On Wed, Oct 6, 2021 at 12:41 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> On Fri, Oct 01, 2021, Colin King wrote:
> > From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> >
> > The allocation for *gfn_track should be for a slot->npages lot of
> > short integers, however the current allocation is using sizeof(*gfn_track)
> > and that is the size of a pointer, which is too large. Fix this by
> > using sizeof(**gfn_track) instead.
> >
> > Addresses-Coverity: ("Wrong sizeof argument")
> > Fixes: 35b330bba6a7 ("KVM: x86: only allocate gfn_track when necessary")
> > Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> > ---
> > arch/x86/kvm/mmu/page_track.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kvm/mmu/page_track.c b/arch/x86/kvm/mmu/page_track.c
> > index bb5d60bd4dbf..5b785a5f7dc9 100644
> > --- a/arch/x86/kvm/mmu/page_track.c
> > +++ b/arch/x86/kvm/mmu/page_track.c
> > @@ -92,7 +92,7 @@ int kvm_page_track_enable_mmu_write_tracking(struct kvm *kvm)
> > slots = __kvm_memslots(kvm, i);
> > kvm_for_each_memslot(slot, slots) {
> > gfn_track = slot->arch.gfn_track + KVM_PAGE_TRACK_WRITE;
> > - *gfn_track = kvcalloc(slot->npages, sizeof(*gfn_track),
> > + *gfn_track = kvcalloc(slot->npages, sizeof(**gfn_track),
> > GFP_KERNEL_ACCOUNT);
>
> Eww (not your patch, the original code). IMO the double indirection is completely
> unnecessary, e.g. I find this far easier to follow
>
> diff --git a/arch/x86/kvm/mmu/page_track.c b/arch/x86/kvm/mmu/page_track.c
> index bb5d60bd4dbf..8cae41b831dd 100644
> --- a/arch/x86/kvm/mmu/page_track.c
> +++ b/arch/x86/kvm/mmu/page_track.c
> @@ -75,7 +75,7 @@ int kvm_page_track_enable_mmu_write_tracking(struct kvm *kvm)
> {
> struct kvm_memslots *slots;
> struct kvm_memory_slot *slot;
> - unsigned short **gfn_track;
> + unsigned short *gfn_track;
> int i;
>
> if (write_tracking_enabled(kvm))
> @@ -91,13 +91,13 @@ int kvm_page_track_enable_mmu_write_tracking(struct kvm *kvm)
> for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
> slots = __kvm_memslots(kvm, i);
> kvm_for_each_memslot(slot, slots) {
> - gfn_track = slot->arch.gfn_track + KVM_PAGE_TRACK_WRITE;
> - *gfn_track = kvcalloc(slot->npages, sizeof(*gfn_track),
> - GFP_KERNEL_ACCOUNT);
> - if (*gfn_track == NULL) {
> + gfn_track = kvcalloc(slot->npages, sizeof(*gfn_track),
> + GFP_KERNEL_ACCOUNT);
> + if (gfn_track == NULL) {
> mutex_unlock(&kvm->slots_arch_lock);
> return -ENOMEM;
> }
> + slot->arch.gfn_track[KVM_PAGE_TRACK_WRITE] = gfn_track;
> }
> }
>
>
>
> > if (*gfn_track == NULL) {
> > mutex_unlock(&kvm->slots_arch_lock);
>
> Hrm, this fails to free the gfn_track allocations for previous memslots. The
> on-demand rmaps code has the exact same bug (it frees rmaps for previous lpages
> in the _current_ slot, but does not free previous slots).
>
> And having two separate flows (and flags) for rmaps vs. gfn_track is pointless,
> and means we have to maintain two near-identical copies of non-obvious code.
I agree that's better than my patch. I can put together a new patch
once it's decided whether or not my patch should be dropped.
-David
