KVM: Ensure validity of memslot with respect to kvm_get_dirty_log()

Rework kvm_get_dirty_log() so that it "returns" the associated memslot
on success.  A future patch will rework memslot handling such that
id_to_memslot() can return NULL, returning the memslot makes it more
obvious that the validity of the memslot has been verified, i.e.
precludes the need to add validity checks in the arch code that are
technically unnecessary.

To maintain ordering in s390, move the call to kvm_arch_sync_dirty_log()
from s390's kvm_vm_ioctl_get_dirty_log() to the new kvm_get_dirty_log().
This is a nop for PPC, the only other arch that doesn't select
KVM_GENERIC_DIRTYLOG_READ_PROTECT, as its sync_dirty_log() is empty.

Ideally, moving the sync_dirty_log() call would be done in a separate
patch, but it can't be done in a follow-on patch because that would
temporarily break s390's ordering.  Making the move in a preparatory
patch would be functionally correct, but would create an odd scenario
where the moved sync_dirty_log() would operate on a "different" memslot
due to consuming the result of a different id_to_memslot().  The
memslot couldn't actually be different as slots_lock is held, but the
code is confusing enough as it is, i.e. moving sync_dirty_log() in this
patch is the lesser of all evils.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c
index 71ae332b91c978ab55357a88c56fe5527c6367d2..3bc2f5da8fa11b39eb7ae405b769c557e15b7c94 100644 (file)
--- a/arch/powerpc/kvm/book3s_pr.c
+++ b/arch/powerpc/kvm/book3s_pr.c
@@ -1884,7 +1884,6 @@ out:
 static int kvm_vm_ioctl_get_dirty_log_pr(struct kvm *kvm,
                                         struct kvm_dirty_log *log)
 {
-       struct kvm_memslots *slots;
        struct kvm_memory_slot *memslot;
        struct kvm_vcpu *vcpu;
        ulong ga, ga_end;
@@ -1894,15 +1893,12 @@ static int kvm_vm_ioctl_get_dirty_log_pr(struct kvm *kvm,
 
        mutex_lock(&kvm->slots_lock);
 
-       r = kvm_get_dirty_log(kvm, log, &is_dirty);
+       r = kvm_get_dirty_log(kvm, log, &is_dirty, &memslot);
        if (r)
                goto out;
 
        /* If nothing is dirty, don't bother messing with page tables. */
        if (is_dirty) {
-               slots = kvm_memslots(kvm);
-               memslot = id_to_memslot(slots, log->slot);
-
                ga = memslot->base_gfn << PAGE_SHIFT;
                ga_end = ga + (memslot->npages << PAGE_SHIFT);
 

diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 2adbc2fde38203920343d6244e6a53d86c7e809c..fb081c5715b2303fbcd27e0ba842019e9df73296 100644 (file)
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -611,9 +611,8 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
 {
        int r;
        unsigned long n;
-       struct kvm_memslots *slots;
        struct kvm_memory_slot *memslot;
-       int is_dirty = 0;
+       int is_dirty;
 
        if (kvm_is_ucontrol(kvm))
                return -EINVAL;
@@ -624,14 +623,7 @@ int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm,
        if (log->slot >= KVM_USER_MEM_SLOTS)
                goto out;
 
-       slots = kvm_memslots(kvm);
-       memslot = id_to_memslot(slots, log->slot);
-       r = -ENOENT;
-       if (!memslot->dirty_bitmap)
-               goto out;
-
-       kvm_arch_sync_dirty_log(kvm, memslot);
-       r = kvm_get_dirty_log(kvm, log, &is_dirty);
+       r = kvm_get_dirty_log(kvm, log, &is_dirty, &memslot);
        if (r)
                goto out;
 

diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 35e6975d0a826469a85fc479afc7f07967dcedbf..63ce6b21b10721d36e3e0177b31470d0a4a86080 100644 (file)
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -828,7 +828,7 @@ void kvm_arch_flush_remote_tlbs_memslot(struct kvm *kvm,
 #else /* !CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT */
 int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log);
 int kvm_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log,
-                     int *is_dirty);
+                     int *is_dirty, struct kvm_memory_slot **memslot);
 #endif
 
 int kvm_vm_ioctl_irq_line(struct kvm *kvm, struct kvm_irq_level *irq_level,

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 7420aa468b75eb3879fbd1a60f99026fb83369ad..c115b78e85c349904893094737427636cf0835a2 100644 (file)
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1199,31 +1199,42 @@ static int kvm_vm_ioctl_set_memory_region(struct kvm *kvm,
 }
 
 #ifndef CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT
-int kvm_get_dirty_log(struct kvm *kvm,
-                       struct kvm_dirty_log *log, int *is_dirty)
+/**
+ * kvm_get_dirty_log - get a snapshot of dirty pages
+ * @kvm:       pointer to kvm instance
+ * @log:       slot id and address to which we copy the log
+ * @is_dirty:  set to '1' if any dirty pages were found
+ * @memslot:   set to the associated memslot, always valid on success
+ */
+int kvm_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log,
+                     int *is_dirty, struct kvm_memory_slot **memslot)
 {
        struct kvm_memslots *slots;
-       struct kvm_memory_slot *memslot;
        int i, as_id, id;
        unsigned long n;
        unsigned long any = 0;
 
+       *memslot = NULL;
+       *is_dirty = 0;
+
        as_id = log->slot >> 16;
        id = (u16)log->slot;
        if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_USER_MEM_SLOTS)
                return -EINVAL;
 
        slots = __kvm_memslots(kvm, as_id);
-       memslot = id_to_memslot(slots, id);
-       if (!memslot->dirty_bitmap)
+       *memslot = id_to_memslot(slots, id);
+       if (!(*memslot)->dirty_bitmap)
                return -ENOENT;
 
-       n = kvm_dirty_bitmap_bytes(memslot);
+       kvm_arch_sync_dirty_log(kvm, *memslot);
+
+       n = kvm_dirty_bitmap_bytes(*memslot);
 
        for (i = 0; !any && i < n/sizeof(long); ++i)
-               any = memslot->dirty_bitmap[i];
+               any = (*memslot)->dirty_bitmap[i];
 
-       if (copy_to_user(log->dirty_bitmap, memslot->dirty_bitmap, n))
+       if (copy_to_user(log->dirty_bitmap, (*memslot)->dirty_bitmap, n))
                return -EFAULT;
 
        if (any)