KVM: avoid using rcu_dereference_protected

bonzini · rkrcmar · commit 3898da947bba · 2017-08-02T22:41:02.000+02:00
During teardown, accesses to memslots and buses are using
rcu_dereference_protected with an always-true condition because
these accesses are done outside the usual mutexes.  This
is because the last reference is gone and there cannot be any
concurrent modifications, but rcu_dereference_protected is
ugly and unobvious.

Instead, check the refcount in kvm_get_bus and __kvm_memslots.

Signed-off-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
Signed-off-by: Radim Krčmář &lt;rkrcmar@redhat.com&gt;
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
@@ -477,7 +477,8 @@ struct kvm {
 static inline struct kvm_io_bus *kvm_get_bus(struct kvm *kvm, enum kvm_bus idx)
 {
 	return srcu_dereference_check(kvm->buses[idx], &kvm->srcu,
-				      lockdep_is_held(&kvm->slots_lock));
+				      lockdep_is_held(&kvm->slots_lock) ||
+				      !refcount_read(&kvm->users_count));
 }
 
 static inline struct kvm_vcpu *kvm_get_vcpu(struct kvm *kvm, int i)
@@ -570,7 +571,8 @@ void kvm_put_kvm(struct kvm *kvm);
 static inline struct kvm_memslots *__kvm_memslots(struct kvm *kvm, int as_id)
 {
 	return srcu_dereference_check(kvm->memslots[as_id], &kvm->srcu,
-			lockdep_is_held(&kvm->slots_lock));
+			lockdep_is_held(&kvm->slots_lock) ||
+			!refcount_read(&kvm->users_count));
 }
 
 static inline struct kvm_memslots *kvm_memslots(struct kvm *kvm)
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
@@ -717,10 +717,9 @@ static struct kvm *kvm_create_vm(unsigned long type)
 	hardware_disable_all();
 out_err_no_disable:
 	for (i = 0; i < KVM_NR_BUSES; i++)
-		kfree(rcu_access_pointer(kvm->buses[i]));
+		kfree(kvm_get_bus(kvm, i));
 	for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++)
-		kvm_free_memslots(kvm,
-			rcu_dereference_protected(kvm->memslots[i], 1));
+		kvm_free_memslots(kvm, __kvm_memslots(kvm, i));
 	kvm_arch_free_vm(kvm);
 	mmdrop(current->mm);
 	return ERR_PTR(r);
@@ -754,9 +753,8 @@ static void kvm_destroy_vm(struct kvm *kvm)
 	spin_unlock(&kvm_lock);
 	kvm_free_irq_routing(kvm);
 	for (i = 0; i < KVM_NR_BUSES; i++) {
-		struct kvm_io_bus *bus;
+		struct kvm_io_bus *bus = kvm_get_bus(kvm, i);
 
-		bus = rcu_dereference_protected(kvm->buses[i], 1);
 		if (bus)
 			kvm_io_bus_destroy(bus);
 		kvm->buses[i] = NULL;
@@ -770,8 +768,7 @@ static void kvm_destroy_vm(struct kvm *kvm)
 	kvm_arch_destroy_vm(kvm);
 	kvm_destroy_devices(kvm);
 	for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++)
-		kvm_free_memslots(kvm,
-			rcu_dereference_protected(kvm->memslots[i], 1));
+		kvm_free_memslots(kvm, __kvm_memslots(kvm, i));
 	cleanup_srcu_struct(&kvm->irq_srcu);
 	cleanup_srcu_struct(&kvm->srcu);
 	kvm_arch_free_vm(kvm);

Original file line number	Diff line number	Diff line change
`@@ -477,7 +477,8 @@ struct kvm {`
`477`	`477`	`static inline struct kvm_io_bus kvm_get_bus(struct kvm kvm, enum kvm_bus idx)`
`478`	`478`	`{`
`479`	`479`	`return srcu_dereference_check(kvm->buses[idx], &kvm->srcu,`
`480`		`- lockdep_is_held(&kvm->slots_lock));`
	`480`	`+ lockdep_is_held(&kvm->slots_lock) \|\|`
	`481`	`+ !refcount_read(&kvm->users_count));`
`481`	`482`	`}`
`482`	`483`
`483`	`484`	`static inline struct kvm_vcpu kvm_get_vcpu(struct kvm kvm, int i)`
`@@ -570,7 +571,8 @@ void kvm_put_kvm(struct kvm *kvm);`
`570`	`571`	`static inline struct kvm_memslots __kvm_memslots(struct kvm kvm, int as_id)`
`571`	`572`	`{`
`572`	`573`	`return srcu_dereference_check(kvm->memslots[as_id], &kvm->srcu,`
`573`		`- lockdep_is_held(&kvm->slots_lock));`
	`574`	`+ lockdep_is_held(&kvm->slots_lock) \|\|`
	`575`	`+ !refcount_read(&kvm->users_count));`
`574`	`576`	`}`
`575`	`577`
`576`	`578`	`static inline struct kvm_memslots kvm_memslots(struct kvm kvm)`