From 5b73d6347eb82cd2a26698fc339607e25e0ad917 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 15 Feb 2017 14:40:04 +1100 Subject: [PATCH 1/4] KVM: PPC: Book3S HV: Prevent double-free on HPT resize commit path resize_hpt_release(), called once the HPT resize of a KVM guest is completed (successfully or unsuccessfully) frees the state structure for the resize. It is currently not safe to call with a NULL pointer. However, one of the error paths in kvm_vm_ioctl_resize_hpt_commit() can invoke it with a NULL pointer. This will occur if userspace improperly invokes KVM_PPC_RESIZE_HPT_COMMIT without previously calling KVM_PPC_RESIZE_HPT_PREPARE, or if it calls COMMIT twice without an intervening PREPARE. To fix this potential crash bug - and maybe others like it, make it safe (and a no-op) to call resize_hpt_release() with a NULL resize pointer. Found by Dan Carpenter with a static checker. Reported-by: Dan Carpenter Signed-off-by: David Gibson Signed-off-by: Paul Mackerras --- arch/powerpc/kvm/book3s_64_mmu_hv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/kvm/book3s_64_mmu_hv.c b/arch/powerpc/kvm/book3s_64_mmu_hv.c index 013552f05182..72ccac26e464 100644 --- a/arch/powerpc/kvm/book3s_64_mmu_hv.c +++ b/arch/powerpc/kvm/book3s_64_mmu_hv.c @@ -1407,6 +1407,9 @@ static void resize_hpt_release(struct kvm *kvm, struct kvm_resize_hpt *resize) { BUG_ON(kvm->arch.resize_hpt != resize); + if (!resize) + return; + if (resize->hpt.virt) kvmppc_free_hpt(&resize->hpt); From 4da934dc6515afaa1db4e02548803de0cd279734 Mon Sep 17 00:00:00 2001 From: Vipin K Parashar Date: Thu, 16 Feb 2017 22:40:26 +0530 Subject: [PATCH 2/4] KVM: PPC: Book3S PR: Ratelimit copy data failure error messages kvm_ppc_mmu_book3s_32/64 xlat() logs "KVM can't copy data" error upon failing to copy user data to kernel space. This floods kernel log once such fails occur in short time period. Ratelimit this error to avoid flooding kernel logs upon copy data failures. Signed-off-by: Vipin K Parashar Signed-off-by: Paul Mackerras --- arch/powerpc/kvm/book3s_32_mmu.c | 3 ++- arch/powerpc/kvm/book3s_64_mmu.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kvm/book3s_32_mmu.c b/arch/powerpc/kvm/book3s_32_mmu.c index a2eb6d354a57..1992676c7a94 100644 --- a/arch/powerpc/kvm/book3s_32_mmu.c +++ b/arch/powerpc/kvm/book3s_32_mmu.c @@ -224,7 +224,8 @@ static int kvmppc_mmu_book3s_32_xlate_pte(struct kvm_vcpu *vcpu, gva_t eaddr, ptem = kvmppc_mmu_book3s_32_get_ptem(sre, eaddr, primary); if(copy_from_user(pteg, (void __user *)ptegp, sizeof(pteg))) { - printk(KERN_ERR "KVM: Can't copy data from 0x%lx!\n", ptegp); + printk_ratelimited(KERN_ERR + "KVM: Can't copy data from 0x%lx!\n", ptegp); goto no_page_found; } diff --git a/arch/powerpc/kvm/book3s_64_mmu.c b/arch/powerpc/kvm/book3s_64_mmu.c index b9131aa1aedf..70153578131a 100644 --- a/arch/powerpc/kvm/book3s_64_mmu.c +++ b/arch/powerpc/kvm/book3s_64_mmu.c @@ -265,7 +265,8 @@ do_second: goto no_page_found; if(copy_from_user(pteg, (void __user *)ptegp, sizeof(pteg))) { - printk(KERN_ERR "KVM can't copy data from 0x%lx!\n", ptegp); + printk_ratelimited(KERN_ERR + "KVM: Can't copy data from 0x%lx!\n", ptegp); goto no_page_found; } From 3a4f17608162bbbdcdd9680789b1bc61017cefa3 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Thu, 16 Feb 2017 22:07:12 +0100 Subject: [PATCH 3/4] KVM: PPC: Book3S HV: Turn "KVM guest htab" message into a debug message The average user likely does not know what a "htab" or "LPID" is, and it's annoying that these messages are quickly filling the dmesg log when you're doing boot cycle tests, so let's turn it into a debug message instead. Signed-off-by: Thomas Huth Signed-off-by: Paul Mackerras --- arch/powerpc/kvm/book3s_64_mmu_hv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kvm/book3s_64_mmu_hv.c b/arch/powerpc/kvm/book3s_64_mmu_hv.c index 72ccac26e464..b68b342dd01f 100644 --- a/arch/powerpc/kvm/book3s_64_mmu_hv.c +++ b/arch/powerpc/kvm/book3s_64_mmu_hv.c @@ -127,8 +127,8 @@ void kvmppc_set_hpt(struct kvm *kvm, struct kvm_hpt_info *info) kvm->arch.hpt = *info; kvm->arch.sdr1 = __pa(info->virt) | (info->order - 18); - pr_info("KVM guest htab at %lx (order %ld), LPID %x\n", - info->virt, (long)info->order, kvm->arch.lpid); + pr_debug("KVM guest htab at %lx (order %ld), LPID %x\n", + info->virt, (long)info->order, kvm->arch.lpid); } long kvmppc_alloc_reset_hpt(struct kvm *kvm, int order) From bcd3bb63dbc87a3bbb21e95a09cd26bb6479c332 Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Sat, 18 Feb 2017 08:30:44 +1100 Subject: [PATCH 4/4] KVM: PPC: Book3S HV: Disable HPT resizing on POWER9 for now The new HPT resizing code added in commit b5baa6877315 ("KVM: PPC: Book3S HV: KVM-HV HPT resizing implementation", 2016-12-20) doesn't have code to handle the new HPTE format which POWER9 uses. Thus it would be best not to advertise it to userspace on POWER9 systems until it works properly. Also, since resize_hpt_rehash_hpte() contains BUG_ON() calls that could be hit on POWER9, let's prevent it from being called on POWER9 for now. Acked-by: David Gibson Signed-off-by: Paul Mackerras --- arch/powerpc/kvm/book3s_64_mmu_hv.c | 6 ++++++ arch/powerpc/kvm/powerpc.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kvm/book3s_64_mmu_hv.c b/arch/powerpc/kvm/book3s_64_mmu_hv.c index b68b342dd01f..f3158fb16de3 100644 --- a/arch/powerpc/kvm/book3s_64_mmu_hv.c +++ b/arch/powerpc/kvm/book3s_64_mmu_hv.c @@ -1370,6 +1370,12 @@ static int resize_hpt_rehash(struct kvm_resize_hpt *resize) unsigned long i; int rc; + /* + * resize_hpt_rehash_hpte() doesn't handle the new-format HPTEs + * that POWER9 uses, and could well hit a BUG_ON on POWER9. + */ + if (cpu_has_feature(CPU_FTR_ARCH_300)) + return -EIO; for (i = 0; i < kvmppc_hpt_npte(&kvm->arch.hpt); i++) { rc = resize_hpt_rehash_hpte(resize, i); if (rc != 0) diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c index 2b3e4e620078..fcb253ba51e5 100644 --- a/arch/powerpc/kvm/powerpc.c +++ b/arch/powerpc/kvm/powerpc.c @@ -613,7 +613,8 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) r = 1; break; case KVM_CAP_SPAPR_RESIZE_HPT: - r = !!hv_enabled; + /* Disable this on POWER9 until code handles new HPTE format */ + r = !!hv_enabled && !cpu_has_feature(CPU_FTR_ARCH_300); break; #endif case KVM_CAP_PPC_HTM: