[PATCH 23/24] kvm: x86/mmu: Freeze SPTEs in disconnected pages

[PATCH 00/24] Allow parallel page faults with TDP MMU · Ben Gardon <hidden> · 2021-01-12
[PATCH 01/24] locking/rwlocks: Add contention detection for rwlocks · Ben Gardon <hidden> · 2021-01-12
[PATCH 02/24] sched: Add needbreak for rwlocks · Ben Gardon <hidden> · 2021-01-12
[PATCH 07/24] kvm: x86/mmu: Add comment on __tdp_mmu_set_spte · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 07/24] kvm: x86/mmu: Add comment on __tdp_mmu_set_spte · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
[PATCH 03/24] sched: Add cond_resched_rwlock · Ben Gardon <hidden> · 2021-01-12
[PATCH 04/24] kvm: x86/mmu: change TDP MMU yield function returns to match cond_resched · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 04/24] kvm: x86/mmu: change TDP MMU yield function returns to match cond_resched · Sean Christopherson <seanjc@google.com> · 2021-01-20
Re: [PATCH 04/24] kvm: x86/mmu: change TDP MMU yield function returns to match cond_resched · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-21
Re: [PATCH 04/24] kvm: x86/mmu: change TDP MMU yield function returns to match cond_resched · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
[PATCH 09/24] kvm: x86/mmu: Don't redundantly clear TDP MMU pt memory · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 09/24] kvm: x86/mmu: Don't redundantly clear TDP MMU pt memory · Sean Christopherson <seanjc@google.com> · 2021-01-20
Re: [PATCH 09/24] kvm: x86/mmu: Don't redundantly clear TDP MMU pt memory · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
[PATCH 05/24] kvm: x86/mmu: Fix yielding in TDP MMU · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 05/24] kvm: x86/mmu: Fix yielding in TDP MMU · Sean Christopherson <seanjc@google.com> · 2021-01-20
Re: [PATCH 05/24] kvm: x86/mmu: Fix yielding in TDP MMU · Ben Gardon <hidden> · 2021-01-22
[PATCH 08/24] kvm: x86/mmu: Add lockdep when setting a TDP MMU SPTE · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 08/24] kvm: x86/mmu: Add lockdep when setting a TDP MMU SPTE · Sean Christopherson <seanjc@google.com> · 2021-01-20
Re: [PATCH 08/24] kvm: x86/mmu: Add lockdep when setting a TDP MMU SPTE · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
[PATCH 17/24] kvm: mmu: Move mmu_lock to struct kvm_arch · Ben Gardon <hidden> · 2021-01-12
[PATCH 18/24] kvm: x86/mmu: Use an rwlock for the x86 TDP MMU · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 18/24] kvm: x86/mmu: Use an rwlock for the x86 TDP MMU · Sean Christopherson <seanjc@google.com> · 2021-01-21
[PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Sean Christopherson <seanjc@google.com> · 2021-01-21
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Sean Christopherson <seanjc@google.com> · 2021-01-21
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Ben Gardon <hidden> · 2021-01-27
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Sean Christopherson <seanjc@google.com> · 2021-01-27
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Sean Christopherson <seanjc@google.com> · 2021-01-27
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-27
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
Re: [PATCH 19/24] kvm: x86/mmu: Protect tdp_mmu_pages with a lock · Ben Gardon <hidden> · 2021-01-27
[PATCH 14/24] kvm: mmu: Wrap mmu_lock lock / unlock in a function · Ben Gardon <hidden> · 2021-01-12
[PATCH 10/24] kvm: x86/mmu: Factor out handle disconnected pt · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 10/24] kvm: x86/mmu: Factor out handle disconnected pt · Sean Christopherson <seanjc@google.com> · 2021-01-20
Re: [PATCH 10/24] kvm: x86/mmu: Factor out handle disconnected pt · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
[PATCH 22/24] kvm: x86/mmu: Flush TLBs after zap in TDP MMU PF handler · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 22/24] kvm: x86/mmu: Flush TLBs after zap in TDP MMU PF handler · Sean Christopherson <seanjc@google.com> · 2021-01-21
[PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Sean Christopherson <seanjc@google.com> · 2021-01-21
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-21
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Ben Gardon <hidden> · 2021-01-27
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Ben Gardon <hidden> · 2021-01-26
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-27
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Ben Gardon <hidden> · 2021-01-27
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-27
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Ben Gardon <hidden> · 2021-01-27
Re: [PATCH 15/24] kvm: mmu: Wrap mmu_lock cond_resched and needbreak · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-28
[PATCH 24/24] kvm: x86/mmu: Allow parallel page faults for the TDP MMU · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 24/24] kvm: x86/mmu: Allow parallel page faults for the TDP MMU · Sean Christopherson <seanjc@google.com> · 2021-01-21
Re: [PATCH 24/24] kvm: x86/mmu: Allow parallel page faults for the TDP MMU · Ben Gardon <hidden> · 2021-01-27
Re: [PATCH 24/24] kvm: x86/mmu: Allow parallel page faults for the TDP MMU · Sean Christopherson <seanjc@google.com> · 2021-01-27
Re: [PATCH 24/24] kvm: x86/mmu: Allow parallel page faults for the TDP MMU · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
[PATCH 13/24] kvm: x86/mmu: Only free tdp_mmu pages after a grace period · Ben Gardon <hidden> · 2021-01-12
[PATCH 16/24] kvm: mmu: Wrap mmu_lock assertions · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 16/24] kvm: mmu: Wrap mmu_lock assertions · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
[PATCH 21/24] kvm: x86/mmu: Use atomic ops to set SPTEs in TDP MMU map · Ben Gardon <hidden> · 2021-01-12
[PATCH 12/24] kvm: x86/kvm: RCU dereference tdp mmu page table links · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 12/24] kvm: x86/kvm: RCU dereference tdp mmu page table links · Sean Christopherson <seanjc@google.com> · 2021-01-22
Re: [PATCH 12/24] kvm: x86/kvm: RCU dereference tdp mmu page table links · Ben Gardon <hidden> · 2021-01-27
[PATCH 11/24] kvm: x86/mmu: Put TDP MMU PT walks in RCU read-critical section · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 11/24] kvm: x86/mmu: Put TDP MMU PT walks in RCU read-critical section · Sean Christopherson <seanjc@google.com> · 2021-01-20
[PATCH 23/24] kvm: x86/mmu: Freeze SPTEs in disconnected pages · Ben Gardon <hidden> · 2021-01-12
[PATCH 20/24] kvm: x86/mmu: Add atomic option for setting SPTEs · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 20/24] kvm: x86/mmu: Add atomic option for setting SPTEs · Paolo Bonzini <pbonzini@redhat.com> · 2021-01-26
[PATCH 06/24] kvm: x86/mmu: Skip no-op changes in TDP MMU functions · Ben Gardon <hidden> · 2021-01-12
Re: [PATCH 06/24] kvm: x86/mmu: Skip no-op changes in TDP MMU functions · Sean Christopherson <seanjc@google.com> · 2021-01-20
Re: [PATCH 06/24] kvm: x86/mmu: Skip no-op changes in TDP MMU functions · Ben Gardon <hidden> · 2021-01-25

STALE1972d REVIEWED: 1 (0M)

From: Ben Gardon <hidden>
Date: 2021-01-12 18:13:55
Also in: lkml
Subsystem: kernel virtual machine for x86 (kvm/x86), the rest, x86 architecture (32-bit and 64-bit) · Maintainers: Sean Christopherson, Paolo Bonzini, Linus Torvalds, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen

When clearing TDP MMU pages what have been disconnected from the paging
structure root, set the SPTEs to a special non-present value which will
not be overwritten by other threads. This is needed to prevent races in
which a thread is clearing a disconnected page table, but another thread
has already acquired a pointer to that memory and installs a mapping in
an already cleared entry. This can lead to memory leaks and accounting
errors.

Reviewed-by: Peter Feiner <redacted>

Signed-off-by: Ben Gardon <redacted>
---
 arch/x86/kvm/mmu/tdp_mmu.c | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c
index 5c9d053000ad..45160ff84e91 100644
--- a/arch/x86/kvm/mmu/tdp_mmu.c
+++ b/arch/x86/kvm/mmu/tdp_mmu.c

@@ -333,13 +333,14 @@ static void handle_disconnected_tdp_mmu_page(struct kvm *kvm, u64 *pt,
 {
 	struct kvm_mmu_page *sp;
 	gfn_t gfn;
+	gfn_t base_gfn;
 	int level;
 	u64 *sptep;
 	u64 old_child_spte;
 	int i;
 
 	sp = sptep_to_sp(pt);
-	gfn = sp->gfn;
+	base_gfn = sp->gfn;
 	level = sp->role.level;
 
 	trace_kvm_mmu_prepare_zap_page(sp);

@@ -348,16 +349,38 @@ static void handle_disconnected_tdp_mmu_page(struct kvm *kvm, u64 *pt,
 
 	for (i = 0; i < PT64_ENT_PER_PAGE; i++) {
 		sptep = pt + i;
+		gfn = base_gfn + (i * KVM_PAGES_PER_HPAGE(level - 1));
 
 		if (atomic) {
-			old_child_spte = xchg(sptep, 0);
+			/*
+			 * Set the SPTE to a nonpresent value that other
+			 * threads will not overwrite. If the SPTE was already
+			 * frozen then another thread handling a page fault
+			 * could overwrite it, so set the SPTE until it is set
+			 * from nonfrozen -> frozen.
+			 */
+			for (;;) {
+				old_child_spte = xchg(sptep, FROZEN_SPTE);
+				if (old_child_spte != FROZEN_SPTE)
+					break;
+				cpu_relax();
+			}
 		} else {
 			old_child_spte = READ_ONCE(*sptep);
-			WRITE_ONCE(*sptep, 0);
+
+			/*
+			 * Setting the SPTE to FROZEN_SPTE is not strictly
+			 * necessary here as the MMU lock should stop other
+			 * threads from concurrentrly modifying this SPTE.
+			 * Using FROZEN_SPTE keeps the atomic and
+			 * non-atomic cases consistent and simplifies the
+			 * function.
+			 */
+			WRITE_ONCE(*sptep, FROZEN_SPTE);
 		}
-		handle_changed_spte(kvm, kvm_mmu_page_as_id(sp),
-			gfn + (i * KVM_PAGES_PER_HPAGE(level - 1)),
-			old_child_spte, 0, level - 1, atomic);
+		handle_changed_spte(kvm, kvm_mmu_page_as_id(sp), gfn,
+				    old_child_spte, FROZEN_SPTE, level - 1,
+				    atomic);
 	}
 
 	kvm_flush_remote_tlbs_with_address(kvm, gfn,

-- 
2.30.0.284.gd98b1dd5eaa7-goog

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help