Merge branch 'kvm-updates/2.6.33' of git://git.kernel.org/pub/scm/virt/kvm/kvm

* 'kvm-updates/2.6.33' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: Fix leak of free lapic date in kvm_arch_vcpu_init() KVM: x86: Fix probable memory leak of vcpu->arch.mce_banks KVM: S390: fix potential array overrun in intercept handling KVM: fix spurious interrupt with irqfd eventfd - allow atomic read and waitqueue remove KVM: MMU: bail out pagewalk on kvm_read_guest error KVM: properly check max PIC pin in irq route setup KVM: only allow one gsi per fd KVM: x86: Fix host_mapping_level() KVM: powerpc: Show timing option only on embedded KVM: Fix race between APIC TMR and IRR
author: Linus Torvalds <torvalds@linux-foundation.org> 2010-01-25 22:02:31 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-01-25 22:02:31 -0500
commit: 486d35e2220acfe45d85131c557d94fe889184a2 (patch)
tree: 6be42a8a0d82e7e09bb4ac05edcbdb96adf650dc /arch
parent: a8d0b6666ecfe14226f1e46d693d5e2cde072337 (diff)
parent: 443c39bc9ef7d8f648408d74c97e943f3bb3f48a (diff)
6 files changed, 18 insertions, 15 deletions
diff --git a/arch/powerpc/kvm/Kconfig b/arch/powerpc/kvm/Kconfig
index 07703f72330e..6fb6e8aa3890 100644
--- a/arch/powerpc/kvm/Kconfig
+++ b/arch/powerpc/kvm/Kconfig
@@ -53,7 +53,7 @@ config KVM_440
 config KVM_EXIT_TIMING
        bool "Detailed exit timing"
-        depends on KVM
+        depends on KVM_440 || KVM_E500
        ---help---
          Calculate elapsed time for every exit/enter cycle. A per-vcpu
          report is available in debugfs kvm/vm#_vcpu#_timing.
diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
index ba9d8a7bc1ac..b40096494e46 100644
--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -213,7 +213,7 @@ static int handle_instruction_and_prog(struct kvm_vcpu *vcpu)
        return rc2;
 }
-static const intercept_handler_t intercept_funcs[0x48 >> 2] = {
+static const intercept_handler_t intercept_funcs[] = {
        [0x00 >> 2] = handle_noop,
        [0x04 >> 2] = handle_instruction,
        [0x08 >> 2] = handle_prog,
@@ -230,7 +230,7 @@ int kvm_handle_sie_intercept(struct kvm_vcpu *vcpu)
        intercept_handler_t func;
        u8 code = vcpu->arch.sie_block->icptcode;
-        if (code & 3 || code > 0x48)
+        if (code & 3 || (code >> 2) >= ARRAY_SIZE(intercept_funcs))
                return -ENOTSUPP;
        func = intercept_funcs[code >> 2];
        if (func)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 3063a0c4858b..ba8c045da782 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -373,6 +373,12 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                if (unlikely(!apic_enabled(apic)))
                        break;
+                if (trig_mode) {
+                        apic_debug("level trig mode for vector %d", vector);
+                        apic_set_vector(vector, apic->regs + APIC_TMR);
+                } else
+                        apic_clear_vector(vector, apic->regs + APIC_TMR);
                result = !apic_test_and_set_irr(vector, apic);
                trace_kvm_apic_accept_irq(vcpu->vcpu_id, delivery_mode,
                                          trig_mode, vector, !result);
@@ -383,11 +389,6 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                        break;
                }
-                if (trig_mode) {
-                        apic_debug("level trig mode for vector %d", vector);
-                        apic_set_vector(vector, apic->regs + APIC_TMR);
-                } else
-                        apic_clear_vector(vector, apic->regs + APIC_TMR);
                kvm_vcpu_kick(vcpu);
                break;
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 4c3e5b2314cb..89a49fb46a27 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -477,7 +477,7 @@ static int host_mapping_level(struct kvm *kvm, gfn_t gfn)
        addr = gfn_to_hva(kvm, gfn);
        if (kvm_is_error_hva(addr))
-                return page_size;
+                return PT_PAGE_TABLE_LEVEL;
        down_read(&current->mm->mmap_sem);
        vma = find_vma(current->mm, addr);
@@ -515,11 +515,9 @@ static int mapping_level(struct kvm_vcpu *vcpu, gfn_t large_gfn)
        if (host_level == PT_PAGE_TABLE_LEVEL)
                return host_level;
-        for (level = PT_DIRECTORY_LEVEL; level <= host_level; ++level) {
+        for (level = PT_DIRECTORY_LEVEL; level <= host_level; ++level)
                if (has_wrprotected_page(vcpu->kvm, large_gfn, level))
                        break;
-        }
        return level - 1;
 }
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 58a0f1e88596..ede2131a9225 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -150,7 +150,9 @@ walk:
                walker->table_gfn[walker->level - 1] = table_gfn;
                walker->pte_gpa[walker->level - 1] = pte_gpa;
-                kvm_read_guest(vcpu->kvm, pte_gpa, &pte, sizeof(pte));
+                if (kvm_read_guest(vcpu->kvm, pte_gpa, &pte, sizeof(pte)))
+                        goto not_present;
                trace_kvm_mmu_paging_element(pte, walker->level);
                if (!is_present_gpte(pte))
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 6651dbf58675..1ddcad452add 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5072,12 +5072,13 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
                                       GFP_KERNEL);
        if (!vcpu->arch.mce_banks) {
                r = -ENOMEM;
-                goto fail_mmu_destroy;
+                goto fail_free_lapic;
        }
        vcpu->arch.mcg_cap = KVM_MAX_MCE_BANKS;
        return 0;
+fail_free_lapic:
+        kvm_free_lapic(vcpu);
 fail_mmu_destroy:
        kvm_mmu_destroy(vcpu);
 fail_free_pio_data:
@@ -5088,6 +5089,7 @@ fail:
 void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
 {
+        kfree(vcpu->arch.mce_banks);
        kvm_free_lapic(vcpu);
        down_read(&vcpu->kvm->slots_lock);
        kvm_mmu_destroy(vcpu);
author	Linus Torvalds <torvalds@linux-foundation.org>	2010-01-25 22:02:31 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-01-25 22:02:31 -0500
commit	486d35e2220acfe45d85131c557d94fe889184a2 (patch)
tree	6be42a8a0d82e7e09bb4ac05edcbdb96adf650dc /arch
parent	a8d0b6666ecfe14226f1e46d693d5e2cde072337 (diff)
parent	443c39bc9ef7d8f648408d74c97e943f3bb3f48a (diff)

diff --git a/arch/powerpc/kvm/Kconfig b/arch/powerpc/kvm/Kconfig index 07703f72330e..6fb6e8aa3890 100644 --- a/arch/powerpc/kvm/Kconfig +++ b/arch/powerpc/kvm/Kconfig
@@ -53,7 +53,7 @@ config KVM_440
53		53
54	config KVM_EXIT_TIMING	54	config KVM_EXIT_TIMING
55	bool "Detailed exit timing"	55	bool "Detailed exit timing"
56	depends on KVM	56	depends on KVM_440 \|\| KVM_E500
57	---help---	57	---help---
58	Calculate elapsed time for every exit/enter cycle. A per-vcpu	58	Calculate elapsed time for every exit/enter cycle. A per-vcpu
59	report is available in debugfs kvm/vm#_vcpu#_timing.	59	report is available in debugfs kvm/vm#_vcpu#_timing.


diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c index ba9d8a7bc1ac..b40096494e46 100644 --- a/arch/s390/kvm/intercept.c +++ b/arch/s390/kvm/intercept.c
@@ -213,7 +213,7 @@ static int handle_instruction_and_prog(struct kvm_vcpu *vcpu)
213	return rc2;	213	return rc2;
214	}	214	}
215		215
216	static const intercept_handler_t intercept_funcs[0x48 >> 2] = {	216	static const intercept_handler_t intercept_funcs[] = {
217	[0x00 >> 2] = handle_noop,	217	[0x00 >> 2] = handle_noop,
218	[0x04 >> 2] = handle_instruction,	218	[0x04 >> 2] = handle_instruction,
219	[0x08 >> 2] = handle_prog,	219	[0x08 >> 2] = handle_prog,
@@ -230,7 +230,7 @@ int kvm_handle_sie_intercept(struct kvm_vcpu *vcpu)
230	intercept_handler_t func;	230	intercept_handler_t func;
231	u8 code = vcpu->arch.sie_block->icptcode;	231	u8 code = vcpu->arch.sie_block->icptcode;
232		232
233	if (code & 3 \|\| code > 0x48)	233	if (code & 3 \|\| (code >> 2) >= ARRAY_SIZE(intercept_funcs))
234	return -ENOTSUPP;	234	return -ENOTSUPP;
235	func = intercept_funcs[code >> 2];	235	func = intercept_funcs[code >> 2];
236	if (func)	236	if (func)


diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 3063a0c4858b..ba8c045da782 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c
@@ -373,6 +373,12 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
373	if (unlikely(!apic_enabled(apic)))	373	if (unlikely(!apic_enabled(apic)))
374	break;	374	break;
375		375
		376	if (trig_mode) {
		377	apic_debug("level trig mode for vector %d", vector);
		378	apic_set_vector(vector, apic->regs + APIC_TMR);
		379	} else
		380	apic_clear_vector(vector, apic->regs + APIC_TMR);
		381
376	result = !apic_test_and_set_irr(vector, apic);	382	result = !apic_test_and_set_irr(vector, apic);
377	trace_kvm_apic_accept_irq(vcpu->vcpu_id, delivery_mode,	383	trace_kvm_apic_accept_irq(vcpu->vcpu_id, delivery_mode,
378	trig_mode, vector, !result);	384	trig_mode, vector, !result);
@@ -383,11 +389,6 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
383	break;	389	break;
384	}	390	}
385		391
386	if (trig_mode) {
387	apic_debug("level trig mode for vector %d", vector);
388	apic_set_vector(vector, apic->regs + APIC_TMR);
389	} else
390	apic_clear_vector(vector, apic->regs + APIC_TMR);
391	kvm_vcpu_kick(vcpu);	392	kvm_vcpu_kick(vcpu);
392	break;	393	break;
393		394


diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 4c3e5b2314cb..89a49fb46a27 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c
@@ -477,7 +477,7 @@ static int host_mapping_level(struct kvm *kvm, gfn_t gfn)
477		477
478	addr = gfn_to_hva(kvm, gfn);	478	addr = gfn_to_hva(kvm, gfn);
479	if (kvm_is_error_hva(addr))	479	if (kvm_is_error_hva(addr))
480	return page_size;	480	return PT_PAGE_TABLE_LEVEL;
481		481
482	down_read(&current->mm->mmap_sem);	482	down_read(&current->mm->mmap_sem);
483	vma = find_vma(current->mm, addr);	483	vma = find_vma(current->mm, addr);
@@ -515,11 +515,9 @@ static int mapping_level(struct kvm_vcpu *vcpu, gfn_t large_gfn)
515	if (host_level == PT_PAGE_TABLE_LEVEL)	515	if (host_level == PT_PAGE_TABLE_LEVEL)
516	return host_level;	516	return host_level;
517		517
518	for (level = PT_DIRECTORY_LEVEL; level <= host_level; ++level) {	518	for (level = PT_DIRECTORY_LEVEL; level <= host_level; ++level)
519
520	if (has_wrprotected_page(vcpu->kvm, large_gfn, level))	519	if (has_wrprotected_page(vcpu->kvm, large_gfn, level))
521	break;	520	break;
522	}
523		521
524	return level - 1;	522	return level - 1;
525	}	523	}


diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h index 58a0f1e88596..ede2131a9225 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h
@@ -150,7 +150,9 @@ walk:
150	walker->table_gfn[walker->level - 1] = table_gfn;	150	walker->table_gfn[walker->level - 1] = table_gfn;
151	walker->pte_gpa[walker->level - 1] = pte_gpa;	151	walker->pte_gpa[walker->level - 1] = pte_gpa;
152		152
153	kvm_read_guest(vcpu->kvm, pte_gpa, &pte, sizeof(pte));	153	if (kvm_read_guest(vcpu->kvm, pte_gpa, &pte, sizeof(pte)))
		154	goto not_present;
		155
154	trace_kvm_mmu_paging_element(pte, walker->level);	156	trace_kvm_mmu_paging_element(pte, walker->level);
155		157
156	if (!is_present_gpte(pte))	158	if (!is_present_gpte(pte))


diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 6651dbf58675..1ddcad452add 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c
@@ -5072,12 +5072,13 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
5072	GFP_KERNEL);	5072	GFP_KERNEL);
5073	if (!vcpu->arch.mce_banks) {	5073	if (!vcpu->arch.mce_banks) {
5074	r = -ENOMEM;	5074	r = -ENOMEM;
5075	goto fail_mmu_destroy;	5075	goto fail_free_lapic;
5076	}	5076	}
5077	vcpu->arch.mcg_cap = KVM_MAX_MCE_BANKS;	5077	vcpu->arch.mcg_cap = KVM_MAX_MCE_BANKS;
5078		5078
5079	return 0;	5079	return 0;
5080		5080	fail_free_lapic:
		5081	kvm_free_lapic(vcpu);
5081	fail_mmu_destroy:	5082	fail_mmu_destroy:
5082	kvm_mmu_destroy(vcpu);	5083	kvm_mmu_destroy(vcpu);
5083	fail_free_pio_data:	5084	fail_free_pio_data:
@@ -5088,6 +5089,7 @@ fail:
5088		5089
5089	void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)	5090	void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
5090	{	5091	{
		5092	kfree(vcpu->arch.mce_banks);
5091	kvm_free_lapic(vcpu);	5093	kvm_free_lapic(vcpu);
5092	down_read(&vcpu->kvm->slots_lock);	5094	down_read(&vcpu->kvm->slots_lock);
5093	kvm_mmu_destroy(vcpu);	5095	kvm_mmu_destroy(vcpu);