kernel/virt/kvm, branch linux-2.6.28.y

KVM: mmu_notifiers release method

2009-05-02T17:57:11Z

(cherry picked from 85db06e514422ae429b5f85742d8111b70bd56f3) The destructor for huge pages uses the backing inode for adjusting hugetlbfs accounting. Hugepage mappings are destroyed by exit_mmap, after mmu_notifier_release, so there are no notifications through unmap_hugepage_range at this point. The hugetlbfs inode can be freed with pages backed by it referenced by the shadow. When the shadow releases its reference, the huge page destructor will access a now freed inode. Implement the release operation for kvm mmu notifiers to release page refs before the hugetlbfs inode is gone. Signed-off-by: Marcelo Tosatti Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman

KVM: Advertise the bug in memory region destruction as fixed

2009-05-02T17:57:09Z

(cherry picked from 1a811b6167089bcdb84284f2dc9fd0b4d0f1899d) Userspace might need to act differently. Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman

KVM: set owner of cpu and vm file operations

2009-05-02T17:57:09Z

(cherry picked from 3d3aab1b973b01bd2a1aa46307e94a1380b1d802) There is a race between a "close of the file descriptors" and module unload in the kvm module. You can easily trigger this problem by applying this debug patch: >--- kvm.orig/virt/kvm/kvm_main.c >+++ kvm/virt/kvm/kvm_main.c >@@ -648,10 +648,14 @@ void kvm_free_physmem(struct kvm *kvm) > kvm_free_physmem_slot(&kvm->memslots[i], NULL); > } > >+#include > static void kvm_destroy_vm(struct kvm *kvm) > { > struct mm_struct *mm = kvm->mm; > >+ printk("off1\n"); >+ msleep(5000); >+ printk("off2\n"); > spin_lock(&kvm_lock); > list_del(&kvm->vm_list); > spin_unlock(&kvm_lock); and killing the userspace, followed by an rmmod. The problem is that kvm_destroy_vm can run while the module count is 0. That means, you can remove the module while kvm_destroy_vm is running. But kvm_destroy_vm is part of the module text. This causes a kerneloops. The race exists without the msleep but is much harder to trigger. This patch requires the fix for anon_inodes (anon_inodes: use fops->owner for module refcount). With this patch, we can set the owner of all anonymous KVM inodes file operations. The VFS will then control the KVM module refcount as long as there is an open file. kvm_destroy_vm will be called by the release function of the last closed file - before the VFS drops the module refcount. Signed-off-by: Christian Borntraeger Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman

KVM: Really remove a slot when a user ask us so

2009-05-02T17:57:08Z

(cherry picked from 6f89724829cfd4ad6771a92fd4b8d59c90c7220c) Right now, KVM does not remove a slot when we do a register ioctl for size 0 (would be the expected behaviour). Instead, we only mark it as empty, but keep all bitmaps and allocated data structures present. It completely nullifies our chances of reusing that same slot again for mapping a different piece of memory. In this patch, we destroy rmaps, and vfree() the pointers that used to hold the dirty bitmap, rmap and lpage_info structures. Signed-off-by: Glauber Costa Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman

KVM: Prevent trace call into unloaded module text

2009-05-02T17:57:08Z

(cherry picked from b82091824ee4970adf92d5cd6d57b12273171625) Add marker_synchronize_unregister() before module unloading. This prevents possible trace calls into unloaded module text. Signed-off-by: Wu Fengguang Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman

KVM: MMU: Fix aliased gfns treated as unaliased

2009-05-02T17:57:07Z

(cherry picked from 2843099fee32a6020e1caa95c6026f28b5d43bff) Some areas of kvm x86 mmu are using gfn offset inside a slot without unaliasing the gfn first. This patch makes sure that the gfn will be unaliased and add gfn_to_memslot_unaliased() to save the calculating of the gfn unaliasing in case we have it unaliased already. Signed-off-by: Izik Eidus Acked-by: Marcelo Tosatti Signed-off-by: Avi Kivity Signed-off-by: Greg Kroah-Hartman

KVM: Fix guest shared interrupt with in-kernel irqchip

2008-10-28T12:21:34Z

Every call of kvm_set_irq() should offer an irq_source_id, which is allocated by kvm_request_irq_source_id(). Based on irq_source_id, we identify the irq source and implement logical OR for shared level interrupts. The allocated irq_source_id can be freed by kvm_free_irq_source_id(). Currently, we support at most sizeof(unsigned long) different irq sources. [Amit: - rebase to kvm.git HEAD - move definition of KVM_USERSPACE_IRQ_SOURCE_ID to common file - move kvm_request_irq_source_id to the update_irq ioctl] [Xiantao: - Add kvm/ia64 stuff and make it work for kvm/ia64 guests] Signed-off-by: Sheng Yang Signed-off-by: Amit Shah Signed-off-by: Xiantao Zhang Signed-off-by: Avi Kivity

KVM: Move irqchip_in_kernel() from ioapic.h to irq.h

2008-10-15T12:25:36Z

Moving irqchip_in_kernel() from ioapic.h to irq.h. Signed-off-by: Xiantao Zhang Signed-off-by: Avi Kivity

KVM: Separate irq ack notification out of arch/x86/kvm/irq.c

2008-10-15T12:25:35Z

Moving irq ack notification logic as common, and make it shared with ia64 side. Signed-off-by: Xiantao Zhang Signed-off-by: Avi Kivity

KVM: Change is_mmio_pfn to kvm_is_mmio_pfn, and make it common for all archs

2008-10-15T12:25:34Z

Add a kvm_ prefix to avoid polluting kernel's name space. Signed-off-by: Xiantao Zhang Signed-off-by: Avi Kivity