From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marcelo Tosatti Subject: Re: [PATCH] QEMU support for virtio balloon driver Date: Sat, 8 Mar 2008 16:27:13 -0300 Message-ID: <20080308192713.GA19321@dmt> References: <1201209786831-git-send-email-aliguori@us.ibm.com> <4799115F.8010506@us.ibm.com> <20080125160857.GA17437@dmt> <479A162C.1060209@us.ibm.com> <479B8040.1000901@qumranet.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: Marcelo Tosatti , kvm-devel@lists.sourceforge.net, Andrea Arcangeli To: Avi Kivity Return-path: Content-Disposition: inline In-Reply-To: <479B8040.1000901@qumranet.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kvm-devel-bounces@lists.sourceforge.net Errors-To: kvm-devel-bounces@lists.sourceforge.net List-Id: kvm.vger.kernel.org On Sat, Jan 26, 2008 at 08:47:28PM +0200, Avi Kivity wrote: > Anthony Liguori wrote: > >Do others expect KVM to just cope with the virtual mapping being changed > >out from underneath of it? > > > > kvm should cope with both malicious guests and malicious (or buggy) host > userspace. It's difficuly to analyze, but mmu notifiers might be > necessary for the latter. The reason for the host crash with madvise is that the rmap code relies on the guest process virtual mappings from not disappearing while there are active shadow mappings. How to proceed now? Do we want to efficiently support ballooning without mmu notifiers? If so, an ioctl to zap the mmu is necessary as discussed before. diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index f0cdfba..4c93b79 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -1009,6 +1009,21 @@ struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva) return page; } +static int was_spte_rmapped(struct kvm *kvm, u64 *spte, struct page *page) +{ + int ret = 0; + unsigned long host_pfn = (*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT; + + if (is_rmap_pte(*spte)) { + if (host_pfn != page_to_pfn(page)) + rmap_remove(kvm, spte); + else + ret = 1; + } + + return ret; +} + static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte, unsigned pt_access, unsigned pte_access, int user_fault, int write_fault, int dirty, @@ -1016,7 +1031,7 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte, struct page *page) { u64 spte; - int was_rmapped = is_rmap_pte(*shadow_pte); + int was_rmapped = was_spte_rmapped(vcpu->kvm, shadow_pte, page); int was_writeble = is_writeble_pte(*shadow_pte); /* ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/