From patchwork Mon May 13 14:38:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandre Chartre X-Patchwork-Id: 10941095 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3C03A6C5 for ; Mon, 13 May 2019 14:40:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2A48B28306 for ; Mon, 13 May 2019 14:40:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1D79C28334; Mon, 13 May 2019 14:40:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3547928306 for ; Mon, 13 May 2019 14:40:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3B7606B027E; Mon, 13 May 2019 10:40:01 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 366C56B027F; Mon, 13 May 2019 10:40:01 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 193256B0280; Mon, 13 May 2019 10:40:01 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-it1-f200.google.com (mail-it1-f200.google.com [209.85.166.200]) by kanga.kvack.org (Postfix) with ESMTP id EB81F6B027E for ; Mon, 13 May 2019 10:40:00 -0400 (EDT) Received: by mail-it1-f200.google.com with SMTP id o126so4939625itc.5 for ; Mon, 13 May 2019 07:40:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references; bh=I1kUHuKiSH9QzRVSTdzQMnQ4Y46T3IjTtH8oraLYUKM=; b=pqJ5ZdPNTVddHcmLeF+Me/SSXUwbjIfOTcybL7FbavinksGxr2uRKMDI+zW8f+xnlD GmrXlYLPmwTqhWfioroIJV/vyskjlrt6v3whkhvYZkoV7VIEpc3D6cXAnh2mVlPJWQCD 17uwvAvie0qngcV5tcmXb0Q8vLqfcNxVjGGtuyyikExYz8AkONvrbqi9HLeqx0GZBvoH +XD+GxEsPCSrHT6g8WMBS4+jlc8hGmsylBI0XRmG3L+6H5wGcrOKJCFNtKFiN4ac9TBf 3MgAVQTnar96UGihe1NDC54rr470Tjpx2M5pN2/9XyilpAJ13zWLluInX9M413SD846Y C7Vg== X-Gm-Message-State: APjAAAV65CpckmadAfcQnNyBDVQf9jUXv5JQoQM/McrD7exd/T4EhRuD PYNpF/ksZDnR7sgjz+92f5LXTJo6s9cBWA5liS5dsMjKThzEewvMT9SFJG2dGTEaoK8yOMlRUn/ KCHz3zB4GjGKlLpwQs6RLSVwQ10z+cAbREBfhivaSx18dGCoNHv/Y4Ne1+W0J4iChWw== X-Received: by 2002:a05:6602:4f:: with SMTP id z15mr17131337ioz.108.1557758400665; Mon, 13 May 2019 07:40:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqzgtn3D25Hys2NNIC/hBt8Wtzkl2WWO/E8RxnCtdru1Og0ahqlOst4ENzZDuAkbeYTgtP2z X-Received: by 2002:a05:6602:4f:: with SMTP id z15mr17131283ioz.108.1557758399633; Mon, 13 May 2019 07:39:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557758399; cv=none; d=google.com; s=arc-20160816; b=eADWenpWpkC31qvR/LqYvYeBL7b5/oGMt6IK18ccC5ibkqO2WrTIWOrC5+Ud0G6w1H 0GdMY8Nqx2TvEh1VF2/5vinQnaMUc7WkCDu2uzFSF0lXTaxbrXIiWJPYF5vQZBr1Kbp7 vJ7xnNovoarlxpJbVJ4ENxdnUz/ccnsXioxcKsQg0S9NTxIDemcJAY3nGw5QvF1INEpd 97tNaXKNaKjClJ73bErCAVMIRRNsGnObFMnTX5OGUSrdMHUglJDimky5qXhHUE7Y2LMV j6U2SLN31EwWSZB0XxyCFJMaasU1ioa1mEAQPqlwyoBYILQq4bZzEKVJxsKtjecv3Mla tzaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=I1kUHuKiSH9QzRVSTdzQMnQ4Y46T3IjTtH8oraLYUKM=; b=R87JqUTh+yPOQvNihXeuTOCZtouIPSoah5dnNw8Bqs8dV/z/+2nBBMD9db6MTZJB+t EgDJxAHLgOwKS0vD1FUjy+D3F4LE0WON5d2cZ5iK6wsNalAewPvbFfjATmNamtezcUAb tlPJqcaEA5X4qq7nOjp1ohj0uKH4WLFGKicdzBK2nmLsbFq3idyjzvl0nO7b4n24zKIX lZa2ELbzmypdH+9OEhVCrTGM9kFWgRMo+ClPqkhtC/FtrNCZwtDxGUSYjWon0Mxj3vko DfZ4J1J39Srg0NcL5Sx9LOiAMkb587VVp0w4EQBHFXowJxqwJihNLmT4Y9YarnTcRIjm /Gow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=ajrelu+2; spf=pass (google.com: domain of alexandre.chartre@oracle.com designates 141.146.126.79 as permitted sender) smtp.mailfrom=alexandre.chartre@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from aserp2130.oracle.com (aserp2130.oracle.com. [141.146.126.79]) by mx.google.com with ESMTPS id b2si8578116iti.141.2019.05.13.07.39.59 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 May 2019 07:39:59 -0700 (PDT) Received-SPF: pass (google.com: domain of alexandre.chartre@oracle.com designates 141.146.126.79 as permitted sender) client-ip=141.146.126.79; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=ajrelu+2; spf=pass (google.com: domain of alexandre.chartre@oracle.com designates 141.146.126.79 as permitted sender) smtp.mailfrom=alexandre.chartre@oracle.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4DEdhZb193417; Mon, 13 May 2019 14:39:50 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=corp-2018-07-02; bh=I1kUHuKiSH9QzRVSTdzQMnQ4Y46T3IjTtH8oraLYUKM=; b=ajrelu+23EpPoZzOm46NJouVlFfpY/7VuA8j/AA2maWWZv6PEWO74sb0JEOk8WTm7MlX zkCzIK+uulNLm3Uc5+fKPE0rSLiDjjJLejX1G+rGS4A2aaX6wwImF2XGsend6ZiCm1fm P8RiX9tW+RIc4zR0FuNImR/j0P1fr1IsIkAxcMSKq1XNd8xla45EpEAzSsqq0KaMJbcU mGTuD8FX0uYid5B79ED/WxOVxHhFvK/EkRkDNZuXjosZo4JvYLUzGo5D2aW2dE1YBaP0 wQ7ypO/K2a5rX9NiNfuwOPDx8wO0Hl7bt9/GOcZqO+YBs4IdO/Hb+PDVBfNbd7Ra1TXZ Dw== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp2130.oracle.com with ESMTP id 2sdkwdfm0s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 May 2019 14:39:50 +0000 Received: from achartre-desktop.fr.oracle.com (dhcp-10-166-106-34.fr.oracle.com [10.166.106.34]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id x4DEcZQR022780; Mon, 13 May 2019 14:39:47 GMT From: Alexandre Chartre To: pbonzini@redhat.com, rkrcmar@redhat.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, kvm@vger.kernel.org, x86@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: konrad.wilk@oracle.com, jan.setjeeilers@oracle.com, liran.alon@oracle.com, jwadams@google.com, alexandre.chartre@oracle.com Subject: [RFC KVM 24/27] kvm/isolation: KVM page fault handler Date: Mon, 13 May 2019 16:38:32 +0200 Message-Id: <1557758315-12667-25-git-send-email-alexandre.chartre@oracle.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1557758315-12667-1-git-send-email-alexandre.chartre@oracle.com> References: <1557758315-12667-1-git-send-email-alexandre.chartre@oracle.com> X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9255 signatures=668686 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905130103 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The KVM page fault handler handles page fault occurring while using the KVM address space by switching to the kernel address space and retrying the access (except if the fault occurs while switching to the kernel address space). Processing of page faults occurring while using the kernel address space is unchanged. Page fault log is cleared when creating a vm so that page fault information doesn't persist when qemu is stopped and restarted. The KVM module parameter page_fault_stack can be used to disable dumping stack trace when a page fault occurs while using the KVM address space. The fault will still be reported but without the stack trace. Signed-off-by: Alexandre Chartre --- arch/x86/kernel/dumpstack.c | 1 + arch/x86/kvm/isolation.c | 202 +++++++++++++++++++++++++++++++++++++++++++ arch/x86/mm/fault.c | 12 +++ 3 files changed, 215 insertions(+), 0 deletions(-) diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index 2b58864..aa28763 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -292,6 +292,7 @@ void show_stack(struct task_struct *task, unsigned long *sp) show_trace_log_lvl(task, NULL, sp, KERN_DEFAULT); } +EXPORT_SYMBOL(show_stack); void show_stack_regs(struct pt_regs *regs) { diff --git a/arch/x86/kvm/isolation.c b/arch/x86/kvm/isolation.c index e7979b3..db0a7ce 100644 --- a/arch/x86/kvm/isolation.c +++ b/arch/x86/kvm/isolation.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include @@ -17,6 +18,9 @@ #include "isolation.h" +extern bool (*kvm_page_fault_handler)(struct pt_regs *regs, + unsigned long error_code, + unsigned long address); enum page_table_level { PGT_LEVEL_PTE, @@ -91,6 +95,25 @@ struct kvm_range_mapping { static LIST_HEAD(kvm_range_mapping_list); static DEFINE_MUTEX(kvm_range_mapping_lock); +/* + * When a page fault occurs, while running with the KVM address space, + * the KVM page fault handler prints information about the fault (in + * particular the stack trace), and it switches back to the kernel + * address space. + * + * Information printed by the KVM page fault handler can be used to find + * out data not mapped in the KVM address space. Then the KVM address + * space can be augmented to include the missing mapping so that we don't + * fault at that same place anymore. + * + * The following variables keep track of page faults occurring while running + * with the KVM address space to prevent displaying the same information. + */ + +#define KVM_LAST_FAULT_COUNT 128 + +static unsigned long kvm_last_fault[KVM_LAST_FAULT_COUNT]; + struct mm_struct kvm_mm = { .mm_rb = RB_ROOT, @@ -126,6 +149,14 @@ static void kvm_clear_mapping(void *ptr, size_t size, static bool __read_mostly address_space_isolation; module_param(address_space_isolation, bool, 0444); +/* + * When set to true, KVM dumps the stack when a page fault occurs while + * running with the KVM address space. Otherwise the page fault is still + * reported but without the stack trace. + */ +static bool __read_mostly page_fault_stack = true; +module_param(page_fault_stack, bool, 0444); + static struct kvm_range_mapping *kvm_get_range_mapping_locked(void *ptr, bool *subset) { @@ -1195,6 +1226,173 @@ static void kvm_reset_all_task_mapping(void) mutex_unlock(&kvm_task_mapping_lock); } +static int bad_address(void *p) +{ + unsigned long dummy; + + return probe_kernel_address((unsigned long *)p, dummy); +} + +static void kvm_dump_pagetable(pgd_t *base, unsigned long address) +{ + pgd_t *pgd = base + pgd_index(address); + p4d_t *p4d; + pud_t *pud; + pmd_t *pmd; + pte_t *pte; + + pr_info("BASE %px ", base); + + if (bad_address(pgd)) + goto bad; + + pr_cont("PGD %lx ", pgd_val(*pgd)); + + if (!pgd_present(*pgd)) + goto out; + + p4d = p4d_offset(pgd, address); + if (bad_address(p4d)) + goto bad; + + pr_cont("P4D %lx ", p4d_val(*p4d)); + if (!p4d_present(*p4d) || p4d_large(*p4d)) + goto out; + + pud = pud_offset(p4d, address); + if (bad_address(pud)) + goto bad; + + pr_cont("PUD %lx ", pud_val(*pud)); + if (!pud_present(*pud) || pud_large(*pud)) + goto out; + + pmd = pmd_offset(pud, address); + if (bad_address(pmd)) + goto bad; + + pr_cont("PMD %lx ", pmd_val(*pmd)); + if (!pmd_present(*pmd) || pmd_large(*pmd)) + goto out; + + pte = pte_offset_kernel(pmd, address); + if (bad_address(pte)) + goto bad; + + pr_cont("PTE %lx", pte_val(*pte)); +out: + pr_cont("\n"); + return; +bad: + pr_info("BAD\n"); +} + +static void kvm_clear_page_fault(void) +{ + int i; + + for (i = 0; i < KVM_LAST_FAULT_COUNT; i++) + kvm_last_fault[i] = 0; +} + +static void kvm_log_page_fault(struct pt_regs *regs, unsigned long error_code, + unsigned long address) +{ + int i; + + /* + * Log information about the fault only if this is a fault + * we don't know about yet (or if the fault tracking buffer + * is full). + */ + for (i = 0; i < KVM_LAST_FAULT_COUNT; i++) { + if (!kvm_last_fault[i]) { + kvm_last_fault[i] = regs->ip; + break; + } + if (kvm_last_fault[i] == regs->ip) + return; + } + + if (i >= KVM_LAST_FAULT_COUNT) + pr_warn("KVM isolation: fault tracking buffer is full [%d]\n", + i); + + pr_info("KVM isolation: page fault #%d (%ld) at %pS on %px (%pS)\n", + i, error_code, (void *)regs->ip, + (void *)address, (void *)address); + if (page_fault_stack) + show_stack(NULL, (unsigned long *)regs->sp); +} + +/* + * KVM Page Fault Handler. The handler handles two simple cases: + * + * - If the fault occurs while using the kernel address space, then let + * the kernel handles the fault normally. + * + * - If the fault occurs while using the KVM address space, then switch + * to the kernel address space, and retry. + * + * It also handles a tricky case: if the fault occurs when using the KVM + * address space but while switching to the kernel address space then the + * switch is failing and we can't recover. In that case, we force switching + * to the kernel address space, print information and let the kernel + * handles the fault. + */ +static bool kvm_page_fault(struct pt_regs *regs, unsigned long error_code, + unsigned long address) +{ + struct mm_struct *active_mm = current->active_mm; + unsigned long cr3; + + /* + * First, do a quick and simple test to see if we are using + * the KVM address space. If we do then exit KVM isolation, + * log the fault and report that we have handled the fault. + */ + if (likely(active_mm == &kvm_mm)) { + kvm_isolation_exit(); + kvm_log_page_fault(regs, error_code, address); + return true; + } + + /* + * Verify that we are effectively using the kernel address space. + * When switching address space, active_mm is not necessarily up + * to date as it can already be set with the next mm while %cr3 + * has not been updated yet. So check loaded_mm which is updated + * after %cr3. + * + * If we are effectively using the kernel address space then report + * that we haven't handled the fault. + */ + if (this_cpu_read(cpu_tlbstate.loaded_mm) != &kvm_mm) + return false; + + /* + * We are actually using the KVM address space and faulting while + * switching address space. Force swiching to the kernel address + * space, log information and reported that we haven't handled + * the fault. + */ + cr3 = __read_cr3(); + write_cr3(build_cr3(active_mm->pgd, 0)); + kvm_dump_pagetable(kvm_mm.pgd, address); + kvm_dump_pagetable(active_mm->pgd, address); + printk(KERN_DEFAULT "KVM isolation: page fault %ld at %pS on %lx (%pS) while switching mm\n" + " cr3=%lx\n" + " kvm_mm=%px pgd=%px\n" + " active_mm=%px pgd=%px\n", + error_code, (void *)regs->ip, address, (void *)address, + cr3, + &kvm_mm, kvm_mm.pgd, + active_mm, active_mm->pgd); + dump_stack(); + + return false; +} + static int kvm_isolation_init_page_table(void) { @@ -1384,11 +1582,13 @@ static void kvm_isolation_uninit_mm(void) static void kvm_isolation_set_handlers(void) { kvm_set_isolation_exit_handler(kvm_isolation_exit); + kvm_page_fault_handler = kvm_page_fault; } static void kvm_isolation_clear_handlers(void) { kvm_set_isolation_exit_handler(NULL); + kvm_page_fault_handler = NULL; } int kvm_isolation_init_vm(struct kvm *kvm) @@ -1396,6 +1596,8 @@ int kvm_isolation_init_vm(struct kvm *kvm) if (!kvm_isolation()) return 0; + kvm_clear_page_fault(); + pr_debug("mapping kvm srcu sda\n"); return (kvm_copy_percpu_mapping(kvm->srcu.sda, diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 46df4c6..317e105 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -33,6 +33,10 @@ #define CREATE_TRACE_POINTS #include +bool (*kvm_page_fault_handler)(struct pt_regs *regs, unsigned long error_code, + unsigned long address); +EXPORT_SYMBOL(kvm_page_fault_handler); + /* * Returns 0 if mmiotrace is disabled, or if the fault is not * handled by mmiotrace: @@ -1253,6 +1257,14 @@ static int fault_in_kernel_space(unsigned long address) WARN_ON_ONCE(hw_error_code & X86_PF_PK); /* + * KVM might be able to handle the fault when running with the + * KVM address space. + */ + if (kvm_page_fault_handler && + kvm_page_fault_handler(regs, hw_error_code, address)) + return; + + /* * We can fault-in kernel-space virtual memory on-demand. The * 'reference' page table is init_mm.pgd. *