KVM: PPC: Book3S HV: Avoid touching arch.mmu_ready in XIVE release functions

Currently, kvmppc_xive_release() and kvmppc_xive_native_release() clear kvm->arch.mmu_ready and call kick_all_cpus_sync() as a way of ensuring that no vcpus are executing in the guest. However, future patches will change the mutex associated with kvm->arch.mmu_ready to a new mutex that nests inside the vcpu mutexes, making it difficult to continue to use this method. In fact, taking the vcpu mutex for a vcpu excludes execution of that vcpu, and we already take the vcpu mutex around the call to kvmppc_xive_[native_]cleanup_vcpu(). Once the cleanup function is done and we release the vcpu mutex, the vcpu can execute once again, but because we have cleared vcpu->arch.xive_vcpu, vcpu->arch.irq_type, vcpu->arch.xive_esc_vaddr and vcpu->arch.xive_esc_raddr, that vcpu will not be going into XIVE code any more. Thus, once we have cleaned up all of the vcpus, we are safe to clean up the rest of the XIVE state, and we don't need to use kvm->arch.mmu_ready to hold off vcpu execution. Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
author: Paul Mackerras <paulus@ozlabs.org> 2019-05-23 02:35:07 -0400
committer: Paul Mackerras <paulus@ozlabs.org> 2019-05-28 23:44:36 -0400
commit: c395fe1d8e49a5aa03504fcacfb7c95b5a4c6e04 (patch)
tree: 9931ba29c07a5cc3f71ffd134c4d418e936d11c6
parent: cd6c84d8f0cdc911df435bb075ba22ce3c605b07 (diff)
2 files changed, 24 insertions, 32 deletions
diff --git a/arch/powerpc/kvm/book3s_xive.c b/arch/powerpc/kvm/book3s_xive.c
index 4953957333b7..f623451ec0a3 100644
--- a/arch/powerpc/kvm/book3s_xive.c
+++ b/arch/powerpc/kvm/book3s_xive.c
@@ -1859,21 +1859,10 @@ static void kvmppc_xive_release(struct kvm_device *dev)
        struct kvm *kvm = xive->kvm;
        struct kvm_vcpu *vcpu;
        int i;
-        int was_ready;
        pr_devel("Releasing xive device\n");
-        debugfs_remove(xive->dentry);
        /*
-         * Clearing mmu_ready temporarily while holding kvm->lock
-         * is a way of ensuring that no vcpus can enter the guest
-         * until we drop kvm->lock.  Doing kick_all_cpus_sync()
-         * ensures that any vcpu executing inside the guest has
-         * exited the guest.  Once kick_all_cpus_sync() has finished,
-         * we know that no vcpu can be executing the XIVE push or
-         * pull code, or executing a XICS hcall.
-         *
         * Since this is the device release function, we know that
         * userspace does not have any open fd referring to the
         * device.  Therefore there can not be any of the device
@@ -1881,9 +1870,8 @@ static void kvmppc_xive_release(struct kvm_device *dev)
         * and similarly, the connect_vcpu and set/clr_mapped
         * functions also cannot be being executed.
         */
-        was_ready = kvm->arch.mmu_ready;
-        kvm->arch.mmu_ready = 0;
+        debugfs_remove(xive->dentry);
-        kick_all_cpus_sync();
        /*
         * We should clean up the vCPU interrupt presenters first.
@@ -1892,12 +1880,22 @@ static void kvmppc_xive_release(struct kvm_device *dev)
                /*
                 * Take vcpu->mutex to ensure that no one_reg get/set ioctl
                 * (i.e. kvmppc_xive_[gs]et_icp) can be done concurrently.
+                 * Holding the vcpu->mutex also means that the vcpu cannot
+                 * be executing the KVM_RUN ioctl, and therefore it cannot
+                 * be executing the XIVE push or pull code or accessing
+                 * the XIVE MMIO regions.
                 */
                mutex_lock(&vcpu->mutex);
                kvmppc_xive_cleanup_vcpu(vcpu);
                mutex_unlock(&vcpu->mutex);
        }
+        /*
+         * Now that we have cleared vcpu->arch.xive_vcpu, vcpu->arch.irq_type
+         * and vcpu->arch.xive_esc_[vr]addr on each vcpu, we are safe
+         * against xive code getting called during vcpu execution or
+         * set/get one_reg operations.
+         */
        kvm->arch.xive = NULL;
        /* Mask and free interrupts */
@@ -1911,8 +1909,6 @@ static void kvmppc_xive_release(struct kvm_device *dev)
        if (xive->vp_base != XIVE_INVALID_VP)
                xive_native_free_vp_block(xive->vp_base);
-        kvm->arch.mmu_ready = was_ready;
        /*
         * A reference of the kvmppc_xive pointer is now kept under
         * the xive_devices struct of the machine for reuse. It is
diff --git a/arch/powerpc/kvm/book3s_xive_native.c b/arch/powerpc/kvm/book3s_xive_native.c
index 6a8e698c4b6e..da31dd05fd72 100644
--- a/arch/powerpc/kvm/book3s_xive_native.c
+++ b/arch/powerpc/kvm/book3s_xive_native.c
@@ -973,21 +973,10 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
        struct kvm *kvm = xive->kvm;
        struct kvm_vcpu *vcpu;
        int i;
-        int was_ready;
-        debugfs_remove(xive->dentry);
        pr_devel("Releasing xive native device\n");
        /*
-         * Clearing mmu_ready temporarily while holding kvm->lock
-         * is a way of ensuring that no vcpus can enter the guest
-         * until we drop kvm->lock.  Doing kick_all_cpus_sync()
-         * ensures that any vcpu executing inside the guest has
-         * exited the guest.  Once kick_all_cpus_sync() has finished,
-         * we know that no vcpu can be executing the XIVE push or
-         * pull code or accessing the XIVE MMIO regions.
-         *
         * Since this is the device release function, we know that
         * userspace does not have any open fd or mmap referring to
         * the device.  Therefore there can not be any of the
@@ -996,9 +985,8 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
         * connect_vcpu and set/clr_mapped functions also cannot
         * be being executed.
         */
-        was_ready = kvm->arch.mmu_ready;
-        kvm->arch.mmu_ready = 0;
+        debugfs_remove(xive->dentry);
-        kick_all_cpus_sync();
        /*
         * We should clean up the vCPU interrupt presenters first.
@@ -1007,12 +995,22 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
                /*
                 * Take vcpu->mutex to ensure that no one_reg get/set ioctl
                 * (i.e. kvmppc_xive_native_[gs]et_vp) can be being done.
+                 * Holding the vcpu->mutex also means that the vcpu cannot
+                 * be executing the KVM_RUN ioctl, and therefore it cannot
+                 * be executing the XIVE push or pull code or accessing
+                 * the XIVE MMIO regions.
                 */
                mutex_lock(&vcpu->mutex);
                kvmppc_xive_native_cleanup_vcpu(vcpu);
                mutex_unlock(&vcpu->mutex);
        }
+        /*
+         * Now that we have cleared vcpu->arch.xive_vcpu, vcpu->arch.irq_type
+         * and vcpu->arch.xive_esc_[vr]addr on each vcpu, we are safe
+         * against xive code getting called during vcpu execution or
+         * set/get one_reg operations.
+         */
        kvm->arch.xive = NULL;
        for (i = 0; i <= xive->max_sbid; i++) {
@@ -1025,8 +1023,6 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
        if (xive->vp_base != XIVE_INVALID_VP)
                xive_native_free_vp_block(xive->vp_base);
-        kvm->arch.mmu_ready = was_ready;
        /*
         * A reference of the kvmppc_xive pointer is now kept under
         * the xive_devices struct of the machine for reuse. It is
author	Paul Mackerras <paulus@ozlabs.org>	2019-05-23 02:35:07 -0400
committer	Paul Mackerras <paulus@ozlabs.org>	2019-05-28 23:44:36 -0400
commit	c395fe1d8e49a5aa03504fcacfb7c95b5a4c6e04 (patch)
tree	9931ba29c07a5cc3f71ffd134c4d418e936d11c6
parent	cd6c84d8f0cdc911df435bb075ba22ce3c605b07 (diff)

diff --git a/arch/powerpc/kvm/book3s_xive.c b/arch/powerpc/kvm/book3s_xive.c index 4953957333b7..f623451ec0a3 100644 --- a/arch/powerpc/kvm/book3s_xive.c +++ b/arch/powerpc/kvm/book3s_xive.c
@@ -1859,21 +1859,10 @@ static void kvmppc_xive_release(struct kvm_device *dev)
1859	struct kvm *kvm = xive->kvm;	1859	struct kvm *kvm = xive->kvm;
1860	struct kvm_vcpu *vcpu;	1860	struct kvm_vcpu *vcpu;
1861	int i;	1861	int i;
1862	int was_ready;
1863		1862
1864	pr_devel("Releasing xive device\n");	1863	pr_devel("Releasing xive device\n");
1865		1864
1866	debugfs_remove(xive->dentry);
1867
1868	/*	1865	/*
1869	* Clearing mmu_ready temporarily while holding kvm->lock
1870	* is a way of ensuring that no vcpus can enter the guest
1871	* until we drop kvm->lock. Doing kick_all_cpus_sync()
1872	* ensures that any vcpu executing inside the guest has
1873	* exited the guest. Once kick_all_cpus_sync() has finished,
1874	* we know that no vcpu can be executing the XIVE push or
1875	* pull code, or executing a XICS hcall.
1876	*
1877	* Since this is the device release function, we know that	1866	* Since this is the device release function, we know that
1878	* userspace does not have any open fd referring to the	1867	* userspace does not have any open fd referring to the
1879	* device. Therefore there can not be any of the device	1868	* device. Therefore there can not be any of the device
@@ -1881,9 +1870,8 @@ static void kvmppc_xive_release(struct kvm_device *dev)
1881	* and similarly, the connect_vcpu and set/clr_mapped	1870	* and similarly, the connect_vcpu and set/clr_mapped
1882	* functions also cannot be being executed.	1871	* functions also cannot be being executed.
1883	*/	1872	*/
1884	was_ready = kvm->arch.mmu_ready;	1873
1885	kvm->arch.mmu_ready = 0;	1874	debugfs_remove(xive->dentry);
1886	kick_all_cpus_sync();
1887		1875
1888	/*	1876	/*
1889	* We should clean up the vCPU interrupt presenters first.	1877	* We should clean up the vCPU interrupt presenters first.
@@ -1892,12 +1880,22 @@ static void kvmppc_xive_release(struct kvm_device *dev)
1892	/*	1880	/*
1893	* Take vcpu->mutex to ensure that no one_reg get/set ioctl	1881	* Take vcpu->mutex to ensure that no one_reg get/set ioctl
1894	* (i.e. kvmppc_xive_[gs]et_icp) can be done concurrently.	1882	* (i.e. kvmppc_xive_[gs]et_icp) can be done concurrently.
		1883	* Holding the vcpu->mutex also means that the vcpu cannot
		1884	* be executing the KVM_RUN ioctl, and therefore it cannot
		1885	* be executing the XIVE push or pull code or accessing
		1886	* the XIVE MMIO regions.
1895	*/	1887	*/
1896	mutex_lock(&vcpu->mutex);	1888	mutex_lock(&vcpu->mutex);
1897	kvmppc_xive_cleanup_vcpu(vcpu);	1889	kvmppc_xive_cleanup_vcpu(vcpu);
1898	mutex_unlock(&vcpu->mutex);	1890	mutex_unlock(&vcpu->mutex);
1899	}	1891	}
1900		1892
		1893	/*
		1894	* Now that we have cleared vcpu->arch.xive_vcpu, vcpu->arch.irq_type
		1895	* and vcpu->arch.xive_esc_[vr]addr on each vcpu, we are safe
		1896	* against xive code getting called during vcpu execution or
		1897	* set/get one_reg operations.
		1898	*/
1901	kvm->arch.xive = NULL;	1899	kvm->arch.xive = NULL;
1902		1900
1903	/* Mask and free interrupts */	1901	/* Mask and free interrupts */
@@ -1911,8 +1909,6 @@ static void kvmppc_xive_release(struct kvm_device *dev)
1911	if (xive->vp_base != XIVE_INVALID_VP)	1909	if (xive->vp_base != XIVE_INVALID_VP)
1912	xive_native_free_vp_block(xive->vp_base);	1910	xive_native_free_vp_block(xive->vp_base);
1913		1911
1914	kvm->arch.mmu_ready = was_ready;
1915
1916	/*	1912	/*
1917	* A reference of the kvmppc_xive pointer is now kept under	1913	* A reference of the kvmppc_xive pointer is now kept under
1918	* the xive_devices struct of the machine for reuse. It is	1914	* the xive_devices struct of the machine for reuse. It is


diff --git a/arch/powerpc/kvm/book3s_xive_native.c b/arch/powerpc/kvm/book3s_xive_native.c index 6a8e698c4b6e..da31dd05fd72 100644 --- a/arch/powerpc/kvm/book3s_xive_native.c +++ b/arch/powerpc/kvm/book3s_xive_native.c
@@ -973,21 +973,10 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
973	struct kvm *kvm = xive->kvm;	973	struct kvm *kvm = xive->kvm;
974	struct kvm_vcpu *vcpu;	974	struct kvm_vcpu *vcpu;
975	int i;	975	int i;
976	int was_ready;
977
978	debugfs_remove(xive->dentry);
979		976
980	pr_devel("Releasing xive native device\n");	977	pr_devel("Releasing xive native device\n");
981		978
982	/*	979	/*
983	* Clearing mmu_ready temporarily while holding kvm->lock
984	* is a way of ensuring that no vcpus can enter the guest
985	* until we drop kvm->lock. Doing kick_all_cpus_sync()
986	* ensures that any vcpu executing inside the guest has
987	* exited the guest. Once kick_all_cpus_sync() has finished,
988	* we know that no vcpu can be executing the XIVE push or
989	* pull code or accessing the XIVE MMIO regions.
990	*
991	* Since this is the device release function, we know that	980	* Since this is the device release function, we know that
992	* userspace does not have any open fd or mmap referring to	981	* userspace does not have any open fd or mmap referring to
993	* the device. Therefore there can not be any of the	982	* the device. Therefore there can not be any of the
@@ -996,9 +985,8 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
996	* connect_vcpu and set/clr_mapped functions also cannot	985	* connect_vcpu and set/clr_mapped functions also cannot
997	* be being executed.	986	* be being executed.
998	*/	987	*/
999	was_ready = kvm->arch.mmu_ready;	988
1000	kvm->arch.mmu_ready = 0;	989	debugfs_remove(xive->dentry);
1001	kick_all_cpus_sync();
1002		990
1003	/*	991	/*
1004	* We should clean up the vCPU interrupt presenters first.	992	* We should clean up the vCPU interrupt presenters first.
@@ -1007,12 +995,22 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
1007	/*	995	/*
1008	* Take vcpu->mutex to ensure that no one_reg get/set ioctl	996	* Take vcpu->mutex to ensure that no one_reg get/set ioctl
1009	* (i.e. kvmppc_xive_native_[gs]et_vp) can be being done.	997	* (i.e. kvmppc_xive_native_[gs]et_vp) can be being done.
		998	* Holding the vcpu->mutex also means that the vcpu cannot
		999	* be executing the KVM_RUN ioctl, and therefore it cannot
		1000	* be executing the XIVE push or pull code or accessing
		1001	* the XIVE MMIO regions.
1010	*/	1002	*/
1011	mutex_lock(&vcpu->mutex);	1003	mutex_lock(&vcpu->mutex);
1012	kvmppc_xive_native_cleanup_vcpu(vcpu);	1004	kvmppc_xive_native_cleanup_vcpu(vcpu);
1013	mutex_unlock(&vcpu->mutex);	1005	mutex_unlock(&vcpu->mutex);
1014	}	1006	}
1015		1007
		1008	/*
		1009	* Now that we have cleared vcpu->arch.xive_vcpu, vcpu->arch.irq_type
		1010	* and vcpu->arch.xive_esc_[vr]addr on each vcpu, we are safe
		1011	* against xive code getting called during vcpu execution or
		1012	* set/get one_reg operations.
		1013	*/
1016	kvm->arch.xive = NULL;	1014	kvm->arch.xive = NULL;
1017		1015
1018	for (i = 0; i <= xive->max_sbid; i++) {	1016	for (i = 0; i <= xive->max_sbid; i++) {
@@ -1025,8 +1023,6 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
1025	if (xive->vp_base != XIVE_INVALID_VP)	1023	if (xive->vp_base != XIVE_INVALID_VP)
1026	xive_native_free_vp_block(xive->vp_base);	1024	xive_native_free_vp_block(xive->vp_base);
1027		1025
1028	kvm->arch.mmu_ready = was_ready;
1029
1030	/*	1026	/*
1031	* A reference of the kvmppc_xive pointer is now kept under	1027	* A reference of the kvmppc_xive pointer is now kept under
1032	* the xive_devices struct of the machine for reuse. It is	1028	* the xive_devices struct of the machine for reuse. It is