linux-stable.git/virt/kvm, branch linux-2.6.30.y Linux kernel stable tree KVM: fix ack not being delivered when msi present 2009-09-09T03:33:37+00:00 Michael S. Tsirkin mst@redhat.com 2009-09-01T15:15:14+00:00 a9baf6a17556ebc308cf569ef6459e486735717b (cherry picked from commit 5116d8f6b977970ebefc1932c0f313163a6ec91f) kvm_notify_acked_irq does not check irq type, so that it sometimes interprets msi vector as irq. As a result, ack notifiers are not called, which typially hangs the guest. The fix is to track and check irq type. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
(cherry picked from commit 5116d8f6b977970ebefc1932c0f313163a6ec91f)

kvm_notify_acked_irq does not check irq type, so that it sometimes
interprets msi vector as irq.  As a result, ack notifiers are not
called, which typially hangs the guest.  The fix is to track and
check irq type.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
KVM: MMU: do not free active mmu pages in free_mmu_pages() 2009-09-09T03:33:29+00:00 Gleb Natapov gleb@redhat.com 2009-08-03T17:57:51+00:00 038851e38586ded536dca8349dc8457c0d21f674 (cherry picked from commit f00be0cae4e6ad0a8c7be381c6d9be3586800b3e) free_mmu_pages() should only undo what alloc_mmu_pages() does. Free mmu pages from the generic VM destruction function, kvm_destroy_vm(). Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
(cherry picked from commit f00be0cae4e6ad0a8c7be381c6d9be3586800b3e)

free_mmu_pages() should only undo what alloc_mmu_pages() does.
Free mmu pages from the generic VM destruction function, kvm_destroy_vm().

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
KVM: take mmu_lock when updating a deleted slot 2009-09-09T03:33:27+00:00 Marcelo Tosatti mtosatti@redhat.com 2009-08-03T17:57:48+00:00 4877f4a4c8d80472228e0c843fee5957ae1f94d1 (cherry picked from commit b43b1901ad282aeb74161837fb403927102687a1) kvm_handle_hva relies on mmu_lock protection to safely access the memslot structures. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
(cherry picked from commit b43b1901ad282aeb74161837fb403927102687a1)

kvm_handle_hva relies on mmu_lock protection to safely access
the memslot structures.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
KVM: Fix dirty bit tracking for slots with large pages 2009-07-02T23:49:34+00:00 Izik Eidus ieidus@redhat.com 2009-06-10T16:23:24+00:00 af300d11ea285f31cf4fec08204c108552912b2a commit e244584fe3a5c20deddeca246548ac86dbc6e1d1 upstream. When slot is already allocated and being asked to be tracked we need to break the large pages. This code flush the mmu when someone ask a slot to start dirty bit tracking. Signed-off-by: Izik Eidus <ieidus@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit e244584fe3a5c20deddeca246548ac86dbc6e1d1 upstream.

When slot is already allocated and being asked to be tracked we need
to break the large pages.

This code flush the mmu when someone ask a slot to start dirty bit
tracking.

Signed-off-by: Izik Eidus <ieidus@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
KVM: protect concurrent make_all_cpus_request 2009-07-02T23:49:34+00:00 Marcelo Tosatti mtosatti@redhat.com 2009-06-17T13:53:47+00:00 6aa8dd31fc0032e226b8a9cbe17f4e4a12fec9b9 commit 84261923d3dddb766736023bead6fa07b7e218d5 upstream. make_all_cpus_request contains a race condition which can trigger false request completed status, as follows: CPU0 CPU1 if (test_and_set_bit(req,&vcpu->requests)) .... if (test_and_set_bit(req,&vcpu->requests)) .. return proceed to smp_call_function_many(wait=1) Use a spinlock to serialize concurrent CPUs. Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit 84261923d3dddb766736023bead6fa07b7e218d5 upstream.

make_all_cpus_request contains a race condition which can
trigger false request completed status, as follows:

CPU0                                              CPU1

if (test_and_set_bit(req,&vcpu->requests))
   ....                                        	   if (test_and_set_bit(req,&vcpu->requests))
   ..                                                  return
proceed to smp_call_function_many(wait=1)

Use a spinlock to serialize concurrent CPUs.

Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
KVM: Prevent overflow in largepages calculation 2009-07-02T23:49:33+00:00 Avi Kivity avi@redhat.com 2009-06-08T12:55:21+00:00 83efa8edb43ad69a5f801334170d41557cdca89b commit 09f8ca74ae6c2d78b2c7f6c0751ed0cbe815a3d9 upstream. If userspace specifies a memory slot that is larger than 8 petabytes, it could overflow the largepages variable. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit 09f8ca74ae6c2d78b2c7f6c0751ed0cbe815a3d9 upstream.

If userspace specifies a memory slot that is larger than 8 petabytes, it
could overflow the largepages variable.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
KVM: Disable large pages on misaligned memory slots 2009-07-02T23:49:32+00:00 Avi Kivity avi@redhat.com 2009-06-08T12:52:39+00:00 e7ecb754d1a924096795c2dad432f33543f4ffbb commit ac04527f7947020c5890090b2ac87af4e98d977e upstream. If a slots guest physical address and host virtual address unequal (mod large page size), then we would erronously try to back guest large pages with host large pages. Detect this misalignment and diable large page support for the trouble slot. Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
commit ac04527f7947020c5890090b2ac87af4e98d977e upstream.

If a slots guest physical address and host virtual address unequal (mod
large page size), then we would erronously try to back guest large pages
with host large pages.  Detect this misalignment and diable large page
support for the trouble slot.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
kvm: fix kvm reboot crash when MAXSMP is used 2009-06-09T13:00:28+00:00 Avi Kivity avi@redhat.com 2009-06-06T21:52:35+00:00 8437a617708d014d6f220df201a24960e00d57b1 one system was found there is crash during reboot then kvm/MAXSMP Sending all processes the KILL signal... done Please stand by while rebooting the system... [ 1721.856538] md: stopping all md devices. [ 1722.852139] kvm: exiting hardware virtualization [ 1722.854601] BUG: unable to handle kernel NULL pointer dereference at (null) [ 1722.872219] IP: [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4 [ 1722.877955] PGD 0 [ 1722.880042] Oops: 0000 [#1] SMP [ 1722.892548] last sysfs file: /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/host0/target0:2:0/0:2:0:0/vendor [ 1722.900977] CPU 9 [ 1722.912606] Modules linked in: [ 1722.914226] Pid: 0, comm: swapper Not tainted 2.6.30-rc7-tip-01843-g2305324-dirty #299 ... [ 1722.932589] RIP: 0010:[<ffffffff8102c6b6>] [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4 [ 1722.942709] RSP: 0018:ffffc900010b6ed8 EFLAGS: 00010046 [ 1722.956121] RAX: 0000000000000000 RBX: ffffc9000e253140 RCX: 0000000000000009 [ 1722.972202] RDX: 000000000000b020 RSI: ffffc900010c3220 RDI: ffffffffffffd790 [ 1722.977399] RBP: ffffc900010b6f08 R08: 0000000000000000 R09: 0000000000000000 [ 1722.995149] R10: 00000000000004b8 R11: 966912b6c78fddbd R12: 0000000000000009 [ 1723.011551] R13: 000000000000b020 R14: 0000000000000009 R15: 0000000000000000 [ 1723.019898] FS: 0000000000000000(0000) GS:ffffc900010b3000(0000) knlGS:0000000000000000 [ 1723.034389] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b [ 1723.041164] CR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0 [ 1723.056192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1723.072546] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1723.080562] Process swapper (pid: 0, threadinfo ffff88107e464000, task ffff88047e5a2550) [ 1723.096144] Stack: [ 1723.099071] 0000000000000046 ffffc9000e253168 966912b6c78fddbd ffffc9000e253140 [ 1723.115471] ffff880c7d4304d0 ffffc9000e253168 ffffc900010b6f28 ffffffff81011022 [ 1723.132428] ffffc900010b6f48 966912b6c78fddbd ffffc900010b6f48 ffffffff8100b83b [ 1723.141973] Call Trace: [ 1723.142981] <IRQ> <0> [<ffffffff81011022>] kvm_arch_hardware_disable+0x26/0x3c [ 1723.158153] [<ffffffff8100b83b>] hardware_disable+0x3f/0x55 [ 1723.172168] [<ffffffff810b95f6>] generic_smp_call_function_interrupt+0x76/0x13c [ 1723.178836] [<ffffffff8104cbea>] smp_call_function_interrupt+0x3a/0x5e [ 1723.194689] [<ffffffff81035bf3>] call_function_interrupt+0x13/0x20 [ 1723.199750] <EOI> <0> [<ffffffff814ad3b4>] ? acpi_idle_enter_c1+0xd3/0xf4 [ 1723.217508] [<ffffffff814ad3ae>] ? acpi_idle_enter_c1+0xcd/0xf4 [ 1723.232172] [<ffffffff814ad4bc>] ? acpi_idle_enter_bm+0xe7/0x2ce [ 1723.235141] [<ffffffff81a8d93f>] ? __atomic_notifier_call_chain+0x0/0xac [ 1723.253381] [<ffffffff818c3dff>] ? menu_select+0x58/0xd2 [ 1723.258179] [<ffffffff818c2c9d>] ? cpuidle_idle_call+0xa4/0xf3 [ 1723.272828] [<ffffffff81034085>] ? cpu_idle+0xb8/0x101 [ 1723.277085] [<ffffffff81a80163>] ? start_secondary+0x1bc/0x1d7 [ 1723.293708] Code: b0 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 8b 04 cd 30 ee 27 82 49 89 cc 49 89 d5 48 8b 04 10 48 8d b8 90 d7 ff ff <48> 8b 87 70 28 00 00 48 8d 98 90 d7 ff ff eb 16 e8 e9 fe ff ff [ 1723.335524] RIP [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4 [ 1723.342076] RSP <ffffc900010b6ed8> [ 1723.352021] CR2: 0000000000000000 [ 1723.354348] ---[ end trace e2aec53dae150aa1 ]--- it turns out that we need clear cpus_hardware_enabled in that case. Reported-and-tested-by: Yinghai Lu <yinghai@kernel.org> Signed-off-by: Yinghai Lu <yinghai@kernel.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 
one system was found there is crash during reboot then kvm/MAXSMP
Sending all processes the KILL signal...                              done
Please stand by while rebooting the system...
[ 1721.856538] md: stopping all md devices.
[ 1722.852139] kvm: exiting hardware virtualization
[ 1722.854601] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 1722.872219] IP: [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
[ 1722.877955] PGD 0
[ 1722.880042] Oops: 0000 [#1] SMP
[ 1722.892548] last sysfs file: /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/host0/target0:2:0/0:2:0:0/vendor
[ 1722.900977] CPU 9
[ 1722.912606] Modules linked in:
[ 1722.914226] Pid: 0, comm: swapper Not tainted 2.6.30-rc7-tip-01843-g2305324-dirty #299 ...
[ 1722.932589] RIP: 0010:[<ffffffff8102c6b6>]  [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
[ 1722.942709] RSP: 0018:ffffc900010b6ed8  EFLAGS: 00010046
[ 1722.956121] RAX: 0000000000000000 RBX: ffffc9000e253140 RCX: 0000000000000009
[ 1722.972202] RDX: 000000000000b020 RSI: ffffc900010c3220 RDI: ffffffffffffd790
[ 1722.977399] RBP: ffffc900010b6f08 R08: 0000000000000000 R09: 0000000000000000
[ 1722.995149] R10: 00000000000004b8 R11: 966912b6c78fddbd R12: 0000000000000009
[ 1723.011551] R13: 000000000000b020 R14: 0000000000000009 R15: 0000000000000000
[ 1723.019898] FS:  0000000000000000(0000) GS:ffffc900010b3000(0000) knlGS:0000000000000000
[ 1723.034389] CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[ 1723.041164] CR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0
[ 1723.056192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1723.072546] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1723.080562] Process swapper (pid: 0, threadinfo ffff88107e464000, task ffff88047e5a2550)
[ 1723.096144] Stack:
[ 1723.099071]  0000000000000046 ffffc9000e253168 966912b6c78fddbd ffffc9000e253140
[ 1723.115471]  ffff880c7d4304d0 ffffc9000e253168 ffffc900010b6f28 ffffffff81011022
[ 1723.132428]  ffffc900010b6f48 966912b6c78fddbd ffffc900010b6f48 ffffffff8100b83b
[ 1723.141973] Call Trace:
[ 1723.142981]  <IRQ> <0> [<ffffffff81011022>] kvm_arch_hardware_disable+0x26/0x3c
[ 1723.158153]  [<ffffffff8100b83b>] hardware_disable+0x3f/0x55
[ 1723.172168]  [<ffffffff810b95f6>] generic_smp_call_function_interrupt+0x76/0x13c
[ 1723.178836]  [<ffffffff8104cbea>] smp_call_function_interrupt+0x3a/0x5e
[ 1723.194689]  [<ffffffff81035bf3>] call_function_interrupt+0x13/0x20
[ 1723.199750]  <EOI> <0> [<ffffffff814ad3b4>] ? acpi_idle_enter_c1+0xd3/0xf4
[ 1723.217508]  [<ffffffff814ad3ae>] ? acpi_idle_enter_c1+0xcd/0xf4
[ 1723.232172]  [<ffffffff814ad4bc>] ? acpi_idle_enter_bm+0xe7/0x2ce
[ 1723.235141]  [<ffffffff81a8d93f>] ? __atomic_notifier_call_chain+0x0/0xac
[ 1723.253381]  [<ffffffff818c3dff>] ? menu_select+0x58/0xd2
[ 1723.258179]  [<ffffffff818c2c9d>] ? cpuidle_idle_call+0xa4/0xf3
[ 1723.272828]  [<ffffffff81034085>] ? cpu_idle+0xb8/0x101
[ 1723.277085]  [<ffffffff81a80163>] ? start_secondary+0x1bc/0x1d7
[ 1723.293708] Code: b0 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 8b 04 cd 30 ee 27 82 49 89 cc 49 89 d5 48 8b 04 10 48 8d b8 90 d7 ff ff <48> 8b 87 70 28 00 00 48 8d 98 90 d7 ff ff eb 16 e8 e9 fe ff ff
[ 1723.335524] RIP  [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
[ 1723.342076]  RSP <ffffc900010b6ed8>
[ 1723.352021] CR2: 0000000000000000
[ 1723.354348] ---[ end trace e2aec53dae150aa1 ]---

it turns out that we need clear cpus_hardware_enabled in that case.

Reported-and-tested-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
KVM: Explicity initialize cpus_hardware_enabled 2009-06-08T07:50:46+00:00 Avi Kivity avi@redhat.com 2009-06-06T09:34:39+00:00 a4c0364be3f43d3e17fe19270f8b3d64881606e6 Under CONFIG_MAXSMP, cpus_hardware_enabled is allocated from the heap and not statically initialized. This causes a crash on reboot when kvm thinks vmx is enabled on random nonexistent cpus and accesses nonexistent percpu lists. Fix by explicitly clearing the variable. Cc: stable@kernel.org Reported-and-tested-by: Yinghai Lu <yinghai@kernel.org> Signed-off-by: Avi Kivity <avi@redhat.com> 
Under CONFIG_MAXSMP, cpus_hardware_enabled is allocated from the heap and
not statically initialized.  This causes a crash on reboot when kvm thinks
vmx is enabled on random nonexistent cpus and accesses nonexistent percpu
lists.

Fix by explicitly clearing the variable.

Cc: stable@kernel.org
Reported-and-tested-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
KVM: Fix overlapping check for memory slots 2009-04-22T10:52:09+00:00 Jan Kiszka jan.kiszka@web.de 2009-04-13T09:59:32+00:00 4cd481f68dde99ac416003b825c835f71e364393 When checking for overlapping slots on registration of a new one, kvm currently also considers zero-length (ie. deleted) slots and rejects requests incorrectly. This finally denies user space from joining slots. Fix the check by skipping deleted slots and advertise this via a KVM_CAP_JOIN_MEMORY_REGIONS_WORKS. Cc: stable@kernel.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com> 
When checking for overlapping slots on registration of a new one, kvm
currently also considers zero-length (ie. deleted) slots and rejects
requests incorrectly. This finally denies user space from joining slots.
Fix the check by skipping deleted slots and advertise this via a
KVM_CAP_JOIN_MEMORY_REGIONS_WORKS.

Cc: stable@kernel.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>