vCPUs results + * in VM-wide request, e.g. to flush remote TLBs when tearing + * down MMUs, or to mark the VM dead if a KVM_BUG_ON() fires. + */ + WARN_ON_ONCE(xa_load(&kvm->vcpu_array, i) || kvm_get_vcpu(kvm, i)); } atomic_set(&kvm->online_vcpus, 0); From patchwork Mon Feb 24 23:55:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13989133 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 46F04C021A4 for ; Tue, 25 Feb 2025 00:03:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Reply-To:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To: From:Subject:Message-ID:References:Mime-Version:In-Reply-To:Date: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=3T0ArXtBue+4jQS8m14aDT4hO1iQN7UONJOY2Dznj0I=; b=bj5stFOUnznHf9o8SVRQrNbZW/ f07sow66i6Owg6p6WmbdNuEawAo2bzdd0qTtsBuJtubut37yZeyPR3o6jh8kTI8/5pwkTNisCQQhr zbJJNNOMm9RNnEtywgLkd3HmwH/zqUHT9zu+mNrEPKLIzJ+Ridb+OXTE3EFunrlkvPCkkWiGEF5rN lNcVo5hQ1cuW4u2Y/eiJ9uC+P80XdAXRkGlzvxH7e/NGR7iXXQOhQfRsm+mBCEi83StymC/+01NzS GR6CV7dHom2efCd66zzCUo6SLiqaR4Js04uT0ArQRV28s24A7MBhoWjOo+RsegJQAbupqYtsY0GX+ EhhA9F6Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tmiQI-0000000Fa4W-1yeV; Tue, 25 Feb 2025 00:03:42 +0000 Received: from mail-pj1-x1049.google.com ([2607:f8b0:4864:20::1049]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tmiIj-0000000FXyK-3Ny7 for linux-arm-kernel@lists.infradead.org; Mon, 24 Feb 2025 23:55:55 +0000 Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-2fc1a4c14d4so10382486a91.0 for ; Mon, 24 Feb 2025 15:55:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740441352; x=1741046152; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=3T0ArXtBue+4jQS8m14aDT4hO1iQN7UONJOY2Dznj0I=; b=OWQ/jmZk1+2ZI6xH5giXzL7pP6FcUMuj2eW6WxIRNDPufAUQUplaIMKtc/Oer0Khnu +AeMe2iK3KyZqVmq7Qrf/2nG0+cja4yaGnq9qbQ3t1yHc+5MG5+Gnh6PYNhARXTFq7IF UxZ0NOQSk+q4PClXfAXeOGu4QRqyK3pATgd/B6MxEZ9LEV80DRlUQ4aXcYBqpd7x4Cy6 dZiHCM/2MtrhkYNQJYQOBEn6C46aQ6VtlIH3OhC4hAPvolJ4e+Yulo9ts8W6nvm9cs0H 07qtwagPS6Q9WV3EgQw9Ys3GYxhjuSbpmmGuaFUKpiZi//iFiJNGzkTA2nPkRTjSeo+1 wNXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740441352; x=1741046152; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3T0ArXtBue+4jQS8m14aDT4hO1iQN7UONJOY2Dznj0I=; b=PxSuqqVU+GD4P1O8VnGat8YDK/x/+5LIFJ8ClNeIjdl7eYGc+3Udtrph8YEnCxU2r4 7AeDM/QvOpWnTdvCP0zKK4YD+7RT9dCrdlU7pwdUIKa93NofjLXz/BEfm4vNXdBFYpKJ GDgotkPExwHD8rMSLEYJv3lmQt+/LoOIxvedexYE1P9c+vjmYj4dFw9sIJ7fjtGSyShL EggbL47FzO68sfdXa2PdQ2m2TCFuYERJrYJOLqGUfRkak22vecvIpGCywDHs7Ao1lfnM Q/kSzp+1yNA1KHf+D68bJ/+GCR/RcLXEvp7Uyy4vskyYNGNib6ERggmbri/jyjv5Nktg E8uw== X-Gm-Message-State: AOJu0Yxyzt6Tl10+KrJNLmQtkSfiFElceMHtB26T5BnfvMgAGlrXitNi BfJtZX5KxwT2vFsuRgG1etiSsR1h5HieGm2BkOUt+sLPR9v2Z+GE77N9GowshCCMJWbXXWtv2uQ wGw== X-Google-Smtp-Source: AGHT+IGLhJjtwIM7JWkK50LEGpVa5IYsMEMrJLtXcv45TfVI0Bcew2BvOmcJCUf4CWX8wuCtTe3G30kBi3Q= X-Received: from pfbhd3.prod.google.com ([2002:a05:6a00:6583:b0:734:cc8:a107]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:695:b0:1ee:bb7f:9b39 with SMTP id adf61e73a8af0-1f0fbff6aebmr1778237637.1.1740441352385; Mon, 24 Feb 2025 15:55:52 -0800 (PST) Date: Mon, 24 Feb 2025 15:55:39 -0800 In-Reply-To: <20250224235542.2562848-1-seanjc@google.com> Mime-Version: 1.0 References: <20250224235542.2562848-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250224235542.2562848-5-seanjc@google.com> Subject: [PATCH 4/7] KVM: x86: Don't load/put vCPU when unloading its MMU during teardown From: Sean Christopherson To: Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Madhavan Srinivasan , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Sean Christopherson , Paolo Bonzini Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, loongarch@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Aaron Lewis , Jim Mattson , Yan Zhao , Rick P Edgecombe , Kai Huang , Isaku Yamahata X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250224_155553_841040_D5402A1A X-CRM114-Status: UNSURE ( 9.44 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Don't load (and then put) a vCPU when unloading its MMU during VM destruction, as nothing in kvm_mmu_unload() accesses vCPU state beyond the root page/address of each MMU, i.e. can't possible need to run with the vCPU loaded. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 045c61cc7e54..9978ed4c0917 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12767,13 +12767,6 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) return ret; } -static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu) -{ - vcpu_load(vcpu); - kvm_mmu_unload(vcpu); - vcpu_put(vcpu); -} - static void kvm_unload_vcpu_mmus(struct kvm *kvm) { unsigned long i; @@ -12781,7 +12774,7 @@ static void kvm_unload_vcpu_mmus(struct kvm *kvm) kvm_for_each_vcpu(i, vcpu, kvm) { kvm_clear_async_pf_completion_queue(vcpu); - kvm_unload_vcpu_mmu(vcpu); + kvm_mmu_unload(vcpu); } } From patchwork Mon Feb 24 23:55:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13989166 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7CC02C021B6 for ; Tue, 25 Feb 2025 01:08:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Reply-To:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To: From:Subject:Message-ID:References:Mime-Version:In-Reply-To:Date: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=gY5t+lA+xCJMUFRKRfvQdv+q8kOSitFuxy9rKD2JbVY=; b=zqYW3UgqEJfsUHqWkybv8mmB/y TjiBWXjx8P4Y+CtgaCMLrUJjlD5o2Xy59qZVI4hxN4L/l+PzJBCIvXOTzEhVqon85JGpBovYc8qWv 4ljmo+KYGPvGQDqVrivt7i2hkaTEJjyibOO9JRzzPcYCHlT+M/fdmh/kv/bvxXxflNqodLoW1O2k9 Lrg4I2Vmm2HfMxHDHGscrAY5sOT2wX/2+RE8d3ab+A0zWO/ONJ7OB+1HjTskUKWLzlX3ziDxe7KlA J6A6BWLoajvQfaspSK2Twn4t6hYeHBRZe+DEx8GDcm4X6Yl+6+LGttmsFSDL2CzTINpMF9Sdr6lrl K7XSGbOQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tmjQN-0000000FfqF-1wKd; Tue, 25 Feb 2025 01:07:51 +0000 Received: from mail-pj1-x1049.google.com ([2607:f8b0:4864:20::1049]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tmiIl-0000000FXzY-1BGE for linux-arm-kernel@lists.infradead.org; Mon, 24 Feb 2025 23:55:56 +0000 Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-2fc318bd470so9642245a91.0 for ; Mon, 24 Feb 2025 15:55:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740441354; x=1741046154; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=gY5t+lA+xCJMUFRKRfvQdv+q8kOSitFuxy9rKD2JbVY=; b=SwHhvmVURHEBYb0AlTMUo7qSoD0lRa83VnCHy0sTJBto6wKQWRalnhvAqrBHnAi4T6 wU1If8AEd/f670hPBsZmQEXnheEMxKrLoFN4VYdPMlwFEP5Kc76yvS3WzR1uX6651Ur9 +Ci8H0r87d05WqB+3y2YIviqSFuuQqybSqO3H30jw9lTfPcnqwIKYpMpj2X8YpctvPYV Oz7BYzutWTHi7ZYctm8pAKL3CARWOZ2PBPkG6fVufLXmnr8jlKWbMQb0QtAj95UJRE7J 34+V9mDiXl++dMdd56qxXs52aSX+5XWM8l9bRwfb+OqGsPJz4rOSZPTrLmsyVca1zcrg 5pBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740441354; x=1741046154; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gY5t+lA+xCJMUFRKRfvQdv+q8kOSitFuxy9rKD2JbVY=; b=e41cbZHRPaAzDvta9Zh8gE0UBlu6Rcb9/07g1BvrlHKUjoc7vHFMjrReLKKCVlpyPQ ZbB4LA9DJtfSi6US77O/bDuDdtluGZiVfuvbjpn0mw3SEjDzgp878TZkwmCyxLccpQ+R dwFeJ2sXAS/13OqbbbUbIrS8fdOut8QkL47L5EfKR5ElR0y94p7/FAC1AlRGphg6HNSj 0zZ+QmhbzfzClstrpl/5S4va6P/r2tFFXiBqTDvIToSjGDOlX3Zdu+Tz6yJC7Ad5zj+q qa8cZY1IyYRWSf1BZgVpaDGKRn8mryO+tBUOnux526AL1ncHvrX7UIL8/FefL2kKYVnK kVpw== X-Gm-Message-State: AOJu0YzNeDyjEdy+1EQJov882PH/XGeVnWxHMJV1dEvRRyP5tanXoQnR SS9+SxHp7+zYn2szBvSD7z6QxwfLz01goE0O6inPcuKMw44IJYNn43UQNK8TEJV8LENwCqk+plK oQg== X-Google-Smtp-Source: AGHT+IG7Oktdw38sVEoOW4Tvh6JQ9psvOsFz+B6sIudCx6XDJiW/lrg1jUS4SL5IEqUCfnyPdnnvHXtLVtU= X-Received: from pfbgc10.prod.google.com ([2002:a05:6a00:62ca:b0:730:7648:7a74]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:6a27:b0:1ee:d6a7:e332 with SMTP id adf61e73a8af0-1eef3d5aabamr27634032637.26.1740441354199; Mon, 24 Feb 2025 15:55:54 -0800 (PST) Date: Mon, 24 Feb 2025 15:55:40 -0800 In-Reply-To: <20250224235542.2562848-1-seanjc@google.com> Mime-Version: 1.0 References: <20250224235542.2562848-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250224235542.2562848-6-seanjc@google.com> Subject: [PATCH 5/7] KVM: x86: Unload MMUs during vCPU destruction, not before From: Sean Christopherson To: Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Madhavan Srinivasan , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Sean Christopherson , Paolo Bonzini Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, loongarch@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Aaron Lewis , Jim Mattson , Yan Zhao , Rick P Edgecombe , Kai Huang , Isaku Yamahata X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250224_155555_314693_03720796 X-CRM114-Status: GOOD ( 12.84 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When destroying a VM, unload a vCPU's MMUs as part of normal vCPU freeing, instead of as a separate prepratory action. Unloading MMUs ahead of time is a holdover from commit 7b53aa565084 ("KVM: Fix vcpu freeing for guest smp"), which "fixed" a rather egregious flaw where KVM would attempt to free *all* MMU pages when destroying a vCPU. At the time, KVM would spin on all MMU pages in a VM when free a single vCPU, and so would hang due to the way KVM pins and zaps root pages (roots are invalidated but not freed if they are pinned by a vCPU). static void free_mmu_pages(struct kvm_vcpu *vcpu) { struct kvm_mmu_page *page; while (!list_empty(&vcpu->kvm->active_mmu_pages)) { page = container_of(vcpu->kvm->active_mmu_pages.next, struct kvm_mmu_page, link); kvm_mmu_zap_page(vcpu->kvm, page); } free_page((unsigned long)vcpu->mmu.pae_root); } Now that KVM doesn't try to free all MMU pages when destroying a single vCPU, there's no need to unpin roots prior to destroying a vCPU. Note! While KVM mostly destroys all MMUs before calling kvm_arch_destroy_vm() (see commit f00be0cae4e6 ("KVM: MMU: do not free active mmu pages in free_mmu_pages()")), unpinning MMU roots during vCPU destruction will unfortunately trigger remote TLB flushes, i.e. will try to send requests to all vCPUs. Happily, thanks to commit 27592ae8dbe4 ("KVM: Move wiping of the kvm->vcpus array to common code"), that's a non-issue as freed vCPUs are naturally skipped by xa_for_each_range(), i.e. by kvm_for_each_vcpu(). Prior to that commit, KVM x86 rather stupidly freed vCPUs one-by-one, and _then_ nullified them, one-by-one. I.e. triggering a VM-wide request would hit a use-after-free. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9978ed4c0917..a61dbd1f0d01 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12374,6 +12374,9 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) { int idx; + kvm_clear_async_pf_completion_queue(vcpu); + kvm_mmu_unload(vcpu); + kvmclock_reset(vcpu); kvm_x86_call(vcpu_free)(vcpu); @@ -12767,17 +12770,6 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) return ret; } -static void kvm_unload_vcpu_mmus(struct kvm *kvm) -{ - unsigned long i; - struct kvm_vcpu *vcpu; - - kvm_for_each_vcpu(i, vcpu, kvm) { - kvm_clear_async_pf_completion_queue(vcpu); - kvm_mmu_unload(vcpu); - } -} - void kvm_arch_sync_events(struct kvm *kvm) { cancel_delayed_work_sync(&kvm->arch.kvmclock_sync_work); @@ -12882,7 +12874,6 @@ void kvm_arch_destroy_vm(struct kvm *kvm) __x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, 0, 0); mutex_unlock(&kvm->slots_lock); } - kvm_unload_vcpu_mmus(kvm); kvm_destroy_vcpus(kvm); kvm_x86_call(vm_destroy)(kvm); kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1)); From patchwork Mon Feb 24 23:55:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13989139 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2E33BC021B6 for ; Tue, 25 Feb 2025 00:06:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Reply-To:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To: From:Subject:Message-ID:References:Mime-Version:In-Reply-To:Date: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=TJTgZNhYY30nXxMYJRDXX1rx/rqsWdUW6nwlsEZr+Zo=; b=q1VFmFtrDeSHU81Z2d0rrqc6QN v/dGi2i/7v0gytU+MB47WN8edhPLuoEEji/7VHR1BLXUYGXaDPnjf2ePe1N326wkkRU/DBLI+JueP QGy347DBzEjB+Pm6x9m4bGFG8mzGwYla2aQcHoF5dM7h+IgcGfZwW2ZnHxEYO4dB7ojk0+Q3iWSod 3Wucjne/ELXSTAiCk5989+nXQ2uMBctaBczqjJGUny0DCyl9MxsIKLEier267mCDasBO4bHLGzjuX 1GcRAxJkDSYScu+mZciBlZP2H2L8Q/irltglgFlBUjZWbyEefD5YdrPVgmkZEsfUQ4OI9CPl/6bHu u4XkAHvA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tmiTG-0000000FaKK-2th7; Tue, 25 Feb 2025 00:06:46 +0000 Received: from mail-pl1-x649.google.com ([2607:f8b0:4864:20::649]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tmiIm-0000000FY1M-43jY for linux-arm-kernel@lists.infradead.org; Mon, 24 Feb 2025 23:55:58 +0000 Received: by mail-pl1-x649.google.com with SMTP id d9443c01a7336-220c1f88eb4so78956235ad.2 for ; Mon, 24 Feb 2025 15:55:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740441356; x=1741046156; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=TJTgZNhYY30nXxMYJRDXX1rx/rqsWdUW6nwlsEZr+Zo=; b=s/EKz2bmKg1x/EOX4H7mnARQb/HNhdfz2Clx6VAHIYBvMOFInSfPKZO62yu6Gi/OXT 8pKnKCgi7yk+L7mIkmAUENtj2hQvYXTp5PXjcfKoUs1qTqEcrCjPrktvoUFm1Sd6s4GX xkAMz5fkd8UXe19MxbGMO6n/o1sccehqi88yR0P+Vxo6le6VHO4w4w4hEcfqvhDa/qzN JDhIIGV4ekYTmeoBTcu1uTCGPb+Jw2kzETYBHiXsxgx1p0FXP1NwwxuQRqSxjzyAVo+y +5yeagx0x8UcTsSJ5lyMNO8pxmZwyXyHjwzfNerBllGmK+DhwNdL9T+NmBupkJc4IcOY /NqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740441356; x=1741046156; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TJTgZNhYY30nXxMYJRDXX1rx/rqsWdUW6nwlsEZr+Zo=; b=fB8FGxmyvHCTW/PO0/ubBIinTZSHHpHXNulNIifOUvCHB8euzWfh3kadsaiNBMueZ1 rdwjBBoaeKXuaeDL4qFZJy2CjZjgBNUS3x9Dw7Je1/7geAkfIqWJLgsryCpyWp0VWyX5 aZ4sOmiZ/glTS+hCCMHnRtHm59UhbWUr8/08dIsz8Ypy1ko5W4nZAOUp/wq29oXw/wC2 y5TGCgg2pXTl3Rfazx6sjRwo6XHSlQvkCph5LM0F3SqA9noqlFYNKFpaHmwsgigzAXcB r1fNj2EpiOkXGaejRu8eMVEvwZCX0NO7PPkmZHhUwtsLDYZa2eXZZevHMc5zSrsmdwvg FcZg== X-Gm-Message-State: AOJu0Yw5QIHDUoyYv1k7bixlN1bBn1DN4SpQBfmflLQIVd3Dkx4QaeAD U2eHWHXgw2ucZSb506CT4Y43gqQCSH0nYYOvz08KIwCA7fZ0f+UFZe8kf9qhI4XNrV9kQTo4wa3 NIA== X-Google-Smtp-Source: AGHT+IHgthprmvsK7rAfh+PsqOM1pat7xQuGm72FmKpfdI+qTOt1cCxKN5aFSZszJT1EFJi9jy4pNoVXfJY= X-Received: from pfbig2.prod.google.com ([2002:a05:6a00:8b82:b0:730:7c03:35e1]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:1947:b0:732:623e:2bdc with SMTP id d2e1a72fcca58-73426c84885mr24369761b3a.2.1740441355733; Mon, 24 Feb 2025 15:55:55 -0800 (PST) Date: Mon, 24 Feb 2025 15:55:41 -0800 In-Reply-To: <20250224235542.2562848-1-seanjc@google.com> Mime-Version: 1.0 References: <20250224235542.2562848-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250224235542.2562848-7-seanjc@google.com> Subject: [PATCH 6/7] KVM: x86: Fold guts of kvm_arch_sync_events() into kvm_arch_pre_destroy_vm() From: Sean Christopherson To: Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Madhavan Srinivasan , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Sean Christopherson , Paolo Bonzini Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, loongarch@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Aaron Lewis , Jim Mattson , Yan Zhao , Rick P Edgecombe , Kai Huang , Isaku Yamahata X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250224_155557_011109_EF9EE4F9 X-CRM114-Status: GOOD ( 10.22 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Fold the guts of kvm_arch_sync_events() into kvm_arch_pre_destroy_vm(), as the kvmclock and PIT background workers only need to be stopped before destroying vCPUs (to avoid accessing vCPUs as they are being freed); it's a-ok for them to be running while the VM is visible on the global vm_list. Note, the PIT also needs to be stopped before IRQ routing is freed (because KVM's IRQ routing is garbage and assumes there is always non-NULL routing). Opportunistically add comments to explain why KVM stops/frees certain assets early. Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a61dbd1f0d01..ea445e6579f1 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12772,9 +12772,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) void kvm_arch_sync_events(struct kvm *kvm) { - cancel_delayed_work_sync(&kvm->arch.kvmclock_sync_work); - cancel_delayed_work_sync(&kvm->arch.kvmclock_update_work); - kvm_free_pit(kvm); + } /** @@ -12855,6 +12853,17 @@ EXPORT_SYMBOL_GPL(__x86_set_memory_region); void kvm_arch_pre_destroy_vm(struct kvm *kvm) { + /* + * Stop all background workers and kthreads before destroying vCPUs, as + * iterating over vCPUs in a different task while vCPUs are being freed + * is unsafe, i.e. will lead to use-after-free. The PIT also needs to + * be stopped before IRQ routing is freed. + */ + cancel_delayed_work_sync(&kvm->arch.kvmclock_sync_work); + cancel_delayed_work_sync(&kvm->arch.kvmclock_update_work); + + kvm_free_pit(kvm); + kvm_mmu_pre_destroy_vm(kvm); } From patchwork Mon Feb 24 23:55:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 13989140 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CCDC7C021B8 for ; Tue, 25 Feb 2025 00:08:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Reply-To:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To: From:Subject:Message-ID:References:Mime-Version:In-Reply-To:Date: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=N18ZDDRfnjFxKJiD7qnA09wciuUkX/DOLJoxqyHk2n8=; b=ADpYQCmWw6oEtDsjuMb4XIG4Pt LACLszo8eIdJjtheNrxrTzmW0ad4N44mvmWpVN5Jb1NwcFF/fl4a7MbaEIe8aDQHrqTTHrw+8qsg9 CI7XXq0kuHJ+NoZHo863A9JFfkaO9BjFObgQZrjiEJ9Bw8P1/yXseQ0teIJdbd7PU8i31wsDkuj+T +H+IkLbMALPiqfbOE4RSuWUAFOmzvkhsxMk5XTLIwitF0DKa0oAkJmZ2ylTB5S04MXWZvIr5gIKT/ dn3k+ujVcDUHZNjqBmyy5v8FlyMqJ71St613t55YSI41wQa9vmFdEN4q1A3TIj4ljCw27CN9BizTi Iua548fw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tmiUm-0000000FabJ-08ri; Tue, 25 Feb 2025 00:08:20 +0000 Received: from mail-pj1-x104a.google.com ([2607:f8b0:4864:20::104a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tmiIo-0000000FY2e-2411 for linux-arm-kernel@lists.infradead.org; Mon, 24 Feb 2025 23:55:59 +0000 Received: by mail-pj1-x104a.google.com with SMTP id 98e67ed59e1d1-2fc404aaed5so16606710a91.3 for ; Mon, 24 Feb 2025 15:55:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740441357; x=1741046157; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=N18ZDDRfnjFxKJiD7qnA09wciuUkX/DOLJoxqyHk2n8=; b=Yy10rKFa/lH3k3losNjKOnBCxwJyn0jOvdyl9CDSTBwqyfDBh+iNMZcuwISp4tX8/B jji1yMl//Y8LZvN749rzhnS482GMtDtT+Dw46/nSjRgEsaaQjgaOSfPo00iMwbXY+i6M k2RJmFwyqr8/vf6MKZz2beMI1dmj2MFZeqVgt8TTxrdAQ6EnLZRLjrQJaFxfOtUQOrBh AJGEFAEYQXzoTVlaViMUHBELOOKWLZvNUQ3bjhgH2+NdGjHYQiWSyzCT/AvlPE7Y2HjB MLXso27ns115tmsIn6414qRye+0ZTj8rdbDu39t88ZToKB/Idu3epfsmx+VMq/812MfK 1zeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740441357; x=1741046157; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=N18ZDDRfnjFxKJiD7qnA09wciuUkX/DOLJoxqyHk2n8=; b=YaldFiJBHkNF7nr+v5EIWWRtIwX72HJJ9GuUaZdogjzRWpmPiZ7MXtsD+EYbnw6cGh cNblK+P6jXFVt3WBzPoUZKLLIAoJb8pB/P86wWajFKVXZ9LhwRjqjUYUIQVWmhrm+7M/ 72D0GvJZwuF9G0nkw+EOA6hr4vkQHI9LwPNCD0nTbTG2FpjjdWwQsDrCFsB6L/I1x9ur 0Xl9k52jv9xROfGgdM1NfiAsDIl2RbGtv7Ak8rHF4qu4gLZfdlSYiXasGmdvJ//dz6tn wZII7wRaOCT2OuqL0/q83YYKQg5uiie0K7TDLCbzok6/OhsRZhXD+8WiVhSl2m/n5nQj 6qzg== X-Gm-Message-State: AOJu0YwyUCSh6XpiE+378TCIfoRZ1mg2G6ySMhEHHaaG6uo/5dthZ63z pVPCdB1FLzsT8ykBVxthkQn7NA7t/qxb4O6VBFr6tt5TP6vg1a8GSE2bSJ8FrPIpThEbWTVsCod gkg== X-Google-Smtp-Source: AGHT+IFBRvTh2AoRMsZzInrrN+gn6icsuEOKduQCozj1AYhvRpYSpNqeaxExZSkYlXTQzmgl2LLloh+gErw= X-Received: from pjbpb10.prod.google.com ([2002:a17:90b:3c0a:b0:2fc:11a0:c54d]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4ec6:b0:2ee:70cb:a500 with SMTP id 98e67ed59e1d1-2fce77a00c5mr23270511a91.1.1740441357604; Mon, 24 Feb 2025 15:55:57 -0800 (PST) Date: Mon, 24 Feb 2025 15:55:42 -0800 In-Reply-To: <20250224235542.2562848-1-seanjc@google.com> Mime-Version: 1.0 References: <20250224235542.2562848-1-seanjc@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog Message-ID: <20250224235542.2562848-8-seanjc@google.com> Subject: [PATCH 7/7] KVM: Drop kvm_arch_sync_events() now that all implementations are nops From: Sean Christopherson To: Marc Zyngier , Oliver Upton , Tianrui Zhao , Bibo Mao , Huacai Chen , Madhavan Srinivasan , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Christian Borntraeger , Janosch Frank , Claudio Imbrenda , Sean Christopherson , Paolo Bonzini Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, kvm@vger.kernel.org, loongarch@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Aaron Lewis , Jim Mattson , Yan Zhao , Rick P Edgecombe , Kai Huang , Isaku Yamahata X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250224_155558_536636_5EA84066 X-CRM114-Status: GOOD ( 10.70 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Sean Christopherson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Remove kvm_arch_sync_events() now that x86 no longer uses it (no other arch has ever used it). No functional change intended. Signed-off-by: Sean Christopherson --- arch/arm64/include/asm/kvm_host.h | 2 -- arch/loongarch/include/asm/kvm_host.h | 1 - arch/mips/include/asm/kvm_host.h | 1 - arch/powerpc/include/asm/kvm_host.h | 1 - arch/riscv/include/asm/kvm_host.h | 2 -- arch/s390/include/asm/kvm_host.h | 1 - arch/x86/kvm/x86.c | 5 ----- include/linux/kvm_host.h | 1 - virt/kvm/kvm_main.c | 1 - 9 files changed, 15 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 7cfa024de4e3..40897bd2b4a3 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -1346,8 +1346,6 @@ static inline bool kvm_system_needs_idmapped_vectors(void) return cpus_have_final_cap(ARM64_SPECTRE_V3A); } -static inline void kvm_arch_sync_events(struct kvm *kvm) {} - void kvm_init_host_debug_data(void); void kvm_vcpu_load_debug(struct kvm_vcpu *vcpu); void kvm_vcpu_put_debug(struct kvm_vcpu *vcpu); diff --git a/arch/loongarch/include/asm/kvm_host.h b/arch/loongarch/include/asm/kvm_host.h index 590982cd986e..ab5b7001e2ff 100644 --- a/arch/loongarch/include/asm/kvm_host.h +++ b/arch/loongarch/include/asm/kvm_host.h @@ -320,7 +320,6 @@ static inline bool kvm_is_ifetch_fault(struct kvm_vcpu_arch *arch) /* Misc */ static inline void kvm_arch_hardware_unsetup(void) {} -static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen) {} static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu) {} static inline void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu) {} diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h index f7222eb594ea..c14b10821817 100644 --- a/arch/mips/include/asm/kvm_host.h +++ b/arch/mips/include/asm/kvm_host.h @@ -886,7 +886,6 @@ extern unsigned long kvm_mips_get_ramsize(struct kvm *kvm); extern int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_mips_interrupt *irq); -static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *slot) {} static inline void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen) {} diff --git a/arch/powerpc/include/asm/kvm_host.h b/arch/powerpc/include/asm/kvm_host.h index 6e1108f8fce6..2d139c807577 100644 --- a/arch/powerpc/include/asm/kvm_host.h +++ b/arch/powerpc/include/asm/kvm_host.h @@ -902,7 +902,6 @@ struct kvm_vcpu_arch { #define __KVM_HAVE_ARCH_WQP #define __KVM_HAVE_CREATE_DEVICE -static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen) {} static inline void kvm_arch_flush_shadow_all(struct kvm *kvm) {} static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu) {} diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h index cc33e35cd628..0e9c2fab6378 100644 --- a/arch/riscv/include/asm/kvm_host.h +++ b/arch/riscv/include/asm/kvm_host.h @@ -301,8 +301,6 @@ static inline bool kvm_arch_pmi_in_guest(struct kvm_vcpu *vcpu) return IS_ENABLED(CONFIG_GUEST_PERF_EVENTS) && !!vcpu; } -static inline void kvm_arch_sync_events(struct kvm *kvm) {} - #define KVM_RISCV_GSTAGE_TLB_MIN_ORDER 12 void kvm_riscv_local_hfence_gvma_vmid_gpa(unsigned long vmid, diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h index 9a367866cab0..424f899d8163 100644 --- a/arch/s390/include/asm/kvm_host.h +++ b/arch/s390/include/asm/kvm_host.h @@ -1056,7 +1056,6 @@ bool kvm_s390_pv_cpu_is_protected(struct kvm_vcpu *vcpu); extern int kvm_s390_gisc_register(struct kvm *kvm, u32 gisc); extern int kvm_s390_gisc_unregister(struct kvm *kvm, u32 gisc); -static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *slot) {} static inline void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen) {} diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ea445e6579f1..454fd6b8f3db 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12770,11 +12770,6 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) return ret; } -void kvm_arch_sync_events(struct kvm *kvm) -{ - -} - /** * __x86_set_memory_region: Setup KVM internal memory slot * diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index c28a6aa1f2ed..5438a1b446a6 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -1747,7 +1747,6 @@ static inline void kvm_unregister_perf_callbacks(void) {} int kvm_arch_init_vm(struct kvm *kvm, unsigned long type); void kvm_arch_destroy_vm(struct kvm *kvm); -void kvm_arch_sync_events(struct kvm *kvm); int kvm_cpu_has_pending_timer(struct kvm_vcpu *vcpu); diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 991e8111e88b..55153494ac70 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1271,7 +1271,6 @@ static void kvm_destroy_vm(struct kvm *kvm) kvm_destroy_pm_notifier(kvm); kvm_uevent_notify_change(KVM_EVENT_DESTROY_VM, kvm); kvm_destroy_vm_debugfs(kvm); - kvm_arch_sync_events(kvm); mutex_lock(&kvm_lock); list_del(&kvm->vm_list); mutex_unlock(&kvm_lock);