mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-18 13:49:36 +07:00
6f868405fa
Now that we have the possibility of a XIVE or XICS-on-XIVE device being released while the VM is still running, we need to be careful about races and potential use-after-free bugs. Although the kvmppc_xive struct is not freed, but kept around for re-use, the kvmppc_xive_vcpu structs are freed, and they are used extensively in both the XIVE native and XICS-on-XIVE code. There are various ways in which XIVE code gets invoked: - VCPU entry and exit, which do push and pull operations on the XIVE hardware - one_reg get and set functions (vcpu->mutex is held) - XICS hypercalls (but only inside guest execution, not from kvmppc_pseries_do_hcall) - device creation calls (kvm->lock is held) - device callbacks - get/set attribute, mmap, pagefault, release/destroy - set_mapped/clr_mapped calls (kvm->lock is held) - connect_vcpu calls - debugfs file read callbacks Inside a device release function, we know that userspace cannot have an open file descriptor referring to the device, nor can it have any mmapped regions from the device. Therefore the device callbacks are excluded, as are the connect_vcpu calls (since they need a fd for the device). Further, since the caller holds the kvm->lock mutex, no other device creation calls or set/clr_mapped calls can be executing concurrently. To exclude VCPU execution and XICS hypercalls, we temporarily set kvm->arch.mmu_ready to 0. This forces any VCPU task that is trying to enter the guest to take the kvm->lock mutex, which is held by the caller of the release function. Then, sending an IPI to all other CPUs forces any VCPU currently executing in the guest to exit. Finally, we take the vcpu->mutex for each VCPU around the process of cleaning up and freeing its XIVE data structures, in order to exclude any one_reg get/set calls. To exclude the debugfs read callbacks, we just need to ensure that debugfs_remove is called before freeing any data structures. Once it returns we know that no CPU can be executing the callbacks (for our kvmppc_xive instance). Signed-off-by: Paul Mackerras <paulus@ozlabs.org> |
||
|---|---|---|
| .. | ||
| book3s_32_mmu_host.c | ||
| book3s_32_mmu.c | ||
| book3s_32_sr.S | ||
| book3s_64_mmu_host.c | ||
| book3s_64_mmu_hv.c | ||
| book3s_64_mmu_radix.c | ||
| book3s_64_mmu.c | ||
| book3s_64_slb.S | ||
| book3s_64_vio_hv.c | ||
| book3s_64_vio.c | ||
| book3s_emulate.c | ||
| book3s_exports.c | ||
| book3s_hv_builtin.c | ||
| book3s_hv_hmi.c | ||
| book3s_hv_interrupts.S | ||
| book3s_hv_nested.c | ||
| book3s_hv_ras.c | ||
| book3s_hv_rm_mmu.c | ||
| book3s_hv_rm_xics.c | ||
| book3s_hv_rm_xive.c | ||
| book3s_hv_rmhandlers.S | ||
| book3s_hv_tm_builtin.c | ||
| book3s_hv_tm.c | ||
| book3s_hv.c | ||
| book3s_interrupts.S | ||
| book3s_mmu_hpte.c | ||
| book3s_paired_singles.c | ||
| book3s_pr_papr.c | ||
| book3s_pr.c | ||
| book3s_rmhandlers.S | ||
| book3s_rtas.c | ||
| book3s_segment.S | ||
| book3s_xics.c | ||
| book3s_xics.h | ||
| book3s_xive_native.c | ||
| book3s_xive_template.c | ||
| book3s_xive.c | ||
| book3s_xive.h | ||
| book3s.c | ||
| book3s.h | ||
| booke_emulate.c | ||
| booke_interrupts.S | ||
| booke.c | ||
| booke.h | ||
| bookehv_interrupts.S | ||
| e500_emulate.c | ||
| e500_mmu_host.c | ||
| e500_mmu_host.h | ||
| e500_mmu.c | ||
| e500.c | ||
| e500.h | ||
| e500mc.c | ||
| emulate_loadstore.c | ||
| emulate.c | ||
| fpu.S | ||
| irq.h | ||
| Kconfig | ||
| Makefile | ||
| mpic.c | ||
| powerpc.c | ||
| timing.c | ||
| timing.h | ||
| tm.S | ||
| trace_book3s.h | ||
| trace_booke.h | ||
| trace_hv.h | ||
| trace_pr.h | ||
| trace.h | ||