[PATCH] kvm: use the correct RCU API

[PATCH] kvm: use the correct RCU API

[Lai Jiangshan]

The RCU/SRCU API have already changed for proving RCU usage.

I got the following dmesg when PROVE_RCU=y because we used incorrect API.
This patch coverts rcu_deference() to srcu_dereference() or family API.

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
arch/x86/kvm/mmu.c:3020 invoked rcu_dereference_check() without protection!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
2 locks held by qemu-system-x86/8550:
 #0:  (&kvm->slots_lock){+.+.+.}, at: [<ffffffffa011a6ac>] kvm_set_memory_region+0x29/0x50 [kvm]
 #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa012262d>] kvm_arch_commit_memory_region+0xa6/0xe2 [kvm]

stack backtrace:
Pid: 8550, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1 #27
Call Trace:
 [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
 [<ffffffffa012f6c1>] kvm_mmu_calculate_mmu_pages+0x44/0x7d [kvm]
 [<ffffffffa012263e>] kvm_arch_commit_memory_region+0xb7/0xe2 [kvm]
 [<ffffffffa011a5d7>] __kvm_set_memory_region+0x636/0x6e2 [kvm]
 [<ffffffffa011a6ba>] kvm_set_memory_region+0x37/0x50 [kvm]
 [<ffffffffa015e956>] vmx_set_tss_addr+0x46/0x5a [kvm_intel]
 [<ffffffffa0126592>] kvm_arch_vm_ioctl+0x17a/0xcf8 [kvm]
 [<ffffffff810a8692>] ? unlock_page+0x27/0x2c
 [<ffffffff810bf879>] ? __do_fault+0x3a9/0x3e1
 [<ffffffffa011b12f>] kvm_vm_ioctl+0x364/0x38d [kvm]
 [<ffffffff81060cfa>] ? up_read+0x23/0x3d
 [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
 [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
 [<ffffffff810e6b2f>] ? fget_light+0xc2/0x241
 [<ffffffff810e416c>] ? do_sys_open+0x104/0x116
 [<ffffffff81382d6d>] ? retint_swapgs+0xe/0x13
 [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
 [<ffffffff810021db>] system_call_fastpath+0x16/0x1b

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
---
diff --git a/arch/ia64/kvm/kvm-ia64.c b/arch/ia64/kvm/kvm-ia64.c
index 73c5c2b..52b8ece 100644
--- a/arch/ia64/kvm/kvm-ia64.c
+++ b/arch/ia64/kvm/kvm-ia64.c
@@ -1379,7 +1379,7 @@ static void kvm_release_vm_pages(struct kvm *kvm)
 	int i, j;
 	unsigned long base_gfn;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 	for (i = 0; i < slots->nmemslots; i++) {
 		memslot = &slots->memslots[i];
 		base_gfn = memslot->base_gfn;
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 60f09ab..cfa9d17 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -72,7 +72,7 @@ static inline void kvm_s390_vcpu_set_mem(struct kvm_vcpu *vcpu)
 	struct kvm_memslots *memslots;
 
 	idx = srcu_read_lock(&vcpu->kvm->srcu);
-	memslots = rcu_dereference(vcpu->kvm->memslots);
+	memslots = kvm_memslots(vcpu->kvm);
 
 	mem = &memslots->memslots[0];
 
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 71faa04..bb61881 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -792,7 +792,7 @@ static int kvm_handle_hva(struct kvm *kvm, unsigned long hva,
 	int retval = 0;
 	struct kvm_memslots *slots;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 
 	for (i = 0; i < slots->nmemslots; i++) {
 		struct kvm_memory_slot *memslot = &slots->memslots[i];
@@ -3017,7 +3017,8 @@ unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
 	unsigned int  nr_pages = 0;
 	struct kvm_memslots *slots;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
+
 	for (i = 0; i < slots->nmemslots; i++)
 		nr_pages += slots->memslots[i].npages;
 
@@ -3292,7 +3293,7 @@ static int count_rmaps(struct kvm_vcpu *vcpu)
 	int i, j, k, idx;
 
 	idx = srcu_read_lock(&kvm->srcu);
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 	for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
 		struct kvm_memory_slot *m = &slots->memslots[i];
 		struct kvm_rmap_desc *d;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 077cac5..725e7b6 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1514,7 +1514,7 @@ static gva_t rmode_tss_base(struct kvm *kvm)
 		struct kvm_memslots *slots;
 		gfn_t base_gfn;
 
-		slots = rcu_dereference(kvm->memslots);
+		slots = kvm_memslots(kvm);
 		base_gfn = kvm->memslots->memslots[0].base_gfn +
 				 kvm->memslots->memslots[0].npages - 3;
 		return base_gfn << PAGE_SHIFT;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 6120e33..4dcd62c 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2408,7 +2408,7 @@ gfn_t unalias_gfn_instantiation(struct kvm *kvm, gfn_t gfn)
 	struct kvm_mem_alias *alias;
 	struct kvm_mem_aliases *aliases;
 
-	aliases = rcu_dereference(kvm->arch.aliases);
+	aliases = kvm_aliases(kvm);
 
 	for (i = 0; i < aliases->naliases; ++i) {
 		alias = &aliases->aliases[i];
@@ -2427,7 +2427,7 @@ gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn)
 	struct kvm_mem_alias *alias;
 	struct kvm_mem_aliases *aliases;
 
-	aliases = rcu_dereference(kvm->arch.aliases);
+	aliases = kvm_aliases(kvm);
 
 	for (i = 0; i < aliases->naliases; ++i) {
 		alias = &aliases->aliases[i];
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 2d10163..e218fed 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -65,4 +65,11 @@ static inline int is_paging(struct kvm_vcpu *vcpu)
 	return kvm_read_cr0_bits(vcpu, X86_CR0_PG);
 }
 
+static inline struct kvm_mem_aliases *kvm_aliases(struct kvm *kvm)
+{
+	return rcu_dereference_check(kvm->arch.aliases,
+			srcu_read_lock_held(&kvm->srcu)
+			|| lockdep_is_held(&kvm->slots_lock));
+}
+
 #endif
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index a3fd0f9..f735752 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -239,6 +239,13 @@ void kvm_exit(void);
 void kvm_get_kvm(struct kvm *kvm);
 void kvm_put_kvm(struct kvm *kvm);
 
+static inline struct kvm_memslots *kvm_memslots(struct kvm *kvm)
+{
+	return rcu_dereference_check(kvm->memslots,
+			srcu_read_lock_held(&kvm->srcu)
+			|| lockdep_is_held(&kvm->slots_lock));
+}
+
 #define HPA_MSB ((sizeof(hpa_t) * 8) - 1)
 #define HPA_ERR_MASK ((hpa_t)1 << HPA_MSB)
 static inline int is_error_hpa(hpa_t hpa) { return hpa >> HPA_MSB; }
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
index 80fd3ad..37ca71e 100644
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -78,7 +78,7 @@ static int kvm_iommu_map_memslots(struct kvm *kvm)
 	int i, r = 0;
 	struct kvm_memslots *slots;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 
 	for (i = 0; i < slots->nmemslots; i++) {
 		r = kvm_iommu_map_pages(kvm, &slots->memslots[i]);
@@ -217,7 +217,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm)
 	int i;
 	struct kvm_memslots *slots;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 
 	for (i = 0; i < slots->nmemslots; i++) {
 		kvm_iommu_put_pages(kvm, slots->memslots[i].base_gfn,
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index b03f863..58b2147 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -829,7 +829,7 @@ EXPORT_SYMBOL_GPL(kvm_is_error_hva);
 struct kvm_memory_slot *gfn_to_memslot_unaliased(struct kvm *kvm, gfn_t gfn)
 {
 	int i;
-	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
+	struct kvm_memslots *slots = kvm_memslots(kvm);
 
 	for (i = 0; i < slots->nmemslots; ++i) {
 		struct kvm_memory_slot *memslot = &slots->memslots[i];
@@ -851,7 +851,7 @@ struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn)
 int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
 {
 	int i;
-	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
+	struct kvm_memslots *slots = kvm_memslots(kvm);
 
 	gfn = unalias_gfn_instantiation(kvm, gfn);
 	for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
@@ -895,7 +895,7 @@ out:
 int memslot_id(struct kvm *kvm, gfn_t gfn)
 {
 	int i;
-	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
+	struct kvm_memslots *slots = kvm_memslots(kvm);
 	struct kvm_memory_slot *memslot = NULL;
 
 	gfn = unalias_gfn(kvm, gfn);
@@ -1979,7 +1979,9 @@ int kvm_io_bus_write(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
 		     int len, const void *val)
 {
 	int i;
-	struct kvm_io_bus *bus = rcu_dereference(kvm->buses[bus_idx]);
+	struct kvm_io_bus *bus;
+
+	bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
 	for (i = 0; i < bus->dev_count; i++)
 		if (!kvm_iodevice_write(bus->devs[i], addr, len, val))
 			return 0;
@@ -1991,8 +1993,9 @@ int kvm_io_bus_read(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
 		    int len, void *val)
 {
 	int i;
-	struct kvm_io_bus *bus = rcu_dereference(kvm->buses[bus_idx]);
+	struct kvm_io_bus *bus;
 
+	bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
 	for (i = 0; i < bus->dev_count; i++)
 		if (!kvm_iodevice_read(bus->devs[i], addr, len, val))
 			return 0;

[PATCH] kvm: use the correct RCU API

[Lai Jiangshan]

The RCU/SRCU API have already changed for proving RCU usage.

I got the following dmesg when PROVE_RCU=y because we used incorrect API.
This patch coverts rcu_deference() to srcu_dereference() or family API.

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
arch/x86/kvm/mmu.c:3020 invoked rcu_dereference_check() without protection!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
2 locks held by qemu-system-x86/8550:
 #0:  (&kvm->slots_lock){+.+.+.}, at: [<ffffffffa011a6ac>] kvm_set_memory_region+0x29/0x50 [kvm]
 #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa012262d>] kvm_arch_commit_memory_region+0xa6/0xe2 [kvm]

stack backtrace:
Pid: 8550, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1 #27
Call Trace:
 [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
 [<ffffffffa012f6c1>] kvm_mmu_calculate_mmu_pages+0x44/0x7d [kvm]
 [<ffffffffa012263e>] kvm_arch_commit_memory_region+0xb7/0xe2 [kvm]
 [<ffffffffa011a5d7>] __kvm_set_memory_region+0x636/0x6e2 [kvm]
 [<ffffffffa011a6ba>] kvm_set_memory_region+0x37/0x50 [kvm]
 [<ffffffffa015e956>] vmx_set_tss_addr+0x46/0x5a [kvm_intel]
 [<ffffffffa0126592>] kvm_arch_vm_ioctl+0x17a/0xcf8 [kvm]
 [<ffffffff810a8692>] ? unlock_page+0x27/0x2c
 [<ffffffff810bf879>] ? __do_fault+0x3a9/0x3e1
 [<ffffffffa011b12f>] kvm_vm_ioctl+0x364/0x38d [kvm]
 [<ffffffff81060cfa>] ? up_read+0x23/0x3d
 [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
 [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
 [<ffffffff810e6b2f>] ? fget_light+0xc2/0x241
 [<ffffffff810e416c>] ? do_sys_open+0x104/0x116
 [<ffffffff81382d6d>] ? retint_swapgs+0xe/0x13
 [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
 [<ffffffff810021db>] system_call_fastpath+0x16/0x1b

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
---
diff --git a/arch/ia64/kvm/kvm-ia64.c b/arch/ia64/kvm/kvm-ia64.c
index 73c5c2b..52b8ece 100644
--- a/arch/ia64/kvm/kvm-ia64.c
+++ b/arch/ia64/kvm/kvm-ia64.c
@@ -1379,7 +1379,7 @@ static void kvm_release_vm_pages(struct kvm *kvm)
 	int i, j;
 	unsigned long base_gfn;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 	for (i = 0; i < slots->nmemslots; i++) {
 		memslot = &slots->memslots[i];
 		base_gfn = memslot->base_gfn;
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 60f09ab..cfa9d17 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -72,7 +72,7 @@ static inline void kvm_s390_vcpu_set_mem(struct kvm_vcpu *vcpu)
 	struct kvm_memslots *memslots;
 
 	idx = srcu_read_lock(&vcpu->kvm->srcu);
-	memslots = rcu_dereference(vcpu->kvm->memslots);
+	memslots = kvm_memslots(vcpu->kvm);
 
 	mem = &memslots->memslots[0];
 
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 71faa04..bb61881 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -792,7 +792,7 @@ static int kvm_handle_hva(struct kvm *kvm, unsigned long hva,
 	int retval = 0;
 	struct kvm_memslots *slots;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 
 	for (i = 0; i < slots->nmemslots; i++) {
 		struct kvm_memory_slot *memslot = &slots->memslots[i];
@@ -3017,7 +3017,8 @@ unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
 	unsigned int  nr_pages = 0;
 	struct kvm_memslots *slots;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
+
 	for (i = 0; i < slots->nmemslots; i++)
 		nr_pages += slots->memslots[i].npages;
 
@@ -3292,7 +3293,7 @@ static int count_rmaps(struct kvm_vcpu *vcpu)
 	int i, j, k, idx;
 
 	idx = srcu_read_lock(&kvm->srcu);
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 	for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
 		struct kvm_memory_slot *m = &slots->memslots[i];
 		struct kvm_rmap_desc *d;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 077cac5..725e7b6 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1514,7 +1514,7 @@ static gva_t rmode_tss_base(struct kvm *kvm)
 		struct kvm_memslots *slots;
 		gfn_t base_gfn;
 
-		slots = rcu_dereference(kvm->memslots);
+		slots = kvm_memslots(kvm);
 		base_gfn = kvm->memslots->memslots[0].base_gfn +
 				 kvm->memslots->memslots[0].npages - 3;
 		return base_gfn << PAGE_SHIFT;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 6120e33..4dcd62c 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2408,7 +2408,7 @@ gfn_t unalias_gfn_instantiation(struct kvm *kvm, gfn_t gfn)
 	struct kvm_mem_alias *alias;
 	struct kvm_mem_aliases *aliases;
 
-	aliases = rcu_dereference(kvm->arch.aliases);
+	aliases = kvm_aliases(kvm);
 
 	for (i = 0; i < aliases->naliases; ++i) {
 		alias = &aliases->aliases[i];
@@ -2427,7 +2427,7 @@ gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn)
 	struct kvm_mem_alias *alias;
 	struct kvm_mem_aliases *aliases;
 
-	aliases = rcu_dereference(kvm->arch.aliases);
+	aliases = kvm_aliases(kvm);
 
 	for (i = 0; i < aliases->naliases; ++i) {
 		alias = &aliases->aliases[i];
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 2d10163..e218fed 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -65,4 +65,11 @@ static inline int is_paging(struct kvm_vcpu *vcpu)
 	return kvm_read_cr0_bits(vcpu, X86_CR0_PG);
 }
 
+static inline struct kvm_mem_aliases *kvm_aliases(struct kvm *kvm)
+{
+	return rcu_dereference_check(kvm->arch.aliases,
+			srcu_read_lock_held(&kvm->srcu)
+			|| lockdep_is_held(&kvm->slots_lock));
+}
+
 #endif
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index a3fd0f9..f735752 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -239,6 +239,13 @@ void kvm_exit(void);
 void kvm_get_kvm(struct kvm *kvm);
 void kvm_put_kvm(struct kvm *kvm);
 
+static inline struct kvm_memslots *kvm_memslots(struct kvm *kvm)
+{
+	return rcu_dereference_check(kvm->memslots,
+			srcu_read_lock_held(&kvm->srcu)
+			|| lockdep_is_held(&kvm->slots_lock));
+}
+
 #define HPA_MSB ((sizeof(hpa_t) * 8) - 1)
 #define HPA_ERR_MASK ((hpa_t)1 << HPA_MSB)
 static inline int is_error_hpa(hpa_t hpa) { return hpa >> HPA_MSB; }
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
index 80fd3ad..37ca71e 100644
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -78,7 +78,7 @@ static int kvm_iommu_map_memslots(struct kvm *kvm)
 	int i, r = 0;
 	struct kvm_memslots *slots;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 
 	for (i = 0; i < slots->nmemslots; i++) {
 		r = kvm_iommu_map_pages(kvm, &slots->memslots[i]);
@@ -217,7 +217,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm)
 	int i;
 	struct kvm_memslots *slots;
 
-	slots = rcu_dereference(kvm->memslots);
+	slots = kvm_memslots(kvm);
 
 	for (i = 0; i < slots->nmemslots; i++) {
 		kvm_iommu_put_pages(kvm, slots->memslots[i].base_gfn,
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index b03f863..58b2147 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -829,7 +829,7 @@ EXPORT_SYMBOL_GPL(kvm_is_error_hva);
 struct kvm_memory_slot *gfn_to_memslot_unaliased(struct kvm *kvm, gfn_t gfn)
 {
 	int i;
-	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
+	struct kvm_memslots *slots = kvm_memslots(kvm);
 
 	for (i = 0; i < slots->nmemslots; ++i) {
 		struct kvm_memory_slot *memslot = &slots->memslots[i];
@@ -851,7 +851,7 @@ struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn)
 int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
 {
 	int i;
-	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
+	struct kvm_memslots *slots = kvm_memslots(kvm);
 
 	gfn = unalias_gfn_instantiation(kvm, gfn);
 	for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
@@ -895,7 +895,7 @@ out:
 int memslot_id(struct kvm *kvm, gfn_t gfn)
 {
 	int i;
-	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
+	struct kvm_memslots *slots = kvm_memslots(kvm);
 	struct kvm_memory_slot *memslot = NULL;
 
 	gfn = unalias_gfn(kvm, gfn);
@@ -1979,7 +1979,9 @@ int kvm_io_bus_write(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
 		     int len, const void *val)
 {
 	int i;
-	struct kvm_io_bus *bus = rcu_dereference(kvm->buses[bus_idx]);
+	struct kvm_io_bus *bus;
+
+	bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
 	for (i = 0; i < bus->dev_count; i++)
 		if (!kvm_iodevice_write(bus->devs[i], addr, len, val))
 			return 0;
@@ -1991,8 +1993,9 @@ int kvm_io_bus_read(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
 		    int len, void *val)
 {
 	int i;
-	struct kvm_io_bus *bus = rcu_dereference(kvm->buses[bus_idx]);
+	struct kvm_io_bus *bus;
 
+	bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
 	for (i = 0; i < bus->dev_count; i++)
 		if (!kvm_iodevice_read(bus->devs[i], addr, len, val))
 			return 0;

Re: [PATCH] kvm: use the correct RCU API

[Avi Kivity]

On 04/19/2010 12:41 PM, Lai Jiangshan wrote:
> The RCU/SRCU API have already changed for proving RCU usage.
>
> I got the following dmesg when PROVE_RCU=y because we used incorrect API.
> This patch coverts rcu_deference() to srcu_dereference() or family API.
>
> ===================================================
> [ INFO: suspicious rcu_dereference_check() usage. ]
> ---------------------------------------------------
> arch/x86/kvm/mmu.c:3020 invoked rcu_dereference_check() without protection!
>
> other info that might help us debug this:
>
>
> rcu_scheduler_active = 1, debug_locks = 0
> 2 locks held by qemu-system-x86/8550:
>   #0:  (&kvm->slots_lock){+.+.+.}, at: [<ffffffffa011a6ac>] kvm_set_memory_region+0x29/0x50 [kvm]
>   #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa012262d>] kvm_arch_commit_memory_region+0xa6/0xe2 [kvm]
>
> stack backtrace:
> Pid: 8550, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1 #27
> Call Trace:
>   [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
>   [<ffffffffa012f6c1>] kvm_mmu_calculate_mmu_pages+0x44/0x7d [kvm]
>   [<ffffffffa012263e>] kvm_arch_commit_memory_region+0xb7/0xe2 [kvm]
>   [<ffffffffa011a5d7>] __kvm_set_memory_region+0x636/0x6e2 [kvm]
>   [<ffffffffa011a6ba>] kvm_set_memory_region+0x37/0x50 [kvm]
>   [<ffffffffa015e956>] vmx_set_tss_addr+0x46/0x5a [kvm_intel]
>   [<ffffffffa0126592>] kvm_arch_vm_ioctl+0x17a/0xcf8 [kvm]
>   [<ffffffff810a8692>] ? unlock_page+0x27/0x2c
>   [<ffffffff810bf879>] ? __do_fault+0x3a9/0x3e1
>   [<ffffffffa011b12f>] kvm_vm_ioctl+0x364/0x38d [kvm]
>   [<ffffffff81060cfa>] ? up_read+0x23/0x3d
>   [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
>   [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
>   [<ffffffff810e6b2f>] ? fget_light+0xc2/0x241
>   [<ffffffff810e416c>] ? do_sys_open+0x104/0x116
>   [<ffffffff81382d6d>] ? retint_swapgs+0xe/0x13
>   [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
>   [<ffffffff810021db>] system_call_fastpath+0x16/0x1b
>
>
>
> +static inline struct kvm_memslots *kvm_memslots(struct kvm *kvm)
> +{
> +	return rcu_dereference_check(kvm->memslots,
> +			srcu_read_lock_held(&kvm->srcu)
> +			|| lockdep_is_held(&kvm->slots_lock));
> +}
> +
>    


This open-codes srcu_dereference().  I guess we need an 
srcu_dereference_check().  Paul?

btw, perhaps it is possible not to call rcu_dereference from the write 
paths.


-- 
error compiling committee.c: too many arguments to function

[BUG] kvm: dereference srcu-protected pointer without srcu_read_lock() held

[Lai Jiangshan]

Applied the patch I just sent and let CONFIG_PROVE_RCU=y,
we can got the following dmesg. And we found that it is
because some codes in KVM dereferences srcu-protected pointer without
srcu_read_lock() held or update-side lock held.

It is not hard to fix, the problem is that:
Where is the most proper place to put a srcu_read_lock()?

I can not determine the answer, so I report this bug
instead of fixing it.

Thanks.
Lai.

Reported-by: Lai Jiangshan <laijs@cn.fujitsu.com>


===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
arch/x86/kvm/x86.h:72 invoked rcu_dereference_check() without protection!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
1 lock held by qemu-system-x86/3027:
 #0:  (&vcpu->mutex){+.+.+.}, at: [<ffffffffa011b6ff>] vcpu_load+0x1a/0x66 [kvm]

stack backtrace:
Pid: 3027, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1-dirty #28
Call Trace:
 [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
 [<ffffffffa0123654>] unalias_gfn_instantiation+0x56/0xaf [kvm]
 [<ffffffffa01198de>] gfn_to_hva+0x14/0x4c [kvm]
 [<ffffffffa01199ca>] kvm_write_guest_page+0x2a/0x7f [kvm]
 [<ffffffffa0119afb>] kvm_write_guest+0x41/0x83 [kvm]
 [<ffffffffa01243b5>] kvm_write_guest_virt+0x78/0xa1 [kvm]
 [<ffffffffa012479a>] pio_copy_data+0x46/0x75 [kvm]
 [<ffffffff81385a0f>] ? sub_preempt_count+0x9/0x83
 [<ffffffffa012485a>] complete_pio+0x91/0x1b9 [kvm]
 [<ffffffffa0128728>] kvm_arch_vcpu_ioctl_run+0x93/0xd2b [kvm]
 [<ffffffffa0128f7a>] ? kvm_arch_vcpu_ioctl_run+0x8e5/0xd2b [kvm]
 [<ffffffff8106e590>] ? __lock_acquire+0x7b4/0x16d5
 [<ffffffffa0117ecd>] kvm_vcpu_ioctl+0x103/0x97b [kvm]
 [<ffffffffa011b15b>] ? kvm_vm_ioctl+0x364/0x38d [kvm]
 [<ffffffff810e6b5e>] ? fget_light+0xf1/0x241
 [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
 [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
 [<ffffffff810e6c9e>] ? fget_light+0x231/0x241
 [<ffffffff810e6b5e>] ? fget_light+0xf1/0x241
 [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
 [<ffffffff810021db>] system_call_fastpath+0x16/0x1b

Re: [BUG] kvm: dereference srcu-protected pointer without srcu_read_lock() held

[Avi Kivity]

On 04/19/2010 12:58 PM, Lai Jiangshan wrote:
> Applied the patch I just sent and let CONFIG_PROVE_RCU=y,
> we can got the following dmesg. And we found that it is
> because some codes in KVM dereferences srcu-protected pointer without
> srcu_read_lock() held or update-side lock held.
>
> It is not hard to fix, the problem is that:
> Where is the most proper place to put a srcu_read_lock()?
>
> I can not determine the answer, so I report this bug
> instead of fixing it.
>
>    

I think the else branch in complete_pio() should work.  Marcelo?

Longer term I'd like to see the lock taken at the high levels (ioctls, 
in virt/kvm) and dropped only for guest entry and when we explicitly 
sleep (hlt emulation).

Note: complete_pio() is gone in the current code.

-- 
error compiling committee.c: too many arguments to function

Re: [PATCH] kvm: use the correct RCU API

[Paul E. McKenney]

On Mon, Apr 19, 2010 at 12:49:04PM +0300, Avi Kivity wrote:
> On 04/19/2010 12:41 PM, Lai Jiangshan wrote:
> >The RCU/SRCU API have already changed for proving RCU usage.
> >
> >I got the following dmesg when PROVE_RCU=y because we used incorrect API.
> >This patch coverts rcu_deference() to srcu_dereference() or family API.
> >
> >===================================================
> >[ INFO: suspicious rcu_dereference_check() usage. ]
> >---------------------------------------------------
> >arch/x86/kvm/mmu.c:3020 invoked rcu_dereference_check() without protection!
> >
> >other info that might help us debug this:
> >
> >
> >rcu_scheduler_active = 1, debug_locks = 0
> >2 locks held by qemu-system-x86/8550:
> >  #0:  (&kvm->slots_lock){+.+.+.}, at: [<ffffffffa011a6ac>] kvm_set_memory_region+0x29/0x50 [kvm]
> >  #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa012262d>] kvm_arch_commit_memory_region+0xa6/0xe2 [kvm]
> >
> >stack backtrace:
> >Pid: 8550, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1 #27
> >Call Trace:
> >  [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
> >  [<ffffffffa012f6c1>] kvm_mmu_calculate_mmu_pages+0x44/0x7d [kvm]
> >  [<ffffffffa012263e>] kvm_arch_commit_memory_region+0xb7/0xe2 [kvm]
> >  [<ffffffffa011a5d7>] __kvm_set_memory_region+0x636/0x6e2 [kvm]
> >  [<ffffffffa011a6ba>] kvm_set_memory_region+0x37/0x50 [kvm]
> >  [<ffffffffa015e956>] vmx_set_tss_addr+0x46/0x5a [kvm_intel]
> >  [<ffffffffa0126592>] kvm_arch_vm_ioctl+0x17a/0xcf8 [kvm]
> >  [<ffffffff810a8692>] ? unlock_page+0x27/0x2c
> >  [<ffffffff810bf879>] ? __do_fault+0x3a9/0x3e1
> >  [<ffffffffa011b12f>] kvm_vm_ioctl+0x364/0x38d [kvm]
> >  [<ffffffff81060cfa>] ? up_read+0x23/0x3d
> >  [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
> >  [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
> >  [<ffffffff810e6b2f>] ? fget_light+0xc2/0x241
> >  [<ffffffff810e416c>] ? do_sys_open+0x104/0x116
> >  [<ffffffff81382d6d>] ? retint_swapgs+0xe/0x13
> >  [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
> >  [<ffffffff810021db>] system_call_fastpath+0x16/0x1b
> >
> >
> >
> >+static inline struct kvm_memslots *kvm_memslots(struct kvm *kvm)
> >+{
> >+	return rcu_dereference_check(kvm->memslots,
> >+			srcu_read_lock_held(&kvm->srcu)
> >+			|| lockdep_is_held(&kvm->slots_lock));
> >+}
> >+
> 
> 
> This open-codes srcu_dereference().  I guess we need an
> srcu_dereference_check().  Paul?

One is coming in Arnd's sparse-based patchset.  It is probably best
to open-code this in the meantime and clean up later, but I will
double-check with Arnd.

> btw, perhaps it is possible not to call rcu_dereference from the
> write paths.

There is an rcu_dereference_protected() on its way to mainline to handle
the case where the reference is always protected by a lock.  Why not
just access it directly?  Because if you do that, the sparse-based checks
will yell at you.

There is also an rcu_access_pointer() on its way to mainline for cases
where you only want to test the pointer itself, not dereference it.

						Thanx, Paul

Re: [BUG] kvm: dereference srcu-protected pointer without srcu_read_lock() held

[Marcelo Tosatti]

On Mon, Apr 19, 2010 at 01:08:29PM +0300, Avi Kivity wrote:
> On 04/19/2010 12:58 PM, Lai Jiangshan wrote:
> >Applied the patch I just sent and let CONFIG_PROVE_RCU=y,
> >we can got the following dmesg. And we found that it is
> >because some codes in KVM dereferences srcu-protected pointer without
> >srcu_read_lock() held or update-side lock held.
> >
> >It is not hard to fix, the problem is that:
> >Where is the most proper place to put a srcu_read_lock()?
> >
> >I can not determine the answer, so I report this bug
> >instead of fixing it.
> >
> 
> I think the else branch in complete_pio() should work.  Marcelo?
> 
> Longer term I'd like to see the lock taken at the high levels
> (ioctls, in virt/kvm) and dropped only for guest entry and when we
> explicitly sleep (hlt emulation).
> 
> Note: complete_pio() is gone in the current code.

Yes, this was fixed by 7fb2ea1e6.

Re: [PATCH] kvm: use the correct RCU API

[Lai Jiangshan]

Paul E. McKenney wrote:
> On Mon, Apr 19, 2010 at 12:49:04PM +0300, Avi Kivity wrote:
>> On 04/19/2010 12:41 PM, Lai Jiangshan wrote:
>>> The RCU/SRCU API have already changed for proving RCU usage.
>>>
>>> I got the following dmesg when PROVE_RCU=y because we used incorrect API.
>>> This patch coverts rcu_deference() to srcu_dereference() or family API.
>>>
>>> ===================================================
>>> [ INFO: suspicious rcu_dereference_check() usage. ]
>>> ---------------------------------------------------
>>> arch/x86/kvm/mmu.c:3020 invoked rcu_dereference_check() without protection!
>>>
>>> other info that might help us debug this:
>>>
>>>
>>> rcu_scheduler_active = 1, debug_locks = 0
>>> 2 locks held by qemu-system-x86/8550:
>>>  #0:  (&kvm->slots_lock){+.+.+.}, at: [<ffffffffa011a6ac>] kvm_set_memory_region+0x29/0x50 [kvm]
>>>  #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa012262d>] kvm_arch_commit_memory_region+0xa6/0xe2 [kvm]
>>>
>>> stack backtrace:
>>> Pid: 8550, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1 #27
>>> Call Trace:
>>>  [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
>>>  [<ffffffffa012f6c1>] kvm_mmu_calculate_mmu_pages+0x44/0x7d [kvm]
>>>  [<ffffffffa012263e>] kvm_arch_commit_memory_region+0xb7/0xe2 [kvm]
>>>  [<ffffffffa011a5d7>] __kvm_set_memory_region+0x636/0x6e2 [kvm]
>>>  [<ffffffffa011a6ba>] kvm_set_memory_region+0x37/0x50 [kvm]
>>>  [<ffffffffa015e956>] vmx_set_tss_addr+0x46/0x5a [kvm_intel]
>>>  [<ffffffffa0126592>] kvm_arch_vm_ioctl+0x17a/0xcf8 [kvm]
>>>  [<ffffffff810a8692>] ? unlock_page+0x27/0x2c
>>>  [<ffffffff810bf879>] ? __do_fault+0x3a9/0x3e1
>>>  [<ffffffffa011b12f>] kvm_vm_ioctl+0x364/0x38d [kvm]
>>>  [<ffffffff81060cfa>] ? up_read+0x23/0x3d
>>>  [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
>>>  [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
>>>  [<ffffffff810e6b2f>] ? fget_light+0xc2/0x241
>>>  [<ffffffff810e416c>] ? do_sys_open+0x104/0x116
>>>  [<ffffffff81382d6d>] ? retint_swapgs+0xe/0x13
>>>  [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
>>>  [<ffffffff810021db>] system_call_fastpath+0x16/0x1b
>>>
>>>
>>>
>>> +static inline struct kvm_memslots *kvm_memslots(struct kvm *kvm)
>>> +{
>>> +	return rcu_dereference_check(kvm->memslots,
>>> +			srcu_read_lock_held(&kvm->srcu)
>>> +			|| lockdep_is_held(&kvm->slots_lock));
>>> +}
>>> +
>>
>> This open-codes srcu_dereference().  I guess we need an
>> srcu_dereference_check().  Paul?
> 

rcu_dereference_check() is useful when rcu_dereference(),
rcu_dereference_bh(), rcu_dereference_sched() and srcu_dereference()
are not appropriate.

I think we don't need srcu_dereference_check() nor rcu_dereference_bh_check()
nor rcu_dereference_sched_check().

> One is coming in Arnd's sparse-based patchset.  It is probably best
> to open-code this in the meantime and clean up later, but I will
> double-check with Arnd.
> 
>> btw, perhaps it is possible not to call rcu_dereference from the
>> write paths.
> 
> There is an rcu_dereference_protected() on its way to mainline to handle
> the case where the reference is always protected by a lock.  Why not
> just access it directly?  Because if you do that, the sparse-based checks
> will yell at you.
> 
> There is also an rcu_access_pointer() on its way to mainline for cases
> where you only want to test the pointer itself, not dereference it.
> 
> 						Thanx, Paul
> 

I reviewed the code, the functions can be called from the srcu-read-site
or update-site, rcu_dereference_check() can simplify the code.

If we use rcu_dereference_protected(), we may need duplicate the functions.

I think there is very small overhead of using rcu_dereference(), so we can
call it from write paths.

Thanks,
Lai

Re: [BUG] kvm: dereference srcu-protected pointer without srcu_read_lock() held

[Lai Jiangshan]

Marcelo Tosatti wrote:
> On Mon, Apr 19, 2010 at 01:08:29PM +0300, Avi Kivity wrote:
>> On 04/19/2010 12:58 PM, Lai Jiangshan wrote:
>>> Applied the patch I just sent and let CONFIG_PROVE_RCU=y,
>>> we can got the following dmesg. And we found that it is
>>> because some codes in KVM dereferences srcu-protected pointer without
>>> srcu_read_lock() held or update-side lock held.
>>>
>>> It is not hard to fix, the problem is that:
>>> Where is the most proper place to put a srcu_read_lock()?
>>>
>>> I can not determine the answer, so I report this bug
>>> instead of fixing it.
>>>
>> I think the else branch in complete_pio() should work.  Marcelo?
>>
>> Longer term I'd like to see the lock taken at the high levels
>> (ioctls, in virt/kvm) and dropped only for guest entry and when we
>> explicitly sleep (hlt emulation).
>>
>> Note: complete_pio() is gone in the current code.
> 
> Yes, this was fixed by 7fb2ea1e6.
> 
> 

Applied the patch I sent yesterday and let CONFIG_PROVE_RCU=y
I can get the following dmesg.

Under very simple test, these is no complaint from PROVE_RCU
after this patch applied.

More test or reviewing of code are need in future.

----------
Subject: [PATCH] kvm: add missing srcu_read_lock()

I got this dmesg due to srcu_read_lock() is missing in
kvm_mmu_notifier_release().

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
arch/x86/kvm/x86.h:72 invoked rcu_dereference_check() without protection!

other info that might help us debug this:


rcu_scheduler_active = 1, debug_locks = 0
2 locks held by qemu-system-x86/3100:
 #0:  (rcu_read_lock){.+.+..}, at: [<ffffffff810d73dc>] __mmu_notifier_release+0x38/0xdf
 #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa0130a6a>] kvm_mmu_zap_all+0x21/0x5e [kvm]

stack backtrace:
Pid: 3100, comm: qemu-system-x86 Not tainted 2.6.34-rc3-22949-gbc8a97a-dirty #2
Call Trace:
 [<ffffffff8106afd9>] lockdep_rcu_dereference+0xaa/0xb3
 [<ffffffffa0123a89>] unalias_gfn+0x56/0xab [kvm]
 [<ffffffffa0119600>] gfn_to_memslot+0x16/0x25 [kvm]
 [<ffffffffa012ffca>] gfn_to_rmap+0x17/0x6e [kvm]
 [<ffffffffa01300c1>] rmap_remove+0xa0/0x19d [kvm]
 [<ffffffffa0130649>] kvm_mmu_zap_page+0x109/0x34d [kvm]
 [<ffffffffa0130a7e>] kvm_mmu_zap_all+0x35/0x5e [kvm]
 [<ffffffffa0122870>] kvm_arch_flush_shadow+0x16/0x22 [kvm]
 [<ffffffffa01189e0>] kvm_mmu_notifier_release+0x15/0x17 [kvm]
 [<ffffffff810d742c>] __mmu_notifier_release+0x88/0xdf
 [<ffffffff810d73dc>] ? __mmu_notifier_release+0x38/0xdf
 [<ffffffff81040848>] ? exit_mm+0xe0/0x115
 [<ffffffff810c2cb0>] exit_mmap+0x2c/0x17e
 [<ffffffff8103c472>] mmput+0x2d/0xd4
 [<ffffffff81040870>] exit_mm+0x108/0x115
[...]

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
---
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index a5dfea1..a6d639d 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -341,7 +341,11 @@ static void kvm_mmu_notifier_release(struct mmu_notifier *mn,
 				     struct mm_struct *mm)
 {
 	struct kvm *kvm = mmu_notifier_to_kvm(mn);
+	int idx;
+
+	idx = srcu_read_lock(&kvm->srcu);
 	kvm_arch_flush_shadow(kvm);
+	srcu_read_unlock(&kvm->srcu, idx);
 }
 
 static const struct mmu_notifier_ops kvm_mmu_notifier_ops = {

Re: [PATCH] kvm: use the correct RCU API

[Paul E. McKenney]

On Tue, Apr 20, 2010 at 10:09:57AM +0800, Lai Jiangshan wrote:
> Paul E. McKenney wrote:
> > On Mon, Apr 19, 2010 at 12:49:04PM +0300, Avi Kivity wrote:
> >> On 04/19/2010 12:41 PM, Lai Jiangshan wrote:
> >>> The RCU/SRCU API have already changed for proving RCU usage.
> >>>
> >>> I got the following dmesg when PROVE_RCU=y because we used incorrect API.
> >>> This patch coverts rcu_deference() to srcu_dereference() or family API.
> >>>
> >>> ===================================================
> >>> [ INFO: suspicious rcu_dereference_check() usage. ]
> >>> ---------------------------------------------------
> >>> arch/x86/kvm/mmu.c:3020 invoked rcu_dereference_check() without protection!
> >>>
> >>> other info that might help us debug this:
> >>>
> >>>
> >>> rcu_scheduler_active = 1, debug_locks = 0
> >>> 2 locks held by qemu-system-x86/8550:
> >>>  #0:  (&kvm->slots_lock){+.+.+.}, at: [<ffffffffa011a6ac>] kvm_set_memory_region+0x29/0x50 [kvm]
> >>>  #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa012262d>] kvm_arch_commit_memory_region+0xa6/0xe2 [kvm]
> >>>
> >>> stack backtrace:
> >>> Pid: 8550, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1 #27
> >>> Call Trace:
> >>>  [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
> >>>  [<ffffffffa012f6c1>] kvm_mmu_calculate_mmu_pages+0x44/0x7d [kvm]
> >>>  [<ffffffffa012263e>] kvm_arch_commit_memory_region+0xb7/0xe2 [kvm]
> >>>  [<ffffffffa011a5d7>] __kvm_set_memory_region+0x636/0x6e2 [kvm]
> >>>  [<ffffffffa011a6ba>] kvm_set_memory_region+0x37/0x50 [kvm]
> >>>  [<ffffffffa015e956>] vmx_set_tss_addr+0x46/0x5a [kvm_intel]
> >>>  [<ffffffffa0126592>] kvm_arch_vm_ioctl+0x17a/0xcf8 [kvm]
> >>>  [<ffffffff810a8692>] ? unlock_page+0x27/0x2c
> >>>  [<ffffffff810bf879>] ? __do_fault+0x3a9/0x3e1
> >>>  [<ffffffffa011b12f>] kvm_vm_ioctl+0x364/0x38d [kvm]
> >>>  [<ffffffff81060cfa>] ? up_read+0x23/0x3d
> >>>  [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
> >>>  [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
> >>>  [<ffffffff810e6b2f>] ? fget_light+0xc2/0x241
> >>>  [<ffffffff810e416c>] ? do_sys_open+0x104/0x116
> >>>  [<ffffffff81382d6d>] ? retint_swapgs+0xe/0x13
> >>>  [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
> >>>  [<ffffffff810021db>] system_call_fastpath+0x16/0x1b
> >>>
> >>>
> >>>
> >>> +static inline struct kvm_memslots *kvm_memslots(struct kvm *kvm)
> >>> +{
> >>> +	return rcu_dereference_check(kvm->memslots,
> >>> +			srcu_read_lock_held(&kvm->srcu)
> >>> +			|| lockdep_is_held(&kvm->slots_lock));
> >>> +}
> >>> +
> >>
> >> This open-codes srcu_dereference().  I guess we need an
> >> srcu_dereference_check().  Paul?
> > 
> 
> rcu_dereference_check() is useful when rcu_dereference(),
> rcu_dereference_bh(), rcu_dereference_sched() and srcu_dereference()
> are not appropriate.
> 
> I think we don't need srcu_dereference_check() nor rcu_dereference_bh_check()
> nor rcu_dereference_sched_check().
> 
> > One is coming in Arnd's sparse-based patchset.  It is probably best
> > to open-code this in the meantime and clean up later, but I will
> > double-check with Arnd.
> > 
> >> btw, perhaps it is possible not to call rcu_dereference from the
> >> write paths.
> > 
> > There is an rcu_dereference_protected() on its way to mainline to handle
> > the case where the reference is always protected by a lock.  Why not
> > just access it directly?  Because if you do that, the sparse-based checks
> > will yell at you.
> > 
> > There is also an rcu_access_pointer() on its way to mainline for cases
> > where you only want to test the pointer itself, not dereference it.
> > 
> > 						Thanx, Paul
> 
> I reviewed the code, the functions can be called from the srcu-read-site
> or update-site, rcu_dereference_check() can simplify the code.
> 
> If we use rcu_dereference_protected(), we may need duplicate the functions.

We would only use rcu_dereference_protected() in cases where there is no
read-side access, so there would be no need for per-read-side versions
of this function.

> I think there is very small overhead of using rcu_dereference(), so we can
> call it from write paths.

In many cases, this is quite true.

							Thanx, Paul

Re: [PATCH] kvm: use the correct RCU API

[Paul E. McKenney]

On Mon, Apr 19, 2010 at 05:41:23PM +0800, Lai Jiangshan wrote:
> The RCU/SRCU API have already changed for proving RCU usage.
> 
> I got the following dmesg when PROVE_RCU=y because we used incorrect API.
> This patch coverts rcu_deference() to srcu_dereference() or family API.
> 
> ===================================================
> [ INFO: suspicious rcu_dereference_check() usage. ]
> ---------------------------------------------------
> arch/x86/kvm/mmu.c:3020 invoked rcu_dereference_check() without protection!
> 
> other info that might help us debug this:
> 
> 
> rcu_scheduler_active = 1, debug_locks = 0
> 2 locks held by qemu-system-x86/8550:
>  #0:  (&kvm->slots_lock){+.+.+.}, at: [<ffffffffa011a6ac>] kvm_set_memory_region+0x29/0x50 [kvm]
>  #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa012262d>] kvm_arch_commit_memory_region+0xa6/0xe2 [kvm]
> 
> stack backtrace:
> Pid: 8550, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1 #27
> Call Trace:
>  [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
>  [<ffffffffa012f6c1>] kvm_mmu_calculate_mmu_pages+0x44/0x7d [kvm]
>  [<ffffffffa012263e>] kvm_arch_commit_memory_region+0xb7/0xe2 [kvm]
>  [<ffffffffa011a5d7>] __kvm_set_memory_region+0x636/0x6e2 [kvm]
>  [<ffffffffa011a6ba>] kvm_set_memory_region+0x37/0x50 [kvm]
>  [<ffffffffa015e956>] vmx_set_tss_addr+0x46/0x5a [kvm_intel]
>  [<ffffffffa0126592>] kvm_arch_vm_ioctl+0x17a/0xcf8 [kvm]
>  [<ffffffff810a8692>] ? unlock_page+0x27/0x2c
>  [<ffffffff810bf879>] ? __do_fault+0x3a9/0x3e1
>  [<ffffffffa011b12f>] kvm_vm_ioctl+0x364/0x38d [kvm]
>  [<ffffffff81060cfa>] ? up_read+0x23/0x3d
>  [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
>  [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
>  [<ffffffff810e6b2f>] ? fget_light+0xc2/0x241
>  [<ffffffff810e416c>] ? do_sys_open+0x104/0x116
>  [<ffffffff81382d6d>] ? retint_swapgs+0xe/0x13
>  [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
>  [<ffffffff810021db>] system_call_fastpath+0x16/0x1b

I have queued this one up, thank you, Lai!

							Thanx, Paul

> Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
> ---
> diff --git a/arch/ia64/kvm/kvm-ia64.c b/arch/ia64/kvm/kvm-ia64.c
> index 73c5c2b..52b8ece 100644
> --- a/arch/ia64/kvm/kvm-ia64.c
> +++ b/arch/ia64/kvm/kvm-ia64.c
> @@ -1379,7 +1379,7 @@ static void kvm_release_vm_pages(struct kvm *kvm)
>  	int i, j;
>  	unsigned long base_gfn;
> 
> -	slots = rcu_dereference(kvm->memslots);
> +	slots = kvm_memslots(kvm);
>  	for (i = 0; i < slots->nmemslots; i++) {
>  		memslot = &slots->memslots[i];
>  		base_gfn = memslot->base_gfn;
> diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
> index 60f09ab..cfa9d17 100644
> --- a/arch/s390/kvm/kvm-s390.h
> +++ b/arch/s390/kvm/kvm-s390.h
> @@ -72,7 +72,7 @@ static inline void kvm_s390_vcpu_set_mem(struct kvm_vcpu *vcpu)
>  	struct kvm_memslots *memslots;
> 
>  	idx = srcu_read_lock(&vcpu->kvm->srcu);
> -	memslots = rcu_dereference(vcpu->kvm->memslots);
> +	memslots = kvm_memslots(vcpu->kvm);
> 
>  	mem = &memslots->memslots[0];
> 
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index 71faa04..bb61881 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -792,7 +792,7 @@ static int kvm_handle_hva(struct kvm *kvm, unsigned long hva,
>  	int retval = 0;
>  	struct kvm_memslots *slots;
> 
> -	slots = rcu_dereference(kvm->memslots);
> +	slots = kvm_memslots(kvm);
> 
>  	for (i = 0; i < slots->nmemslots; i++) {
>  		struct kvm_memory_slot *memslot = &slots->memslots[i];
> @@ -3017,7 +3017,8 @@ unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
>  	unsigned int  nr_pages = 0;
>  	struct kvm_memslots *slots;
> 
> -	slots = rcu_dereference(kvm->memslots);
> +	slots = kvm_memslots(kvm);
> +
>  	for (i = 0; i < slots->nmemslots; i++)
>  		nr_pages += slots->memslots[i].npages;
> 
> @@ -3292,7 +3293,7 @@ static int count_rmaps(struct kvm_vcpu *vcpu)
>  	int i, j, k, idx;
> 
>  	idx = srcu_read_lock(&kvm->srcu);
> -	slots = rcu_dereference(kvm->memslots);
> +	slots = kvm_memslots(kvm);
>  	for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
>  		struct kvm_memory_slot *m = &slots->memslots[i];
>  		struct kvm_rmap_desc *d;
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 077cac5..725e7b6 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -1514,7 +1514,7 @@ static gva_t rmode_tss_base(struct kvm *kvm)
>  		struct kvm_memslots *slots;
>  		gfn_t base_gfn;
> 
> -		slots = rcu_dereference(kvm->memslots);
> +		slots = kvm_memslots(kvm);
>  		base_gfn = kvm->memslots->memslots[0].base_gfn +
>  				 kvm->memslots->memslots[0].npages - 3;
>  		return base_gfn << PAGE_SHIFT;
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 6120e33..4dcd62c 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -2408,7 +2408,7 @@ gfn_t unalias_gfn_instantiation(struct kvm *kvm, gfn_t gfn)
>  	struct kvm_mem_alias *alias;
>  	struct kvm_mem_aliases *aliases;
> 
> -	aliases = rcu_dereference(kvm->arch.aliases);
> +	aliases = kvm_aliases(kvm);
> 
>  	for (i = 0; i < aliases->naliases; ++i) {
>  		alias = &aliases->aliases[i];
> @@ -2427,7 +2427,7 @@ gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn)
>  	struct kvm_mem_alias *alias;
>  	struct kvm_mem_aliases *aliases;
> 
> -	aliases = rcu_dereference(kvm->arch.aliases);
> +	aliases = kvm_aliases(kvm);
> 
>  	for (i = 0; i < aliases->naliases; ++i) {
>  		alias = &aliases->aliases[i];
> diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
> index 2d10163..e218fed 100644
> --- a/arch/x86/kvm/x86.h
> +++ b/arch/x86/kvm/x86.h
> @@ -65,4 +65,11 @@ static inline int is_paging(struct kvm_vcpu *vcpu)
>  	return kvm_read_cr0_bits(vcpu, X86_CR0_PG);
>  }
> 
> +static inline struct kvm_mem_aliases *kvm_aliases(struct kvm *kvm)
> +{
> +	return rcu_dereference_check(kvm->arch.aliases,
> +			srcu_read_lock_held(&kvm->srcu)
> +			|| lockdep_is_held(&kvm->slots_lock));
> +}
> +
>  #endif
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index a3fd0f9..f735752 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -239,6 +239,13 @@ void kvm_exit(void);
>  void kvm_get_kvm(struct kvm *kvm);
>  void kvm_put_kvm(struct kvm *kvm);
> 
> +static inline struct kvm_memslots *kvm_memslots(struct kvm *kvm)
> +{
> +	return rcu_dereference_check(kvm->memslots,
> +			srcu_read_lock_held(&kvm->srcu)
> +			|| lockdep_is_held(&kvm->slots_lock));
> +}
> +
>  #define HPA_MSB ((sizeof(hpa_t) * 8) - 1)
>  #define HPA_ERR_MASK ((hpa_t)1 << HPA_MSB)
>  static inline int is_error_hpa(hpa_t hpa) { return hpa >> HPA_MSB; }
> diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
> index 80fd3ad..37ca71e 100644
> --- a/virt/kvm/iommu.c
> +++ b/virt/kvm/iommu.c
> @@ -78,7 +78,7 @@ static int kvm_iommu_map_memslots(struct kvm *kvm)
>  	int i, r = 0;
>  	struct kvm_memslots *slots;
> 
> -	slots = rcu_dereference(kvm->memslots);
> +	slots = kvm_memslots(kvm);
> 
>  	for (i = 0; i < slots->nmemslots; i++) {
>  		r = kvm_iommu_map_pages(kvm, &slots->memslots[i]);
> @@ -217,7 +217,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm)
>  	int i;
>  	struct kvm_memslots *slots;
> 
> -	slots = rcu_dereference(kvm->memslots);
> +	slots = kvm_memslots(kvm);
> 
>  	for (i = 0; i < slots->nmemslots; i++) {
>  		kvm_iommu_put_pages(kvm, slots->memslots[i].base_gfn,
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index b03f863..58b2147 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -829,7 +829,7 @@ EXPORT_SYMBOL_GPL(kvm_is_error_hva);
>  struct kvm_memory_slot *gfn_to_memslot_unaliased(struct kvm *kvm, gfn_t gfn)
>  {
>  	int i;
> -	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
> +	struct kvm_memslots *slots = kvm_memslots(kvm);
> 
>  	for (i = 0; i < slots->nmemslots; ++i) {
>  		struct kvm_memory_slot *memslot = &slots->memslots[i];
> @@ -851,7 +851,7 @@ struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn)
>  int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
>  {
>  	int i;
> -	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
> +	struct kvm_memslots *slots = kvm_memslots(kvm);
> 
>  	gfn = unalias_gfn_instantiation(kvm, gfn);
>  	for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
> @@ -895,7 +895,7 @@ out:
>  int memslot_id(struct kvm *kvm, gfn_t gfn)
>  {
>  	int i;
> -	struct kvm_memslots *slots = rcu_dereference(kvm->memslots);
> +	struct kvm_memslots *slots = kvm_memslots(kvm);
>  	struct kvm_memory_slot *memslot = NULL;
> 
>  	gfn = unalias_gfn(kvm, gfn);
> @@ -1979,7 +1979,9 @@ int kvm_io_bus_write(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
>  		     int len, const void *val)
>  {
>  	int i;
> -	struct kvm_io_bus *bus = rcu_dereference(kvm->buses[bus_idx]);
> +	struct kvm_io_bus *bus;
> +
> +	bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
>  	for (i = 0; i < bus->dev_count; i++)
>  		if (!kvm_iodevice_write(bus->devs[i], addr, len, val))
>  			return 0;
> @@ -1991,8 +1993,9 @@ int kvm_io_bus_read(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
>  		    int len, void *val)
>  {
>  	int i;
> -	struct kvm_io_bus *bus = rcu_dereference(kvm->buses[bus_idx]);
> +	struct kvm_io_bus *bus;
> 
> +	bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
>  	for (i = 0; i < bus->dev_count; i++)
>  		if (!kvm_iodevice_read(bus->devs[i], addr, len, val))
>  			return 0;
> 

Re: [BUG] kvm: dereference srcu-protected pointer without srcu_read_lock() held

[Paul E. McKenney]

On Tue, Apr 20, 2010 at 02:29:29PM +0800, Lai Jiangshan wrote:
> Marcelo Tosatti wrote:
> > On Mon, Apr 19, 2010 at 01:08:29PM +0300, Avi Kivity wrote:
> >> On 04/19/2010 12:58 PM, Lai Jiangshan wrote:
> >>> Applied the patch I just sent and let CONFIG_PROVE_RCU=y,
> >>> we can got the following dmesg. And we found that it is
> >>> because some codes in KVM dereferences srcu-protected pointer without
> >>> srcu_read_lock() held or update-side lock held.
> >>>
> >>> It is not hard to fix, the problem is that:
> >>> Where is the most proper place to put a srcu_read_lock()?
> >>>
> >>> I can not determine the answer, so I report this bug
> >>> instead of fixing it.
> >>>
> >> I think the else branch in complete_pio() should work.  Marcelo?
> >>
> >> Longer term I'd like to see the lock taken at the high levels
> >> (ioctls, in virt/kvm) and dropped only for guest entry and when we
> >> explicitly sleep (hlt emulation).
> >>
> >> Note: complete_pio() is gone in the current code.
> > 
> > Yes, this was fixed by 7fb2ea1e6.
> > 
> > 
> 
> Applied the patch I sent yesterday and let CONFIG_PROVE_RCU=y
> I can get the following dmesg.
> 
> Under very simple test, these is no complaint from PROVE_RCU
> after this patch applied.
> 
> More test or reviewing of code are need in future.
> 
> ----------
> Subject: [PATCH] kvm: add missing srcu_read_lock()
> 
> I got this dmesg due to srcu_read_lock() is missing in
> kvm_mmu_notifier_release().
> 
> ===================================================
> [ INFO: suspicious rcu_dereference_check() usage. ]
> ---------------------------------------------------
> arch/x86/kvm/x86.h:72 invoked rcu_dereference_check() without protection!
> 
> other info that might help us debug this:
> 
> 
> rcu_scheduler_active = 1, debug_locks = 0
> 2 locks held by qemu-system-x86/3100:
>  #0:  (rcu_read_lock){.+.+..}, at: [<ffffffff810d73dc>] __mmu_notifier_release+0x38/0xdf
>  #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa0130a6a>] kvm_mmu_zap_all+0x21/0x5e [kvm]
> 
> stack backtrace:
> Pid: 3100, comm: qemu-system-x86 Not tainted 2.6.34-rc3-22949-gbc8a97a-dirty #2
> Call Trace:
>  [<ffffffff8106afd9>] lockdep_rcu_dereference+0xaa/0xb3
>  [<ffffffffa0123a89>] unalias_gfn+0x56/0xab [kvm]
>  [<ffffffffa0119600>] gfn_to_memslot+0x16/0x25 [kvm]
>  [<ffffffffa012ffca>] gfn_to_rmap+0x17/0x6e [kvm]
>  [<ffffffffa01300c1>] rmap_remove+0xa0/0x19d [kvm]
>  [<ffffffffa0130649>] kvm_mmu_zap_page+0x109/0x34d [kvm]
>  [<ffffffffa0130a7e>] kvm_mmu_zap_all+0x35/0x5e [kvm]
>  [<ffffffffa0122870>] kvm_arch_flush_shadow+0x16/0x22 [kvm]
>  [<ffffffffa01189e0>] kvm_mmu_notifier_release+0x15/0x17 [kvm]
>  [<ffffffff810d742c>] __mmu_notifier_release+0x88/0xdf
>  [<ffffffff810d73dc>] ? __mmu_notifier_release+0x38/0xdf
>  [<ffffffff81040848>] ? exit_mm+0xe0/0x115
>  [<ffffffff810c2cb0>] exit_mmap+0x2c/0x17e
>  [<ffffffff8103c472>] mmput+0x2d/0xd4
>  [<ffffffff81040870>] exit_mm+0x108/0x115
> [...]

Queued, thank you, Lai!

							Thanx, Paul

> Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
> ---
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index a5dfea1..a6d639d 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -341,7 +341,11 @@ static void kvm_mmu_notifier_release(struct mmu_notifier *mn,
>  				     struct mm_struct *mm)
>  {
>  	struct kvm *kvm = mmu_notifier_to_kvm(mn);
> +	int idx;
> +
> +	idx = srcu_read_lock(&kvm->srcu);
>  	kvm_arch_flush_shadow(kvm);
> +	srcu_read_unlock(&kvm->srcu, idx);
>  }
> 
>  static const struct mmu_notifier_ops kvm_mmu_notifier_ops = {

Re: [BUG] kvm: dereference srcu-protected pointer without srcu_read_lock() held

[Avi Kivity]

On 04/21/2010 01:21 AM, Paul E. McKenney wrote:
>
>> Subject: [PATCH] kvm: add missing srcu_read_lock()
>>
>> I got this dmesg due to srcu_read_lock() is missing in
>> kvm_mmu_notifier_release().
>>
>> ===================================================
>> [ INFO: suspicious rcu_dereference_check() usage. ]
>> ---------------------------------------------------
>> arch/x86/kvm/x86.h:72 invoked rcu_dereference_check() without protection!
>>
>> other info that might help us debug this:
>>
>>
>> rcu_scheduler_active = 1, debug_locks = 0
>> 2 locks held by qemu-system-x86/3100:
>>   #0:  (rcu_read_lock){.+.+..}, at: [<ffffffff810d73dc>] __mmu_notifier_release+0x38/0xdf
>>   #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa0130a6a>] kvm_mmu_zap_all+0x21/0x5e [kvm]
>>
>> stack backtrace:
>> Pid: 3100, comm: qemu-system-x86 Not tainted 2.6.34-rc3-22949-gbc8a97a-dirty #2
>> Call Trace:
>>   [<ffffffff8106afd9>] lockdep_rcu_dereference+0xaa/0xb3
>>   [<ffffffffa0123a89>] unalias_gfn+0x56/0xab [kvm]
>>   [<ffffffffa0119600>] gfn_to_memslot+0x16/0x25 [kvm]
>>   [<ffffffffa012ffca>] gfn_to_rmap+0x17/0x6e [kvm]
>>   [<ffffffffa01300c1>] rmap_remove+0xa0/0x19d [kvm]
>>   [<ffffffffa0130649>] kvm_mmu_zap_page+0x109/0x34d [kvm]
>>   [<ffffffffa0130a7e>] kvm_mmu_zap_all+0x35/0x5e [kvm]
>>   [<ffffffffa0122870>] kvm_arch_flush_shadow+0x16/0x22 [kvm]
>>   [<ffffffffa01189e0>] kvm_mmu_notifier_release+0x15/0x17 [kvm]
>>   [<ffffffff810d742c>] __mmu_notifier_release+0x88/0xdf
>>   [<ffffffff810d73dc>] ? __mmu_notifier_release+0x38/0xdf
>>   [<ffffffff81040848>] ? exit_mm+0xe0/0x115
>>   [<ffffffff810c2cb0>] exit_mmap+0x2c/0x17e
>>   [<ffffffff8103c472>] mmput+0x2d/0xd4
>>   [<ffffffff81040870>] exit_mm+0x108/0x115
>> [...]
>>      
> Queued, thank you, Lai!
>    

Paul, I'd like to merge this via the kvm tree.

-- 
error compiling committee.c: too many arguments to function

Re: [PATCH] kvm: use the correct RCU API

[Avi Kivity]

On 04/19/2010 12:41 PM, Lai Jiangshan wrote:
> The RCU/SRCU API have already changed for proving RCU usage.
>
> I got the following dmesg when PROVE_RCU=y because we used incorrect API.
> This patch coverts rcu_deference() to srcu_dereference() or family API.
>    


Applied, thanks.

-- 
error compiling committee.c: too many arguments to function

Re: [PATCH] kvm: use the correct RCU API

[Avi Kivity]

On 04/21/2010 12:55 AM, Paul E. McKenney wrote:
> On Mon, Apr 19, 2010 at 05:41:23PM +0800, Lai Jiangshan wrote:
>    
>> The RCU/SRCU API have already changed for proving RCU usage.
>>
>> I got the following dmesg when PROVE_RCU=y because we used incorrect API.
>> This patch coverts rcu_deference() to srcu_dereference() or family API.
>>
>> ===================================================
>> [ INFO: suspicious rcu_dereference_check() usage. ]
>> ---------------------------------------------------
>> arch/x86/kvm/mmu.c:3020 invoked rcu_dereference_check() without protection!
>>
>> other info that might help us debug this:
>>
>>
>> rcu_scheduler_active = 1, debug_locks = 0
>> 2 locks held by qemu-system-x86/8550:
>>   #0:  (&kvm->slots_lock){+.+.+.}, at: [<ffffffffa011a6ac>] kvm_set_memory_region+0x29/0x50 [kvm]
>>   #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa012262d>] kvm_arch_commit_memory_region+0xa6/0xe2 [kvm]
>>
>> stack backtrace:
>> Pid: 8550, comm: qemu-system-x86 Not tainted 2.6.34-rc4-tip-01028-g939eab1 #27
>> Call Trace:
>>   [<ffffffff8106c59e>] lockdep_rcu_dereference+0xaa/0xb3
>>   [<ffffffffa012f6c1>] kvm_mmu_calculate_mmu_pages+0x44/0x7d [kvm]
>>   [<ffffffffa012263e>] kvm_arch_commit_memory_region+0xb7/0xe2 [kvm]
>>   [<ffffffffa011a5d7>] __kvm_set_memory_region+0x636/0x6e2 [kvm]
>>   [<ffffffffa011a6ba>] kvm_set_memory_region+0x37/0x50 [kvm]
>>   [<ffffffffa015e956>] vmx_set_tss_addr+0x46/0x5a [kvm_intel]
>>   [<ffffffffa0126592>] kvm_arch_vm_ioctl+0x17a/0xcf8 [kvm]
>>   [<ffffffff810a8692>] ? unlock_page+0x27/0x2c
>>   [<ffffffff810bf879>] ? __do_fault+0x3a9/0x3e1
>>   [<ffffffffa011b12f>] kvm_vm_ioctl+0x364/0x38d [kvm]
>>   [<ffffffff81060cfa>] ? up_read+0x23/0x3d
>>   [<ffffffff810f3587>] vfs_ioctl+0x32/0xa6
>>   [<ffffffff810f3b19>] do_vfs_ioctl+0x495/0x4db
>>   [<ffffffff810e6b2f>] ? fget_light+0xc2/0x241
>>   [<ffffffff810e416c>] ? do_sys_open+0x104/0x116
>>   [<ffffffff81382d6d>] ? retint_swapgs+0xe/0x13
>>   [<ffffffff810f3ba6>] sys_ioctl+0x47/0x6a
>>   [<ffffffff810021db>] system_call_fastpath+0x16/0x1b
>>      
> I have queued this one up, thank you, Lai!
>
>    

I'd like this to go through kvm.git as well.

-- 
error compiling committee.c: too many arguments to function

Re: [BUG] kvm: dereference srcu-protected pointer without srcu_read_lock() held

[Paul E. McKenney]

On Wed, Apr 21, 2010 at 11:17:22AM +0300, Avi Kivity wrote:
> On 04/21/2010 01:21 AM, Paul E. McKenney wrote:
> >
> >>Subject: [PATCH] kvm: add missing srcu_read_lock()
> >>
> >>I got this dmesg due to srcu_read_lock() is missing in
> >>kvm_mmu_notifier_release().
> >>
> >>===================================================
> >>[ INFO: suspicious rcu_dereference_check() usage. ]
> >>---------------------------------------------------
> >>arch/x86/kvm/x86.h:72 invoked rcu_dereference_check() without protection!
> >>
> >>other info that might help us debug this:
> >>
> >>
> >>rcu_scheduler_active = 1, debug_locks = 0
> >>2 locks held by qemu-system-x86/3100:
> >>  #0:  (rcu_read_lock){.+.+..}, at: [<ffffffff810d73dc>] __mmu_notifier_release+0x38/0xdf
> >>  #1:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: [<ffffffffa0130a6a>] kvm_mmu_zap_all+0x21/0x5e [kvm]
> >>
> >>stack backtrace:
> >>Pid: 3100, comm: qemu-system-x86 Not tainted 2.6.34-rc3-22949-gbc8a97a-dirty #2
> >>Call Trace:
> >>  [<ffffffff8106afd9>] lockdep_rcu_dereference+0xaa/0xb3
> >>  [<ffffffffa0123a89>] unalias_gfn+0x56/0xab [kvm]
> >>  [<ffffffffa0119600>] gfn_to_memslot+0x16/0x25 [kvm]
> >>  [<ffffffffa012ffca>] gfn_to_rmap+0x17/0x6e [kvm]
> >>  [<ffffffffa01300c1>] rmap_remove+0xa0/0x19d [kvm]
> >>  [<ffffffffa0130649>] kvm_mmu_zap_page+0x109/0x34d [kvm]
> >>  [<ffffffffa0130a7e>] kvm_mmu_zap_all+0x35/0x5e [kvm]
> >>  [<ffffffffa0122870>] kvm_arch_flush_shadow+0x16/0x22 [kvm]
> >>  [<ffffffffa01189e0>] kvm_mmu_notifier_release+0x15/0x17 [kvm]
> >>  [<ffffffff810d742c>] __mmu_notifier_release+0x88/0xdf
> >>  [<ffffffff810d73dc>] ? __mmu_notifier_release+0x38/0xdf
> >>  [<ffffffff81040848>] ? exit_mm+0xe0/0x115
> >>  [<ffffffff810c2cb0>] exit_mmap+0x2c/0x17e
> >>  [<ffffffff8103c472>] mmput+0x2d/0xd4
> >>  [<ffffffff81040870>] exit_mm+0x108/0x115
> >>[...]
> >Queued, thank you, Lai!
> 
> Paul, I'd like to merge this via the kvm tree.

Very good, I have removed both of these kvm patches.  They are yours!  ;-)

							Thanx, Paul