From: Avi Kivity <avi@redhat.com>
To: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
KVM list <kvm@vger.kernel.org>
Subject: Re: [PATCH v2 3/10] KVM: MMU: fix direct sp's access corruptted
Date: Tue, 29 Jun 2010 10:38:50 +0300 [thread overview]
Message-ID: <4C29A30A.8020107@redhat.com> (raw)
In-Reply-To: <4C299B7E.5020303@redhat.com>
On 06/29/2010 10:06 AM, Avi Kivity wrote:
> On 06/29/2010 04:17 AM, Xiao Guangrong wrote:
>>
>>> If B is writeable-and-dirty, then it's D bit is already set, and we
>>> don't need to do anything.
>>>
>>> If B is writeable-and-clean, then we'll have an spte pointing to a
>>> read-only sp, so we'll get a write fault on access and an
>>> opportunity to
>>> set the D bit.
>>>
>> Sorry, a typo in my reply, i mean mapping A and B both are
>> writable-and-clean,
>> while A occurs write-#PF, we should change A's spte map to writable
>> sp, if we
>> only update the spte in writable-and-clean sp(form readonly to
>> writable), the B's
>> D bit will miss set.
>
> Right.
>
> We need to update something to notice this:
>
> - FNAME(fetch)() to replace the spte
> - FNAME(walk_addr)() to invalidate the spte
>
> I think FNAME(walk_addr) is the right place, we're updating the gpte,
> so we should update the spte at the same time, just like a guest
> write. But that will be expensive (there could be many sptes, so we
> have to call kvm_mmu_pte_write()), so perhaps FNAME(fetch) is easier.
>
> We have now
>
> if (is_shadow_present_pte(*sptep) && !is_large_pte(*sptep))
> continue;
>
> So we need to add a check, if sp->role.access doesn't match pt_access
> & pte_access, we need to get a new sp with the correct access (can
> only change read->write).
Note:
- modifying walk_addr() to call kvm_mmu_pte_write() is probably not so
bad. It's rare that a large pte walk sets the dirty bit, and it's
probably rare to share those large ptes. Still, I think the fetch()
change is better since it's more local.
- there was once talk that instead of folding pt_access and pte_access
together into the leaf sp->role.access, each sp level would have its own
access permissions. In this case we don't even have to get a new direct
sp, only change the PT_DIRECTORY_LEVEL spte to add write permissions
(all direct sp's would be writeable and permissions would be controlled
at their parent_pte level). Of course that's a much bigger change than
this bug fix.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
next prev parent reply other threads:[~2010-06-29 7:39 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4C2498EC.2010006@cn.fujitsu.com>
2010-06-25 12:05 ` [PATCH v2 2/10] KVM: MMU: fix conflict access permissions in direct sp Xiao Guangrong
2010-06-28 9:43 ` Avi Kivity
2010-06-28 9:49 ` Xiao Guangrong
2010-06-25 12:06 ` [PATCH v2 3/10] KVM: MMU: fix direct sp's access corruptted Xiao Guangrong
2010-06-28 9:50 ` Avi Kivity
2010-06-28 10:02 ` Xiao Guangrong
2010-06-28 11:13 ` Avi Kivity
2010-06-29 1:17 ` Xiao Guangrong
2010-06-29 7:06 ` Avi Kivity
2010-06-29 7:35 ` Xiao Guangrong
2010-06-29 8:49 ` Avi Kivity
2010-06-29 9:04 ` Xiao Guangrong
2010-06-29 9:13 ` Avi Kivity
2010-06-29 9:13 ` Xiao Guangrong
2010-06-29 7:38 ` Avi Kivity [this message]
2010-06-29 7:45 ` Xiao Guangrong
2010-06-29 8:51 ` Avi Kivity
2010-06-29 9:08 ` Xiao Guangrong
2010-06-25 12:06 ` [PATCH v2 4/10] KVM: MMU: fix forgot to flush all vcpu's tlb Xiao Guangrong
2010-06-28 9:55 ` Avi Kivity
2010-06-25 12:06 ` [PATCH v2 5/10] KVM: MMU: introduce gfn_to_pfn_atomic() function Xiao Guangrong
2010-06-25 12:06 ` [PATCH v2 6/10] KVM: MMU: introduce gfn_to_hva_many() function Xiao Guangrong
2010-06-25 12:06 ` [PATCH v2 7/10] KVM: MMU: introduce mmu_topup_memory_cache_atomic() Xiao Guangrong
2010-06-28 11:17 ` Avi Kivity
2010-06-29 1:18 ` Xiao Guangrong
2010-06-25 12:07 ` [PATCH v2 8/10] KVM: MMU: prefetch ptes when intercepted guest #PF Xiao Guangrong
2010-06-28 13:04 ` Marcelo Tosatti
2010-06-29 8:07 ` Xiao Guangrong
2010-06-29 11:44 ` Marcelo Tosatti
2010-06-30 0:58 ` Xiao Guangrong
2010-06-25 12:07 ` [PATCH v2 9/10] KVM: MMU: combine guest pte read between walk and pte prefetch Xiao Guangrong
2010-06-25 12:07 ` [PATCH v2 10/10] KVM: MMU: trace " Xiao Guangrong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C29A30A.8020107@redhat.com \
--to=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=xiaoguangrong@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.