drm/i915/gvt: Fix life cycle reference on KVM mm

Handle guest mm access life cycle properly with mmget()/mmput().
As noted by Linus, use_mm() depends on valid live page table but
KVM's mmgrab() doesn't guarantee that. As vGPU usage depends on
guest VM life cycle, need to make sure to use mmget()/mmput() to
guarantee VM address access.

v3: fix build

v2: v1 caused a weird dependence issue which failed for vfio
device release, which result invalid mdev vgpu and kvm state
without proper release taken. This trys to put right reference
around VM address space access instead.

Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Zhi Wang <zhi.a.wang@intel.com>
Reviewed-by: Zhi Wang <zhi.a.wang@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>

1 files changed, 8 insertions, 2 deletions

diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
index a45f46d8537f..c7afee37b2b8 100644
--- a/drivers/gpu/drm/i915/gvt/kvmgt.c
+++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
@@ -32,6 +32,7 @@
 #include <linux/device.h>
 #include <linux/mm.h>
 #include <linux/mmu_context.h>
+#include <linux/sched/mm.h>
 #include <linux/types.h>
 #include <linux/list.h>
 #include <linux/rbtree.h>
@@ -1792,16 +1793,21 @@ static int kvmgt_rw_gpa(unsigned long handle, unsigned long gpa,
         info = (struct kvmgt_guest_info *)handle;
         kvm = info->kvm;
 
-        if (kthread)
+        if (kthread) {
+                if (!mmget_not_zero(kvm->mm))
+                        return -EFAULT;
                 use_mm(kvm->mm);
+        }
 
         idx = srcu_read_lock(&kvm->srcu);
         ret = write ? kvm_write_guest(kvm, gpa, buf, len) :
                       kvm_read_guest(kvm, gpa, buf, len);
         srcu_read_unlock(&kvm->srcu, idx);
 
-        if (kthread)
+        if (kthread) {
                 unuse_mm(kvm->mm);
+                mmput(kvm->mm);
+        }
 
         return ret;
 }