diff options
author | Paul Mackerras <paulus@samba.org> | 2014-11-03 05:51:58 +0100 |
---|---|---|
committer | Alexander Graf <agraf@suse.de> | 2014-12-15 13:27:24 +0100 |
commit | b4a839009a0842759c0405662637b8f1f35ff460 (patch) | |
tree | d6676e6de647c6edc3eb5846dce8128b2318bb31 /security | |
parent | KVM: PPC: Book3S HV: Fix an issue where guest is paused on receiving HMI (diff) | |
download | linux-b4a839009a0842759c0405662637b8f1f35ff460.tar.xz linux-b4a839009a0842759c0405662637b8f1f35ff460.zip |
KVM: PPC: Book3S HV: Fix KSM memory corruption
Testing with KSM active in the host showed occasional corruption of
guest memory. Typically a page that should have contained zeroes
would contain values that look like the contents of a user process
stack (values such as 0x0000_3fff_xxxx_xxx).
Code inspection in kvmppc_h_protect revealed that there was a race
condition with the possibility of granting write access to a page
which is read-only in the host page tables. The code attempts to keep
the host mapping read-only if the host userspace PTE is read-only, but
if that PTE had been temporarily made invalid for any reason, the
read-only check would not trigger and the host HPTE could end up
read-write. Examination of the guest HPT in the failure situation
revealed that there were indeed shared pages which should have been
read-only that were mapped read-write.
To close this race, we don't let a page go from being read-only to
being read-write, as far as the real HPTE mapping the page is
concerned (the guest view can go to read-write, but the actual mapping
stays read-only). When the guest tries to write to the page, we take
an HDSI and let kvmppc_book3s_hv_page_fault take care of providing a
writable HPTE for the page.
This eliminates the occasional corruption of shared pages
that was previously seen with KSM active.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions