KVM: x86: Dynamically allocate per-vCPU emulation context

Allocate the emulation context instead of embedding it in struct
kvm_vcpu_arch.

Dynamic allocation provides several benefits:

  - Shrinks the size x86 vcpus by ~2.5k bytes, dropping them back below
    the PAGE_ALLOC_COSTLY_ORDER threshold.
  - Allows for dropping the include of kvm_emulate.h from asm/kvm_host.h
    and moving kvm_emulate.h into KVM's private directory.
  - Allows a reducing KVM's attack surface by shrinking the amount of
    vCPU data that is exposed to usercopy.
  - Allows a future patch to disable the emulator entirely, which may or
    may not be a realistic endeavor.

Mark the entire struct as valid for usercopy to maintain existing
behavior with respect to hardened usercopy.  Future patches can shrink
the usercopy range to cover only what is necessary.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/include/asm/kvm_emulate.h b/arch/x86/include/asm/kvm_emulate.h
index bf5f5e476f65c708068350a1424ffd79fb72eb09..3a66f80d7d006ccddc056d8d00989d10e22077f7 100644 (file)
--- a/arch/x86/include/asm/kvm_emulate.h
+++ b/arch/x86/include/asm/kvm_emulate.h
@@ -301,6 +301,7 @@ struct fastop;
 typedef void (*fastop_t)(struct fastop *);
 
 struct x86_emulate_ctxt {
+       void *vcpu;
        const struct x86_emulate_ops *ops;
 
        /* Register state before/after emulation. */

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index af42644985546e8a3f9068d265810b90533a8011..03887ec21dd83deedd9c4dde67e2f62d0026a77f 100644 (file)
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -680,7 +680,7 @@ struct kvm_vcpu_arch {
 
        /* emulate context */
 
-       struct x86_emulate_ctxt emulate_ctxt;
+       struct x86_emulate_ctxt *emulate_ctxt;
        bool emulate_regs_need_sync_to_vcpu;
        bool emulate_regs_need_sync_from_vcpu;
        int (*complete_userspace_io)(struct kvm_vcpu *vcpu);

diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h
index f194dd0584703bc948ecccea2e7a108139d79dd6..f5b8814d9f83a806b62aac8787dc7dd95af9f3c3 100644 (file)
--- a/arch/x86/kvm/trace.h
+++ b/arch/x86/kvm/trace.h
@@ -745,13 +745,13 @@ TRACE_EVENT(kvm_emulate_insn,
 
        TP_fast_assign(
                __entry->csbase = kvm_x86_ops->get_segment_base(vcpu, VCPU_SREG_CS);
-               __entry->len = vcpu->arch.emulate_ctxt.fetch.ptr
-                              - vcpu->arch.emulate_ctxt.fetch.data;
-               __entry->rip = vcpu->arch.emulate_ctxt._eip - __entry->len;
+               __entry->len = vcpu->arch.emulate_ctxt->fetch.ptr
+                              - vcpu->arch.emulate_ctxt->fetch.data;
+               __entry->rip = vcpu->arch.emulate_ctxt->_eip - __entry->len;
                memcpy(__entry->insn,
-                      vcpu->arch.emulate_ctxt.fetch.data,
+                      vcpu->arch.emulate_ctxt->fetch.data,
                       15);
-               __entry->flags = kei_decode_mode(vcpu->arch.emulate_ctxt.mode);
+               __entry->flags = kei_decode_mode(vcpu->arch.emulate_ctxt->mode);
                __entry->failed = failed;
                ),
 

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 762a68200b46b9d4cf367aab3f035fb0d6c3de9f..4465975f034be1d227ee1024b17e6b58860d8d99 100644 (file)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -81,7 +81,7 @@ u64 __read_mostly kvm_mce_cap_supported = MCG_CTL_P | MCG_SER_P;
 EXPORT_SYMBOL_GPL(kvm_mce_cap_supported);
 
 #define emul_to_vcpu(ctxt) \
-       container_of(ctxt, struct kvm_vcpu, arch.emulate_ctxt)
+       ((struct kvm_vcpu *)(ctxt)->vcpu)
 
 /* EFER defaults:
  * - enable syscall per default because its emulated by KVM
@@ -230,6 +230,19 @@ u64 __read_mostly host_xcr0;
 struct kmem_cache *x86_fpu_cache;
 EXPORT_SYMBOL_GPL(x86_fpu_cache);
 
+static struct kmem_cache *x86_emulator_cache;
+
+static struct kmem_cache *kvm_alloc_emulator_cache(void)
+{
+       return kmem_cache_create_usercopy("x86_emulator",
+                                         sizeof(struct x86_emulate_ctxt),
+                                         __alignof__(struct x86_emulate_ctxt),
+                                         SLAB_ACCOUNT,
+                                         0,
+                                         sizeof(struct x86_emulate_ctxt),
+                                         NULL);
+}
+
 static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt);
 
 static inline void kvm_async_pf_hash_reset(struct kvm_vcpu *vcpu)
@@ -5673,7 +5686,7 @@ static int emulator_read_write_onepage(unsigned long addr, void *val,
        int handled, ret;
        bool write = ops->write;
        struct kvm_mmio_fragment *frag;
-       struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
+       struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
 
        /*
         * If the exit was due to a NPF we may already have a GPA.
@@ -6346,7 +6359,7 @@ static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask)
 
 static bool inject_emulated_exception(struct kvm_vcpu *vcpu)
 {
-       struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
+       struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
        if (ctxt->exception.vector == PF_VECTOR)
                return kvm_propagate_fault(vcpu, &ctxt->exception);
 
@@ -6358,9 +6371,26 @@ static bool inject_emulated_exception(struct kvm_vcpu *vcpu)
        return false;
 }
 
+static struct x86_emulate_ctxt *alloc_emulate_ctxt(struct kvm_vcpu *vcpu)
+{
+       struct x86_emulate_ctxt *ctxt;
+
+       ctxt = kmem_cache_zalloc(x86_emulator_cache, GFP_KERNEL_ACCOUNT);
+       if (!ctxt) {
+               pr_err("kvm: failed to allocate vcpu's emulator\n");
+               return NULL;
+       }
+
+       ctxt->vcpu = vcpu;
+       ctxt->ops = &emulate_ops;
+       vcpu->arch.emulate_ctxt = ctxt;
+
+       return ctxt;
+}
+
 static void init_emulate_ctxt(struct kvm_vcpu *vcpu)
 {
-       struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
+       struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
        int cs_db, cs_l;
 
        kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
@@ -6385,7 +6415,7 @@ static void init_emulate_ctxt(struct kvm_vcpu *vcpu)
 
 void kvm_inject_realmode_interrupt(struct kvm_vcpu *vcpu, int irq, int inc_eip)
 {
-       struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
+       struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
        int ret;
 
        init_emulate_ctxt(vcpu);
@@ -6700,7 +6730,7 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
                            int emulation_type, void *insn, int insn_len)
 {
        int r;
-       struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
+       struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
        bool writeback = true;
        bool write_fault_to_spt = vcpu->arch.write_fault_to_shadow_pgtable;
 
@@ -7296,10 +7326,16 @@ int kvm_arch_init(void *opaque)
                goto out;
        }
 
+       x86_emulator_cache = kvm_alloc_emulator_cache();
+       if (!x86_emulator_cache) {
+               pr_err("kvm: failed to allocate cache for x86 emulator\n");
+               goto out_free_x86_fpu_cache;
+       }
+
        shared_msrs = alloc_percpu(struct kvm_shared_msrs);
        if (!shared_msrs) {
                printk(KERN_ERR "kvm: failed to allocate percpu kvm_shared_msrs\n");
-               goto out_free_x86_fpu_cache;
+               goto out_free_x86_emulator_cache;
        }
 
        r = kvm_mmu_module_init();
@@ -7332,6 +7368,8 @@ int kvm_arch_init(void *opaque)
 
 out_free_percpu:
        free_percpu(shared_msrs);
+out_free_x86_emulator_cache:
+       kmem_cache_destroy(x86_emulator_cache);
 out_free_x86_fpu_cache:
        kmem_cache_destroy(x86_fpu_cache);
 out:
@@ -8709,7 +8747,7 @@ static void __get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
                 * that usually, but some bad designed PV devices (vmware
                 * backdoor interface) need this to work
                 */
-               emulator_writeback_register_cache(&vcpu->arch.emulate_ctxt);
+               emulator_writeback_register_cache(vcpu->arch.emulate_ctxt);
                vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
        }
        regs->rax = kvm_rax_read(vcpu);
@@ -8895,7 +8933,7 @@ out:
 int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index,
                    int reason, bool has_error_code, u32 error_code)
 {
-       struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
+       struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt;
        int ret;
 
        init_emulate_ctxt(vcpu);
@@ -9227,7 +9265,6 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu)
        struct page *page;
        int r;
 
-       vcpu->arch.emulate_ctxt.ops = &emulate_ops;
        if (!irqchip_in_kernel(vcpu->kvm) || kvm_vcpu_is_reset_bsp(vcpu))
                vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
        else
@@ -9265,11 +9302,14 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu)
                                GFP_KERNEL_ACCOUNT))
                goto fail_free_mce_banks;
 
+       if (!alloc_emulate_ctxt(vcpu))
+               goto free_wbinvd_dirty_mask;
+
        vcpu->arch.user_fpu = kmem_cache_zalloc(x86_fpu_cache,
                                                GFP_KERNEL_ACCOUNT);
        if (!vcpu->arch.user_fpu) {
                pr_err("kvm: failed to allocate userspace's fpu\n");
-               goto free_wbinvd_dirty_mask;
+               goto free_emulate_ctxt;
        }
 
        vcpu->arch.guest_fpu = kmem_cache_zalloc(x86_fpu_cache,
@@ -9311,6 +9351,8 @@ free_guest_fpu:
        kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu);
 free_user_fpu:
        kmem_cache_free(x86_fpu_cache, vcpu->arch.user_fpu);
+free_emulate_ctxt:
+       kmem_cache_free(x86_emulator_cache, vcpu->arch.emulate_ctxt);
 free_wbinvd_dirty_mask:
        free_cpumask_var(vcpu->arch.wbinvd_dirty_mask);
 fail_free_mce_banks:
@@ -9361,6 +9403,7 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
 
        kvm_x86_ops->vcpu_free(vcpu);
 
+       kmem_cache_free(x86_emulator_cache, vcpu->arch.emulate_ctxt);
        free_cpumask_var(vcpu->arch.wbinvd_dirty_mask);
        kmem_cache_free(x86_fpu_cache, vcpu->arch.user_fpu);
        kmem_cache_free(x86_fpu_cache, vcpu->arch.guest_fpu);