kvm: ppc: booke: check range page invalidation progress on page setup

When the MM code is invalidating a range of pages, it calls the KVM
kvm_mmu_notifier_invalidate_range_start() notifier function, which calls
kvm_unmap_hva_range(), which arranges to flush all the TLBs for guest pages.
However, the Linux PTEs for the range being flushed are still valid at
that point.  We are not supposed to establish any new references to pages
in the range until the ...range_end() notifier gets called.
The PPC-specific KVM code doesn't get any explicit notification of that;
instead, we are supposed to use mmu_notifier_retry() to test whether we
are or have been inside a range flush notifier pair while we have been
referencing a page.

This patch calls the mmu_notifier_retry() while mapping the guest
page to ensure we are not referencing a page when in range invalidation.

This call is inside a region locked with kvm->mmu_lock, which is the
same lock that is called by the KVM MMU notifier functions, thus
ensuring that no new notification can proceed while we are in the
locked region.

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Acked-by: Alexander Graf <agraf@suse.de>
[Backported to 3.12 - Paolo]
Reviewed-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

1 files changed, 17 insertions, 1 deletions

diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
index 1c6a9d729df4..c65593abae8e 100644
--- a/arch/powerpc/kvm/e500_mmu_host.c
+++ b/arch/powerpc/kvm/e500_mmu_host.c
@@ -332,6 +332,13 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
         unsigned long hva;
         int pfnmap = 0;
         int tsize = BOOK3E_PAGESZ_4K;
+        int ret = 0;
+        unsigned long mmu_seq;
+        struct kvm *kvm = vcpu_e500->vcpu.kvm;
+
+        /* used to check for invalidations in progress */
+        mmu_seq = kvm->mmu_notifier_seq;
+        smp_rmb();
 
         /*
          * Translate guest physical to true physical, acquiring
@@ -449,6 +456,12 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
                 gvaddr &= ~((tsize_pages << PAGE_SHIFT) - 1);
         }
 
+        spin_lock(&kvm->mmu_lock);
+        if (mmu_notifier_retry(kvm, mmu_seq)) {
+                ret = -EAGAIN;
+                goto out;
+        }
+
         kvmppc_e500_ref_setup(ref, gtlbe, pfn);
 
         kvmppc_e500_setup_stlbe(&vcpu_e500->vcpu, gtlbe, tsize,
@@ -457,10 +470,13 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
         /* Clear i-cache for new pages */
         kvmppc_mmu_flush_icache(pfn);
 
+out:
+        spin_unlock(&kvm->mmu_lock);
+
         /* Drop refcount on page, so that mmu notifiers can clear it */
         kvm_release_pfn_clean(pfn);
 
-        return 0;
+        return ret;
 }
 
 /* XXX only map the one-one case, for now use TLB0 */