| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3c6262a1-84ad-d048-2654-a5d2f0816e57@redhat.com>
Date: Thu, 9 Dec 2021 12:19:51 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Janosch Frank <frankja@...ux.ibm.com>
Cc: David Hildenbrand <david@...hat.com>,
Claudio Imbrenda <imbrenda@...ux.ibm.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Maxim Levitsky <mlevitsk@...hat.com>,
Ben Gardon <bgardon@...gle.com>,
Lai Jiangshan <jiangshanlai@...il.com>
Subject: Re: [PATCH 1/7] KVM: x86: Retry page fault if MMU reload is pending
and root has no sp
On 12/9/21 07:05, Sean Christopherson wrote:
> Play nice with a NULL shadow page when checking for an obsolete root in
> the page fault handler by flagging the page fault as stale if there's no
> shadow page associated with the root and KVM_REQ_MMU_RELOAD is pending.
> Invalidating memslots, which is the only case where _all_ roots need to
> be reloaded, requests all vCPUs to reload their MMUs while holding
> mmu_lock for lock.
>
> The "special" roots, e.g. pae_root when KVM uses PAE paging, are not
> backed by a shadow page. Running with TDP disabled or with nested NPT
> explodes spectaculary due to dereferencing a NULL shadow page pointer.
>
> Skip the KVM_REQ_MMU_RELOAD check if there is a valid shadow page for the
> root. Zapping shadow pages in response to guest activity, e.g. when the
> guest frees a PGD, can trigger KVM_REQ_MMU_RELOAD even if the current
> vCPU isn't using the affected root. I.e. KVM_REQ_MMU_RELOAD can be seen
> with a completely valid root shadow page. This is a bit of a moot point
> as KVM currently unloads all roots on KVM_REQ_MMU_RELOAD, but that will
> be cleaned up in the future.
>
> Fixes: a955cad84cda ("KVM: x86/mmu: Retry page fault if root is invalidated by memslot update")
> Cc: stable@...r.kernel.org
> Cc: Maxim Levitsky <mlevitsk@...hat.com>
> Signed-off-by: Sean Christopherson <seanjc@...gle.com>
> ---
> arch/x86/kvm/mmu/mmu.c | 16 +++++++++++++++-
> 1 file changed, 15 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
> index 1ccee4d17481..1d275e9d76b5 100644
> --- a/arch/x86/kvm/mmu/mmu.c
> +++ b/arch/x86/kvm/mmu/mmu.c
> @@ -3971,7 +3971,21 @@ static bool kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault,
> static bool is_page_fault_stale(struct kvm_vcpu *vcpu,
> struct kvm_page_fault *fault, int mmu_seq)
> {
> - if (is_obsolete_sp(vcpu->kvm, to_shadow_page(vcpu->arch.mmu->root_hpa)))
> + struct kvm_mmu_page *sp = to_shadow_page(vcpu->arch.mmu->root_hpa);
> +
> + /* Special roots, e.g. pae_root, are not backed by shadow pages. */
> + if (sp && is_obsolete_sp(vcpu->kvm, sp))
> + return true;
> +
> + /*
> + * Roots without an associated shadow page are considered invalid if
> + * there is a pending request to free obsolete roots. The request is
> + * only a hint that the current root _may_ be obsolete and needs to be
> + * reloaded, e.g. if the guest frees a PGD that KVM is tracking as a
> + * previous root, then __kvm_mmu_prepare_zap_page() signals all vCPUs
> + * to reload even if no vCPU is actively using the root.
> + */
> + if (!sp && kvm_test_request(KVM_REQ_MMU_RELOAD, vcpu))
> return true;
>
> return fault->slot &&
>
Queued this one for 5.16, thanks.
Paolo
Powered by blists - more mailing lists