tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fix from Marcelo Tosatti:
"Memory leak and oops on the x86 mmu code, and sanitization of the
KVM_IRQFD ioctl."

* git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: MMU: fix shrinking page from the empty mmu
KVM: fix fault page leak
KVM: Sanitize KVM_IRQFD flags
KVM: Add missing KVM_IRQFD API documentation
KVM: Pass kvm_irqfd to functions

Linus Torvalds 6bc51545 24eee627

+37 -13
+17
Documentation/virtual/kvm/api.txt
··· 1930 1930 PTE's RPN field (ie, it needs to be shifted left by 12 to OR it 1931 1931 into the hash PTE second double word). 1932 1932 1933 + 4.75 KVM_IRQFD 1934 + 1935 + Capability: KVM_CAP_IRQFD 1936 + Architectures: x86 1937 + Type: vm ioctl 1938 + Parameters: struct kvm_irqfd (in) 1939 + Returns: 0 on success, -1 on error 1940 + 1941 + Allows setting an eventfd to directly trigger a guest interrupt. 1942 + kvm_irqfd.fd specifies the file descriptor to use as the eventfd and 1943 + kvm_irqfd.gsi specifies the irqchip pin toggled by this event. When 1944 + an event is tiggered on the eventfd, an interrupt is injected into 1945 + the guest using the specified gsi pin. The irqfd is removed using 1946 + the KVM_IRQFD_FLAG_DEASSIGN flag, specifying both kvm_irqfd.fd 1947 + and kvm_irqfd.gsi. 1948 + 1949 + 1933 1950 5. The kvm_run structure 1934 1951 ------------------------ 1935 1952
+3
arch/x86/kvm/mmu.c
··· 3934 3934 { 3935 3935 struct kvm_mmu_page *page; 3936 3936 3937 + if (list_empty(&kvm->arch.active_mmu_pages)) 3938 + return; 3939 + 3937 3940 page = container_of(kvm->arch.active_mmu_pages.prev, 3938 3941 struct kvm_mmu_page, link); 3939 3942 kvm_mmu_prepare_zap_page(kvm, page, invalid_list);
+2 -2
include/linux/kvm_host.h
··· 815 815 #ifdef CONFIG_HAVE_KVM_EVENTFD 816 816 817 817 void kvm_eventfd_init(struct kvm *kvm); 818 - int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags); 818 + int kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args); 819 819 void kvm_irqfd_release(struct kvm *kvm); 820 820 void kvm_irq_routing_update(struct kvm *, struct kvm_irq_routing_table *); 821 821 int kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args); ··· 824 824 825 825 static inline void kvm_eventfd_init(struct kvm *kvm) {} 826 826 827 - static inline int kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags) 827 + static inline int kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args) 828 828 { 829 829 return -EINVAL; 830 830 }
+13 -10
virt/kvm/eventfd.c
··· 198 198 } 199 199 200 200 static int 201 - kvm_irqfd_assign(struct kvm *kvm, int fd, int gsi) 201 + kvm_irqfd_assign(struct kvm *kvm, struct kvm_irqfd *args) 202 202 { 203 203 struct kvm_irq_routing_table *irq_rt; 204 204 struct _irqfd *irqfd, *tmp; ··· 212 212 return -ENOMEM; 213 213 214 214 irqfd->kvm = kvm; 215 - irqfd->gsi = gsi; 215 + irqfd->gsi = args->gsi; 216 216 INIT_LIST_HEAD(&irqfd->list); 217 217 INIT_WORK(&irqfd->inject, irqfd_inject); 218 218 INIT_WORK(&irqfd->shutdown, irqfd_shutdown); 219 219 220 - file = eventfd_fget(fd); 220 + file = eventfd_fget(args->fd); 221 221 if (IS_ERR(file)) { 222 222 ret = PTR_ERR(file); 223 223 goto fail; ··· 298 298 * shutdown any irqfd's that match fd+gsi 299 299 */ 300 300 static int 301 - kvm_irqfd_deassign(struct kvm *kvm, int fd, int gsi) 301 + kvm_irqfd_deassign(struct kvm *kvm, struct kvm_irqfd *args) 302 302 { 303 303 struct _irqfd *irqfd, *tmp; 304 304 struct eventfd_ctx *eventfd; 305 305 306 - eventfd = eventfd_ctx_fdget(fd); 306 + eventfd = eventfd_ctx_fdget(args->fd); 307 307 if (IS_ERR(eventfd)) 308 308 return PTR_ERR(eventfd); 309 309 310 310 spin_lock_irq(&kvm->irqfds.lock); 311 311 312 312 list_for_each_entry_safe(irqfd, tmp, &kvm->irqfds.items, list) { 313 - if (irqfd->eventfd == eventfd && irqfd->gsi == gsi) { 313 + if (irqfd->eventfd == eventfd && irqfd->gsi == args->gsi) { 314 314 /* 315 315 * This rcu_assign_pointer is needed for when 316 316 * another thread calls kvm_irq_routing_update before ··· 338 338 } 339 339 340 340 int 341 - kvm_irqfd(struct kvm *kvm, int fd, int gsi, int flags) 341 + kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args) 342 342 { 343 - if (flags & KVM_IRQFD_FLAG_DEASSIGN) 344 - return kvm_irqfd_deassign(kvm, fd, gsi); 343 + if (args->flags & ~KVM_IRQFD_FLAG_DEASSIGN) 344 + return -EINVAL; 345 345 346 - return kvm_irqfd_assign(kvm, fd, gsi); 346 + if (args->flags & KVM_IRQFD_FLAG_DEASSIGN) 347 + return kvm_irqfd_deassign(kvm, args); 348 + 349 + return kvm_irqfd_assign(kvm, args); 347 350 } 348 351 349 352 /*
+2 -1
virt/kvm/kvm_main.c
··· 2047 2047 r = -EFAULT; 2048 2048 if (copy_from_user(&data, argp, sizeof data)) 2049 2049 goto out; 2050 - r = kvm_irqfd(kvm, data.fd, data.gsi, data.flags); 2050 + r = kvm_irqfd(kvm, &data); 2051 2051 break; 2052 2052 } 2053 2053 case KVM_IOEVENTFD: { ··· 2845 2845 kvm_arch_hardware_unsetup(); 2846 2846 kvm_arch_exit(); 2847 2847 free_cpumask_var(cpus_hardware_enabled); 2848 + __free_page(fault_page); 2848 2849 __free_page(hwpoison_page); 2849 2850 __free_page(bad_page); 2850 2851 }