| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e9de4d2a1d14e28ce829c2e16eeeb8da344297c8.1747368093.git.afranji@google.com>
Date: Fri, 16 May 2025 19:19:28 +0000
From: Ryan Afranji <afranji@...gle.com>
To: afranji@...gle.com, ackerleytng@...gle.com, pbonzini@...hat.com,
seanjc@...gle.com, tglx@...utronix.de, x86@...nel.org, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
tabba@...gle.com
Cc: mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com,
shuah@...nel.org, andrew.jones@...ux.dev, ricarkol@...gle.com,
chao.p.peng@...ux.intel.com, jarkko@...nel.org, yu.c.zhang@...ux.intel.com,
vannapurve@...gle.com, erdemaktas@...gle.com, mail@...iej.szmigiero.name,
vbabka@...e.cz, david@...hat.com, qperret@...gle.com, michael.roth@....com,
wei.w.wang@...el.com, liam.merwick@...cle.com, isaku.yamahata@...il.com,
kirill.shutemov@...ux.intel.com, sagis@...gle.com, jthoughton@...gle.com
Subject: [RFC PATCH v2 08/13] KVM: x86: Refactor common code out of sev.c
From: Ackerley Tng <ackerleytng@...gle.com>
Split sev_lock_two_vms() into kvm_mark_migration_in_progress() and
kvm_lock_two_vms() and refactor sev.c to use these two new functions.
Co-developed-by: Sagi Shahar <sagis@...gle.com>
Signed-off-by: Sagi Shahar <sagis@...gle.com>
Co-developed-by: Vishal Annapurve <vannapurve@...gle.com>
Signed-off-by: Vishal Annapurve <vannapurve@...gle.com>
Signed-off-by: Ackerley Tng <ackerleytng@...gle.com>
Signed-off-by: Ryan Afranji <afranji@...gle.com>
---
arch/x86/kvm/svm/sev.c | 60 ++++++++++------------------------------
arch/x86/kvm/x86.c | 62 ++++++++++++++++++++++++++++++++++++++++++
arch/x86/kvm/x86.h | 6 ++++
3 files changed, 82 insertions(+), 46 deletions(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 89c06cfcc200..b3048ec411e2 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1836,47 +1836,6 @@ static bool is_cmd_allowed_from_mirror(u32 cmd_id)
return false;
}
-static int sev_lock_two_vms(struct kvm *dst_kvm, struct kvm *src_kvm)
-{
- int r = -EBUSY;
-
- if (dst_kvm == src_kvm)
- return -EINVAL;
-
- /*
- * Bail if these VMs are already involved in a migration to avoid
- * deadlock between two VMs trying to migrate to/from each other.
- */
- if (atomic_cmpxchg_acquire(&dst_kvm->migration_in_progress, 0, 1))
- return -EBUSY;
-
- if (atomic_cmpxchg_acquire(&src_kvm->migration_in_progress, 0, 1))
- goto release_dst;
-
- r = -EINTR;
- if (mutex_lock_killable(&dst_kvm->lock))
- goto release_src;
- if (mutex_lock_killable_nested(&src_kvm->lock, SINGLE_DEPTH_NESTING))
- goto unlock_dst;
- return 0;
-
-unlock_dst:
- mutex_unlock(&dst_kvm->lock);
-release_src:
- atomic_set_release(&src_kvm->migration_in_progress, 0);
-release_dst:
- atomic_set_release(&dst_kvm->migration_in_progress, 0);
- return r;
-}
-
-static void sev_unlock_two_vms(struct kvm *dst_kvm, struct kvm *src_kvm)
-{
- mutex_unlock(&dst_kvm->lock);
- mutex_unlock(&src_kvm->lock);
- atomic_set_release(&dst_kvm->migration_in_progress, 0);
- atomic_set_release(&src_kvm->migration_in_progress, 0);
-}
-
/* vCPU mutex subclasses. */
enum sev_migration_role {
SEV_MIGRATION_SOURCE = 0,
@@ -2057,9 +2016,12 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
return -EBADF;
source_kvm = fd_file(f)->private_data;
- ret = sev_lock_two_vms(kvm, source_kvm);
+ ret = kvm_mark_migration_in_progress(kvm, source_kvm);
if (ret)
return ret;
+ ret = kvm_lock_two_vms(kvm, source_kvm);
+ if (ret)
+ goto out_mark_migration_done;
if (kvm->arch.vm_type != source_kvm->arch.vm_type ||
sev_guest(kvm) || !sev_guest(source_kvm)) {
@@ -2105,7 +2067,9 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
put_misc_cg(cg_cleanup_sev->misc_cg);
cg_cleanup_sev->misc_cg = NULL;
out_unlock:
- sev_unlock_two_vms(kvm, source_kvm);
+ kvm_unlock_two_vms(kvm, source_kvm);
+out_mark_migration_done:
+ kvm_mark_migration_done(kvm, source_kvm);
return ret;
}
@@ -2779,9 +2743,12 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd)
return -EBADF;
source_kvm = fd_file(f)->private_data;
- ret = sev_lock_two_vms(kvm, source_kvm);
+ ret = kvm_mark_migration_in_progress(kvm, source_kvm);
if (ret)
return ret;
+ ret = kvm_lock_two_vms(kvm, source_kvm);
+ if (ret)
+ goto e_mark_migration_done;
/*
* Mirrors of mirrors should work, but let's not get silly. Also
@@ -2821,9 +2788,10 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd)
* KVM contexts as the original, and they may have different
* memory-views.
*/
-
e_unlock:
- sev_unlock_two_vms(kvm, source_kvm);
+ kvm_unlock_two_vms(kvm, source_kvm);
+e_mark_migration_done:
+ kvm_mark_migration_done(kvm, source_kvm);
return ret;
}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index f6ce044b090a..422c66a033d2 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4502,6 +4502,68 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
}
EXPORT_SYMBOL_GPL(kvm_get_msr_common);
+int kvm_mark_migration_in_progress(struct kvm *dst_kvm, struct kvm *src_kvm)
+{
+ int r;
+
+ if (dst_kvm == src_kvm)
+ return -EINVAL;
+
+ /*
+ * Bail if these VMs are already involved in a migration to avoid
+ * deadlock between two VMs trying to migrate to/from each other.
+ */
+ r = -EBUSY;
+ if (atomic_cmpxchg_acquire(&dst_kvm->migration_in_progress, 0, 1))
+ return r;
+
+ if (atomic_cmpxchg_acquire(&src_kvm->migration_in_progress, 0, 1))
+ goto release_dst;
+
+ return 0;
+
+release_dst:
+ atomic_set_release(&dst_kvm->migration_in_progress, 0);
+ return r;
+}
+EXPORT_SYMBOL_GPL(kvm_mark_migration_in_progress);
+
+void kvm_mark_migration_done(struct kvm *dst_kvm, struct kvm *src_kvm)
+{
+ atomic_set_release(&dst_kvm->migration_in_progress, 0);
+ atomic_set_release(&src_kvm->migration_in_progress, 0);
+}
+EXPORT_SYMBOL_GPL(kvm_mark_migration_done);
+
+int kvm_lock_two_vms(struct kvm *dst_kvm, struct kvm *src_kvm)
+{
+ int r;
+
+ if (dst_kvm == src_kvm)
+ return -EINVAL;
+
+ r = -EINTR;
+ if (mutex_lock_killable(&dst_kvm->lock))
+ return r;
+
+ if (mutex_lock_killable_nested(&src_kvm->lock, SINGLE_DEPTH_NESTING))
+ goto unlock_dst;
+
+ return 0;
+
+unlock_dst:
+ mutex_unlock(&dst_kvm->lock);
+ return r;
+}
+EXPORT_SYMBOL_GPL(kvm_lock_two_vms);
+
+void kvm_unlock_two_vms(struct kvm *dst_kvm, struct kvm *src_kvm)
+{
+ mutex_unlock(&dst_kvm->lock);
+ mutex_unlock(&src_kvm->lock);
+}
+EXPORT_SYMBOL_GPL(kvm_unlock_two_vms);
+
/*
* Read or write a bunch of msrs. All parameters are kernel addresses.
*
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 88a9475899c8..508f9509546c 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -649,4 +649,10 @@ int ____kvm_emulate_hypercall(struct kvm_vcpu *vcpu, int cpl,
int kvm_emulate_hypercall(struct kvm_vcpu *vcpu);
+int kvm_mark_migration_in_progress(struct kvm *dst_kvm, struct kvm *src_kvm);
+void kvm_mark_migration_done(struct kvm *dst_kvm, struct kvm *src_kvm);
+
+int kvm_lock_two_vms(struct kvm *dst_kvm, struct kvm *src_kvm);
+void kvm_unlock_two_vms(struct kvm *dst_kvm, struct kvm *src_kvm);
+
#endif
--
2.49.0.1101.gccaa498523-goog
Powered by blists - more mailing lists