From mboxrd@z Thu Jan 1 00:00:00 1970 From: Carsten Otte Subject: [patch 3/4] [PATCH] kvm: Fix tprot locking Date: Thu, 17 Nov 2011 11:00:43 +0100 Message-ID: <20111117100600.399128904@de.ibm.com> References: <20111117100040.458397238@de.ibm.com> Cc: Christian Borntraeger , Heiko Carstens , Martin Schwidefsky , Cornelia Huck , KVM To: Avi Kivity , Marcelo Tossati Return-path: Received: from mtagate3.uk.ibm.com ([194.196.100.163]:49041 "EHLO mtagate3.uk.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756478Ab1KQKIt (ORCPT ); Thu, 17 Nov 2011 05:08:49 -0500 Received: from d06nrmr1707.portsmouth.uk.ibm.com (d06nrmr1707.portsmouth.uk.ibm.com [9.149.39.225]) by mtagate3.uk.ibm.com (8.13.1/8.13.1) with ESMTP id pAHA8mGC030784 for ; Thu, 17 Nov 2011 10:08:48 GMT Received: from d06av02.portsmouth.uk.ibm.com (d06av02.portsmouth.uk.ibm.com [9.149.37.228]) by d06nrmr1707.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id pAHA6E2e1347694 for ; Thu, 17 Nov 2011 10:08:47 GMT Received: from d06av02.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av02.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id pAHA600Z011273 for ; Thu, 17 Nov 2011 03:06:00 -0700 Content-Disposition: inline; filename=504-kvm-tprot-locking.diff Sender: kvm-owner@vger.kernel.org List-ID: From: Christian Borntraeger There is a potential host deadlock in the tprot intercept handling. We must not hold the mmap semaphore while resolving the guest address. If userspace is remapping, then the memory detection in the guest is broken anyway so we can safely separate the address translation from walking the vmas. Signed-off-by: Christian Borntraeger Signed-off-by: Carsten Otte --- arch/s390/kvm/priv.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff -urpN linux-2.6/arch/s390/kvm/priv.c linux-2.6-patched/arch/s390/kvm/priv.c --- linux-2.6/arch/s390/kvm/priv.c 2011-10-24 09:10:05.000000000 +0200 +++ linux-2.6-patched/arch/s390/kvm/priv.c 2011-11-17 10:03:53.000000000 +0100 @@ -336,6 +336,7 @@ static int handle_tprot(struct kvm_vcpu u64 address1 = disp1 + base1 ? vcpu->arch.guest_gprs[base1] : 0; u64 address2 = disp2 + base2 ? vcpu->arch.guest_gprs[base2] : 0; struct vm_area_struct *vma; + unsigned long user_address; vcpu->stat.instruction_tprot++; @@ -349,9 +350,14 @@ static int handle_tprot(struct kvm_vcpu return -EOPNOTSUPP; + /* we must resolve the address without holding the mmap semaphore. + * This is ok since the userspace hypervisor is not supposed to change + * the mapping while the guest queries the memory. Otherwise the guest + * might crash or get wrong info anyway. */ + user_address = (unsigned long) __guestaddr_to_user(vcpu, address1); + down_read(¤t->mm->mmap_sem); - vma = find_vma(current->mm, - (unsigned long) __guestaddr_to_user(vcpu, address1)); + vma = find_vma(current->mm, user_address); if (!vma) { up_read(¤t->mm->mmap_sem); return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);