KVM: kvm_io_bus_unregister_dev() should never fail

author David Hildenbrand <david@redhat.com>

Thu, 23 Mar 2017 17:24:19 +0000 (18:24 +0100)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 22 Apr 2017 05:15:03 +0000 (07:15 +0200)
author David Hildenbrand <david@redhat.com>
Thu, 23 Mar 2017 17:24:19 +0000 (18:24 +0100)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 22 Apr 2017 05:15:03 +0000 (07:15 +0200)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h

index e4d8f705fecd0ae2657a66d6524fd4463fb38f1f..aa75be9cbc3d4d9a9b60b2d6845929c01b987031 100644 (file)
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -177,8 +177,8 @@ int kvm_io_bus_read(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr, int len,
                     void *val);
  int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
                             int len, struct kvm_io_device *dev);
-int kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
-                             struct kvm_io_device *dev);
+void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
+                              struct kvm_io_device *dev);
  
  #ifdef CONFIG_KVM_ASYNC_PF
  struct kvm_async_pf {
diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c

index 5a310caf4bbe6c12ae9a6c2146b0310ef1c9fde1..64238c9c5dcedf792f067d6cb3bbd9cc4875376c 100644 (file)
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -866,7 +866,8 @@ kvm_deassign_ioeventfd_idx(struct kvm *kvm, enum kvm_bus bus_idx,
                         continue;
  
                 kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
-               kvm->buses[bus_idx]->ioeventfd_count--;
+               if (kvm->buses[bus_idx])
+                       kvm->buses[bus_idx]->ioeventfd_count--;
                 ioeventfd_release(p);
                 ret = 0;
                 break;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c

index 5f7bff5b9e4e9ad5dc7b32f33c1cc5ee66b48b93..3d5ae6f655dfc4a4970f8f0bd5b7d56a8d08b772 100644 (file)
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -615,7 +615,8 @@ static void kvm_destroy_vm(struct kvm *kvm)
         spin_unlock(&kvm_lock);
         kvm_free_irq_routing(kvm);
         for (i = 0; i < KVM_NR_BUSES; i++) {
-               kvm_io_bus_destroy(kvm->buses[i]);
+               if (kvm->buses[i])
+                       kvm_io_bus_destroy(kvm->buses[i]);
                 kvm->buses[i] = NULL;
         }
         kvm_coalesced_mmio_free(kvm);
@@ -2980,6 +2981,8 @@ int kvm_io_bus_write(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
         };
  
         bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
+       if (!bus)
+               return -ENOMEM;
         r = __kvm_io_bus_write(bus, &range, val);
         return r < 0 ? r : 0;
  }
@@ -2997,6 +3000,8 @@ int kvm_io_bus_write_cookie(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
         };
  
         bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
+       if (!bus)
+               return -ENOMEM;
  
         /* First try the device referenced by cookie. */
         if ((cookie >= 0) && (cookie < bus->dev_count) &&
@@ -3047,6 +3052,8 @@ int kvm_io_bus_read(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
         };
  
         bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
+       if (!bus)
+               return -ENOMEM;
         r = __kvm_io_bus_read(bus, &range, val);
         return r < 0 ? r : 0;
  }
@@ -3059,6 +3066,9 @@ int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
         struct kvm_io_bus *new_bus, *bus;
  
         bus = kvm->buses[bus_idx];
+       if (!bus)
+               return -ENOMEM;
+
         /* exclude ioeventfd which is limited by maximum fd */
         if (bus->dev_count - bus->ioeventfd_count > NR_IOBUS_DEVS - 1)
                 return -ENOSPC;
@@ -3078,45 +3088,41 @@ int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
  }
  
  /* Caller must hold slots_lock. */
-int kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
-                             struct kvm_io_device *dev)
+void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
+                              struct kvm_io_device *dev)
  {
-       int i, r;
+       int i;
         struct kvm_io_bus *new_bus, *bus;
  
         bus = kvm->buses[bus_idx];
-
-       /*
-        * It's possible the bus being released before hand. If so,
-        * we're done here.
-        */
         if (!bus)
-               return 0;
+               return;
  
-       r = -ENOENT;
         for (i = 0; i < bus->dev_count; i++)
                 if (bus->range[i].dev == dev) {
-                       r = 0;
                         break;
                 }
  
-       if (r)
-               return r;
+       if (i == bus->dev_count)
+               return;
  
         new_bus = kzalloc(sizeof(*bus) + ((bus->dev_count - 1) *
                           sizeof(struct kvm_io_range)), GFP_KERNEL);
-       if (!new_bus)
-               return -ENOMEM;
+       if (!new_bus)  {
+               pr_err("kvm: failed to shrink bus, removing it completely\n");
+               goto broken;
+       }
  
         memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range));
         new_bus->dev_count--;
         memcpy(new_bus->range + i, bus->range + i + 1,
                (new_bus->dev_count - i) * sizeof(struct kvm_io_range));
  
+broken:
         rcu_assign_pointer(kvm->buses[bus_idx], new_bus);
         synchronize_srcu_expedited(&kvm->srcu);
         kfree(bus);
-       return r;
+       return;
  }
  
  static struct notifier_block kvm_cpu_notifier = {
author	David Hildenbrand <david@redhat.com>
	Thu, 23 Mar 2017 17:24:19 +0000 (18:24 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 22 Apr 2017 05:15:03 +0000 (07:15 +0200)
include/linux/kvm_host.h		patch \| blob \| history
virt/kvm/eventfd.c		patch \| blob \| history
virt/kvm/kvm_main.c		patch \| blob \| history