]> www.infradead.org Git - users/hch/dma-mapping.git/commitdiff
KVM: PPC: Book3S HV: Handle non-present PTEs in page fault functions
authorPaul Mackerras <paulus@ozlabs.org>
Thu, 16 Apr 2020 04:23:43 +0000 (14:23 +1000)
committerPaul Mackerras <paulus@ozlabs.org>
Mon, 20 Apr 2020 23:23:41 +0000 (09:23 +1000)
Since cd758a9b57ee "KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot in HPT
page fault handler", it's been possible in fairly rare circumstances to
load a non-present PTE in kvmppc_book3s_hv_page_fault() when running a
guest on a POWER8 host.

Because that case wasn't checked for, we could misinterpret the non-present
PTE as being a cache-inhibited PTE.  That could mismatch with the
corresponding hash PTE, which would cause the function to fail with -EFAULT
a little further down.  That would propagate up to the KVM_RUN ioctl()
generally causing the KVM userspace (usually qemu) to fall over.

This addresses the problem by catching that case and returning to the guest
instead.

For completeness, this fixes the radix page fault handler in the same
way.  For radix this didn't cause any obvious misbehaviour, because we
ended up putting the non-present PTE into the guest's partition-scoped
page tables, leading immediately to another hypervisor data/instruction
storage interrupt, which would go through the page fault path again
and fix things up.

Fixes: cd758a9b57ee "KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot in HPT page fault handler"
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1820402
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
arch/powerpc/kvm/book3s_64_mmu_hv.c
arch/powerpc/kvm/book3s_64_mmu_radix.c

index 3aecec890d6fccaa23ec7826e238eebf894eeda4..20b7dce739ad5c8a4c2480b9a24fae461b4ed2f7 100644 (file)
@@ -604,18 +604,19 @@ int kvmppc_book3s_hv_page_fault(struct kvm_run *run, struct kvm_vcpu *vcpu,
         */
        local_irq_disable();
        ptep = __find_linux_pte(vcpu->arch.pgdir, hva, NULL, &shift);
+       pte = __pte(0);
+       if (ptep)
+               pte = *ptep;
+       local_irq_enable();
        /*
         * If the PTE disappeared temporarily due to a THP
         * collapse, just return and let the guest try again.
         */
-       if (!ptep) {
-               local_irq_enable();
+       if (!pte_present(pte)) {
                if (page)
                        put_page(page);
                return RESUME_GUEST;
        }
-       pte = *ptep;
-       local_irq_enable();
        hpa = pte_pfn(pte) << PAGE_SHIFT;
        pte_size = PAGE_SIZE;
        if (shift)
index 134fbc1f029f394a2c79cb521fce9fc0bceb6676..7bf94ba62f6d9abfc1c61987e37eac354968ad3a 100644 (file)
@@ -815,18 +815,19 @@ int kvmppc_book3s_instantiate_page(struct kvm_vcpu *vcpu,
         */
        local_irq_disable();
        ptep = __find_linux_pte(vcpu->arch.pgdir, hva, NULL, &shift);
+       pte = __pte(0);
+       if (ptep)
+               pte = *ptep;
+       local_irq_enable();
        /*
         * If the PTE disappeared temporarily due to a THP
         * collapse, just return and let the guest try again.
         */
-       if (!ptep) {
-               local_irq_enable();
+       if (!pte_present(pte)) {
                if (page)
                        put_page(page);
                return RESUME_GUEST;
        }
-       pte = *ptep;
-       local_irq_enable();
 
        /* If we're logging dirty pages, always map single pages */
        large_enable = !(memslot->flags & KVM_MEM_LOG_DIRTY_PAGES);