mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-04 16:15:11 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/powerpc
History
Paul Mackerras 6f868405fa KVM: PPC: Book3S HV: XIVE: Prevent races when releasing device 
Now that we have the possibility of a XIVE or XICS-on-XIVE device being
released while the VM is still running, we need to be careful about
races and potential use-after-free bugs.  Although the kvmppc_xive
struct is not freed, but kept around for re-use, the kvmppc_xive_vcpu
structs are freed, and they are used extensively in both the XIVE native
and XICS-on-XIVE code.

There are various ways in which XIVE code gets invoked:

- VCPU entry and exit, which do push and pull operations on the XIVE hardware
- one_reg get and set functions (vcpu->mutex is held)
- XICS hypercalls (but only inside guest execution, not from
  kvmppc_pseries_do_hcall)
- device creation calls (kvm->lock is held)
- device callbacks - get/set attribute, mmap, pagefault, release/destroy
- set_mapped/clr_mapped calls (kvm->lock is held)
- connect_vcpu calls
- debugfs file read callbacks

Inside a device release function, we know that userspace cannot have an
open file descriptor referring to the device, nor can it have any mmapped
regions from the device.  Therefore the device callbacks are excluded,
as are the connect_vcpu calls (since they need a fd for the device).
Further, since the caller holds the kvm->lock mutex, no other device
creation calls or set/clr_mapped calls can be executing concurrently.

To exclude VCPU execution and XICS hypercalls, we temporarily set
kvm->arch.mmu_ready to 0.  This forces any VCPU task that is trying to
enter the guest to take the kvm->lock mutex, which is held by the caller
of the release function.  Then, sending an IPI to all other CPUs forces
any VCPU currently executing in the guest to exit.

Finally, we take the vcpu->mutex for each VCPU around the process of
cleaning up and freeing its XIVE data structures, in order to exclude
any one_reg get/set calls.

To exclude the debugfs read callbacks, we just need to ensure that
debugfs_remove is called before freeing any data structures.  Once it
returns we know that no CPU can be executing the callbacks (for our
kvmppc_xive instance).

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2019-04-30 19:41:01 +10:00
..
boot Kbuild updates for v5.1 2019-03-10 17:48:21 -07:00
configs powerpc fixes for 5.1 #2 2019-03-16 10:45:17 -07:00
crypto
include KVM: PPC: Book3S HV: XIVE: Replace the 'destroy' method by a 'release' method 2019-04-30 19:40:39 +10:00
kernel powerpc: Add force enable of DAWR on P9 option 2019-04-20 22:20:45 +10:00
kvm KVM: PPC: Book3S HV: XIVE: Prevent races when releasing device 2019-04-30 19:41:01 +10:00
lib treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
math-emu powerpc: math-emu: remove unneeded header search paths 2019-01-14 20:39:27 +11:00
mm powerpc/6xx: fix setup and use of SPRN_SPRG_PGDIR for hash32 2019-03-19 00:30:19 +11:00
net powerpc updates for 5.1 2019-03-07 12:56:26 -08:00
oprofile Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
perf powerpc updates for 5.1 2019-03-07 12:56:26 -08:00
platforms powerpc/xive: add OPAL extensions for the XIVE native exploitation support 2019-04-11 15:31:41 +10:00
purgatory
sysdev KVM: PPC: Book3S HV: XIVE: Add a TIMA mapping 2019-04-30 19:35:16 +10:00
tools powerpc/tools/checkpatch: Ignore DT_SPLIT_BINDING_PATCH 2018-12-04 19:45:01 +11:00
xmon powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc 2019-02-26 23:55:22 +11:00
Kbuild powerpc: Add -Werror at arch/powerpc level 2018-10-19 00:56:17 +11:00
Kconfig DMA mapping updates for 5.1 2019-03-10 11:54:48 -07:00
Kconfig.debug powerpc: Move page table dump files in a dedicated subdirectory 2019-02-22 22:29:22 +11:00
Makefile powerpc/32: Remove CURRENT_THREAD_INFO and rename TI_CPU 2019-02-23 22:31:40 +11:00
Makefile.postlink