22 Apr, 2009
2 commits
-
When checking for overlapping slots on registration of a new one, kvm
currently also considers zero-length (ie. deleted) slots and rejects
requests incorrectly. This finally denies user space from joining slots.
Fix the check by skipping deleted slots and advertise this via a
KVM_CAP_JOIN_MEMORY_REGIONS_WORKS.Cc: stable@kernel.org
Signed-off-by: Jan Kiszka
Signed-off-by: Avi Kivity -
The large page initialization code concludes there are two large pages spanned
by a slot covering 1 (small) page starting at gfn 1. This is incorrect, and
also results in incorrect write_count initialization in some cases (base = 1,
npages = 513 for example).Cc: stable@kernel.org
Signed-off-by: Avi Kivity
24 Mar, 2009
13 commits
-
In capability probing ioctl.
Signed-off-by: Sheng Yang
Signed-off-by: Avi Kivity -
Impact: Make symbols static.
Fix this sparse warnings:
arch/x86/kvm/mmu.c:992:5: warning: symbol 'mmu_pages_add' was not declared. Should it be static?
arch/x86/kvm/mmu.c:1124:5: warning: symbol 'mmu_pages_next' was not declared. Should it be static?
arch/x86/kvm/mmu.c:1144:6: warning: symbol 'mmu_pages_clear_parents' was not declared. Should it be static?
arch/x86/kvm/x86.c:2037:5: warning: symbol 'kvm_read_guest_virt' was not declared. Should it be static?
arch/x86/kvm/x86.c:2067:5: warning: symbol 'kvm_write_guest_virt' was not declared. Should it be static?
virt/kvm/irq_comm.c:220:5: warning: symbol 'setup_routing_entry' was not declared. Should it be static?Signed-off-by: Hannes Eder
Signed-off-by: Avi Kivity -
Include the newly introduced msidef.h to solve the build issues.
Signed-off-by: Xiantao Zhang
Signed-off-by: Avi Kivity -
only need to set assigned_dev_id for deassignment, use
match->flags to judge and deassign it.Acked-by: Mark McLoughlin
Signed-off-by: Weidong Han
Signed-off-by: Avi Kivity -
Return number of CPUs interrupt was successfully injected into or -1 if
none.Signed-off-by: Gleb Natapov
Signed-off-by: Avi Kivity -
IRQ injection status is either -1 (if there was no CPU found
that should except the interrupt because IRQ was masked or
ioapic was misconfigured or ...) or >= 0 in that case the
number indicates to how many CPUs interrupt was injected.
If the value is 0 it means that the interrupt was coalesced
and probably should be reinjected.Signed-off-by: Gleb Natapov
Signed-off-by: Avi Kivity -
The function kvm_is_mmio_pfn is called before put_page is called on a
page by KVM. This is a problem when when this function is called on some
struct page which is part of a compund page. It does not test the
reserved flag of the compound page but of the struct page within the
compount page. This is a problem when KVM works with hugepages allocated
at boot time. These pages have the reserved bit set in all tail pages.
Only the flag in the compount head is cleared. KVM would not put such a
page which results in a memory leak.Signed-off-by: Joerg Roedel
Acked-by: Marcelo Tosatti
Signed-off-by: Avi Kivity -
Merge MSI userspace interface with IRQ routing table. Notice the API have been
changed, and using IRQ routing table would be the only interface kvm-userspace
supported.Signed-off-by: Sheng Yang
Signed-off-by: Avi Kivity -
IRQ ack notifications assume an identity mapping between pin->gsi,
which might not be the case with, for example, HPET.Translate before acking.
Signed-off-by: Marcelo Tosatti
Acked-by: Gleb Natapov -
Currently KVM has a static routing from GSI numbers to interrupts (namely,
0-15 are mapped 1:1 to both PIC and IOAPIC, and 16:23 are mapped 1:1 to
the IOAPIC). This is insufficient for several reasons:- HPET requires non 1:1 mapping for the timer interrupt
- MSIs need a new method to assign interrupt numbers and dispatch them
- ACPI APIC mode needs to be able to reassign the PCI LINK interrupts to the
ioapicsThis patch implements an interrupt routing table (as a linked list, but this
can be easily changed) and a userspace interface to replace the table. The
routing table is initialized according to the current hardwired mapping.Signed-off-by: Avi Kivity
-
Allow clients to request notifications when the guest masks or unmasks a
particular irq line. This complements irq ack notifications, as the guest
will not ack an irq line that is masked.Currently implemented for the ioapic only.
Signed-off-by: Avi Kivity
-
MSI is always enabled by default for msi2intx=1. But if msi2intx=0, we
have to disable MSI if guest require to do so.The patch also discard unnecessary msi2intx judgment if guest want to update
MSI state.Notice KVM_DEV_IRQ_ASSIGN_MSI_ACTION is a mask which should cover all MSI
related operations, though we only got one for now.Signed-off-by: Sheng Yang
Signed-off-by: Avi Kivity -
This rips out the support for KVM_DEBUG_GUEST and introduces a new IOCTL
instead: KVM_SET_GUEST_DEBUG. The IOCTL payload consists of a generic
part, controlling the "main switch" and the single-step feature. The
arch specific part adds an x86 interface for intercepting both types of
debug exceptions separately and re-injecting them when the host was not
interested. Moveover, the foundation for guest debugging via debug
registers is layed.To signal breakpoint events properly back to userland, an arch-specific
data block is now returned along KVM_EXIT_DEBUG. For x86, the arch block
contains the PC, the debug exception, and relevant debug registers to
tell debug events properly apart.The availability of this new interface is signaled by
KVM_CAP_SET_GUEST_DEBUG. Empty stubs for not yet supported archs are
provided.Note that both SVM and VTX are supported, but only the latter was tested
yet. Based on the experience with all those VTX corner case, I would be
fairly surprised if SVM will work out of the box.Signed-off-by: Jan Kiszka
Signed-off-by: Avi Kivity
15 Feb, 2009
5 commits
-
kvm->slots_lock is outer to kvm->lock, so take slots_lock
in kvm_vm_ioctl_assign_device() before taking kvm->lock,
rather than taking it in kvm_iommu_map_memslots().Cc: stable@kernel.org
Signed-off-by: Mark McLoughlin
Acked-by: Marcelo Tosatti
Signed-off-by: Avi Kivity -
Missing buckets and wrong parameter for free_irq()
Signed-off-by: Sheng Yang
Signed-off-by: Avi Kivity -
In the past, kvm_get_kvm() and kvm_put_kvm() was called in assigned device irq
handler and interrupt_work, in order to prevent cancel_work_sync() in
kvm_free_assigned_irq got a illegal state when waiting for interrupt_work done.
But it's tricky and still got two problems:1. A bug ignored two conditions that cancel_work_sync() would return true result
in a additional kvm_put_kvm().2. If interrupt type is MSI, we would got a window between cancel_work_sync()
and free_irq(), which interrupt would be injected again...This patch discard the reference count used for irq handler and interrupt_work,
and ensure the legal state by moving the free function at the very beginning of
kvm_destroy_vm(). And the patch fix the second bug by disable irq before
cancel_work_sync(), which may result in nested disable of irq but OK for we are
going to free it.Signed-off-by: Sheng Yang
Signed-off-by: Avi Kivity -
kvm_arch_sync_events is introduced to quiet down all other events may happen
contemporary with VM destroy process, like IRQ handler and work struct for
assigned device.For kvm_arch_sync_events is called at the very beginning of kvm_destroy_vm(), so
the state of KVM here is legal and can provide a environment to quiet down other
events.Signed-off-by: Sheng Yang
Signed-off-by: Avi Kivity -
The destructor for huge pages uses the backing inode for adjusting
hugetlbfs accounting.Hugepage mappings are destroyed by exit_mmap, after
mmu_notifier_release, so there are no notifications through
unmap_hugepage_range at this point.The hugetlbfs inode can be freed with pages backed by it referenced
by the shadow. When the shadow releases its reference, the huge page
destructor will access a now freed inode.Implement the release operation for kvm mmu notifiers to release page
refs before the hugetlbfs inode is gone.Signed-off-by: Marcelo Tosatti
Signed-off-by: Avi Kivity
03 Jan, 2009
6 commits
-
This fixes a compile warning about a variable thats maybe used
uninitialized in the function.Signed-off-by: Joerg Roedel
-
Signed-off-by: Joerg Roedel
-
Impact: file renamed
The code in the vtd.c file can be reused for other IOMMUs as well. So
rename it to make it clear that it handle more than VT-d.Signed-off-by: Joerg Roedel
-
In kvm_iommu_unmap_memslots(), assigned_dev_head is already empty.
Signed-off-by: Weidong Han
Signed-off-by: Joerg Roedel -
Support device deassignment, it can be used in device hotplug.
Signed-off-by: Weidong Han
Signed-off-by: Joerg Roedel -
intel iommu APIs are updated, use the new APIs.
In addition, change kvm_iommu_map_guest() to just create the domain, let kvm_iommu_assign_device() assign device.
Signed-off-by: Weidong Han
Signed-off-by: Joerg Roedel
31 Dec, 2008
14 commits
-
If an assigned device shares a guest irq with an emulated
device then we currently interpret an ack generated by the
emulated device as originating from the assigned device
leading to e.g. "Unbalanced enable for IRQ 4347" from the
enable_irq() in kvm_assigned_dev_ack_irq().The fix is fairly simple - don't enable the physical device
irq unless it was previously disabled.Of course, this can still lead to a situation where a
non-assigned device ACK can cause the physical device irq to
be reenabled before the device was serviced. However, being
level sensitive, the interrupt will merely be regenerated.Signed-off-by: Mark McLoughlin
Signed-off-by: Avi Kivity -
Signed-off-by: Avi Kivity
-
Userspace might need to act differently.
Signed-off-by: Avi Kivity
-
This changes cpus_hardware_enabled from a cpumask_t to a cpumask_var_t:
equivalent for CONFIG_CPUMASKS_OFFSTACK=n, otherwise dynamically allocated.Signed-off-by: Rusty Russell
Signed-off-by: Avi Kivity -
We're getting rid on on-stack cpumasks for large NR_CPUS.
1) Use cpumask_var_t/alloc_cpumask_var.
2) smp_call_function_mask -> smp_call_function_many
3) cpus_clear, cpus_empty, cpu_set -> cpumask_clear, cpumask_empty,
cpumask_set_cpu.This actually generates slightly smaller code than the old one with
CONFIG_CPUMASKS_OFFSTACK=n. (gcc knows that cpus cannot be NULL in
that case, where cpumask_var_t is cpumask_t[1]).Signed-off-by: Rusty Russell
Signed-off-by: Avi Kivity -
Avi said:
> Wow, code duplication from Rusty. Things must be bad.Something about glass houses comes to mind. But instead, a patch.
Signed-off-by: Rusty Russell
Signed-off-by: Avi Kivity -
There is a race between a "close of the file descriptors" and module
unload in the kvm module.You can easily trigger this problem by applying this debug patch:
>--- kvm.orig/virt/kvm/kvm_main.c
>+++ kvm/virt/kvm/kvm_main.c
>@@ -648,10 +648,14 @@ void kvm_free_physmem(struct kvm *kvm)
> kvm_free_physmem_slot(&kvm->memslots[i], NULL);
> }
>
>+#include
> static void kvm_destroy_vm(struct kvm *kvm)
> {
> struct mm_struct *mm = kvm->mm;
>
>+ printk("off1\n");
>+ msleep(5000);
>+ printk("off2\n");
> spin_lock(&kvm_lock);
> list_del(&kvm->vm_list);
> spin_unlock(&kvm_lock);and killing the userspace, followed by an rmmod.
The problem is that kvm_destroy_vm can run while the module count
is 0. That means, you can remove the module while kvm_destroy_vm
is running. But kvm_destroy_vm is part of the module text. This
causes a kerneloops. The race exists without the msleep but is much
harder to trigger.This patch requires the fix for anon_inodes (anon_inodes: use fops->owner
for module refcount).
With this patch, we can set the owner of all anonymous KVM inodes file
operations. The VFS will then control the KVM module refcount as long as there
is an open file. kvm_destroy_vm will be called by the release function of the
last closed file - before the VFS drops the module refcount.Signed-off-by: Christian Borntraeger
Signed-off-by: Avi Kivity -
Right now, KVM does not remove a slot when we do a
register ioctl for size 0 (would be the expected behaviour).Instead, we only mark it as empty, but keep all bitmaps
and allocated data structures present. It completely
nullifies our chances of reusing that same slot again
for mapping a different piece of memory.In this patch, we destroy rmaps, and vfree() the
pointers that used to hold the dirty bitmap, rmap
and lpage_info structures.Signed-off-by: Glauber Costa
Signed-off-by: Avi Kivity -
Split out the logic corresponding to undoing assign_irq() and
clean it up a bit.Signed-off-by: Mark McLoughlin
Signed-off-by: Avi Kivity -
Make sure kvm_request_irq_source_id() never returns
KVM_USERSPACE_IRQ_SOURCE_ID.Likewise, check that kvm_free_irq_source_id() never accepts
KVM_USERSPACE_IRQ_SOURCE_ID.Signed-off-by: Mark McLoughlin
Signed-off-by: Avi Kivity -
Set assigned_dev->irq_source_id to -1 so that we can avoid freeing
a source ID which we never allocated.Signed-off-by: Mark McLoughlin
Signed-off-by: Avi Kivity -
We never pass a NULL notifier pointer here, but we may well
pass a notifier struct which hasn't previously been
registered.Guard against this by using hlist_del_init() which will
not do anything if the node hasn't been added to the list
and, when removing the node, will ensure that a subsequent
call to hlist_del_init() will be fine too.Fixes an oops seen when an assigned device is freed before
and IRQ is assigned to it.Signed-off-by: Mark McLoughlin
Signed-off-by: Avi Kivity -
We will obviously never pass a NULL struct kvm_irq_ack_notifier* to
this functions. They are always embedded in the assigned device
structure, so the assertion add nothing.The irqchip_in_kernel() assertion is very out of place - clearly
this little abstraction needs to know nothing about the upper
layer details.Signed-off-by: Mark McLoughlin
Signed-off-by: Avi Kivity -
Impact: make global function static
virt/kvm/kvm_main.c:85:6: warning: symbol 'kvm_rebooting' was not declared. Should it be static?
Signed-off-by: Hannes Eder
Signed-off-by: Avi Kivity
