From: nilal@redhat.com
To: kvm@vger.kernel.org, pbonzini@redhat.com, pagupta@redhat.com,
wei.w.wang@intel.com, yang.zhang.wz@gmail.com, riel@redhat.com,
david@redhat.com, mst@redhat.com, dodgen@google.com,
konrad.wilk@oracle.com
Subject: [Patch v5 7/7] KVM: Disabling page poisoning to avoid memory corruption errors
Date: Tue, 28 Nov 2017 15:03:24 -0500 [thread overview]
Message-ID: <20171128200324.4432-8-nilal@redhat.com> (raw)
In-Reply-To: <20171128200324.4432-1-nilal@redhat.com>
From: Nitesh Narayan Lal <nilal@redhat.com>
This patch disables page poisoning if guest page hinting is enabled.
It is required to avoid possible guest memory corruption errors.
Page Poisoning is a feature in which the page is filled with a specific
pattern of (0x00 or 0xaa) after arch_free_page and the same is verified
before arch_alloc_page to prevent following issues:
*information leak from the freed data
*use after free bugs
*memory corruption
Selection of the pattern depends on the CONFIG_PAGE_POISONING_ZERO
Once the guest pages which are supposed to be freed are sent to the
hypervisor it frees them. After freeing the pages in the global list
following things may happen:
*Hypervisor reallocates the freed memory back to the guest
*Hypervisor frees the memory and maps a different physical memory
In order to prevent any information leak hypervisor before allocating
memory to the guest fills it with zeroes.
The issue arises when the pattern used for Page Poisoning is 0xaa while
the newly allocated page received from the hypervisor by the guest is
filled with the pattern 0x00. This will result in memory corruption errors.
Signed-off-by: Nitesh Narayan Lal <nilal@redhat.com>
---
include/linux/page_hinting.h | 9 +++++++++
mm/page_poison.c | 2 +-
virt/kvm/page_hinting.c | 1 +
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/include/linux/page_hinting.h b/include/linux/page_hinting.h
index dd30644..b639078 100644
--- a/include/linux/page_hinting.h
+++ b/include/linux/page_hinting.h
@@ -1,3 +1,4 @@
+#include <linux/poison.h>
#define MAX_FGPT_ENTRIES 1000
/*
* hypervisor_pages - It is a dummy structure passed with the hypercall.
@@ -14,6 +15,7 @@ struct hypervisor_pages {
extern struct hypervisor_pages hypervisor_pagelist[MAX_FGPT_ENTRIES];
extern void (*request_hypercall)(void *, int);
extern void *balloon_ptr;
+extern bool want_page_poisoning;
extern struct static_key_false guest_page_hinting_key;
int guest_page_hinting_sysctl(struct ctl_table *table, int write,
@@ -21,3 +23,10 @@ int guest_page_hinting_sysctl(struct ctl_table *table, int write,
extern int guest_page_hinting_flag;
void guest_alloc_page(struct page *page, int order);
void guest_free_page(struct page *page, int order);
+
+static inline void disable_page_poisoning(void)
+{
+#ifdef CONFIG_PAGE_POISONING
+ want_page_poisoning = 0;
+#endif
+}
diff --git a/mm/page_poison.c b/mm/page_poison.c
index e83fd44..3e9f26d 100644
--- a/mm/page_poison.c
+++ b/mm/page_poison.c
@@ -7,7 +7,7 @@
#include <linux/poison.h>
#include <linux/ratelimit.h>
-static bool want_page_poisoning __read_mostly;
+bool want_page_poisoning __read_mostly;
static int early_page_poison_param(char *buf)
{
diff --git a/virt/kvm/page_hinting.c b/virt/kvm/page_hinting.c
index f66ad63..1ba2e0b 100644
--- a/virt/kvm/page_hinting.c
+++ b/virt/kvm/page_hinting.c
@@ -302,6 +302,7 @@ void guest_free_page(struct page *page, int order)
* process context causing unwanted overwrites. This will be replaced
* with a better solution to prevent such race conditions.
*/
+ disable_page_poisoning();
local_irq_save(flags);
free_page_obj = &get_cpu_var(kvm_pt)[0];
trace_guest_free_page(page, order);
--
2.9.4
next prev parent reply other threads:[~2017-11-28 20:03 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-28 20:03 [Patch v5 0/7] KVM: Guest page hinting nilal
2017-11-28 20:03 ` [Patch v5 1/7] KVM: Support for guest " nilal
2017-11-28 20:03 ` [Patch v5 2/7] KVM: Guest page hinting functionality nilal
2017-11-28 20:03 ` [Patch v5 3/7] KVM: Adding tracepoints for guest page hinting nilal
2017-11-28 20:03 ` [Patch v5 4/7] virtio: Exposes added descriptor to the other side synchronously nilal
2017-11-28 20:03 ` [Patch v5 5/7] KVM: Sending hyperlist to the host via hinting_vq nilal
2017-11-29 13:01 ` kbuild test robot
2017-11-29 13:42 ` kbuild test robot
2017-11-28 20:03 ` [Patch v5 6/7] KVM: Enabling guest page hinting via static key nilal
2017-11-29 13:01 ` kbuild test robot
2017-11-29 15:45 ` kbuild test robot
2017-11-28 20:03 ` nilal [this message]
2017-11-28 20:04 ` [QEMU PATCH] kvm: Support for guest page hinting nilal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171128200324.4432-8-nilal@redhat.com \
--to=nilal@redhat.com \
--cc=david@redhat.com \
--cc=dodgen@google.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pagupta@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=wei.w.wang@intel.com \
--cc=yang.zhang.wz@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox